From 2dc913b65c76e8f51989cc20ce0ce8b1b087db37 Mon Sep 17 00:00:00 2001
From: dartraiden <wowemuh@gmail.com>
Date: Wed, 22 May 2019 15:38:52 +0300
Subject: libcurl: update to 7.65
---
libs/libcurl/docs/CHANGES | 11160 +++++++++++++-------------
libs/libcurl/docs/THANKS | 24 +
libs/libcurl/include/curl/curl.h | 7 +-
libs/libcurl/include/curl/curlver.h | 12 +-
libs/libcurl/include/curl/typecheck-gcc.h | 10 +-
libs/libcurl/include/curl/urlapi.h | 3 +-
libs/libcurl/src/Makefile.in | 77 +-
libs/libcurl/src/Makefile.inc | 8 +-
libs/libcurl/src/altsvc.c | 12 +-
libs/libcurl/src/asyn-ares.c | 105 +-
libs/libcurl/src/base64.c | 9 +-
libs/libcurl/src/config-win32.h | 12 +-
libs/libcurl/src/conncache.c | 5 +-
libs/libcurl/src/conncache.h | 3 +-
libs/libcurl/src/connect.c | 34 +-
libs/libcurl/src/cookie.c | 50 +-
libs/libcurl/src/cookie.h | 1 -
libs/libcurl/src/curl_config.h.cmake | 10 +-
libs/libcurl/src/curl_config.h.in | 6 +
libs/libcurl/src/curl_fnmatch.c | 9 -
libs/libcurl/src/curl_get_line.c | 55 +
libs/libcurl/src/curl_get_line.h | 29 +
libs/libcurl/src/curl_md4.h | 4 +-
libs/libcurl/src/curl_md5.h | 10 +-
libs/libcurl/src/curl_memory.h | 4 +-
libs/libcurl/src/curl_ntlm_core.c | 6 +
libs/libcurl/src/curl_ntlm_core.h | 4 +-
libs/libcurl/src/curl_ntlm_wb.c | 71 +-
libs/libcurl/src/curl_ntlm_wb.h | 11 +-
libs/libcurl/src/curl_path.c | 2 +-
libs/libcurl/src/curl_sasl.c | 33 +-
libs/libcurl/src/curl_setup.h | 4 +
libs/libcurl/src/doh.c | 11 +-
libs/libcurl/src/doh.h | 10 +-
libs/libcurl/src/easy.c | 16 +-
libs/libcurl/src/fileinfo.c | 5 +-
libs/libcurl/src/formdata.c | 14 +-
libs/libcurl/src/formdata.h | 11 +-
libs/libcurl/src/ftp.c | 9 +-
libs/libcurl/src/ftplistparser.c | 5 +-
libs/libcurl/src/hostcheck.c | 6 +-
libs/libcurl/src/hostip.c | 46 +-
libs/libcurl/src/hostip.h | 7 +-
libs/libcurl/src/hostip6.c | 5 +-
libs/libcurl/src/http.c | 134 +-
libs/libcurl/src/http2.c | 12 +-
libs/libcurl/src/http_digest.c | 5 +-
libs/libcurl/src/http_digest.h | 12 +-
libs/libcurl/src/http_negotiate.c | 50 +-
libs/libcurl/src/http_negotiate.h | 6 +-
libs/libcurl/src/http_ntlm.c | 37 +-
libs/libcurl/src/http_ntlm.h | 10 +-
libs/libcurl/src/if2ip.c | 23 +-
libs/libcurl/src/if2ip.h | 4 +-
libs/libcurl/src/imap.c | 14 +-
libs/libcurl/src/inet_pton.c | 3 +-
libs/libcurl/src/ldap.c | 3 +-
libs/libcurl/src/libcurl.plist | 6 +-
libs/libcurl/src/md4.c | 113 +-
libs/libcurl/src/md5.c | 163 +-
libs/libcurl/src/memdebug.c | 7 +-
libs/libcurl/src/mime.c | 80 +-
libs/libcurl/src/mime.h | 20 +-
libs/libcurl/src/multi.c | 318 +-
libs/libcurl/src/multihandle.h | 48 +-
libs/libcurl/src/multiif.h | 17 +-
libs/libcurl/src/netrc.c | 5 +-
libs/libcurl/src/netrc.h | 9 +-
libs/libcurl/src/openldap.c | 5 -
libs/libcurl/src/parsedate.c | 41 +-
libs/libcurl/src/pipeline.c | 404 -
libs/libcurl/src/pipeline.h | 56 -
libs/libcurl/src/pop3.c | 1 +
libs/libcurl/src/progress.c | 114 +-
libs/libcurl/src/rtsp.c | 13 -
libs/libcurl/src/security.c | 13 +-
libs/libcurl/src/sendf.c | 40 +-
libs/libcurl/src/setopt.c | 261 +-
libs/libcurl/src/smtp.c | 10 +-
libs/libcurl/src/socks.c | 22 +-
libs/libcurl/src/splay.c | 4 +-
libs/libcurl/src/ssh-libssh.c | 19 +-
libs/libcurl/src/ssh.c | 26 +-
libs/libcurl/src/tftp.c | 2 +-
libs/libcurl/src/timeval.c | 2 +
libs/libcurl/src/transfer.c | 104 +-
libs/libcurl/src/url.c | 664 +-
libs/libcurl/src/url.h | 9 +-
libs/libcurl/src/urlapi-int.h | 7 +-
libs/libcurl/src/urlapi.c | 106 +-
libs/libcurl/src/urldata.h | 87 +-
libs/libcurl/src/vauth/cleartext.c | 40 +-
libs/libcurl/src/vauth/digest.c | 5 +-
libs/libcurl/src/vauth/krb5_gssapi.c | 6 +-
libs/libcurl/src/vauth/krb5_sspi.c | 6 +-
libs/libcurl/src/vauth/ntlm.c | 24 +-
libs/libcurl/src/vauth/ntlm_sspi.c | 8 +-
libs/libcurl/src/vauth/oauth2.c | 56 +-
libs/libcurl/src/vauth/spnego_gssapi.c | 9 +-
libs/libcurl/src/vauth/spnego_sspi.c | 7 +-
libs/libcurl/src/vauth/vauth.c | 42 +-
libs/libcurl/src/vauth/vauth.h | 20 +-
libs/libcurl/src/version.c | 10 +-
libs/libcurl/src/vtls/cyassl.c | 5 +-
libs/libcurl/src/vtls/gskit.c | 18 +-
libs/libcurl/src/vtls/gtls.c | 49 +-
libs/libcurl/src/vtls/mbedtls.c | 17 +-
libs/libcurl/src/vtls/mesalink.c | 2 +-
libs/libcurl/src/vtls/nss.c | 18 +-
libs/libcurl/src/vtls/openssl.c | 20 +-
libs/libcurl/src/vtls/polarssl.c | 9 +-
libs/libcurl/src/vtls/polarssl_threadlock.c | 59 +-
libs/libcurl/src/vtls/polarssl_threadlock.h | 9 +-
libs/libcurl/src/vtls/schannel.c | 20 +-
libs/libcurl/src/vtls/sectransp.c | 7 +-
libs/libcurl/src/vtls/vtls.c | 31 +-
libs/libcurl/src/wildcard.c | 6 +-
libs/libcurl/src/wildcard.h | 10 +-
libs/libcurl/src/x509asn1.c | 17 +-
119 files changed, 7502 insertions(+), 8072 deletions(-)
create mode 100644 libs/libcurl/src/curl_get_line.c
create mode 100644 libs/libcurl/src/curl_get_line.h
delete mode 100644 libs/libcurl/src/pipeline.c
delete mode 100644 libs/libcurl/src/pipeline.h
(limited to 'libs/libcurl')
diff --git a/libs/libcurl/docs/CHANGES b/libs/libcurl/docs/CHANGES
index b924571db6..0715ca0d36 100644
--- a/libs/libcurl/docs/CHANGES
+++ b/libs/libcurl/docs/CHANGES
@@ -6,8007 +6,7899 @@
Changelog
-Version 7.64.1 (27 Mar 2019)
-
-Daniel Stenberg (27 Mar 2019)
-- RELEASE: 7.64.1
+Version 7.65.0 (22 May 2019)
-- Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set"
-
- This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00.
-
- Fixes #3708
+Daniel Stenberg (22 May 2019)
+- RELEASE-NOTES: 7.65.0 release
-- [Christian Schmitz brought this change]
+- THANKS: from the 7.65.0 release-notes
- ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set
+- url: convert the zone id from a IPv6 URL to correct scope id
- Closes #3704
+ Reported-by: GitYuanQu on github
+ Fixes #3902
+ Closes #3914
-Jay Satiro (26 Mar 2019)
-- tool_cb_wrt: fix writing to Windows null device NUL
+- configure: detect getsockname and getpeername on windows too
- - Improve console detection.
+ Made detection macros for these two functions in the same style as other
+ functions possibly in winsock in the hope this will work better to
+ detect these functions when cross-compiling for Windows.
- Prior to this change WriteConsole could be called to write to a handle
- that may not be a console, which would cause an error. This issue is
- limited to character devices that are not also consoles such as the null
- device NUL.
+ Follow-up to e91e4816123
- Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724
- Reported-by: Gisle Vanem
+ Fixes #3913
+ Closes #3915
-- CURLMOPT_PIPELINING.3: fix typo
+Marcel Raad (21 May 2019)
+- examples: remove unused variables
+
+ Fixes Codacy/CppCheck warnings.
+
+ Closes
-Daniel Stenberg (25 Mar 2019)
-- TODO: config file parsing
+Daniel Gustafsson (21 May 2019)
+- udpateconninfo: mark variable unused
- Closes #3698
+ When compiling without getpeername() or getsockname(), the sockfd
+ paramter to Curl_udpateconninfo() became unused after commit e91e481612
+ added ifdef guards.
+
+ Closes #3910
+ Fixes https://curl.haxx.se/dev/log.cgi?id=20190520172441-32196
+ Reviewed-by: Marcel Raad, Daniel Stenberg
-Jay Satiro (24 Mar 2019)
-- os400: Disable Alt-Svc by default since it's experimental
+- ftp: move ftp_ccc in under featureflag
- Follow-up to 520f0b4 which added Alt-Svc support and enabled it by
- default for OS400. Since the feature is experimental, it should be
- disabled by default.
+ Commit e91e48161235272ff485ff32bd048c53af731f43 moved ftp_ccc in under
+ the FTP featureflag in the UserDefined struct, but vtls callsites were
+ still using it unprotected.
- Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332
- Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html
+ Closes #3912
+ Fixes: https://curl.haxx.se/dev/log.cgi?id=20190520044705-29865
+ Reviewed-by: Daniel Stenberg, Marcel Raad
+
+Daniel Stenberg (20 May 2019)
+- curl: report error for "--no-" on non-boolean options
- Closes https://github.com/curl/curl/pull/3688
+ Reported-by: Olen Andoni
+ Fixes #3906
+ Closes #3907
-Dan Fandrich (24 Mar 2019)
-- tests: Fixed XML validation errors in some test files.
+- [Guy Poizat brought this change]
-- tests: Fix some incorrect precheck error messages.
+ mbedtls: enable use of EC keys
- [ci skip]
-
-Daniel Stenberg (22 Mar 2019)
-- curl_url.3: this is not experimental anymore
+ Closes #3892
-- travis: bump the used wolfSSL version to 4.0.0
+- lib1560: add tests for parsing URL with too long scheme
- Test 311 is now fine, leaving only 313 (CRL) disabled.
+ Ref: #3905
+
+- [Omar Ramadan brought this change]
+
+ urlapi: increase supported scheme length to 40 bytes
- Test 313 details can be found here:
- https://github.com/wolfSSL/wolfssl/issues/1546
+ The longest currently registered URI scheme at IANA is 36 bytes long.
- Closes #3697
+ Closes #3905
+ Closes #3900
-Daniel Gustafsson (22 Mar 2019)
-- lib: Fix typos in comments
-
-David Woodhouse (20 Mar 2019)
-- openssl: if cert type is ENG and no key specified, key is ENG too
+Marcel Raad (20 May 2019)
+- lib: reduce variable scopes
- Fixes #3692
- Closes #3692
+ Fixes Codacy/CppCheck warnings.
+
+ Closes https://github.com/curl/curl/pull/3872
-Daniel Stenberg (20 Mar 2019)
-- sectransp: tvOS 11 is required for ALPN support
+- tool_formparse: remove redundant assignment
- Reported-by: nianxuejie on github
- Assisted-by: Nick Zitzmann
- Assisted-by: Jay Satiro
- Fixes #3689
- Closes #3690
+ Just initialize word_begin with the correct value.
+
+ Closes https://github.com/curl/curl/pull/3873
-- test1541: threaded connection sharing
+- ssh: move variable declaration to where it's used
- The threaded-shared-conn.c example turned into test case. Only works if
- pthread was detected.
+ This way, we need only one call to free.
- An attempt to detect future regressions such as e3a53e3efb942a5
+ Closes https://github.com/curl/curl/pull/3873
+
+- ssh-libssh: remove unused variable
- Closes #3687
+ sock was only used to be assigned to fd_read.
+
+ Closes https://github.com/curl/curl/pull/3873
-Patrick Monnerat (17 Mar 2019)
-- os400: alt-svc support.
+Daniel Stenberg (20 May 2019)
+- test332: verify the blksize fix
+
+- tftp: use the current blksize for recvfrom()
- Although experimental, enable it in the platform config file.
- Upgrade ILE/RPG binding.
+ bug: https://curl.haxx.se/docs/CVE-2019-5436.html
+ Reported-by: l00p3r on hackerone
+ CVE-2019-5436
-Daniel Stenberg (17 Mar 2019)
-- conncache: use conn->data to know if a transfer owns it
+Daniel Gustafsson (19 May 2019)
+- version: make ssl_version buffer match for multi_ssl
- - make sure an already "owned" connection isn't returned unless
- multiplexed.
+ When running a multi TLS backend build the version string needs more
+ buffer space. Make the internal ssl_buffer stack buffer match the one
+ in Curl_multissl_version() to allow for the longer string. For single
+ TLS backend builds there is no use in extended to buffer. This is a
+ fallout from #3863 which fixes up the multi_ssl string generation to
+ avoid a buffer overflow when the buffer is too small.
- - clear ->data when returning the connection to the cache again
+ Closes #3875
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Steve Holme (18 May 2019)
+- http_ntlm_wb: Handle auth for only a single request
- Regression since 7.62.0 (probably in commit 1b76c38904f0)
+ Currently when the server responds with 401 on NTLM authenticated
+ connection (re-used) we consider it to have failed. However this is
+ legitimate and may happen when for example IIS is set configured to
+ 'authPersistSingleRequest' or when the request goes thru a proxy (with
+ 'via' header).
- Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html
+ Implemented by imploying an additional state once a connection is
+ re-used to indicate that if we receive 401 we need to restart
+ authentication.
- Closes #3686
-
-- RELEASE-NOTES: synced
+ Missed in fe6049f0.
-- [Chris Young brought this change]
+- http_ntlm_wb: Cleanup handshake after clean NTLM failure
+
+ Missed in 50b87c4e.
- configure: add --with-amissl
+- http_ntlm_wb: Return the correct error on receiving an empty auth message
- AmiSSL is an Amiga native library which provides a wrapper over OpenSSL.
- It also requires all programs using it to use bsdsocket.library
- directly, rather than accessing socket functions through clib, which
- libcurl was not necessarily doing previously. Configure will now check
- for the headers and ensure they are included if found.
+ Missed in fe20826b as it wasn't implemented in http.c in b4d6db83.
- Closes #3677
-
-- [Chris Young brought this change]
+ Closes #3894
- vtls: rename some of the SSL functions
+Daniel Stenberg (18 May 2019)
+- curl: make code work with protocol-disabled libcurl
- ... in the SSL structure as AmiSSL is using macros for the socket API
- functions.
+ Closes #3844
-- [Chris Young brought this change]
+- libcurl: #ifdef away more code for disabled features/protocols
- tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
+- progress: CURL_DISABLE_PROGRESS_METER
-- [Chris Young brought this change]
+- hostip: CURL_DISABLE_SHUFFLE_DNS
- tool_operate: build on AmigaOS
+- netrc: CURL_DISABLE_NETRC
-- makefile: make checksrc and hugefile commands "silent"
+Viktor Szakats (16 May 2019)
+- docs: Markdown and misc improvements [ci skip]
- ... to match the style already used for compiling, linking
- etc. Acknowledges 'make V=1' to enable verbose.
+ Approved-by: Daniel Stenberg
+ Closes #3896
+
+- docs/RELEASE-PROCEDURE: link to live iCalendar [ci skip]
- Closes #3681
+ Ref: https://github.com/curl/curl/commit/0af41b40b2c7bd379b2251cbe7cd618e21fa0ea1#commitcomment-33563135
+ Approved-by: Daniel Stenberg
+ Closes #3895
-- curl.1: --user and --proxy-user are hidden from ps output
+Daniel Stenberg (16 May 2019)
+- travis: add an osx http-only build
- Suggested-by: Eric Curtin
- Improved-by: Dan Fandrich
- Ref: #3680
+ Closes #3887
+
+- cleanup: remove FIXME and TODO comments
- Closes #3683
+ They serve very little purpose and mostly just add noise. Most of them
+ have been around for a very long time. I read them all before removing
+ or rephrasing them.
+
+ Ref: #3876
+ Closes #3883
-- curl.1: mark the argument to --cookie as <data|filename>
+- curl: don't set FTP options for FTP-disabled builds
- From a discussion in #3676
+ ... since libcurl has started to be totally unaware of options for
+ disabled protocols they now return error.
- Suggested-by: Tim Rühsen
+ Bug: https://github.com/curl/curl/commit/c9c5304dd4747cbe75d2f24be85920d572fcb5b8#commitcomment-33533937
- Closes #3682
+ Reported-by: Marcel Raad
+ Closes #3886
-Dan Fandrich (14 Mar 2019)
-- fuzzer: Only clone the latest fuzzer code, for speed.
+Steve Holme (16 May 2019)
+- http_ntlm_wb: Move the type-2 message processing into a dedicated function
+
+ This brings the code inline with the other HTTP authentication mechanisms.
+
+ Closes #3890
-Daniel Stenberg (14 Mar 2019)
-- [Dominik Hölzl brought this change]
+Daniel Stenberg (15 May 2019)
+- RELEASE-NOTES: synced
- Negotiate: fix for HTTP POST with Negotiate
-
- * Adjusted unit tests 2056, 2057
- * do not generally close connections with CURLAUTH_NEGOTIATE after every request
- * moved negotiatedata from UrlState to connectdata
- * Added stream rewind logic for CURLAUTH_NEGOTIATE
- * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
- * Consider authproblem state for CURLAUTH_NEGOTIATE
- * Consider reuse_forbid for CURLAUTH_NEGOTIATE
- * moved and adjusted negotiate authentication state handling from
- output_auth_headers into Curl_output_negotiate
- * Curl_output_negotiate: ensure auth done is always set
- * Curl_output_negotiate: Set auth done also if result code is
- GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
- also indicate the last challenge request (only works with disabled
- Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
- * Consider "Persistent-Auth" header, detect if not present;
- Reset/Cleanup negotiate after authentication if no persistent
- authentication
- * apply changes introduced with #2546 for negotiate rewind logic
+- docs/RELEASE-PROCEDURE: updated coming releases dates [ci skip]
+
+- CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [ci skip]
- Fixes #1261
- Closes #1975
+ Reported-by: Roy Bellingan
+ Bug: #3885
-- [Marc Schlatter brought this change]
+- parse_proxy: use the URL parser API
+
+ As we treat a given proxy as a URL we should use the unified URL parser
+ to extract the parts out of it.
+
+ Closes #3878
- http: send payload when (proxy) authentication is done
+Steve Holme (15 May 2019)
+- http_negotiate: Move the Negotiate state out of the negotiatedata structure
- The check that prevents payload from sending in case of authentication
- doesn't check properly if the authentication is done or not.
+ Given that this member variable is not used by the SASL based protocols
+ there is no need to have it here.
- They're cases where the proxy respond "200 OK" before sending
- authentication challenge. This change takes care of that.
+ Closes #3882
+
+- http_ntlm: Move the NTLM state out of the ntlmdata structure
- Fixes #2431
- Closes #3669
+ Given that this member variable is not used by the SASL based protocols
+ there is no need to have it here.
-- file: fix "Checking if unsigned variable 'readcount' is less than zero."
+- url: Move the negotiate state type into a dedicated enum
+
+- url: Remove duplicate clean up of the winbind variables in conn_shutdown()
- Pointed out by codacy
+ Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
+ to calling conn_shutdown() and it in turn performs this, there is no
+ need to perform the same action in conn_shutdown().
- Closes #3672
+ Closes #3881
-- memdebug: log pointer before freeing its data
+Daniel Stenberg (14 May 2019)
+- urlapi: require a non-zero host name length when parsing URL
- Coverity warned for two potentional "Use after free" cases. Both are false
- positives because the memory wasn't used, it was only the actual pointer
- value that was logged.
+ Updated test 1560 to verify.
- The fix still changes the order of execution to avoid the warnings.
+ Closes #3880
+
+- configure: error out if OpenSSL wasn't detected when asked for
- Coverity CID 1443033 and 1443034
+ If --with-ssl is used and configure still couldn't enable SSL this
+ creates an error instead of just silently ignoring the fact.
- Closes #3671
+ Suggested-by: Isaiah Norton
+ Fixes #3824
+ Closes #3830
-- RELEASE-NOTES: synced
+Daniel Gustafsson (14 May 2019)
+- imap: Fix typo in comment
-Marcel Raad (12 Mar 2019)
-- travis: actually use updated compiler versions
+Steve Holme (14 May 2019)
+- url: Remove unnecessary initialisation from allocate_conn()
- For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the
- new GCC versions were only used for the coverage build and for building
- nghttp2, while the new clang version was not used at all.
+ No need to set variables to zero as calloc() does this for us.
- BoringSSL needs to use the default GCC as it respects CC, but not CXX,
- so it would otherwise pass gcc 8 options to g++ 4.8 and fail.
+ Closes #3879
+
+Daniel Stenberg (14 May 2019)
+- CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [ci skip]
- Also remove GCC 7, it's not needed anymore.
+ Clues-provided-by: Jay Satiro
+ Clues-provided-by: Jeroen Ooms
+ Fixes #3711
+ Closes #3874
+
+Daniel Gustafsson (13 May 2019)
+- vtls: fix potential ssl_buffer stack overflow
- Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning
+ In Curl_multissl_version() it was possible to overflow the passed in
+ buffer if the generated version string exceeded the size of the buffer.
+ Fix by inverting the logic, and also make sure to not exceed the local
+ buffer during the string generation.
- Closes https://github.com/curl/curl/pull/3670
+ Closes #3863
+ Reported-by: nevv on HackerOne/curl
+ Reviewed-by: Jay Satiro
+ Reviewed-by: Daniel Stenberg
-- travis: update clang to version 7
-
- Closes https://github.com/curl/curl/pull/3670
+Daniel Stenberg (13 May 2019)
+- RELEASE-NOTES: synced
-Jay Satiro (11 Mar 2019)
-- [Andre Guibert de Bruet brought this change]
+- appveyor: also build "/ci" branches like travis
- examples/externalsocket: add missing close socket calls
-
- .. and for Windows also call WSACleanup since we call WSAStartup.
+- pingpong: disable more when no pingpong enabled
+
+- proxy: acknowledge DISABLE_PROXY more
+
+- parsedate: CURL_DISABLE_PARSEDATE
+
+- sasl: only enable if there's a protocol enabled using it
+
+- mime: acknowledge CURL_DISABLE_MIME
+
+- wildcard: disable from build when FTP isn't present
+
+- http: CURL_DISABLE_HTTP_AUTH
+
+- base64: build conditionally if there are users
+
+- doh: CURL_DISABLE_DOH
+
+Steve Holme (12 May 2019)
+- auth: Rename the various authentication clean up functions
- The example is to demonstrate handling the socket independently of
- libcurl. In this case libcurl is not responsible for creating, opening
- or closing the socket, it is handled by the application (our example).
+ For consistency and to a avoid confusion.
- Fixes https://github.com/curl/curl/pull/3663
+ Closes #3869
-Daniel Stenberg (11 Mar 2019)
-- multi: removed unused code for request retries
+Daniel Stenberg (12 May 2019)
+- [Jay Satiro brought this change]
+
+ docs/INSTALL: fix broken link [ci skip]
- This code was once used for the non multi-interface using code path, but
- ever since easy_perform was turned into a wrapper around the multi
- interface, this code path never runs.
+ Reported-by: Joombalaya on github
+ Fixes #3818
+
+Marcel Raad (12 May 2019)
+- easy: fix another "clarify calculation precedence" warning
- Closes #3666
+ I missed this one in commit 6b3dde7fe62ea5a557fd1fd323fac2bcd0c2e9be.
-Jay Satiro (11 Mar 2019)
-- doh: inherit some SSL options from user's easy handle
+- build: fix "clarify calculation precedence" warnings
- - Inherit SSL options for the doh handle but not SSL client certs,
- SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert,
- SSL pinned public key, SSL ciphers, SSL id cache setting,
- SSL kerberos or SSL gss-api settings.
+ Codacy/CppCheck warns about this. Consistently use parentheses as we
+ already do in some places to silence the warning.
- - Fix inheritance of verbose setting.
+ Closes https://github.com/curl/curl/pull/3866
+
+- cmake: restore C89 compatibility of CurlTests.c
- - Inherit NOSIGNAL.
+ I broke it in d1b5cf830bfe169745721b21245d2217d2c2453e and
+ 97de97daefc2ed084c91eff34af2426f2e55e134.
- There is no way for the user to set options for the doh (DNS-over-HTTPS)
- handles and instead we inherit some options from the user's easy handle.
+ Reported-by: Viktor Szakats
+ Ref: https://github.com/curl/curl/commit/97de97daefc2ed084c91eff34af2426f2e55e134#commitcomment-33499044
+ Closes https://github.com/curl/curl/pull/3868
+
+Steve Holme (11 May 2019)
+- http_ntlm: Corrected the name of the include guard
- My thinking for the SSL options not inherited is they are most likely
- not intended by the user for the DOH transfer. I did inherit insecure
- because I think that should still be in control of the user.
+ Missed in f0bdd72c.
- Prior to this change doh did not work for me because CAINFO was not
- inherited. Also verbose was set always which AFAICT was a bug (#3660).
+ Closes #3867
+
+- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
- Fixes https://github.com/curl/curl/issues/3660
- Closes https://github.com/curl/curl/pull/3661
+ Closes #3861
-Daniel Stenberg (9 Mar 2019)
-- test331: verify set-cookie for dotless host name
+- http_negotiate: Don't expose functions when HTTP is disabled
+
+Daniel Stenberg (11 May 2019)
+- SECURITY-PROCESS: fix links [ci skip]
+
+Marcel Raad (11 May 2019)
+- CMake: suppress unused variable warnings
- Reproduced bug #3649
- Closes #3659
+ I missed these in commit d1b5cf830bfe169745721b21245d2217d2c2453e.
-- Revert "cookies: extend domain checks to non psl builds"
+Daniel Stenberg (11 May 2019)
+- doh: disable DOH for the cases it doesn't work
- This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0.
+ Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for
+ DOH resolves. This fix disables DOH for those.
- Regression shipped in 7.64.0
- Fixes #3649
+ Limitation added to KNOWN_BUGS.
+
+ Fixes #3850
+ Closes #3857
-- memdebug: make debug-specific functions use curl_dbg_ prefix
+Jay Satiro (11 May 2019)
+- checksrc.bat: Ignore snprintf warnings in docs/examples
- To not "collide" or use up the regular curl_ name space. Also makes them
- easier to detect in helper scripts.
+ .. because we allow snprintf use in docs/examples.
- Closes #3656
+ Closes https://github.com/curl/curl/pull/3862
-- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
+Steve Holme (10 May 2019)
+- vauth: Fix incorrect function description for Curl_auth_user_contains_domain()
- Clarify the language and simplify.
+ ...and misalignment of these comments. From a78c61a4.
- Reported-by: Daniel Lublin
- Closes #3658
+ Closes #3860
-- KNOWN_BUGS: Client cert (MTLS) issues with Schannel
+Jay Satiro (10 May 2019)
+- Revert "multi: support verbose conncache closure handle"
- Closes #3145
+ This reverts commit b0972bc.
+
+ - No longer show verbose output for the conncache closure handle.
+
+ The offending commit was added so that the conncache closure handle
+ would inherit verbose mode from the user's easy handle. (Note there is
+ no way for the user to set options for the closure handle which is why
+ that was necessary.) Other debug settings such as the debug function
+ were not also inherited since we determined that could lead to crashes
+ if the user's per-handle private data was used on an unexpected handle.
+
+ The reporter here says he has a debug function to capture the verbose
+ output, and does not expect or want any output to stderr; however
+ because the conncache closure handle does not inherit the debug function
+ the verbose output for that handle does go to stderr.
+
+ There are other plausible scenarios as well such as the user redirects
+ stderr on their handle, which is also not inherited since it could lead
+ to crashes when used on an unexpected handle.
+
+ Short of allowing the user to set options for the conncache closure
+ handle I don't think there's much we can safely do except no longer
+ inherit the verbose setting.
+
+ Bug: https://curl.haxx.se/mail/lib-2019-05/0021.html
+ Reported-by: Kristoffer Gleditsch
+
+ Ref: https://github.com/curl/curl/pull/3598
+ Ref: https://github.com/curl/curl/pull/3618
+
+ Closes https://github.com/curl/curl/pull/3856
-- ROADMAP: updated to some more current things to work on
+Steve Holme (10 May 2019)
+- ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup()
+
+ From 6012fa5a.
+
+ Closes #3858
-- tests: fix multiple may be used uninitialized warnings
+Daniel Stenberg (9 May 2019)
+- BUG-BOUNTY: minor formatting fixes [ci skip]
- RELEASE-NOTES: synced
-- source: fix two 'nread' may be used uninitialized warnings
-
- Both seem to be false positives but we don't like warnings.
+- BUG-BOUNTY.md: add the Dropbox "bonus" extra payout ability [ci skip]
- Closes #3646
+ Closes #3839
-- gopher: remove check for path == NULL
-
- Since it can't be NULL and it makes Coverity believe we lack proper NULL
- checks. Verified by test 659, landed in commit 15401fa886b.
-
- Pointed out by Coverity CID 1442746.
+Kamil Dudka (9 May 2019)
+- http_negotiate: do not treat failure of gss_init_sec_context() as fatal
- Assisted-by: Dan Fandrich
- Fixes #3617
- Closes #3642
+ Fixes #3726
+ Closes #3849
-- examples: only include <curl/curl.h>
-
- That's the only public curl header we should encourage use of.
+- spnego_gssapi: fix return code on gss_init_sec_context() failure
- Reviewed-by: Marcel Raad
- Closes #3645
+ Fixes #3726
+ Closes #3849
-- ssh: loop the state machine if not done and not blocking
+Steve Holme (9 May 2019)
+- gen_resp_file.bat: Removed unnecessary @ from all but the first command
- If the state machine isn't complete, didn't fail and it didn't return
- due to blocking it can just as well loop again.
-
- This addresses the problem with SFTP directory listings where we would
- otherwise return back to the parent and as the multi state machine
- doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the
- doing phase isn't complete, it would return out when in reality there
- was more data to deal with.
+ There is need to use @ on every command once echo has been turned off.
- Fixes #3506
- Closes #3644
+ Closes #3854
-Jay Satiro (5 Mar 2019)
-- multi: support verbose conncache closure handle
+Jay Satiro (8 May 2019)
+- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
- - Change closure handle to receive verbose setting from the easy handle
- most recently added via curl_multi_add_handle.
+ - Do not switch to HTTP/2 for an HTTP proxy that is not tunnelling to
+ the destination host.
- The closure handle is a special easy handle used for closing cached
- connections. It receives limited settings from the easy handle most
- recently added to the multi handle. Prior to this change that did not
- include verbose which was a problem because on connection shutdown
- verbose mode was not acknowledged.
+ We already do something similar for HTTPS proxies by not sending h2. [1]
- Ref: https://github.com/curl/curl/pull/3598
+ Prior to this change setting CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE would
+ incorrectly use HTTP/2 to talk to the proxy, which is not something we
+ support (yet?). Also it's debatable whether or not that setting should
+ apply to HTTP/2 proxies.
- Co-authored-by: Daniel Stenberg
+ [1]: https://github.com/curl/curl/commit/17c5d05
- Closes https://github.com/curl/curl/pull/3618
+ Bug: https://github.com/curl/curl/issues/3570
+ Bug: https://github.com/curl/curl/issues/3832
+
+ Closes https://github.com/curl/curl/pull/3853
-Daniel Stenberg (4 Mar 2019)
-- CURLU: fix NULL dereference when used over proxy
+Marcel Raad (8 May 2019)
+- travis: update mesalink build to xenial
- Test 659 verifies
+ Closes https://github.com/curl/curl/pull/3842
+
+Daniel Stenberg (8 May 2019)
+- [Ricky Leverence brought this change]
+
+ OpenSSL: Report -fips in version if OpenSSL is built with FIPS
- Also fixed the test 658 name
+ Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS
+ define. It uses this define to determine whether to publish -fips at
+ the end of the version displayed. Applications that utilize the version
+ reported by OpenSSL will see a mismatch if they compare it to what curl
+ reports, as curl is not modifying the version in the same way. This
+ change simply adds a check to see if OPENSSL_FIPS is defined, and will
+ alter the reported version to match what OpenSSL itself provides. This
+ only appears to be applicable in versions of OpenSSL <1.1.1
- Closes #3641
+ Closes #3771
-- altsvc_out: check the return code from Curl_gmtime
+Kamil Dudka (7 May 2019)
+- [Frank Gevaerts brought this change]
+
+ nss: allow fifos and character devices for certificates.
- Pointed out by Coverity, CID 1442956.
+ Currently you can do things like --cert <(cat ./cert.crt) with (at least) the
+ openssl backend, but that doesn't work for nss because is_file rejects fifos.
- Closes #3640
+ I don't actually know if this is sufficient, nss might do things internally
+ (like seeking back) that make this not work, so actual testing is needed.
+
+ Closes #3807
-- docs/ALTSVC.md: docs describing the approach
+Daniel Gustafsson (6 May 2019)
+- test2100: Fix typos in test description
+
+Daniel Stenberg (6 May 2019)
+- ssh: define USE_SSH if SSH is enabled (any backend)
- Closes #3498
+ Closes #3846
-- alt-svc: add a travis build
+Steve Holme (5 May 2019)
+- winbuild: Add our standard copyright header to the winbuild batch files
-- alt-svc: add test 355 and 356 to verify with command line curl
+- makedebug: Fix ERRORLEVEL detection after running where.exe
+
+ Closes #3838
-- alt-svc: the curl command line bits
+Daniel Stenberg (5 May 2019)
+- urlapi: add CURLUPART_ZONEID to set and get
+
+ The zoneid can be used with IPv6 numerical addresses.
+
+ Updated test 1560 to verify.
+
+ Closes #3834
-- alt-svc: the libcurl bits
+- [Taiyu Len brought this change]
-- travis: add build using gnutls
+ WRITEFUNCTION: add missing set_in_callback around callback
- Closes #3637
+ Closes #3837
- RELEASE-NOTES: synced
-- [Simon Legner brought this change]
-
- scripts/completion.pl: also generate fish completion file
+- CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [ci skip]
- This is the renamed script formerly known as zsh.pl
+ Reported-by: Ricardo Gomes
- Closes #3545
+ Bug: #3537
+ Closes #3836
-- gnutls: remove call to deprecated gnutls_compression_get_name
+- CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
- It has been deprecated by GnuTLS since a year ago and now causes build
- warnings.
+ The time field in the curl_fileinfo struct will always be zero. No code
+ was ever implemented to actually convert the date string to a time_t.
- Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f
- Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html
+ Fixes #3829
+ Closes #3835
+
+- OS400/ccsidcurl.c: code style fixes
+
+- OS400/ccsidcurl: replace use of Curl_vsetopt
- Closes #3636
+ (and make the code style comply)
+
+ Fixes #3833
-Jay Satiro (2 Mar 2019)
-- system_win32: move win32_init here from easy.c
+- urlapi: strip off scope id from numerical IPv6 addresses
- .. since system_win32 is a more appropriate location for the functions
- and to extern the globals.
+ ... to make the host name "usable". Store the scope id and put it back
+ when extracting a URL out of it.
- Ref: https://github.com/curl/curl/commit/ca597ad#r32446578
- Reported-by: Gisle Vanem
+ Also makes curl_url_set() syntax check CURLUPART_HOST.
- Closes https://github.com/curl/curl/pull/3625
+ Fixes #3817
+ Closes #3822
-Daniel Stenberg (1 Mar 2019)
-- curl_easy_duphandle.3: clarify that a duped handle has no shares
+- RELEASE-NOTES: synced
+
+- multiif.h: remove unused protos
- Reported-by: Sara Golemon
+ ... for functions related to pipelining. Those functions were removed in
+ 2f44e94efb3df.
- Fixes #3592
- Closes #3634
-
-- 10-at-a-time.c: fix too long line
+ Closes #3828
-- [Arnaud Rebillout brought this change]
+- [Yiming Jing brought this change]
- examples: various fixes in ephiperfifo.c
+ travis: mesalink: temporarily disable test 3001
- The main change here is the timer value that was wrong, it was given in
- usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 *
- 1000). This resulted in the callback being invoked WAY TOO OFTEN.
+ ... due to SHA-1 signatures in test certs
+
+- [Yiming Jing brought this change]
+
+ travis: upgrade the MesaLink TLS backend to v1.0.0
- As a quick check you can run this command before and after applying this
- commit:
+ Closes #3823
+ Closes #3776
+
+- ConnectionExists: improve non-multiplexing use case
- # shell 1
- ./ephiperfifo 2>&1 | tee ephiperfifo.log
- # shell 2
- echo http://hacking.elboulangero.com > hiper.fifo
+ - better log output
- Then just compare the size of the logs files.
+ - make sure multiplex is enabled for it to be used
+
+- multi: provide Curl_multiuse_state to update information
- Closes #3633
- Fixes #3632
- Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
+ As soon as a TLS backend gets ALPN conformation about the specific HTTP
+ version it can now set the multiplex situation for the "bundle" and
+ trigger moving potentially queued up transfers to the CONNECT state.
-- urldata: simplify bytecounters
+- process_pending_handles: mark queued transfers as previously pending
- - no need to have them protocol specific
+ With transfers being queued up, we only move one at a a time back to the
+ CONNECT state but now we mark moved transfers so that when a moved
+ transfer is confirmed "successful" (it connected) it will trigger the
+ move of another pending transfer. Previously, it would otherwise wait
+ until the transfer was done before doing this. This makes queued up
+ pending transfers get processed (much) faster.
+
+- http: mark bundle as not for multiuse on < HTTP/2 response
- - no need to set pointers to them with the Curl_setup_transfer() call
+ Fixes #3813
+ Closes #3815
+
+Daniel Gustafsson (1 May 2019)
+- cookie: Guard against possible NULL ptr deref
- - make Curl_setup_transfer() operate on a transfer pointer, not
- connection
+ In case the name pointer isn't set (due to memory pressure most likely)
+ we need to skip the prefix matching and reject with a badcookie to avoid
+ a possible NULL pointer dereference.
- - switch some counters from long to the more proper curl_off_t type
+ Closes #3820 #3821
+ Reported-by: Jonathan Moerman
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Patrick Monnerat (30 Apr 2019)
+- os400: Add CURLOPT_MAXAGE_CONN to ILE/RPG bindings
+
+Kamil Dudka (29 Apr 2019)
+- nss: provide more specific error messages on failed init
- Closes #3627
+ Closes #3808
-- examples/10-at-a-time.c: improve readability and simplify
+Daniel Stenberg (29 Apr 2019)
+- [Reed Loden brought this change]
+
+ docs: minor polish to the bug bounty / security docs
- - use better variable names to explain their purposes
- - convert logic to curl_multi_wait()
+ Closes #3811
-- threaded-resolver: shutdown the resolver thread without error message
+- CURL_MAX_INPUT_LENGTH: largest acceptable string input size
- When a transfer is done, the resolver thread will be brought down. That
- could accidentally generate an error message in the error buffer even
- though this is not an error situationand the transfer would still return
- OK. An application that still reads the error buffer could find a
- "Could not resolve host: [host name]" message there and get confused.
+ This limits all accepted input strings passed to libcurl to be less than
+ CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls:
+ curl_easy_setopt() and curl_url_set().
- Reported-by: Michael Schmid
- Fixes #3629
- Closes #3630
+ The 8000000 number is arbitrary picked and is meant to detect mistakes
+ or abuse, not to limit actual practical use cases. By limiting the
+ acceptable string lengths we also reduce the risk of integer overflows
+ all over.
+
+ NOTE: This does not apply to `CURLOPT_POSTFIELDS`.
+
+ Test 1559 verifies.
+
+ Closes #3805
-- [Ԝеѕ brought this change]
+- [Tseng Jun brought this change]
- docs: update max-redirs.d phrasing
-
- clarify redir - "in absurdum" doesn't seem to make sense in this context
+ curlver.h: use parenthesis in CURL_VERSION_BITS macro
- Closes #3631
+ Closes #3809
-- ssh: fix Condition '!status' is always true
+Marcel Raad (27 Apr 2019)
+- [Simon Warta brought this change]
+
+ cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP
- in the same sftp_done function in both SSH backends. Simplify them
- somewhat.
+ Closes https://github.com/curl/curl/pull/3769
+
+Steve Holme (23 Apr 2019)
+- ntlm: Missed pre-processor || (or) during rebase for cd15acd0
+
+- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
- Pointed out by Codacy.
+ Just like we do for mbed TLS, use our local implementation of MD4 when
+ OpenSSL doesn't support it. This allows a type-3 message to include the
+ NT response.
+
+Daniel Gustafsson (23 Apr 2019)
+- INTERNALS: fix misindentation of ToC item
- Closes #3628
+ Kerberos was incorrectly indented as a subsection under FTP, which is
+ incorrect as they are both top level sections. A fix for this was first
+ attempted in commit fef38a0898322f285401c5ff2f5e7c90dbf3be63 but that
+ was a few paddles short of being complete.
-- test578: make it read data from the correct test
+- [Aron Bergman brought this change]
-- Curl_easy: remove req.maxfd - never used!
+ INTERNALS: Add structs to ToC
- Introduced in 8b6314ccfb, but not used anymore in current code. Unclear
- since when.
+ Add the subsections under "Structs in libcurl" to the table of contents.
- Closes #3626
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-- http: set state.infilesize when sending formposts
+- [Aron Bergman brought this change]
+
+ INTERNALS: Add code highlighting
- Without it set, we would unwillingly triger the "HTTP error before end
- of send, stop sending" condition even if the entire POST body had been
- sent (since it wouldn't know the expected size) which would
- unnecessarily log that message and close the connection when it didn't
- have to.
+ Make all struct members under the Curl_handler section
+ print in monospace font.
- Reported-by: Matt McClure
- Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html
- Closes #3624
+ Closes #3801
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-- INSTALL: refer to the current TLS library names and configure options
+Daniel Stenberg (22 Apr 2019)
+- docs/BUG-BOUNTY: bug bounty time [skip ci]
+
+ Introducing the curl bug bounty program on hackerone. We now recommend
+ filing security issues directly in the hackerone ticket system which
+ only is readable to curl security team members.
+
+ Assisted-by: Daniel Gustafsson
+
+ Closes #3488
-- FAQ: minor updates and spelling fixes
+Steve Holme (22 Apr 2019)
+- sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
+
+ RFC 4616 specifies the authzid is optional in the client authentication
+ message and that the server will derive the authorisation identity
+ (authzid) from the authentication identity (authcid) when not specified
+ by the client.
-- GOVERNANCE.md: minor spelling fixes
+Jay Satiro (22 Apr 2019)
+- [Gisle Vanem brought this change]
-- Secure Transport: no more "darwinssl"
+ memdebug: fix variable name
- Everyone calls it Secure Transport, now we do too.
+ Follow-up to 76b6348 which renamed logfile as curl_dbg_logfile.
- Reviewed-by: Nick Zitzmann
+ Ref: https://github.com/curl/curl/commit/76b6348#r33259088
+
+Steve Holme (21 Apr 2019)
+- vauth/cleartext: Don't send the authzid if it is empty
- Closes #3619
+ Follow up to 762a292f.
-Marcel Raad (27 Feb 2019)
-- AppVeyor: add classic MinGW build
+Daniel Stenberg (21 Apr 2019)
+- test 196,197,198: add 'retry' keyword [skip ci]
+
+- RELEASE-NOTES: synced
+
+- CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
- But use the MSYS2 shell rather than the default MSYS shell because of
- POSIX path conversion issues. Classic MinGW is only available on the
- Visual Studio 2015 image.
+ ... and disconnect too old ones instead of trying to reuse.
- Closes https://github.com/curl/curl/pull/3623
+ Default max age is set to 118 seconds.
+
+ Ref: #3722
+ Closes #3782
-- AppVeyor: add MinGW-w64 build
+Daniel Gustafsson (20 Apr 2019)
+- [Po-Chuan Hsieh brought this change]
+
+ altsvc: Fix building with cookies disables
- Add a MinGW-w64 build using CMake's MSYS Makefiles generator.
- Use the Visual Studio 2015 image as it has GCC 8, while the
- Visual Studio 2017 image only has GCC 7.2.
+ ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if
+ check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is
+ disabled. Fix by splitting out the function into a separate file which can
+ be included where needed.
- Closes https://github.com/curl/curl/pull/3623
+ Closes #3717
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-Daniel Stenberg (27 Feb 2019)
-- cookies: only save the cookie file if the engine is enabled
-
- Follow-up to 8eddb8f4259.
+Daniel Stenberg (20 Apr 2019)
+- test1002: correct the name [skip ci]
+
+- test660: verify CONNECT_ONLY with IMAP
- If the cookieinfo pointer is NULL there really is nothing to save.
+ which basically just makes sure LOGOUT is *not* issued on disconnect
+
+- Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
- Without this fix, we got a problem when a handle was using shared object
- with cookies and is told to "FLUSH" it to file (which worked) and then
- the share object was removed and when the easy handle was closed just
- afterwards it has no cookieinfo and no cookies so it decided to save an
- empty jar (overwriting the file just flushed).
+ Since the connection has been used by the "outside" we don't know the
+ state of it anymore and curl should not use it anymore.
- Test 1905 now verifies that this works.
+ Bug: https://curl.haxx.se/mail/lib-2019-04/0052.html
- Assisted-by: Michael Wallner
- Assisted-by: Marcel Raad
+ Closes #3795
+
+- multi: fix the statenames (follow-up fix from 2f44e94efb3df8e)
- Closes #3621
+ The list of names must be in sync with the defined states in the header
+ file!
-- [DaVieS brought this change]
+Steve Holme (16 Apr 2019)
+- openvms: Remove pre-processors for Windows as VMS cannot support them
- cacertinmem.c: use multiple certificates for loading CA-chain
+- openvms: Remove pre-processor for SecureTransport as VMS cannot support it
- Closes #3421
+ Fixes #3768
+ Closes #3785
-- urldata: convert bools to bitfields and move to end
+Jay Satiro (16 Apr 2019)
+- TODO: Add issue link to an existing entry
+
+Daniel Stenberg (16 Apr 2019)
+- RELEASE-NOTES: synced
+
+Jay Satiro (16 Apr 2019)
+- tool_help: Warn if curl and libcurl versions do not match
- This allows the compiler to pack and align the structs better in
- memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2
- makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000.
+ .. because functionality may be affected if the versions differ.
- Removed an unused struct field.
+ This commit implements TODO 18.7 "warning if curl version is not in sync
+ with libcurl version".
- No functionality changes.
+ Ref: https://github.com/curl/curl/blob/curl-7_64_1/docs/TODO#L1028-L1033
- Closes #3610
+ Closes https://github.com/curl/curl/pull/3774
-- [Don J Olmstead brought this change]
+Steve Holme (16 Apr 2019)
+- md5: Update the function signature following d84da52d
- curl.h: use __has_declspec_attribute for shared builds
-
- Closes #3616
+- md5: Forgot to update the code alignment in d84da52d
-- curl: display --version features sorted alphabetically
+- md5: Return CURLcode from the internally accessible functions
- Closes #3611
+ Following 28f826b3 to return CURLE_OK instead of numeric 0.
-- runtests: detect "schannel" as an alias for "winssl"
+Daniel Gustafsson (15 Apr 2019)
+- tests: Run global cleanup at end of tests
- Follow-up to 180501cb02
+ Make sure to run curl_global_cleanup() when shutting down the test
+ suite to release any resources allocated in the SSL setup. This is
+ clearly visible when running tests with PolarSSL where the thread
+ lock calloc() memory which isn't released when not running cleanup.
+ Below is an excerpt from the autobuild logs:
- Reported-by: Marcel Raad
- Fixes #3609
- Closes #3620
+ ==12368== 96 bytes in 1 blocks are possibly lost in loss record 1 of 2
+ ==12368== at 0x4837B65: calloc (vg_replace_malloc.c:752)
+ ==12368== by 0x11A76E: curl_dbg_calloc (memdebug.c:205)
+ ==12368== by 0x145CDF: Curl_polarsslthreadlock_thread_setup
+ (polarssl_threadlock.c:54)
+ ==12368== by 0x145B37: Curl_polarssl_init (polarssl.c:865)
+ ==12368== by 0x14129D: Curl_ssl_init (vtls.c:171)
+ ==12368== by 0x118B4C: global_init (easy.c:158)
+ ==12368== by 0x118BF5: curl_global_init (easy.c:221)
+ ==12368== by 0x118D0B: curl_easy_init (easy.c:299)
+ ==12368== by 0x114E96: test (lib1906.c:32)
+ ==12368== by 0x115495: main (first.c:174)
+
+ Closes #3783
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Marcel Raad (26 Feb 2019)
-- AppVeyor: update to Visual Studio 2017
+Marcel Raad (15 Apr 2019)
+- travis: use mbedtls from Xenial
- Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a
- moving target anymore as the last update, Update 9, has been released.
+ No need to build it from source anymore.
- Closes https://github.com/curl/curl/pull/3606
+ Closes https://github.com/curl/curl/pull/3779
-- AppVeyor: switch VS 2015 builds to VS 2017 image
+- travis: use libpsl from Xenial
- The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed.
+ This makes building libpsl and libidn2 from source unnecessary and
+ removes the need for the autopoint and libunistring-dev packages.
- Closes https://github.com/curl/curl/pull/3606
+ Closes https://github.com/curl/curl/pull/3779
-- AppVeyor: explicitly select worker image
+Daniel Stenberg (15 Apr 2019)
+- runtests: start socksd like other servers
- Currently, we're using the default Visual Studio 2015 image for
- everything.
+ ... without a $srcdir prefix. Triggered by the failures in several
+ autobuilds.
- Closes https://github.com/curl/curl/pull/3606
+ Closes #3781
-Daniel Stenberg (26 Feb 2019)
-- strerror: make the strerror function use local buffers
-
- Instead of using a fixed 256 byte buffer in the connectdata struct.
+Daniel Gustafsson (14 Apr 2019)
+- socksd: Fix typos
- In my build, this reduces the size of the connectdata struct by 11.8%,
- from 2160 to 1904 bytes with no functionality or performance loss.
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+- socksd: Properly decorate static variables
- This also fixes a bug in schannel's Curl_verify_certificate where it
- called Curl_sspi_strerror when it should have called Curl_strerror for
- string from GetLastError. the only effect would have been no text or the
- wrong text being shown for the error.
+ Mark global variables static to avoid compiler warning in Clang when
+ using -Wmissing-variable-declarations.
- Co-authored-by: Jay Satiro
+ Closes #3778
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Steve Holme (14 Apr 2019)
+- md(4|5): Fixed indentation oddities with the importation of replacement code
- Closes #3612
+ The indentation from 211d5329 and 57d6d253 was a little strange as
+ parts didn't align correctly, uses 4 spaces rather than 2. Checked
+ the indentation of the original source so it aligns, albeit, using
+ curl style.
-- [Michael Wallner brought this change]
+- md5: Code style to return CURLE_OK rather than numeric 0
- cookies: fix NULL dereference if flushing cookies with no CookieInfo set
-
- Regression brought by a52e46f3900fb0 (shipped in 7.63.0)
-
- Closes #3613
+- md5: Corrected code style for some pointer arguments
-Marcel Raad (26 Feb 2019)
-- AppVeyor: re-enable test 500
+Marcel Raad (13 Apr 2019)
+- travis: update some builds to xenial
- It's passing now.
+ Xenial comes with more up-to-date software versions and more available
+ packages, some of which we currently build from source. Unfortunately,
+ some builds would fail with Xenial because of assertion failures in
+ Valgrind when using OpenSSL, so leave these at Trusty.
- Closes https://github.com/curl/curl/pull/3615
+ Closes https://github.com/curl/curl/pull/3777
-- AppVeyor: remove redundant builds
+Daniel Stenberg (13 Apr 2019)
+- test: make tests and test scripts use socksd for SOCKS
- Remove the Visual Studio 2012 and 2013 builds as they add little value.
+ Make all SOCKS tests use socksd instead of ssh.
+
+- socksd: new SOCKS 4+5 server for tests
- Ref: https://github.com/curl/curl/pull/3606
- Closes https://github.com/curl/curl/pull/3614
+ Closes #3752
-Daniel Stenberg (25 Feb 2019)
-- RELEASE-NOTES: synced
+- singleipconnect: show port in the verbose "Trying ..." message
+
+ To aid debugging better.
-- [Bernd Mueller brought this change]
+- [tmilburn brought this change]
- OpenSSL: add support for TLS ASYNC state
+ CURLOPT_ADDRESS_SCOPE: fix range check and more
- Closes #3591
-
-Jay Satiro (25 Feb 2019)
-- [Michael Felt brought this change]
+ Commit 9081014 fixed most of the confusing issues between scope id and
+ scope however 844896d added bad limits checking assuming that the scope
+ is being set and not the scope id.
+
+ I have fixed the documentation so it all refers to scope ids.
+
+ In addition Curl_if2ip refered to the scope id as remote_scope_id which
+ is incorrect, so I renamed it to local_scope_id.
+
+ Adjusted-by: Daniel Stenberg
+
+ Closes #3655
+ Closes #3765
+ Fixes #3713
- acinclude: add additional libraries to check for LDAP support
+- urlapi: stricter CURLUPART_PORT parsing
- - Add an additional check for LDAP that also checks for OpenSSL since
- on AIX those libraries may be required to link LDAP properly.
+ Only allow well formed decimal numbers in the input.
- Fixes https://github.com/curl/curl/issues/3595
- Closes https://github.com/curl/curl/pull/3596
+ Document that the number MUST be between 1 and 65535.
+
+ Add tests to test 1560 to verify the above.
+
+ Ref: https://github.com/curl/curl/issues/3753
+ Closes #3762
-- [georgeok brought this change]
+Jay Satiro (13 Apr 2019)
+- [Jan Ehrhardt brought this change]
- schannel: support CALG_ECDH_EPHEM algorithm
+ winbuild: Support MultiSSL builds
- Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
- algorithm option when selecting ciphers. This became available on the
- Win10 SDK.
+ - Remove the lines in winbuild/Makefile.vc that generate an error with
+ multiple SSL backends.
- Closes https://github.com/curl/curl/pull/3608
+ - Add /DCURL_WITH_MULTI_SSL in winbuild/MakefileBuild.vc if multiple SSL
+ backends are set.
+
+ Closes https://github.com/curl/curl/pull/3772
-Daniel Stenberg (24 Feb 2019)
-- multi: call multi_done on connect timeouts
+Daniel Stenberg (12 Apr 2019)
+- travis: remove mesalink builds (temporarily?)
- Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get
- updated correctly and could end up getting reported to the application
- completely wrong (way too small).
+ Since the mesalink build started to fail on travis, even though we build
+ a fixed release version, we disable it to prevent it from blocking
+ progress.
- Reported-by: accountantM on github
- Fixes #3602
- Closes #3605
+ Closes #3767
-- examples: remove recursive calls to curl_multi_socket_action
+- openssl: mark connection for close on TLS close_notify
- From within the timer callbacks. Recursive is problematic for several
- reasons. They should still work, but this way the examples and the
- documentation becomes simpler. I don't think we need to encourage
- recursive calls.
+ Without this, detecting and avoid reusing a closed TLS connection
+ (without a previous GOAWAY) when doing HTTP/2 is tricky.
- Discussed in #3537
- Closes #3601
+ Reported-by: Tom van der Woerdt
+ Fixes #3750
+ Closes #3763
-Marcel Raad (23 Feb 2019)
-- configure: remove CURL_CHECK_FUNC_FDOPEN call
+- RELEASE-NOTES: synced
+
+Steve Holme (11 Apr 2019)
+- vauth/cleartext: Update the PLAIN login function signature to match RFC 4616
- The macro itself has been removed in commit
- 11974ac859c5d82def59e837e0db56fef7f6794e.
+ Functionally this doesn't change anything as we still use the username
+ for both the authorisation identity and the authentication identity.
- Closes https://github.com/curl/curl/pull/3604
+ Closes #3757
-Daniel Stenberg (23 Feb 2019)
-- wolfssl: stop custom-adding curves
+Daniel Stenberg (11 Apr 2019)
+- test1906: verify CURLOPT_CURLU + CURLOPT_PORT usage
- since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in
- wolfSSL 3.10.2 and later) it sends these curves by default already.
+ Based-on-code-by: Poul T Lomholt
+
+- url: always clone the CUROPT_CURLU handle
- Pointed-out-by: David Garske
+ Since a few code paths actually update that data.
- Closes #3599
+ Fixes #3753
+ Closes #3761
+
+ Reported-by: Poul T Lomholt
-- configure: remove the unused fdopen macro
+- CURLOPT_DNS_USE_GLOBAL_CACHE: remove
- and the two remaining #ifdefs for it
+ Remove the code too. The functionality has been disabled in code since
+ 7.62.0. Setting this option will from now on simply be ignored and have
+ no function.
- Closes #3600
+ Closes #3654
-Jay Satiro (22 Feb 2019)
-- url: change conn shutdown order to unlink data as last step
-
- - Split off connection shutdown procedure from Curl_disconnect into new
- function conn_shutdown.
+Marcel Raad (11 Apr 2019)
+- travis: install libgnutls28-dev only for --with-gnutls build
- - Change the shutdown procedure to close the sockets before
- disassociating the transfer.
+ Reduces the time needed for the other jobs a little.
- Prior to this change the sockets were closed after disassociating the
- transfer so SOCKETFUNCTION wasn't called since the transfer was already
- disassociated. That likely came about from recent work started in
- Jan 2019 (#3442) to separate transfers from connections.
+ Closes https://github.com/curl/curl/pull/3721
+
+- travis: install libnss3-dev only for --with-nss build
- Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html
- Reported-by: Pavel Löbl
+ Reduces the time needed for the other jobs a little.
- Closes https://github.com/curl/curl/issues/3597
- Closes https://github.com/curl/curl/pull/3598
+ Closes https://github.com/curl/curl/pull/3721
-Marcel Raad (22 Feb 2019)
-- Fix strict-prototypes GCC warning
+- travis: install libssh2-dev only for --with-libssh2 build
- As seen in the MinGW autobuilds. Caused by commit
- f26bc29cfec0be84c67cf74065cf8e5e78fd68b7.
-
-Dan Fandrich (21 Feb 2019)
-- tests: Fixed XML validation errors in some test files.
+ Reduces the time needed for the other jobs a little.
+
+ Closes https://github.com/curl/curl/pull/3721
-Daniel Stenberg (20 Feb 2019)
-- TODO: Allow SAN names in HTTP/2 server push
+- travis: install libssh-dev only for --with-libssh build
- Suggested-by: Nicolas Grekas
+ Reduces the time needed for the other jobs a little.
+
+ Closes https://github.com/curl/curl/pull/3721
-- RELEASE-NOTES: synced
+- travis: install krb5-user only for --with-gssapi build
+
+ Reduces the time needed for the other jobs a little.
+
+ Closes https://github.com/curl/curl/pull/3721
-- curl: remove MANUAL from -M output
+- travis: install lcov only for the coverage job
- ... and remove it from the dist tarball. It has served its time, it
- barely gets updated anymore and "everything curl" is now convering all
- this document once tried to include, and does it more and better.
+ Reduces the time needed for the other jobs a little.
- In the compressed scenario, this removes ~15K data from the binary,
- which is 25% of the -M output.
+ Closes https://github.com/curl/curl/pull/3721
+
+- travis: install clang only when needed
- It remains in the git repo for now for as long as the web site builds a
- page using that as source. It renders poorly on the site (especially for
- mobile users) so its not even good there.
+ This reduces the GCC job runtimes a little and it's needed to
+ selectively update clang builds to xenial.
- Closes #3587
+ Closes https://github.com/curl/curl/pull/3721
-- http2: verify :athority in push promise requests
+- AppVeyor: enable testing for WinSSL build
- RFC 7540 says we should verify that the push is for an "authoritative"
- server. We make sure of this by only allowing push with an :athority
- header that matches the host that was asked for in the URL.
+ Closes https://github.com/curl/curl/pull/3725
+
+- build: fix Codacy/CppCheck warnings
- Fixes #3577
- Reported-by: Nicolas Grekas
- Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html
- Closes #3581
+ - remove unused variables
+ - declare conditionally used variables conditionally
+ - suppress unused variable warnings in the CMake tests
+ - remove dead variable stores
+ - consistently use WIN32 macro to detect Windows
+
+ Closes https://github.com/curl/curl/pull/3739
-- singlesocket: fix the 'sincebefore' placement
+- polarssl_threadlock: remove conditionally unused code
- The variable wasn't properly reset within the loop and thus could remain
- set for sockets that hadn't been set before and miss notifying the app.
+ Make functions no-ops if neither both USE_THREADS_POSIX and
+ HAVE_PTHREAD_H nor both USE_THREADS_WIN32 and HAVE_PROCESS_H are
+ defined. Previously, if only one of them was defined, there was either
+ code compiled that did nothing useful or the wrong header included for
+ the functions used.
- This is a follow-up to 4c35574 (shipped in curl 7.64.0)
+ Also, move POLARSSL_MUTEX_T define to implementation file as it's not
+ used externally.
- Reported-by: buzo-ffm on github
- Detected-by: Jan Alexander Steffens
- Fixes #3585
- Closes #3589
+ Closes https://github.com/curl/curl/pull/3739
-- connection: never reuse CONNECT_ONLY conections
+- lib557: initialize variables
- and make CONNECT_ONLY conections never reuse any existing ones either.
+ These variables are only conditionally initialized.
- Reported-by: Pavel Löbl
- Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html
- Closes #3586
+ Closes https://github.com/curl/curl/pull/3739
-Patrick Monnerat (19 Feb 2019)
-- cli tool: fix mime post with --disable-libcurl-option configure option
+- lib509: add missing include for strdup
- Reported-by: Marcel Raad
- Fixes #3576
- Closes #3583
+ Closes https://github.com/curl/curl/pull/3739
-Daniel Stenberg (19 Feb 2019)
-- x509asn1: cleanup and unify code layout
+- README.md: fix no-consecutive-blank-lines Codacy warning
- - rename 'n' to buflen in functions, and use size_t for them. Don't pass
- in negative buffer lengths.
+ Consistently use one blank line between blocks.
- - move most function comments to above the function starts like we use
- to
+ Closes https://github.com/curl/curl/pull/3739
+
+- tests/server/util: fix Windows Unicode build
- - remove several unnecessary typecasts (especially of NULL)
+ Always use the ANSI version of FormatMessage as we don't have the
+ curl_multibyte gear available here.
- Reviewed-by: Patrick Monnerat
- Closes #3582
+ Closes https://github.com/curl/curl/pull/3758
-- curl_multi_remove_handle.3: use at any time, just not from within callbacks
-
- [ci skip]
+Daniel Stenberg (11 Apr 2019)
+- curl_easy_getinfo.3: fix minor formatting mistake
-- http: make adding a blank header thread-safe
+Daniel Gustafsson (11 Apr 2019)
+- xattr: skip unittest on unsupported platforms
- Previously the function would edit the provided header in-place when a
- semicolon is used to signify an empty header. This made it impossible to
- use the same set of custom headers in multiple threads simultaneously.
+ The stripcredentials unittest fails to compile on platforms without
+ xattr support, for example the Solaris member in the buildfarm which
+ fails with the following:
- This approach now makes a local copy when it needs to edit the string.
+ CC unit1621-unit1621.o
+ CC ../libtest/unit1621-first.o
+ CCLD unit1621
+ Undefined first referenced
+ symbol in file
+ stripcredentials unit1621-unit1621.o
+ goto problem 2
+ ld: fatal: symbol referencing errors. No output written to .libs/unit1621
+ collect2: error: ld returned 1 exit status
+ gmake[2]: *** [Makefile:996: unit1621] Error 1
- Reported-by: d912e3 on github
- Fixes #3578
- Closes #3579
-
-- unit1651: survive curl_easy_init() fails
+ Fix by excluding the test on such platforms by using the reverse
+ logic from where stripcredentials() is defined.
+
+ Closes #3759
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- [Frank Gevaerts brought this change]
+Steve Holme (11 Apr 2019)
+- emailL Added reference to RFC8314 for implicit TLS
- rand: Fix a mismatch between comments in source and header.
+- README: Schannel, stop calling it "winssl"
- Reported-by: Björn Stenberg <bjorn@haxx.se>
- Closes #3584
+ Stick to "Schannel" everywhere - follow up to 180501cb.
-Patrick Monnerat (18 Feb 2019)
-- x509asn1: replace single char with an array
+Jakub Zakrzewski (10 Apr 2019)
+- cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
- Although safe in this context, using a single char as an array may
- cause invalid accesses to adjacent memory locations.
+ This fixes GSSAPI builds with the libraries in a non-standard location.
+ The testing for recv() were failing because it failed to link
+ the Kerberos libraries, which are not needed for this or subsequent
+ tests.
- Detected by Coverity.
+ fixes #3743
+ closes #3744
-Daniel Stenberg (18 Feb 2019)
-- examples/http2-serverpush: add some sensible error checks
+- cmake: avoid linking executable for some tests with cmake 3.6+
- To avoid NULL pointer dereferences etc in the case of problems.
+ With CMAKE_TRY_COMPILE_TARGET_TYPE set to STATIC_LIBRARY, the try_compile()
+ (which is used by check_c_source_compiles()) will build static library
+ instead of executable. This avoids linking additional libraries in and thus
+ speeds up those checks a little.
- Closes #3580
-
-Jay Satiro (18 Feb 2019)
-- easy: fix win32 init to work without CURL_GLOBAL_WIN32
+ This commit also avoids #3743 (GSSAPI build errors) on itself with cmake
+ 3.6 or above. That issue was fixed separately for all versions.
- - Change the behavior of win32_init so that the required initialization
- procedures are not affected by CURL_GLOBAL_WIN32 flag.
+ Ref: #3744
+
+- cmake: minor cleanup
- libcurl via curl_global_init supports initializing for win32 with an
- optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop
- Winsock initialization. It did so internally by skipping win32_init()
- when that flag was set. Since then win32_init() has been expanded to
- include required initialization routines that are separate from
- Winsock and therefore must be called in all cases. This commit fixes
- it so that CURL_GLOBAL_WIN32 only controls the optional win32
- initialization (which is Winsock initialization, according to our doc).
+ - Remove nneeded include_regular_expression.
+ It was setting what is already a default.
- The only users affected by this change are those that don't pass
- CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the
- risk of a potential crash.
+ - Remove duplicated include.
- Ref: https://github.com/curl/curl/pull/3573
+ - Don't check for pre-3.0.0 CMake version.
+ We already require at least 3.0.0, so it's just clutter.
- Fixes https://github.com/curl/curl/issues/3313
- Closes https://github.com/curl/curl/pull/3575
+ Ref: #3744
-Daniel Gustafsson (17 Feb 2019)
-- cookie: Add support for cookie prefixes
-
- The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
- and how they should affect cookie initialization, which has been
- adopted by the major browsers. This adds support for the two prefixes
- defined, __Host- and __Secure, and updates the testcase with the
- supplied examples from the draft.
-
- Closes #3554
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+Steve Holme (8 Apr 2019)
+- build-openssl.bat: Fixed support for OpenSSL v1.1.0+
-- mbedtls: release sessionid resources on error
-
- If mbedtls_ssl_get_session() fails, it may still have allocated
- memory that needs to be freed to avoid leaking. Call the library
- API function to release session resources on this errorpath as
- well as on Curl_ssl_addsessionid() errors.
-
- Closes: #3574
- Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+- build-openssl.bat: Perfer the use of if statements rather than goto (where possible)
-Patrick Monnerat (16 Feb 2019)
-- cli tool: refactor encoding conversion sequence for switch case fallthrough.
+- build-openssl.bat: Perform the install for each build type directly after the build
-- version.c: silent scan-build even when librtmp is not enabled
+- build-openssl.bat: Split the install of static and shared build types
-Daniel Stenberg (15 Feb 2019)
-- RELEASE-NOTES: synced
+- build-openssl.bat: Split the building of static and shared build types
-- Curl_now: figure out windows version in win32_init
-
- ... and avoid use of static variables that aren't thread safe.
-
- Fixes regression from e9ababd4f5a (present in the 7.64.0 release)
-
- Reported-by: Paul Groke
- Fixes #3572
- Closes #3573
+- build-openssl.bat: Move the installation into a separate function
-Marcel Raad (15 Feb 2019)
-- unit1307: just fail without FTP support
-
- I missed to check this in with commit
- 71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test.
- This fixes the actual linker error.
-
- Closes https://github.com/curl/curl/pull/3568
+- build-openssl.bat: Move the build step into a separate function
-Daniel Stenberg (15 Feb 2019)
-- travis: enable valgrind for the iconv tests too
-
- Closes #3571
+- build-openssl.bat: Move the OpenSSL configuration into a separate function
-- travis: add scan-build
+- build-openssl.bat: Fixed the BUILD_CONFIG variable not being initialised
- Closes #3564
+ Should the parent environment set this variable then the build might
+ not be performed as the user intended.
-- examples/sftpuploadresume: Value stored to 'result' is never read
-
- Detected by scan-build
+Daniel Stenberg (8 Apr 2019)
+- socks: fix error message
-- examples/http2-upload: cleaned up
+- config.d: clarify that initial : and = might need quoting [skip ci]
- Fix scan-build warnings, no globals, no silly handle scan. Also remove
- handles from the multi before cleaning up.
+ Fixes #3738
+ Closes #3749
-- examples/http2-download: cleaned up
+- RELEASE-NOTES: synced
- To avoid scan-build warnings and global variables.
+ bumped to 7.65.0 for next release
-- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
+- socks5: user name and passwords must be shorter than 256
- Detected by scan-build
-
-- examples/httpcustomheader: Value stored to 'res' is never read
+ bytes... since the protocol needs to store the length in a single byte field.
- Detected by scan-build
+ Reported-by: XmiliaH on github
+ Fixes #3737
+ Closes #3740
-- examples: remove superfluous null-pointer checks
-
- in ftpget, ftpsget and sftpget, so that scan-build stops warning for
- potential NULL pointer dereference below!
-
- Detected by scan-build
+- [Jakub Zakrzewski brought this change]
-- strip_trailing_dot: make sure NULL is never used for strlen
-
- scan-build warning: Null pointer passed as an argument to a 'nonnull'
- parameter
+ test: urlapi: urlencode characters above 0x7f correctly
-- [Jay Satiro brought this change]
+- [Jakub Zakrzewski brought this change]
- connection_check: restore original conn->data after the check
-
- - Save the original conn->data before it's changed to the specified
- data transfer for the connection check and then restore it afterwards.
-
- This is a follow-up to 38d8e1b 2019-02-11.
+ urlapi: urlencode characters above 0x7f correctly
- History:
+ fixes #3741
+ Closes #3742
+
+- [Even Rouault brought this change]
+
+ multi_runsingle(): fix use-after-free
- It was discovered a month ago that before checking whether to extract a
- dead connection that that connection should be associated with a "live"
- transfer for the check (ie original conn->data ignored and set to the
- passed in data). A fix was landed in 54b201b which did that and also
- cleared conn->data after the check. The original conn->data was not
- restored, so presumably it was thought that a valid conn->data was no
- longer needed.
+ Fixes #3745
+ Closes #3746
- Several days later it was discovered that a valid conn->data was needed
- after the check and follow-up fix was landed in bbae24c which partially
- reverted the original fix and attempted to limit the scope of when
- conn->data was changed to only when pruning dead connections. In that
- case conn->data was not cleared and the original conn->data not
- restored.
+ The following snippet
+ ```
- A month later it was discovered that the original fix was somewhat
- correct; a "live" transfer is needed for the check in all cases
- because original conn->data could be null which could cause a bad deref
- at arbitrary points in the check. A fix was landed in 38d8e1b which
- expanded the scope to all cases. conn->data was not cleared and the
- original conn->data not restored.
+ int main()
+ {
+ CURL* hCurlHandle = curl_easy_init();
+ curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com");
+ curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1");
+ curl_easy_perform(hCurlHandle);
+ curl_easy_cleanup(hCurlHandle);
+ return 0;
+ }
+ ```
+ triggers the following Valgrind warning
- A day later it was discovered that not restoring the original conn->data
- may lead to busy loops in applications that use the event interface, and
- given this observation it's a pretty safe assumption that there is some
- code path that still needs the original conn->data. This commit is the
- follow-up fix for that, it restores the original conn->data after the
- connection check.
+ ```
+ ==4125== Invalid read of size 8
+ ==4125== at 0x4E7D1EE: Curl_llist_remove (llist.c:97)
+ ==4125== by 0x4E7EF5C: detach_connnection (multi.c:798)
+ ==4125== by 0x4E80545: multi_runsingle (multi.c:1451)
+ ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072)
+ ==4125== by 0x4E766A0: easy_transfer (easy.c:625)
+ ==4125== by 0x4E76915: easy_perform (easy.c:719)
+ ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738)
+ ==4125== by 0x4008BE: main (in /home/even/curl/test)
+ ==4125== Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd
+ ==4125== at 0x4C2ECF0: free (vg_replace_malloc.c:530)
+ ==4125== by 0x4E62C36: conn_free (url.c:756)
+ ==4125== by 0x4E62D34: Curl_disconnect (url.c:818)
+ ==4125== by 0x4E48DF9: Curl_once_resolved (hostip.c:1097)
+ ==4125== by 0x4E8052D: multi_runsingle (multi.c:1446)
+ ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072)
+ ==4125== by 0x4E766A0: easy_transfer (easy.c:625)
+ ==4125== by 0x4E76915: easy_perform (easy.c:719)
+ ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738)
+ ==4125== by 0x4008BE: main (in /home/even/curl/test)
+ ==4125== Block was alloc'd at
+ ==4125== at 0x4C2F988: calloc (vg_replace_malloc.c:711)
+ ==4125== by 0x4E6438E: allocate_conn (url.c:1654)
+ ==4125== by 0x4E685B4: create_conn (url.c:3496)
+ ==4125== by 0x4E6968F: Curl_connect (url.c:4023)
+ ==4125== by 0x4E802E7: multi_runsingle (multi.c:1368)
+ ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072)
+ ==4125== by 0x4E766A0: easy_transfer (easy.c:625)
+ ==4125== by 0x4E76915: easy_perform (easy.c:719)
+ ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738)
+ ==4125== by 0x4008BE: main (in /home/even/curl/test)
+ ```
- Assisted-by: tholin@users.noreply.github.com
- Reported-by: tholin@users.noreply.github.com
+ This has been bisected to commit 2f44e94
- Fixes https://github.com/curl/curl/issues/3542
- Closes #3559
+ Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109
+ Credit to OSS Fuzz
-- memdebug: bring back curl_mark_sclose
+- pipelining: removed
- Used by debug builds with NSS.
+ As previously planned and documented in DEPRECATE.md, all pipelining
+ code is removed.
- Reverted from 05b100aee247bb
+ Closes #3651
-Patrick Monnerat (14 Feb 2019)
-- transfer.c: do not compute length of undefined hex buffer.
-
- On non-ascii platforms, the chunked hex header was measured for char code
- conversion length, even for chunked trailers that do not have an hex header.
- In addition, the efective length is already known: use it.
- Since the hex length can be zero, only convert if needed.
-
- Reported by valgrind.
+- [cclauss brought this change]
-Daniel Stenberg (14 Feb 2019)
-- KNOWN_BUGS: Cannot compile against a static build of OpenLDAP
+ tests: make Impacket (SMB server) Python 3 compatible
- Closes #2367
+ Closes #3731
+ Fixes #3289
-Patrick Monnerat (14 Feb 2019)
-- x509asn1: "Dereference of null pointer"
-
- Detected by scan-build (false positive).
+Marcel Raad (6 Apr 2019)
+- [Simon Warta brought this change]
-Daniel Stenberg (14 Feb 2019)
-- configure: show features as well in the final summary
+ cmake: set SSL_BACKENDS
- Closes #3569
-
-- KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10
+ This groups all SSL backends into the feature "SSL" and sets the
+ SSL_BACKENDS analogue to configure.ac
- Closes #2905
+ Closes https://github.com/curl/curl/pull/3736
-- KNOWN_BUGS: Deflate error after all content was received
-
- Closes #2719
+- [Simon Warta brought this change]
-- gssapi: fix deprecated header warnings
-
- Heimdal includes on FreeBSD spewed out lots of them. Less so now.
+ cmake: don't run SORT on empty list
- Closes #3566
-
-- TODO: Upgrade to websockets
+ In case of an empty list, SORTing leads to the cmake error "list
+ sub-command SORT requires list to be present."
- Closes #3523
+ Closes https://github.com/curl/curl/pull/3736
-- TODO: cmake test suite improvements
-
- Closes #3109
+Daniel Gustafsson (5 Apr 2019)
+- [Eli Schwartz brought this change]
-Patrick Monnerat (13 Feb 2019)
-- curl: "Dereference of null pointer"
+ configure: fix default location for fish completions
- Rephrase to satisfy scan-build.
-
-Marcel Raad (13 Feb 2019)
-- unit1307: require FTP support
+ Fish defines a vendor completions directory for completions that are not
+ installed as part of the fish project itself, and the vendor completions
+ are preferred if they exist. This prevents trying to overwrite the
+ builtin curl.fish completion (or creating file conflicts in distro
+ packaging).
- This test doesn't link without FTP support after
- fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch
- unavailable without FTP support.
+ Prefer the pkg-config defined location exported by fish, if it can be
+ found, and fall back to the correct directory defined by most systems.
- Closes https://github.com/curl/curl/pull/3565
+ Closes #3723
+ Reviewed-by: Daniel Gustafsson
-Daniel Stenberg (13 Feb 2019)
-- TODO: TFO support on Windows
+Marcel Raad (5 Apr 2019)
+- ftplistparser: fix LGTM alert "Empty block without comment"
- Nobody works on this now.
+ Removing the block is consistent with line 954/957.
- Closes #3378
+ Closes https://github.com/curl/curl/pull/3732
-- multi: Dereference of null pointer
-
- Mostly a false positive, but this makes the code easier to read anyway.
+- transfer: fix LGTM alert "Comparison is always true"
- Detected by scan-build.
+ Just remove the redundant condition, which also makes it clear that
+ k->buf is always 0-terminated if this break is not hit.
- Closes #3563
+ Closes https://github.com/curl/curl/pull/3732
-- urlglob: Argument with 'nonnull' attribute passed null
-
- Detected by scan-build.
+Jay Satiro (4 Apr 2019)
+- [Rikard Falkeborn brought this change]
-Jay Satiro (12 Feb 2019)
-- schannel: restore some debug output but only for debug builds
+ smtp: fix compiler warning
- Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy
- debug output in DEBUGF but omitted a few lines.
+ - Fix clang string-plus-int warning.
- Ref: https://github.com/curl/curl/commit/84c10dc#r32292900
-
-- examples/crawler: Fix the Accept-Encoding setting
+ Clang 8 warns about adding a string to an int does not append to the
+ string. Indeed it doesn't, but that was not the intention either. Use
+ array indexing as suggested to silence the warning. There should be no
+ functional changes.
- - Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default
- supported encodings.
+ (In other words clang warns about "foo"+2 but not &"foo"[2] so use the
+ latter.)
- Prior to this change the specific encodings of gzip and deflate were set
- but there's no guarantee they'd be supported by the user's libcurl.
+ smtp.c:1221:29: warning: adding 'int' to a string does not append to the
+ string [-Wstring-plus-int]
+ eob = strdup(SMTP_EOB + 2);
+ ~~~~~~~~~~~~~~~~^~~~
+
+ Closes https://github.com/curl/curl/pull/3729
-Daniel Stenberg (12 Feb 2019)
-- mime: put the boundary buffer into the curl_mime struct
+Marcel Raad (4 Apr 2019)
+- VS projects: use Unicode for VC10+
- ... instead of allocating it separately and point to it. It is
- fixed-size and always used for each part.
+ All Windows APIs have been natively UTF-16 since Windows 2000 and the
+ non-Unicode variants are just wrappers around them. Only Windows 9x
+ doesn't understand Unicode without the UnicoWS DLL. As later Visual
+ Studio versions cannot target Windows 9x anyway, using the ANSI API
+ doesn't really have any benefit there.
- Closes #3561
-
-- schannel: be quiet
+ This avoids issues like KNOWN_BUGS 6.5.
- Convert numerous infof() calls into debug-build only messages since they
- are annoyingly verbose for regular applications. Removed a few.
+ Ref: https://github.com/curl/curl/issues/2120
+ Closes https://github.com/curl/curl/pull/3720
+
+Daniel Gustafsson (3 Apr 2019)
+- RELEASE-NOTES: synced
- Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html
- Reported-by: Volker Schmid
- Closes #3552
+ Bump the version in progress to 7.64.2, if we merge any "change"
+ before the cut-off date we can update the version.
-- [Romain Geissler brought this change]
+- [Tim Rühsen brought this change]
- Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
+ documentation: Fix several typos
- Closes #3562
+ Closes #3724
+ Reviewed-by: Jakub Zakrzewski
+ Reviewed-by: Daniel Gustafsson
-- http2: multi_connchanged() moved from multi.c, only used for h2
-
- Closes #3557
+Jay Satiro (2 Apr 2019)
+- [Mert Yazıcıoğlu brought this change]
-- curl: "Function call argument is an uninitialized value"
+ vauth/oauth2: Fix OAUTHBEARER token generation
- Follow-up to cac0e4a6ad14b42471eb
+ OAUTHBEARER tokens were incorrectly generated in a format similar to
+ XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the
+ RFC7628.
- Detected by scan-build
- Closes #3560
+ Fixes: #2487
+ Reported-by: Paolo Mossino
+
+ Closes https://github.com/curl/curl/pull/3377
-- pretransfer: don't strlen() POSTFIELDS set for GET requests
+Marcel Raad (2 Apr 2019)
+- tool_cb_wrt: fix bad-function-cast warning
- ... since that data won't be used in the request anyway.
+ Commit f5bc578f4cdfdc6c708211dfc2962a0e9d79352d reintroduced the
+ warning fixed in commit 2f5f31bb57d68b54e03bffcd9648aece1fe564f8.
+ Extend fhnd's scope and reuse that variable instead of calling
+ _get_osfhandle a second time to fix the warning again.
- Fixes #3548
- Reported-by: Renaud Allard
- Close #3549
+ Closes https://github.com/curl/curl/pull/3718
-- multi: remove verbose "Expire in" ... messages
+- VC15 project: remove MinimalRebuild
- Reported-by: James Brown
- Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html
- Closes #3558
+ Already done in commit d5cfefd0ea8e331b884186bff484210fad36e345 for the
+ library project, but I forgot the tool project template. Now also
+ removed for that.
-- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
+Dan Fandrich (1 Apr 2019)
+- cirrus: Customize the disabled tests per FreeBSD version
- Reported-by: MAntoniak on github
- Fixes #3553
- Closes #3556
+ Try to run as many test cases as possible on each OS version.
+ 12.0 passes 13 more tests than the older versions, so we might as well
+ run them.
-Daniel Gustafsson (12 Feb 2019)
-- non-ascii.c: fix typos in comments
+Daniel Stenberg (1 Apr 2019)
+- tool_help: include <strings.h> for strcasecmp
- Fix two occurrences of s/convers/converts/ spotted while reading code.
+ Reported-by: Wyatt O'Day
+ Fixes #3715
+ Closes #3716
-Daniel Stenberg (12 Feb 2019)
-- fnmatch: disable if FTP is disabled
-
- Closes #3551
+Daniel Gustafsson (31 Mar 2019)
+- scripts: fix typos
-- curl_path: only enabled for SSH builds
+Dan Fandrich (28 Mar 2019)
+- travis: allow builds on branches named "ci"
+
+ This allows a way to test changes other than through PRs.
-- [Frank Gevaerts brought this change]
+Daniel Stenberg (27 Mar 2019)
+- [Brad Spencer brought this change]
- tests: add stderr comparison to the test suite
+ resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
- The code is more or less copied from the stdout comparison code, maybe
- some better reuse is possible.
+ Closes #3699
+
+- multi: improved HTTP_1_1_REQUIRED handling
- test 1457 is adjusted to make the output actually match (by using --silent)
- test 506 used <stderr> without actually needing it, so that <stderr> block is removed
+ Make sure to downgrade to 1.1 even when we get this HTTP/2 stream error
+ on first flight.
- Closes #3536
+ Reported-by: niner on github
+ Fixes #3696
+ Closes #3707
-Patrick Monnerat (11 Feb 2019)
-- cli tool: do not use mime.h private structures.
+- [Leonardo Taccari brought this change]
+
+ configure: avoid unportable `==' test(1) operator
- Option -F generates an intermediate representation of the mime structure
- that is used later to create the libcurl mime structure and generate
- the --libcurl statements.
-
- Reported-by: Daniel Stenberg
- Fixes #3532
- Closes #3546
+ Closes #3709
-Daniel Stenberg (11 Feb 2019)
-- curlver: bump to 7.64.1-dev
+Version 7.64.1 (27 Mar 2019)
-- RELEASE-NOTES: synced
-
- and bump the version in progress to 7.64.1. If we merge any "change"
- before the cut-off date, we update again.
+Daniel Stenberg (27 Mar 2019)
+- RELEASE: 7.64.1
-Daniel Gustafsson (11 Feb 2019)
-- curl: follow-up to 3f16990ec84
+- Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set"
- Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was
- inadvertently introducing a new bug in the ternary expression.
+ This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00.
- Close #3555
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Fixes #3708
-- dns: release sharelock as soon as possible
-
- There is no benefit to holding the data sharelock when freeing the
- addrinfo in case it fails, so ensure releaseing it as soon as we can
- rather than holding on to it. This also aligns the code with other
- consumers of sharelocks.
+- [Christian Schmitz brought this change]
+
+ ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set
- Closes #3516
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3704
-Daniel Stenberg (11 Feb 2019)
-- curl: follow-up to b49652ac66cc0
+Jay Satiro (26 Mar 2019)
+- tool_cb_wrt: fix writing to Windows null device NUL
- On FreeBSD, return non-zero on error otherwise zero.
+ - Improve console detection.
- Reported-by: Marcel Raad
-
-- multi: (void)-prefix when ignoring return values
+ Prior to this change WriteConsole could be called to write to a handle
+ that may not be a console, which would cause an error. This issue is
+ limited to character devices that are not also consoles such as the null
+ device NUL.
- ... and added braces to two function calls which fixes warnings if they
- are replace by empty macros at build-time.
+ Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724
+ Reported-by: Gisle Vanem
-- curl: fix FreeBSD compiler warning in the --xattr code
+- CURLMOPT_PIPELINING.3: fix typo
+
+Daniel Stenberg (25 Mar 2019)
+- TODO: config file parsing
- Closes #3550
+ Closes #3698
-- connection_check: set ->data to the transfer doing the check
+Jay Satiro (24 Mar 2019)
+- os400: Disable Alt-Svc by default since it's experimental
- The http2 code for connection checking needs a transfer to use. Make
- sure a working one is set before handler->connection_check() is called.
+ Follow-up to 520f0b4 which added Alt-Svc support and enabled it by
+ default for OS400. Since the feature is experimental, it should be
+ disabled by default.
- Reported-by: jnbr on github
- Fixes #3541
- Closes #3547
+ Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332
+ Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html
+
+ Closes https://github.com/curl/curl/pull/3688
-- hostip: make create_hostcache_id avoid alloc + free
+Dan Fandrich (24 Mar 2019)
+- tests: Fixed XML validation errors in some test files.
+
+- tests: Fix some incorrect precheck error messages.
- Closes #3544
+ [ci skip]
-- scripts/singleuse: script to use to track single-use functions
+Daniel Stenberg (22 Mar 2019)
+- curl_url.3: this is not experimental anymore
+
+- travis: bump the used wolfSSL version to 4.0.0
- That is functions that are declared global but are not used from outside
- of the file in which it is declared. Such functions should be made
- static or even at times be removed.
+ Test 311 is now fine, leaving only 313 (CRL) disabled.
- It also verifies that all used curl_ prefixed functions are "blessed"
+ Test 313 details can be found here:
+ https://github.com/wolfSSL/wolfssl/issues/1546
- Closes #3538
+ Closes #3697
-- cleanup: make local functions static
+Daniel Gustafsson (22 Mar 2019)
+- lib: Fix typos in comments
+
+David Woodhouse (20 Mar 2019)
+- openssl: if cert type is ENG and no key specified, key is ENG too
- urlapi: turn three local-only functions into statics
+ Fixes #3692
+ Closes #3692
+
+Daniel Stenberg (20 Mar 2019)
+- sectransp: tvOS 11 is required for ALPN support
- conncache: make conncache_find_first_connection static
+ Reported-by: nianxuejie on github
+ Assisted-by: Nick Zitzmann
+ Assisted-by: Jay Satiro
+ Fixes #3689
+ Closes #3690
+
+- test1541: threaded connection sharing
- multi: make detach_connnection static
+ The threaded-shared-conn.c example turned into test case. Only works if
+ pthread was detected.
- connect: make getaddressinfo static
+ An attempt to detect future regressions such as e3a53e3efb942a5
- curl_ntlm_core: make hmac_md5 static
+ Closes #3687
+
+Patrick Monnerat (17 Mar 2019)
+- os400: alt-svc support.
- http2: make two functions static
+ Although experimental, enable it in the platform config file.
+ Upgrade ILE/RPG binding.
+
+Daniel Stenberg (17 Mar 2019)
+- conncache: use conn->data to know if a transfer owns it
- http: make http_setup_conn static
+ - make sure an already "owned" connection isn't returned unless
+ multiplexed.
- connect: make tcpnodelay static
+ - clear ->data when returning the connection to the cache again
- tests: make UNITTEST a thing to mark functions with, so they can be static for
- normal builds and non-static for unit test builds
+ Regression since 7.62.0 (probably in commit 1b76c38904f0)
- ... and mark Curl_shuffle_addr accordingly.
+ Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html
- url: make up_free static
+ Closes #3686
+
+- RELEASE-NOTES: synced
+
+- [Chris Young brought this change]
+
+ configure: add --with-amissl
- setopt: make vsetopt static
+ AmiSSL is an Amiga native library which provides a wrapper over OpenSSL.
+ It also requires all programs using it to use bsdsocket.library
+ directly, rather than accessing socket functions through clib, which
+ libcurl was not necessarily doing previously. Configure will now check
+ for the headers and ensure they are included if found.
- curl_endian: make write32_le static
+ Closes #3677
+
+- [Chris Young brought this change]
+
+ vtls: rename some of the SSL functions
- rtsp: make rtsp_connisdead static
+ ... in the SSL structure as AmiSSL is using macros for the socket API
+ functions.
+
+- [Chris Young brought this change]
+
+ tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
+
+- [Chris Young brought this change]
+
+ tool_operate: build on AmigaOS
+
+- makefile: make checksrc and hugefile commands "silent"
- warnless: remove unused functions
+ ... to match the style already used for compiling, linking
+ etc. Acknowledges 'make V=1' to enable verbose.
- memdebug: remove one unused function, made another static
+ Closes #3681
-Dan Fandrich (10 Feb 2019)
-- cirrus: Added FreeBSD builds using Cirrus CI.
+- curl.1: --user and --proxy-user are hidden from ps output
- The build logs will be at https://cirrus-ci.com/github/curl/curl
+ Suggested-by: Eric Curtin
+ Improved-by: Dan Fandrich
+ Ref: #3680
- Some tests are currently failing and so disabled for now. The SSH server
- isn't starting for the SSH tests due to unsupported options used in its
- config file. The DICT server also is failing on startup.
+ Closes #3683
-Daniel Stenberg (9 Feb 2019)
-- url/idnconvert: remove scan for <= 32 ascii values
+- curl.1: mark the argument to --cookie as <data|filename>
- The check was added back in fa939220df before the URL parser would catch
- these problems and therefore these will never trigger now.
+ From a discussion in #3676
- Closes #3539
+ Suggested-by: Tim Rühsen
+
+ Closes #3682
-- urlapi: reduce variable scope, remove unreachable 'break'
+Dan Fandrich (14 Mar 2019)
+- fuzzer: Only clone the latest fuzzer code, for speed.
+
+Daniel Stenberg (14 Mar 2019)
+- [Dominik Hölzl brought this change]
+
+ Negotiate: fix for HTTP POST with Negotiate
- Both nits pointed out by codacy.com
+ * Adjusted unit tests 2056, 2057
+ * do not generally close connections with CURLAUTH_NEGOTIATE after every request
+ * moved negotiatedata from UrlState to connectdata
+ * Added stream rewind logic for CURLAUTH_NEGOTIATE
+ * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
+ * Consider authproblem state for CURLAUTH_NEGOTIATE
+ * Consider reuse_forbid for CURLAUTH_NEGOTIATE
+ * moved and adjusted negotiate authentication state handling from
+ output_auth_headers into Curl_output_negotiate
+ * Curl_output_negotiate: ensure auth done is always set
+ * Curl_output_negotiate: Set auth done also if result code is
+ GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
+ also indicate the last challenge request (only works with disabled
+ Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
+ * Consider "Persistent-Auth" header, detect if not present;
+ Reset/Cleanup negotiate after authentication if no persistent
+ authentication
+ * apply changes introduced with #2546 for negotiate rewind logic
- Closes #3540
+ Fixes #1261
+ Closes #1975
-Alessandro Ghedini (7 Feb 2019)
-- zsh.pl: escape ':' character
-
- ':' is interpreted as separator by zsh, so if used as part of the argument
- or option's description it needs to be escaped.
+- [Marc Schlatter brought this change]
+
+ http: send payload when (proxy) authentication is done
- The problem can be reproduced as follows:
+ The check that prevents payload from sending in case of authentication
+ doesn't check properly if the authentication is done or not.
- % curl --reso<TAB>
- % curl -E <TAB>
+ They're cases where the proxy respond "200 OK" before sending
+ authentication challenge. This change takes care of that.
- Bug: https://bugs.debian.org/921452
+ Fixes #2431
+ Closes #3669
-- zsh.pl: update regex to better match curl -h output
+- file: fix "Checking if unsigned variable 'readcount' is less than zero."
- The current regex fails to match '<...>' arguments properly (e.g. those
- with spaces in them), which causes an completion script with wrong
- descriptions for some options.
+ Pointed out by codacy
- Here's a diff of the generated completion script, comparing the previous
- version to the one with this fix:
+ Closes #3672
+
+- memdebug: log pointer before freeing its data
- --- /usr/share/zsh/vendor-completions/_curl 2019-01-15 20:47:40.000000000 +0000
- +++ _curl 2019-02-05 20:57:29.453349040 +0000
- @@ -9,48 +9,48 @@
+ Coverity warned for two potentional "Use after free" cases. Both are false
+ positives because the memory wasn't used, it was only the actual pointer
+ value that was logged.
- _arguments -C -S \
- --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
- + --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
- {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
- {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
- {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
- --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
- - --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
- + --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
- {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
- --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
- --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
- - --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
- --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
- --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
- - --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
- - --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
- + --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
- --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
- --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
- + --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
- --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
- + --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
- {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
- --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
- --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
- - --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
- + --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
- --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
- --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
- - --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
- {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
- --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
- --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
- {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
- - --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
- - --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
- - {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
- - --location-trusted'[--location, and send auth to other hosts]':'Like' \
- + --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
- --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
- {-O,--remote-name}'[Write output to a file named as the remote file]' \
- + --retry-connrefused'[Retry on connection refused (use with --retry)]' \
- + --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
- --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
- --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
- --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
- {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
- + {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
- {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
- --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
- --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
- - --ignore-content-length'[the size of the remote resource]':'Ignore' \
- {-k,--insecure}'[Allow insecure server connections when using SSL]' \
- + --location-trusted'[Like --location, and send auth to other hosts]' \
- --mail-auth'[Originator address of the original email]':'<address>' \
- --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
- --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
- @@ -62,18 +62,19 @@
- --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
- --cacert'[CA certificate to verify peer against]':'<file>':_files \
- {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
- + --ignore-content-length'[Ignore the size of the remote resource]' \
- {-i,--include}'[Include protocol response headers in the output]' \
- --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
- --unix-socket'[Connect through this Unix domain socket]':'<path>' \
- {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
- - --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
- {-o,--output}'[Write to file instead of stdout]':'<file>':_files \
- - {-J,--remote-header-name}'[the header-provided filename]':'Use' \
- + --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
- --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
- {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
- {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
- --capath'[CA directory to verify peer against]':'<dir>':_files \
- {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
- + --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
- --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
- {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
- --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
- @@ -81,52 +82,49 @@
- {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
- --egd-file'[EGD socket path for random data]':'<file>':_files \
- --fail-early'[Fail on first transfer error, do not continue]' \
- - --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
- - --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
- + {-J,--remote-header-name}'[Use the header-provided filename]' \
- --retry-max-time'[Retry only within this period]':'<seconds>' \
- --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
- --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
- - --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
- - --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
- --cert-status'[Verify the status of the server certificate]' \
- - --ftp-create-dirs'[the remote dirs if not present]':'Create' \
- {-:,--next}'[Make next URL use its separate set of options]' \
- --proxy-key-type'[Private key file type for proxy]':'<type>' \
- - --remote-name-all'[the remote file name for all URLs]':'Use' \
- {-X,--request}'[Specify request command to use]':'<command>' \
- --retry'[Retry request if transient problems occur]':'<num>' \
- - --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
- --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
- --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
- --create-dirs'[Create necessary local directory hierarchy]' \
- + --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
- --max-redirs'[Maximum number of redirects allowed]':'<num>' \
- {-n,--netrc}'[Must read .netrc for user name and password]' \
- + {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
- --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
- --sasl-ir'[Enable initial response in SASL authentication]' \
- - --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
- + --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
- + --ssl-allow-beast'[Allow security flaw to improve interop]' \
- + --ftp-create-dirs'[Create the remote dirs if not present]' \
- --interface'[Use network INTERFACE (or address)]':'<name>' \
- --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
- --netrc-file'[Specify FILE for netrc]':'<filename>':_files \
- {-N,--no-buffer}'[Disable buffering of the output stream]' \
- --proxy-service-name'[SPNEGO proxy service name]':'<name>' \
- - --styled-output'[styled output for HTTP headers]':'Enable' \
- + --remote-name-all'[Use the remote file name for all URLs]' \
- + --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
- --max-filesize'[Maximum file size to download]':'<bytes>' \
- --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
- --no-keepalive'[Disable TCP keepalive on the connection]' \
- {-#,--progress-bar}'[Display transfer progress as a bar]' \
- - {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
- - --proxy-anyauth'[any proxy authentication method]':'Pick' \
- {-Q,--quote}'[Send command(s) to server before transfer]' \
- - --request-target'[the target for this request]':'Specify' \
- + --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
- {-u,--user}'[Server user and password]':'<user:password>' \
- {-K,--config}'[Read config from a file]':'<file>':_files \
- {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
- --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
- - --disallow-username-in-url'[username in url]':'Disallow' \
- --krb'[Enable Kerberos with security <level>]':'<level>' \
- --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
- --proxy-digest'[Use Digest authentication on the proxy]' \
- --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
- + --styled-output'[Enable styled output for HTTP headers]' \
- {-b,--cookie}'[Send cookies from string/file]':'<data>' \
- --data-urlencode'[HTTP POST data url encoded]':'<data>' \
- --delegation'[GSS-API delegation permission]':'<LEVEL>' \
- @@ -134,7 +132,10 @@
- --post301'[Do not switch to GET after following a 301]' \
- --post302'[Do not switch to GET after following a 302]' \
- --post303'[Do not switch to GET after following a 303]' \
- + --proxy-anyauth'[Pick any proxy authentication method]' \
- + --request-target'[Specify the target for this request]' \
- --trace-time'[Add time stamps to trace/verbose output]' \
- + --disallow-username-in-url'[Disallow username in url]' \
- --dns-servers'[DNS server addrs to use]':'<addresses>' \
- {-G,--get}'[Put the post data in the URL and use GET]' \
- --limit-rate'[Limit transfer speed to RATE]':'<speed>' \
- @@ -148,21 +149,21 @@
- --metalink'[Process given URLs as metalink XML file]' \
- --tr-encoding'[Request compressed transfer encoding]' \
- --xattr'[Store metadata in extended file attributes]' \
- - --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
- --pass'[Pass phrase for the private key]':'<phrase>' \
- --proxy-ntlm'[Use NTLM authentication on the proxy]' \
- {-S,--show-error}'[Show error even when -s is used]' \
- - --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
- + --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
- --form-string'[Specify multipart MIME data]':'<name=string>' \
- --login-options'[Server login options]':'<options>' \
- --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
- - --tftp-no-options'[not send any TFTP options]':'Do' \
- {-v,--verbose}'[Make the operation more talkative]' \
- + --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
- --proxy-key'[Private key for HTTPS proxy]':'<key>' \
- {-F,--form}'[Specify multipart MIME data]':'<name=content>' \
- --mail-from'[Mail from this address]':'<address>' \
- --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
- --proto'[Enable/disable PROTOCOLS]':'<protocols>' \
- + --tftp-no-options'[Do not send any TFTP options]' \
- --tlsauthtype'[TLS authentication type]':'<type>' \
- --doh-url'[Resolve host names over DOH]':'<URL>' \
- --no-sessionid'[Disable SSL session-ID reusing]' \
- @@ -173,14 +174,13 @@
- --ftp-ssl-ccc'[Send CCC after authenticating]' \
- {-4,--ipv4}'[Resolve names to IPv4 addresses]' \
- {-6,--ipv6}'[Resolve names to IPv6 addresses]' \
- - --netrc-optional'[either .netrc or URL]':'Use' \
- --service-name'[SPNEGO service name]':'<name>' \
- {-V,--version}'[Show version number and quit]' \
- --data-ascii'[HTTP POST ASCII data]':'<data>' \
- --ftp-account'[Account data string]':'<data>' \
- - --compressed-ssh'[SSH compression]':'Enable' \
- --disable-eprt'[Inhibit using EPRT or LPRT]' \
- --ftp-method'[Control CWD usage]':'<method>' \
- + --netrc-optional'[Use either .netrc or URL]' \
- --pubkey'[SSH Public key file name]':'<key>' \
- --raw'[Do HTTP "raw"; no transfer decoding]' \
- --anyauth'[Pick any authentication method]' \
- @@ -189,6 +189,7 @@
- --no-alpn'[Disable the ALPN TLS extension]' \
- --tcp-nodelay'[Use the TCP_NODELAY option]' \
- {-B,--use-ascii}'[Use ASCII/text transfer]' \
- + --compressed-ssh'[Enable SSH compression]' \
- --digest'[Use HTTP Digest Authentication]' \
- --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
- --engine'[Crypto engine to use]':'<name>' \
-
-Marcel Raad (7 Feb 2019)
-- tool_operate: fix typecheck warning
+ The fix still changes the order of execution to avoid the warnings.
- Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
- tool_operate.c: In function 'operate_do':
- ../include/curl/typecheck-gcc.h:47:9: error: call to
- '_curl_easy_setopt_err_long' declared with attribute warning:
- curl_easy_setopt expects a long argument for this option [-Werror]
+ Coverity CID 1443033 and 1443034
- Closes https://github.com/curl/curl/pull/3534
+ Closes #3671
-Jay Satiro (6 Feb 2019)
-- [Chris Araman brought this change]
+- RELEASE-NOTES: synced
- url: close TLS before removing conn from cache
+Marcel Raad (12 Mar 2019)
+- travis: actually use updated compiler versions
- - Fix potential crashes in schannel shutdown.
+ For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the
+ new GCC versions were only used for the coverage build and for building
+ nghttp2, while the new clang version was not used at all.
- Ensure any TLS shutdown messages are sent before removing the
- association between the connection and the easy handle. Reverts
- @bagder's previous partial fix for #3412.
+ BoringSSL needs to use the default GCC as it respects CC, but not CXX,
+ so it would otherwise pass gcc 8 options to g++ 4.8 and fail.
- Fixes https://github.com/curl/curl/issues/3412
- Fixes https://github.com/curl/curl/issues/3505
- Closes https://github.com/curl/curl/pull/3531
-
-Daniel Gustafsson (6 Feb 2019)
-- INTERNALS.md: fix subsection depth and link
+ Also remove GCC 7, it's not needed anymore.
- The Kerberos subsection was mistakenly a subsubsection under FTP, and
- the curlx subsection was missing an anchor for the TOC link.
+ Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning
- Closes #3529
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Version 7.64.0 (6 Feb 2019)
-
-Daniel Stenberg (6 Feb 2019)
-- RELEASE-NOTES: 7.64.0
-
-- RELEASE-PROCEDURE: update the release calendar
-
-- THANKS: 7.64.0 status
+ Closes https://github.com/curl/curl/pull/3670
-Daniel Gustafsson (5 Feb 2019)
-- ROADMAP: remove already performed item
-
- Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support
- for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
- the entry was removed from the TODO it was mistakenly left here.
- Fix by removing and rewording the entry slightly.
+- travis: update clang to version 7
- Closes #3530
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes https://github.com/curl/curl/pull/3670
-- [Etienne Simard brought this change]
+Jay Satiro (11 Mar 2019)
+- [Andre Guibert de Bruet brought this change]
- CONTRIBUTE.md: Fix grammatical errors
+ examples/externalsocket: add missing close socket calls
- Fix grammatical errors making the document read better. Also fixes
- a typo.
+ .. and for Windows also call WSACleanup since we call WSAStartup.
- Closes #3525
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-
-Daniel Stenberg (4 Feb 2019)
-- [Julian Z brought this change]
-
- docs: use $(INSTALL_DATA) to install man page
+ The example is to demonstrate handling the socket independently of
+ libcurl. In this case libcurl is not responsible for creating, opening
+ or closing the socket, it is handled by the application (our example).
- Fixes #3518
- Closes #3522
-
-Jay Satiro (4 Feb 2019)
-- [Ladar Levison brought this change]
+ Fixes https://github.com/curl/curl/pull/3663
- runtests.pl: Fix perl call to include srcdir
-
- - Use explicit include opt for perl calls.
-
- Prior to this change some scripts couldn't find their dependencies.
+Daniel Stenberg (11 Mar 2019)
+- multi: removed unused code for request retries
- At the top, perl is called using with the "-Isrcdir" option, and it
- works:
+ This code was once used for the non multi-interface using code path, but
+ ever since easy_perform was turned into a wrapper around the multi
+ interface, this code path never runs.
- https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183
+ Closes #3666
+
+Jay Satiro (11 Mar 2019)
+- doh: inherit some SSL options from user's easy handle
- But on line 3868, that option is omitted. This caused problems for me,
- as the symbol-scan.pl script in particular couldn't find its
- dependencies properly:
+ - Inherit SSL options for the doh handle but not SSL client certs,
+ SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert,
+ SSL pinned public key, SSL ciphers, SSL id cache setting,
+ SSL kerberos or SSL gss-api settings.
- https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868
+ - Fix inheritance of verbose setting.
- This patch fixes that oversight by making calls to perl sub-shells
- uniform.
+ - Inherit NOSIGNAL.
- Closes https://github.com/curl/curl/pull/3496
-
-Daniel Stenberg (4 Feb 2019)
-- [Daniel Gustafsson brought this change]
-
- smtp: avoid risk of buffer overflow in strtol
+ There is no way for the user to set options for the doh (DNS-over-HTTPS)
+ handles and instead we inherit some options from the user's easy handle.
- If the incoming len 5, but the buffer does not have a termination
- after 5 bytes, the strtol() call may keep reading through the line
- buffer until is exceeds its boundary. Fix by ensuring that we are
- using a bounded read with a temporary buffer on the stack.
+ My thinking for the SSL options not inherited is they are most likely
+ not intended by the user for the DOH transfer. I did inherit insecure
+ because I think that should still be in control of the user.
- Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
- Reported-by: Brian Carpenter (Geeknik Labs)
- CVE-2019-3823
-
-- ntlm: fix *_type3_message size check to avoid buffer overflow
+ Prior to this change doh did not work for me because CAINFO was not
+ inherited. Also verbose was set always which AFAICT was a bug (#3660).
- Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
- Reported-by: Wenxiang Qian
- CVE-2019-3822
+ Fixes https://github.com/curl/curl/issues/3660
+ Closes https://github.com/curl/curl/pull/3661
-- NTLM: fix size check condition for type2 received data
+Daniel Stenberg (9 Mar 2019)
+- test331: verify set-cookie for dotless host name
- Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
- Reported-by: Wenxiang Qian
- CVE-2018-16890
-
-Marcel Raad (1 Feb 2019)
-- [georgeok brought this change]
+ Reproduced bug #3649
+ Closes #3659
- spnego_sspi: add support for channel binding
+- Revert "cookies: extend domain checks to non psl builds"
- Attempt to add support for Secure Channel binding when negotiate
- authentication is used. The problem to solve is that by default IIS
- accepts channel binding and curl doesn't utilise them. The result was a
- 401 response. Scope affects only the Schannel(winssl)-SSPI combination.
+ This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0.
- Fixes https://github.com/curl/curl/issues/3503
- Closes https://github.com/curl/curl/pull/3509
-
-Daniel Stenberg (1 Feb 2019)
-- RELEASE-NOTES: synced
+ Regression shipped in 7.64.0
+ Fixes #3649
-- schannel: stop calling it "winssl"
+- memdebug: make debug-specific functions use curl_dbg_ prefix
- Stick to "Schannel" everywhere. The configure option --with-winssl is
- kept to allow existing builds to work but --with-schannel is added as an
- alias.
+ To not "collide" or use up the regular curl_ name space. Also makes them
+ easier to detect in helper scripts.
- Closes #3504
+ Closes #3656
-- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
+- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
- To make sure Curl_timeleft() also thinks the timeout has been reached
- when one of the EXPIRE_*TIMEOUTs expires.
+ Clarify the language and simplify.
- Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html
- Reported-by: Zhao Yisha
- Closes #3501
-
-- [John Marshall brought this change]
+ Reported-by: Daniel Lublin
+ Closes #3658
- doc: use meaningless port number in CURLOPT_LOCALPORT example
-
- Use an ephemeral port number here; previously the example had 8080
- which could be confusing as the common web server port number might
- be misinterpreted as suggesting this option affects the remote port.
+- KNOWN_BUGS: Client cert (MTLS) issues with Schannel
- URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
- Closes #3513
+ Closes #3145
-GitHub (29 Jan 2019)
-- [Gisle Vanem brought this change]
+- ROADMAP: updated to some more current things to work on
- Escape the '\'
+- tests: fix multiple may be used uninitialized warnings
+
+- RELEASE-NOTES: synced
+
+- source: fix two 'nread' may be used uninitialized warnings
- A backslash should be escaped in Roff / Troff.
+ Both seem to be false positives but we don't like warnings.
+
+ Closes #3646
-Jay Satiro (29 Jan 2019)
-- TODO: WinSSL: 'Add option to disable client cert auto-send'
+- gopher: remove check for path == NULL
- By default WinSSL selects and send a client certificate automatically,
- but for privacy and consistency we should offer an option to disable the
- default auto-send behavior.
+ Since it can't be NULL and it makes Coverity believe we lack proper NULL
+ checks. Verified by test 659, landed in commit 15401fa886b.
- Reported-by: Jeroen Ooms
+ Pointed out by Coverity CID 1442746.
- Closes https://github.com/curl/curl/issues/2262
+ Assisted-by: Dan Fandrich
+ Fixes #3617
+ Closes #3642
-Daniel Stenberg (28 Jan 2019)
-- [Jeremie Rapin brought this change]
+- examples: only include <curl/curl.h>
+
+ That's the only public curl header we should encourage use of.
+
+ Reviewed-by: Marcel Raad
+ Closes #3645
- sigpipe: if mbedTLS is used, ignore SIGPIPE
+- ssh: loop the state machine if not done and not blocking
- mbedTLS doesn't have a sigpipe management. If a write/read occurs when
- the remote closes the socket, the signal is raised and kills the
- application. Use the curl mecanisms fix this behavior.
+ If the state machine isn't complete, didn't fail and it didn't return
+ due to blocking it can just as well loop again.
- Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com>
+ This addresses the problem with SFTP directory listings where we would
+ otherwise return back to the parent and as the multi state machine
+ doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the
+ doing phase isn't complete, it would return out when in reality there
+ was more data to deal with.
- Closes #3502
-
-- unit1653: make it survive torture tests
-
-Jay Satiro (28 Jan 2019)
-- [Michael Kujawa brought this change]
+ Fixes #3506
+ Closes #3644
- timeval: Disable MSVC Analyzer GetTickCount warning
+Jay Satiro (5 Mar 2019)
+- multi: support verbose conncache closure handle
- Compiling with msvc /analyze and a recent Windows SDK warns against
- using GetTickCount (Suggests to use GetTickCount64 instead.)
+ - Change closure handle to receive verbose setting from the easy handle
+ most recently added via curl_multi_add_handle.
- Since GetTickCount is only being used when GetTickCount64 isn't
- available, I am disabling that warning.
+ The closure handle is a special easy handle used for closing cached
+ connections. It receives limited settings from the easy handle most
+ recently added to the multi handle. Prior to this change that did not
+ include verbose which was a problem because on connection shutdown
+ verbose mode was not acknowledged.
- Fixes https://github.com/curl/curl/issues/3437
- Closes https://github.com/curl/curl/pull/3440
-
-Daniel Stenberg (26 Jan 2019)
-- configure: rewrite --enable-code-coverage
+ Ref: https://github.com/curl/curl/pull/3598
- The previously used ax_code_coverage.m4 is not license compatible and
- must not be used.
+ Co-authored-by: Daniel Stenberg
- Reported-by: William A. Rowe Jr
- Fixes #3497
- Closes #3499
-
-- [Felix Hädicke brought this change]
+ Closes https://github.com/curl/curl/pull/3618
- setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
+Daniel Stenberg (4 Mar 2019)
+- CURLU: fix NULL dereference when used over proxy
- CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for
- libssh as well. So accepting these options only when compiling with
- libssh2 is wrong here.
+ Test 659 verifies
- Fixes #3493
- Closes #3494
-
-- [Felix Hädicke brought this change]
+ Also fixed the test 658 name
+
+ Closes #3641
- libssh: do not let libssh create socket
+- altsvc_out: check the return code from Curl_gmtime
- By default, libssh creates a new socket, instead of using the socket
- created by curl for SSH connections.
+ Pointed out by Coverity, CID 1442956.
- Pass the socket created by curl to libssh using ssh_options_set() with
- SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
- instead of creating a new one.
+ Closes #3640
+
+- docs/ALTSVC.md: docs describing the approach
- This approach is very similar to what is done in the libssh2 code, where
- the socket created by curl is passed to libssh2 when
- libssh2_session_startup() is called.
+ Closes #3498
+
+- alt-svc: add a travis build
+
+- alt-svc: add test 355 and 356 to verify with command line curl
+
+- alt-svc: the curl command line bits
+
+- alt-svc: the libcurl bits
+
+- travis: add build using gnutls
- Fixes #3491
- Closes #3495
+ Closes #3637
- RELEASE-NOTES: synced
-- [Archangel_SDY brought this change]
+- [Simon Legner brought this change]
- schannel: preserve original certificate path parameter
+ scripts/completion.pl: also generate fish completion file
- Fixes #3480
- Closes #3487
+ This is the renamed script formerly known as zsh.pl
+
+ Closes #3545
-- KNOWN_BUGS: tests not compatible with python3
+- gnutls: remove call to deprecated gnutls_compression_get_name
- Closes #3289
- [skip ci]
+ It has been deprecated by GnuTLS since a year ago and now causes build
+ warnings.
+
+ Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f
+ Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html
+
+ Closes #3636
-Daniel Gustafsson (20 Jan 2019)
-- memcmp: avoid doing single char memcmp
+Jay Satiro (2 Mar 2019)
+- system_win32: move win32_init here from easy.c
- There is no real gain in performing memcmp() comparisons on single
- characters, so change these to array subscript inspections which
- saves a call and makes the code clearer.
+ .. since system_win32 is a more appropriate location for the functions
+ and to extern the globals.
- Closes #3486
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Ref: https://github.com/curl/curl/commit/ca597ad#r32446578
+ Reported-by: Gisle Vanem
+
+ Closes https://github.com/curl/curl/pull/3625
-Daniel Stenberg (19 Jan 2019)
-- COPYING: it's 2019
+Daniel Stenberg (1 Mar 2019)
+- curl_easy_duphandle.3: clarify that a duped handle has no shares
- [skip ci]
+ Reported-by: Sara Golemon
+
+ Fixes #3592
+ Closes #3634
-- [hhb brought this change]
+- 10-at-a-time.c: fix too long line
- configure: fix recv/send/select detection on Android
+- [Arnaud Rebillout brought this change]
+
+ examples: various fixes in ephiperfifo.c
- This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9.
+ The main change here is the timer value that was wrong, it was given in
+ usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 *
+ 1000). This resulted in the callback being invoked WAY TOO OFTEN.
- The overloadable attribute is removed again starting from
- NDK17. Actually they only exist in two NDK versions (15 and 16). With
- overloadable, the first condition tried will succeed. Results in wrong
- detection result.
+ As a quick check you can run this command before and after applying this
+ commit:
- Closes #3484
-
-Marcel Raad (19 Jan 2019)
-- [georgeok brought this change]
-
- ntlm_sspi: add support for channel binding
+ # shell 1
+ ./ephiperfifo 2>&1 | tee ephiperfifo.log
+ # shell 2
+ echo http://hacking.elboulangero.com > hiper.fifo
- Windows extended potection (aka ssl channel binding) is required
- to login to ntlm IIS endpoint, otherwise the server returns 401
- responses.
+ Then just compare the size of the logs files.
- Fixes #3280
- Closes #3321
+ Closes #3633
+ Fixes #3632
+ Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
-Daniel Stenberg (18 Jan 2019)
-- schannel: on connection close there might not be a transfer
+- urldata: simplify bytecounters
- Reported-by: Marcel Raad
- Fixes #3412
- Closes #3483
-
-- [Joel Depooter brought this change]
-
- ssh: log the libssh2 error message when ssh session startup fails
+ - no need to have them protocol specific
- When a ssh session startup fails, it is useful to know why it has
- failed. This commit changes the message from:
- "Failure establishing ssh session"
- to something like this, for example:
- "Failure establishing ssh session: -5, Unable to exchange encryption keys"
+ - no need to set pointers to them with the Curl_setup_transfer() call
- Closes #3481
-
-Alessandro Ghedini (16 Jan 2019)
-- Fix typo in manpage
-
-Daniel Stenberg (16 Jan 2019)
-- RELEASE-NOTES: synced
-
-Sergei Nikulov (16 Jan 2019)
-- cmake: updated check for HAVE_POLL_FINE to match autotools
-
-Daniel Stenberg (16 Jan 2019)
-- curl-compilers.m4: check for __ibmxl__ to detect xlclang
+ - make Curl_setup_transfer() operate on a transfer pointer, not
+ connection
- Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a
- particular flag is used for legacy macros.
+ - switch some counters from long to the more proper curl_off_t type
- Fixes #3474
- Closes #3479
+ Closes #3627
-- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
-
- .... to not pass in a const in the second argument as that's not how it
- is supposed to be used and might cause compiler warnings.
+- examples/10-at-a-time.c: improve readability and simplify
- Reported-by: Pavel Pavlov
- Fixes #3477
- Closes #3478
+ - use better variable names to explain their purposes
+ - convert logic to curl_multi_wait()
-- curl-compilers.m4: detect xlclang
+- threaded-resolver: shutdown the resolver thread without error message
- Since it isn't totally clang compatible, we detect this IBM clang
- front-end and if detected, avoids some clang specific magic.
+ When a transfer is done, the resolver thread will be brought down. That
+ could accidentally generate an error message in the error buffer even
+ though this is not an error situationand the transfer would still return
+ OK. An application that still reads the error buffer could find a
+ "Could not resolve host: [host name]" message there and get confused.
- Reported-by: Kees Dekker
- Fixes #3474
- Closes #3476
+ Reported-by: Michael Schmid
+ Fixes #3629
+ Closes #3630
-- README: add codacy code quality badge
+- [Ԝеѕ brought this change]
+
+ docs: update max-redirs.d phrasing
- [skip ci]
+ clarify redir - "in absurdum" doesn't seem to make sense in this context
+
+ Closes #3631
-- extract_if_dead: follow-up to 54b201b48c90a
+- ssh: fix Condition '!status' is always true
- extract_if_dead() dead is called from two functions, and only one of
- them should get conn->data updated and now neither call path clears it.
+ in the same sftp_done function in both SSH backends. Simplify them
+ somewhat.
- scan-build found a case where conn->data would be NULL dereferenced in
- ConnectionExists() otherwise.
+ Pointed out by Codacy.
- Closes #3473
+ Closes #3628
-- multi: remove "Dead assignment"
+- test578: make it read data from the correct test
+
+- Curl_easy: remove req.maxfd - never used!
- Found by scan-build. Follow-up to 4c35574bb785ce.
+ Introduced in 8b6314ccfb, but not used anymore in current code. Unclear
+ since when.
- Closes #3471
+ Closes #3626
-- tests: move objnames-* from lib into tests
+- http: set state.infilesize when sending formposts
- Since they're used purely for testing purposes, I think they should
- rather be stored there.
+ Without it set, we would unwillingly triger the "HTTP error before end
+ of send, stop sending" condition even if the entire POST body had been
+ sent (since it wouldn't know the expected size) which would
+ unnecessarily log that message and close the connection when it didn't
+ have to.
- Closes #3470
+ Reported-by: Matt McClure
+ Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html
+ Closes #3624
-Sergei Nikulov (15 Jan 2019)
-- travis: added cmake build for osx
+- INSTALL: refer to the current TLS library names and configure options
-Daniel Stenberg (14 Jan 2019)
-- [Frank Gevaerts brought this change]
+- FAQ: minor updates and spelling fixes
- cookie: fix comment typo (url_path_len -> uri_path_len)
-
- Closes #3469
+- GOVERNANCE.md: minor spelling fixes
-Marcel Raad (14 Jan 2019)
-- winbuild: conditionally use /DZLIB_WINAPI
+- Secure Transport: no more "darwinssl"
- zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have
- the ZLIB_WINAPI define set by default. Using them requires that define
- too.
+ Everyone calls it Secure Transport, now we do too.
- Ref: https://zlib.net/DLL_FAQ.txt
+ Reviewed-by: Nick Zitzmann
- Fixes https://github.com/curl/curl/issues/3133
- Closes https://github.com/curl/curl/pull/3460
-
-Daniel Stenberg (14 Jan 2019)
-- src/Makefile: make 'tidy' target work for metalink builds
+ Closes #3619
-- extract_if_dead: use a known working transfer when checking connections
+Marcel Raad (27 Feb 2019)
+- AppVeyor: add classic MinGW build
- Make sure that this function sets a proper "live" transfer for the
- connection before calling the protocol-specific connection check
- function, and then clear it again afterward as a non-used connection has
- no current transfer.
+ But use the MSYS2 shell rather than the default MSYS shell because of
+ POSIX path conversion issues. Classic MinGW is only available on the
+ Visual Studio 2015 image.
- Reported-by: Jeroen Ooms
- Reviewed-by: Marcel Raad
- Reviewed-by: Daniel Gustafsson
- Fixes #3463
- Closes #3464
+ Closes https://github.com/curl/curl/pull/3623
-- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
+- AppVeyor: add MinGW-w64 build
- OpenSSL_version() replaces OpenSSL_version_num()
+ Add a MinGW-w64 build using CMake's MSYS Makefiles generator.
+ Use the Visual Studio 2015 image as it has GCC 8, while the
+ Visual Studio 2017 image only has GCC 7.2.
- Closes #3462
-
-Sergei Nikulov (11 Jan 2019)
-- cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC
+ Closes https://github.com/curl/curl/pull/3623
-Daniel Stenberg (11 Jan 2019)
-- urldata: rename easy_conn to just conn
+Daniel Stenberg (27 Feb 2019)
+- cookies: only save the cookie file if the engine is enabled
- We use "conn" everywhere to be a pointer to the connection.
+ Follow-up to 8eddb8f4259.
- Introduces two functions that "attaches" and "detaches" the connection
- to and from the transfer.
+ If the cookieinfo pointer is NULL there really is nothing to save.
- Going forward, we should favour using "data->conn" (since a transfer
- always only has a single connection or none at all) to "conn->data"
- (since a connection can have none, one or many transfers associated with
- it and updating conn->data to be correct is error prone and a frequent
- reason for internal issues).
+ Without this fix, we got a problem when a handle was using shared object
+ with cookies and is told to "FLUSH" it to file (which worked) and then
+ the share object was removed and when the easy handle was closed just
+ afterwards it has no cookieinfo and no cookies so it decided to save an
+ empty jar (overwriting the file just flushed).
- Closes #3442
-
-- tool_cb_prg: avoid integer overflow
+ Test 1905 now verifies that this works.
- When calculating the progress bar width.
+ Assisted-by: Michael Wallner
+ Assisted-by: Marcel Raad
- Reported-by: Peng Li
- Fixes #3456
- Closes #3458
+ Closes #3621
-Daniel Gustafsson (11 Jan 2019)
-- travis: turn off copyright year checks in checksrc
+- [DaVieS brought this change]
+
+ cacertinmem.c: use multiple certificates for loading CA-chain
- Invoking the maintainer intended COPYRIGHTYEAR check for everyone
- in the PR pipeline is too invasive, especially at the turn of the
- year when many files get affected. Remove and leave it as a tool
- for maintainers to verify patches before commits.
+ Closes #3421
+
+- urldata: convert bools to bitfields and move to end
- This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41.
+ This allows the compiler to pack and align the structs better in
+ memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2
+ makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000.
- After discussion with: Daniel Stenberg
-
-Daniel Stenberg (10 Jan 2019)
-- KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW
+ Removed an unused struct field.
- Closes #3125
-
-- KNOWN_BUGS: Improve --data-urlencode space encoding
+ No functionality changes.
- Closes #3229
+ Closes #3610
-Patrick Monnerat (10 Jan 2019)
-- os400: add a missing closing bracket
-
- See https://github.com/curl/curl/issues/3453#issuecomment-453054458
+- [Don J Olmstead brought this change]
+
+ curl.h: use __has_declspec_attribute for shared builds
- Reported-by: jonrumsey on github
+ Closes #3616
-- os400: fix extra parameter syntax error.
+- curl: display --version features sorted alphabetically
- Reported-by: jonrumsey on github
- Closes #3453
+ Closes #3611
-Daniel Stenberg (10 Jan 2019)
-- test1558: verify CURLINFO_PROTOCOL on file:// transfer
+- runtests: detect "schannel" as an alias for "winssl"
- Attempt to reproduce issue #3444.
+ Follow-up to 180501cb02
- Closes #3447
-
-- RELEASE-NOTES: synced
+ Reported-by: Marcel Raad
+ Fixes #3609
+ Closes #3620
-- xattr: strip credentials from any URL that is stored
-
- Both user and password are cleared uncondtitionally.
+Marcel Raad (26 Feb 2019)
+- AppVeyor: update to Visual Studio 2017
- Added unit test 1621 to verify.
+ Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a
+ moving target anymore as the last update, Update 9, has been released.
- Fixes #3423
- Closes #3433
+ Closes https://github.com/curl/curl/pull/3606
-- cookies: allow secure override when done over HTTPS
+- AppVeyor: switch VS 2015 builds to VS 2017 image
- Added test 1562 to verify.
+ The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed.
- Reported-by: Jeroen Ooms
- Fixes #3445
- Closes #3450
+ Closes https://github.com/curl/curl/pull/3606
-- multi: multiplexing improvements
+- AppVeyor: explicitly select worker image
- Fixes #3436
- Closes #3448
+ Currently, we're using the default Visual Studio 2015 image for
+ everything.
- Problem 1
+ Closes https://github.com/curl/curl/pull/3606
+
+Daniel Stenberg (26 Feb 2019)
+- strerror: make the strerror function use local buffers
- After LOTS of scratching my head, I eventually realized that even when doing
- 10 uploads in parallel, sometimes the socket callback to the application that
- tells it what to wait for on the socket, looked like it would reflect the
- status of just the single transfer that just changed state.
+ Instead of using a fixed 256 byte buffer in the connectdata struct.
- Digging into the code revealed that this was indeed the truth. When multiple
- transfers are using the same connection, the application did not correctly get
- the *combined* flags for all transfers which then could make it switch to READ
- (only) when in fact most transfers wanted to get told when the socket was
- WRITEABLE.
+ In my build, this reduces the size of the connectdata struct by 11.8%,
+ from 2160 to 1904 bytes with no functionality or performance loss.
- Problem 1b
+ This also fixes a bug in schannel's Curl_verify_certificate where it
+ called Curl_sspi_strerror when it should have called Curl_strerror for
+ string from GetLastError. the only effect would have been no text or the
+ wrong text being shown for the error.
- A separate but related regression had also been introduced by me when I
- cleared connection/transfer association better a while ago, as now the logic
- couldn't find the connection and see if that was marked as used by more
- transfers and then it would also prematurely remove the socket from the socket
- hash table even in times other transfers were still using it!
+ Co-authored-by: Jay Satiro
- Fix 1
+ Closes #3612
+
+- [Michael Wallner brought this change]
+
+ cookies: fix NULL dereference if flushing cookies with no CookieInfo set
- Make sure that each socket stored in the socket hash has a "combined" action
- field of what to ask the application to wait for, that is potentially the ORed
- action of multiple parallel transfers. And remove that socket hash entry only
- if there are no transfers left using it.
+ Regression brought by a52e46f3900fb0 (shipped in 7.63.0)
- Problem 2
+ Closes #3613
+
+Marcel Raad (26 Feb 2019)
+- AppVeyor: re-enable test 500
- The socket hash entry stored an association to a single transfer using that
- socket - and when curl_multi_socket_action() was called to tell libcurl about
- activities on that specific socket only that transfer was "handled".
+ It's passing now.
- This was WRONG, as a single socket/connection can be used by numerous parallel
- transfers and not necessarily a single one.
+ Closes https://github.com/curl/curl/pull/3615
+
+- AppVeyor: remove redundant builds
- Fix 2
+ Remove the Visual Studio 2012 and 2013 builds as they add little value.
- We now store a list of handles in the socket hashtable entry and when libcurl
- is told there's traffic for a particular socket, it now iterates over all
- known transfers using that single socket.
+ Ref: https://github.com/curl/curl/pull/3606
+ Closes https://github.com/curl/curl/pull/3614
-- test1561: improve test name
-
- [skip ci]
+Daniel Stenberg (25 Feb 2019)
+- RELEASE-NOTES: synced
-- [Katsuhiko YOSHIDA brought this change]
+- [Bernd Mueller brought this change]
- cookies: skip custom cookies when redirecting cross-site
+ OpenSSL: add support for TLS ASYNC state
- Closes #3417
+ Closes #3591
-- THANKS: fixups and a dedupe
-
- [skip ci]
+Jay Satiro (25 Feb 2019)
+- [Michael Felt brought this change]
-- timediff: fix math for unsigned time_t
+ acinclude: add additional libraries to check for LDAP support
- Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html
+ - Add an additional check for LDAP that also checks for OpenSSL since
+ on AIX those libraries may be required to link LDAP properly.
- Closes #3449
+ Fixes https://github.com/curl/curl/issues/3595
+ Closes https://github.com/curl/curl/pull/3596
-- [Bernhard M. Wiedemann brought this change]
+- [georgeok brought this change]
- tests: allow tests to pass by 2037-02-12
+ schannel: support CALG_ECDH_EPHEM algorithm
- similar to commit f508d29f3902104018
+ Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
+ algorithm option when selecting ciphers. This became available on the
+ Win10 SDK.
- Closes #3443
-
-- RELEASE-NOTES: synced
-
-- [Brad Spencer brought this change]
+ Closes https://github.com/curl/curl/pull/3608
- curl_multi_remove_handle() don't block terminating c-ares requests
+Daniel Stenberg (24 Feb 2019)
+- multi: call multi_done on connect timeouts
- Added Curl_resolver_kill() for all three resolver modes, which only
- blocks when necessary, along with test 1592 to confirm
- curl_multi_remove_handle() doesn't block unless it must.
+ Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get
+ updated correctly and could end up getting reported to the application
+ completely wrong (way too small).
- Closes #3428
- Fixes #3371
+ Reported-by: accountantM on github
+ Fixes #3602
+ Closes #3605
-- Revert "http_negotiate: do not close connection until negotiation is completed"
-
- This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.
+- examples: remove recursive calls to curl_multi_socket_action
- This also reopens PR #3275 which brought the change now reverted.
+ From within the timer callbacks. Recursive is problematic for several
+ reasons. They should still work, but this way the examples and the
+ documentation becomes simpler. I don't think we need to encourage
+ recursive calls.
- Fixes #3384
- Closes #3439
+ Discussed in #3537
+ Closes #3601
-- curl/urlapi.h: include "curl.h" first
+Marcel Raad (23 Feb 2019)
+- configure: remove CURL_CHECK_FUNC_FDOPEN call
- This allows programs to include curl/urlapi.h directly.
+ The macro itself has been removed in commit
+ 11974ac859c5d82def59e837e0db56fef7f6794e.
- Reviewed-by: Daniel Gustafsson
- Reported-by: Ben Kohler
- Fixes #3438
- Closes #3441
+ Closes https://github.com/curl/curl/pull/3604
-Marcel Raad (6 Jan 2019)
-- VS projects: fix build warning
-
- Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
- the MinimalRebuild option anymore and warns:
+Daniel Stenberg (23 Feb 2019)
+- wolfssl: stop custom-adding curves
- cl : Command line warning D9035: option 'Gm' has been deprecated and
- will be removed in a future release
+ since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in
+ wolfSSL 3.10.2 and later) it sends these curves by default already.
- The option can be safely removed so that the default is used.
+ Pointed-out-by: David Garske
- Closes https://github.com/curl/curl/pull/3425
+ Closes #3599
-- schannel: fix compiler warning
+- configure: remove the unused fdopen macro
- When building with Unicode on MSVC, the compiler warns about freeing a
- pointer to const in Curl_unicodefree. Fix this by declaring it as
- non-const and casting the argument to Curl_convert_UTF8_to_tchar to
- non-const too, like we do in all other places.
+ and the two remaining #ifdefs for it
- Closes https://github.com/curl/curl/pull/3435
-
-Daniel Stenberg (4 Jan 2019)
-- [Rikard Falkeborn brought this change]
-
- printf: introduce CURL_FORMAT_TIMEDIFF_T
-
-- [Rikard Falkeborn brought this change]
+ Closes #3600
- printf: fix format specifiers
+Jay Satiro (22 Feb 2019)
+- url: change conn shutdown order to unlink data as last step
- Closes #3426
-
-- libtest/stub_gssapi: use "real" snprintf
+ - Split off connection shutdown procedure from Curl_disconnect into new
+ function conn_shutdown.
- ... since it doesn't link with libcurl.
+ - Change the shutdown procedure to close the sockets before
+ disassociating the transfer.
- Reverts the commit dcd6f81025 changes from this file.
+ Prior to this change the sockets were closed after disassociating the
+ transfer so SOCKETFUNCTION wasn't called since the transfer was already
+ disassociated. That likely came about from recent work started in
+ Jan 2019 (#3442) to separate transfers from connections.
- Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
- Reported-by: Shlomi Fish
- Reviewed-by: Daniel Gustafsson
- Reviewed-by: Kamil Dudka
+ Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html
+ Reported-by: Pavel Löbl
- Closes #3434
+ Closes https://github.com/curl/curl/issues/3597
+ Closes https://github.com/curl/curl/pull/3598
-- INTERNALS: correct some outdated function names
+Marcel Raad (22 Feb 2019)
+- Fix strict-prototypes GCC warning
- Closes #3431
+ As seen in the MinGW autobuilds. Caused by commit
+ f26bc29cfec0be84c67cf74065cf8e5e78fd68b7.
-- docs/version.d: mention MultiSSL
+Dan Fandrich (21 Feb 2019)
+- tests: Fixed XML validation errors in some test files.
+
+Daniel Stenberg (20 Feb 2019)
+- TODO: Allow SAN names in HTTP/2 server push
- Reviewed-by: Daniel Gustafsson
- Closes #3432
+ Suggested-by: Nicolas Grekas
-Daniel Gustafsson (2 Jan 2019)
-- [Rikard Falkeborn brought this change]
+- RELEASE-NOTES: synced
- examples: Update .gitignore
+- curl: remove MANUAL from -M output
- Add a few missing examples to make `make examples` not leave the
- workspace in a dirty state.
+ ... and remove it from the dist tarball. It has served its time, it
+ barely gets updated anymore and "everything curl" is now convering all
+ this document once tried to include, and does it more and better.
- Closes #3427
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+ In the compressed scenario, this removes ~15K data from the binary,
+ which is 25% of the -M output.
+
+ It remains in the git repo for now for as long as the web site builds a
+ page using that as source. It renders poorly on the site (especially for
+ mobile users) so its not even good there.
+
+ Closes #3587
+
+- http2: verify :athority in push promise requests
+
+ RFC 7540 says we should verify that the push is for an "authoritative"
+ server. We make sure of this by only allowing push with an :athority
+ header that matches the host that was asked for in the URL.
+
+ Fixes #3577
+ Reported-by: Nicolas Grekas
+ Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html
+ Closes #3581
-- THANKS: add more missing names
+- singlesocket: fix the 'sincebefore' placement
- Add Adrian Burcea who made the artwork for the curl://up 2018 event
- which was held in Stockholm, Sweden.
-
-- docs: mention potential leak in curl_slist_append
+ The variable wasn't properly reset within the loop and thus could remain
+ set for sockets that hadn't been set before and miss notifying the app.
- When a non-empty list is appended to, and used as the returnvalue,
- the list pointer can leak in case of an allocation failure in the
- curl_slist_append() call. This is correctly handled in curl code
- usage but we weren't explicitly pointing it out in the API call
- documentation. Fix by extending the RETURNVALUE manpage section
- and example code.
+ This is a follow-up to 4c35574 (shipped in curl 7.64.0)
- Closes #3424
- Reported-by: dnivras on github
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reported-by: buzo-ffm on github
+ Detected-by: Jan Alexander Steffens
+ Fixes #3585
+ Closes #3589
-Marcel Raad (1 Jan 2019)
-- tvnow: silence conversion warnings
+- connection: never reuse CONNECT_ONLY conections
- MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
- used and the milliseconds are represented as unsigned long long,
- leading to a compiler warning when implicitly converting them to long.
-
-Daniel Stenberg (1 Jan 2019)
-- THANKS: dedupe more names
+ and make CONNECT_ONLY conections never reuse any existing ones either.
- Researched-by: Tae Wong
+ Reported-by: Pavel Löbl
+ Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html
+ Closes #3586
-Marcel Raad (1 Jan 2019)
-- [Markus Moeller brought this change]
+Patrick Monnerat (19 Feb 2019)
+- cli tool: fix mime post with --disable-libcurl-option configure option
+
+ Reported-by: Marcel Raad
+ Fixes #3576
+ Closes #3583
- ntlm: update selection of type 3 response
+Daniel Stenberg (19 Feb 2019)
+- x509asn1: cleanup and unify code layout
- NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
- check seems to work.
+ - rename 'n' to buflen in functions, and use size_t for them. Don't pass
+ in negative buffer lengths.
- Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf
+ - move most function comments to above the function starts like we use
+ to
- Fixes https://github.com/curl/curl/issues/3286
- Closes https://github.com/curl/curl/pull/3287
- Closes https://github.com/curl/curl/pull/3415
-
-Daniel Stenberg (31 Dec 2018)
-- THANKS: added missing names from year <= 2000
+ - remove several unnecessary typecasts (especially of NULL)
- Due to a report of a missing name in THANKS I manually went through an
- old CHANGES.0 file and added many previously missing names here.
+ Reviewed-by: Patrick Monnerat
+ Closes #3582
-Daniel Gustafsson (30 Dec 2018)
-- urlapi: fix parsing ipv6 with zone index
+- curl_multi_remove_handle.3: use at any time, just not from within callbacks
- The previous fix for parsing IPv6 URLs with a zone index was a paddle
- short for URLs without an explicit port. This patch fixes that case
- and adds a unit test case.
+ [ci skip]
+
+- http: make adding a blank header thread-safe
- This bug was highlighted by issue #3408, and while it's not the full
- fix for the problem there it is an isolated bug that should be fixed
- regardless.
+ Previously the function would edit the provided header in-place when a
+ semicolon is used to signify an empty header. This made it impossible to
+ use the same set of custom headers in multiple threads simultaneously.
- Closes #3411
- Reported-by: GitYuanQu on github
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (30 Dec 2018)
-- THANKS: dedupe Guenter Knauf
+ This approach now makes a local copy when it needs to edit the string.
- Reported-by: Tae Wong
+ Reported-by: d912e3 on github
+ Fixes #3578
+ Closes #3579
-- THANKS: missing name from the 6.3.1 release!
+- unit1651: survive curl_easy_init() fails
-Daniel Gustafsson (27 Dec 2018)
-- RELEASE-NOTES: synced
+- [Frank Gevaerts brought this change]
-- [Claes Jakobsson brought this change]
+ rand: Fix a mismatch between comments in source and header.
+
+ Reported-by: Björn Stenberg <bjorn@haxx.se>
+ Closes #3584
- hostip: support wildcard hosts
+Patrick Monnerat (18 Feb 2019)
+- x509asn1: replace single char with an array
- This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
- try-last so any non-wildcard entry is resolved first. If specified,
- any host not matched by another CURLOPT_RESOLVE config will use this
- as fallback.
+ Although safe in this context, using a single char as an array may
+ cause invalid accesses to adjacent memory locations.
- Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
- curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
- https://a.com https://b.com
+ Detected by Coverity.
+
+Daniel Stenberg (18 Feb 2019)
+- examples/http2-serverpush: add some sensible error checks
- This is probably quite similar to using:
- --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
+ To avoid NULL pointer dereferences etc in the case of problems.
- Closes #3406
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- url: fix incorrect indentation
+ Closes #3580
-Patrick Monnerat (26 Dec 2018)
-- os400: upgrade ILE/RPG binding.
+Jay Satiro (18 Feb 2019)
+- easy: fix win32 init to work without CURL_GLOBAL_WIN32
- - Trailer function support.
- - http 0.9 option.
- - curl_easy_upkeep.
+ - Change the behavior of win32_init so that the required initialization
+ procedures are not affected by CURL_GLOBAL_WIN32 flag.
+
+ libcurl via curl_global_init supports initializing for win32 with an
+ optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop
+ Winsock initialization. It did so internally by skipping win32_init()
+ when that flag was set. Since then win32_init() has been expanded to
+ include required initialization routines that are separate from
+ Winsock and therefore must be called in all cases. This commit fixes
+ it so that CURL_GLOBAL_WIN32 only controls the optional win32
+ initialization (which is Winsock initialization, according to our doc).
+
+ The only users affected by this change are those that don't pass
+ CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the
+ risk of a potential crash.
+
+ Ref: https://github.com/curl/curl/pull/3573
+
+ Fixes https://github.com/curl/curl/issues/3313
+ Closes https://github.com/curl/curl/pull/3575
-Daniel Gustafsson (25 Dec 2018)
-- FAQ: remove mention of sourceforge for github
+Daniel Gustafsson (17 Feb 2019)
+- cookie: Add support for cookie prefixes
- The project bug tracker is no longer hosted at sourceforge but is now
- hosted on the curl Github page. Update the FAQ to reflect.
+ The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
+ and how they should affect cookie initialization, which has been
+ adopted by the major browsers. This adds support for the two prefixes
+ defined, __Host- and __Secure, and updates the testcase with the
+ supplied examples from the draft.
- Closes #3410
+ Closes #3554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- openvms: fix typos in documentation
-
-- openvms: fix OpenSSL discovery on VAX
+- mbedtls: release sessionid resources on error
- The DCL code had a typo in one of the commands which would make the
- OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.
+ If mbedtls_ssl_get_session() fails, it may still have allocated
+ memory that needs to be freed to avoid leaking. Call the library
+ API function to release session resources on this errorpath as
+ well as on Curl_ssl_addsessionid() errors.
- Closes #3407
- Reviewed-by: Viktor Szakats <commit@vszakats.net>
+ Closes: #3574
+ Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Daniel Stenberg (24 Dec 2018)
-- [Ruslan Baratov brought this change]
+Patrick Monnerat (16 Feb 2019)
+- cli tool: refactor encoding conversion sequence for switch case fallthrough.
- cmake: use lowercase for function name like the rest of the code
+- version.c: silent scan-build even when librtmp is not enabled
+
+Daniel Stenberg (15 Feb 2019)
+- RELEASE-NOTES: synced
+
+- Curl_now: figure out windows version in win32_init
- Reviewed-by: Sergei Nikulov
+ ... and avoid use of static variables that aren't thread safe.
- closes #3196
-
-- Revert "libssh: no data pointer == nothing to do"
+ Fixes regression from e9ababd4f5a (present in the 7.64.0 release)
- This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the
- problem in a more generic way.
+ Reported-by: Paul Groke
+ Fixes #3572
+ Closes #3573
-- disconnect: set conn->data for protocol disconnect
+Marcel Raad (15 Feb 2019)
+- unit1307: just fail without FTP support
- Follow-up to fb445a1e18d: Set conn->data explicitly to point out the
- current transfer when invoking the protocol-specific disconnect function
- so that it can work correctly.
+ I missed to check this in with commit
+ 71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test.
+ This fixes the actual linker error.
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
-
-Jay Satiro (23 Dec 2018)
-- [Pavel Pavlov brought this change]
+ Closes https://github.com/curl/curl/pull/3568
- timeval: Use high resolution timestamps on Windows
+Daniel Stenberg (15 Feb 2019)
+- travis: enable valgrind for the iconv tests too
- - Use QueryPerformanceCounter on Windows Vista+
+ Closes #3571
+
+- travis: add scan-build
- There is confusing info floating around that QueryPerformanceCounter
- can leap etc, which might have been true long time ago, but no longer
- the case nowadays (perhaps starting from WinXP?). Also, boost and
- std::chrono::steady_clock use QueryPerformanceCounter in a similar way.
+ Closes #3564
+
+- examples/sftpuploadresume: Value stored to 'result' is never read
- Prior to this change GetTickCount or GetTickCount64 was used, which has
- lower resolution. That is still the case for <= XP.
+ Detected by scan-build
+
+- examples/http2-upload: cleaned up
- Fixes https://github.com/curl/curl/issues/3309
- Closes https://github.com/curl/curl/pull/3318
+ Fix scan-build warnings, no globals, no silly handle scan. Also remove
+ handles from the multi before cleaning up.
-Daniel Stenberg (22 Dec 2018)
-- libssh: no data pointer == nothing to do
+- examples/http2-download: cleaned up
+
+ To avoid scan-build warnings and global variables.
-- conncache_unlock: avoid indirection by changing input argument type
+- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
+
+ Detected by scan-build
-- disconnect: separate connections and easy handles better
+- examples/httpcustomheader: Value stored to 'res' is never read
- Do not assume/store assocation between a given easy handle and the
- connection if it can be avoided.
+ Detected by scan-build
+
+- examples: remove superfluous null-pointer checks
- Long-term, the 'conn->data' pointer should probably be removed as it is a
- little too error-prone. Still used very widely though.
+ in ftpget, ftpsget and sftpget, so that scan-build stops warning for
+ potential NULL pointer dereference below!
- Reported-by: masbug on github
- Fixes #3391
- Closes #3400
+ Detected by scan-build
-- libssh: free sftp_canonicalize_path() data correctly
-
- Assisted-by: Harry Sintonen
+- strip_trailing_dot: make sure NULL is never used for strlen
- Fixes #3402
- Closes #3403
+ scan-build warning: Null pointer passed as an argument to a 'nonnull'
+ parameter
-- RELEASE-NOTES: synced
+- [Jay Satiro brought this change]
-- http: added options for allowing HTTP/0.9 responses
-
- Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
+ connection_check: restore original conn->data after the check
- For now, both the tool and library allow HTTP/0.9 by default.
- docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
- months after the 7.64.0 release. The options are added already now so
- that applications/scripts can start using them already now.
+ - Save the original conn->data before it's changed to the specified
+ data transfer for the connection check and then restore it afterwards.
- Fixes #2873
- Closes #3383
-
-- if2ip: remove unused function Curl_if_is_interface_name
+ This is a follow-up to 38d8e1b 2019-02-11.
- Closes #3401
-
-- http2: clear pause stream id if it gets closed
+ History:
- Reported-by: Florian Pritz
+ It was discovered a month ago that before checking whether to extract a
+ dead connection that that connection should be associated with a "live"
+ transfer for the check (ie original conn->data ignored and set to the
+ passed in data). A fix was landed in 54b201b which did that and also
+ cleared conn->data after the check. The original conn->data was not
+ restored, so presumably it was thought that a valid conn->data was no
+ longer needed.
- Fixes #3392
- Closes #3399
-
-Daniel Gustafsson (20 Dec 2018)
-- [David Garske brought this change]
-
- wolfssl: Perform cleanup
+ Several days later it was discovered that a valid conn->data was needed
+ after the check and follow-up fix was landed in bbae24c which partially
+ reverted the original fix and attempted to limit the scope of when
+ conn->data was changed to only when pruning dead connections. In that
+ case conn->data was not cleared and the original conn->data not
+ restored.
- This adds a cleanup callback for cyassl. Resolves possible memory leak
- when using ECC fixed point cache.
+ A month later it was discovered that the original fix was somewhat
+ correct; a "live" transfer is needed for the check in all cases
+ because original conn->data could be null which could cause a bad deref
+ at arbitrary points in the check. A fix was landed in 38d8e1b which
+ expanded the scope to all cases. conn->data was not cleared and the
+ original conn->data not restored.
- Closes #3395
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-
-Daniel Stenberg (20 Dec 2018)
-- mbedtls: follow-up VERIFYHOST fix from f097669248
+ A day later it was discovered that not restoring the original conn->data
+ may lead to busy loops in applications that use the event interface, and
+ given this observation it's a pretty safe assumption that there is some
+ code path that still needs the original conn->data. This commit is the
+ follow-up fix for that, it restores the original conn->data after the
+ connection check.
- Fix-by: Eric Rosenquist
+ Assisted-by: tholin@users.noreply.github.com
+ Reported-by: tholin@users.noreply.github.com
- Fixes #3376
- Closes #3390
-
-- curlver: bump to 7.64.0 for next release
+ Fixes https://github.com/curl/curl/issues/3542
+ Closes #3559
-Daniel Gustafsson (19 Dec 2018)
-- cookies: extend domain checks to non psl builds
+- memdebug: bring back curl_mark_sclose
- Ensure to perform the checks we have to enforce a sane domain in
- the cookie request. The check for non-PSL enabled builds is quite
- basic but it's better than nothing.
+ Used by debug builds with NSS.
- Closes #2964
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (19 Dec 2018)
-- [Matus Uzak brought this change]
+ Reverted from 05b100aee247bb
- smb: fix incorrect path in request if connection reused
+Patrick Monnerat (14 Feb 2019)
+- transfer.c: do not compute length of undefined hex buffer.
- Follow-up to 09e401e01bf9. If connection gets reused, then data member
- will be copied, but not the proto member. As a result, in smb_do(),
- path has been set from the original proto.share data.
+ On non-ascii platforms, the chunked hex header was measured for char code
+ conversion length, even for chunked trailers that do not have an hex header.
+ In addition, the efective length is already known: use it.
+ Since the hex length can be zero, only convert if needed.
- Closes #3388
+ Reported by valgrind.
-- curl -J: do not append to the destination file
+Daniel Stenberg (14 Feb 2019)
+- KNOWN_BUGS: Cannot compile against a static build of OpenLDAP
- Reported-by: Kamil Dudka
- Fixes #3380
- Closes #3381
+ Closes #2367
-- mbedtls: use VERIFYHOST
+Patrick Monnerat (14 Feb 2019)
+- x509asn1: "Dereference of null pointer"
- Previously, VERIFYPEER would enable/disable all checks.
+ Detected by scan-build (false positive).
+
+Daniel Stenberg (14 Feb 2019)
+- configure: show features as well in the final summary
- Reported-by: Eric Rosenquist
- Fixes #3376
- Closes #3380
+ Closes #3569
-- pingpong: change default response timeout to 120 seconds
+- KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10
- Previously it was 30 minutes
+ Closes #2905
-- pingpong: ignore regular timeout in disconnect phase
+- KNOWN_BUGS: Deflate error after all content was received
- The timeout set with CURLOPT_TIMEOUT is no longer used when
- disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
- POP3).
+ Closes #2719
+
+- gssapi: fix deprecated header warnings
- Reported-by: jasal82 on github
+ Heimdal includes on FreeBSD spewed out lots of them. Less so now.
- Fixes #3264
- Closes #3374
+ Closes #3566
-- TODO: Windows: set attribute 'archive' for completed downloads
+- TODO: Upgrade to websockets
- Closes #3354
-
-- RELEASE-NOTES: synced
+ Closes #3523
-- http: minor whitespace cleanup from f464535b
+- TODO: cmake test suite improvements
+
+ Closes #3109
-- [Ayoub Boudhar brought this change]
+Patrick Monnerat (13 Feb 2019)
+- curl: "Dereference of null pointer"
+
+ Rephrase to satisfy scan-build.
- http: Implement trailing headers for chunked transfers
+Marcel Raad (13 Feb 2019)
+- unit1307: require FTP support
- This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
- options that allow a callback based approach to sending trailing headers
- with chunked transfers.
+ This test doesn't link without FTP support after
+ fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch
+ unavailable without FTP support.
- The test server (sws) was updated to take into account the detection of the
- end of transfer in the case of trailing headers presence.
+ Closes https://github.com/curl/curl/pull/3565
+
+Daniel Stenberg (13 Feb 2019)
+- TODO: TFO support on Windows
- Test 1591 checks that trailing headers can be sent using libcurl.
+ Nobody works on this now.
- Closes #3350
+ Closes #3378
-- darwinssl: accept setting max-tls with default min-tls
+- multi: Dereference of null pointer
- Reported-by: Andrei Neculau
- Fixes #3367
- Closes #3373
-
-- gopher: fix memory leak from 9026083ddb2a9
-
-- [Leonardo Taccari brought this change]
-
- test1201: Add a trailing `?' to the selector
+ Mostly a false positive, but this makes the code easier to read anyway.
- This verify that the `?' in the selector is kept as is.
+ Detected by scan-build.
- Verifies the fix in #3370
-
-- [Leonardo Taccari brought this change]
+ Closes #3563
- gopher: always include the entire gopher-path in request
+- urlglob: Argument with 'nonnull' attribute passed null
- After the migration to URL API all octets in the selector after the
- first `?' were interpreted as query and accidentally discarded and not
- passed to the server.
+ Detected by scan-build.
+
+Jay Satiro (12 Feb 2019)
+- schannel: restore some debug output but only for debug builds
- Add a gopherpath to always concatenate possible path and query URL
- pieces.
+ Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy
+ debug output in DEBUGF but omitted a few lines.
- Fixes #3369
- Closes #3370
-
-- [Leonardo Taccari brought this change]
+ Ref: https://github.com/curl/curl/commit/84c10dc#r32292900
- urlapi: distinguish possibly empty query
+- examples/crawler: Fix the Accept-Encoding setting
- If just a `?' to indicate the query is passed always store a zero length
- query instead of having a NULL query.
+ - Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default
+ supported encodings.
- This permits to distinguish URL with trailing `?'.
+ Prior to this change the specific encodings of gzip and deflate were set
+ but there's no guarantee they'd be supported by the user's libcurl.
+
+Daniel Stenberg (12 Feb 2019)
+- mime: put the boundary buffer into the curl_mime struct
- Fixes #3369
- Closes #3370
+ ... instead of allocating it separately and point to it. It is
+ fixed-size and always used for each part.
+
+ Closes #3561
-Daniel Gustafsson (13 Dec 2018)
-- OS400: handle memory error in list conversion
+- schannel: be quiet
- Curl_slist_append_nodup() returns NULL when it fails to create a new
- item for the specified list, and since the coding here reassigned the
- new list on top of the old list it would result in a dangling pointer
- and lost memory. Also, in case we hit an allocation failure at some
- point during the conversion, with allocation succeeding again on the
- subsequent call(s) we will return a truncated list around the malloc
- failure point. Fix by assigning to a temporary list pointer, which can
- be checked (which is the common pattern for slist appending), and free
- all the resources on allocation failure.
+ Convert numerous infof() calls into debug-build only messages since they
+ are annoyingly verbose for regular applications. Removed a few.
+
+ Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html
+ Reported-by: Volker Schmid
+ Closes #3552
+
+- [Romain Geissler brought this change]
+
+ Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
- Closes #3372
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3562
-- cookies: leave secure cookies alone
+- http2: multi_connchanged() moved from multi.c, only used for h2
- Only allow secure origins to be able to write cookies with the
- 'secure' flag set. This reduces the risk of non-secure origins
- to influence the state of secure origins. This implements IETF
- Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
- RFC6265.
+ Closes #3557
+
+- curl: "Function call argument is an uninitialized value"
- Closes #2956
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Follow-up to cac0e4a6ad14b42471eb
+
+ Detected by scan-build
+ Closes #3560
-Daniel Stenberg (13 Dec 2018)
-- docs: fix the --tls-max description
+- pretransfer: don't strlen() POSTFIELDS set for GET requests
- Reported-by: Tobias Lindgren
- Pointed out in #3367
+ ... since that data won't be used in the request anyway.
- Closes #3368
+ Fixes #3548
+ Reported-by: Renaud Allard
+ Close #3549
-Daniel Gustafsson (12 Dec 2018)
-- urlapi: Fix port parsing of eol colon
+- multi: remove verbose "Expire in" ... messages
- A URL with a single colon without a portnumber should use the default
- port, discarding the colon. Fix, add a testcase and also do little bit
- of comment wordsmithing.
+ Reported-by: James Brown
+ Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html
+ Closes #3558
+
+- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
- Closes #3365
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reported-by: MAntoniak on github
+ Fixes #3553
+ Closes #3556
-Version 7.63.0 (12 Dec 2018)
+Daniel Gustafsson (12 Feb 2019)
+- non-ascii.c: fix typos in comments
+
+ Fix two occurrences of s/convers/converts/ spotted while reading code.
-Daniel Stenberg (12 Dec 2018)
-- RELEASE-NOTES: 7.63.0
+Daniel Stenberg (12 Feb 2019)
+- fnmatch: disable if FTP is disabled
+
+ Closes #3551
-- THANKS: from the curl 7.62.0 cycle
+- curl_path: only enabled for SSH builds
-- test1519: use lib1518 and test CURLINFO_REDIRECT_URL more
+- [Frank Gevaerts brought this change]
-- Curl_follow: extract the Location: header field unvalidated
+ tests: add stderr comparison to the test suite
- ... when not actually following the redirect. Otherwise we return error
- for this and an application can't extract the value.
+ The code is more or less copied from the stdout comparison code, maybe
+ some better reuse is possible.
- Test 1518 added to verify.
+ test 1457 is adjusted to make the output actually match (by using --silent)
+ test 506 used <stderr> without actually needing it, so that <stderr> block is removed
- Reported-by: Pavel Pavlov
- Fixes #3340
- Closes #3364
+ Closes #3536
-- multi: convert two timeout variables to timediff_t
-
- The time_t type is unsigned on some systems and these variables are used
- to hold return values from functions that return timediff_t
- already. timediff_t is always a signed type.
+Patrick Monnerat (11 Feb 2019)
+- cli tool: do not use mime.h private structures.
- Closes #3363
-
-- delta: use --diff-filter on the git diff-tree invokes
+ Option -F generates an intermediate representation of the mime structure
+ that is used later to create the libcurl mime structure and generate
+ the --libcurl statements.
- Suggested-by: Dave Reisner
+ Reported-by: Daniel Stenberg
+ Fixes #3532
+ Closes #3546
-Patrick Monnerat (11 Dec 2018)
-- documentation: curl_formadd field and file names are now escaped
-
- Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
- header without special processing: this may lead to invalid RFC 822
- quoted-strings.
- 7.56.0 introduces escaping of backslashes and double quotes in these names:
- mention it in the documentation.
-
- Reported-by: daboul on github
- Closes #3361
+Daniel Stenberg (11 Feb 2019)
+- curlver: bump to 7.64.1-dev
-Daniel Stenberg (11 Dec 2018)
-- scripts/delta: show repo delta info from last release
+- RELEASE-NOTES: synced
- ... where "last release" should be the git tag in the repo.
+ and bump the version in progress to 7.64.1. If we merge any "change"
+ before the cut-off date, we update again.
-Daniel Gustafsson (11 Dec 2018)
-- tests: add urlapi unittest
+Daniel Gustafsson (11 Feb 2019)
+- curl: follow-up to 3f16990ec84
- This adds a new unittest intended to cover the internal functions in
- the urlapi code, starting with parse_port(). In order to avoid name
- collisions in debug builds, parse_port() is renamed Curl_parse_port()
- since it will be exported.
+ Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was
+ inadvertently introducing a new bug in the ternary expression.
+ Close #3555
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-- urlapi: fix portnumber parsing for ipv6 zone index
+- dns: release sharelock as soon as possible
- An IPv6 URL which contains a zone index includes a '%%25<zode id>'
- string before the ending ']' bracket. The parsing logic wasn't set
- up to cope with the zone index however, resulting in a malformed url
- error being returned. Fix by breaking the parsing into two stages
- to correctly handle the zone index.
+ There is no benefit to holding the data sharelock when freeing the
+ addrinfo in case it fails, so ensure releaseing it as soon as we can
+ rather than holding on to it. This also aligns the code with other
+ consumers of sharelocks.
- Closes #3355
- Closes #3319
- Reported-by: tonystz on Github
+ Closes #3516
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
-Daniel Stenberg (11 Dec 2018)
-- [Jay Satiro brought this change]
- http: fix HTTP auth to include query in URI
+Daniel Stenberg (11 Feb 2019)
+- curl: follow-up to b49652ac66cc0
- - Include query in the path passed to generate HTTP auth.
+ On FreeBSD, return non-zero on error otherwise zero.
- Recent changes to use the URL API internally (46e1640, 7.62.0)
- inadvertently broke authentication URIs by omitting the query.
+ Reported-by: Marcel Raad
+
+- multi: (void)-prefix when ignoring return values
- Fixes https://github.com/curl/curl/issues/3353
- Closes #3356
+ ... and added braces to two function calls which fixes warnings if they
+ are replace by empty macros at build-time.
-- [Michael Kaufmann brought this change]
+- curl: fix FreeBSD compiler warning in the --xattr code
+
+ Closes #3550
- http: don't set CURLINFO_CONDITION_UNMET for http status code 204
+- connection_check: set ->data to the transfer doing the check
- The http status code 204 (No Content) should not change the "condition
- unmet" flag. Only the http status code 304 (Not Modified) should do
- this.
+ The http2 code for connection checking needs a transfer to use. Make
+ sure a working one is set before handler->connection_check() is called.
- Closes #359
+ Reported-by: jnbr on github
+ Fixes #3541
+ Closes #3547
-- [Samuel Surtees brought this change]
+- hostip: make create_hostcache_id avoid alloc + free
+
+ Closes #3544
- ldap: fix LDAP URL parsing regressions
+- scripts/singleuse: script to use to track single-use functions
- - Match URL scheme with LDAP and LDAPS
- - Retrieve attributes, scope and filter from URL query instead
+ That is functions that are declared global but are not used from outside
+ of the file in which it is declared. Such functions should be made
+ static or even at times be removed.
- Regression brought in 46e164069d1a5230 (7.62.0)
+ It also verifies that all used curl_ prefixed functions are "blessed"
- Closes #3362
-
-- RELEASE-NOTES: synced
-
-- [Stefan Kanthak brought this change]
+ Closes #3538
- (lib)curl.rc: fixup for minor bugs
+- cleanup: make local functions static
- All resources defined in lib/libcurl.rc and curl.rc are language
- neutral.
+ urlapi: turn three local-only functions into statics
- winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the
- ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong.
+ conncache: make conncache_find_first_connection static
- Replace the hard-coded constants in both *.rc files with #define'd
- values.
+ multi: make detach_connnection static
- Thumbs-uped-by: Rod Widdowson, Johannes Schindelin
- URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
- Closes #3348
-
-- test329: verify cookie max-age=0 immediate expiry
-
-- cookies: expire "Max-Age=0" immediately
+ connect: make getaddressinfo static
- Reported-by: Jeroen Ooms
- Fixes #3351
- Closes #3352
-
-- [Johannes Schindelin brought this change]
-
- Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
+ curl_ntlm_core: make hmac_md5 static
- This is a companion patch to cbea2fd2c (NTLM: force the connection to
- HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
- preemptively. However, with other (Negotiate) authentication it is not
- clear to this developer whether there is a way to make it work with
- HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
- error HTTP_1_1_REQUIRED.
+ http2: make two functions static
- Note: we will still keep the NTLM workaround, as it avoids an extra
- round trip.
+ http: make http_setup_conn static
- Daniel Stenberg helped a lot with this patch, in particular by
- suggesting to introduce the Curl_h2_http_1_1_error() function.
+ connect: make tcpnodelay static
- Closes #3349
+ tests: make UNITTEST a thing to mark functions with, so they can be static for
+ normal builds and non-static for unit test builds
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+ ... and mark Curl_shuffle_addr accordingly.
+
+ url: make up_free static
+
+ setopt: make vsetopt static
+
+ curl_endian: make write32_le static
+
+ rtsp: make rtsp_connisdead static
+
+ warnless: remove unused functions
+
+ memdebug: remove one unused function, made another static
-- [Ben Greear brought this change]
+Dan Fandrich (10 Feb 2019)
+- cirrus: Added FreeBSD builds using Cirrus CI.
+
+ The build logs will be at https://cirrus-ci.com/github/curl/curl
+
+ Some tests are currently failing and so disabled for now. The SSH server
+ isn't starting for the SSH tests due to unsupported options used in its
+ config file. The DICT server also is failing on startup.
- openssl: fix unused variable compiler warning with old openssl
+Daniel Stenberg (9 Feb 2019)
+- url/idnconvert: remove scan for <= 32 ascii values
- URL: https://curl.haxx.se/mail/lib-2018-11/0055.html
+ The check was added back in fa939220df before the URL parser would catch
+ these problems and therefore these will never trigger now.
- Closes #3347
+ Closes #3539
-- [Johannes Schindelin brought this change]
+- urlapi: reduce variable scope, remove unreachable 'break'
+
+ Both nits pointed out by codacy.com
+
+ Closes #3540
- NTLM: force the connection to HTTP/1.1
+Alessandro Ghedini (7 Feb 2019)
+- zsh.pl: escape ':' character
- Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
- the capability. However, NTLM authentication only works with HTTP/1.1,
- and will likely remain in that boat (for details, see
- https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
+ ':' is interpreted as separator by zsh, so if used as part of the argument
+ or option's description it needs to be escaped.
- When we just found out that we want to use NTLM, and when the current
- connection runs in HTTP/2 mode, let's force the connection to be closed
- and to be re-opened using HTTP/1.1.
+ The problem can be reproduced as follows:
- Fixes https://github.com/curl/curl/issues/3341.
- Closes #3345
+ % curl --reso<TAB>
+ % curl -E <TAB>
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-- [Johannes Schindelin brought this change]
+ Bug: https://bugs.debian.org/921452
- curl_global_sslset(): id == -1 is not necessarily an error
+- zsh.pl: update regex to better match curl -h output
- It is allowed to call that function with id set to -1, specifying the
- backend by the name instead. We should imitate what is done further down
- in that function to allow for that.
+ The current regex fails to match '<...>' arguments properly (e.g. those
+ with spaces in them), which causes an completion script with wrong
+ descriptions for some options.
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+ Here's a diff of the generated completion script, comparing the previous
+ version to the one with this fix:
- Closes #3346
-
-Johannes Schindelin (6 Dec 2018)
-- .gitattributes: make tabs in indentation a visible error
+ --- /usr/share/zsh/vendor-completions/_curl 2019-01-15 20:47:40.000000000 +0000
+ +++ _curl 2019-02-05 20:57:29.453349040 +0000
+ @@ -9,48 +9,48 @@
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-
-Daniel Stenberg (6 Dec 2018)
-- RELEASE-NOTES: synced
+ _arguments -C -S \
+ --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
+ + --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
+ {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
+ {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
+ {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
+ --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
+ - --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
+ + --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
+ {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
+ --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
+ --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
+ - --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
+ --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
+ --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
+ - --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
+ - --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
+ + --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
+ --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
+ --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
+ + --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
+ --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
+ + --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
+ {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
+ --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
+ --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
+ - --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
+ + --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
+ --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
+ --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
+ - --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
+ {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
+ --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
+ --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
+ {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
+ - --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
+ - --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
+ - {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
+ - --location-trusted'[--location, and send auth to other hosts]':'Like' \
+ + --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
+ --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
+ {-O,--remote-name}'[Write output to a file named as the remote file]' \
+ + --retry-connrefused'[Retry on connection refused (use with --retry)]' \
+ + --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
+ --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
+ --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
+ --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
+ {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
+ + {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
+ {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
+ --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
+ --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
+ - --ignore-content-length'[the size of the remote resource]':'Ignore' \
+ {-k,--insecure}'[Allow insecure server connections when using SSL]' \
+ + --location-trusted'[Like --location, and send auth to other hosts]' \
+ --mail-auth'[Originator address of the original email]':'<address>' \
+ --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
+ --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
+ @@ -62,18 +62,19 @@
+ --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
+ --cacert'[CA certificate to verify peer against]':'<file>':_files \
+ {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
+ + --ignore-content-length'[Ignore the size of the remote resource]' \
+ {-i,--include}'[Include protocol response headers in the output]' \
+ --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
+ --unix-socket'[Connect through this Unix domain socket]':'<path>' \
+ {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
+ - --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
+ {-o,--output}'[Write to file instead of stdout]':'<file>':_files \
+ - {-J,--remote-header-name}'[the header-provided filename]':'Use' \
+ + --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
+ --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
+ {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
+ {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
+ --capath'[CA directory to verify peer against]':'<dir>':_files \
+ {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
+ + --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
+ --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
+ {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
+ --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
+ @@ -81,52 +82,49 @@
+ {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
+ --egd-file'[EGD socket path for random data]':'<file>':_files \
+ --fail-early'[Fail on first transfer error, do not continue]' \
+ - --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
+ - --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
+ + {-J,--remote-header-name}'[Use the header-provided filename]' \
+ --retry-max-time'[Retry only within this period]':'<seconds>' \
+ --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
+ --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
+ - --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
+ - --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
+ --cert-status'[Verify the status of the server certificate]' \
+ - --ftp-create-dirs'[the remote dirs if not present]':'Create' \
+ {-:,--next}'[Make next URL use its separate set of options]' \
+ --proxy-key-type'[Private key file type for proxy]':'<type>' \
+ - --remote-name-all'[the remote file name for all URLs]':'Use' \
+ {-X,--request}'[Specify request command to use]':'<command>' \
+ --retry'[Retry request if transient problems occur]':'<num>' \
+ - --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
+ --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
+ --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
+ --create-dirs'[Create necessary local directory hierarchy]' \
+ + --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
+ --max-redirs'[Maximum number of redirects allowed]':'<num>' \
+ {-n,--netrc}'[Must read .netrc for user name and password]' \
+ + {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
+ --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
+ --sasl-ir'[Enable initial response in SASL authentication]' \
+ - --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
+ + --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
+ + --ssl-allow-beast'[Allow security flaw to improve interop]' \
+ + --ftp-create-dirs'[Create the remote dirs if not present]' \
+ --interface'[Use network INTERFACE (or address)]':'<name>' \
+ --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
+ --netrc-file'[Specify FILE for netrc]':'<filename>':_files \
+ {-N,--no-buffer}'[Disable buffering of the output stream]' \
+ --proxy-service-name'[SPNEGO proxy service name]':'<name>' \
+ - --styled-output'[styled output for HTTP headers]':'Enable' \
+ + --remote-name-all'[Use the remote file name for all URLs]' \
+ + --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
+ --max-filesize'[Maximum file size to download]':'<bytes>' \
+ --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
+ --no-keepalive'[Disable TCP keepalive on the connection]' \
+ {-#,--progress-bar}'[Display transfer progress as a bar]' \
+ - {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
+ - --proxy-anyauth'[any proxy authentication method]':'Pick' \
+ {-Q,--quote}'[Send command(s) to server before transfer]' \
+ - --request-target'[the target for this request]':'Specify' \
+ + --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
+ {-u,--user}'[Server user and password]':'<user:password>' \
+ {-K,--config}'[Read config from a file]':'<file>':_files \
+ {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
+ --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
+ - --disallow-username-in-url'[username in url]':'Disallow' \
+ --krb'[Enable Kerberos with security <level>]':'<level>' \
+ --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
+ --proxy-digest'[Use Digest authentication on the proxy]' \
+ --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
+ + --styled-output'[Enable styled output for HTTP headers]' \
+ {-b,--cookie}'[Send cookies from string/file]':'<data>' \
+ --data-urlencode'[HTTP POST data url encoded]':'<data>' \
+ --delegation'[GSS-API delegation permission]':'<LEVEL>' \
+ @@ -134,7 +132,10 @@
+ --post301'[Do not switch to GET after following a 301]' \
+ --post302'[Do not switch to GET after following a 302]' \
+ --post303'[Do not switch to GET after following a 303]' \
+ + --proxy-anyauth'[Pick any proxy authentication method]' \
+ + --request-target'[Specify the target for this request]' \
+ --trace-time'[Add time stamps to trace/verbose output]' \
+ + --disallow-username-in-url'[Disallow username in url]' \
+ --dns-servers'[DNS server addrs to use]':'<addresses>' \
+ {-G,--get}'[Put the post data in the URL and use GET]' \
+ --limit-rate'[Limit transfer speed to RATE]':'<speed>' \
+ @@ -148,21 +149,21 @@
+ --metalink'[Process given URLs as metalink XML file]' \
+ --tr-encoding'[Request compressed transfer encoding]' \
+ --xattr'[Store metadata in extended file attributes]' \
+ - --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
+ --pass'[Pass phrase for the private key]':'<phrase>' \
+ --proxy-ntlm'[Use NTLM authentication on the proxy]' \
+ {-S,--show-error}'[Show error even when -s is used]' \
+ - --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
+ + --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
+ --form-string'[Specify multipart MIME data]':'<name=string>' \
+ --login-options'[Server login options]':'<options>' \
+ --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
+ - --tftp-no-options'[not send any TFTP options]':'Do' \
+ {-v,--verbose}'[Make the operation more talkative]' \
+ + --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
+ --proxy-key'[Private key for HTTPS proxy]':'<key>' \
+ {-F,--form}'[Specify multipart MIME data]':'<name=content>' \
+ --mail-from'[Mail from this address]':'<address>' \
+ --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
+ --proto'[Enable/disable PROTOCOLS]':'<protocols>' \
+ + --tftp-no-options'[Do not send any TFTP options]' \
+ --tlsauthtype'[TLS authentication type]':'<type>' \
+ --doh-url'[Resolve host names over DOH]':'<URL>' \
+ --no-sessionid'[Disable SSL session-ID reusing]' \
+ @@ -173,14 +174,13 @@
+ --ftp-ssl-ccc'[Send CCC after authenticating]' \
+ {-4,--ipv4}'[Resolve names to IPv4 addresses]' \
+ {-6,--ipv6}'[Resolve names to IPv6 addresses]' \
+ - --netrc-optional'[either .netrc or URL]':'Use' \
+ --service-name'[SPNEGO service name]':'<name>' \
+ {-V,--version}'[Show version number and quit]' \
+ --data-ascii'[HTTP POST ASCII data]':'<data>' \
+ --ftp-account'[Account data string]':'<data>' \
+ - --compressed-ssh'[SSH compression]':'Enable' \
+ --disable-eprt'[Inhibit using EPRT or LPRT]' \
+ --ftp-method'[Control CWD usage]':'<method>' \
+ + --netrc-optional'[Use either .netrc or URL]' \
+ --pubkey'[SSH Public key file name]':'<key>' \
+ --raw'[Do HTTP "raw"; no transfer decoding]' \
+ --anyauth'[Pick any authentication method]' \
+ @@ -189,6 +189,7 @@
+ --no-alpn'[Disable the ALPN TLS extension]' \
+ --tcp-nodelay'[Use the TCP_NODELAY option]' \
+ {-B,--use-ascii}'[Use ASCII/text transfer]' \
+ + --compressed-ssh'[Enable SSH compression]' \
+ --digest'[Use HTTP Digest Authentication]' \
+ --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
+ --engine'[Crypto engine to use]':'<name>' \
-- doh: fix memory leak in OOM situation
+Marcel Raad (7 Feb 2019)
+- tool_operate: fix typecheck warning
- Reviewed-by: Daniel Gustafsson
- Closes #3342
-
-- doh: make it work for h2-disabled builds too
+ Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
+ tool_operate.c: In function 'operate_do':
+ ../include/curl/typecheck-gcc.h:47:9: error: call to
+ '_curl_easy_setopt_err_long' declared with attribute warning:
+ curl_easy_setopt expects a long argument for this option [-Werror]
- Reported-by: dtmsecurity at github
- Fixes #3325
- Closes #3336
+ Closes https://github.com/curl/curl/pull/3534
-- packages: remove old leftover files and dirs
+Jay Satiro (6 Feb 2019)
+- [Chris Araman brought this change]
+
+ url: close TLS before removing conn from cache
- This subdir has mostly become an attic of never-used cruft from the
- past.
+ - Fix potential crashes in schannel shutdown.
- Closes #3331
-
-- [Gergely Nagy brought this change]
+ Ensure any TLS shutdown messages are sent before removing the
+ association between the connection and the easy handle. Reverts
+ @bagder's previous partial fix for #3412.
+
+ Fixes https://github.com/curl/curl/issues/3412
+ Fixes https://github.com/curl/curl/issues/3505
+ Closes https://github.com/curl/curl/pull/3531
- openssl: do not use file BIOs if not requested
+Daniel Gustafsson (6 Feb 2019)
+- INTERNALS.md: fix subsection depth and link
- Moves the file handling BIO calls to the branch of the code where they
- are actually used.
+ The Kerberos subsection was mistakenly a subsubsection under FTP, and
+ the curlx subsection was missing an anchor for the TOC link.
- Closes #3339
-
-- [Paul Howarth brought this change]
+ Closes #3529
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- nss: Fix compatibility with nss versions 3.14 to 3.15
+Version 7.64.0 (6 Feb 2019)
-- [Paul Howarth brought this change]
+Daniel Stenberg (6 Feb 2019)
+- RELEASE-NOTES: 7.64.0
- nss: Improve info message when falling back SSL protocol
-
- Use descriptive text strings rather than decimal numbers.
+- RELEASE-PROCEDURE: update the release calendar
-- [Paul Howarth brought this change]
+- THANKS: 7.64.0 status
- nss: Fall back to latest supported SSL version
-
- NSS may be built without support for the latest SSL/TLS versions,
- leading to "SSL version range is not valid" errors when the library
- code supports a recent version (e.g. TLS v1.3) but it has explicitly
- been disabled.
+Daniel Gustafsson (5 Feb 2019)
+- ROADMAP: remove already performed item
- This change adjusts the maximum SSL version requested by libcurl to
- be the maximum supported version at runtime, as long as that version
- is at least as high as the minimum version required by libcurl.
+ Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support
+ for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
+ the entry was removed from the TODO it was mistakenly left here.
+ Fix by removing and rewording the entry slightly.
- Fixes #3261
+ Closes #3530
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Daniel Gustafsson (3 Dec 2018)
-- travis: enable COPYRIGHTYEAR extended warning
-
- The extended warning for checking incorrect COPYRIGHTYEAR is quite
- expensive to run, so rather than expecting every developer to do it
- we ensure it's turned on locally for Travis.
+- [Etienne Simard brought this change]
-- checksrc: add COPYRIGHTYEAR check
-
- Forgetting to bump the year in the copyright clause when hacking has
- been quite common among curl developers, but a traditional checksrc
- check isn't a good fit as it would penalize anyone hacking on January
- 1st (among other things). This adds a more selective COPYRIGHTYEAR
- check which intends to only cover the currently hacked on changeset.
-
- The check for updated copyright year is currently not enforced on all
- files but only on files edited and/or committed locally. This is due to
- the amount of files which aren't updated with their correct copyright
- year at the time of their respective commit.
+ CONTRIBUTE.md: Fix grammatical errors
- To further avoid running this expensive check for every developer, it
- adds a new local override mode for checksrc where a .checksrc file can
- be used to turn on extended warnings locally.
+ Fix grammatical errors making the document read better. Also fixes
+ a typo.
- Closes #3303
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3525
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-Daniel Stenberg (3 Dec 2018)
-- CHECKSRC.md: document more warnings
+Daniel Stenberg (4 Feb 2019)
+- [Julian Z brought this change]
+
+ docs: use $(INSTALL_DATA) to install man page
- Closes #3335
- [ci skip]
+ Fixes #3518
+ Closes #3522
-- RELEASE-NOTES: synced
+Jay Satiro (4 Feb 2019)
+- [Ladar Levison brought this change]
-- SECURITY-PROCESS: bountygraph shuts down
-
- This backpedals back the documents to the state before bountygraph.
+ runtests.pl: Fix perl call to include srcdir
- Closes #3311
-
-- curl: fix memory leak reading --writeout from file
+ - Use explicit include opt for perl calls.
- If another string had been set first, the writout function for reading
- the syntax from file would leak the previously allocated memory.
+ Prior to this change some scripts couldn't find their dependencies.
- Reported-by: Brian Carpenter
- Fixes #3322
- Closes #3330
-
-- tool_main: rename function to make it unique and better
+ At the top, perl is called using with the "-Isrcdir" option, and it
+ works:
- ... there's already another function in the curl tool named
- free_config_fields!
-
-Daniel Gustafsson (29 Nov 2018)
-- TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry
+ https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183
- Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option
- making it a manual code-edit operation to turn it back on. The removal
- process has thus started and is now documented in docs/DEPRECATE.md so
- remove from the TODO to avoid anyone looking for something to pick up
- spend cycles on an already in-progress entry.
+ But on line 3868, that option is omitted. This caused problems for me,
+ as the symbol-scan.pl script in particular couldn't find its
+ dependencies properly:
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Jay Satiro (29 Nov 2018)
-- [Sevan Janiyan brought this change]
-
- connect: fix building for recent versions of Minix
+ https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868
- EBADIOCTL doesn't exist on more recent Minix.
- There have also been substantial changes to the network stack.
- Fixes build on Minix 3.4rc
+ This patch fixes that oversight by making calls to perl sub-shells
+ uniform.
- Closes https://github.com/curl/curl/pull/3323
+ Closes https://github.com/curl/curl/pull/3496
-- [Konstantin Kushnir brought this change]
+Daniel Stenberg (4 Feb 2019)
+- [Daniel Gustafsson brought this change]
- CMake: fix MIT/Heimdal Kerberos detection
+ smtp: avoid risk of buffer overflow in strtol
- - fix syntax error in FindGSS.cmake
- - correct krb5 include directory. FindGSS exports
- "GSS_INCLUDE_DIR" variable.
+ If the incoming len 5, but the buffer does not have a termination
+ after 5 bytes, the strtol() call may keep reading through the line
+ buffer until is exceeds its boundary. Fix by ensuring that we are
+ using a bounded read with a temporary buffer on the stack.
- Closes https://github.com/curl/curl/pull/3316
+ Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
+ Reported-by: Brian Carpenter (Geeknik Labs)
+ CVE-2019-3823
-Daniel Stenberg (28 Nov 2018)
-- test328: verify Content-Encoding: none
+- ntlm: fix *_type3_message size check to avoid buffer overflow
- Because of issue #3315
+ Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
+ Reported-by: Wenxiang Qian
+ CVE-2019-3822
+
+- NTLM: fix size check condition for type2 received data
- Closes #3317
+ Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
+ Reported-by: Wenxiang Qian
+ CVE-2018-16890
-- [James Knight brought this change]
+Marcel Raad (1 Feb 2019)
+- [georgeok brought this change]
- configure: include all libraries in ssl-libs fetch
-
- When compiling a collection of SSL libraries to link against (SSL_LIBS),
- ensure all libraries are included. The call `--libs-only-l` can produce
- only a subset of found in a `--libs` call (e.x. pthread may be excluded).
- Adding `--libs-only-other` ensures other libraries are also included in
- the list. This corrects select build environments compiling against a
- static version of OpenSSL. Before the change, the following could be
- observed:
-
- checking for openssl options with pkg-config... found
- configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
- configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
- configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
- checking for HMAC_Update in -lcrypto... no
- checking for HMAC_Init_ex in -lcrypto... no
- checking OpenSSL linking with -ldl... no
- checking OpenSSL linking with -ldl and -lpthread... no
- configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
- configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
- ...
- SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
- ...
-
- And include the other libraries when compiling SSL_LIBS succeeds with:
+ spnego_sspi: add support for channel binding
- checking for openssl options with pkg-config... found
- configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
- configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
- configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
- checking for HMAC_Update in -lcrypto... yes
- checking for SSL_connect in -lssl... yes
- ...
- SSL support: enabled (OpenSSL)
- ...
+ Attempt to add support for Secure Channel binding when negotiate
+ authentication is used. The problem to solve is that by default IIS
+ accepts channel binding and curl doesn't utilise them. The result was a
+ 401 response. Scope affects only the Schannel(winssl)-SSPI combination.
- Signed-off-by: James Knight <james.d.knight@live.com>
- Closes #3193
+ Fixes https://github.com/curl/curl/issues/3503
+ Closes https://github.com/curl/curl/pull/3509
-Daniel Gustafsson (26 Nov 2018)
-- doh: fix typo in infof call
+Daniel Stenberg (1 Feb 2019)
+- RELEASE-NOTES: synced
+
+- schannel: stop calling it "winssl"
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Stick to "Schannel" everywhere. The configure option --with-winssl is
+ kept to allow existing builds to work but --with-schannel is added as an
+ alias.
+
+ Closes #3504
-- cmdline-opts/gen.pl: define the correct varname
+- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
- The variable definition had a small typo making it declare another
- variable then the intended.
+ To make sure Curl_timeleft() also thinks the timeout has been reached
+ when one of the EXPIRE_*TIMEOUTs expires.
- Closes #3304
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html
+ Reported-by: Zhao Yisha
+ Closes #3501
-Daniel Stenberg (25 Nov 2018)
-- RELEASE-NOTES: synced
+- [John Marshall brought this change]
-- curl_easy_perform: fix timeout handling
+ doc: use meaningless port number in CURLOPT_LOCALPORT example
- curl_multi_wait() was erroneously used from within
- curl_easy_perform(). It could lead to it believing there was no socket
- to wait for and then instead sleep for a while instead of monitoring the
- socket and then miss acting on that activity as swiftly as it should
- (causing an up to 1000 ms delay).
+ Use an ephemeral port number here; previously the example had 8080
+ which could be confusing as the common web server port number might
+ be misinterpreted as suggesting this option affects the remote port.
- Reported-by: Antoni Villalonga
- Fixes #3305
- Closes #3306
- Closes #3308
+ URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
+ Closes #3513
-- CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
+GitHub (29 Jan 2019)
+- [Gisle Vanem brought this change]
-- cookies: create the cookiejar even if no cookies to save
+ Escape the '\'
- Important for when the file is going to be read again and thus must not
- contain old contents!
+ A backslash should be escaped in Roff / Troff.
+
+Jay Satiro (29 Jan 2019)
+- TODO: WinSSL: 'Add option to disable client cert auto-send'
- Adds test 327 to verify.
+ By default WinSSL selects and send a client certificate automatically,
+ but for privacy and consistency we should offer an option to disable the
+ default auto-send behavior.
- Reported-by: daboul on github
- Fixes #3299
- Closes #3300
+ Reported-by: Jeroen Ooms
+
+ Closes https://github.com/curl/curl/issues/2262
-- checksrc: ban snprintf use, add command line flag to override warns
+Daniel Stenberg (28 Jan 2019)
+- [Jeremie Rapin brought this change]
-- snprintf: renamed and we now only use msnprintf()
+ sigpipe: if mbedTLS is used, ignore SIGPIPE
- The function does not return the same value as snprintf() normally does,
- so readers may be mislead into thinking the code works differently than
- it actually does. A different function name makes this easier to detect.
+ mbedTLS doesn't have a sigpipe management. If a write/read occurs when
+ the remote closes the socket, the signal is raised and kills the
+ application. Use the curl mecanisms fix this behavior.
- Reported-by: Tomas Hoger
- Assisted-by: Daniel Gustafsson
- Fixes #3296
- Closes #3297
+ Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com>
+
+ Closes #3502
-- [Tobias Hintze brought this change]
+- unit1653: make it survive torture tests
- test: update test20/1322 for eglibc bug workaround
+Jay Satiro (28 Jan 2019)
+- [Michael Kujawa brought this change]
+
+ timeval: Disable MSVC Analyzer GetTickCount warning
- The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
- eglibc-2.19 there is a memory leakage and invalid free bug which
- surfaces in some special circumstances (PF_UNSPEC hint with invalid or
- non-existent names). The valgrind runs in testing fail in these
- situations.
+ Compiling with msvc /analyze and a recent Windows SDK warns against
+ using GetTickCount (Suggests to use GetTickCount64 instead.)
- As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
- this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
- on the tests' command line. This prevents the valgrind failures.
-
-- [Tobias Hintze brought this change]
+ Since GetTickCount is only being used when GetTickCount64 isn't
+ available, I am disabling that warning.
+
+ Fixes https://github.com/curl/curl/issues/3437
+ Closes https://github.com/curl/curl/pull/3440
- host names: allow trailing dot in name resolve, then strip it
+Daniel Stenberg (26 Jan 2019)
+- configure: rewrite --enable-code-coverage
- Delays stripping of trailing dots to after resolving the hostname.
+ The previously used ax_code_coverage.m4 is not license compatible and
+ must not be used.
- Fixes #3022
- Closes #3222
+ Reported-by: William A. Rowe Jr
+ Fixes #3497
+ Closes #3499
-- [UnknownShadow200 brought this change]
+- [Felix Hädicke brought this change]
- CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
+ setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
- Closes #3295
+ CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for
+ libssh as well. So accepting these options only when compiling with
+ libssh2 is wrong here.
+
+ Fixes #3493
+ Closes #3494
-Daniel Gustafsson (21 Nov 2018)
-- configure: Fix typo in comment
+- [Felix Hädicke brought this change]
-Michael Kaufmann (21 Nov 2018)
-- openssl: support session resume with TLS 1.3
-
- Session resumption information is not available immediately after a TLS 1.3
- handshake. The client must wait until the server has sent a session ticket.
-
- Use OpenSSL's "new session" callback to get the session information and put it
- into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
- after the server has sent a session ticket.
-
- The "new session" callback is invoked only if OpenSSL's session cache is
- enabled, so enable it and use the "external storage" mode which lets curl manage
- the contents of the session cache.
+ libssh: do not let libssh create socket
- A pointer to the connection data and the sockindex are now saved as "SSL extra
- data" to make them available to the callback.
+ By default, libssh creates a new socket, instead of using the socket
+ created by curl for SSH connections.
- This approach also works for old SSL/TLS versions and old OpenSSL versions.
+ Pass the socket created by curl to libssh using ssh_options_set() with
+ SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
+ instead of creating a new one.
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ This approach is very similar to what is done in the libssh2 code, where
+ the socket created by curl is passed to libssh2 when
+ libssh2_session_startup() is called.
- Fixes #3202
- Closes #3271
+ Fixes #3491
+ Closes #3495
-- ssl: fix compilation with OpenSSL 0.9.7
+- RELEASE-NOTES: synced
+
+- [Archangel_SDY brought this change]
+
+ schannel: preserve original certificate path parameter
- - ENGINE_cleanup() was used without including "openssl/engine.h"
- - enable engine support for OpenSSL 0.9.7
+ Fixes #3480
+ Closes #3487
+
+- KNOWN_BUGS: tests not compatible with python3
- Closes #3266
+ Closes #3289
+ [skip ci]
-Daniel Stenberg (21 Nov 2018)
-- openssl: disable TLS renegotiation with BoringSSL
+Daniel Gustafsson (20 Jan 2019)
+- memcmp: avoid doing single char memcmp
- Since we're close to feature freeze, this change disables this feature
- with an #ifdef. Define ALLOW_RENEG at build-time to enable.
+ There is no real gain in performing memcmp() comparisons on single
+ characters, so change these to array subscript inspections which
+ saves a call and makes the code clearer.
- This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
- applications opt-in this.
+ Closes #3486
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+
+Daniel Stenberg (19 Jan 2019)
+- COPYING: it's 2019
- Concern-raised-by: David Benjamin
- Fixes #3283
- Closes #3293
+ [skip ci]
-- [Romain Fliedel brought this change]
+- [hhb brought this change]
- ares: remove fd from multi fd set when ares is about to close the fd
-
- When using c-ares for asyn dns, the dns socket fd was silently closed
- by c-ares without curl being aware. curl would then 'realize' the fd
- has been removed at next call of Curl_resolver_getsock, and only then
- notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
- CURL_POLL_REMOVE. At this point the fd is already closed.
+ configure: fix recv/send/select detection on Android
- By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
- patch allows curl to be notified that the fd is not longer needed
- for neither for write nor read. At this point by calling
- Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
- before the fd is actually closed by ares.
+ This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9.
- In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
- since it does not allow passing a different sock_state_cb_data
+ The overloadable attribute is removed again starting from
+ NDK17. Actually they only exist in two NDK versions (15 and 16). With
+ overloadable, the first condition tried will succeed. Results in wrong
+ detection result.
- Closes #3238
-
-- [Romain Fliedel brought this change]
-
- examples/ephiperfifo: report error when epoll_ctl fails
+ Closes #3484
-Daniel Gustafsson (20 Nov 2018)
-- [pkubaj brought this change]
+Marcel Raad (19 Jan 2019)
+- [georgeok brought this change]
- ntlm: Remove redundant ifdef USE_OPENSSL
-
- lib/curl_ntlm.c had code that read as follows:
+ ntlm_sspi: add support for channel binding
- #ifdef USE_OPENSSL
- # ifdef USE_OPENSSL
- # else
- # ..
- # endif
- #endif
+ Windows extended potection (aka ssl channel binding) is required
+ to login to ntlm IIS endpoint, otherwise the server returns 401
+ responses.
- Remove the redundant USE_OPENSSL along with #else (it's not possible to
- reach it anyway). The removed construction is a leftover from when the
- SSLeay support was removed.
+ Fixes #3280
+ Closes #3321
+
+Daniel Stenberg (18 Jan 2019)
+- schannel: on connection close there might not be a transfer
- Closes #3269
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reported-by: Marcel Raad
+ Fixes #3412
+ Closes #3483
-Daniel Stenberg (20 Nov 2018)
-- [Han Han brought this change]
+- [Joel Depooter brought this change]
- ssl: replace all internal uses of CURLE_SSL_CACERT
+ ssh: log the libssh2 error message when ssh session startup fails
- Closes #3291
+ When a ssh session startup fails, it is useful to know why it has
+ failed. This commit changes the message from:
+ "Failure establishing ssh session"
+ to something like this, for example:
+ "Failure establishing ssh session: -5, Unable to exchange encryption keys"
+
+ Closes #3481
+
+Alessandro Ghedini (16 Jan 2019)
+- Fix typo in manpage
-Han Han (19 Nov 2018)
-- docs: add more description to unified ssl error codes
+Daniel Stenberg (16 Jan 2019)
+- RELEASE-NOTES: synced
-- curle: move deprecated error code to ifndef block
+Sergei Nikulov (16 Jan 2019)
+- cmake: updated check for HAVE_POLL_FINE to match autotools
-Patrick Monnerat (19 Nov 2018)
-- os400: add CURLOPT_CURLU to ILE/RPG binding.
+Daniel Stenberg (16 Jan 2019)
+- curl-compilers.m4: check for __ibmxl__ to detect xlclang
+
+ Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a
+ particular flag is used for legacy macros.
+
+ Fixes #3474
+ Closes #3479
-- os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.
+- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
+
+ .... to not pass in a const in the second argument as that's not how it
+ is supposed to be used and might cause compiler warnings.
+
+ Reported-by: Pavel Pavlov
+ Fixes #3477
+ Closes #3478
-- os400: fix return type of curl_easy_pause() in ILE/RPG binding.
+- curl-compilers.m4: detect xlclang
+
+ Since it isn't totally clang compatible, we detect this IBM clang
+ front-end and if detected, avoids some clang specific magic.
+
+ Reported-by: Kees Dekker
+ Fixes #3474
+ Closes #3476
-Daniel Stenberg (19 Nov 2018)
-- RELEASE-NOTES: synced
+- README: add codacy code quality badge
+
+ [skip ci]
-- impacket: add LICENSE
+- extract_if_dead: follow-up to 54b201b48c90a
- The license for the impacket package was not in our tree.
+ extract_if_dead() dead is called from two functions, and only one of
+ them should get conn->data updated and now neither call path clears it.
- Imported now from upstream's
- https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE
+ scan-build found a case where conn->data would be NULL dereferenced in
+ ConnectionExists() otherwise.
- Reported-by: infinnovation-dev on github
- Fixes #3276
- Closes #3277
+ Closes #3473
-Daniel Gustafsson (18 Nov 2018)
-- tool_doswin: Fix uninitialized field warning
+- multi: remove "Dead assignment"
- The partial struct initialization in 397664a065abffb7c3445ca9 caused
- a warning on uninitialized MODULEENTRY32 struct members:
+ Found by scan-build. Follow-up to 4c35574bb785ce.
- /src/tool_doswin.c:681:3: warning: missing initializer for field
- 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}'
- [-Wmissing-field-initializers]
+ Closes #3471
+
+- tests: move objnames-* from lib into tests
- This is sort of a bogus warning as the remaining members will be set
- to zero by the compiler, as all omitted members are. Nevertheless,
- remove the warning by omitting all members and setting the dwSize
- members explicitly.
+ Since they're used purely for testing purposes, I think they should
+ rather be stored there.
- Closes #3254
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Closes #3470
-- openssl: Remove SSLEAY leftovers
+Sergei Nikulov (15 Jan 2019)
+- travis: added cmake build for osx
+
+Daniel Stenberg (14 Jan 2019)
+- [Frank Gevaerts brought this change]
+
+ cookie: fix comment typo (url_path_len -> uri_path_len)
- Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't
- compatible with the SSLeay library. This removes the few leftovers that
- were omitted in the less frequently used platform targets.
+ Closes #3469
+
+Marcel Raad (14 Jan 2019)
+- winbuild: conditionally use /DZLIB_WINAPI
- Closes #3270
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have
+ the ZLIB_WINAPI define set by default. Using them requires that define
+ too.
+
+ Ref: https://zlib.net/DLL_FAQ.txt
+
+ Fixes https://github.com/curl/curl/issues/3133
+ Closes https://github.com/curl/curl/pull/3460
-Daniel Stenberg (16 Nov 2018)
-- [Elia Tufarolo brought this change]
+Daniel Stenberg (14 Jan 2019)
+- src/Makefile: make 'tidy' target work for metalink builds
- http_negotiate: do not close connection until negotiation is completed
+- extract_if_dead: use a known working transfer when checking connections
- Fix HTTP POST using CURLAUTH_NEGOTIATE.
+ Make sure that this function sets a proper "live" transfer for the
+ connection before calling the protocol-specific connection check
+ function, and then clear it again afterward as a non-used connection has
+ no current transfer.
- Closes #3275
+ Reported-by: Jeroen Ooms
+ Reviewed-by: Marcel Raad
+ Reviewed-by: Daniel Gustafsson
+ Fixes #3463
+ Closes #3464
-- pop3: only do APOP with a valid timestamp
+- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
- Brought-by: bobmitchell1956 on github
- Fixes #3278
- Closes #3279
+ OpenSSL_version() replaces OpenSSL_version_num()
+
+ Closes #3462
-Jay Satiro (16 Nov 2018)
-- [Peter Wu brought this change]
+Sergei Nikulov (11 Jan 2019)
+- cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC
- openssl: do not log excess "TLS app data" lines for TLS 1.3
+Daniel Stenberg (11 Jan 2019)
+- urldata: rename easy_conn to just conn
- The SSL_CTX_set_msg_callback callback is not just called for the
- Handshake or Alert protocols, but also for the raw record header
- (SSL3_RT_HEADER) and the decrypted inner record type
- (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
- excess debug spam when using `curl -v` against a TLSv1.3-enabled server:
+ We use "conn" everywhere to be a pointer to the connection.
- * TLSv1.3 (IN), TLS app data, [no content] (0):
+ Introduces two functions that "attaches" and "detaches" the connection
+ to and from the transfer.
- (Following this message, another callback for the decrypted
- handshake/alert messages will be be present anyway.)
+ Going forward, we should favour using "data->conn" (since a transfer
+ always only has a single connection or none at all) to "conn->data"
+ (since a connection can have none, one or many transfers associated with
+ it and updating conn->data to be correct is error prone and a frequent
+ reason for internal issues).
- Closes https://github.com/curl/curl/pull/3281
+ Closes #3442
-Marc Hoersken (15 Nov 2018)
-- tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
+- tool_cb_prg: avoid integer overflow
- SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
- but does not work together with SO_REUSEADDR being on.
+ When calculating the progress bar width.
- The default changes were made with stunnel 5.34 and 5.35.
+ Reported-by: Peng Li
+ Fixes #3456
+ Closes #3458
-Daniel Stenberg (13 Nov 2018)
-- [Kamil Dudka brought this change]
+Daniel Gustafsson (11 Jan 2019)
+- travis: turn off copyright year checks in checksrc
+
+ Invoking the maintainer intended COPYRIGHTYEAR check for everyone
+ in the PR pipeline is too invasive, especially at the turn of the
+ year when many files get affected. Remove and leave it as a tool
+ for maintainers to verify patches before commits.
+
+ This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41.
+
+ After discussion with: Daniel Stenberg
- nss: remove version selecting dead code
+Daniel Stenberg (10 Jan 2019)
+- KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW
- Closes #3262
+ Closes #3125
-- nss: set default max-tls to 1.3/1.2
+- KNOWN_BUGS: Improve --data-urlencode space encoding
- Fixes #3261
+ Closes #3229
-Daniel Gustafsson (13 Nov 2018)
-- tool_cb_wrt: Silence function cast compiler warning
+Patrick Monnerat (10 Jan 2019)
+- os400: add a missing closing bracket
- Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
- compiler warning on Windows cross compilation with GCC. See below
- for an example of the warning from the autobuild logs (whitespace
- edited to fit):
+ See https://github.com/curl/curl/issues/3453#issuecomment-453054458
- /src/tool_cb_wrt.c:175:9: warning: cast from function call of type
- 'intptr_t {aka long long int}' to non-matching type 'void *'
- [-Wbad-function-cast]
- (HANDLE) _get_osfhandle(fileno(outs->stream)),
- ^
+ Reported-by: jonrumsey on github
+
+- os400: fix extra parameter syntax error.
- Store the return value from _get_osfhandle() in an intermediate
- variable and cast the variable in WriteConsoleW() rather than the
- function call directly to avoid a compiler warning.
+ Reported-by: jonrumsey on github
+ Closes #3453
+
+Daniel Stenberg (10 Jan 2019)
+- test1558: verify CURLINFO_PROTOCOL on file:// transfer
- In passing, also add inspection of the MultiByteToWideChar() return
- value and return failure in case an error is reported.
+ Attempt to reproduce issue #3444.
- Closes #3263
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
- Reviewed-by: Viktor Szakats <commit@vszakats.net>
+ Closes #3447
-Daniel Stenberg (12 Nov 2018)
-- nss: fix fallthrough comment to fix picky compiler warning
+- RELEASE-NOTES: synced
-- docs: expanded on some CURLU details
+- xattr: strip credentials from any URL that is stored
+
+ Both user and password are cleared uncondtitionally.
+
+ Added unit test 1621 to verify.
+
+ Fixes #3423
+ Closes #3433
-- [Tim Rühsen brought this change]
+- cookies: allow secure override when done over HTTPS
+
+ Added test 1562 to verify.
+
+ Reported-by: Jeroen Ooms
+ Fixes #3445
+ Closes #3450
- ftp: avoid two unsigned int overflows in FTP listing parser
+- multi: multiplexing improvements
- Curl_ftp_parselist: avoid unsigned integer overflows
+ Fixes #3436
+ Closes #3448
- The overflow has no real world impact, just avoid it for "best
- practice".
+ Problem 1
- Closes #3225
-
-- curl: --local-port range was not "including"
+ After LOTS of scratching my head, I eventually realized that even when doing
+ 10 uploads in parallel, sometimes the socket callback to the application that
+ tells it what to wait for on the socket, looked like it would reflect the
+ status of just the single transfer that just changed state.
+
+ Digging into the code revealed that this was indeed the truth. When multiple
+ transfers are using the same connection, the application did not correctly get
+ the *combined* flags for all transfers which then could make it switch to READ
+ (only) when in fact most transfers wanted to get told when the socket was
+ WRITEABLE.
- The end port number in a given range was not included in the range used,
- as it is documented to be.
+ Problem 1b
- Reported-by: infinnovation-dev on github
- Fixes #3251
- Closes #3255
-
-- [Jérémy Rocher brought this change]
-
- openssl: support BoringSSL TLS renegotiation
+ A separate but related regression had also been introduced by me when I
+ cleared connection/transfer association better a while ago, as now the logic
+ couldn't find the connection and see if that was marked as used by more
+ transfers and then it would also prematurely remove the socket from the socket
+ hash table even in times other transfers were still using it!
- As per BoringSSL porting documentation [1], BoringSSL rejects peer
- renegotiations by default.
+ Fix 1
- curl fails when trying to authenticate to server through client
- certificate if it is requested by server after the initial TLS
- handshake.
+ Make sure that each socket stored in the socket hash has a "combined" action
+ field of what to ask the application to wait for, that is potentially the ORed
+ action of multiple parallel transfers. And remove that socket hash entry only
+ if there are no transfers left using it.
- Enable renegotiation by default with BoringSSL to get same behavior as
- with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2]
- which was introduced in commit 1d5ef3bb1eb9 [3].
+ Problem 2
- 1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation
- 2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482
- 3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86
+ The socket hash entry stored an association to a single transfer using that
+ socket - and when curl_multi_socket_action() was called to tell libcurl about
+ activities on that specific socket only that transfer was "handled".
- Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com>
- Fixes #3258
- Closes #3259
-
-- HISTORY: add some milestones
+ This was WRONG, as a single socket/connection can be used by numerous parallel
+ transfers and not necessarily a single one.
- Added a few of the more notable milestones in curl history that were
- missing. Primarily more recent ones but I also noted some older that
- could be worth mentioning.
+ Fix 2
- [ci skip]
- Closes #3257
+ We now store a list of handles in the socket hashtable entry and when libcurl
+ is told there's traffic for a particular socket, it now iterates over all
+ known transfers using that single socket.
-Daniel Gustafsson (9 Nov 2018)
-- KNOWN_BUGS: add --proxy-any connection issue
-
- Add the identified issue with --proxy-any and proxy servers which
- advertise authentication schemes other than the supported one.
+- test1561: improve test name
- Closes #876
- Closes #3250
- Reported-by: NTMan on Github
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ [skip ci]
-Daniel Stenberg (9 Nov 2018)
-- [Jim Fuller brought this change]
+- [Katsuhiko YOSHIDA brought this change]
- setopt: add CURLOPT_CURLU
-
- Allows an application to pass in a pre-parsed URL via a URL handle.
+ cookies: skip custom cookies when redirecting cross-site
- Closes #3227
-
-- [Gisle Vanem brought this change]
+ Closes #3417
- docs: ESCape "\n" codes
-
- Groff / Troff will display a:
- printaf("Errno: %ld\n", error);
- as:
- printf("Errno: %ld0, error);
-
- when a "\n" is not escaped. Use "\\n" instead.
+- THANKS: fixups and a dedupe
- Closes #3246
+ [skip ci]
-- curl: --local-port fix followup
+- timediff: fix math for unsigned time_t
- Regression by 52db54869e6.
+ Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html
- Reported-by: infinnovation-dev on github
- Fixes #3248
- Closes #3249
+ Closes #3449
-GitHub (7 Nov 2018)
-- [Gisle Vanem brought this change]
+- [Bernhard M. Wiedemann brought this change]
- More "\n" ESCaping
+ tests: allow tests to pass by 2037-02-12
+
+ similar to commit f508d29f3902104018
+
+ Closes #3443
-Daniel Stenberg (7 Nov 2018)
- RELEASE-NOTES: synced
-- curl: fix --local-port integer overflow
-
- The tool's local port command line range parser didn't check for integer
- overflows and could pass "weird" data to libcurl for this option.
- libcurl however, has a strict range check for the values so it rejects
- anything outside of the accepted range.
-
- Reported-by: Brian Carpenter
- Closes #3242
+- [Brad Spencer brought this change]
-- curl: correct the switch() logic in ourWriteOut
+ curl_multi_remove_handle() don't block terminating c-ares requests
- Follow-up to e431daf013, as I did the wrong correction for a compiler
- warning. It should be a break and not a fall-through.
+ Added Curl_resolver_kill() for all three resolver modes, which only
+ blocks when necessary, along with test 1592 to confirm
+ curl_multi_remove_handle() doesn't block unless it must.
- Pointed-out-by: Frank Gevaerts
-
-- [Frank Gevaerts brought this change]
+ Closes #3428
+ Fixes #3371
- curl: add %{stderr} and %{stdout} for --write-out
+- Revert "http_negotiate: do not close connection until negotiation is completed"
- Closes #3115
-
-Daniel Gustafsson (7 Nov 2018)
-- winssl: be consistent in Schannel capitalization
+ This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.
- The productname from Microsoft is "Schannel", but in infof/failf
- reporting we use "schannel". This removes different versions.
+ This also reopens PR #3275 which brought the change now reverted.
- Closes #3243
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Fixes #3384
+ Closes #3439
-Daniel Stenberg (7 Nov 2018)
-- TODO: Have the URL API offer IDN decoding
+- curl/urlapi.h: include "curl.h" first
- Similar to how URL decoding/encoding is done, we could have URL
- functions to convert IDN host names to punycode.
+ This allows programs to include curl/urlapi.h directly.
- Suggested-by: Alexey Melnichuk
- Closes #3232
+ Reviewed-by: Daniel Gustafsson
+ Reported-by: Ben Kohler
+ Fixes #3438
+ Closes #3441
-- urlapi: only skip encoding the first '=' with APPENDQUERY set
+Marcel Raad (6 Jan 2019)
+- VS projects: fix build warning
- APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
- encoding the first to better allow "name=content" for any content.
+ Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
+ the MinimalRebuild option anymore and warns:
- Reported-by: Alexey Melnichuk
- Fixes #3231
- Closes #3231
-
-- url: a short host name + port is not a scheme
+ cl : Command line warning D9035: option 'Gm' has been deprecated and
+ will be removed in a future release
- The function identifying a leading "scheme" part of the URL considered a
- few letters ending with a colon to be a scheme, making something like
- "short:80" to become an unknown scheme instead of a short host name and
- a port number.
+ The option can be safely removed so that the default is used.
- Extended test 1560 to verify.
+ Closes https://github.com/curl/curl/pull/3425
+
+- schannel: fix compiler warning
- Also fixed test203 to use file_pwd to make it get the correct path on
- windows. Removed test 2070 since it was a duplicate of 203.
+ When building with Unicode on MSVC, the compiler warns about freeing a
+ pointer to const in Curl_unicodefree. Fix this by declaring it as
+ non-const and casting the argument to Curl_convert_UTF8_to_tchar to
+ non-const too, like we do in all other places.
- Assisted-by: Marcel Raad
- Reported-by: Hagai Auro
- Fixes #3220
- Fixes #3233
- Closes #3223
- Closes #3235
+ Closes https://github.com/curl/curl/pull/3435
-- [Sangamkar brought this change]
+Daniel Stenberg (4 Jan 2019)
+- [Rikard Falkeborn brought this change]
- libcurl: stop reading from paused transfers
-
- In the transfer loop it would previously not acknwledge the pause bit
- and continue until drained or loop ended.
+ printf: introduce CURL_FORMAT_TIMEDIFF_T
+
+- [Rikard Falkeborn brought this change]
+
+ printf: fix format specifiers
- Closes #3240
+ Closes #3426
-Jay Satiro (6 Nov 2018)
-- tool: add undocumented option --dump-module-paths for win32
+- libtest/stub_gssapi: use "real" snprintf
- - Add an undocumented diagnostic option for Windows to show the full
- paths of all loaded modules regardless of whether or not libcurl
- initialization succeeds.
+ ... since it doesn't link with libcurl.
- This is needed so that in the CI we can get a list of all DLL
- dependencies after initialization (when they're most likely to have
- finished loading) and then package them as artifacts so that a
- functioning build can be downloaded. Also I imagine it may have some use
- as a diagnostic for help requests.
+ Reverts the commit dcd6f81025 changes from this file.
- Ref: https://github.com/curl/curl/pull/3103
+ Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
+ Reported-by: Shlomi Fish
+ Reviewed-by: Daniel Gustafsson
+ Reviewed-by: Kamil Dudka
- Closes https://github.com/curl/curl/pull/3208
+ Closes #3434
-- curl_multibyte: fix a malloc overcalculation
-
- Prior to this change twice as many bytes as necessary were malloc'd when
- converting wchar to UTF8. To allay confusion in the future I also
- changed the variable name for the amount of bytes from len to bytes.
+- INTERNALS: correct some outdated function names
- Closes https://github.com/curl/curl/pull/3209
+ Closes #3431
-Michael Kaufmann (5 Nov 2018)
-- netrc: don't ignore the login name specified with "--user"
-
- - for "--netrc", don't ignore the login/password specified with "--user",
- only ignore the login/password in the URL.
- This restores the netrc behaviour of curl 7.61.1 and earlier.
- - fix the documentation of CURL_NETRC_REQUIRED
- - improve the detection of login/password changes when reading .netrc
- - don't read .netrc if both login and password are already set
+- docs/version.d: mention MultiSSL
- Fixes #3213
- Closes #3224
-
-Patrick Monnerat (5 Nov 2018)
-- OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
+ Reviewed-by: Daniel Gustafsson
+ Closes #3432
-Daniel Stenberg (5 Nov 2018)
-- [Yasuhiro Matsumoto brought this change]
+Daniel Gustafsson (2 Jan 2019)
+- [Rikard Falkeborn brought this change]
- curl: fixed UTF-8 in current console code page (Windows)
+ examples: Update .gitignore
- Fixes #3211
- Fixes #3175
- Closes #3212
+ Add a few missing examples to make `make examples` not leave the
+ workspace in a dirty state.
+
+ Closes #3427
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-- TODO: 2.6 multi upkeep
+- THANKS: add more missing names
- Closes #3199
+ Add Adrian Burcea who made the artwork for the curl://up 2018 event
+ which was held in Stockholm, Sweden.
-Daniel Gustafsson (5 Nov 2018)
-- unittest: make 1652 stable across collations
+- docs: mention potential leak in curl_slist_append
- The previous coding used a format string whose output depended on the
- current locale of the environment running the test. Since the gist of
- the test is to have a format string, with the actual formatting being
- less important, switch to a more stable formatstring with decimals.
+ When a non-empty list is appended to, and used as the returnvalue,
+ the list pointer can leak in case of an allocation failure in the
+ curl_slist_append() call. This is correctly handled in curl code
+ usage but we weren't explicitly pointing it out in the API call
+ documentation. Fix by extending the RETURNVALUE manpage section
+ and example code.
- Reported-by: Marcel Raad
- Closes #3234
+ Closes #3424
+ Reported-by: dnivras on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-Daniel Stenberg (5 Nov 2018)
-- Revert "url: a short host name + port is not a scheme"
-
- This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2.
+Marcel Raad (1 Jan 2019)
+- tvnow: silence conversion warnings
- This commit caused test failures on appveyor/windows. Work on fixing them is
- in #3235.
+ MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
+ used and the milliseconds are represented as unsigned long long,
+ leading to a compiler warning when implicitly converting them to long.
-- symbols-in-versions: add missing CURLU_ symbols
-
- ...and fix symbol-scan.pl to also scan urlapi.h
+Daniel Stenberg (1 Jan 2019)
+- THANKS: dedupe more names
- Reported-by: Alexey Melnichuk
- Fixes #3226
- Closes #3230
+ Researched-by: Tae Wong
-Daniel Gustafsson (3 Nov 2018)
-- infof: clearly indicate truncation
-
- The internal buffer in infof() is limited to 2048 bytes of payload plus
- an additional byte for NULL termination. Servers with very long error
- messages can however cause truncation of the string, which currently
- isn't very clear, and leads to badly formatted output.
+Marcel Raad (1 Jan 2019)
+- [Markus Moeller brought this change]
+
+ ntlm: update selection of type 3 response
- This appends a "...\n" (or just "..." in case the format didn't with a
- newline char) marker to the end of the string to clearly show
- that it has been truncated.
+ NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
+ check seems to work.
- Also include a unittest covering infof() to try and catch any bugs
- introduced in this quite important function.
+ Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf
- Closes #3216
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Fixes https://github.com/curl/curl/issues/3286
+ Closes https://github.com/curl/curl/pull/3287
+ Closes https://github.com/curl/curl/pull/3415
-Michael Kaufmann (3 Nov 2018)
-- tool_getparam: fix some comments
+Daniel Stenberg (31 Dec 2018)
+- THANKS: added missing names from year <= 2000
+
+ Due to a report of a missing name in THANKS I manually went through an
+ old CHANGES.0 file and added many previously missing names here.
-Daniel Stenberg (3 Nov 2018)
-- url: a short host name + port is not a scheme
+Daniel Gustafsson (30 Dec 2018)
+- urlapi: fix parsing ipv6 with zone index
- The function identifying a leading "scheme" part of the URL considered a few
- letters ending with a colon to be a scheme, making something like "short:80"
- to become an unknown scheme instead of a short host name and a port number.
+ The previous fix for parsing IPv6 URLs with a zone index was a paddle
+ short for URLs without an explicit port. This patch fixes that case
+ and adds a unit test case.
- Extended test 1560 to verify.
+ This bug was highlighted by issue #3408, and while it's not the full
+ fix for the problem there it is an isolated bug that should be fixed
+ regardless.
- Reported-by: Hagai Auro
- Fixes #3220
- Closes #3223
+ Closes #3411
+ Reported-by: GitYuanQu on github
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- URL: fix IPv6 numeral address parser
-
- Regression from 46e164069d1a52. Extended test 1560 to verify.
+Daniel Stenberg (30 Dec 2018)
+- THANKS: dedupe Guenter Knauf
- Reported-by: tpaukrt on github
- Fixes #3218
- Closes #3219
+ Reported-by: Tae Wong
-- travis: remove curl before a normal build
-
- on Linux. To make sure the test suite runs with its newly build tool and
- doesn't require an external one present.
-
- Bug: #3198
- Closes #3200
+- THANKS: missing name from the 6.3.1 release!
-- [Tim Rühsen brought this change]
+Daniel Gustafsson (27 Dec 2018)
+- RELEASE-NOTES: synced
- mprintf: avoid unsigned integer overflow warning
-
- The overflow has no real world impact.
- Just avoid it for "best practice".
-
- Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
- Closes #3184
+- [Claes Jakobsson brought this change]
-- Curl_follow: accept non-supported schemes for "fake" redirects
+ hostip: support wildcard hosts
- When not actually following the redirect and the target URL is only
- stored for later retrieval, curl always accepted "non-supported"
- schemes. This was a regression from 46e164069d1a5230.
+ This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
+ try-last so any non-wildcard entry is resolved first. If specified,
+ any host not matched by another CURLOPT_RESOLVE config will use this
+ as fallback.
- Reported-by: Brad King
- Fixes #3210
- Closes #3215
-
-Daniel Gustafsson (2 Nov 2018)
-- openvms: fix example name
+ Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
+ curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
+ https://a.com https://b.com
- Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to
- fix the typo in the name, but missed to update the OpenVMS package
- files which still looked for the old name.
+ This is probably quite similar to using:
+ --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
- Closes #3217
+ Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Viktor Szakats <commit@vszakats.net>
-Daniel Stenberg (1 Nov 2018)
-- configure: show CFLAGS, LDFLAGS etc in summary
-
- To make it easier to understand other people's and remote builds etc.
-
- Closes #3207
-
-- version: bump for next cycle
+- url: fix incorrect indentation
-- axtls: removed
+Patrick Monnerat (26 Dec 2018)
+- os400: upgrade ILE/RPG binding.
- As has been outlined in the DEPRECATE.md document, the axTLS code has
- been disabled for 6 months and is hereby removed.
+ - Trailer function support.
+ - http 0.9 option.
+ - curl_easy_upkeep.
+
+Daniel Gustafsson (25 Dec 2018)
+- FAQ: remove mention of sourceforge for github
- Use a better supported TLS library!
+ The project bug tracker is no longer hosted at sourceforge but is now
+ hosted on the curl Github page. Update the FAQ to reflect.
- Assisted-by: Daniel Gustafsson
- Closes #3194
+ Closes #3410
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- [marcosdiazr brought this change]
+- openvms: fix typos in documentation
- schannel: make CURLOPT_CERTINFO support using Issuer chain
+- openvms: fix OpenSSL discovery on VAX
- Closes #3197
+ The DCL code had a typo in one of the commands which would make the
+ OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.
+
+ Closes #3407
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
-- travis: build with sanitize=address,undefined,signed-integer-overflow
+Daniel Stenberg (24 Dec 2018)
+- [Ruslan Baratov brought this change]
+
+ cmake: use lowercase for function name like the rest of the code
- ... using clang
+ Reviewed-by: Sergei Nikulov
- Closes #3190
+ closes #3196
-- schannel: use Curl_ prefix for global private symbols
-
- Curl_verify_certificate() must use the Curl_ prefix since it is globally
- available in the lib and otherwise steps outside of our namespace!
+- Revert "libssh: no data pointer == nothing to do"
- Closes #3201
+ This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the
+ problem in a more generic way.
-Kamil Dudka (1 Nov 2018)
-- tests: drop http_pipe.py script no longer used
+- disconnect: set conn->data for protocol disconnect
- It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135.
+ Follow-up to fb445a1e18d: Set conn->data explicitly to point out the
+ current transfer when invoking the protocol-specific disconnect function
+ so that it can work correctly.
- Closes #3204
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
-Daniel Stenberg (31 Oct 2018)
-- runtests: use the local curl for verifying
+Jay Satiro (23 Dec 2018)
+- [Pavel Pavlov brought this change]
+
+ timeval: Use high resolution timestamps on Windows
- ... revert the mistaken change brought in commit 8440616f53.
+ - Use QueryPerformanceCounter on Windows Vista+
- Reported-by: Alessandro Ghedini
- Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
+ There is confusing info floating around that QueryPerformanceCounter
+ can leap etc, which might have been true long time ago, but no longer
+ the case nowadays (perhaps starting from WinXP?). Also, boost and
+ std::chrono::steady_clock use QueryPerformanceCounter in a similar way.
- Closes #3198
+ Prior to this change GetTickCount or GetTickCount64 was used, which has
+ lower resolution. That is still the case for <= XP.
+
+ Fixes https://github.com/curl/curl/issues/3309
+ Closes https://github.com/curl/curl/pull/3318
-Version 7.62.0 (30 Oct 2018)
+Daniel Stenberg (22 Dec 2018)
+- libssh: no data pointer == nothing to do
-Daniel Stenberg (30 Oct 2018)
-- RELEASE-NOTES: 7.62.0
+- conncache_unlock: avoid indirection by changing input argument type
-- THANKS: 7.62.0 status
+- disconnect: separate connections and easy handles better
+
+ Do not assume/store assocation between a given easy handle and the
+ connection if it can be avoided.
+
+ Long-term, the 'conn->data' pointer should probably be removed as it is a
+ little too error-prone. Still used very widely though.
+
+ Reported-by: masbug on github
+ Fixes #3391
+ Closes #3400
-Daniel Gustafsson (30 Oct 2018)
-- vtls: add MesaLink to curl_sslbackend enum
+- libssh: free sftp_canonicalize_path() data correctly
- MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
- backend was never added to the curl_sslbackend enum in curl/curl.h.
- This adds the new backend to the enum and updates the relevant docs.
+ Assisted-by: Harry Sintonen
- Closes #3195
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Fixes #3402
+ Closes #3403
-Daniel Stenberg (30 Oct 2018)
-- [Ruslan Baratov brought this change]
+- RELEASE-NOTES: synced
- cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable
+- http: added options for allowing HTTP/0.9 responses
- Closes #3191
-
-- test2080: verify the fix for CVE-2018-16842
-
-- voutf: fix bad arethmetic when outputting warnings to stderr
+ Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
- CVE-2018-16842
- Reported-by: Brian Carpenter
- Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
-
-- [Tuomo Rinne brought this change]
-
- cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in
+ For now, both the tool and library allow HTTP/0.9 by default.
+ docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
+ months after the 7.64.0 release. The options are added already now so
+ that applications/scripts can start using them already now.
- Closes #3123
-
-- [Tuomo Rinne brought this change]
-
- cmake: add find_dependency call for ZLIB to CMake config file
-
-- [Tuomo Rinne brought this change]
+ Fixes #2873
+ Closes #3383
- cmake: add support for transitive ZLIB target
+- if2ip: remove unused function Curl_if_is_interface_name
+
+ Closes #3401
-- unit1650: fix "null pointer passed as argument 1 to memcmp"
+- http2: clear pause stream id if it gets closed
- Detected by UndefinedBehaviorSanitizer
+ Reported-by: Florian Pritz
- Closes #3187
+ Fixes #3392
+ Closes #3399
-- travis: add a "make tidy" build that runs clang-tidy
-
- Closes #3182
+Daniel Gustafsson (20 Dec 2018)
+- [David Garske brought this change]
-- unit1300: fix stack-use-after-scope AddressSanitizer warning
+ wolfssl: Perform cleanup
- Closes #3186
-
-- Curl_auth_create_plain_message: fix too-large-input-check
+ This adds a cleanup callback for cyassl. Resolves possible memory leak
+ when using ECC fixed point cache.
- CVE-2018-16839
- Reported-by: Harry Sintonen
- Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
+ Closes #3395
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-- Curl_close: clear data->multi_easy on free to avoid use-after-free
+Daniel Stenberg (20 Dec 2018)
+- mbedtls: follow-up VERIFYHOST fix from f097669248
- Regression from b46cfbc068 (7.59.0)
- CVE-2018-16840
- Reported-by: Brian Carpenter (Geeknik Labs)
+ Fix-by: Eric Rosenquist
- Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
+ Fixes #3376
+ Closes #3390
-- [randomswdev brought this change]
+- curlver: bump to 7.64.0 for next release
- system.h: use proper setting with Sun C++ as well
+Daniel Gustafsson (19 Dec 2018)
+- cookies: extend domain checks to non psl builds
- system.h selects the proper Sun settings when __SUNPRO_C is defined. The
- Sun compiler does not define it when compiling C++ files. I'm adding a
- check also on __SUNPRO_CC to allow curl to work properly also when used
- in a C++ project on Sun Solaris.
+ Ensure to perform the checks we have to enforce a sane domain in
+ the cookie request. The check for non-PSL enabled builds is quite
+ basic but it's better than nothing.
- Closes #3181
+ Closes #2964
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- rand: add comment to skip a clang-tidy false positive
+Daniel Stenberg (19 Dec 2018)
+- [Matus Uzak brought this change]
-- test1651: unit test Curl_extract_certinfo()
+ smb: fix incorrect path in request if connection reused
- The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
+ Follow-up to 09e401e01bf9. If connection gets reused, then data member
+ will be copied, but not the proto member. As a result, in smb_do(),
+ path has been set from the original proto.share data.
+
+ Closes #3388
-- x509asn1: always check return code from getASN1Element()
+- curl -J: do not append to the destination file
+
+ Reported-by: Kamil Dudka
+ Fixes #3380
+ Closes #3381
-- Makefile: add 'tidy' target that runs clang-tidy
+- mbedtls: use VERIFYHOST
- Available in the root, src and lib dirs.
+ Previously, VERIFYPEER would enable/disable all checks.
- Closes #3163
+ Reported-by: Eric Rosenquist
+ Fixes #3376
+ Closes #3380
-- RELEASE-PROCEDURE: adjust the release dates
+- pingpong: change default response timeout to 120 seconds
- See: https://curl.haxx.se/mail/lib-2018-10/0107.html
+ Previously it was 30 minutes
-Patrick Monnerat (27 Oct 2018)
-- x509asn1: suppress left shift on signed value
+- pingpong: ignore regular timeout in disconnect phase
- Use an unsigned variable: as the signed operation behavior is undefined,
- this change silents clang-tidy about it.
+ The timeout set with CURLOPT_TIMEOUT is no longer used when
+ disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
+ POP3).
- Ref: https://github.com/curl/curl/pull/3163
- Reported-By: Daniel Stenberg
-
-Michael Kaufmann (27 Oct 2018)
-- multi: Fix error handling in the SENDPROTOCONNECT state
+ Reported-by: jasal82 on github
- If Curl_protocol_connect() returns an error code,
- handle the error instead of switching to the next state.
+ Fixes #3264
+ Closes #3374
+
+- TODO: Windows: set attribute 'archive' for completed downloads
- Closes #3170
+ Closes #3354
-Daniel Stenberg (27 Oct 2018)
- RELEASE-NOTES: synced
-- openssl: output the correct cipher list on TLS 1.3 error
-
- When failing to set the 1.3 cipher suite, the wrong string pointer would
- be used in the error message. Most often saying "(nil)".
-
- Reported-by: Ricky-Tigg on github
- Fixes #3178
- Closes #3180
+- http: minor whitespace cleanup from f464535b
-- docs/CIPHERS: fix the TLS 1.3 cipher names
-
- ... picked straight from the OpenSSL man page:
- https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
-
- Reported-by: Ricky-Tigg on github
- Bug: #3178
+- [Ayoub Boudhar brought this change]
-Marcel Raad (27 Oct 2018)
-- travis: install gnutls-bin package
-
- This is required for gnutls-serv, which enables a few more tests.
+ http: Implement trailing headers for chunked transfers
- Closes https://github.com/curl/curl/pull/2958
-
-Daniel Gustafsson (26 Oct 2018)
-- ssh: free the session on init failures
+ This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
+ options that allow a callback based approach to sending trailing headers
+ with chunked transfers.
- Ensure to clear the session object in case the libssh2 initialization
- fails.
+ The test server (sws) was updated to take into account the detection of the
+ end of transfer in the case of trailing headers presence.
- It could be argued that the libssh2 error function should be called to
- get a proper error message in this case. But since the only error path
- in libssh2_knownhost_init() is memory a allocation failure it's safest
- to avoid since the libssh2 error handling allocates memory.
+ Test 1591 checks that trailing headers can be sent using libcurl.
- Closes #3179
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3350
-Daniel Stenberg (26 Oct 2018)
-- docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
+- darwinssl: accept setting max-tls with default min-tls
- ... I'm moving it up one week due to travels. The rest stays.
+ Reported-by: Andrei Neculau
+ Fixes #3367
+ Closes #3373
-- [Daniel Gustafsson brought this change]
+- gopher: fix memory leak from 9026083ddb2a9
- openssl: make 'done' a proper boolean
-
- Closes #3176
+- [Leonardo Taccari brought this change]
-- gtls: Values stored to but never read
+ test1201: Add a trailing `?' to the selector
- Detected by clang-tidy
+ This verify that the `?' in the selector is kept as is.
- Closes #3176
+ Verifies the fix in #3370
-- [Alexey Eremikhin brought this change]
+- [Leonardo Taccari brought this change]
- curl.1: --ipv6 mutexes ipv4 (fixed typo)
+ gopher: always include the entire gopher-path in request
- Fixes #3171
- Closes #3172
-
-- tool_main: make TerminalSettings static
+ After the migration to URL API all octets in the selector after the
+ first `?' were interpreted as query and accidentally discarded and not
+ passed to the server.
- Reported-by: Gisle Vanem
- Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819
- Closes #3161
-
-- curl-config.in: remove dependency on bc
+ Add a gopherpath to always concatenate possible path and query URL
+ pieces.
- Reported-by: Dima Pasechnik
- Fixes #3143
- Closes #3174
+ Fixes #3369
+ Closes #3370
-- [Gisle Vanem brought this change]
+- [Leonardo Taccari brought this change]
- rtmp: fix for compiling with lwIP
+ urlapi: distinguish possibly empty query
- Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
- curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt'
- setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
- ^
- curl_rtmp.c(41,32): note: expanded from macro 'setsockopt'
- #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
- ^
- Closes #3155
+ If just a `?' to indicate the query is passed always store a zero length
+ query instead of having a NULL query.
+
+ This permits to distinguish URL with trailing `?'.
+
+ Fixes #3369
+ Closes #3370
-- configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
+Daniel Gustafsson (13 Dec 2018)
+- OS400: handle memory error in list conversion
- Follow-up to #3166 which did the cmake part of this. This type/define is
- not used.
+ Curl_slist_append_nodup() returns NULL when it fails to create a new
+ item for the specified list, and since the coding here reassigned the
+ new list on top of the old list it would result in a dangling pointer
+ and lost memory. Also, in case we hit an allocation failure at some
+ point during the conversion, with allocation succeeding again on the
+ subsequent call(s) we will return a truncated list around the malloc
+ failure point. Fix by assigning to a temporary list pointer, which can
+ be checked (which is the common pattern for slist appending), and free
+ all the resources on allocation failure.
- Closes #3168
-
-- [Ruslan Baratov brought this change]
+ Closes #3372
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- cmake: remove unused variables
+- cookies: leave secure cookies alone
- Remove variables:
- * HAVE_SOCKLEN_T
- * CURL_SIZEOF_CURL_SOCKLEN_T
- * CURL_TYPEOF_CURL_SOCKLEN_T
+ Only allow secure origins to be able to write cookies with the
+ 'secure' flag set. This reduces the risk of non-secure origins
+ to influence the state of secure origins. This implements IETF
+ Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
+ RFC6265.
- Closes #3166
+ Closes #2956
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Michael Kaufmann (25 Oct 2018)
-- urldata: Fix comment in header
+Daniel Stenberg (13 Dec 2018)
+- docs: fix the --tls-max description
- The "connecting" function is used by multiple protocols, not only FTP
+ Reported-by: Tobias Lindgren
+ Pointed out in #3367
+
+ Closes #3368
-- netrc: free temporary strings if memory allocation fails
+Daniel Gustafsson (12 Dec 2018)
+- urlapi: Fix port parsing of eol colon
- - Change the inout parameters after all needed memory has been
- allocated. Do not change them if something goes wrong.
- - Free the allocated temporary strings if strdup() fails.
+ A URL with a single colon without a portnumber should use the default
+ port, discarding the colon. Fix, add a testcase and also do little bit
+ of comment wordsmithing.
- Closes #3122
+ Closes #3365
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Daniel Stenberg (24 Oct 2018)
-- [Ruslan Baratov brought this change]
+Version 7.63.0 (12 Dec 2018)
- config: Remove unused SIZEOF_VOIDP
-
- Closes #3162
+Daniel Stenberg (12 Dec 2018)
+- RELEASE-NOTES: 7.63.0
-- RELEASE-NOTES: synced
+- THANKS: from the curl 7.62.0 cycle
-GitHub (23 Oct 2018)
-- [Gisle Vanem brought this change]
+- test1519: use lib1518 and test CURLINFO_REDIRECT_URL more
- Fix for compiling with lwIP (3)
+- Curl_follow: extract the Location: header field unvalidated
- lwIP on Windows does not have a WSAIoctl() function.
- But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing.
-
-Daniel Stenberg (23 Oct 2018)
-- Curl_follow: return better errors on URL problems
+ ... when not actually following the redirect. Otherwise we return error
+ for this and an application can't extract the value.
- ... by making the converter function global and accessible.
+ Test 1518 added to verify.
- Closes #3153
+ Reported-by: Pavel Pavlov
+ Fixes #3340
+ Closes #3364
-- Curl_follow: remove remaining free(newurl)
+- multi: convert two timeout variables to timediff_t
- Follow-up to 05564e750e8f0c. This function no longer frees the passed-in
- URL.
+ The time_t type is unsigned on some systems and these variables are used
+ to hold return values from functions that return timediff_t
+ already. timediff_t is always a signed type.
- Reported-by: Michael Kaufmann
- Bug: https://github.com/curl/curl/commit/05564e750e8f0c79016c680f301ce251e6e86155#commitcomm
- ent-30985666
+ Closes #3363
-Daniel Gustafsson (23 Oct 2018)
-- headers: end all headers with guard comment
+- delta: use --diff-filter on the git diff-tree invokes
- Most headerfiles end with a /* <headerguard> */ comment, but it was
- missing from some. The comment isn't the most important part of our
- code documentation but consistency has an intrinsic value in itself.
- This adds header guard comments to the files that were lacking it.
+ Suggested-by: Dave Reisner
+
+Patrick Monnerat (11 Dec 2018)
+- documentation: curl_formadd field and file names are now escaped
- Closes #3158
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
+ header without special processing: this may lead to invalid RFC 822
+ quoted-strings.
+ 7.56.0 introduces escaping of backslashes and double quotes in these names:
+ mention it in the documentation.
+
+ Reported-by: daboul on github
+ Closes #3361
-Jay Satiro (23 Oct 2018)
-- CIPHERS.md: Mention the options used to set TLS 1.3 ciphers
+Daniel Stenberg (11 Dec 2018)
+- scripts/delta: show repo delta info from last release
- Closes https://github.com/curl/curl/pull/3159
+ ... where "last release" should be the git tag in the repo.
-Daniel Stenberg (20 Oct 2018)
-- docs/BUG-BOUNTY: the sponsors actually decide the amount
+Daniel Gustafsson (11 Dec 2018)
+- tests: add urlapi unittest
- Retract the previous approach as the sponsors will be the ones to set the
- final amounts.
+ This adds a new unittest intended to cover the internal functions in
+ the urlapi code, starting with parse_port(). In order to avoid name
+ collisions in debug builds, parse_port() is renamed Curl_parse_port()
+ since it will be exported.
- Closes #3152
- [ci skip]
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-- multi: avoid double-free
+- urlapi: fix portnumber parsing for ipv6 zone index
- Curl_follow() no longer frees the string. Make sure it happens in the
- caller function, like we normally handle allocations.
+ An IPv6 URL which contains a zone index includes a '%%25<zode id>'
+ string before the ending ']' bracket. The parsing logic wasn't set
+ up to cope with the zone index however, resulting in a malformed url
+ error being returned. Fix by breaking the parsing into two stages
+ to correctly handle the zone index.
- This bug was introduced with the use of the URL API internally, it has
- never been in a release version
+ Closes #3355
+ Closes #3319
+ Reported-by: tonystz on Github
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Daniel Stenberg (11 Dec 2018)
+- [Jay Satiro brought this change]
+
+ http: fix HTTP auth to include query in URI
- Reported-by: Dario Weißer
- Closes #3149
+ - Include query in the path passed to generate HTTP auth.
+
+ Recent changes to use the URL API internally (46e1640, 7.62.0)
+ inadvertently broke authentication URIs by omitting the query.
+
+ Fixes https://github.com/curl/curl/issues/3353
+ Closes #3356
-- multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
+- [Michael Kaufmann brought this change]
+
+ http: don't set CURLINFO_CONDITION_UNMET for http status code 204
- Otherwise, closing that handle can still cause surprises!
+ The http status code 204 (No Content) should not change the "condition
+ unmet" flag. Only the http status code 304 (Not Modified) should do
+ this.
- Reported-by: Martin Ankerl
- Fixes #3138
- Closes #3147
+ Closes #359
-Marcel Raad (19 Oct 2018)
-- VS projects: add USE_IPV6
+- [Samuel Surtees brought this change]
+
+ ldap: fix LDAP URL parsing regressions
- The Visual Studio builds didn't use IPv6. Add it to all projects since
- Visual Studio 2008, which is verified to build via AppVeyor.
+ - Match URL scheme with LDAP and LDAPS
+ - Retrieve attributes, scope and filter from URL query instead
- Closes https://github.com/curl/curl/pull/3137
+ Regression brought in 46e164069d1a5230 (7.62.0)
+
+ Closes #3362
-- config_win32: enable LDAPS
+- RELEASE-NOTES: synced
+
+- [Stefan Kanthak brought this change]
+
+ (lib)curl.rc: fixup for minor bugs
- As done in the autotools and CMake builds by default.
+ All resources defined in lib/libcurl.rc and curl.rc are language
+ neutral.
- Closes https://github.com/curl/curl/pull/3137
+ winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the
+ ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong.
+
+ Replace the hard-coded constants in both *.rc files with #define'd
+ values.
+
+ Thumbs-uped-by: Rod Widdowson, Johannes Schindelin
+ URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
+ Closes #3348
-Daniel Stenberg (18 Oct 2018)
-- travis: add build for "configure --disable-verbose"
+- test329: verify cookie max-age=0 immediate expiry
+
+- cookies: expire "Max-Age=0" immediately
- Closes #3144
+ Reported-by: Jeroen Ooms
+ Fixes #3351
+ Closes #3352
-Kamil Dudka (17 Oct 2018)
-- tool_cb_hdr: handle failure of rename()
+- [Johannes Schindelin brought this change]
+
+ Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
- Detected by Coverity.
+ This is a companion patch to cbea2fd2c (NTLM: force the connection to
+ HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
+ preemptively. However, with other (Negotiate) authentication it is not
+ clear to this developer whether there is a way to make it work with
+ HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
+ error HTTP_1_1_REQUIRED.
- Closes #3140
- Reviewed-by: Jay Satiro
+ Note: we will still keep the NTLM workaround, as it avoids an extra
+ round trip.
+
+ Daniel Stenberg helped a lot with this patch, in particular by
+ suggesting to introduce the Curl_h2_http_1_1_error() function.
+
+ Closes #3349
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-Daniel Stenberg (17 Oct 2018)
-- RELEASE-NOTES: synced
+- [Ben Greear brought this change]
-- docs/SECURITY-PROCESS: the hackerone IBB program drops curl
+ openssl: fix unused variable compiler warning with old openssl
- ... now there's only BountyGraph.
+ URL: https://curl.haxx.se/mail/lib-2018-11/0055.html
+
+ Closes #3347
-Jay Satiro (16 Oct 2018)
-- [Matthew Whitehead brought this change]
+- [Johannes Schindelin brought this change]
- x509asn1: Fix SAN IP address verification
+ NTLM: force the connection to HTTP/1.1
- For IP addresses in the subject alternative name field, the length
- of the IP address (and hence the number of bytes to perform a
- memcmp on) is incorrectly calculated to be zero. The code previously
- subtracted q from name.end. where in a successful case q = name.end
- and therefore addrlen equalled 0. The change modifies the code to
- subtract name.beg from name.end to calculate the length correctly.
+ Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
+ the capability. However, NTLM authentication only works with HTTP/1.1,
+ and will likely remain in that boat (for details, see
+ https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
- The issue only affects libcurl with GSKit SSL, not other SSL backends.
- The issue is not a security issue as IP verification would always fail.
+ When we just found out that we want to use NTLM, and when the current
+ connection runs in HTTP/2 mode, let's force the connection to be closed
+ and to be re-opened using HTTP/1.1.
- Fixes #3102
- Closes #3141
+ Fixes https://github.com/curl/curl/issues/3341.
+ Closes #3345
+
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-Daniel Gustafsson (15 Oct 2018)
-- INSTALL: mention mesalink in TLS section
+- [Johannes Schindelin brought this change]
+
+ curl_global_sslset(): id == -1 is not necessarily an error
- Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the
- MesaLink vtls backend, but missed updating the TLS section containing
- supported backends in the docs.
+ It is allowed to call that function with id set to -1, specifying the
+ backend by the name instead. We should imitate what is done further down
+ in that function to allow for that.
- Closes #3134
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Marcel Raad (14 Oct 2018)
-- nonblock: fix unused parameter warning
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
- If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not
- used.
+ Closes #3346
-Michael Kaufmann (13 Oct 2018)
-- Curl_follow: Always free the passed new URL
+Johannes Schindelin (6 Dec 2018)
+- .gitattributes: make tabs in indentation a visible error
- Closes #3124
+ Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
-Viktor Szakats (12 Oct 2018)
-- replace rawgit links [ci skip]
+Daniel Stenberg (6 Dec 2018)
+- RELEASE-NOTES: synced
+
+- doh: fix memory leak in OOM situation
- Ref: https://rawgit.com/ "RawGit has reached the end of its useful life"
- Ref: https://news.ycombinator.com/item?id=18202481
- Closes https://github.com/curl/curl/pull/3131
+ Reviewed-by: Daniel Gustafsson
+ Closes #3342
-Daniel Stenberg (12 Oct 2018)
-- docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018
+- doh: make it work for h2-disabled builds too
- [ci skip]
+ Reported-by: dtmsecurity at github
+ Fixes #3325
+ Closes #3336
-- travis: make distcheck scan for BOM markers
+- packages: remove old leftover files and dirs
- and remove BOM from projects/wolfssl_override.props
+ This subdir has mostly become an attic of never-used cruft from the
+ past.
- Closes #3126
+ Closes #3331
-Marcel Raad (11 Oct 2018)
-- CMake: remove BOM
+- [Gergely Nagy brought this change]
+
+ openssl: do not use file BIOs if not requested
- Accidentally aded in commit 1bb86057ff07083deeb0b00f8ad35879ec4d03ea.
+ Moves the file handling BIO calls to the branch of the code where they
+ are actually used.
- Reported-by: Viktor Szakats
- Ref: https://github.com/curl/curl/pull/3120#issuecomment-428673136
+ Closes #3339
-Daniel Gustafsson (10 Oct 2018)
-- transfer: fix typo in comment
+- [Paul Howarth brought this change]
-Michael Kaufmann (10 Oct 2018)
-- docs: add "see also" links for SSL options
+ nss: Fix compatibility with nss versions 3.14 to 3.15
+
+- [Paul Howarth brought this change]
+
+ nss: Improve info message when falling back SSL protocol
- - link TLS 1.2 and TLS 1.3 options
- - link proxy and non-proxy options
+ Use descriptive text strings rather than decimal numbers.
+
+- [Paul Howarth brought this change]
+
+ nss: Fall back to latest supported SSL version
- Closes #3121
+ NSS may be built without support for the latest SSL/TLS versions,
+ leading to "SSL version range is not valid" errors when the library
+ code supports a recent version (e.g. TLS v1.3) but it has explicitly
+ been disabled.
+
+ This change adjusts the maximum SSL version requested by libcurl to
+ be the maximum supported version at runtime, as long as that version
+ is at least as high as the minimum version required by libcurl.
+
+ Fixes #3261
-Marcel Raad (10 Oct 2018)
-- AppVeyor: remove BDIR variable that sneaked in again
+Daniel Gustafsson (3 Dec 2018)
+- travis: enable COPYRIGHTYEAR extended warning
- Removed in ae762e1abebe3a5fe75658583c85059a0957ef6e, accidentally added
- again in 9f3be5672dc4dda30ab43e0152e13d714a84d762.
+ The extended warning for checking incorrect COPYRIGHTYEAR is quite
+ expensive to run, so rather than expecting every developer to do it
+ we ensure it's turned on locally for Travis.
-- CMake: disable -Wpedantic-ms-format
+- checksrc: add COPYRIGHTYEAR check
- As done in the autotools build. This is required for MinGW, which
- supports only %I64 for printing 64-bit values, but warns about it.
+ Forgetting to bump the year in the copyright clause when hacking has
+ been quite common among curl developers, but a traditional checksrc
+ check isn't a good fit as it would penalize anyone hacking on January
+ 1st (among other things). This adds a more selective COPYRIGHTYEAR
+ check which intends to only cover the currently hacked on changeset.
- Closes https://github.com/curl/curl/pull/3120
-
-Viktor Szakats (9 Oct 2018)
-- ldap: show precise LDAP call in error message on Windows
+ The check for updated copyright year is currently not enforced on all
+ files but only on files edited and/or committed locally. This is due to
+ the amount of files which aren't updated with their correct copyright
+ year at the time of their respective commit.
- Also add a unique but common text ('bind via') to make it
- easy to grep this specific failure regardless of platform.
+ To further avoid running this expensive check for every developer, it
+ adds a new local override mode for checksrc where a .checksrc file can
+ be used to turn on extended warnings locally.
- Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468
- Closes https://github.com/curl/curl/pull/3118
+ Closes #3303
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-Daniel Stenberg (9 Oct 2018)
-- docs/DEPRECATE: minor reformat to render nicer on web
-
-Daniel Gustafsson (9 Oct 2018)
-- CURLOPT_SSL_VERIFYSTATUS: Fix typo
+Daniel Stenberg (3 Dec 2018)
+- CHECKSRC.md: document more warnings
- Changes s/OSCP/OCSP/ and bumps the copyright year due to the change.
+ Closes #3335
+ [ci skip]
-Marcel Raad (9 Oct 2018)
-- curl_setup: define NOGDI on Windows
+- RELEASE-NOTES: synced
+
+- SECURITY-PROCESS: bountygraph shuts down
- This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h>
- on MinGW.
+ This backpedals back the documents to the state before bountygraph.
- Closes https://github.com/curl/curl/pull/3113
+ Closes #3311
-- Windows: fixes for MinGW targeting Windows Vista
+- curl: fix memory leak reading --writeout from file
- Classic MinGW has neither InitializeCriticalSectionEx nor
- GetTickCount64, independent of the target Windows version.
+ If another string had been set first, the writout function for reading
+ the syntax from file would leak the previously allocated memory.
- Closes https://github.com/curl/curl/pull/3113
+ Reported-by: Brian Carpenter
+ Fixes #3322
+ Closes #3330
-Daniel Stenberg (8 Oct 2018)
-- TODO: fixed 'API for URL parsing/splitting'
+- tool_main: rename function to make it unique and better
+
+ ... there's already another function in the curl tool named
+ free_config_fields!
-Daniel Gustafsson (8 Oct 2018)
-- KNOWN_BUGS: Fix various typos
+Daniel Gustafsson (29 Nov 2018)
+- TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry
+
+ Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option
+ making it a manual code-edit operation to turn it back on. The removal
+ process has thus started and is now documented in docs/DEPRECATE.md so
+ remove from the TODO to avoid anyone looking for something to pick up
+ spend cycles on an already in-progress entry.
- Closes #3112
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Viktor Szakats (8 Oct 2018)
-- spelling fixes [ci skip]
+Jay Satiro (29 Nov 2018)
+- [Sevan Janiyan brought this change]
+
+ connect: fix building for recent versions of Minix
- as detected by codespell 1.14.0
+ EBADIOCTL doesn't exist on more recent Minix.
+ There have also been substantial changes to the network stack.
+ Fixes build on Minix 3.4rc
- Closes https://github.com/curl/curl/pull/3114
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Closes https://github.com/curl/curl/pull/3323
-Daniel Stenberg (8 Oct 2018)
-- RELEASE-NOTES: synced
+- [Konstantin Kushnir brought this change]
-- curl_ntlm_wb: check aprintf() return codes
+ CMake: fix MIT/Heimdal Kerberos detection
- ... when they return NULL we're out of memory and MUST return failure.
+ - fix syntax error in FindGSS.cmake
+ - correct krb5 include directory. FindGSS exports
+ "GSS_INCLUDE_DIR" variable.
- closes #3111
+ Closes https://github.com/curl/curl/pull/3316
-- docs/BUG-BOUNTY: proposed additional docs
+Daniel Stenberg (28 Nov 2018)
+- test328: verify Content-Encoding: none
- Bug bounty explainer. See https://bountygraph.com/programs/curl
+ Because of issue #3315
- Closes #3067
+ Closes #3317
-- [Rick Deist brought this change]
+- [James Knight brought this change]
- hostip: fix check on Curl_shuffle_addr return value
+ configure: include all libraries in ssl-libs fetch
- Closes #3110
-
-- FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
+ When compiling a collection of SSL libraries to link against (SSL_LIBS),
+ ensure all libraries are included. The call `--libs-only-l` can produce
+ only a subset of found in a `--libs` call (e.x. pthread may be excluded).
+ Adding `--libs-only-other` ensures other libraries are also included in
+ the list. This corrects select build environments compiling against a
+ static version of OpenSSL. Before the change, the following could be
+ observed:
- Now FILE transfers send headers to the header callback like HTTP and
- other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
- work for FILE in the callbacks.
+ checking for openssl options with pkg-config... found
+ configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
+ configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
+ configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
+ checking for HMAC_Update in -lcrypto... no
+ checking for HMAC_Init_ex in -lcrypto... no
+ checking OpenSSL linking with -ldl... no
+ checking OpenSSL linking with -ldl and -lpthread... no
+ configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
+ configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
+ ...
+ SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
+ ...
- Makes "curl -i file://.." and "curl -I file://.." work like before
- again. Applied the bold header logic to them too.
+ And include the other libraries when compiling SSL_LIBS succeeds with:
- Regression from c1c2762 (7.61.0)
+ checking for openssl options with pkg-config... found
+ configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
+ configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
+ configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
+ checking for HMAC_Update in -lcrypto... yes
+ checking for SSL_connect in -lssl... yes
+ ...
+ SSL support: enabled (OpenSSL)
+ ...
- Reported-by: Shaun Jackman
- Fixes #3083
- Closes #3101
+ Signed-off-by: James Knight <james.d.knight@live.com>
+ Closes #3193
-Daniel Gustafsson (7 Oct 2018)
-- gskit: make sure to terminate version string
-
- In case a very small buffer was passed to the version function, it could
- result in the buffer not being NULL-terminated since strncpy() doesn't
- guarantee a terminator on an overflowed buffer. Rather than adding code
- to terminate (and handle zero-sized buffers), move to using snprintf()
- instead like all the other vtls backends.
+Daniel Gustafsson (26 Nov 2018)
+- doh: fix typo in infof call
- Closes #3105
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Viktor Szakats <commit@vszakats.net>
-
-- TODO: add LD_PRELOAD support on macOS
-
- Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394.
-- runtests: skip ld_preload tests on macOS
+- cmdline-opts/gen.pl: define the correct varname
- The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests
- requiring it.
+ The variable definition had a small typo making it declare another
+ variable then the intended.
- Fixes #2394
- Closes #3106
- Reported-by: Github user @jakirkham
+ Closes #3304
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Marcel Raad (7 Oct 2018)
-- AppVeyor: use Debug builds to run tests
+Daniel Stenberg (25 Nov 2018)
+- RELEASE-NOTES: synced
+
+- curl_easy_perform: fix timeout handling
- This enables more tests.
+ curl_multi_wait() was erroneously used from within
+ curl_easy_perform(). It could lead to it believing there was no socket
+ to wait for and then instead sleep for a while instead of monitoring the
+ socket and then miss acting on that activity as swiftly as it should
+ (causing an up to 1000 ms delay).
- Closes https://github.com/curl/curl/pull/3104
+ Reported-by: Antoni Villalonga
+ Fixes #3305
+ Closes #3306
+ Closes #3308
-- AppVeyor: add HTTP_ONLY build
-
- Closes https://github.com/curl/curl/pull/3104
+- CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
-- AppVeyor: add WinSSL builds
+- cookies: create the cookiejar even if no cookies to save
- Use the oldest and latest Windows SDKs for them.
- Also, remove all but one OpenSSL build.
+ Important for when the file is going to be read again and thus must not
+ contain old contents!
- Closes https://github.com/curl/curl/pull/3104
+ Adds test 327 to verify.
+
+ Reported-by: daboul on github
+ Fixes #3299
+ Closes #3300
-- AppVeyor: add remaining Visual Studio versions
+- checksrc: ban snprintf use, add command line flag to override warns
+
+- snprintf: renamed and we now only use msnprintf()
- This adds Visual Studio 9 and 10 builds.
- There's no 64-bit VC9 compiler on AppVeyor, so use it as the Win32
- build. Also, VC9 cannot be used for running the test suite.
+ The function does not return the same value as snprintf() normally does,
+ so readers may be mislead into thinking the code works differently than
+ it actually does. A different function name makes this easier to detect.
- Closes https://github.com/curl/curl/pull/3104
+ Reported-by: Tomas Hoger
+ Assisted-by: Daniel Gustafsson
+ Fixes #3296
+ Closes #3297
-- AppVeyor: break long line
-
- Closes https://github.com/curl/curl/pull/3104
+- [Tobias Hintze brought this change]
-- AppVeyor: remove unused BDIR variable
+ test: update test20/1322 for eglibc bug workaround
- Closes https://github.com/curl/curl/pull/3104
+ The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
+ eglibc-2.19 there is a memory leakage and invalid free bug which
+ surfaces in some special circumstances (PF_UNSPEC hint with invalid or
+ non-existent names). The valgrind runs in testing fail in these
+ situations.
+
+ As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
+ this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
+ on the tests' command line. This prevents the valgrind failures.
-Daniel Stenberg (6 Oct 2018)
-- test2100: test DoH using IPv4-only
+- [Tobias Hintze brought this change]
+
+ host names: allow trailing dot in name resolve, then strip it
- To make it only send one DoH request and avoid the race condition that
- could lead to the requests getting sent in reversed order and thus
- making it hard to compare in the test case.
+ Delays stripping of trailing dots to after resolving the hostname.
- Fixes #3107
- Closes #3108
+ Fixes #3022
+ Closes #3222
-- tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too
-
- [ci skip]
+- [UnknownShadow200 brought this change]
-- RELEASE-NOTES: synced
+ CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
+
+ Closes #3295
-- [Dmitry Kostjuchenko brought this change]
+Daniel Gustafsson (21 Nov 2018)
+- configure: Fix typo in comment
- timeval: fix use of weak symbol clock_gettime() on Apple platforms
+Michael Kaufmann (21 Nov 2018)
+- openssl: support session resume with TLS 1.3
- Closes #3048
-
-- doh: keep the IPv4 address in (original) network byte order
+ Session resumption information is not available immediately after a TLS 1.3
+ handshake. The client must wait until the server has sent a session ticket.
- Ideally this will fix the reversed order shown in SPARC tests:
+ Use OpenSSL's "new session" callback to get the session information and put it
+ into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
+ after the server has sent a session ticket.
- resp 8: Expected 127.0.0.1 got 1.0.0.127
+ The "new session" callback is invoked only if OpenSSL's session cache is
+ enabled, so enable it and use the "external storage" mode which lets curl manage
+ the contents of the session cache.
- Closes #3091
-
-Jay Satiro (5 Oct 2018)
-- INTERNALS.md: wrap lines longer than 79
-
-Daniel Gustafsson (5 Oct 2018)
-- INTERNALS: escape reference to parameter
+ A pointer to the connection data and the sockindex are now saved as "SSL extra
+ data" to make them available to the callback.
- The parameter reference <string> was causing rendering issues in the
- generated HTML page, as <string> isn't a valid HTML tag. Fix by back-
- tick escaping it.
+ This approach also works for old SSL/TLS versions and old OpenSSL versions.
- Closes #3099
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- checksrc: handle zero scoped ignore commands
- If a !checksrc! disable command specified to ignore zero errors, it was
- still added to the ignore block even though nothing was ignored. While
- there were no blocks ignored that shouldn't be ignored, the processing
- ended with with a warning:
+ Fixes #3202
+ Closes #3271
+
+- ssl: fix compilation with OpenSSL 0.9.7
- <filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE)
- /* !checksrc! disable LONGLINE 0 */
- ^
- Fix by instead treating a zero ignore as a a badcommand and throw a
- warning for that one.
+ - ENGINE_cleanup() was used without including "openssl/engine.h"
+ - enable engine support for OpenSSL 0.9.7
- Closes #3096
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3266
-- checksrc: enable strict mode and warnings
-
- Enable strict and warnings mode for checksrc to ensure we aren't missing
- anything due to bugs in the checking code. This uncovered a few things
- which are all fixed in this commit:
+Daniel Stenberg (21 Nov 2018)
+- openssl: disable TLS renegotiation with BoringSSL
- * several variables were used uninitialized
- * several variables were not defined in the correct scope
- * the whitelist filehandle was read even if the file didn't exist
- * the enable_warn() call when a disable counter had expired was passing
- incorrect variables, but since the checkwarn() call is unlikely to hit
- (the counter is only decremented to zero on actual ignores) it didn't
- manifest a problem.
+ Since we're close to feature freeze, this change disables this feature
+ with an #ifdef. Define ALLOW_RENEG at build-time to enable.
- Closes #3090
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-
-Marcel Raad (5 Oct 2018)
-- CMake: suppress MSVC warning C4127 for libtest
+ This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
+ applications opt-in this.
- It's issued by older Windows SDKs (prior to version 8.0).
-
-Sergei Nikulov (5 Oct 2018)
-- Merge branch 'dmitrykos-fix_missing_CMake_defines'
+ Concern-raised-by: David Benjamin
+ Fixes #3283
+ Closes #3293
-- [Dmitry Kostjuchenko brought this change]
+- [Romain Fliedel brought this change]
- cmake: test and set missed defines during configuration
+ ares: remove fd from multi fd set when ares is about to close the fd
- Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC.
+ When using c-ares for asyn dns, the dns socket fd was silently closed
+ by c-ares without curl being aware. curl would then 'realize' the fd
+ has been removed at next call of Curl_resolver_getsock, and only then
+ notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
+ CURL_POLL_REMOVE. At this point the fd is already closed.
- Closes #3097
-
-Marcel Raad (5 Oct 2018)
-- AppVeyor: disable test 500
+ By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
+ patch allows curl to be notified that the fd is not longer needed
+ for neither for write nor read. At this point by calling
+ Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
+ before the fd is actually closed by ares.
- It almost always results in
- "starttransfer vs total: 0.000001 0.000000".
- I cannot reproduce this locally, so disable it for now.
+ In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
+ since it does not allow passing a different sock_state_cb_data
- Closes https://github.com/curl/curl/pull/3100
+ Closes #3238
-- AppVeyor: set custom install prefix
-
- CMake's default has spaces and in 32-bit mode parentheses, which result
- in syntax errors in curl-config.
-
- Closes https://github.com/curl/curl/pull/3100
+- [Romain Fliedel brought this change]
-- AppVeyor: Remove non-SSL non-test builds
-
- They don't add much value.
-
- Closes https://github.com/curl/curl/pull/3100
+ examples/ephiperfifo: report error when epoll_ctl fails
-- AppVeyor: run test suite
+Daniel Gustafsson (20 Nov 2018)
+- [pkubaj brought this change]
+
+ ntlm: Remove redundant ifdef USE_OPENSSL
- Use the preinstalled MSYS2 bash for that.
- Disable test 1139 as the CMake build doesn't generate curl.1.
+ lib/curl_ntlm.c had code that read as follows:
- Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224
- Closes https://github.com/curl/curl/pull/3100
-
-- AppVeyor: use in-tree build
+ #ifdef USE_OPENSSL
+ # ifdef USE_OPENSSL
+ # else
+ # ..
+ # endif
+ #endif
- Required to run the tests.
+ Remove the redundant USE_OPENSSL along with #else (it's not possible to
+ reach it anyway). The removed construction is a leftover from when the
+ SSLeay support was removed.
- Closes https://github.com/curl/curl/pull/3100
+ Closes #3269
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Daniel Stenberg (4 Oct 2018)
-- doh: make sure TTL isn't re-inited by second (discarded?) response
-
- Closes #3092
+Daniel Stenberg (20 Nov 2018)
+- [Han Han brought this change]
-- test320: strip out more HTML when comparing
-
- To make the test case work with different gnutls-serv versions better.
+ ssl: replace all internal uses of CURLE_SSL_CACERT
- Reported-by: Kamil Dudka
- Fixes #3093
- Closes #3094
+ Closes #3291
-Marcel Raad (4 Oct 2018)
-- runtests: use Windows paths for Windows curl
-
- curl generated by CMake's Visual Studio generator has "Windows" in the
- version number.
+Han Han (19 Nov 2018)
+- docs: add more description to unified ssl error codes
-Daniel Stenberg (4 Oct 2018)
-- [Colin Hogben brought this change]
+- curle: move deprecated error code to ifndef block
- tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
-
- Fix problems caused by differences in treatment of bytes objects between
- python2 and python3.
-
- Fixes #2929
- Closes #3080
+Patrick Monnerat (19 Nov 2018)
+- os400: add CURLOPT_CURLU to ILE/RPG binding.
-Daniel Gustafsson (3 Oct 2018)
-- memory: ensure to check allocation results
+- os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.
+
+- os400: fix return type of curl_easy_pause() in ILE/RPG binding.
+
+Daniel Stenberg (19 Nov 2018)
+- RELEASE-NOTES: synced
+
+- impacket: add LICENSE
- The result of a memory allocation should always be checked, as we may
- run under memory pressure where even a small allocation can fail. This
- adds checking and error handling to a few cases where the allocation
- wasn't checked for success. In the ftp case, the freeing of the path
- variable is moved ahead of the allocation since there is little point
- in keeping it around across the strdup, and the separation makes for
- more readable code. In nwlib, the lock is aslo freed in the error path.
+ The license for the impacket package was not in our tree.
- Also bumps the copyright years on affected files.
+ Imported now from upstream's
+ https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE
- Closes #3084
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reported-by: infinnovation-dev on github
+ Fixes #3276
+ Closes #3277
-- comment: Fix multiple typos in function parameters
+Daniel Gustafsson (18 Nov 2018)
+- tool_doswin: Fix uninitialized field warning
- Ensure that the parameters in the comment match the actual names in the
- prototype.
+ The partial struct initialization in 397664a065abffb7c3445ca9 caused
+ a warning on uninitialized MODULEENTRY32 struct members:
- Closes #3079
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- CURLOPT_SSLVERSION.3: fix typos and consistent spelling
+ /src/tool_doswin.c:681:3: warning: missing initializer for field
+ 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}'
+ [-Wmissing-field-initializers]
- Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was
- already done in all but a few cases. Also fix a few typos.
+ This is sort of a bogus warning as the remaining members will be set
+ to zero by the compiler, as all omitted members are. Nevertheless,
+ remove the warning by omitting all members and setting the dwSize
+ members explicitly.
- Closes #3076
+ Closes #3254
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
-- SECURITY-PROCESS: make links into hyperlinks
+- openssl: Remove SSLEAY leftovers
- Use proper Markdown hyperlink format for the Bountygraph links in order
- for the generated website page to be more user friendly. Also link to
- the sponsors to give them a little extra credit.
+ Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't
+ compatible with the SSLeay library. This removes the few leftovers that
+ were omitted in the less frequently used platform targets.
- Closes #3082
+ Closes #3270
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Jay Satiro (3 Oct 2018)
-- CURLOPT_HEADER.3: fix typo
+Daniel Stenberg (16 Nov 2018)
+- [Elia Tufarolo brought this change]
-- nss: fix nssckbi module loading on Windows
-
- - Use .DLL extension instead of .so to load modules on Windows.
-
- Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
- Reported-by: Maxime Legros
+ http_negotiate: do not close connection until negotiation is completed
- Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442
+ Fix HTTP POST using CURLAUTH_NEGOTIATE.
- Closes https://github.com/curl/curl/pull/3086
+ Closes #3275
-- data-binary.d: clarify default content-type is x-www-form-urlencoded
-
- - Advise user that --data-binary sends a default content type of
- x-www-form-urlencoded, and to have the data treated as arbitrary
- binary data by the server set the content-type header to octet-stream.
-
- Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094
+- pop3: only do APOP with a valid timestamp
- Closes https://github.com/curl/curl/pull/3085
+ Brought-by: bobmitchell1956 on github
+ Fixes #3278
+ Closes #3279
-Marcel Raad (2 Oct 2018)
-- test1299: use single quotes around asterisk
-
- Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580
+Jay Satiro (16 Nov 2018)
+- [Peter Wu brought this change]
-Daniel Stenberg (2 Oct 2018)
-- docs/CIPHERS: mention the colon separation for OpenSSL
+ openssl: do not log excess "TLS app data" lines for TLS 1.3
- Bug: #3077
-
-- runtests: ignore disabled even when ranges are given
+ The SSL_CTX_set_msg_callback callback is not just called for the
+ Handshake or Alert protocols, but also for the raw record header
+ (SSL3_RT_HEADER) and the decrypted inner record type
+ (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
+ excess debug spam when using `curl -v` against a TLSv1.3-enabled server:
- runtests.pl support running a range of tests, like "44 to 127". Starting
- now, the code makes sure that even such given ranges will ignore tests
- that are marked as disabled.
+ * TLSv1.3 (IN), TLS app data, [no content] (0):
- Disabled tests can still be run by explictly specifying that test
- number.
+ (Following this message, another callback for the decrypted
+ handshake/alert messages will be be present anyway.)
- Closes #3075
+ Closes https://github.com/curl/curl/pull/3281
-- urlapi: starting with a drive letter on win32 is not an abs url
-
- ... and libcurl doesn't support any single-letter URL schemes (if there
- even exist any) so it should be fairly risk-free.
-
- Reported-by: Marcel Raad
+Marc Hoersken (15 Nov 2018)
+- tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
- Fixes #3070
- Closes #3071
-
-Marcel Raad (2 Oct 2018)
-- doh: fix curl_easy_setopt argument type
+ SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
+ but does not work together with SO_REUSEADDR being on.
- CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
- MinGW.
-
-Daniel Stenberg (2 Oct 2018)
-- RELEASE-NOTES: synced
+ The default changes were made with stunnel 5.34 and 5.35.
-Jay Satiro (1 Oct 2018)
-- [Ruslan Baratov brought this change]
+Daniel Stenberg (13 Nov 2018)
+- [Kamil Dudka brought this change]
- CMake: Improve config installation
+ nss: remove version selecting dead code
- Use 'GNUInstallDirs' standard module to set destinations of installed
- files.
+ Closes #3262
+
+- nss: set default max-tls to 1.3/1.2
- Use uppercase "CURL" names instead of lowercase "curl" to match standard
- 'FindCURL.cmake' CMake module:
- * https://cmake.org/cmake/help/latest/module/FindCURL.html
+ Fixes #3261
+
+Daniel Gustafsson (13 Nov 2018)
+- tool_cb_wrt: Silence function cast compiler warning
- Meaning:
- * Install 'CURLConfig.cmake' instead of 'curl-config.cmake'
- * User should call 'find_package(CURL)' instead of 'find_package(curl)'
+ Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
+ compiler warning on Windows cross compilation with GCC. See below
+ for an example of the warning from the autobuild logs (whitespace
+ edited to fit):
- Use 'configure_package_config_file' function to generate
- 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template
- file smaller and handle components better. E.g. current configuration
- report no error if user specified unknown components (note: new
- configuration expects no components, report error if user will try to
- specify any).
+ /src/tool_cb_wrt.c:175:9: warning: cast from function call of type
+ 'intptr_t {aka long long int}' to non-matching type 'void *'
+ [-Wbad-function-cast]
+ (HANDLE) _get_osfhandle(fileno(outs->stream)),
+ ^
- Closes https://github.com/curl/curl/pull/2849
-
-Daniel Stenberg (1 Oct 2018)
-- test1650: make it depend on http/2
+ Store the return value from _get_osfhandle() in an intermediate
+ variable and cast the variable in WriteConsoleW() rather than the
+ function call directly to avoid a compiler warning.
- Follow-up to 570008c99da0ccbb as it gets link errors.
+ In passing, also add inspection of the MultiByteToWideChar() return
+ value and return failure in case an error is reported.
- Reported-by: Michael Kaufmann
- Closes #3068
+ Closes #3263
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
-- [Nate Prewitt brought this change]
+Daniel Stenberg (12 Nov 2018)
+- nss: fix fallthrough comment to fix picky compiler warning
- MANUAL: minor grammar fix
-
- Noticed a typo reading through the docs.
-
- Closes #3069
+- docs: expanded on some CURLU details
-- doh: only build if h2 enabled
-
- The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version
- of HTTP for use with DoH".
-
- Reported-by: Marcel Raad
- Closes #3066
+- [Tim Rühsen brought this change]
-- test2100: require http2 to run
+ ftp: avoid two unsigned int overflows in FTP listing parser
- Reported-by: Marcel Raad
- Fixes #3064
- Closes #3065
-
-- multi: fix memory leak in content encoding related error path
+ Curl_ftp_parselist: avoid unsigned integer overflows
- ... a missing multi_done() call.
+ The overflow has no real world impact, just avoid it for "best
+ practice".
- Credit to OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728
- Closes #3063
+ Closes #3225
-- travis: bump the Secure Transport build to use xcode 10
+- curl: --local-port range was not "including"
- Due to an issue with travis
- (https://github.com/travis-ci/travis-ci/issues/9956) we've been using
- Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as
- an alternative and as it builds curl+darwinssl fine that seems like a
- better choice.
+ The end port number in a given range was not included in the range used,
+ as it is documented to be.
- Closes #3062
+ Reported-by: infinnovation-dev on github
+ Fixes #3251
+ Closes #3255
-- [Rich Turner brought this change]
+- [Jérémy Rocher brought this change]
- curl: enabled Windows VT Support and UTF-8 output
+ openssl: support BoringSSL TLS renegotiation
- Enabled Console VT support (if running OS supports VT) in tool_main.c.
+ As per BoringSSL porting documentation [1], BoringSSL rejects peer
+ renegotiations by default.
- Fixes #3008
- Closes #3011
-
-- multi: fix location URL memleak in error path
+ curl fails when trying to authenticate to server through client
+ certificate if it is requested by server after the initial TLS
+ handshake.
- Follow-up to #3044 - fix a leak OSS-Fuzz detected
- Closes #3057
-
-Sergei Nikulov (28 Sep 2018)
-- cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...)
-
-- [Brad King brought this change]
-
- cmake: Backport to work with CMake 3.0 again
+ Enable renegotiation by default with BoringSSL to get same behavior as
+ with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2]
+ which was introduced in commit 1d5ef3bb1eb9 [3].
- Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets
- instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake:
- bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix
- issue #2746. This broke support for users on older versions of CMake
- even if they just want to build curl and do not care whether transitive
- dependencies work.
+ 1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation
+ 2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482
+ 3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86
- Backport the logic to work with CMake 3.0 again by implementing the
- fix only when the version of CMake is at least 3.4.
+ Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com>
+ Fixes #3258
+ Closes #3259
-Marcel Raad (27 Sep 2018)
-- curl_threads: fix classic MinGW compile break
-
- Classic MinGW still has _beginthreadex's return type as unsigned long
- instead of uintptr_t [0]. uintptr_t is not even defined because of [1].
+- HISTORY: add some milestones
- [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167
- [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90
+ Added a few of the more notable milestones in curl history that were
+ missing. Primarily more recent ones but I also noted some older that
+ could be worth mentioning.
- Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807
- Closes https://github.com/curl/curl/pull/3051
+ [ci skip]
+ Closes #3257
-Daniel Stenberg (26 Sep 2018)
-- configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
+Daniel Gustafsson (9 Nov 2018)
+- KNOWN_BUGS: add --proxy-any connection issue
- fix a few leftovers
+ Add the identified issue with --proxy-any and proxy servers which
+ advertise authentication schemes other than the supported one.
- Fixes #3006
- Closes #3049
+ Closes #876
+ Closes #3250
+ Reported-by: NTMan on Github
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- [Doron Behar brought this change]
+Daniel Stenberg (9 Nov 2018)
+- [Jim Fuller brought this change]
- example/htmltidy: fix include paths of tidy libraries
+ setopt: add CURLOPT_CURLU
- Closes #3050
+ Allows an application to pass in a pre-parsed URL via a URL handle.
+
+ Closes #3227
-- RELEASE-NOTES: synced
+- [Gisle Vanem brought this change]
-- Curl_http2_done: fix memleak in error path
+ docs: ESCape "\n" codes
- Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
- early failures.
+ Groff / Troff will display a:
+ printaf("Errno: %ld\n", error);
+ as:
+ printf("Errno: %ld0, error);
- Detected by OSS-Fuzz
+ when a "\n" is not escaped. Use "\\n" instead.
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
- Closes #3046
+ Closes #3246
-- http: fix memleak in rewind error path
-
- If the rewind would fail, a strdup() would not get freed.
+- curl: --local-port fix followup
- Detected by OSS-Fuzz
+ Regression by 52db54869e6.
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
- Closes #3044
+ Reported-by: infinnovation-dev on github
+ Fixes #3248
+ Closes #3249
-Viktor Szakats (24 Sep 2018)
-- test320: fix regression in [ci skip]
-
- The value in question is coming directly from `gnutls-serv`, so it cannot
- be modified freely.
-
- Reported-by: Marcel Raad
- Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004
+GitHub (7 Nov 2018)
+- [Gisle Vanem brought this change]
-Daniel Stenberg (24 Sep 2018)
-- Curl_retry_request: fix memory leak
-
- Detected by OSS-Fuzz
-
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
- Closes #3042
+ More "\n" ESCaping
-- openssl: load built-in engines too
+Daniel Stenberg (7 Nov 2018)
+- RELEASE-NOTES: synced
+
+- curl: fix --local-port integer overflow
- Regression since 38203f1
+ The tool's local port command line range parser didn't check for integer
+ overflows and could pass "weird" data to libcurl for this option.
+ libcurl however, has a strict range check for the values so it rejects
+ anything outside of the accepted range.
- Reported-by: Jean Fabrice
- Fixes #3023
- Closes #3040
-
-- [Christian Heimes brought this change]
+ Reported-by: Brian Carpenter
+ Closes #3242
- OpenSSL: enable TLS 1.3 post-handshake auth
-
- OpenSSL 1.1.1 requires clients to opt-in for post-handshake
- authentication.
+- curl: correct the switch() logic in ourWriteOut
- Fixes: https://github.com/curl/curl/issues/3026
- Signed-off-by: Christian Heimes <christian@python.org>
+ Follow-up to e431daf013, as I did the wrong correction for a compiler
+ warning. It should be a break and not a fall-through.
- Closes https://github.com/curl/curl/pull/3027
+ Pointed-out-by: Frank Gevaerts
-- [Even Rouault brought this change]
+- [Frank Gevaerts brought this change]
- Curl_dedotdotify(): always nul terminate returned string.
-
- This fixes potential out-of-buffer access on "file:./" URL
+ curl: add %{stderr} and %{stdout} for --write-out
- $ valgrind curl "file:./"
- ==24516== Memcheck, a memory error detector
- ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
- ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
- ==24516== Command: /home/even/install-curl-git/bin/curl file:./
- ==24516==
- ==24516== Conditional jump or move depends on uninitialised value(s)
- ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
- ==24516== by 0x4EBB315: seturl (urlapi.c:801)
- ==24516== by 0x4EBB568: parseurl (urlapi.c:861)
- ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199)
- ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044)
- ==24516== by 0x4E67AEF: create_conn (url.c:3613)
- ==24516== by 0x4E68A4F: Curl_connect (url.c:4119)
- ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440)
- ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173)
- ==24516== by 0x4E7558C: easy_transfer (easy.c:686)
- ==24516== by 0x4E75801: easy_perform (easy.c:779)
- ==24516== by 0x4E75868: curl_easy_perform (easy.c:798)
+ Closes #3115
+
+Daniel Gustafsson (7 Nov 2018)
+- winssl: be consistent in Schannel capitalization
- Was originally spotted by
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
- Credit to OSS-Fuzz
+ The productname from Microsoft is "Schannel", but in infof/failf
+ reporting we use "schannel". This removes different versions.
- Closes #3039
+ Closes #3243
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Viktor Szakats (23 Sep 2018)
-- update URLs in tests
+Daniel Stenberg (7 Nov 2018)
+- TODO: Have the URL API offer IDN decoding
- - and one in docs/MANUAL as well
+ Similar to how URL decoding/encoding is done, we could have URL
+ functions to convert IDN host names to punycode.
- Closes https://github.com/curl/curl/pull/3038
+ Suggested-by: Alexey Melnichuk
+ Closes #3232
-- whitespace fixes
+- urlapi: only skip encoding the first '=' with APPENDQUERY set
- - replace tabs with spaces where possible
- - remove line ending spaces
- - remove double/triple newlines at EOF
- - fix a non-UTF-8 character
- - cleanup a few indentations/line continuations
- in manual examples
+ APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
+ encoding the first to better allow "name=content" for any content.
- Closes https://github.com/curl/curl/pull/3037
+ Reported-by: Alexey Melnichuk
+ Fixes #3231
+ Closes #3231
-Daniel Stenberg (23 Sep 2018)
-- http: add missing return code check
-
- Detected by Coverity. CID 1439610.
+- url: a short host name + port is not a scheme
- Follow-up from 46e164069d1a523
+ The function identifying a leading "scheme" part of the URL considered a
+ few letters ending with a colon to be a scheme, making something like
+ "short:80" to become an unknown scheme instead of a short host name and
+ a port number.
- Closes #3034
-
-- ftp: don't access pointer before NULL check
+ Extended test 1560 to verify.
- Detected by Coverity. CID 1439611.
+ Also fixed test203 to use file_pwd to make it get the correct path on
+ windows. Removed test 2070 since it was a duplicate of 203.
- Follow-up from 46e164069d1a523
+ Assisted-by: Marcel Raad
+ Reported-by: Hagai Auro
+ Fixes #3220
+ Fixes #3233
+ Closes #3223
+ Closes #3235
+
+- [Sangamkar brought this change]
-- unit1650: fix out of boundary access
+ libcurl: stop reading from paused transfers
- Fixes #2987
- Closes #3035
+ In the transfer loop it would previously not acknwledge the pause bit
+ and continue until drained or loop ended.
+
+ Closes #3240
-Viktor Szakats (23 Sep 2018)
-- docs/examples: URL updates
+Jay Satiro (6 Nov 2018)
+- tool: add undocumented option --dump-module-paths for win32
- - also update two URLs outside of docs/examples
- - fix spelling of filename persistant.c
- - fix three long lines that started failing checksrc.pl
+ - Add an undocumented diagnostic option for Windows to show the full
+ paths of all loaded modules regardless of whether or not libcurl
+ initialization succeeds.
- Closes https://github.com/curl/curl/pull/3036
-
-- examples/Makefile.m32: sync with core [ci skip]
+ This is needed so that in the CI we can get a list of all DLL
+ dependencies after initialization (when they're most likely to have
+ finished loading) and then package them as artifacts so that a
+ functioning build can be downloaded. Also I imagine it may have some use
+ as a diagnostic for help requests.
- also:
- - fix two warnings in synctime.c (one of them Windows-specific)
- - upgrade URLs in synctime.c and remove a broken one
+ Ref: https://github.com/curl/curl/pull/3103
- Closes https://github.com/curl/curl/pull/3033
+ Closes https://github.com/curl/curl/pull/3208
-Daniel Stenberg (22 Sep 2018)
-- examples/parseurl.c: show off the URL API a bit
+- curl_multibyte: fix a malloc overcalculation
- Closes #3030
-
-- SECURITY-PROCESS: mention the bountygraph program [ci skip]
+ Prior to this change twice as many bytes as necessary were malloc'd when
+ converting wchar to UTF8. To allay confusion in the future I also
+ changed the variable name for the amount of bytes from len to bytes.
- Closes #3032
+ Closes https://github.com/curl/curl/pull/3209
-- url: use the URL API internally as well
+Michael Kaufmann (5 Nov 2018)
+- netrc: don't ignore the login name specified with "--user"
- ... to make it a truly unified URL parser.
+ - for "--netrc", don't ignore the login/password specified with "--user",
+ only ignore the login/password in the URL.
+ This restores the netrc behaviour of curl 7.61.1 and earlier.
+ - fix the documentation of CURL_NETRC_REQUIRED
+ - improve the detection of login/password changes when reading .netrc
+ - don't read .netrc if both login and password are already set
- Closes #3017
+ Fixes #3213
+ Closes #3224
-Viktor Szakats (22 Sep 2018)
-- URL and mailmap updates, remove an obsolete directory [ci skip]
-
- Closes https://github.com/curl/curl/pull/3031
+Patrick Monnerat (5 Nov 2018)
+- OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
-Daniel Stenberg (22 Sep 2018)
-- RELEASE-NOTES: synced
+Daniel Stenberg (5 Nov 2018)
+- [Yasuhiro Matsumoto brought this change]
-- configure: force-use -lpthreads on HPUX
-
- When trying to detect pthreads use on HPUX the checks will succeed
- without the correct -l option but then end up failing at run-time.
+ curl: fixed UTF-8 in current console code page (Windows)
- Reported-by: Eason-Yu on github
- Fixes #2697
- Closes #3025
-
-- [Erik Minekus brought this change]
+ Fixes #3211
+ Fixes #3175
+ Closes #3212
- Curl_saferealloc: Fixed typo in docblock
+- TODO: 2.6 multi upkeep
- Closes #3029
+ Closes #3199
-- urlapi: fix support for address scope in IPv6 numerical addresses
+Daniel Gustafsson (5 Nov 2018)
+- unittest: make 1652 stable across collations
- Closes #3024
-
-- [Loganaden Velvindron brought this change]
-
- GnutTLS: TLS 1.3 support
+ The previous coding used a format string whose output depended on the
+ current locale of the environment running the test. Since the gist of
+ the test is to have a format string, with the actual formatting being
+ less important, switch to a more stable formatstring with decimals.
- Closes #2971
+ Reported-by: Marcel Raad
+ Closes #3234
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-- TODO: c-ares and CURLOPT_OPENSOCKETFUNCTION
+Daniel Stenberg (5 Nov 2018)
+- Revert "url: a short host name + port is not a scheme"
- Removed DoH.
+ This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2.
- Closes #2734
+ This commit caused test failures on appveyor/windows. Work on fixing them is
+ in #3235.
-Jay Satiro (20 Sep 2018)
-- vtls: fix ssl version "or later" behavior change for many backends
+- symbols-in-versions: add missing CURLU_ symbols
- - Treat CURL_SSLVERSION_MAX_NONE the same as
- CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use
- the minimum version also as the maximum.
+ ...and fix symbol-scan.pl to also scan urlapi.h
- This is a follow-up to 6015cef which changed the behavior of setting
- the SSL version so that the requested version would only be the minimum
- and not the maximum. It appears it was (mostly) implemented in OpenSSL
- but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to
- mean use just TLS v1.0 and now it means use TLS v1.0 *or later*.
+ Reported-by: Alexey Melnichuk
+ Fixes #3226
+ Closes #3230
+
+Daniel Gustafsson (3 Nov 2018)
+- infof: clearly indicate truncation
- - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL.
+ The internal buffer in infof() is limited to 2048 bytes of payload plus
+ an additional byte for NULL termination. Servers with very long error
+ messages can however cause truncation of the string, which currently
+ isn't very clear, and leads to badly formatted output.
- Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was
- erroneously treated as always TLS 1.3, and would cause an error if
- OpenSSL was built without TLS 1.3 support.
+ This appends a "...\n" (or just "..." in case the format didn't with a
+ newline char) marker to the end of the string to clearly show
+ that it has been truncated.
- Co-authored-by: Daniel Gustafsson
+ Also include a unittest covering infof() to try and catch any bugs
+ introduced in this quite important function.
- Fixes https://github.com/curl/curl/issues/2969
- Closes https://github.com/curl/curl/pull/3012
+ Closes #3216
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-Daniel Stenberg (20 Sep 2018)
-- certs: generate tests certs with sha256 digest algorithm
+Michael Kaufmann (3 Nov 2018)
+- tool_getparam: fix some comments
+
+Daniel Stenberg (3 Nov 2018)
+- url: a short host name + port is not a scheme
- As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:
+ The function identifying a leading "scheme" part of the URL considered a few
+ letters ending with a colon to be a scheme, making something like "short:80"
+ to become an unknown scheme instead of a short host name and a port number.
- "SSL certificate problem: CA signature digest algorithm too weak"
+ Extended test 1560 to verify.
- Closes #3014
+ Reported-by: Hagai Auro
+ Fixes #3220
+ Closes #3223
-- urlapi: document the error codes, remove two unused ones
+- URL: fix IPv6 numeral address parser
- Assisted-by: Daniel Gustafsson
- Closes #3019
+ Regression from 46e164069d1a52. Extended test 1560 to verify.
+
+ Reported-by: tpaukrt on github
+ Fixes #3218
+ Closes #3219
-- urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance
+- travis: remove curl before a normal build
- In order for this API to fully work for libcurl itself, it now offers a
- CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
- name prefix just like libcurl always did. If there's no known prefix, it
- will guess "http://".
+ on Linux. To make sure the test suite runs with its newly build tool and
+ doesn't require an external one present.
- Separately, it relaxes the check of the host name so that IDN host names
- can be passed in as well.
+ Bug: #3198
+ Closes #3200
+
+- [Tim Rühsen brought this change]
+
+ mprintf: avoid unsigned integer overflow warning
- Both these changes are necessary for libcurl itself to use this API.
+ The overflow has no real world impact.
+ Just avoid it for "best practice".
- Assisted-by: Daniel Gustafsson
- Closes #3018
+ Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
+ Closes #3184
-Kamil Dudka (19 Sep 2018)
-- nss: try to connect even if libnssckbi.so fails to load
-
- One can still use CA certificates stored in NSS database.
+- Curl_follow: accept non-supported schemes for "fake" redirects
- Reported-by: Maxime Legros
- Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
+ When not actually following the redirect and the target URL is only
+ stored for later retrieval, curl always accepted "non-supported"
+ schemes. This was a regression from 46e164069d1a5230.
- Closes #3016
+ Reported-by: Brad King
+ Fixes #3210
+ Closes #3215
-Daniel Gustafsson (19 Sep 2018)
-- urlapi: don't set value which is never read
+Daniel Gustafsson (2 Nov 2018)
+- openvms: fix example name
- In the CURLUPART_URL case, there is no codepath which invokes url
- decoding so remove the assignment of the urldecode variable. This
- fixes the deadstore bug-report from clang static analysis.
+ Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to
+ fix the typo in the name, but missed to update the OpenVMS package
+ files which still looked for the old name.
- Closes #3015
+ Closes #3217
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
-- todo: Update reference to already done item
+Daniel Stenberg (1 Nov 2018)
+- configure: show CFLAGS, LDFLAGS etc in summary
- TODO item 1.1 was implemented in commit 946ce5b61f, update reference
- to it with instead referencing the implemented option.
+ To make it easier to understand other people's and remote builds etc.
- Closes #3013
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3207
-Daniel Stenberg (18 Sep 2018)
-- RELEASE-NOTES: synced
+- version: bump for next cycle
-- [slodki brought this change]
+- axtls: removed
+
+ As has been outlined in the DEPRECATE.md document, the axTLS code has
+ been disabled for 6 months and is hereby removed.
+
+ Use a better supported TLS library!
+
+ Assisted-by: Daniel Gustafsson
+ Closes #3194
- cmake: don't require OpenSSL if USE_OPENSSL=OFF
+- [marcosdiazr brought this change]
+
+ schannel: make CURLOPT_CERTINFO support using Issuer chain
- User must have OpenSSL installed even if not used by libcurl at all
- since 7.61.1 release. Broken at
- 7867aaa9a01decf93711428462335be8cef70212
+ Closes #3197
+
+- travis: build with sanitize=address,undefined,signed-integer-overflow
- Reviewed-by: Sergei Nikulov
- Closes #3001
+ ... using clang
+
+ Closes #3190
-- curl_multi_wait: call getsock before figuring out timeout
+- schannel: use Curl_ prefix for global private symbols
- .... since getsock may update the expiry timer.
+ Curl_verify_certificate() must use the Curl_ prefix since it is globally
+ available in the lib and otherwise steps outside of our namespace!
- Fixes #2996
- Closes #3000
+ Closes #3201
-- examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
+Kamil Dudka (1 Nov 2018)
+- tests: drop http_pipe.py script no longer used
- Closes #3004
+ It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135.
+
+ Closes #3204
-Daniel Gustafsson (18 Sep 2018)
-- darwinssl: Fix realloc memleak
+Daniel Stenberg (31 Oct 2018)
+- runtests: use the local curl for verifying
- The reallocation was using the input pointer for the return value, which
- leads to a memory leak on reallication failure. Fix by instead use the
- safe internal API call Curl_saferealloc().
+ ... revert the mistaken change brought in commit 8440616f53.
- Closes #3005
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
+ Reported-by: Alessandro Ghedini
+ Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
+
+ Closes #3198
-- [Kruzya brought this change]
+Version 7.62.0 (30 Oct 2018)
- examples: Fix memory leaks from realloc errors
-
- Make sure to not overwrite the reallocated pointer in realloc() calls
- to avoid a memleak on memory errors.
+Daniel Stenberg (30 Oct 2018)
+- RELEASE-NOTES: 7.62.0
-- memory: add missing curl_printf header
+- THANKS: 7.62.0 status
+
+Daniel Gustafsson (30 Oct 2018)
+- vtls: add MesaLink to curl_sslbackend enum
- ftp_send_command() was using vsnprintf() without including the libcurl
- *rintf() replacement header. Fix by including curl_printf.h and also
- add curl_memory.h while at it since memdebug.h depends on it.
+ MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
+ backend was never added to the curl_sslbackend enum in curl/curl.h.
+ This adds the new backend to the enum and updates the relevant docs.
- Closes #2999
+ Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Daniel Stenberg (16 Sep 2018)
-- [Si brought this change]
+Daniel Stenberg (30 Oct 2018)
+- [Ruslan Baratov brought this change]
- curl: update --tlsv* descriptions in --help output
+ cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable
- Closes #2994
+ Closes #3191
-- http: made Curl_add_buffer functions take a pointer-pointer
-
- ... so that they can clear the original pointer on failure, which makes
- the error-paths and their cleanups easier.
-
- Closes #2992
+- test2080: verify the fix for CVE-2018-16842
-- http2: fix memory leaks on error-path
+- voutf: fix bad arethmetic when outputting warnings to stderr
+
+ CVE-2018-16842
+ Reported-by: Brian Carpenter
+ Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
-- [Rikard Falkeborn brought this change]
+- [Tuomo Rinne brought this change]
- libtest: Add chkdecimalpoint to .gitignore
+ cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in
- Closes #2998
+ Closes #3123
-Viktor Szakats (14 Sep 2018)
-- secure Openwall URLs
+- [Tuomo Rinne brought this change]
-Daniel Stenberg (14 Sep 2018)
-- openssl: show "proper" version number for libressl builds
-
- Closes #2989
+ cmake: add find_dependency call for ZLIB to CMake config file
-- [Rainer Jung brought this change]
+- [Tuomo Rinne brought this change]
- openssl: assume engine support in 0.9.8 or later
-
- Fixes #2983
- Closes #2988
+ cmake: add support for transitive ZLIB target
-Daniel Gustafsson (13 Sep 2018)
-- sendf: use failf() rather than Curl_failf()
+- unit1650: fix "null pointer passed as argument 1 to memcmp"
- The failf() macro is the name used for invoking Curl_failf(). While
- there isn't a way to turn off failf like there is for infof, but it's
- still a good idea to use the macro.
+ Detected by UndefinedBehaviorSanitizer
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3187
-- sendf: Fix whitespace in infof/failf concatenation
-
- Strings broken on multiple rows in the .c file need to have appropriate
- whitespace padding on either side of the concatenation point to render
- a correct amalgamated string. Fix by adding a space at the occurrences
- found.
+- travis: add a "make tidy" build that runs clang-tidy
- Closes #2986
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3182
-- krb5: fix memory leak in krb_auth
-
- The FTP command allocated by aprintf() must be freed after usage.
+- unit1300: fix stack-use-after-scope AddressSanitizer warning
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Closes #3186
-- ftp: include command in Curl_ftpsend sendbuffer
-
- Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed
- the actual command to be sent from the send buffer in a refactoring.
- Add back copying the command into the buffer. Also add more guards
- against malformed input while at it.
+- Curl_auth_create_plain_message: fix too-large-input-check
- Closes #2985
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ CVE-2018-16839
+ Reported-by: Harry Sintonen
+ Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
-- ntlm_wb: Fix memory leaks in ntlm_wb_response
+- Curl_close: clear data->multi_easy on free to avoid use-after-free
- When erroring out on a request being too large, the existing buffer was
- leaked. Fix by explicitly freeing on the way out.
+ Regression from b46cfbc068 (7.59.0)
+ CVE-2018-16840
+ Reported-by: Brian Carpenter (Geeknik Labs)
- Closes #2966
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (13 Sep 2018)
-- [Yiming Jing brought this change]
-
- travis: build the MesaLink vtls backend with MesaLink 0.7.1
-
-- [Yiming Jing brought this change]
-
- runtests.pl: run tests against the MesaLink vtls backend
+ Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
-- [Yiming Jing brought this change]
+- [randomswdev brought this change]
- vtls: add a MesaLink vtls backend
+ system.h: use proper setting with Sun C++ as well
- Closes #2984
+ system.h selects the proper Sun settings when __SUNPRO_C is defined. The
+ Sun compiler does not define it when compiling C++ files. I'm adding a
+ check also on __SUNPRO_CC to allow curl to work properly also when used
+ in a C++ project on Sun Solaris.
+
+ Closes #3181
-- [Yiming Jing brought this change]
+- rand: add comment to skip a clang-tidy false positive
- configure.ac: add a MesaLink vtls backend
+- test1651: unit test Curl_extract_certinfo()
+
+ The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
-- [Dave Reisner brought this change]
+- x509asn1: always check return code from getASN1Element()
- curl_url_set.3: properly escape \n in example code
+- Makefile: add 'tidy' target that runs clang-tidy
- This yields
+ Available in the root, src and lib dirs.
- "the scheme is %s\n"
+ Closes #3163
+
+- RELEASE-PROCEDURE: adjust the release dates
- instead of
+ See: https://curl.haxx.se/mail/lib-2018-10/0107.html
+
+Patrick Monnerat (27 Oct 2018)
+- x509asn1: suppress left shift on signed value
- "the scheme is %s0
+ Use an unsigned variable: as the signed operation behavior is undefined,
+ this change silents clang-tidy about it.
- Closes #2970
+ Ref: https://github.com/curl/curl/pull/3163
+ Reported-By: Daniel Stenberg
-- [Dave Reisner brought this change]
+Michael Kaufmann (27 Oct 2018)
+- multi: Fix error handling in the SENDPROTOCONNECT state
+
+ If Curl_protocol_connect() returns an error code,
+ handle the error instead of switching to the next state.
+
+ Closes #3170
- curl_url_set.3: fix typo in reference to CURLU_APPENDQUERY
+Daniel Stenberg (27 Oct 2018)
+- RELEASE-NOTES: synced
-- urlglob: improve error message
-
- to help user understand what the problem is
+- openssl: output the correct cipher list on TLS 1.3 error
- Reported-by: Daniel Shahaf
+ When failing to set the 1.3 cipher suite, the wrong string pointer would
+ be used in the error message. Most often saying "(nil)".
- Fixes #2763
- Closes #2977
-
-- [Yiming Jing brought this change]
+ Reported-by: Ricky-Tigg on github
+ Fixes #3178
+ Closes #3180
- tests/certs: rebuild certs with 2048-bit RSA keys
+- docs/CIPHERS: fix the TLS 1.3 cipher names
- The previous test certificates contained RSA keys of only 1024 bits.
- However, RSA claims that 1024-bit RSA keys are likely to become
- crackable some time before 2010. The NIST recommends at least 2048-bit
- keys for RSA for now.
+ ... picked straight from the OpenSSL man page:
+ https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
- Better use full 2048 also for testing.
+ Reported-by: Ricky-Tigg on github
+ Bug: #3178
+
+Marcel Raad (27 Oct 2018)
+- travis: install gnutls-bin package
- Closes #2973
+ This is required for gnutls-serv, which enables a few more tests.
+
+ Closes https://github.com/curl/curl/pull/2958
-Daniel Gustafsson (12 Sep 2018)
-- TODO: fix typo in item
+Daniel Gustafsson (26 Oct 2018)
+- ssh: free the session on init failures
- Closes #2968
+ Ensure to clear the session object in case the libssh2 initialization
+ fails.
+
+ It could be argued that the libssh2 error function should be called to
+ get a proper error message in this case. But since the only error path
+ in libssh2_knownhost_init() is memory a allocation failure it's safest
+ to avoid since the libssh2 error handling allocates memory.
+
+ Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Marcel Raad (12 Sep 2018)
-- anyauthput: fix compiler warning on 64-bit Windows
-
- On Windows, the read function from <io.h> is used, which has its byte
- count parameter as unsigned int instead of size_t.
+Daniel Stenberg (26 Oct 2018)
+- docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
- Closes https://github.com/curl/curl/pull/2972
+ ... I'm moving it up one week due to travels. The rest stays.
+
+- [Daniel Gustafsson brought this change]
-Viktor Szakats (12 Sep 2018)
-- lib: fix gcc8 warning on Windows
+ openssl: make 'done' a proper boolean
- Closes https://github.com/curl/curl/pull/2979
+ Closes #3176
-Jay Satiro (12 Sep 2018)
-- openssl: fix gcc8 warning
+- gtls: Values stored to but never read
- - Use memcpy instead of strncpy to copy a string without termination,
- since gcc8 warns about using strncpy to copy as many bytes from a
- string as its length.
+ Detected by clang-tidy
- Suggested-by: Viktor Szakats
+ Closes #3176
+
+- [Alexey Eremikhin brought this change]
+
+ curl.1: --ipv6 mutexes ipv4 (fixed typo)
- Closes https://github.com/curl/curl/issues/2980
+ Fixes #3171
+ Closes #3172
-Daniel Stenberg (10 Sep 2018)
-- libcurl-url.3: overview man page for the URL API
+- tool_main: make TerminalSettings static
- Closes #2967
+ Reported-by: Gisle Vanem
+ Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819
+ Closes #3161
-- example/asiohiper: insert warning comment about its status
+- curl-config.in: remove dependency on bc
- This example is simply not working correctly but there's nobody around
- with the skills and energy to fix it.
+ Reported-by: Dima Pasechnik
+ Fixes #3143
+ Closes #3174
+
+- [Gisle Vanem brought this change]
+
+ rtmp: fix for compiling with lwIP
- Closes #2407
+ Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
+ curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt'
+ setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
+ ^
+ curl_rtmp.c(41,32): note: expanded from macro 'setsockopt'
+ #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
+ ^
+ Closes #3155
-Kamil Dudka (10 Sep 2018)
-- docs/cmdline-opts: update the documentation of --tlsv1.0
+- configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
- ... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
+ Follow-up to #3166 which did the cmake part of this. This type/define is
+ not used.
- Closes #2955
+ Closes #3168
-- docs/examples: do not wait when no transfers are running
+- [Ruslan Baratov brought this change]
+
+ cmake: remove unused variables
- Closes #2948
+ Remove variables:
+ * HAVE_SOCKLEN_T
+ * CURL_SIZEOF_CURL_SOCKLEN_T
+ * CURL_TYPEOF_CURL_SOCKLEN_T
+
+ Closes #3166
-Daniel Stenberg (10 Sep 2018)
-- [Daniel Gustafsson brought this change]
+Michael Kaufmann (25 Oct 2018)
+- urldata: Fix comment in header
+
+ The "connecting" function is used by multiple protocols, not only FTP
- cookies: Move failure case label to end of function
+- netrc: free temporary strings if memory allocation fails
- Rather than jumping backwards to where failure cleanup happens
- to be performed, move the failure case to end of the function
- where it is expected per existing coding convention.
+ - Change the inout parameters after all needed memory has been
+ allocated. Do not change them if something goes wrong.
+ - Free the allocated temporary strings if strdup() fails.
- Closes #2965
+ Closes #3122
-- [Daniel Gustafsson brought this change]
+Daniel Stenberg (24 Oct 2018)
+- [Ruslan Baratov brought this change]
- misc: fix typos in comments
+ config: Remove unused SIZEOF_VOIDP
- Closes #2963
+ Closes #3162
-- [Daniel Gustafsson brought this change]
+- RELEASE-NOTES: synced
- cookies: fix leak when writing cookies to file
-
- If the formatting fails, we error out on a fatal error and
- clean up on the way out. The array was however freed within
- the wrong scope and was thus never freed in case the cookies
- were written to a file instead of STDOUT.
-
- Closes #2957
+GitHub (23 Oct 2018)
+- [Gisle Vanem brought this change]
-- [Daniel Gustafsson brought this change]
+ Fix for compiling with lwIP (3)
+
+ lwIP on Windows does not have a WSAIoctl() function.
+ But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing.
- cookies: Remove redundant expired check
+Daniel Stenberg (23 Oct 2018)
+- Curl_follow: return better errors on URL problems
- Expired cookies have already been purged at a later expiration time
- before this check, so remove the redundant check.
+ ... by making the converter function global and accessible.
- closes #2962
+ Closes #3153
-- ntlm_wb: bail out if the response gets overly large
+- Curl_follow: remove remaining free(newurl)
- Exit the realloc() loop if the response turns out ridiculously large to
- avoid worse problems.
+ Follow-up to 05564e750e8f0c. This function no longer frees the passed-in
+ URL.
- Reported-by: Harry Sintonen
- Closes #2959
-
-- [Daniel Gustafsson brought this change]
+ Reported-by: Michael Kaufmann
+ Bug: https://github.com/curl/curl/commit/05564e750e8f0c79016c680f301ce251e6e86155#commitcomm
+ ent-30985666
- url.c: fix comment typo and indentation
+Daniel Gustafsson (23 Oct 2018)
+- headers: end all headers with guard comment
- Closes #2960
-
-- urlapi: avoid derefencing a possible NULL pointer
+ Most headerfiles end with a /* <headerguard> */ comment, but it was
+ missing from some. The comment isn't the most important part of our
+ code documentation but consistency has an intrinsic value in itself.
+ This adds header guard comments to the files that were lacking it.
- Coverity CID 1439134
-
-- RELEASE-NOTES: synced
+ Closes #3158
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Marcel Raad (8 Sep 2018)
-- test324: fix after 3f3b26d6feb0667714902e836af608094235fca2
+Jay Satiro (23 Oct 2018)
+- CIPHERS.md: Mention the options used to set TLS 1.3 ciphers
- The expected error code is now 60. 51 is dead.
-
-Daniel Stenberg (8 Sep 2018)
-- curl_url_set.3: correct description
-
-- curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0
+ Closes https://github.com/curl/curl/pull/3159
-- URL-API
+Daniel Stenberg (20 Oct 2018)
+- docs/BUG-BOUNTY: the sponsors actually decide the amount
- See header file and man pages for API. All documented API details work
- and are tested in the 1560 test case.
+ Retract the previous approach as the sponsors will be the ones to set the
+ final amounts.
- Closes #2842
+ Closes #3152
+ [ci skip]
-- curl_easy_upkeep: removed 'conn' from the name
+- multi: avoid double-free
- ... including the associated option.
+ Curl_follow() no longer frees the string. Make sure it happens in the
+ caller function, like we normally handle allocations.
- Fixes #2951
- Closes #2952
-
-- [Max Dymond brought this change]
-
- upkeep: add a connection upkeep API: curl_easy_conn_upkeep()
+ This bug was introduced with the use of the URL API internally, it has
+ never been in a release version
- Add functionality so that protocols can do custom keepalive on their
- connections, when an external API function is called.
+ Reported-by: Dario Weißer
+ Closes #3149
+
+- multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
- Add docs for the new options in 7.62.0
+ Otherwise, closing that handle can still cause surprises!
- Closes #1641
+ Reported-by: Martin Ankerl
+ Fixes #3138
+ Closes #3147
-- [Philipp Waehnert brought this change]
+Marcel Raad (19 Oct 2018)
+- VS projects: add USE_IPV6
+
+ The Visual Studio builds didn't use IPv6. Add it to all projects since
+ Visual Studio 2008, which is verified to build via AppVeyor.
+
+ Closes https://github.com/curl/curl/pull/3137
- configure: add option to disable automatic OpenSSL config loading
+- config_win32: enable LDAPS
- Sometimes it may be considered a security risk to load an external
- OpenSSL configuration automatically inside curl_global_init(). The
- configuration option --disable-ssl-auto-load-config disables this
- automatism. The Windows build scripts winbuild/Makefile.vs provide a
- corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
- value.
+ As done in the autotools and CMake builds by default.
- Setting neither of these options corresponds to the previous behavior
- loading the external OpenSSL configuration automatically.
+ Closes https://github.com/curl/curl/pull/3137
+
+Daniel Stenberg (18 Oct 2018)
+- travis: add build for "configure --disable-verbose"
- Fixes #2724
- Closes #2791
+ Closes #3144
-- doh: minor edits to please Coverity
+Kamil Dudka (17 Oct 2018)
+- tool_cb_hdr: handle failure of rename()
- The gcc typecheck macros and coverity combined made it warn on the 2nd
- argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.
+ Detected by Coverity.
- Coverity CID 1439115 and CID 1439114.
+ Closes #3140
+ Reviewed-by: Jay Satiro
-- schannel: avoid switch-cases that go to default anyway
-
- SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
- mingw and would require an ifdef otherwise.
+Daniel Stenberg (17 Oct 2018)
+- RELEASE-NOTES: synced
+
+- docs/SECURITY-PROCESS: the hackerone IBB program drops curl
- Reported-by: Thomas Glanzmann
- Approved-by: Marc Hörsken
- Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
- Closes #2950
+ ... now there's only BountyGraph.
-- [Nicklas Avén brought this change]
+Jay Satiro (16 Oct 2018)
+- [Matthew Whitehead brought this change]
- imap: change from "FETCH" to "UID FETCH"
+ x509asn1: Fix SAN IP address verification
- ... and add "MAILINDEX".
+ For IP addresses in the subject alternative name field, the length
+ of the IP address (and hence the number of bytes to perform a
+ memcmp on) is incorrectly calculated to be zero. The code previously
+ subtracted q from name.end. where in a successful case q = name.end
+ and therefore addrlen equalled 0. The change modifies the code to
+ subtract name.beg from name.end to calculate the length correctly.
- As described in #2789, this is a suggested solution. Changing UID=xx to
- actually get mail with UID xx and add "MAILINDEX" to get a mail with a
- special index in the mail box (old behavior). So MAILINDEX=1 gives the
- first non deleted mail in the mail box.
+ The issue only affects libcurl with GSKit SSL, not other SSL backends.
+ The issue is not a security issue as IP verification would always fail.
- Fixes #2789
- Closes #2815
+ Fixes #3102
+ Closes #3141
-- CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
+Daniel Gustafsson (15 Oct 2018)
+- INSTALL: mention mesalink in TLS section
- This is step 3 of #2888.
+ Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the
+ MesaLink vtls backend, but missed updating the TLS section containing
+ supported backends in the docs.
- Fixes #2888
- Closes #2896
-
-- travis: add the DOH tests to the torture testing
-
-- DOH: add test case 1650 and 2100
-
-- curl: --doh-url added
+ Closes #3134
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- setopt: add CURLOPT_DOH_URL
+Marcel Raad (14 Oct 2018)
+- nonblock: fix unused parameter warning
- Closes #2668
-
-- [Han Han brought this change]
+ If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not
+ used.
- ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
+Michael Kaufmann (13 Oct 2018)
+- Curl_follow: Always free the passed new URL
- Long live CURLE_PEER_FAILED_VERIFICATION
+ Closes #3124
-- [Han Han brought this change]
+Viktor Szakats (12 Oct 2018)
+- replace rawgit links [ci skip]
+
+ Ref: https://rawgit.com/ "RawGit has reached the end of its useful life"
+ Ref: https://news.ycombinator.com/item?id=18202481
+ Closes https://github.com/curl/curl/pull/3131
- x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
+Daniel Stenberg (12 Oct 2018)
+- docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018
- CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
- does not allocate memory internally as its first argument is a pointer
- to the certificate structure. The same error code is also returned by
- Curl_verifyhost when its call to Curl_parseX509 fails so the change
- makes error handling more consistent.
+ [ci skip]
-- [Han Han brought this change]
+- travis: make distcheck scan for BOM markers
+
+ and remove BOM from projects/wolfssl_override.props
+
+ Closes #3126
- openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
+Marcel Raad (11 Oct 2018)
+- CMake: remove BOM
- Failure to extract the issuer name from the server certificate should
- return a more specific error code like on other TLS backends.
+ Accidentally aded in commit 1bb86057ff07083deeb0b00f8ad35879ec4d03ea.
+
+ Reported-by: Viktor Szakats
+ Ref: https://github.com/curl/curl/pull/3120#issuecomment-428673136
-- [Han Han brought this change]
+Daniel Gustafsson (10 Oct 2018)
+- transfer: fix typo in comment
- schannel: unified error code handling
+Michael Kaufmann (10 Oct 2018)
+- docs: add "see also" links for SSL options
- Closes #2901
-
-- [Han Han brought this change]
+ - link TLS 1.2 and TLS 1.3 options
+ - link proxy and non-proxy options
+
+ Closes #3121
- darwinssl: more specific and unified error codes
+Marcel Raad (10 Oct 2018)
+- AppVeyor: remove BDIR variable that sneaked in again
- Closes #2901
+ Removed in ae762e1abebe3a5fe75658583c85059a0957ef6e, accidentally added
+ again in 9f3be5672dc4dda30ab43e0152e13d714a84d762.
-- CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
+- CMake: disable -Wpedantic-ms-format
- Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
- deprecation and complete removal in six months.
+ As done in the autotools build. This is required for MinGW, which
+ supports only %I64 for printing 64-bit values, but warns about it.
- Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
- Closes #2942
+ Closes https://github.com/curl/curl/pull/3120
-- url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
+Viktor Szakats (9 Oct 2018)
+- ldap: show precise LDAP call in error message on Windows
- Closes #2709
-
-- multiplex: enable by default
+ Also add a unique but common text ('bind via') to make it
+ easy to grep this specific failure regardless of platform.
- Starting 7.62.0, multiplexing is enabled by default in multi handles.
+ Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468
+ Closes https://github.com/curl/curl/pull/3118
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-- [Jim Fuller brought this change]
+Daniel Stenberg (9 Oct 2018)
+- docs/DEPRECATE: minor reformat to render nicer on web
- tests: add unit tests for url.c
+Daniel Gustafsson (9 Oct 2018)
+- CURLOPT_SSL_VERIFYSTATUS: Fix typo
- Approved-by: Daniel Gustafsson
- Closes #2937
+ Changes s/OSCP/OCSP/ and bumps the copyright year due to the change.
-- test1452: mark as flaky
+Marcel Raad (9 Oct 2018)
+- curl_setup: define NOGDI on Windows
- makes it not run in the CI builds
+ This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h>
+ on MinGW.
- Closes #2941
+ Closes https://github.com/curl/curl/pull/3113
-- pipelining: deprecated
-
- Transparently. The related curl_multi_setopt() options all still returns
- OK when pipelining is selected.
-
- To re-enable the support, the single line change in lib/multi.c needs to
- be reverted.
+- Windows: fixes for MinGW targeting Windows Vista
- See docs/DEPRECATE.md
+ Classic MinGW has neither InitializeCriticalSectionEx nor
+ GetTickCount64, independent of the target Windows version.
- Closes #2705
-
-- RELEASE-NOTES: start working on 7.62.0
-
-Version 7.61.1 (4 Sep 2018)
-
-Daniel Stenberg (4 Sep 2018)
-- THANKS: 7.61.1 status
+ Closes https://github.com/curl/curl/pull/3113
-- RELEASE-NOTES: 7.61.1
+Daniel Stenberg (8 Oct 2018)
+- TODO: fixed 'API for URL parsing/splitting'
-- Curl_getoff_all_pipelines: ignore unused return values
+Daniel Gustafsson (8 Oct 2018)
+- KNOWN_BUGS: Fix various typos
- Since scan-build would warn on the dead "Dead store/Dead increment"
+ Closes #3112
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Viktor Szakats (4 Sep 2018)
-- sftp: fix indentation
+Viktor Szakats (8 Oct 2018)
+- spelling fixes [ci skip]
+
+ as detected by codespell 1.14.0
+
+ Closes https://github.com/curl/curl/pull/3114
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
-Daniel Stenberg (4 Sep 2018)
-- [Przemysław Tomaszewski brought this change]
+Daniel Stenberg (8 Oct 2018)
+- RELEASE-NOTES: synced
- sftp: don't send post-qoute sequence when retrying a connection
+- curl_ntlm_wb: check aprintf() return codes
- Fixes #2939
- Closes #2940
+ ... when they return NULL we're out of memory and MUST return failure.
+
+ closes #3111
-Kamil Dudka (3 Sep 2018)
-- url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
+- docs/BUG-BOUNTY: proposed additional docs
- This is a follow-up to PR #2607 and PR #2926.
+ Bug bounty explainer. See https://bountygraph.com/programs/curl
- Closes #2936
+ Closes #3067
-Daniel Stenberg (3 Sep 2018)
-- [Jay Satiro brought this change]
+- [Rick Deist brought this change]
- tool_operate: Add http code 408 to transient list for --retry
-
- - Treat 408 request timeout as transient so that curl will retry the
- request if --retry was used.
+ hostip: fix check on Curl_shuffle_addr return value
- Closes #2925
-
-- [Jay Satiro brought this change]
+ Closes #3110
- openssl: Fix setting TLS 1.3 cipher suites
+- FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
- The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
- missing.
+ Now FILE transfers send headers to the header callback like HTTP and
+ other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
+ work for FILE in the callbacks.
- Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
- Reported-by: Kamil Dudka
+ Makes "curl -i file://.." and "curl -I file://.." work like before
+ again. Applied the bold header logic to them too.
- Closes #2926
-
-- Curl_ntlm_core_mk_nt_hash: return error on too long password
+ Regression from c1c2762 (7.61.0)
- ... since it would cause an integer overflow if longer than (max size_t
- / 2).
+ Reported-by: Shaun Jackman
+ Fixes #3083
+ Closes #3101
+
+Daniel Gustafsson (7 Oct 2018)
+- gskit: make sure to terminate version string
- This is CVE-2018-14618
+ In case a very small buffer was passed to the version function, it could
+ result in the buffer not being NULL-terminated since strncpy() doesn't
+ guarantee a terminator on an overflowed buffer. Rather than adding code
+ to terminate (and handle zero-sized buffers), move to using snprintf()
+ instead like all the other vtls backends.
- Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
- Closes #2756
- Reported-by: Zhaoyang Wu
-
-- [Rikard Falkeborn brought this change]
+ Closes #3105
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Viktor Szakats <commit@vszakats.net>
- http2: Use correct format identifier for stream_id
+- TODO: add LD_PRELOAD support on macOS
- Closes #2928
+ Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394.
-Marcel Raad (2 Sep 2018)
-- test1148: fix precheck output
+- runtests: skip ld_preload tests on macOS
- "precheck command error" is not very helpful.
+ The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests
+ requiring it.
+
+ Fixes #2394
+ Closes #3106
+ Reported-by: Github user @jakirkham
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-Daniel Stenberg (1 Sep 2018)
-- all: s/int/size_t cleanup
+Marcel Raad (7 Oct 2018)
+- AppVeyor: use Debug builds to run tests
- Assisted-by: Rikard Falkeborn
+ This enables more tests.
- Closes #2922
-
-- ssh-libssh: use FALLTHROUGH to silence gcc8
-
-Jay Satiro (31 Aug 2018)
-- tool_operate: Fix setting proxy TLS 1.3 ciphers
+ Closes https://github.com/curl/curl/pull/3104
-Daniel Stenberg (31 Aug 2018)
-- [Daniel Gustafsson brought this change]
+- AppVeyor: add HTTP_ONLY build
+
+ Closes https://github.com/curl/curl/pull/3104
- cookies: support creation-time attribute for cookies
+- AppVeyor: add WinSSL builds
- According to RFC6265 section 5.4, cookies with equal path lengths
- SHOULD be sorted by creation-time (earlier first). This adds a
- creation-time record to the cookie struct in order to make cookie
- sorting more deterministic. The creation-time is defined as the
- order of the cookies in the jar, the first cookie read fro the
- jar being the oldest. The creation-time is thus not serialized
- into the jar. Also remove the strcmp() matching in the sorting as
- there is no lexicographic ordering in RFC6265. Existing tests are
- updated to match.
+ Use the oldest and latest Windows SDKs for them.
+ Also, remove all but one OpenSSL build.
- Closes #2524
+ Closes https://github.com/curl/curl/pull/3104
-Marcel Raad (31 Aug 2018)
-- Don't use Windows path %PWD for SSH tests
+- AppVeyor: add remaining Visual Studio versions
- All these tests failed on Windows because something like
- sftp://%HOSTIP:%SSHPORT%PWD/
- expanded to
- sftp://127.0.0.1:1234c:/msys64/home/bla/curl
- and then curl complained about the port number ending with a letter.
+ This adds Visual Studio 9 and 10 builds.
+ There's no 64-bit VC9 compiler on AppVeyor, so use it as the Win32
+ build. Also, VC9 cannot be used for running the test suite.
- Use the original POSIX path instead of the Windows path created in
- checksystem to fix this.
+ Closes https://github.com/curl/curl/pull/3104
+
+- AppVeyor: break long line
- Closes https://github.com/curl/curl/pull/2920
+ Closes https://github.com/curl/curl/pull/3104
-Jay Satiro (29 Aug 2018)
-- CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning
+- AppVeyor: remove unused BDIR variable
- Reported-by: Daniel Stenberg
+ Closes https://github.com/curl/curl/pull/3104
+
+Daniel Stenberg (6 Oct 2018)
+- test2100: test DoH using IPv4-only
- Closes https://github.com/curl/curl/issues/2916
+ To make it only send one DoH request and avoid the race condition that
+ could lead to the requests getting sent in reversed order and thus
+ making it hard to compare in the test case.
+
+ Fixes #3107
+ Closes #3108
-Daniel Stenberg (28 Aug 2018)
-- THANKS-filter: dedup Daniel Jeliński
+- tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too
+
+ [ci skip]
- RELEASE-NOTES: synced
-- CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip]
+- [Dmitry Kostjuchenko brought this change]
-- CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip]
-
- Added a warning!
+ timeval: fix use of weak symbol clock_gettime() on Apple platforms
- Closes #2915
+ Closes #3048
-- curl: fix time-of-check, time-of-use race in dir creation
+- doh: keep the IPv4 address in (original) network byte order
- Patch-by: Jay Satiro
- Detected by Coverity
- Fixes #2739
- Closes #2912
-
-- cmdline-opts/page-footer: fix edit mistake
+ Ideally this will fix the reversed order shown in SPARC tests:
- There was a missing newline.
+ resp 8: Expected 127.0.0.1 got 1.0.0.127
- follow-up to a7ba60bb7250
+ Closes #3091
-- docs: clarify NO_PROXY env variable functionality
-
- Reported-by: Kirill Marchuk
- Fixes #2773
- Closes #2911
+Jay Satiro (5 Oct 2018)
+- INTERNALS.md: wrap lines longer than 79
-Marcel Raad (24 Aug 2018)
-- lib1522: fix curl_easy_setopt argument type
+Daniel Gustafsson (5 Oct 2018)
+- INTERNALS: escape reference to parameter
- CURLOPT_POSTFIELDSIZE is a long option.
+ The parameter reference <string> was causing rendering issues in the
+ generated HTML page, as <string> isn't a valid HTML tag. Fix by back-
+ tick escaping it.
+
+ Closes #3099
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- curl_threads: silence bad-function-cast warning
+- checksrc: handle zero scoped ignore commands
- As uintptr_t and HANDLE are always the same size, this warning is
- harmless. Just silence it using an intermediate uintptr_t variable.
+ If a !checksrc! disable command specified to ignore zero errors, it was
+ still added to the ignore block even though nothing was ignored. While
+ there were no blocks ignored that shouldn't be ignored, the processing
+ ended with with a warning:
- Closes https://github.com/curl/curl/pull/2908
-
-Daniel Stenberg (24 Aug 2018)
-- README: add appveyor build badge [ci skip]
+ <filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE)
+ /* !checksrc! disable LONGLINE 0 */
+ ^
+ Fix by instead treating a zero ignore as a a badcommand and throw a
+ warning for that one.
- Closes #2913
-
-- [Ihor Karpenko brought this change]
+ Closes #3096
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- schannel: client certificate store opening fix
-
- 1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
- while opening certificate store would be sufficient in this scenario and
- less-demanding in sense of required user credentials ( for example,
- IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
- call without any of flags mentioned above ),
+- checksrc: enable strict mode and warnings
- 2) as 'cert_store_name' is a DWORD, attempt to format its value like a
- string ( in "Failed to open cert store" error message ) will throw null
- pointer exception
+ Enable strict and warnings mode for checksrc to ensure we aren't missing
+ anything due to bugs in the checking code. This uncovered a few things
+ which are all fixed in this commit:
- 3) adding GetLastError(), in my opinion, will make error message more
- useful.
+ * several variables were used uninitialized
+ * several variables were not defined in the correct scope
+ * the whitelist filehandle was read even if the file didn't exist
+ * the enable_warn() call when a disable counter had expired was passing
+ incorrect variables, but since the checkwarn() call is unlikely to hit
+ (the counter is only decremented to zero on actual ignores) it didn't
+ manifest a problem.
- Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
+ Closes #3090
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+
+Marcel Raad (5 Oct 2018)
+- CMake: suppress MSVC warning C4127 for libtest
- Closes #2909
+ It's issued by older Windows SDKs (prior to version 8.0).
-- [Leonardo Taccari brought this change]
+Sergei Nikulov (5 Oct 2018)
+- Merge branch 'dmitrykos-fix_missing_CMake_defines'
- gopher: Do not translate `?' to `%09'
+- [Dmitry Kostjuchenko brought this change]
+
+ cmake: test and set missed defines during configuration
- Since GOPHER support was added in curl `?' character was automatically
- translated to `%09' (`\t').
+ Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC.
- However, this behaviour does not seems documented in RFC 4266 and for
- search selectors it is documented to directly use `%09' in the URL.
- Apart that several gopher servers in the current gopherspace have CGI
- support where `?' is used as part of the selector and translating it to
- `%09' often leads to surprising results.
+ Closes #3097
+
+Marcel Raad (5 Oct 2018)
+- AppVeyor: disable test 500
- Closes #2910
+ It almost always results in
+ "starttransfer vs total: 0.000001 0.000000".
+ I cannot reproduce this locally, so disable it for now.
+
+ Closes https://github.com/curl/curl/pull/3100
-Marcel Raad (23 Aug 2018)
-- cookie tests: treat files as text
+- AppVeyor: set custom install prefix
- Fixes test failures because of wrong line endings on Windows.
+ CMake's default has spaces and in 32-bit mode parentheses, which result
+ in syntax errors in curl-config.
+
+ Closes https://github.com/curl/curl/pull/3100
-Daniel Stenberg (23 Aug 2018)
-- libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
+- AppVeyor: Remove non-SSL non-test builds
- Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to
- avoid the risk of getting a SIGPIPE.
+ They don't add much value.
- Either way, a multi-threaded application that uses libcurl/openssl needs
- to have a signhandler for or ignore SIGPIPE on its own.
+ Closes https://github.com/curl/curl/pull/3100
+
+- AppVeyor: run test suite
- Based on discussions in #2800
- Closes #2904
+ Use the preinstalled MSYS2 bash for that.
+ Disable test 1139 as the CMake build doesn't generate curl.1.
+
+ Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224
+ Closes https://github.com/curl/curl/pull/3100
-- RELEASE-NOTES: synced
+- AppVeyor: use in-tree build
+
+ Required to run the tests.
+
+ Closes https://github.com/curl/curl/pull/3100
-Marcel Raad (22 Aug 2018)
-- Tests: fixes for Windows
+Daniel Stenberg (4 Oct 2018)
+- doh: make sure TTL isn't re-inited by second (discarded?) response
- - test 1268 requires unix sockets
- - test 2072 must be disabled also for MSYS/MinGW
+ Closes #3092
-Daniel Stenberg (22 Aug 2018)
-- http2: abort the send_callback if not setup yet
+- test320: strip out more HTML when comparing
- When Curl_http2_done() gets called before the http2 data is setup all
- the way, we cannot send anything and this should just return an error.
+ To make the test case work with different gnutls-serv versions better.
- Detected by OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
+ Reported-by: Kamil Dudka
+ Fixes #3093
+ Closes #3094
-- http2: remove four unused nghttp2 callbacks
+Marcel Raad (4 Oct 2018)
+- runtests: use Windows paths for Windows curl
- Closes #2903
+ curl generated by CMake's Visual Studio generator has "Windows" in the
+ version number.
-- x509asn1: use FALLTHROUGH
+Daniel Stenberg (4 Oct 2018)
+- [Colin Hogben brought this change]
+
+ tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
- ... as no other comments are accepted since 014ed7c22f51463
+ Fix problems caused by differences in treatment of bytes objects between
+ python2 and python3.
+
+ Fixes #2929
+ Closes #3080
-Marcel Raad (21 Aug 2018)
-- test1148: disable if decimal separator is not point
+Daniel Gustafsson (3 Oct 2018)
+- memory: ensure to check allocation results
+
+ The result of a memory allocation should always be checked, as we may
+ run under memory pressure where even a small allocation can fail. This
+ adds checking and error handling to a few cases where the allocation
+ wasn't checked for success. In the ftp case, the freeing of the path
+ variable is moved ahead of the allocation since there is little point
+ in keeping it around across the strdup, and the separation makes for
+ more readable code. In nwlib, the lock is aslo freed in the error path.
- Modifying the locale with environment variables doesn't work for native
- Windows applications. Just disable the test in this case if the decimal
- separator is something different than a point. Use a precheck with a
- small C program to achieve that.
+ Also bumps the copyright years on affected files.
- Closes https://github.com/curl/curl/pull/2786
+ Closes #3084
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- Enable more GCC warnings
+- comment: Fix multiple typos in function parameters
- This enables the following additional warnings:
- -Wold-style-definition
- -Warray-bounds=2 instead of the default 1
- -Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not
- respected for older versions
- -Wunused-const-variable, which enables level 2 instead of the default 1
- -Warray-bounds also in debug mode through -ftree-vrp
- -Wnull-dereference also in debug mode through
- -fdelete-null-pointer-checks
+ Ensure that the parameters in the comment match the actual names in the
+ prototype.
- Closes https://github.com/curl/curl/pull/2747
+ Closes #3079
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
+- CURLOPT_SSLVERSION.3: fix typos and consistent spelling
- This enables level 4 instead of the default level 3, which of the
- currently used comments only allows /* FALLTHROUGH */ to silence the
- warning.
+ Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was
+ already done in all but a few cases. Also fix a few typos.
- Closes https://github.com/curl/curl/pull/2747
+ Closes #3076
+ Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- curl-compilers: enable -Wbad-function-cast on GCC
+- SECURITY-PROCESS: make links into hyperlinks
- This warning used to be enabled only for clang as it's a bit stricter
- on GCC. Silence the remaining occurrences and enable it on GCC too.
+ Use proper Markdown hyperlink format for the Bountygraph links in order
+ for the generated website page to be more user friendly. Also link to
+ the sponsors to give them a little extra credit.
- Closes https://github.com/curl/curl/pull/2747
+ Closes #3082
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- configure: conditionally enable pedantic-errors
+Jay Satiro (3 Oct 2018)
+- CURLOPT_HEADER.3: fix typo
+
+- nss: fix nssckbi module loading on Windows
- Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
- pedantic-errors was synonymous to -Werror=pedantic [0], which is still
- the case for clang [1]. With GCC 5, it became complementary [2].
+ - Use .DLL extension instead of .so to load modules on Windows.
- Also fix a resulting error in acinclude.m4 as main's return type was
- missing, which is illegal in C99.
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
+ Reported-by: Maxime Legros
- [0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
- [1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
- [2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html
+ Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442
- Closes https://github.com/curl/curl/pull/2747
+ Closes https://github.com/curl/curl/pull/3086
-- Remove unused definitions
+- data-binary.d: clarify default content-type is x-www-form-urlencoded
- Closes https://github.com/curl/curl/pull/2747
-
-Daniel Stenberg (21 Aug 2018)
-- x509asn1: make several functions static
+ - Advise user that --data-binary sends a default content type of
+ x-www-form-urlencoded, and to have the data treated as arbitrary
+ binary data by the server set the content-type header to octet-stream.
- and remove the private SIZE_T_MAX define and use the generic one.
+ Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094
- Closes #2902
+ Closes https://github.com/curl/curl/pull/3085
-- INTERNALS: require GnuTLS >= 2.11.3
+Marcel Raad (2 Oct 2018)
+- test1299: use single quotes around asterisk
- Since the public pinning support was brought in e644866caf4. GnuTLS
- 2.11.3 was released in October 2010.
+ Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580
+
+Daniel Stenberg (2 Oct 2018)
+- docs/CIPHERS: mention the colon separation for OpenSSL
- Figured out in #2890
+ Bug: #3077
-- http2: avoid set_stream_user_data() before stream is assigned
+- runtests: ignore disabled even when ranges are given
- ... before the stream is started, we have it set to -1.
+ runtests.pl support running a range of tests, like "44 to 127". Starting
+ now, the code makes sure that even such given ranges will ignore tests
+ that are marked as disabled.
- Fixes #2894
- Closes #2898
+ Disabled tests can still be run by explictly specifying that test
+ number.
+
+ Closes #3075
-- SSLCERTS: improve the openssl command line
+- urlapi: starting with a drive letter on win32 is not an abs url
- ... for extracting certs from a live HTTPS server to make a cacerts.pem
- from them.
+ ... and libcurl doesn't support any single-letter URL schemes (if there
+ even exist any) so it should be fairly risk-free.
+
+ Reported-by: Marcel Raad
+
+ Fixes #3070
+ Closes #3071
-- docs/SECURITY-PROCESS: now we name the files after the CVE id
+Marcel Raad (2 Oct 2018)
+- doh: fix curl_easy_setopt argument type
+
+ CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
+ MinGW.
+Daniel Stenberg (2 Oct 2018)
- RELEASE-NOTES: synced
-- upload: change default UPLOAD_BUFSIZE to 64KB
-
- To make uploads significantly faster in some circumstances.
-
- Part 2 of #2888
- Closes #2892
+Jay Satiro (1 Oct 2018)
+- [Ruslan Baratov brought this change]
-- upload: allocate upload buffer on-demand
+ CMake: Improve config installation
- Saves 16KB on the easy handle for operations that don't need that
- buffer.
+ Use 'GNUInstallDirs' standard module to set destinations of installed
+ files.
- Part 1 of #2888
-
-- [Laurent Bonnans brought this change]
-
- vtls: reinstantiate engine on duplicated handles
+ Use uppercase "CURL" names instead of lowercase "curl" to match standard
+ 'FindCURL.cmake' CMake module:
+ * https://cmake.org/cmake/help/latest/module/FindCURL.html
- Handles created with curl_easy_duphandle do not use the SSL engine set
- up in the original handle. This fixes the issue by storing the engine
- name in the internal url state and setting the engine from its name
- inside curl_easy_duphandle.
+ Meaning:
+ * Install 'CURLConfig.cmake' instead of 'curl-config.cmake'
+ * User should call 'find_package(CURL)' instead of 'find_package(curl)'
- Reported-by: Anton Gerasimov
- Signed-of-by: Laurent Bonnans
- Fixes #2829
- Closes #2833
+ Use 'configure_package_config_file' function to generate
+ 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template
+ file smaller and handle components better. E.g. current configuration
+ report no error if user specified unknown components (note: new
+ configuration expects no components, report error if user will try to
+ specify any).
+
+ Closes https://github.com/curl/curl/pull/2849
-- http2: make sure to send after RST_STREAM
+Daniel Stenberg (1 Oct 2018)
+- test1650: make it depend on http/2
- If this is the last stream on this connection, the RST_STREAM might not
- get pushed to the wire otherwise.
+ Follow-up to 570008c99da0ccbb as it gets link errors.
- Fixes #2882
- Closes #2887
- Researched-by: Michael Kaufmann
+ Reported-by: Michael Kaufmann
+ Closes #3068
-- test1268: check the stderr output as "text"
+- [Nate Prewitt brought this change]
+
+ MANUAL: minor grammar fix
- Follow-up to 099f37e9c57
+ Noticed a typo reading through the docs.
- Pointed-out-by: Marcel Raad
+ Closes #3069
-- urldata: remove unused pipe_broke struct field
+- doh: only build if h2 enabled
- This struct field is never set TRUE in any existing code path. This
- change removes the field completely.
+ The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version
+ of HTTP for use with DoH".
- Closes #2871
+ Reported-by: Marcel Raad
+ Closes #3066
-- curl: warn the user if a given file name looks like an option
+- test2100: require http2 to run
- ... simply because this is usually a sign of the user having omitted the
- file name and the next option is instead "eaten" by the parser as a file
- name.
+ Reported-by: Marcel Raad
+ Fixes #3064
+ Closes #3065
+
+- multi: fix memory leak in content encoding related error path
- Add test1268 to verify
+ ... a missing multi_done() call.
- Closes #2885
+ Credit to OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728
+ Closes #3063
-- http2: check nghttp2_session_set_stream_user_data return code
+- travis: bump the Secure Transport build to use xcode 10
- Might help bug #2688 debugging
+ Due to an issue with travis
+ (https://github.com/travis-ci/travis-ci/issues/9956) we've been using
+ Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as
+ an alternative and as it builds curl+darwinssl fine that seems like a
+ better choice.
- Closes #2880
+ Closes #3062
-- travis: revert back to gcc-7 for coverage builds
-
- ... since the gcc-8 ones seem to fail frequently.
+- [Rich Turner brought this change]
+
+ curl: enabled Windows VT Support and UTF-8 output
- Follow-up from b85207199544ca
+ Enabled Console VT support (if running OS supports VT) in tool_main.c.
- Closes #2886
+ Fixes #3008
+ Closes #3011
-- RELEASE-NOTES: synced
+- multi: fix location URL memleak in error path
- ... and now listed in alphabetical order!
+ Follow-up to #3044 - fix a leak OSS-Fuzz detected
+ Closes #3057
-- [Adrien brought this change]
+Sergei Nikulov (28 Sep 2018)
+- cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...)
- CMake: CMake config files are defining CURL_STATICLIB for static builds
+- [Brad King brought this change]
+
+ cmake: Backport to work with CMake 3.0 again
- This change allows to use the CMake config files generated by Curl's
- CMake scripts for static builds of the library.
- The symbol CURL_STATIC lib must be defined to compile downstream,
- thus the config package is the perfect place to do so.
+ Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets
+ instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake:
+ bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix
+ issue #2746. This broke support for users on older versions of CMake
+ even if they just want to build curl and do not care whether transitive
+ dependencies work.
- Fixes #2817
- Closes #2823
- Reported-by: adnn on github
- Reviewed-by: Sergei Nikulov
-
-- TODO: host name sections in config files
+ Backport the logic to work with CMake 3.0 again by implementing the
+ fix only when the version of CMake is at least 3.4.
-Kamil Dudka (14 Aug 2018)
-- ssh-libssh: fix infinite connect loop on invalid private key
+Marcel Raad (27 Sep 2018)
+- curl_threads: fix classic MinGW compile break
- Added test 656 (based on test 604) to verify the fix.
+ Classic MinGW still has _beginthreadex's return type as unsigned long
+ instead of uintptr_t [0]. uintptr_t is not even defined because of [1].
- Bug: https://bugzilla.redhat.com/1595135
+ [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167
+ [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90
- Closes #2879
+ Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807
+ Closes https://github.com/curl/curl/pull/3051
-- ssh-libssh: reduce excessive verbose output about pubkey auth
+Daniel Stenberg (26 Sep 2018)
+- configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
- The verbose message "Authentication using SSH public key file" was
- printed each time the ssh_userauth_publickey_auto() was called, which
- meant each time a packet was transferred over network because the API
- operates in non-blocking mode.
+ fix a few leftovers
- This patch makes sure that the verbose message is printed just once
- (when the authentication state is entered by the SSH state machine).
+ Fixes #3006
+ Closes #3049
-Daniel Stenberg (14 Aug 2018)
-- travis: disable h2 torture tests for "coverage"
-
- Since they started to fail almost 100% since a few days.
-
- Closes #2876
+- [Doron Behar brought this change]
-Marcel Raad (14 Aug 2018)
-- travis: update to GCC 8
+ example/htmltidy: fix include paths of tidy libraries
- Closes https://github.com/curl/curl/pull/2869
+ Closes #3050
-Daniel Stenberg (13 Aug 2018)
-- http: fix for tiny "HTTP/0.9" response
+- RELEASE-NOTES: synced
+
+- Curl_http2_done: fix memleak in error path
- Deal with tiny "HTTP/0.9" (header-less) responses by checking the
- status-line early, even before a full "HTTP/" is received to allow
- detecting 0.9 properly.
+ Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
+ early failures.
- Test 1266 and 1267 added to verify.
+ Detected by OSS-Fuzz
- Fixes #2420
- Closes #2872
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
+ Closes #3046
-Kamil Dudka (13 Aug 2018)
-- docs: add disallow-username-in-url.d and haproxy-protocol.d on the list
+- http: fix memleak in rewind error path
- ... to make make the files appear in distribution tarballs
+ If the rewind would fail, a strdup() would not get freed.
- Closes #2856
+ Detected by OSS-Fuzz
+
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
+ Closes #3044
-- .travis.yml: verify that man pages can be regenerated
+Viktor Szakats (24 Sep 2018)
+- test320: fix regression in [ci skip]
- ... when curl is built from distribution tarball
+ The value in question is coming directly from `gnutls-serv`, so it cannot
+ be modified freely.
- Closes #2856
+ Reported-by: Marcel Raad
+ Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004
-Marcel Raad (11 Aug 2018)
-- Split non-portable part off test 1133
+Daniel Stenberg (24 Sep 2018)
+- Curl_retry_request: fix memory leak
- Split off testing file names with double quotes into new test 1158.
- Disable it for MSYS using a precheck as it doesn't support file names
- with double quotes (but Cygwin does, for example).
+ Detected by OSS-Fuzz
- Fixes https://github.com/curl/curl/issues/2796
- Closes https://github.com/curl/curl/pull/2854
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
+ Closes #3042
-Jay Satiro (11 Aug 2018)
-- projects: Improve Windows perl detection in batch scripts
-
- - Determine if perl is in the user's PATH by running perl.exe.
+- openssl: load built-in engines too
- Prior to this change detection was done by checking the PATH for perl/
- but that did not work in all cases (eg git install includes perl but
- not in perl/ path).
+ Regression since 38203f1
- Bug: https://github.com/curl/curl/pull/2865
- Reported-by: Daniel Jeliński
+ Reported-by: Jean Fabrice
+ Fixes #3023
+ Closes #3040
-- [Michael Kaufmann brought this change]
+- [Christian Heimes brought this change]
- docs: Improve the manual pages of some callbacks
+ OpenSSL: enable TLS 1.3 post-handshake auth
- - CURLOPT_HEADERFUNCTION: add newlines
- - CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- - CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- - CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
- how to set it
+ OpenSSL 1.1.1 requires clients to opt-in for post-handshake
+ authentication.
- Closes https://github.com/curl/curl/pull/2868
-
-Marcel Raad (11 Aug 2018)
-- GCC: silence -Wcast-function-type uniformly
+ Fixes: https://github.com/curl/curl/issues/3026
+ Signed-off-by: Christian Heimes <christian@python.org>
- Pointed-out-by: Rikard Falkeborn
- Closes https://github.com/curl/curl/pull/2860
+ Closes https://github.com/curl/curl/pull/3027
-- Silence GCC 8 cast-function-type warnings
+- [Even Rouault brought this change]
+
+ Curl_dedotdotify(): always nul terminate returned string.
- On Windows, casting between unrelated function types is fine and
- sometimes even necessary, so just use an intermediate cast to
- (void (*) (void)) to silence the warning as described in [0].
+ This fixes potential out-of-buffer access on "file:./" URL
- [0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html
+ $ valgrind curl "file:./"
+ ==24516== Memcheck, a memory error detector
+ ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
+ ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
+ ==24516== Command: /home/even/install-curl-git/bin/curl file:./
+ ==24516==
+ ==24516== Conditional jump or move depends on uninitialised value(s)
+ ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
+ ==24516== by 0x4EBB315: seturl (urlapi.c:801)
+ ==24516== by 0x4EBB568: parseurl (urlapi.c:861)
+ ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199)
+ ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044)
+ ==24516== by 0x4E67AEF: create_conn (url.c:3613)
+ ==24516== by 0x4E68A4F: Curl_connect (url.c:4119)
+ ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440)
+ ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173)
+ ==24516== by 0x4E7558C: easy_transfer (easy.c:686)
+ ==24516== by 0x4E75801: easy_perform (easy.c:779)
+ ==24516== by 0x4E75868: curl_easy_perform (easy.c:798)
- Closes https://github.com/curl/curl/pull/2860
+ Was originally spotted by
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
+ Credit to OSS-Fuzz
+
+ Closes #3039
-Daniel Stenberg (11 Aug 2018)
-- CURLINFO_SIZE_UPLOAD: fix missing counter update
+Viktor Szakats (23 Sep 2018)
+- update URLs in tests
- Adds test 1522 for verification.
+ - and one in docs/MANUAL as well
- Reported-by: cjmsoregan
- Fixes #2847
- Closes #2864
-
-- [Daniel Jelinski brought this change]
+ Closes https://github.com/curl/curl/pull/3038
- Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
+- whitespace fixes
- Closes #2867
-
-- RELEASE-NOTES: synced
-
-- openssl: fix potential NULL pointer deref in is_pkcs11_uri
+ - replace tabs with spaces where possible
+ - remove line ending spaces
+ - remove double/triple newlines at EOF
+ - fix a non-UTF-8 character
+ - cleanup a few indentations/line continuations
+ in manual examples
- Follow-up to 298d2565e
- Coverity CID 1438387
+ Closes https://github.com/curl/curl/pull/3037
-Marcel Raad (10 Aug 2018)
-- travis: execute "set -eo pipefail" for coverage build
+Daniel Stenberg (23 Sep 2018)
+- http: add missing return code check
- Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and
- 0b87c963252d3504552ee0c8cf4402bd65a80af5.
+ Detected by Coverity. CID 1439610.
- Closes https://github.com/curl/curl/pull/2862
-
-Daniel Stenberg (10 Aug 2018)
-- lib1502: fix memory leak in torture test
+ Follow-up from 46e164069d1a523
- Reported-by: Marcel Raad
- Fixes #2861
- Closes #2863
+ Closes #3034
-- docs: mention NULL is fine input to several functions
+- ftp: don't access pointer before NULL check
- Fixes #2837
- Closes #2858
- Reported-by: Markus Elfring
-
-- [Bas van Schaik brought this change]
-
- README.md: add LGTM.com code quality grade for C/C++
+ Detected by Coverity. CID 1439611.
- Closes #2857
+ Follow-up from 46e164069d1a523
-- [Rikard Falkeborn brought this change]
+- unit1650: fix out of boundary access
+
+ Fixes #2987
+ Closes #3035
- test1531: Add timeout
+Viktor Szakats (23 Sep 2018)
+- docs/examples: URL updates
- Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is
- looping going on, we might as well add timing instead of removing it.
+ - also update two URLs outside of docs/examples
+ - fix spelling of filename persistant.c
+ - fix three long lines that started failing checksrc.pl
- Closes #2853
-
-- [Rikard Falkeborn brought this change]
+ Closes https://github.com/curl/curl/pull/3036
- test1540: Remove unused macro TEST_HANG_TIMEOUT
+- examples/Makefile.m32: sync with core [ci skip]
- The macro has never been used, and it there is not really any place
- where it would make sense to add timing checks.
+ also:
+ - fix two warnings in synctime.c (one of them Windows-specific)
+ - upgrade URLs in synctime.c and remove a broken one
- Closes #2852
-
-- [Rikard Falkeborn brought this change]
+ Closes https://github.com/curl/curl/pull/3033
- asyn-thread: Remove unused macro
-
- The macro seems to never have been used.
+Daniel Stenberg (22 Sep 2018)
+- examples/parseurl.c: show off the URL API a bit
- Closes #2852
+ Closes #3030
-- [Rikard Falkeborn brought this change]
+- SECURITY-PROCESS: mention the bountygraph program [ci skip]
+
+ Closes #3032
- http_proxy: Remove unused macro SELECT_TIMEOUT
+- url: use the URL API internally as well
- Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22.
+ ... to make it a truly unified URL parser.
+
+ Closes #3017
+
+Viktor Szakats (22 Sep 2018)
+- URL and mailmap updates, remove an obsolete directory [ci skip]
- Closes #2852
+ Closes https://github.com/curl/curl/pull/3031
-- [Rikard Falkeborn brought this change]
+Daniel Stenberg (22 Sep 2018)
+- RELEASE-NOTES: synced
- formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
+- configure: force-use -lpthreads on HPUX
- Its usage was removed in
- 84ad1fd3047815f9c6e78728bb351b828eac10b1.
+ When trying to detect pthreads use on HPUX the checks will succeed
+ without the correct -l option but then end up failing at run-time.
- Closes #2852
+ Reported-by: Eason-Yu on github
+ Fixes #2697
+ Closes #3025
-- [Rikard Falkeborn brought this change]
+- [Erik Minekus brought this change]
- telnet: Remove unused macros TELOPTS and TELCMDS
+ Curl_saferealloc: Fixed typo in docblock
- Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51.
+ Closes #3029
+
+- urlapi: fix support for address scope in IPv6 numerical addresses
- Closes #2852
+ Closes #3024
-- [Daniel Jelinski brought this change]
+- [Loganaden Velvindron brought this change]
- openssl: fix debug messages
+ GnutTLS: TLS 1.3 support
- Fixes #2806
- Closes #2843
+ Closes #2971
-- configure: fix for -lpthread detection with OpenSSL and pkg-config
+- TODO: c-ares and CURLOPT_OPENSOCKETFUNCTION
- ... by making sure it uses the -I provided by pkg-config!
+ Removed DoH.
- Reported-by: pszemus on github
- Fixes #2848
- Closes #2850
-
-- RELEASE-NOTES: synced
+ Closes #2734
-- windows: follow up to the buffer-tuning 1ba1dba7
+Jay Satiro (20 Sep 2018)
+- vtls: fix ssl version "or later" behavior change for many backends
- Somehow I didn't include the amended version of the previous fix. This
- is the missing piece.
+ - Treat CURL_SSLVERSION_MAX_NONE the same as
+ CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use
+ the minimum version also as the maximum.
- Pointed-out-by: Viktor Szakats
-
-- [Daniel Jelinski brought this change]
-
- windows: implement send buffer tuning
+ This is a follow-up to 6015cef which changed the behavior of setting
+ the SSL version so that the requested version would only be the minimum
+ and not the maximum. It appears it was (mostly) implemented in OpenSSL
+ but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to
+ mean use just TLS v1.0 and now it means use TLS v1.0 *or later*.
- Significantly enhances upload performance on modern Windows versions.
+ - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL.
- Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html
- Closes #2762
- Fixes #2224
-
-- [Anderson Toshiyuki Sasaki brought this change]
-
- ssl: set engine implicitly when a PKCS#11 URI is provided
+ Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was
+ erroneously treated as always TLS 1.3, and would cause an error if
+ OpenSSL was built without TLS 1.3 support.
- This allows the use of PKCS#11 URI for certificates and keys without
- setting the corresponding type as "ENG" and the engine as "pkcs11"
- explicitly. If a PKCS#11 URI is provided for certificate, key,
- proxy_certificate or proxy_key, the corresponding type is set as "ENG"
- if not provided and the engine is set to "pkcs11" if not provided.
+ Co-authored-by: Daniel Gustafsson
- Acked-by: Nikos Mavrogiannopoulos
- Closes #2333
-
-- [Ruslan Baratov brought this change]
+ Fixes https://github.com/curl/curl/issues/2969
+ Closes https://github.com/curl/curl/pull/3012
- CMake: Respect BUILD_SHARED_LIBS
+Daniel Stenberg (20 Sep 2018)
+- certs: generate tests certs with sha256 digest algorithm
- Use standard CMake variable BUILD_SHARED_LIBS instead of introducing
- custom option CURL_STATICLIB.
+ As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:
- Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml.
+ "SSL certificate problem: CA signature digest algorithm too weak"
- Reviewed-by: Sergei Nikulov
- Closes #2755
-
-- [John Butterfield brought this change]
+ Closes #3014
- cmake: bumped minimum version to 3.4
+- urlapi: document the error codes, remove two unused ones
- Closes #2753
-
-- [John Butterfield brought this change]
+ Assisted-by: Daniel Gustafsson
+ Closes #3019
- cmake: link curl to the OpenSSL targets instead of lib absolute paths
+- urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance
- Reviewed-by: Jakub Zakrzewski
- Reviewed-by: Sergei Nikulov
- Closes #2753
-
-- travis: build darwinssl on macos 10.12
+ In order for this API to fully work for libcurl itself, it now offers a
+ CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
+ name prefix just like libcurl always did. If there's no known prefix, it
+ will guess "http://".
- ... as building on 10.13.x before 10.13.4 leads to link errors.
+ Separately, it relaxes the check of the host name so that IDN host names
+ can be passed in as well.
- Assisted-by: Nick Zitzmann
- Fixes #2835
- Closes #2845
-
-- DEPRECATE: remove release date from 7.62.0
+ Both these changes are necessary for libcurl itself to use this API.
- Since it will slip and the version is the important part there, not the
- date.
+ Assisted-by: Daniel Gustafsson
+ Closes #3018
-- lib/Makefile: only do symbol hiding if told to
+Kamil Dudka (19 Sep 2018)
+- nss: try to connect even if libnssckbi.so fails to load
- This restores the ability to build a static lib with
- --disable-symbol-hiding to keep non-curl_ symbols.
+ One can still use CA certificates stored in NSS database.
- Researched-by: Dan Fandrich
- Reported-by: Ran Mozes
- Fixes #2830
- Closes #2831
-
-Marcel Raad (2 Aug 2018)
-- hostip: fix unused variable warning
+ Reported-by: Maxime Legros
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
- addresses is only used in an infof call, which is a macro expanding to
- nothing if CURL_DISABLE_VERBOSE_STRINGS is set.
+ Closes #3016
-Daniel Stenberg (2 Aug 2018)
-- test1307: disabled
+Daniel Gustafsson (19 Sep 2018)
+- urlapi: don't set value which is never read
- Turns out that since we're using the native fnmatch function now when
- available, and they simply disagree on a huge number of test patterns
- that make it hard to test this function like this...
+ In the CURLUPART_URL case, there is no codepath which invokes url
+ decoding so remove the assignment of the urldecode variable. This
+ fixes the deadstore bug-report from clang static analysis.
- Fixes #2825
+ Closes #3015
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- smb: don't mark it done in smb_do
-
- Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its
- doing function too, which requires smb_do() to not mark itself as
- done...
+- todo: Update reference to already done item
- Closes #2822
-
-- [Rikard Falkeborn brought this change]
-
- general: fix printf specifiers
+ TODO item 1.1 was implemented in commit 946ce5b61f, update reference
+ to it with instead referencing the implemented option.
- Closes #2818
+ Closes #3013
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+Daniel Stenberg (18 Sep 2018)
- RELEASE-NOTES: synced
-- mailmap: Daniel Jelinski
-
-- [Harry Sintonen brought this change]
+- [slodki brought this change]
- HTTP: Don't attempt to needlessly decompress redirect body
+ cmake: don't require OpenSSL if USE_OPENSSL=OFF
- This change fixes a regression where redirect body would needlessly be
- decompressed even though it was to be ignored anyway. As it happens this
- causes secondary issues since there appears to be a bug in apache2 that
- it in certain conditions generates a corrupt zlib response. The
- regression was created by commit:
- dbcced8e32b50c068ac297106f0502ee200a1ebd
+ User must have OpenSSL installed even if not used by libcurl at all
+ since 7.61.1 release. Broken at
+ 7867aaa9a01decf93711428462335be8cef70212
- Discovered-by: Harry Sintonen
- Closes #2798
+ Reviewed-by: Sergei Nikulov
+ Closes #3001
-- curl: use Content-Disposition before the "URL end" for -OJ
+- curl_multi_wait: call getsock before figuring out timeout
- Regression introduced in 7.61.0
+ .... since getsock may update the expiry timer.
- Reported-by: Thomas Klausner
- Fixes #2783
- Closes #2813
+ Fixes #2996
+ Closes #3000
-- [Daniel Jelinski brought this change]
+- examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
+
+ Closes #3004
- retry: return error if rewind was necessary but didn't happen
+Daniel Gustafsson (18 Sep 2018)
+- darwinssl: Fix realloc memleak
- Fixes #2801
- Closes #2812
+ The reallocation was using the input pointer for the return value, which
+ leads to a memory leak on reallication failure. Fix by instead use the
+ safe internal API call Curl_saferealloc().
+
+ Closes #3005
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+ Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
-- http2: clear the drain counter in Curl_http2_done
+- [Kruzya brought this change]
+
+ examples: Fix memory leaks from realloc errors
- Reported-by: Andrei Virtosu
- Fixes #2800
- Closes #2809
+ Make sure to not overwrite the reallocated pointer in realloc() calls
+ to avoid a memleak on memory errors.
-- smb: fix memory leak on early failure
+- memory: add missing curl_printf header
- ... by making sure connection related data (->share) is stored in the
- connection and not in the easy handle.
+ ftp_send_command() was using vsnprintf() without including the libcurl
+ *rintf() replacement header. Fix by including curl_printf.h and also
+ add curl_memory.h while at it since memdebug.h depends on it.
- Detected by OSS-fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
- Fixes #2769
- Closes #2810
+ Closes #2999
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- travis: run a 'make checksrc' too
+Daniel Stenberg (16 Sep 2018)
+- [Si brought this change]
+
+ curl: update --tlsv* descriptions in --help output
- ... to make sure the examples are all checked.
+ Closes #2994
+
+- http: made Curl_add_buffer functions take a pointer-pointer
- Closes #2811
+ ... so that they can clear the original pointer on failure, which makes
+ the error-paths and their cleanups easier.
+
+ Closes #2992
-Jay Satiro (29 Jul 2018)
-- examples/ephiperfifo: checksrc compliance
+- http2: fix memory leaks on error-path
-- [Michael Kaufmann brought this change]
+- [Rikard Falkeborn brought this change]
- sws: handle EINTR when calling select()
+ libtest: Add chkdecimalpoint to .gitignore
- Closes https://github.com/curl/curl/pull/2808
+ Closes #2998
-Daniel Stenberg (29 Jul 2018)
-- test1157: follow-up to 35ecffb9
+Viktor Szakats (14 Sep 2018)
+- secure Openwall URLs
+
+Daniel Stenberg (14 Sep 2018)
+- openssl: show "proper" version number for libressl builds
- Ignore the user-agent line.
- Pointed-out-by: Marcel Raad
+ Closes #2989
-Michael Kaufmann (29 Jul 2018)
-- tests/http_pipe.py: Use /usr/bin/env to find python
+- [Rainer Jung brought this change]
-Daniel Stenberg (28 Jul 2018)
-- TODO: Support Authority Information Access certificate extension (AIA)
+ openssl: assume engine support in 0.9.8 or later
- Closes #2793
+ Fixes #2983
+ Closes #2988
-- conn_free: updated comment to clarify
+Daniel Gustafsson (13 Sep 2018)
+- sendf: use failf() rather than Curl_failf()
+
+ The failf() macro is the name used for invoking Curl_failf(). While
+ there isn't a way to turn off failf like there is for infof, but it's
+ still a good idea to use the macro.
- Let's call it disassociate instead of disconnect since the latter term
- is used so much for (TCP) connections already.
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- test1157: test -H from empty file
+- sendf: Fix whitespace in infof/failf concatenation
+
+ Strings broken on multiple rows in the .c file need to have appropriate
+ whitespace padding on either side of the concatenation point to render
+ a correct amalgamated string. Fix by adding a space at the occurrences
+ found.
- Verifies bugfix #2797
+ Closes #2986
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- [Tobias Blomberg brought this change]
+- krb5: fix memory leak in krb_auth
+
+ The FTP command allocated by aprintf() must be freed after usage.
+
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- curl: Fix segfault when -H @headerfile is empty
+- ftp: include command in Curl_ftpsend sendbuffer
- The curl binary would crash if the -H command line option was given a
- filename to read using the @filename syntax but that file was empty.
+ Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed
+ the actual command to be sent from the send buffer in a refactoring.
+ Add back copying the command into the buffer. Also add more guards
+ against malformed input while at it.
- Closes #2797
+ Closes #2985
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- mime: check Curl_rand_hex's return code
+- ntlm_wb: Fix memory leaks in ntlm_wb_response
+
+ When erroring out on a request being too large, the existing buffer was
+ leaked. Fix by explicitly freeing on the way out.
- Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
- Reported-by: Jeffrey Walton
- Closes #2795
+ Closes #2966
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-- [Josh Bialkowski brought this change]
+Daniel Stenberg (13 Sep 2018)
+- [Yiming Jing brought this change]
- docs/examples: add hiperfifo example using linux epoll/timerfd
-
- Closes #2804
+ travis: build the MesaLink vtls backend with MesaLink 0.7.1
-- [Darío Hereñú brought this change]
+- [Yiming Jing brought this change]
- docs/INSTALL.md: minor formatting fixes
-
- Closes #2794
+ runtests.pl: run tests against the MesaLink vtls backend
-- [Christopher Head brought this change]
+- [Yiming Jing brought this change]
- docs/CURLOPT_URL: fix indentation
-
- The statement, “The application does not have to keep the string around
- after setting this option,” appears to be indented under the RTMP
- paragraph. It actually applies to all protocols, not just RTMP.
- Eliminate the extra indentation.
+ vtls: add a MesaLink vtls backend
- Closes #2788
+ Closes #2984
+
+- [Yiming Jing brought this change]
-- [Christopher Head brought this change]
+ configure.ac: add a MesaLink vtls backend
- docs/CURLOPT_WRITEFUNCTION: size is always 1
-
- For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
- passed two `size_t` parameters which, when multiplied, designate the
- number of bytes of data passed in. In practice, CURL always sets the
- first parameter (`size`) to 1.
+- [Dave Reisner brought this change]
+
+ curl_url_set.3: properly escape \n in example code
- This practice is also enshrined in documentation and cannot be changed
- in future. The documentation states that the default callback is
- `fwrite`, which means `fwrite` must be a suitable function for this
- purpose. However, the documentation also states that the callback must
- return the number of *bytes* it successfully handled, whereas ISO C
- `fwrite` returns the number of items (each of size `size`) which it
- wrote. The only way these numbers can be equal is if `size` is 1.
+ This yields
- Since `size` is 1 and can never be changed in future anyway, document
- that fact explicitly and let users rely on it.
+ "the scheme is %s\n"
- Closes #2787
-
-- [Carie Pointer brought this change]
-
- wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
+ instead of
- RNG structure must be freed by call to FreeRng after its use in
- Curl_cyassl_random. This call fixes Valgrind failures when running the
- test suite with wolfSSL.
+ "the scheme is %s0
- Closes #2784
+ Closes #2970
-- [Even Rouault brought this change]
+- [Dave Reisner brought this change]
+
+ curl_url_set.3: fix typo in reference to CURLU_APPENDQUERY
- reuse_conn(): free old_conn->options
+- urlglob: improve error message
- This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
- connection reuse.
+ to help user understand what the problem is
- I found this with oss-fuzz on GDAL and curl master:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
- I couldn't reproduce with the oss-fuzz original test case, but looking
- at curl source code pointed to this well reproducable leak.
+ Reported-by: Daniel Shahaf
- Closes #2790
+ Fixes #2763
+ Closes #2977
-Marcel Raad (25 Jul 2018)
-- [Daniel Jelinski brought this change]
+- [Yiming Jing brought this change]
- system_win32: fix version checking
+ tests/certs: rebuild certs with 2048-bit RSA keys
+
+ The previous test certificates contained RSA keys of only 1024 bits.
+ However, RSA claims that 1024-bit RSA keys are likely to become
+ crackable some time before 2010. The NIST recommends at least 2048-bit
+ keys for RSA for now.
- In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
- when run on windows 10.0. This patch addresses that error.
+ Better use full 2048 also for testing.
- Closes https://github.com/curl/curl/pull/2792
+ Closes #2973
-Daniel Stenberg (24 Jul 2018)
-- [Johannes Schindelin brought this change]
+Daniel Gustafsson (12 Sep 2018)
+- TODO: fix typo in item
+
+ Closes #2968
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- auth: pick Bearer authentication whenever a token is available
+Marcel Raad (12 Sep 2018)
+- anyauthput: fix compiler warning on 64-bit Windows
- So far, the code tries to pick an authentication method only if
- user/password credentials are available, which is not the case for
- Bearer authentictation...
+ On Windows, the read function from <io.h> is used, which has its byte
+ count parameter as unsigned int instead of size_t.
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
- Closes #2754
-
-- [Johannes Schindelin brought this change]
+ Closes https://github.com/curl/curl/pull/2972
- auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
-
- The Bearer authentication was added to cURL 7.61.0, but there is a
- problem: if CURLAUTH_ANY is selected, and the server supports multiple
- authentication methods including the Bearer method, we strongly prefer
- that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
- authentication fails, we will never even try to attempt any other
- method.
+Viktor Szakats (12 Sep 2018)
+- lib: fix gcc8 warning on Windows
- This is particularly unfortunate when we already know that we do not
- have any Bearer token to work with.
+ Closes https://github.com/curl/curl/pull/2979
+
+Jay Satiro (12 Sep 2018)
+- openssl: fix gcc8 warning
- Such a scenario happens e.g. when using Git to push to Visual Studio
- Team Services (which supports Basic and Bearer authentication among
- other methods) and specifying the Personal Access Token directly in the
- URL (this aproach is frequently taken by automated builds).
+ - Use memcpy instead of strncpy to copy a string without termination,
+ since gcc8 warns about using strncpy to copy as many bytes from a
+ string as its length.
- Let's make sure that we have a Bearer token to work with before we
- select the Bearer authentication among the available authentication
- methods.
+ Suggested-by: Viktor Szakats
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
- Closes #2754
+ Closes https://github.com/curl/curl/issues/2980
-Marcel Raad (22 Jul 2018)
-- test320: treat curl320.out file as binary
-
- Otherwise, LF line endings are converted to CRLF on Windows,
- but no conversion is done for the reply, so the test case fails.
+Daniel Stenberg (10 Sep 2018)
+- libcurl-url.3: overview man page for the URL API
- Closes https://github.com/curl/curl/pull/2776
+ Closes #2967
-Daniel Stenberg (22 Jul 2018)
-- vtls: set conn->data when closing TLS
+- example/asiohiper: insert warning comment about its status
- Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS
- layer for a connection still needs a Curl_easy handle for the session_id
- cache etc.
+ This example is simply not working correctly but there's nobody around
+ with the skills and energy to fix it.
- Fixes #2764
- Closes #2771
+ Closes #2407
-Marcel Raad (21 Jul 2018)
-- tests: fixes for Windows line endlings
+Kamil Dudka (10 Sep 2018)
+- docs/cmdline-opts: update the documentation of --tlsv1.0
- Set mode="text" when line endings depend on the system representation.
+ ... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
- Closes https://github.com/curl/curl/pull/2772
+ Closes #2955
-- test214: disable MSYS2's POSIX path conversion for URL
-
- By default, the MSYS2 bash converts all backslashes to forward slashes
- in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
+- docs/examples: do not wait when no transfers are running
- Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
+ Closes #2948
+
+Daniel Stenberg (10 Sep 2018)
+- [Daniel Gustafsson brought this change]
-Daniel Stenberg (20 Jul 2018)
-- http2: several cleanups
+ cookies: Move failure case label to end of function
- - separate easy handle from connections better
- - added asserts on a number of places
- - added sanity check of pipelines for debug builds
+ Rather than jumping backwards to where failure cleanup happens
+ to be performed, move the failure case to end of the function
+ where it is expected per existing coding convention.
- Closes #2751
+ Closes #2965
+
+- [Daniel Gustafsson brought this change]
-- smb_getsock: always wait for write socket too
+ misc: fix typos in comments
- ... the protocol is doing read/write a lot, so it needs to write often
- even when downloading. A more proper fix could check for eactly when it
- wants to write and only ask for it then.
+ Closes #2963
+
+- [Daniel Gustafsson brought this change]
+
+ cookies: fix leak when writing cookies to file
- Without this fix, an SMB download could easily get stuck when the event-driven
- API was used.
+ If the formatting fails, we error out on a fatal error and
+ clean up on the way out. The array was however freed within
+ the wrong scope and was thus never freed in case the cookies
+ were written to a file instead of STDOUT.
- Closes #2768
+ Closes #2957
+
+- [Daniel Gustafsson brought this change]
-Marcel Raad (20 Jul 2018)
-- test1143: disable MSYS2's POSIX path conversion
+ cookies: Remove redundant expired check
- By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
- as a POSIX file list and converts it to a Windows file list.
- Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
+ Expired cookies have already been purged at a later expiration time
+ before this check, so remove the redundant check.
- Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
- Closes https://github.com/curl/curl/pull/2765
+ closes #2962
-Daniel Stenberg (18 Jul 2018)
-- RELEASE-NOTES: sync
+- ntlm_wb: bail out if the response gets overly large
+
+ Exit the realloc() loop if the response turns out ridiculously large to
+ avoid worse problems.
- ... and work toward 7.61.1
+ Reported-by: Harry Sintonen
+ Closes #2959
-- [Ruslan Baratov brought this change]
+- [Daniel Gustafsson brought this change]
- CMake: Update scripts to use consistent style
+ url.c: fix comment typo and indentation
- Closes #2727
- Reviewed-by: Sergei Nikulov
+ Closes #2960
-- header output: switch off all styles, not just unbold
+- urlapi: avoid derefencing a possible NULL pointer
- ... the "unbold" sequence doesn't work on the mac Terminal.
+ Coverity CID 1439134
+
+- RELEASE-NOTES: synced
+
+Marcel Raad (8 Sep 2018)
+- test324: fix after 3f3b26d6feb0667714902e836af608094235fca2
- Reported-by: Zero King
- Fixes #2736
- Closes #2738
+ The expected error code is now 60. 51 is dead.
-Nick Zitzmann (14 Jul 2018)
-- [Rodger Combs brought this change]
+Daniel Stenberg (8 Sep 2018)
+- curl_url_set.3: correct description
- darwinssl: add support for ALPN negotiation
+- curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0
-Marcel Raad (14 Jul 2018)
-- test1422: add required file feature
-
- curl configured with --enable-debug --disable-file currently complains
- on test1422:
- Info: Protocol "file" not supported or disabled in libcurl
+- URL-API
- Make test1422 dependend on enabled FILE protocol to fix this.
+ See header file and man pages for API. All documented API details work
+ and are tested in the 1560 test case.
- Fixes https://github.com/curl/curl/issues/2741
- Closes https://github.com/curl/curl/pull/2742
+ Closes #2842
-Patrick Monnerat (12 Jul 2018)
-- content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
+- curl_easy_upkeep: removed 'conn' from the name
- Some servers issue raw deflate data that may be followed by an undocumented
- trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
- before considering the data is in error.
+ ... including the associated option.
- Reported-by: clbr on github
- Fixes #2719
+ Fixes #2951
+ Closes #2952
-Daniel Stenberg (12 Jul 2018)
-- smb: fix memory-leak in URL parse error path
-
- Detected by OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
- Closes #2740
+- [Max Dymond brought this change]
-Marcel Raad (12 Jul 2018)
-- schannel: enable CALG_TLS1PRF for w32api >= 5.1
+ upkeep: add a connection upkeep API: curl_easy_conn_upkeep()
- The definition of CALG_TLS1PRF has been fixed in the 5.1 branch:
- https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5
-
-Daniel Stenberg (12 Jul 2018)
-- docs/SECURITY-PROCESS: mention bounty, drop pre-notify
+ Add functionality so that protocols can do custom keepalive on their
+ connections, when an external API function is called.
- + The hackerone bounty and its process
+ Add docs for the new options in 7.62.0
- - We don't and can't handle pre-notification
+ Closes #1641
+
+- [Philipp Waehnert brought this change]
-- multi: always do the COMPLETED procedure/state
+ configure: add option to disable automatic OpenSSL config loading
- It was previously erroneously skipped in some situations.
+ Sometimes it may be considered a security risk to load an external
+ OpenSSL configuration automatically inside curl_global_init(). The
+ configuration option --disable-ssl-auto-load-config disables this
+ automatism. The Windows build scripts winbuild/Makefile.vs provide a
+ corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
+ value.
- libtest/libntlmconnect.c wrongly depended on wrong behavior (that it
- would get a zero timeout) when no handles are "running" in a multi
- handle. That behavior is no longer present with this fix. Now libcurl
- will always return a -1 timeout when all handles are completed.
+ Setting neither of these options corresponds to the previous behavior
+ loading the external OpenSSL configuration automatically.
- Closes #2733
+ Fixes #2724
+ Closes #2791
-- Curl_getoff_all_pipelines: improved for multiplexed
+- doh: minor edits to please Coverity
- On multiplexed connections, transfers can be removed from anywhere not
- just at the head as for pipelines.
-
-- ares: check for NULL in completed-callback
-
-- conn: remove the boolean 'inuse' field
+ The gcc typecheck macros and coverity combined made it warn on the 2nd
+ argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.
- ... as the usage needs to be counted.
-
-- [Paul Howarth brought this change]
+ Coverity CID 1439115 and CID 1439114.
- openssl: assume engine support in 1.0.0 or later
-
- Commit 38203f1585da changed engine detection to be version-based,
- with a baseline of openssl 1.0.1. This does in fact break builds
- with openssl 1.0.0, which has engine support - the configure script
- detects that ENGINE_cleanup() is available - but <openssl/engine.h>
- doesn't get included to declare it.
-
- According to upstream documentation, engine support was added to
- mainstream openssl builds as of version 0.9.7:
- https://github.com/openssl/openssl/blob/master/README.ENGINE
+- schannel: avoid switch-cases that go to default anyway
- This commit drops the version test down to 1.0.0 as version 1.0.0d
- is the oldest version I have to test with.
+ SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
+ mingw and would require an ifdef otherwise.
- Closes #2732
+ Reported-by: Thomas Glanzmann
+ Approved-by: Marc Hörsken
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
+ Closes #2950
-Marcel Raad (11 Jul 2018)
-- schannel: fix MinGW compile break
+- [Nicklas Avén brought this change]
+
+ imap: change from "FETCH" to "UID FETCH"
- Original MinGW's w32api has a sytax error in its definition of
- CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF
- until this bug [1] is fixed.
+ ... and add "MAILINDEX".
- [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h
- [1] https://osdn.net/projects/mingw/ticket/38391
+ As described in #2789, this is a suggested solution. Changing UID=xx to
+ actually get mail with UID xx and add "MAILINDEX" to get a mail with a
+ special index in the mail box (old behavior). So MAILINDEX=1 gives the
+ first non deleted mail in the mail box.
- Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043
- Closes https://github.com/curl/curl/pull/2728
+ Fixes #2789
+ Closes #2815
-Daniel Stenberg (11 Jul 2018)
-- examples/crawler.c: move #ifdef to column 0
+- CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
- Apparently the C => HTML converter on the web site doesn't quite like it
- otherwise.
+ This is step 3 of #2888.
- Reported-by: Jeroen Ooms
+ Fixes #2888
+ Closes #2896
+
+- travis: add the DOH tests to the torture testing
-Version 7.61.0 (11 Jul 2018)
+- DOH: add test case 1650 and 2100
-Daniel Stenberg (11 Jul 2018)
-- release: 7.61.0
+- curl: --doh-url added
-- TODO: Configurable loading of OpenSSL configuration file
+- setopt: add CURLOPT_DOH_URL
- Closes #2724
+ Closes #2668
-- post303.d: clarify that this is an RFC violation
-
- ... and not the other way around, which this previously said.
+- [Han Han brought this change]
+
+ ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
- Reported-by: Vasiliy Faronov
- Fixes #2723
- Closes #2726
+ Long live CURLE_PEER_FAILED_VERIFICATION
-- [Ruslan Baratov brought this change]
+- [Han Han brought this change]
- CMake: remove redundant and old end-of-block syntax
+ x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
- Reviewed-by: Jakub Zakrzewski
- Closes #2715
+ CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
+ does not allocate memory internally as its first argument is a pointer
+ to the certificate structure. The same error code is also returned by
+ Curl_verifyhost when its call to Curl_parseX509 fails so the change
+ makes error handling more consistent.
-Jay Satiro (9 Jul 2018)
-- lib/curl_setup.h: remove unicode character
-
- Follow-up to 82ce416.
+- [Han Han brought this change]
+
+ openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
- Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
+ Failure to extract the issuer name from the server certificate should
+ return a more specific error code like on other TLS backends.
-Daniel Stenberg (9 Jul 2018)
-- lib/curl_setup.h: remove unicode bom from 8272ec50f02
+- [Han Han brought this change]
-Marcel Raad (9 Jul 2018)
-- schannel: fix -Wsign-compare warning
-
- MinGW warns:
- /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in
- conditional expression [-Wsign-compare]
-
- Fix this by casting the ptrdiff_t to size_t as we know it's positive.
+ schannel: unified error code handling
- Closes https://github.com/curl/curl/pull/2721
+ Closes #2901
-- schannel: workaround for wrong function signature in w32api
-
- Original MinGW's w32api has CryptHashData's second parameter as BYTE *
- instead of const BYTE *.
-
- Closes https://github.com/curl/curl/pull/2721
+- [Han Han brought this change]
-- schannel: make more cipher options conditional
-
- They are not defined in the original MinGW's <wincrypt.h>.
+ darwinssl: more specific and unified error codes
- Closes https://github.com/curl/curl/pull/2721
+ Closes #2901
-- curl_setup: include <winerror.h> before <windows.h>
+- CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
- Otherwise, only part of it gets pulled in through <windows.h> on
- original MinGW.
+ Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
+ deprecation and complete removal in six months.
- Fixes https://github.com/curl/curl/issues/2361
- Closes https://github.com/curl/curl/pull/2721
+ Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
+ Closes #2942
-- examples: fix -Wformat warnings
-
- When size_t is not a typedef for unsigned long (as usually the case on
- Windows), GCC emits -Wformat warnings when using lu and lx format
- specifiers with size_t. Silence them with explicit casts to
- unsigned long.
+- url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
- Closes https://github.com/curl/curl/pull/2721
+ Closes #2709
-Daniel Stenberg (9 Jul 2018)
-- smtp: use the upload buffer size for scratch buffer malloc
-
- ... not the read buffer size, as that can be set smaller and thus cause
- a buffer overflow! CVE-2018-0500
+- multiplex: enable by default
- Reported-by: Peter Wu
- Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
+ Starting 7.62.0, multiplexing is enabled by default in multi handles.
-- [Dave Reisner brought this change]
+- [Jim Fuller brought this change]
- scripts: include _curl as part of CLEANFILES
+ tests: add unit tests for url.c
- Closes #2718
-
-- [Nick Zitzmann brought this change]
+ Approved-by: Daniel Gustafsson
+ Closes #2937
- darwinssl: allow High Sierra users to build the code using GCC
-
- ...but GCC users lose out on TLS 1.3 support, since we can't weak-link
- enumeration constants.
+- test1452: mark as flaky
- Fixes #2656
- Closes #2703
-
-- [Ruslan Baratov brought this change]
-
- CMake: Remove unused 'output_var' from 'collect_true'
+ makes it not run in the CI builds
- Variable 'output_var' is not used and can be removed.
- Function 'collect_true' renamed to 'count_true'.
-
-- [Ruslan Baratov brought this change]
+ Closes #2941
- CMake: Remove unused functions
+- pipelining: deprecated
- Closes #2711
-
-- KNOWN_BUGS: Stick to same family over SOCKS proxy
-
-- libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE
+ Transparently. The related curl_multi_setopt() options all still returns
+ OK when pipelining is selected.
- ... because otherwise not everything get closed down correctly.
+ To re-enable the support, the single line change in lib/multi.c needs to
+ be reverted.
- Fixes #2708
- Closes #2712
-
-- libssh: include line number in state change debug messages
+ See docs/DEPRECATE.md
- Closes #2713
-
-- KNOWN_BUGS: Borland support is dropped, AIX problem is too old
+ Closes #2705
-- [Jeroen Ooms brought this change]
+- RELEASE-NOTES: start working on 7.62.0
- example/crawler.c: simple crawler based on libxml2
-
- Closes #2706
+Version 7.61.1 (4 Sep 2018)
-- RELEASE-NOTES: synced
+Daniel Stenberg (4 Sep 2018)
+- THANKS: 7.61.1 status
-- DEPRECATE: include year when specifying date
+- RELEASE-NOTES: 7.61.1
-- DEPRECATE: linkified
+- Curl_getoff_all_pipelines: ignore unused return values
+
+ Since scan-build would warn on the dead "Dead store/Dead increment"
-- DEPRECATE: mention the PR that disabled axTLS
+Viktor Szakats (4 Sep 2018)
+- sftp: fix indentation
-- docs/DEPRECATE.md: spelling and minor formatting
+Daniel Stenberg (4 Sep 2018)
+- [Przemysław Tomaszewski brought this change]
-- DEPRECATE: new doc describing planned item removals
+ sftp: don't send post-qoute sequence when retrying a connection
- Closes #2704
-
-- [Gisle Vanem brought this change]
+ Fixes #2939
+ Closes #2940
- telnet: fix clang warnings
+Kamil Dudka (3 Sep 2018)
+- url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
- telnet.c(1401,28): warning: cast from function call of type 'int' to
- non-matching type 'HANDLE' (aka 'void *') [-Wbad-function-cast]
+ This is a follow-up to PR #2607 and PR #2926.
- Fixes #2696
- Closes #2700
-
-- docs: fix missed option name markups
-
-- [Gaurav Malhotra brought this change]
+ Closes #2936
- openssl: Remove some dead code
-
- Closes #2698
+Daniel Stenberg (3 Sep 2018)
+- [Jay Satiro brought this change]
-- openssl: make the requested TLS version the *minimum* wanted
+ tool_operate: Add http code 408 to transient list for --retry
- The code treated the set version as the *exact* version to require in
- the TLS handshake, which is not what other TLS backends do and probably
- not what most people expect either.
+ - Treat 408 request timeout as transient so that curl will retry the
+ request if --retry was used.
- Reported-by: Andreas Olsson
- Assisted-by: Gaurav Malhotra
- Fixes #2691
- Closes #2694
+ Closes #2925
-- RELEASE-NOTES: synced
+- [Jay Satiro brought this change]
-- openssl: allow TLS 1.3 by default
+ openssl: Fix setting TLS 1.3 cipher suites
- Reported-by: Andreas Olsson
- Fixes #2692
- Closes #2693
-
-- [Adrian Peniak brought this change]
-
- CURLINFO_TLS_SSL_PTR.3: improve the example
+ The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
+ missing.
- The previous example was a little bit confusing, because SSL* structure
- (or other "in use" SSL connection pointer) is not accessible after the
- transfer is completed, therefore working with the raw TLS library
- specific pointer needs to be done during transfer.
+ Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
+ Reported-by: Kamil Dudka
- Closes #2690
+ Closes #2926
-- travis: add a build using the synchronous name resolver
-
- ... since default uses the threaded one and we test the c-ares build
- already.
+- Curl_ntlm_core_mk_nt_hash: return error on too long password
- Closes #2689
-
-- configure: remove CURL_CHECK_NI_WITHSCOPEID too
+ ... since it would cause an integer overflow if longer than (max size_t
+ / 2).
- Since it isn't used either and requires the getnameinfo check
+ This is CVE-2018-14618
- Follow-up to 0aeca41702d2
+ Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
+ Closes #2756
+ Reported-by: Zhaoyang Wu
-- getnameinfo: not used
-
- Closes #2687
+- [Rikard Falkeborn brought this change]
-- easy_perform: use *multi_timeout() to get wait times
-
- ... and trim the threaded Curl_resolver_getsock() to return zero
- millisecond wait times during the first three milliseconds so that
- localhost or names in the OS resolver cache gets detected and used
- faster.
+ http2: Use correct format identifier for stream_id
- Closes #2685
+ Closes #2928
-Max Dymond (27 Jun 2018)
-- configure: Add dependent libraries after crypto
-
- The linker is pretty dumb and processes things left to right, keeping a
- tally of symbols it hasn't resolved yet. So, we need -ldl to appear
- after -lcrypto otherwise the linker won't find the dl functions.
+Marcel Raad (2 Sep 2018)
+- test1148: fix precheck output
- Closes #2684
-
-Daniel Stenberg (27 Jun 2018)
-- GOVERNANCE: linkify, changed some titles
-
-- GOVERNANCE: add maintainer details/duties
+ "precheck command error" is not very helpful.
-- url: check Curl_conncache_add_conn return code
+Daniel Stenberg (1 Sep 2018)
+- all: s/int/size_t cleanup
- ... it was previously unchecked in two places and thus errors could
- remain undetected and cause trouble.
+ Assisted-by: Rikard Falkeborn
- Closes #2681
+ Closes #2922
-- include/README: remove "hacking" advice, not the right place
+- ssh-libssh: use FALLTHROUGH to silence gcc8
-- RELEASE-NOTES: synced
+Jay Satiro (31 Aug 2018)
+- tool_operate: Fix setting proxy TLS 1.3 ciphers
-- CURLOPT_SSL_VERIFYPEER.3: fix syntax mistake
-
- Follow-up to b6a16afa0aa5
+Daniel Stenberg (31 Aug 2018)
+- [Daniel Gustafsson brought this change]
-- netrc: use a larger buffer
+ cookies: support creation-time attribute for cookies
- ... to work with longer passwords etc. Grow it from a 256 to a 4096
- bytes buffer.
+ According to RFC6265 section 5.4, cookies with equal path lengths
+ SHOULD be sorted by creation-time (earlier first). This adds a
+ creation-time record to the cookie struct in order to make cookie
+ sorting more deterministic. The creation-time is defined as the
+ order of the cookies in the jar, the first cookie read fro the
+ jar being the oldest. The creation-time is thus not serialized
+ into the jar. Also remove the strcmp() matching in the sorting as
+ there is no lexicographic ordering in RFC6265. Existing tests are
+ updated to match.
- Reported-by: Dario Nieuwenhuis
- Fixes #2676
- Closes #2680
-
-- [Patrick Schlangen brought this change]
+ Closes #2524
- CURLOPT_SSL_VERIFYPEER.3: Add performance note
+Marcel Raad (31 Aug 2018)
+- Don't use Windows path %PWD for SSH tests
- Closes #2673
-
-- [Javier Blazquez brought this change]
-
- multi: fix crash due to dangling entry in connect-pending list
+ All these tests failed on Windows because something like
+ sftp://%HOSTIP:%SSHPORT%PWD/
+ expanded to
+ sftp://127.0.0.1:1234c:/msys64/home/bla/curl
+ and then curl complained about the port number ending with a letter.
+
+ Use the original POSIX path instead of the Windows path created in
+ checksystem to fix this.
- Fixes #2677
- Closes #2679
+ Closes https://github.com/curl/curl/pull/2920
-- ConnectionExists: make sure conn->data is set when "taking" a connection
+Jay Satiro (29 Aug 2018)
+- CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning
- Follow-up to 2c15693.
+ Reported-by: Daniel Stenberg
- Bug #2674
- Closes #2675
+ Closes https://github.com/curl/curl/issues/2916
-- [Kevin R. Bulgrien brought this change]
+Daniel Stenberg (28 Aug 2018)
+- THANKS-filter: dedup Daniel Jeliński
- system.h: fix for gcc on 32 bit OpenServer
-
- Bug: https://curl.haxx.se/mail/lib-2018-06/0100.html
+- RELEASE-NOTES: synced
-- [Raphael Gozzo brought this change]
+- CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip]
- cmake: allow multiple SSL backends
+- CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip]
- This will make possible to select the SSL backend (using
- curl_global_sslset()) even when the libcurl is built using CMake
+ Added a warning!
- Closes #2665
+ Closes #2915
-- url: fix dangling conn->data pointer
-
- By masking sure to use the *current* easy handle with extracted
- connections from the cache, and make sure to NULLify the ->data pointer
- when the connection is put into the cache to make this mistake easier to
- detect in the future.
+- curl: fix time-of-check, time-of-use race in dir creation
- Reported-by: Will Dietz
- Fixes #2669
- Closes #2672
-
-- CURLOPT_INTERFACE.3: interface names not supported on Windows
+ Patch-by: Jay Satiro
+ Detected by Coverity
+ Fixes #2739
+ Closes #2912
-- travis: run more tests for coverage check
+- cmdline-opts/page-footer: fix edit mistake
- ... run a few more tortured based and run all tests event-based.
+ There was a missing newline.
- Closes #2664
+ follow-up to a7ba60bb7250
-- multi: fix memory leak when stopped during name resolve
-
- When the application just started the transfer and then stops it while
- the name resolve in the background thread hasn't completed, we need to
- wait for the resolve to complete and then cleanup data accordingly.
-
- Enabled test 1553 again and added test 1590 to also check when the host
- name resolves successfully.
+- docs: clarify NO_PROXY env variable functionality
- Detected by OSS-fuzz.
- Closes #1968
+ Reported-by: Kirill Marchuk
+ Fixes #2773
+ Closes #2911
-Viktor Szakats (15 Jun 2018)
-- maketgz: delete .bak files, fix indentation
-
- Ref: https://github.com/curl/curl/pull/2660
+Marcel Raad (24 Aug 2018)
+- lib1522: fix curl_easy_setopt argument type
- Closes https://github.com/curl/curl/pull/2662
-
-Daniel Stenberg (15 Jun 2018)
-- runtests.pl: remove debug leftover from bb9a340c73f3
+ CURLOPT_POSTFIELDSIZE is a long option.
-- curl-confopts.m4: fix typo from ed224f23d5beb
+- curl_threads: silence bad-function-cast warning
- Fixes my local configure to detect a custom installed c-ares without
- pkgconfig.
-
-- docs/RELEASE-PROCEDURE.md: renamed to use .md extension
+ As uintptr_t and HANDLE are always the same size, this warning is
+ harmless. Just silence it using an intermediate uintptr_t variable.
- Closes #2663
-
-- RELEASE-PROCEDURE: gpg sign the tags
-
-- RELEASE-NOTES: synced
+ Closes https://github.com/curl/curl/pull/2908
-- CURLOPT_HTTPAUTH.3: CURLAUTH_BEARER was added in 7.61.0
+Daniel Stenberg (24 Aug 2018)
+- README: add appveyor build badge [ci skip]
+
+ Closes #2913
-- [Mamta Upadhyay brought this change]
+- [Ihor Karpenko brought this change]
- maketgz: fix sed issues on OSX
+ schannel: client certificate store opening fix
- maketgz creates release tarballs and removes the -DEV string in curl
- version (e.g. 7.58.0-DEV), else -DEV shows up on command line when curl
- is run. maketgz works fine on linux but fails on OSX. Problem is with
- the sed commands that use option -i without an extension. Maketgz
- expects GNU sed instead of BSD and this simply won't work on OSX. Adding
- a backup extension .bak after -i fixes this issue
+ 1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
+ while opening certificate store would be sufficient in this scenario and
+ less-demanding in sense of required user credentials ( for example,
+ IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
+ call without any of flags mentioned above ),
- Running the script as if on OSX gives this error:
+ 2) as 'cert_store_name' is a DWORD, attempt to format its value like a
+ string ( in "Failed to open cert store" error message ) will throw null
+ pointer exception
- sed: -e: No such file or directory
+ 3) adding GetLastError(), in my opinion, will make error message more
+ useful.
- Adding a .bak extension resolves it
+ Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
- Closes #2660
+ Closes #2909
+
+- [Leonardo Taccari brought this change]
-- configure: enhance ability to detect/build with static openssl
+ gopher: Do not translate `?' to `%09'
- Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for
- building with static libs without pkg-config.
+ Since GOPHER support was added in curl `?' character was automatically
+ translated to `%09' (`\t').
- Reported-by: Marcel Raad
- Fixes #2199
- Closes #2659
-
-- configure: use pkg-config for c-ares detection
+ However, this behaviour does not seems documented in RFC 4266 and for
+ search selectors it is documented to directly use `%09' in the URL.
+ Apart that several gopher servers in the current gopherspace have CGI
+ support where `?' is used as part of the selector and translating it to
+ `%09' often leads to surprising results.
- First check if there's c-ares information given as pkg-config info and use
- that as first preference.
+ Closes #2910
+
+Marcel Raad (23 Aug 2018)
+- cookie tests: treat files as text
- Reported-by: pszemus on github
- Fixes #2203
- Closes #2658
+ Fixes test failures because of wrong line endings on Windows.
-- GOVERNANCE.md: explains how this project is run
+Daniel Stenberg (23 Aug 2018)
+- libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
+
+ Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to
+ avoid the risk of getting a SIGPIPE.
+
+ Either way, a multi-threaded application that uses libcurl/openssl needs
+ to have a signhandler for or ignore SIGPIPE on its own.
- Closes #2657
+ Based on discussions in #2800
+ Closes #2904
-- KNOWN_BUGS: NTLM doen't support password with § character
-
- Closes #2120
+- RELEASE-NOTES: synced
-- KNOWN_BUGS: slow connect to localhost on Windows
+Marcel Raad (22 Aug 2018)
+- Tests: fixes for Windows
- Closes #2281
-
-- [Matteo Bignotti brought this change]
+ - test 1268 requires unix sockets
+ - test 2072 must be disabled also for MSYS/MinGW
- mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
-
- certdata.txt should be deleted also when the process is interrupted by
- "same certificate downloaded, exiting"
-
- The certdata.txt is currently kept on disk even if you give the -u
- option
+Daniel Stenberg (22 Aug 2018)
+- http2: abort the send_callback if not setup yet
- Closes #2655
-
-- progress: remove a set of unused defines
+ When Curl_http2_done() gets called before the http2 data is setup all
+ the way, we cannot send anything and this should just return an error.
- Reported-by: Peter Wu
- Closes #2654
+ Detected by OSS-Fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
-- TODO: "Option to refuse usernames in URLs" done
+- http2: remove four unused nghttp2 callbacks
- Implemented by Björn in 946ce5b61f
-
-- [Lyman Epp brought this change]
+ Closes #2903
- Curl_init_do: handle NULL connection pointer passed in
+- x509asn1: use FALLTHROUGH
- Closes #2653
+ ... as no other comments are accepted since 014ed7c22f51463
-- runtests: support variables in <strippart>
+Marcel Raad (21 Aug 2018)
+- test1148: disable if decimal separator is not point
- ... and make use of that to make 1455 work better without using a fixed
- local port number.
+ Modifying the locale with environment variables doesn't work for native
+ Windows applications. Just disable the test in this case if the decimal
+ separator is something different than a point. Use a precheck with a
+ small C program to achieve that.
- Fixes #2649
- Closes #2650
+ Closes https://github.com/curl/curl/pull/2786
-- Curl_debug: remove dead printhost code
+- Enable more GCC warnings
- The struct field is never set (since 5e0d9aea3) so remove the use of it
- and remove the connectdata pointer from the prototype.
+ This enables the following additional warnings:
+ -Wold-style-definition
+ -Warray-bounds=2 instead of the default 1
+ -Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not
+ respected for older versions
+ -Wunused-const-variable, which enables level 2 instead of the default 1
+ -Warray-bounds also in debug mode through -ftree-vrp
+ -Wnull-dereference also in debug mode through
+ -fdelete-null-pointer-checks
- Reported-by: Tejas
- Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html
- Closes #2647
+ Closes https://github.com/curl/curl/pull/2747
-Viktor Szakats (12 Jun 2018)
-- schannel: avoid incompatible pointer warning
+- curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
- with clang-6.0:
- ```
- vtls/schannel_verify.c: In function 'add_certs_to_store':
- vtls/schannel_verify.c:212:30: warning: passing argument 11 of 'CryptQueryObject' from incompatible pointer type [-Wincompatible-pointer-types]
- &cert_context)) {
- ^
- In file included from /usr/share/mingw-w64/include/schannel.h:10:0,
- from /usr/share/mingw-w64/include/schnlsp.h:9,
- from vtls/schannel.h:29,
- from vtls/schannel_verify.c:40:
- /usr/share/mingw-w64/include/wincrypt.h:4437:26: note: expected 'const void **' but argument is of type 'CERT_CONTEXT ** {aka struct _CERT_CONTEXT **}'
- WINIMPM WINBOOL WINAPI CryptQueryObject (DWORD dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags,
- ^~~~~~~~~~~~~~~~
- ```
- Ref: https://msdn.microsoft.com/library/windows/desktop/aa380264
+ This enables level 4 instead of the default level 3, which of the
+ currently used comments only allows /* FALLTHROUGH */ to silence the
+ warning.
- Closes https://github.com/curl/curl/pull/2648
-
-Daniel Stenberg (12 Jun 2018)
-- [Robert Prag brought this change]
+ Closes https://github.com/curl/curl/pull/2747
- schannel: support selecting ciphers
-
- Given the contstraints of SChannel, I'm exposing these as the algorithms
- themselves instead; while replicating the ciphersuite as specified by
- OpenSSL would have been preferable, I found no way in the SChannel API
- to do so.
+- curl-compilers: enable -Wbad-function-cast on GCC
- To use this from the commandline, you need to pass the names of contants
- defining the desired algorithms. For example, curl --ciphers
- "CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
- https://github.com The specific names come from wincrypt.h
+ This warning used to be enabled only for clang as it's a bit stricter
+ on GCC. Silence the remaining occurrences and enable it on GCC too.
- Closes #2630
-
-- [Bernhard M. Wiedemann brought this change]
+ Closes https://github.com/curl/curl/pull/2747
- test 46: make test pass after 2025
-
- shifting the expiry date to 2037 for now
- to be before the possibly problematic year 2038
+- configure: conditionally enable pedantic-errors
- similar in spirit to commit e6293cf8764e9eecb
+ Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
+ pedantic-errors was synonymous to -Werror=pedantic [0], which is still
+ the case for clang [1]. With GCC 5, it became complementary [2].
- Closes #2646
-
-- [Marian Klymov brought this change]
-
- cppcheck: fix warnings
+ Also fix a resulting error in acinclude.m4 as main's return type was
+ missing, which is illegal in C99.
- - Get rid of variable that was generating false positive warning
- (unitialized)
+ [0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
+ [1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
+ [2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html
- - Fix issues in tests
+ Closes https://github.com/curl/curl/pull/2747
+
+- Remove unused definitions
- - Reduce scope of several variables all over
+ Closes https://github.com/curl/curl/pull/2747
+
+Daniel Stenberg (21 Aug 2018)
+- x509asn1: make several functions static
- etc
+ and remove the private SIZE_T_MAX define and use the generic one.
- Closes #2631
+ Closes #2902
-- openssl: assume engine support in 1.0.1 or later
-
- Previously it was checked for in configure/cmake, but that would then
- leave other build systems built without engine support.
+- INTERNALS: require GnuTLS >= 2.11.3
- While engine support probably existed prior to 1.0.1, I decided to play
- safe. If someone experience a problem with this, we can widen the
- version check.
+ Since the public pinning support was brought in e644866caf4. GnuTLS
+ 2.11.3 was released in October 2010.
- Fixes #2641
- Closes #2644
-
-- RELEASE-NOTES: synced
-
-- RELEASE-PROCEDURE: update the release calendar for 2019
-
-- [Gisle Vanem brought this change]
+ Figured out in #2890
- boringssl + schannel: undef X509_NAME in lib/schannel.h
+- http2: avoid set_stream_user_data() before stream is assigned
- Fixes the build problem when both boringssl and schannel are enabled.
+ ... before the stream is started, we have it set to -1.
- Fixes #2634
- Closes #2643
-
-- [Vladimir Kotal brought this change]
+ Fixes #2894
+ Closes #2898
- mk-ca-bundle.pl: leave certificate name untouched in decode()
+- SSLCERTS: improve the openssl command line
- Closes #2640
+ ... for extracting certs from a live HTTPS server to make a cacerts.pem
+ from them.
-- [Rikard Falkeborn brought this change]
+- docs/SECURITY-PROCESS: now we name the files after the CVE id
+
+- RELEASE-NOTES: synced
- tests/libtests/Makefile.am: Add lib1521.c to CLEANFILES
+- upload: change default UPLOAD_BUFSIZE to 64KB
- This removes the generated lib1521.c when running make clean.
+ To make uploads significantly faster in some circumstances.
- Closes #2633
-
-- [Rikard Falkeborn brought this change]
+ Part 2 of #2888
+ Closes #2892
- tests/libtest: Add lib1521 to nodist_SOURCES
+- upload: allocate upload buffer on-demand
- Since 467da3af0, lib1521.c is generated instead of checked in. According
- to the commit message, the intention was to remove it from the tarball
- as well. However, it is still present when running make dist. To remove
- it, add it to nodist_lib1521_SOURCES. This also means there is no need
- for the manually added dist-rule in the Makefile.
+ Saves 16KB on the easy handle for operations that don't need that
+ buffer.
- Also update CMakelists.txt to handle the fact that we now may have
- nodist_SOURCES.
+ Part 1 of #2888
-- [Stephan Mühlstrasser brought this change]
+- [Laurent Bonnans brought this change]
- system.h: add support for IBM xlc C compiler
-
- Added a section to system.h guarded with __xlc__ for the IBM xml C
- compiler. Before this change the section titled 'generic "safe guess" on
- old 32 bit style' was used, which resulted in a wrong definition of
- CURL_TYPEOF_CURL_SOCKLEN_T, and for 64-bit also CURL_TYPEOF_CURL_OFF_T
- was wrong.
-
- Compilation warnings fixed with this change:
+ vtls: reinstantiate engine on duplicated handles
- CC libcurl_la-ftp.lo
- "ftp.c", line 290.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- "ftp.c", line 293.48: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- "ftp.c", line 1070.49: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- "ftp.c", line 1154.53: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- "ftp.c", line 1187.51: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- CC libcurl_la-connect.lo
- "connect.c", line 448.56: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- "connect.c", line 516.66: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- "connect.c", line 687.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- "connect.c", line 696.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
- CC libcurl_la-tftp.lo
- "tftp.c", line 1115.33: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
+ Handles created with curl_easy_duphandle do not use the SSL engine set
+ up in the original handle. This fixes the issue by storing the engine
+ name in the internal url state and setting the engine from its name
+ inside curl_easy_duphandle.
- Closes #2637
-
-- cmdline-opts/cert-type.d: mention "p12" as a recognized type as well
+ Reported-by: Anton Gerasimov
+ Signed-of-by: Laurent Bonnans
+ Fixes #2829
+ Closes #2833
-Viktor Szakats (3 Jun 2018)
-- spelling fixes
+- http2: make sure to send after RST_STREAM
- Detected using the `codespell` tool (version 1.13.0).
+ If this is the last stream on this connection, the RST_STREAM might not
+ get pushed to the wire otherwise.
- Also secure and fix an URL.
-
-Daniel Stenberg (2 Jun 2018)
-- axtls: follow-up spell fix of comment
+ Fixes #2882
+ Closes #2887
+ Researched-by: Michael Kaufmann
-- axTLS: not considered fit for use
-
- URL: https://curl.haxx.se/mail/lib-2018-06/0000.html
+- test1268: check the stderr output as "text"
- This is step one. It adds #error statements that require source edits to
- make curl build again if asked to use axTLS. At a later stage we might
- remove the axTLS specific code completely.
+ Follow-up to 099f37e9c57
- Closes #2628
+ Pointed-out-by: Marcel Raad
-- build: remove the Borland specific makefiles
+- urldata: remove unused pipe_broke struct field
- According to the user survey 2018, not even one out of 670 users use
- them. Nobody on the mailing list spoke up for them either.
+ This struct field is never set TRUE in any existing code path. This
+ change removes the field completely.
- Closes #2629
+ Closes #2871
-- curl_addrinfo: use same #ifdef conditions in source as header
+- curl: warn the user if a given file name looks like an option
- ... for curl_dofreeaddrinfo
-
-- multi: remove a DEBUGF()
+ ... simply because this is usually a sign of the user having omitted the
+ file name and the next option is instead "eaten" by the parser as a file
+ name.
- ... it might call infof() with a NULL first argument that isn't harmful
- but makes it not do anything. The infof() line is not very useful
- anymore, it has served it purpose. Good riddance!
+ Add test1268 to verify
- Fixes #2627
-
-- [Alibek.Jorajev brought this change]
+ Closes #2885
- CURLOPT_RESOLVE: always purge old entry first
+- http2: check nghttp2_session_set_stream_user_data return code
- If there's an existing entry using the selected name.
+ Might help bug #2688 debugging
- Closes #2622
+ Closes #2880
-- fnmatch: use the system one if available
-
- If configure detects fnmatch to be available, use that instead of our
- custom one for FTP wildcard pattern matching. For standard compliance,
- to reduce our footprint and to use already well tested and well
- exercised code.
+- travis: revert back to gcc-7 for coverage builds
- A POSIX fnmatch behaves slightly different than the internal function
- for a few test patterns currently and the macOS one yet slightly
- different. Test case 1307 is adjusted for these differences.
+ ... since the gcc-8 ones seem to fail frequently.
- Closes #2626
-
-Patrick Monnerat (31 May 2018)
-- os400: add new option in ILE/RPG binding
+ Follow-up from b85207199544ca
- Follow-up to commit 946ce5b
-
-Daniel Stenberg (31 May 2018)
-- tests/libtest/.gitignore: follow-up fix to ignore lib5* too
+ Closes #2886
-- KNOWN_BUGS: CURL_GLOBAL_SSL
+- RELEASE-NOTES: synced
- Closes #2276
+ ... and now listed in alphabetical order!
-- [Bernhard Walle brought this change]
+- [Adrien brought this change]
- configure: check for declaration of getpwuid_r
-
- On our x86 Android toolchain, getpwuid_r is implemented but the header
- is missing:
-
- netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration]
-
- Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved
- the prototype to curl_setup.h.
+ CMake: CMake config files are defining CURL_STATICLIB for static builds
- Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
- Closes #2609
-
-- [Rikard Falkeborn brought this change]
-
- tests: update .gitignore for libtests
+ This change allows to use the CMake config files generated by Curl's
+ CMake scripts for static builds of the library.
+ The symbol CURL_STATIC lib must be defined to compile downstream,
+ thus the config package is the perfect place to do so.
- Closes #2624
+ Fixes #2817
+ Closes #2823
+ Reported-by: adnn on github
+ Reviewed-by: Sergei Nikulov
-- [Rikard Falkeborn brought this change]
+- TODO: host name sections in config files
- strictness: correct {infof, failf} format specifiers
+Kamil Dudka (14 Aug 2018)
+- ssh-libssh: fix infinite connect loop on invalid private key
- Closes #2623
-
-- [Björn Stenberg brought this change]
-
- option: disallow username in URL
+ Added test 656 (based on test 604) to verify the fix.
- Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
- libcurl reject URLs with a username in them.
+ Bug: https://bugzilla.redhat.com/1595135
- Closes #2340
-
-- libcurl-security.3: improved layout for two rememdy lists
-
-- libcurl-security.3: refer to URL instead of in-source markdown file
+ Closes #2879
-Viktor Szakats (30 May 2018)
-- curl.rc: embed manifest for correct Windows version detection
+- ssh-libssh: reduce excessive verbose output about pubkey auth
- * enable it in `src/Makefile.m32`
- * enable it in `winbuild/MakefileBuild.vc` if a custom manifest is
- _not_ enabled via the existing `EMBED_MANIFEST` option
- * enable it for all Windows CMake builds (also disable the built-in
- minimal manifest, added by CMake by default.)
+ The verbose message "Authentication using SSH public key file" was
+ printed each time the ssh_userauth_publickey_auto() was called, which
+ meant each time a packet was transferred over network because the API
+ operates in non-blocking mode.
- For other build systems, add the `-DCURL_EMBED_MANIFEST` option to
- the list of RC (Resource Compiler) flags to enable the manifest
- included in `src/curl.rc`. This may require to disable whatever
- automatic or other means in which way another manifest is added to
- `curl.exe`.
+ This patch makes sure that the verbose message is printed just once
+ (when the authentication state is entered by the SSH state machine).
+
+Daniel Stenberg (14 Aug 2018)
+- travis: disable h2 torture tests for "coverage"
- Notice that Borland C doesn't support this method due to a
- long-pending resource compiler bug. Watcom C may also not handle
- it correctly when the `-zm` `wrc` option is used (this option may
- be unnecessary though) and regardless of options in certain earlier
- revisions of the 2.0 beta version.
+ Since they started to fail almost 100% since a few days.
- Closes https://github.com/curl/curl/pull/1221
- Fixes https://github.com/curl/curl/issues/2591
-
-Patrick Monnerat (30 May 2018)
-- os400: sync EBCDIC wrappers and ILE/RPG binding with latest options
+ Closes #2876
-- os400: implement mime api EBCDIC wrappers
+Marcel Raad (14 Aug 2018)
+- travis: update to GCC 8
- Also sync ILE/RPG binding to define the new functions.
+ Closes https://github.com/curl/curl/pull/2869
-Daniel Stenberg (29 May 2018)
-- setopt: add TLS 1.3 ciphersuites
+Daniel Stenberg (13 Aug 2018)
+- http: fix for tiny "HTTP/0.9" response
- Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.
+ Deal with tiny "HTTP/0.9" (header-less) responses by checking the
+ status-line early, even before a full "HTTP/" is received to allow
+ detecting 0.9 properly.
- curl: added --tls13-ciphers and --proxy-tls13-ciphers
+ Test 1266 and 1267 added to verify.
- Fixes #2435
- Reported-by: zzq1015 on github
- Closes #2607
+ Fixes #2420
+ Closes #2872
-- configure: override AR_FLAGS to silence warning
+Kamil Dudka (13 Aug 2018)
+- docs: add disallow-username-in-url.d and haproxy-protocol.d on the list
- The automake default ar flags are 'cru', but the 'u' flag in there
- causes warnings on many modern Linux distros. Removing 'u' may have a
- minor performance impact on older distros but should not cause harm.
+ ... to make make the files appear in distribution tarballs
- Explained on the automake mailing list already back in April 2015:
+ Closes #2856
+
+- .travis.yml: verify that man pages can be regenerated
- https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html
+ ... when curl is built from distribution tarball
- Reported-by: elephoenix on github
- Fixes #2617
- Closes #2619
-
-Sergei Nikulov (29 May 2018)
-- cmake: fixed comments in compile checks code
+ Closes #2856
-Daniel Stenberg (29 May 2018)
-- INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
+Marcel Raad (11 Aug 2018)
+- Split non-portable part off test 1133
- ... the older description doesn't work
+ Split off testing file names with double quotes into new test 1158.
+ Disable it for MSYS using a precheck as it doesn't support file names
+ with double quotes (but Cygwin does, for example).
- Reported-by: Peter Varga
- Fixes #2615
- Closes #2616
-
-- [Will Dietz brought this change]
+ Fixes https://github.com/curl/curl/issues/2796
+ Closes https://github.com/curl/curl/pull/2854
- KNOWN_BUGS: restore text regarding #2101.
+Jay Satiro (11 Aug 2018)
+- projects: Improve Windows perl detection in batch scripts
- This was added earlier but appears to have been removed accidentally.
+ - Determine if perl is in the user's PATH by running perl.exe.
- AFAICT this is very much still an issue.
+ Prior to this change detection was done by checking the PATH for perl/
+ but that did not work in all cases (eg git install includes perl but
+ not in perl/ path).
- -----
+ Bug: https://github.com/curl/curl/pull/2865
+ Reported-by: Daniel Jeliński
+
+- [Michael Kaufmann brought this change]
+
+ docs: Improve the manual pages of some callbacks
- I say "accidentally" because the text seems to have harmlessly snuck
- into [1] (which makes no mention of it). [1] was later reverted for
- unspecified reasons in [2], presumably because the mentioned issue was
- fixed or invalid.
+ - CURLOPT_HEADERFUNCTION: add newlines
+ - CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
+ - CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
+ - CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
+ how to set it
- [1] de9fac00c40db321d44fa6fbab6eb62ec4c83998
- [2] 16d1f369403cbb04bd7b085eabbeebf159473fc2
+ Closes https://github.com/curl/curl/pull/2868
+
+Marcel Raad (11 Aug 2018)
+- GCC: silence -Wcast-function-type uniformly
- Closes #2618
+ Pointed-out-by: Rikard Falkeborn
+ Closes https://github.com/curl/curl/pull/2860
-- fnmatch: insist on escaped bracket to match
+- Silence GCC 8 cast-function-type warnings
- A non-escaped bracket ([) is for a character group - as documented. It
- will *not* match an individual bracket anymore. Test case 1307 updated
- accordingly to match.
+ On Windows, casting between unrelated function types is fine and
+ sometimes even necessary, so just use an intermediate cast to
+ (void (*) (void)) to silence the warning as described in [0].
- Problem detected by OSS-Fuzz, although this fix is probably not a final
- fix for the notorious timeout issues.
+ [0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
- Closes #2614
+ Closes https://github.com/curl/curl/pull/2860
-Patrick Monnerat (28 May 2018)
-- psl: use latest psl and refresh it periodically
+Daniel Stenberg (11 Aug 2018)
+- CURLINFO_SIZE_UPLOAD: fix missing counter update
- The latest psl is cached in the multi or share handle. It is refreshed
- before use after 72 hours.
- New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
- If the latest psl is not available, the builtin psl is used.
+ Adds test 1522 for verification.
- Reported-by: Yaakov Selkowitz
- Fixes #2553
- Closes #2601
+ Reported-by: cjmsoregan
+ Fixes #2847
+ Closes #2864
-Daniel Stenberg (28 May 2018)
-- [Fabrice Fontaine brought this change]
+- [Daniel Jelinski brought this change]
- configure: fix ssh2 linking when built with a static mbedtls
-
- The ssh2 pkg-config file could contain the following lines when build
- with a static version of mbedtls:
- Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
- Libs.private: /xxx/libmbedcrypto.a
-
- This static mbedtls library must be used to correctly detect ssh2
- support and this library must be copied in libcurl.pc otherwise
- compilation of any application (such as upmpdcli) with libcurl will fail
- when trying to found mbedtls functions included in libssh2. So, replace
- pkg-config --libs-only-l by pkg-config --libs.
-
- Fixes:
- - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a
+ Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
- Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
- Closes #2613
+ Closes #2867
- RELEASE-NOTES: synced
-- [Bernhard Walle brought this change]
-
- cmake: check for getpwuid_r
-
- The autotools-based build system does it, so we do it also in CMake.
+- openssl: fix potential NULL pointer deref in is_pkcs11_uri
- Bug: #2609
- Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
-
-- cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
-
-- [Frank Gevaerts brought this change]
+ Follow-up to 298d2565e
+ Coverity CID 1438387
- curl.1: Fix cmdline-opts reference errors.
+Marcel Raad (10 Aug 2018)
+- travis: execute "set -eo pipefail" for coverage build
- --data, --form, and --ntlm were declared to be mutually exclusive with
- non-existing options. --data and --form referred to --upload (which is
- short for --upload-file and therefore did work, so this one was merely
- a bit confusing), --ntlm referred to --negotiated instead of --negotiate.
+ Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and
+ 0b87c963252d3504552ee0c8cf4402bd65a80af5.
- Closes #2612
-
-- [Frank Gevaerts brought this change]
+ Closes https://github.com/curl/curl/pull/2862
- docs: fix cmdline-opts metadata headers case consistency.
+Daniel Stenberg (10 Aug 2018)
+- lib1502: fix memory leak in torture test
- Almost all headers start with an uppercase letter, but some didn't.
-
-- mailmap: Max Savenkov
-
-Sergei Nikulov (28 May 2018)
-- [Max Savenkov brought this change]
-
- Fix the test for fsetxattr and strerror_r tests in CMake to work without compiling
-
-Daniel Stenberg (27 May 2018)
-- mailmap: a Richard Alcock fixup
-
-- [Richard Alcock brought this change]
+ Reported-by: Marcel Raad
+ Fixes #2861
+ Closes #2863
- schannel: add failf calls for client certificate failures
+- docs: mention NULL is fine input to several functions
- Closes #2604
+ Fixes #2837
+ Closes #2858
+ Reported-by: Markus Elfring
-- [Richard Alcock brought this change]
+- [Bas van Schaik brought this change]
- winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
-
- Change requirement from $(DISTDIR) to $(DIRDIST)
+ README.md: add LGTM.com code quality grade for C/C++
- closes #2603
+ Closes #2857
-- [Richard Alcock brought this change]
+- [Rikard Falkeborn brought this change]
- winbuild: only delete OUTFILE if it exists
+ test1531: Add timeout
- This removes the slightly annoying "Could not file LIBCURL_OBJS.inc" and
- "Could not find CURL_OBJS.inc.inc" message when building into a clean
- folder.
+ Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is
+ looping going on, we might as well add timing instead of removing it.
- closes #2602
+ Closes #2853
-- [Alejandro R. Sedeño brought this change]
+- [Rikard Falkeborn brought this change]
- content_encoding: handle zlib versions too old for Z_BLOCK
+ test1540: Remove unused macro TEST_HANG_TIMEOUT
- Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available.
+ The macro has never been used, and it there is not really any place
+ where it would make sense to add timing checks.
- Fixes #2606
- Closes #2608
+ Closes #2852
+
+- [Rikard Falkeborn brought this change]
-- multi: provide a socket to wait for in Curl_protocol_getsock
+ asyn-thread: Remove unused macro
- ... even when there's no protocol specific handler setup.
+ The macro seems to never have been used.
- Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html
- Reported-by: Sean Miller
- Closes #2600
+ Closes #2852
-- [Linus Lewandowski brought this change]
+- [Rikard Falkeborn brought this change]
- httpauth: add support for Bearer tokens
+ http_proxy: Remove unused macro SELECT_TIMEOUT
- Closes #2102
-
-- TODO: CURLINFO_PAUSE_STATE
+ Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22.
- Closes #2588
+ Closes #2852
-Sergei Nikulov (24 May 2018)
-- cmake: set -d postfix for debug builds if not specified
- using -DCMAKE_DEBUG_POSTFIX explicitly
-
- fixes #2121, obsoletes #2384
+- [Rikard Falkeborn brought this change]
-Daniel Stenberg (23 May 2018)
-- configure: add basic test of --with-ssl prefix
+ formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
- When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or
- $PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an
- error. Helps users detect when giving configure the wrong path.
+ Its usage was removed in
+ 84ad1fd3047815f9c6e78728bb351b828eac10b1.
- Reported-by: Oleg Pudeyev
- Assisted-by: Per Malmberg
- Fixes #2580
+ Closes #2852
-Patrick Monnerat (22 May 2018)
-- http resume: skip body if http code 416 (range error) is ignored.
-
- This avoids appending error data to already existing good data.
+- [Rikard Falkeborn brought this change]
+
+ telnet: Remove unused macros TELOPTS and TELCMDS
- Test 92 is updated to match this change.
- New test 1156 checks all combinations of --range/--resume, --fail,
- Content-Range header and http status code 200/416.
+ Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51.
- Fixes #1163
- Reported-By: Ithubg on github
- Closes #2578
+ Closes #2852
-Daniel Stenberg (22 May 2018)
-- tftp: make sure error is zero terminated before printfing it
+- [Daniel Jelinski brought this change]
-- configure: add missing m4/ax_compile_check_sizeof.m4
+ openssl: fix debug messages
- follow-up to mistake in 6876ccf90b4
-
-Jay Satiro (22 May 2018)
-- [Johannes Schindelin brought this change]
+ Fixes #2806
+ Closes #2843
- schannel: make CAinfo parsing resilient to CR/LF
-
- OpenSSL has supported --cacert for ages, always accepting LF-only line
- endings ("Unix line endings") as well as CR/LF line endings ("Windows
- line endings").
-
- When we introduced support for --cacert also with Secure Channel (or in
- cURL speak: "WinSSL"), we did not take care to support CR/LF line
- endings, too, even if we are much more likely to receive input in that
- form when using Windows.
-
- Let's fix that.
-
- Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
- accepts CR/LF input already, and the trailing LF before the END
- CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
- we need to care about is the BEGIN CERTIFICATE marker. We do not
- actually need to verify here that the line ending is CR/LF. Just
- checking for a CR or an LF is really plenty enough.
+- configure: fix for -lpthread detection with OpenSSL and pkg-config
- Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+ ... by making sure it uses the -I provided by pkg-config!
- Closes https://github.com/curl/curl/pull/2592
-
-Daniel Stenberg (22 May 2018)
-- CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
+ Reported-by: pszemus on github
+ Fixes #2848
+ Closes #2850
- RELEASE-NOTES: synced
-- KNOWN_BUGS: mention the -O with %-encoded file names
-
- Closes #2573
-
-- checksrc: make sure sizeof() is used *with* parentheses
+- windows: follow up to the buffer-tuning 1ba1dba7
- ... and unify the source code to adhere.
+ Somehow I didn't include the amended version of the previous fix. This
+ is the missing piece.
- Closes #2563
+ Pointed-out-by: Viktor Szakats
-- curl: added --styled-output
-
- It is enabled by default, so --no-styled-output will switch off the
- detection/use of bold headers.
-
- Closes #2538
+- [Daniel Jelinski brought this change]
-- curl: show headers in bold
-
- The feature is only enabled if the output is believed to be a tty.
-
- -J: There's some minor differences and improvements in -J handling, as
- now J should work with -i and it actually creates a file first using the
- initial name and then *renames* that to the one found in
- Content-Disposition (if any).
-
- -i: only shows headers for HTTP transfers now (as documented).
- Previously it would also show for pieces of the transfer that were HTTP
- (for example when doing FTP over a HTTP proxy).
+ windows: implement send buffer tuning
- -i: now shows trailers as well. Previously they were not shown at all.
+ Significantly enhances upload performance on modern Windows versions.
- --libcurl: the CURLOPT_HEADER is no longer set, as the header output is
- now done in the header callback.
+ Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html
+ Closes #2762
+ Fixes #2224
-- configure: compile-time SIZEOF checks
-
- ... instead of exeucting code to get the size. Removes the use of
- LD_LIBRARY_PATH for this.
-
- Fixes #2586
- Closes #2589
- Reported-by: Bernhard Walle
+- [Anderson Toshiyuki Sasaki brought this change]
-- configure: replace AC_TRY_RUN with CURL_RUN_IFELSE
+ ssl: set engine implicitly when a PKCS#11 URI is provided
- ... and export LD_LIBRARY_PATH properly. This is a follow-up from
- 2d4c215.
+ This allows the use of PKCS#11 URI for certificates and keys without
+ setting the corresponding type as "ENG" and the engine as "pkcs11"
+ explicitly. If a PKCS#11 URI is provided for certificate, key,
+ proxy_certificate or proxy_key, the corresponding type is set as "ENG"
+ if not provided and the engine is set to "pkcs11" if not provided.
- Fixes #2586
- Reported-by: Bernhard Walle
+ Acked-by: Nikos Mavrogiannopoulos
+ Closes #2333
-- docs: clarify CURLOPT_HTTPGET somewhat
-
- Reported-by: bsammon on github
- Fixes #2590
+- [Ruslan Baratov brought this change]
-- curl_fnmatch: only allow two asterisks for matching
-
- The previous limit of 5 can still end up in situation that takes a very
- long time and consumes a lot of CPU.
+ CMake: Respect BUILD_SHARED_LIBS
- If there is still a rare use case for this, a user can provide their own
- fnmatch callback for a version that allows a larger set of wildcards.
+ Use standard CMake variable BUILD_SHARED_LIBS instead of introducing
+ custom option CURL_STATICLIB.
- This commit was triggered by yet another OSS-Fuzz timeout due to this.
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369
+ Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml.
- Closes #2587
+ Reviewed-by: Sergei Nikulov
+ Closes #2755
+
+- [John Butterfield brought this change]
-- checksrc: fix too long line
+ cmake: bumped minimum version to 3.4
- follow-up to e05ad5d
+ Closes #2753
-- [Aleks brought this change]
+- [John Butterfield brought this change]
- docs: mention HAproxy protocol "version 1"
-
- ...as there's also a version 2.
+ cmake: link curl to the OpenSSL targets instead of lib absolute paths
- Closes #2579
+ Reviewed-by: Jakub Zakrzewski
+ Reviewed-by: Sergei Nikulov
+ Closes #2753
-- examples/progressfunc: make it build on older libcurls
+- travis: build darwinssl on macos 10.12
- This example was changed in ce2140a8c1 to use the new microsecond based
- getinfo option. This change makes it conditionally keep using the older
- option so that the example still builds with older libcurl versions.
+ ... as building on 10.13.x before 10.13.4 leads to link errors.
- Closes #2584
+ Assisted-by: Nick Zitzmann
+ Fixes #2835
+ Closes #2845
-- stub_gssapi: fix numerous 'unused parameter' warnings
+- DEPRECATE: remove release date from 7.62.0
- follow-up to d9e92fd9fd1d
-
-- [Philip Prindeville brought this change]
+ Since it will slip and the version is the important part there, not the
+ date.
- getinfo: add microsecond precise timers for various intervals
-
- Provide a set of new timers that return the time intervals using integer
- number of microseconds instead of floats.
-
- The new info names are as following:
+- lib/Makefile: only do symbol hiding if told to
- CURLINFO_APPCONNECT_TIME_T
- CURLINFO_CONNECT_TIME_T
- CURLINFO_NAMELOOKUP_TIME_T
- CURLINFO_PRETRANSFER_TIME_T
- CURLINFO_REDIRECT_TIME_T
- CURLINFO_STARTTRANSFER_TIME_T
- CURLINFO_TOTAL_TIME_T
+ This restores the ability to build a static lib with
+ --disable-symbol-hiding to keep non-curl_ symbols.
- Closes #2495
+ Researched-by: Dan Fandrich
+ Reported-by: Ran Mozes
+ Fixes #2830
+ Closes #2831
-- openssl: acknowledge --tls-max for default version too
-
- ... previously it only used the max setting if a TLS version was also
- explicitly asked for.
+Marcel Raad (2 Aug 2018)
+- hostip: fix unused variable warning
- Reported-by: byte_bucket
- Fixes #2571
- Closes #2572
-
-- bump: start working on the pending 7.61.0
-
-- [Dagobert Michelsen brought this change]
+ addresses is only used in an infof call, which is a macro expanding to
+ nothing if CURL_DISABLE_VERBOSE_STRINGS is set.
- tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
+Daniel Stenberg (2 Aug 2018)
+- test1307: disabled
- The warning flag leads e.g. Sun Studio compiler to bail out.
+ Turns out that since we're using the native fnmatch function now when
+ available, and they simply disagree on a huge number of test patterns
+ that make it hard to test this function like this...
- Closes #2576
-
-- schannel_verify: fix build for non-schannel
-
-Jay Satiro (16 May 2018)
-- rand: fix typo
+ Fixes #2825
-- schannel: disable manual verify if APIs not available
+- smb: don't mark it done in smb_do
+
+ Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its
+ doing function too, which requires smb_do() to not mark itself as
+ done...
- .. because original MinGW and old compilers do not have the Windows API
- definitions needed to support manual verification.
+ Closes #2822
-- [Archangel_SDY brought this change]
+- [Rikard Falkeborn brought this change]
- schannel: disable client cert option if APIs not available
-
- Original MinGW targets Windows 2000 by default, which lacks some APIs and
- definitions for this feature. Disable it if these APIs are not available.
+ general: fix printf specifiers
- Closes https://github.com/curl/curl/pull/2522
+ Closes #2818
-Version 7.60.0 (15 May 2018)
+- RELEASE-NOTES: synced
-Daniel Stenberg (15 May 2018)
-- RELEASE-NOTES: 7.60.0 release
+- mailmap: Daniel Jelinski
-- THANKS: added people from the curl 7.60.0 release
+- [Harry Sintonen brought this change]
-- docs/libcurl/index.html: removed
+ HTTP: Don't attempt to needlessly decompress redirect body
- The HTML files are long gone from the dist, now remove the last HTML
- file pointing to those missing files.
+ This change fixes a regression where redirect body would needlessly be
+ decompressed even though it was to be ignored anyway. As it happens this
+ causes secondary issues since there appears to be a bug in apache2 that
+ it in certain conditions generates a corrupt zlib response. The
+ regression was created by commit:
+ dbcced8e32b50c068ac297106f0502ee200a1ebd
- d
-
-- [steini2000 brought this change]
+ Discovered-by: Harry Sintonen
+ Closes #2798
- http2: remove unused variable
+- curl: use Content-Disposition before the "URL end" for -OJ
- Closes #2570
-
-- [steini2000 brought this change]
-
- http2: use easy handle of stream for logging
-
-- gcc: disable picky gcc-8 function pointer warnings in two places
+ Regression introduced in 7.61.0
- Reported-by: Rikard Falkeborn
- Bug: #2560
- Closes #2569
+ Reported-by: Thomas Klausner
+ Fixes #2783
+ Closes #2813
-- http2: use the correct function pointer typedef
-
- Fixes gcc-8 picky compiler warnings
- Reported-by: Rikard Falkeborn
- Bug: #2560
- Closes #2568
+- [Daniel Jelinski brought this change]
-- CODE_STYLE: mention return w/o parens, but sizeof with
+ retry: return error if rewind was necessary but didn't happen
- ... and remove the github markdown syntax so that it renders better on
- the web site. Also, don't use back-ticks inlined to allow the CSS to
- highlight source code better.
-
-- [Rikard Falkeborn brought this change]
+ Fixes #2801
+ Closes #2812
- examples: Fix format specifiers
+- http2: clear the drain counter in Curl_http2_done
- Closes #2561
-
-- [Rikard Falkeborn brought this change]
-
- tool: Fix format specifiers
-
-- [Rikard Falkeborn brought this change]
-
- ntlm: Fix format specifiers
-
-- [Rikard Falkeborn brought this change]
-
- tests: Fix format specifiers
-
-- [Rikard Falkeborn brought this change]
-
- lib: Fix format specifiers
-
-- contributors.sh: use "on github", not at
+ Reported-by: Andrei Virtosu
+ Fixes #2800
+ Closes #2809
-- http2: getsock fix for uploads
+- smb: fix memory leak on early failure
- When there's an upload in progress, make sure to wait for the socket to
- become writable.
+ ... by making sure connection related data (->share) is stored in the
+ connection and not in the easy handle.
- Detected-by: steini2000 on github
- Bug: #2520
- Closes #2567
+ Detected by OSS-fuzz
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
+ Fixes #2769
+ Closes #2810
-- pingpong: fix response cache memcpy overflow
+- travis: run a 'make checksrc' too
- Response data for a handle with a large buffer might be cached and then
- used with the "closure" handle when it has a smaller buffer and then the
- larger cache will be copied and overflow the new smaller heap based
- buffer.
+ ... to make sure the examples are all checked.
- Reported-by: Dario Weisser
- CVE: CVE-2018-1000300
- Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
+ Closes #2811
-- http: restore buffer pointer when bad response-line is parsed
-
- ... leaving the k->str could lead to buffer over-reads later on.
-
- CVE: CVE-2018-1000301
- Assisted-by: Max Dymond
-
- Detected by OSS-Fuzz.
- Bug: https://curl.haxx.se/docs/adv_2018-b138.html
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
+Jay Satiro (29 Jul 2018)
+- examples/ephiperfifo: checksrc compliance
-Patrick Monnerat (13 May 2018)
-- cookies: do not take cookie name as a parameter
-
- RFC 6265 section 4.2.1 does not set restrictions on cookie names.
- This is a follow-up to commit 7f7fcd0.
- Also explicitly check proper syntax of cookie name/value pair.
-
- New test 1155 checks that cookie names are not reserved words.
-
- Reported-By: anshnd at github
- Fixes #2564
- Closes #2566
+- [Michael Kaufmann brought this change]
-Daniel Stenberg (12 May 2018)
-- smb: reject negative file sizes
+ sws: handle EINTR when calling select()
- Assisted-by: Max Dymond
+ Closes https://github.com/curl/curl/pull/2808
+
+Daniel Stenberg (29 Jul 2018)
+- test1157: follow-up to 35ecffb9
- Detected by OSS-Fuzz
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
+ Ignore the user-agent line.
+ Pointed-out-by: Marcel Raad
diff --git a/libs/libcurl/docs/THANKS b/libs/libcurl/docs/THANKS
index bf6ad755c2..abad9619f3 100644
--- a/libs/libcurl/docs/THANKS
+++ b/libs/libcurl/docs/THANKS
@@ -498,6 +498,7 @@ Eelco Dolstra
Eetu Ojanen
Egon Eckert
Eldar Zaitov
+Eli Schwartz
Elia Tufarolo
Elliot Saba
Ellis Pritchard
@@ -646,6 +647,7 @@ Guillaume Arluison
Gunter Knauf
Gustaf Hui
Gustavo Grieco
+Guy Poizat
GwanYeong Kim
Gwenole Beauchesne
Gökhan Şengün
@@ -715,6 +717,7 @@ Ingo Wilken
Irfan Adilovic
Irving Wolfe
Isaac Boukris
+Isaiah Norton
Ishan SinghLevett
Ithubg on github
Ivan Avdeev
@@ -881,8 +884,10 @@ Jonatan Lander
Jonatan Vela
Jonathan Cardoso Machado
Jonathan Hseu
+Jonathan Moerman
Jonathan Nieder
Jongki Suwandi
+Joombalaya on github
Joonas Kuorilehto
Jose Alf
Jose Kahan
@@ -972,6 +977,7 @@ Krister Johansen
Kristian Gunstone
Kristian Köhntopp
Kristiyan Tsaklev
+Kristoffer Gleditsch
Kurt Fankhauser
Kyle J. McKay
Kyle L. Huff
@@ -1163,6 +1169,7 @@ Maxime Legros
Mehmet Bozkurt
Mekonikum
Melissa Mears
+Mert Yazıcıoğlu
Mettgut Jamalla
Michael Anti
Michael Benedict
@@ -1284,6 +1291,7 @@ Ola Mork
Olaf Flebbe
Olaf Stüben
Oleg Pudeyev
+Olen Andoni
Oli Kingshott
Oliver Gondža
Oliver Graute
@@ -1291,6 +1299,7 @@ Oliver Kuckertz
Oliver Schindler
Olivier Berger
Olivier Brunel
+Omar Ramadan
Orange Tsai
Oren Souroujon
Oren Tirosh
@@ -1302,6 +1311,7 @@ Oskar Liljeblad
Oumph on github
P R Schaffner
Palo Markovic
+Paolo Mossino
Paolo Piacentini
Paras Sethia
Pascal Gaudette
@@ -1397,7 +1407,9 @@ Pierre Chapuis
Pierre Joye
Pierre Ynard
Piotr Dobrogost
+Po-Chuan Hsieh
Pooyan McSporran
+Poul T Lomholt
Pramod Sharma
Prash Dush
Praveen Pvs
@@ -1433,6 +1445,7 @@ Ray Dassen
Ray Pekowski
Ray Satiro
Razvan Cojocaru
+Reed Loden
Reinhard Max
Reinout van Schouwen
Remco van Hooff
@@ -1449,6 +1462,7 @@ Rene Rebe
Reuven Wachtfogel
Reza Arbab
Ricardo Cadime
+Ricardo Gomes
Rich Burridge
Rich Gray
Rich Rauenzahn
@@ -1475,6 +1489,7 @@ Rick Jones
Rick Richardson
Rick Welykochy
Ricki Hirner
+Ricky Leverence
Ricky-Tigg on github
Rider Linden
Rikard Falkeborn
@@ -1522,6 +1537,7 @@ Ron Parker
Ron Zapp
Ronnie Mose
Rosimildo da Silva
+Roy Bellingan
Roy Shan
Rune Kleveland
Ruslan Baratov
@@ -1671,6 +1687,7 @@ T. Yamada
TJ Saunders
Tae Hyoung Ahn
Tae Wong
+Taiyu Len
Taneli Vähäkangas
Tanguy Fautre
Tatsuhiro Tsujikawa
@@ -1764,6 +1781,7 @@ Travis Burtrum
Travis Obenhaus
Troels Walsted Hansen
Troy Engel
+Tseng Jun
Tuomo Rinne
Tupone Alfredo
Tyler Hall
@@ -1807,6 +1825,7 @@ Walter J. Mack
Ward Willats
Warren Menzer
Wayne Haigh
+Wenchao Li
Wenxiang Qian
Werner Koch
Wesley Laxton
@@ -1825,6 +1844,7 @@ Wyatt O'Day
Xavier Bouchoux
XhstormR on github
Xiangbin Li
+XmiliaH on github
Yaakov Selkowitz
Yang Tse
Yarram Sunil
@@ -1866,6 +1886,7 @@ bobmitchell1956 on github
bsammon on github
buzo-ffm on github
cbartl on github
+cclauss on github
clbr on github
cmfrolick on github
d912e3 on github
@@ -1893,6 +1914,7 @@ jungle-boogie on github
jveazey on github
ka7 on github
kreshano on github
+l00p3r on Hackerone
lijian996 on github
lukaszgn on github
madblobfish on github
@@ -1904,7 +1926,9 @@ moohoorama on github
nedres on github
neex on github
neheb on github
+nevv on HackerOne/curl
nianxuejie on github
+niner on github
nk
nopjmp on github
olesteban on github
diff --git a/libs/libcurl/include/curl/curl.h b/libs/libcurl/include/curl/curl.h
index 86a24184aa..d83b217989 100644
--- a/libs/libcurl/include/curl/curl.h
+++ b/libs/libcurl/include/curl/curl.h
@@ -114,7 +114,7 @@ typedef void CURLSH;
#ifdef CURL_STATICLIB
# define CURL_EXTERN
-#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__) || \
+#elif defined(WIN32) || defined(__SYMBIAN32__) || \
(__has_declspec_attribute(dllexport) && \
__has_declspec_attribute(dllimport))
# if defined(BUILDING_LIBCURL)
@@ -290,7 +290,7 @@ typedef enum {
struct curl_fileinfo {
char *filename;
curlfiletype filetype;
- time_t time;
+ time_t time; /* always zero! */
unsigned int perm;
int uid;
int gid;
@@ -1918,6 +1918,9 @@ typedef enum {
/* alt-svc cache file name to possibly read from/write to */
CINIT(ALTSVC, STRINGPOINT, 287),
+ /* maximum age of a connection to consider it for reuse (in seconds) */
+ CINIT(MAXAGE_CONN, LONG, 288),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/libs/libcurl/include/curl/curlver.h b/libs/libcurl/include/curl/curlver.h
index 9a4b9b02df..dd58bbc4a8 100644
--- a/libs/libcurl/include/curl/curlver.h
+++ b/libs/libcurl/include/curl/curlver.h
@@ -30,13 +30,13 @@
/* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "7.64.1"
+#define LIBCURL_VERSION "7.65.0"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 64
-#define LIBCURL_VERSION_PATCH 1
+#define LIBCURL_VERSION_MINOR 65
+#define LIBCURL_VERSION_PATCH 0
/* This is the numeric version of the libcurl version number, meant for easier
parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x074001
+#define LIBCURL_VERSION_NUM 0x074100
/*
* This is the date and time when the full source package was created. The
@@ -68,9 +68,9 @@
*
* "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "2019-03-27"
+#define LIBCURL_TIMESTAMP "2019-05-22"
-#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z)
+#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
#define CURL_AT_LEAST_VERSION(x,y,z) \
(LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z))
diff --git a/libs/libcurl/include/curl/typecheck-gcc.h b/libs/libcurl/include/curl/typecheck-gcc.h
index 8018ea37fe..2d1de4d43a 100644
--- a/libs/libcurl/include/curl/typecheck-gcc.h
+++ b/libs/libcurl/include/curl/typecheck-gcc.h
@@ -113,7 +113,6 @@ __extension__ ({ \
})
/* wraps curl_easy_getinfo() with typechecking */
-/* FIXME: don't allow const pointers */
#define curl_easy_getinfo(handle, info, arg) \
__extension__ ({ \
__typeof__(info) _curl_info = info; \
@@ -146,9 +145,8 @@ __extension__ ({ \
curl_easy_getinfo(handle, _curl_info, arg); \
})
-/* TODO: typechecking for curl_share_setopt() and curl_multi_setopt(),
- * for now just make sure that the functions are called with three
- * arguments
+/*
+ * For now, just make sure that the functions are called with three arguments
*/
#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param)
#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param)
@@ -506,10 +504,6 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_off_t,
_curl_is_arr((expr), char) || \
_curl_is_arr((expr), unsigned char))
-/* FIXME: the whole callback checking is messy...
- * The idea is to tolerate char vs. void and const vs. not const
- * pointers in arguments at least
- */
/* helper: __builtin_types_compatible_p distinguishes between functions and
* function pointers, hide it */
#define _curl_callback_compatible(func, type) \
diff --git a/libs/libcurl/include/curl/urlapi.h b/libs/libcurl/include/curl/urlapi.h
index 850faa97a5..58e89d85c2 100644
--- a/libs/libcurl/include/curl/urlapi.h
+++ b/libs/libcurl/include/curl/urlapi.h
@@ -60,7 +60,8 @@ typedef enum {
CURLUPART_PORT,
CURLUPART_PATH,
CURLUPART_QUERY,
- CURLUPART_FRAGMENT
+ CURLUPART_FRAGMENT,
+ CURLUPART_ZONEID /* added in 7.65.0 */
} CURLUPart;
#define CURLU_DEFAULT_PORT (1<<0) /* return default port number */
diff --git a/libs/libcurl/src/Makefile.in b/libs/libcurl/src/Makefile.in
index 6b3fcfa87d..ec936cb519 100644
--- a/libs/libcurl/src/Makefile.in
+++ b/libs/libcurl/src/Makefile.in
@@ -222,14 +222,15 @@ am__objects_1 = libcurl_la-file.lo libcurl_la-timeval.lo \
libcurl_la-curl_ntlm_core.lo libcurl_la-curl_sasl.lo \
libcurl_la-rand.lo libcurl_la-curl_multibyte.lo \
libcurl_la-hostcheck.lo libcurl_la-conncache.lo \
- libcurl_la-pipeline.lo libcurl_la-dotdot.lo \
- libcurl_la-x509asn1.lo libcurl_la-http2.lo libcurl_la-smb.lo \
+ libcurl_la-dotdot.lo libcurl_la-x509asn1.lo \
+ libcurl_la-http2.lo libcurl_la-smb.lo \
libcurl_la-curl_endian.lo libcurl_la-curl_des.lo \
libcurl_la-system_win32.lo libcurl_la-mime.lo \
libcurl_la-sha256.lo libcurl_la-setopt.lo \
libcurl_la-curl_path.lo libcurl_la-curl_ctype.lo \
libcurl_la-curl_range.lo libcurl_la-psl.lo libcurl_la-doh.lo \
- libcurl_la-urlapi.lo libcurl_la-altsvc.lo
+ libcurl_la-urlapi.lo libcurl_la-curl_get_line.lo \
+ libcurl_la-altsvc.lo
am__dirstamp = $(am__leading_dot)dirstamp
am__objects_2 = vauth/libcurl_la-vauth.lo \
vauth/libcurl_la-cleartext.lo vauth/libcurl_la-cram.lo \
@@ -303,15 +304,15 @@ am__objects_7 = libcurlu_la-file.lo libcurlu_la-timeval.lo \
libcurlu_la-curl_ntlm_wb.lo libcurlu_la-curl_ntlm_core.lo \
libcurlu_la-curl_sasl.lo libcurlu_la-rand.lo \
libcurlu_la-curl_multibyte.lo libcurlu_la-hostcheck.lo \
- libcurlu_la-conncache.lo libcurlu_la-pipeline.lo \
- libcurlu_la-dotdot.lo libcurlu_la-x509asn1.lo \
- libcurlu_la-http2.lo libcurlu_la-smb.lo \
- libcurlu_la-curl_endian.lo libcurlu_la-curl_des.lo \
- libcurlu_la-system_win32.lo libcurlu_la-mime.lo \
- libcurlu_la-sha256.lo libcurlu_la-setopt.lo \
- libcurlu_la-curl_path.lo libcurlu_la-curl_ctype.lo \
- libcurlu_la-curl_range.lo libcurlu_la-psl.lo \
- libcurlu_la-doh.lo libcurlu_la-urlapi.lo libcurlu_la-altsvc.lo
+ libcurlu_la-conncache.lo libcurlu_la-dotdot.lo \
+ libcurlu_la-x509asn1.lo libcurlu_la-http2.lo \
+ libcurlu_la-smb.lo libcurlu_la-curl_endian.lo \
+ libcurlu_la-curl_des.lo libcurlu_la-system_win32.lo \
+ libcurlu_la-mime.lo libcurlu_la-sha256.lo \
+ libcurlu_la-setopt.lo libcurlu_la-curl_path.lo \
+ libcurlu_la-curl_ctype.lo libcurlu_la-curl_range.lo \
+ libcurlu_la-psl.lo libcurlu_la-doh.lo libcurlu_la-urlapi.lo \
+ libcurlu_la-curl_get_line.lo libcurlu_la-altsvc.lo
am__objects_8 = vauth/libcurlu_la-vauth.lo \
vauth/libcurlu_la-cleartext.lo vauth/libcurlu_la-cram.lo \
vauth/libcurlu_la-digest.lo vauth/libcurlu_la-digest_sspi.lo \
@@ -364,6 +365,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurl_la-curl_des.Plo \
./$(DEPDIR)/libcurl_la-curl_endian.Plo \
./$(DEPDIR)/libcurl_la-curl_fnmatch.Plo \
+ ./$(DEPDIR)/libcurl_la-curl_get_line.Plo \
./$(DEPDIR)/libcurl_la-curl_gethostname.Plo \
./$(DEPDIR)/libcurl_la-curl_gssapi.Plo \
./$(DEPDIR)/libcurl_la-curl_memrchr.Plo \
@@ -422,7 +424,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurl_la-openldap.Plo \
./$(DEPDIR)/libcurl_la-parsedate.Plo \
./$(DEPDIR)/libcurl_la-pingpong.Plo \
- ./$(DEPDIR)/libcurl_la-pipeline.Plo \
./$(DEPDIR)/libcurl_la-pop3.Plo \
./$(DEPDIR)/libcurl_la-progress.Plo \
./$(DEPDIR)/libcurl_la-psl.Plo ./$(DEPDIR)/libcurl_la-rand.Plo \
@@ -472,6 +473,7 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurlu_la-curl_des.Plo \
./$(DEPDIR)/libcurlu_la-curl_endian.Plo \
./$(DEPDIR)/libcurlu_la-curl_fnmatch.Plo \
+ ./$(DEPDIR)/libcurlu_la-curl_get_line.Plo \
./$(DEPDIR)/libcurlu_la-curl_gethostname.Plo \
./$(DEPDIR)/libcurlu_la-curl_gssapi.Plo \
./$(DEPDIR)/libcurlu_la-curl_memrchr.Plo \
@@ -532,7 +534,6 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
./$(DEPDIR)/libcurlu_la-openldap.Plo \
./$(DEPDIR)/libcurlu_la-parsedate.Plo \
./$(DEPDIR)/libcurlu_la-pingpong.Plo \
- ./$(DEPDIR)/libcurlu_la-pipeline.Plo \
./$(DEPDIR)/libcurlu_la-pop3.Plo \
./$(DEPDIR)/libcurlu_la-progress.Plo \
./$(DEPDIR)/libcurlu_la-psl.Plo \
@@ -978,10 +979,10 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
openldap.c curl_gethostname.c gopher.c idn_win32.c \
http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \
http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \
- curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \
+ curl_multibyte.c hostcheck.c conncache.c dotdot.c \
x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \
mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c \
- doh.c urlapi.c altsvc.c
+ doh.c urlapi.c curl_get_line.c altsvc.c
LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \
@@ -998,11 +999,11 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \
http_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \
curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \
- curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \
+ curl_setup_once.h multihandle.h setup-vms.h dotdot.h \
x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \
curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \
curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h \
- altsvc.h
+ curl_get_line.h altsvc.h
LIB_RCFILES = libcurl.rc
CSOURCES = $(LIB_CFILES) $(LIB_VAUTH_CFILES) $(LIB_VTLS_CFILES)
@@ -1260,6 +1261,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_des.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_endian.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_fnmatch.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_get_line.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_gethostname.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_gssapi.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-curl_memrchr.Plo@am__quote@ # am--include-marker
@@ -1320,7 +1322,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-openldap.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-parsedate.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pingpong.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pipeline.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-pop3.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-progress.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurl_la-psl.Plo@am__quote@ # am--include-marker
@@ -1372,6 +1373,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_des.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_endian.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_fnmatch.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_get_line.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_gethostname.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_gssapi.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-curl_memrchr.Plo@am__quote@ # am--include-marker
@@ -1432,7 +1434,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-openldap.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-parsedate.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pingpong.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pipeline.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-pop3.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-progress.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurlu_la-psl.Plo@am__quote@ # am--include-marker
@@ -2209,13 +2210,6 @@ libcurl_la-conncache.lo: conncache.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c
-libcurl_la-pipeline.lo: pipeline.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-pipeline.lo -MD -MP -MF $(DEPDIR)/libcurl_la-pipeline.Tpo -c -o libcurl_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-pipeline.Tpo $(DEPDIR)/libcurl_la-pipeline.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pipeline.c' object='libcurl_la-pipeline.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
-
libcurl_la-dotdot.lo: dotdot.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-dotdot.lo -MD -MP -MF $(DEPDIR)/libcurl_la-dotdot.Tpo -c -o libcurl_la-dotdot.lo `test -f 'dotdot.c' || echo '$(srcdir)/'`dotdot.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-dotdot.Tpo $(DEPDIR)/libcurl_la-dotdot.Plo
@@ -2328,6 +2322,13 @@ libcurl_la-urlapi.lo: urlapi.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-urlapi.lo `test -f 'urlapi.c' || echo '$(srcdir)/'`urlapi.c
+libcurl_la-curl_get_line.lo: curl_get_line.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-curl_get_line.lo -MD -MP -MF $(DEPDIR)/libcurl_la-curl_get_line.Tpo -c -o libcurl_la-curl_get_line.lo `test -f 'curl_get_line.c' || echo '$(srcdir)/'`curl_get_line.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-curl_get_line.Tpo $(DEPDIR)/libcurl_la-curl_get_line.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_get_line.c' object='libcurl_la-curl_get_line.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o libcurl_la-curl_get_line.lo `test -f 'curl_get_line.c' || echo '$(srcdir)/'`curl_get_line.c
+
libcurl_la-altsvc.lo: altsvc.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT libcurl_la-altsvc.lo -MD -MP -MF $(DEPDIR)/libcurl_la-altsvc.Tpo -c -o libcurl_la-altsvc.lo `test -f 'altsvc.c' || echo '$(srcdir)/'`altsvc.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurl_la-altsvc.Tpo $(DEPDIR)/libcurl_la-altsvc.Plo
@@ -3168,13 +3169,6 @@ libcurlu_la-conncache.lo: conncache.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-conncache.lo `test -f 'conncache.c' || echo '$(srcdir)/'`conncache.c
-libcurlu_la-pipeline.lo: pipeline.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-pipeline.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-pipeline.Tpo -c -o libcurlu_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-pipeline.Tpo $(DEPDIR)/libcurlu_la-pipeline.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pipeline.c' object='libcurlu_la-pipeline.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-pipeline.lo `test -f 'pipeline.c' || echo '$(srcdir)/'`pipeline.c
-
libcurlu_la-dotdot.lo: dotdot.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-dotdot.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-dotdot.Tpo -c -o libcurlu_la-dotdot.lo `test -f 'dotdot.c' || echo '$(srcdir)/'`dotdot.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-dotdot.Tpo $(DEPDIR)/libcurlu_la-dotdot.Plo
@@ -3287,6 +3281,13 @@ libcurlu_la-urlapi.lo: urlapi.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-urlapi.lo `test -f 'urlapi.c' || echo '$(srcdir)/'`urlapi.c
+libcurlu_la-curl_get_line.lo: curl_get_line.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-curl_get_line.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-curl_get_line.Tpo -c -o libcurlu_la-curl_get_line.lo `test -f 'curl_get_line.c' || echo '$(srcdir)/'`curl_get_line.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-curl_get_line.Tpo $(DEPDIR)/libcurlu_la-curl_get_line.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='curl_get_line.c' object='libcurlu_la-curl_get_line.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o libcurlu_la-curl_get_line.lo `test -f 'curl_get_line.c' || echo '$(srcdir)/'`curl_get_line.c
+
libcurlu_la-altsvc.lo: altsvc.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT libcurlu_la-altsvc.lo -MD -MP -MF $(DEPDIR)/libcurlu_la-altsvc.Tpo -c -o libcurlu_la-altsvc.lo `test -f 'altsvc.c' || echo '$(srcdir)/'`altsvc.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurlu_la-altsvc.Tpo $(DEPDIR)/libcurlu_la-altsvc.Plo
@@ -3624,6 +3625,7 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurl_la-curl_des.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_endian.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_fnmatch.Plo
+ -rm -f ./$(DEPDIR)/libcurl_la-curl_get_line.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_gethostname.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_gssapi.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_memrchr.Plo
@@ -3684,7 +3686,6 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurl_la-openldap.Plo
-rm -f ./$(DEPDIR)/libcurl_la-parsedate.Plo
-rm -f ./$(DEPDIR)/libcurl_la-pingpong.Plo
- -rm -f ./$(DEPDIR)/libcurl_la-pipeline.Plo
-rm -f ./$(DEPDIR)/libcurl_la-pop3.Plo
-rm -f ./$(DEPDIR)/libcurl_la-progress.Plo
-rm -f ./$(DEPDIR)/libcurl_la-psl.Plo
@@ -3736,6 +3737,7 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurlu_la-curl_des.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_endian.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_fnmatch.Plo
+ -rm -f ./$(DEPDIR)/libcurlu_la-curl_get_line.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_gethostname.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_gssapi.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_memrchr.Plo
@@ -3796,7 +3798,6 @@ distclean: distclean-am
-rm -f ./$(DEPDIR)/libcurlu_la-openldap.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-parsedate.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-pingpong.Plo
- -rm -f ./$(DEPDIR)/libcurlu_la-pipeline.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-pop3.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-progress.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-psl.Plo
@@ -3943,6 +3944,7 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurl_la-curl_des.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_endian.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_fnmatch.Plo
+ -rm -f ./$(DEPDIR)/libcurl_la-curl_get_line.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_gethostname.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_gssapi.Plo
-rm -f ./$(DEPDIR)/libcurl_la-curl_memrchr.Plo
@@ -4003,7 +4005,6 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurl_la-openldap.Plo
-rm -f ./$(DEPDIR)/libcurl_la-parsedate.Plo
-rm -f ./$(DEPDIR)/libcurl_la-pingpong.Plo
- -rm -f ./$(DEPDIR)/libcurl_la-pipeline.Plo
-rm -f ./$(DEPDIR)/libcurl_la-pop3.Plo
-rm -f ./$(DEPDIR)/libcurl_la-progress.Plo
-rm -f ./$(DEPDIR)/libcurl_la-psl.Plo
@@ -4055,6 +4056,7 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurlu_la-curl_des.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_endian.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_fnmatch.Plo
+ -rm -f ./$(DEPDIR)/libcurlu_la-curl_get_line.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_gethostname.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_gssapi.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-curl_memrchr.Plo
@@ -4115,7 +4117,6 @@ maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/libcurlu_la-openldap.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-parsedate.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-pingpong.Plo
- -rm -f ./$(DEPDIR)/libcurlu_la-pipeline.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-pop3.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-progress.Plo
-rm -f ./$(DEPDIR)/libcurlu_la-psl.Plo
diff --git a/libs/libcurl/src/Makefile.inc b/libs/libcurl/src/Makefile.inc
index 6c47bcda55..235b82b0e3 100644
--- a/libs/libcurl/src/Makefile.inc
+++ b/libs/libcurl/src/Makefile.inc
@@ -52,10 +52,10 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
openldap.c curl_gethostname.c gopher.c idn_win32.c \
http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c \
http_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_sasl.c rand.c \
- curl_multibyte.c hostcheck.c conncache.c pipeline.c dotdot.c \
+ curl_multibyte.c hostcheck.c conncache.c dotdot.c \
x509asn1.c http2.c smb.c curl_endian.c curl_des.c system_win32.c \
mime.c sha256.c setopt.c curl_path.c curl_ctype.c curl_range.c psl.c \
- doh.c urlapi.c altsvc.c
+ doh.c urlapi.c curl_get_line.c altsvc.c
LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \
@@ -72,11 +72,11 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \
http_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \
curl_sasl.h curl_multibyte.h hostcheck.h conncache.h \
- curl_setup_once.h multihandle.h setup-vms.h pipeline.h dotdot.h \
+ curl_setup_once.h multihandle.h setup-vms.h dotdot.h \
x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \
curl_printf.h system_win32.h rand.h mime.h curl_sha256.h setopt.h \
curl_path.h curl_ctype.h curl_range.h psl.h doh.h urlapi-int.h \
- altsvc.h
+ curl_get_line.h altsvc.h
LIB_RCFILES = libcurl.rc
diff --git a/libs/libcurl/src/altsvc.c b/libs/libcurl/src/altsvc.c
index 1643466456..85a4e01b50 100644
--- a/libs/libcurl/src/altsvc.c
+++ b/libs/libcurl/src/altsvc.c
@@ -29,7 +29,7 @@
#include <curl/curl.h>
#include "urldata.h"
#include "altsvc.h"
-#include "cookie.h" /* for Curl_get_line() */
+#include "curl_get_line.h"
#include "strcase.h"
#include "parsedate.h"
#include "sendf.h"
@@ -253,7 +253,6 @@ struct altsvcinfo *Curl_altsvc_init(void)
| CURLALTSVC_H2
#endif
#ifdef USE_HTTP3
- /* TODO: adjust when known */
| CURLALTSVC_H3
#endif
;
@@ -349,7 +348,7 @@ static CURLcode getalnum(const char **ptr, char *alpnbuf, size_t buflen)
len = p - protop;
if(!len || (len >= buflen))
- return CURLE_BAD_FUNCTION_ARGUMENT; /* TODO: improve error code */
+ return CURLE_BAD_FUNCTION_ARGUMENT;
memcpy(alpnbuf, protop, len);
alpnbuf[len] = 0;
*ptr = p;
@@ -425,7 +424,6 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
/* "clear" is a magic keyword */
if(strcasecompare(alpnbuf, "clear")) {
- /* TODO: clear whatever it is it should clear */
return CURLE_OK;
}
@@ -478,7 +476,7 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
p++;
len = p - hostp;
if(!len || (len >= MAX_ALTSVC_HOSTLEN))
- return CURLE_BAD_FUNCTION_ARGUMENT; /* TODO: improve error code */
+ return CURLE_BAD_FUNCTION_ARGUMENT;
memcpy(namebuf, hostp, len);
namebuf[len] = 0;
dsthost = namebuf;
@@ -504,8 +502,8 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
srcalpnid, dstalpnid,
srcport, dstport);
if(as) {
- /* TODO: the expires time also needs to take the Age: value (if any)
- into account. [See RFC 7838 section 3.1] */
+ /* The expires time also needs to take the Age: value (if any) into
+ account. [See RFC 7838 section 3.1] */
as->expires = maxage + time(NULL);
as->persist = persist;
Curl_llist_insert_next(&asi->list, asi->list.tail, as, &as->node);
diff --git a/libs/libcurl/src/asyn-ares.c b/libs/libcurl/src/asyn-ares.c
index 04a25b3213..8561a47246 100644
--- a/libs/libcurl/src/asyn-ares.c
+++ b/libs/libcurl/src/asyn-ares.c
@@ -68,7 +68,7 @@
#include "progress.h"
# if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
- (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
+ (defined(WIN32) || defined(__SYMBIAN32__))
# define CARES_STATICLIB
# endif
# include <ares.h>
@@ -89,8 +89,20 @@ struct ResolverResults {
int num_pending; /* number of ares_gethostbyname() requests */
Curl_addrinfo *temp_ai; /* intermediary result while fetching c-ares parts */
int last_status;
+ struct curltime happy_eyeballs_dns_time; /* when this timer started, or 0 */
};
+/* How long we are willing to wait for additional parallel responses after
+ obtaining a "definitive" one.
+
+ This is intended to equal the c-ares default timeout. cURL always uses that
+ default value. Unfortunately, c-ares doesn't expose its default timeout in
+ its API, but it is officially documented as 5 seconds.
+
+ See query_completed_cb() for an explanation of how this is used.
+ */
+#define HAPPY_EYEBALLS_DNS_TIMEOUT 5000
+
/*
* Curl_resolver_global_init() - the generic low-level asynchronous name
* resolve API. Called from curl_global_init() to initialize global resolver
@@ -319,9 +331,9 @@ static int waitperform(struct connectdata *conn, int timeout_ms)
/* move through the descriptors and ask for processing on them */
for(i = 0; i < num; i++)
ares_process_fd((ares_channel)data->state.resolver,
- pfd[i].revents & (POLLRDNORM|POLLIN)?
+ (pfd[i].revents & (POLLRDNORM|POLLIN))?
pfd[i].fd:ARES_SOCKET_BAD,
- pfd[i].revents & (POLLWRNORM|POLLOUT)?
+ (pfd[i].revents & (POLLWRNORM|POLLOUT))?
pfd[i].fd:ARES_SOCKET_BAD);
}
return nfds;
@@ -347,6 +359,29 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
waitperform(conn, 0);
+ /* Now that we've checked for any last minute results above, see if there are
+ any responses still pending when the EXPIRE_HAPPY_EYEBALLS_DNS timer
+ expires. */
+ if(res
+ && res->num_pending
+ /* This is only set to non-zero if the timer was started. */
+ && (res->happy_eyeballs_dns_time.tv_sec
+ || res->happy_eyeballs_dns_time.tv_usec)
+ && (Curl_timediff(Curl_now(), res->happy_eyeballs_dns_time)
+ >= HAPPY_EYEBALLS_DNS_TIMEOUT)) {
+ /* Remember that the EXPIRE_HAPPY_EYEBALLS_DNS timer is no longer
+ running. */
+ memset(
+ &res->happy_eyeballs_dns_time, 0, sizeof(res->happy_eyeballs_dns_time));
+
+ /* Cancel the raw c-ares request, which will fire query_completed_cb() with
+ ARES_ECANCELLED synchronously for all pending responses. This will
+ leave us with res->num_pending == 0, which is perfect for the next
+ block. */
+ ares_cancel((ares_channel)data->state.resolver);
+ DEBUGASSERT(res->num_pending == 0);
+ }
+
if(res && !res->num_pending) {
if(dns) {
(void)Curl_addrinfo_callback(conn, res->last_status, res->temp_ai);
@@ -455,9 +490,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
if(result)
/* close the connection, since we can't return failure here without
- cleaning up this connection properly.
- TODO: remove this action from here, it is not a name resolver decision.
- */
+ cleaning up this connection properly. */
connclose(conn, "c-ares resolve failed");
return result;
@@ -517,6 +550,66 @@ static void query_completed_cb(void *arg, /* (struct connectdata *) */
/* A successful result overwrites any previous error */
if(res->last_status != ARES_SUCCESS)
res->last_status = status;
+
+ /* If there are responses still pending, we presume they must be the
+ complementary IPv4 or IPv6 lookups that we started in parallel in
+ Curl_resolver_getaddrinfo() (for Happy Eyeballs). If we've got a
+ "definitive" response from one of a set of parallel queries, we need to
+ think about how long we're willing to wait for more responses. */
+ if(res->num_pending
+ /* Only these c-ares status values count as "definitive" for these
+ purposes. For example, ARES_ENODATA is what we expect when there is
+ no IPv6 entry for a domain name, and that's not a reason to get more
+ aggressive in our timeouts for the other response. Other errors are
+ either a result of bad input (which should affect all parallel
+ requests), local or network conditions, non-definitive server
+ responses, or us cancelling the request. */
+ && (status == ARES_SUCCESS || status == ARES_ENOTFOUND)) {
+ /* Right now, there can only be up to two parallel queries, so don't
+ bother handling any other cases. */
+ DEBUGASSERT(res->num_pending == 1);
+
+ /* It's possible that one of these parallel queries could succeed
+ quickly, but the other could always fail or timeout (when we're
+ talking to a pool of DNS servers that can only successfully resolve
+ IPv4 address, for example).
+
+ It's also possible that the other request could always just take
+ longer because it needs more time or only the second DNS server can
+ fulfill it successfully. But, to align with the philosophy of Happy
+ Eyeballs, we don't want to wait _too_ long or users will think
+ requests are slow when IPv6 lookups don't actually work (but IPv4 ones
+ do).
+
+ So, now that we have a usable answer (some IPv4 addresses, some IPv6
+ addresses, or "no such domain"), we start a timeout for the remaining
+ pending responses. Even though it is typical that this resolved
+ request came back quickly, that needn't be the case. It might be that
+ this completing request didn't get a result from the first DNS server
+ or even the first round of the whole DNS server pool. So it could
+ already be quite some time after we issued the DNS queries in the
+ first place. Without modifying c-ares, we can't know exactly where in
+ its retry cycle we are. We could guess based on how much time has
+ gone by, but it doesn't really matter. Happy Eyeballs tells us that,
+ given usable information in hand, we simply don't want to wait "too
+ much longer" after we get a result.
+
+ We simply wait an additional amount of time equal to the default
+ c-ares query timeout. That is enough time for a typical parallel
+ response to arrive without being "too long". Even on a network
+ where one of the two types of queries is failing or timing out
+ constantly, this will usually mean we wait a total of the default
+ c-ares timeout (5 seconds) plus the round trip time for the successful
+ request, which seems bearable. The downside is that c-ares might race
+ with us to issue one more retry just before we give up, but it seems
+ better to "waste" that request instead of trying to guess the perfect
+ timeout to prevent it. After all, we don't even know where in the
+ c-ares retry cycle each request is.
+ */
+ res->happy_eyeballs_dns_time = Curl_now();
+ Curl_expire(
+ conn->data, HAPPY_EYEBALLS_DNS_TIMEOUT, EXPIRE_HAPPY_EYEBALLS_DNS);
+ }
}
}
diff --git a/libs/libcurl/src/base64.c b/libs/libcurl/src/base64.c
index 431b643573..fb081a6bb8 100644
--- a/libs/libcurl/src/base64.c
+++ b/libs/libcurl/src/base64.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -23,6 +23,11 @@
/* Base64 encoding/decoding */
#include "curl_setup.h"
+
+#if !defined(CURL_DISABLE_HTTP_AUTH) || defined(USE_LIBSSH2) || \
+ defined(USE_LIBSSH) || !defined(CURL_DISABLE_LDAP) || \
+ !defined(CURL_DISABLE_DOH) || defined(USE_SSL)
+
#include "urldata.h" /* for the Curl_easy definition */
#include "warnless.h"
#include "curl_base64.h"
@@ -317,3 +322,5 @@ CURLcode Curl_base64url_encode(struct Curl_easy *data,
{
return base64_encode(base64url, data, inputbuff, insize, outptr, outlen);
}
+
+#endif /* no users so disabled */
diff --git a/libs/libcurl/src/config-win32.h b/libs/libcurl/src/config-win32.h
index 76ff0d931e..24c35d339b 100644
--- a/libs/libcurl/src/config-win32.h
+++ b/libs/libcurl/src/config-win32.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -185,6 +185,9 @@
/* Define if you have the ftruncate function. */
#define HAVE_FTRUNCATE 1
+/* Define to 1 if you have the `getpeername' function. */
+#define HAVE_GETPEERNAME 1
+
/* Define if you have the gethostbyaddr function. */
#define HAVE_GETHOSTBYADDR 1
@@ -240,10 +243,6 @@
/* Define if you have the socket function. */
#define HAVE_SOCKET 1
-/* if libSSH2 is in use */
-#define USE_LIBSSH2 1
-#define HAVE_LIBSSH2_H 1
-
/* Define if you have the strcasecmp function. */
/* #define HAVE_STRCASECMP 1 */
@@ -713,9 +712,6 @@ Vista
/* Define to use the Windows crypto library. */
#define USE_WIN32_CRYPTO
-/* if SSL is enabled */
-#define USE_OPENSSL 1
-
/* Define to use Unix sockets. */
#if defined(_MSC_VER) && _MSC_VER >= 1900
/* #define USE_UNIX_SOCKETS */
diff --git a/libs/libcurl/src/conncache.c b/libs/libcurl/src/conncache.c
index 39302ba7ba..5350919965 100644
--- a/libs/libcurl/src/conncache.c
+++ b/libs/libcurl/src/conncache.c
@@ -434,6 +434,7 @@ bool Curl_conncache_return_conn(struct connectdata *conn)
struct connectdata *conn_candidate = NULL;
conn->data = NULL; /* no owner anymore */
+ conn->lastused = Curl_now(); /* it was used up until now */
if(maxconnects > 0 &&
Curl_conncache_size(data) > maxconnects) {
infof(data, "Connection cache is full, closing the oldest one.\n");
@@ -479,7 +480,7 @@ Curl_conncache_extract_bundle(struct Curl_easy *data,
if(!CONN_INUSE(conn) && !conn->data) {
/* Set higher score for the age passed since the connection was used */
- score = Curl_timediff(now, conn->now);
+ score = Curl_timediff(now, conn->lastused);
if(score > highscore) {
highscore = score;
@@ -537,7 +538,7 @@ Curl_conncache_extract_oldest(struct Curl_easy *data)
if(!CONN_INUSE(conn) && !conn->data) {
/* Set higher score for the age passed since the connection was used */
- score = Curl_timediff(now, conn->now);
+ score = Curl_timediff(now, conn->lastused);
if(score > highscore) {
highscore = score;
diff --git a/libs/libcurl/src/conncache.h b/libs/libcurl/src/conncache.h
index 0df6d47154..35be9e0aa1 100644
--- a/libs/libcurl/src/conncache.h
+++ b/libs/libcurl/src/conncache.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2015 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
*
* This software is licensed as described in the file COPYING, which
@@ -40,7 +40,6 @@ struct conncache {
#define BUNDLE_NO_MULTIUSE -1
#define BUNDLE_UNKNOWN 0 /* initial value */
-#define BUNDLE_PIPELINING 1
#define BUNDLE_MULTIPLEX 2
struct connectbundle {
diff --git a/libs/libcurl/src/connect.c b/libs/libcurl/src/connect.c
index a53d79c214..002535b429 100644
--- a/libs/libcurl/src/connect.c
+++ b/libs/libcurl/src/connect.c
@@ -357,7 +357,7 @@ static CURLcode bindlocal(struct connectdata *conn,
conn->ip_version = CURL_IPRESOLVE_V6;
#endif
- rc = Curl_resolv(conn, dev, 0, &h);
+ rc = Curl_resolv(conn, dev, 0, FALSE, &h);
if(rc == CURLRESOLV_PENDING)
(void)Curl_resolver_wait_resolv(conn, &h);
conn->ip_version = ipver;
@@ -628,7 +628,6 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
long *port)
{
- unsigned short us_port;
struct sockaddr_in *si = NULL;
#ifdef ENABLE_IPV6
struct sockaddr_in6 *si6 = NULL;
@@ -642,7 +641,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
si = (struct sockaddr_in *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si->sin_addr,
addr, MAX_IPADR_LEN)) {
- us_port = ntohs(si->sin_port);
+ unsigned short us_port = ntohs(si->sin_port);
*port = us_port;
return TRUE;
}
@@ -652,7 +651,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
si6 = (struct sockaddr_in6 *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr,
addr, MAX_IPADR_LEN)) {
- us_port = ntohs(si6->sin6_port);
+ unsigned short us_port = ntohs(si6->sin6_port);
*port = us_port;
return TRUE;
}
@@ -679,17 +678,18 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
connection */
void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
{
- curl_socklen_t len;
- struct Curl_sockaddr_storage ssrem;
- struct Curl_sockaddr_storage ssloc;
- struct Curl_easy *data = conn->data;
-
if(conn->socktype == SOCK_DGRAM)
/* there's no connection! */
return;
+#if defined(HAVE_GETPEERNAME) || defined(HAVE_GETSOCKNAME)
if(!conn->bits.reuse && !conn->bits.tcp_fastopen) {
+ struct Curl_easy *data = conn->data;
char buffer[STRERROR_LEN];
+ struct Curl_sockaddr_storage ssrem;
+ struct Curl_sockaddr_storage ssloc;
+ curl_socklen_t len;
+#ifdef HAVE_GETPEERNAME
len = sizeof(struct Curl_sockaddr_storage);
if(getpeername(sockfd, (struct sockaddr*) &ssrem, &len)) {
int error = SOCKERRNO;
@@ -697,7 +697,8 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
error, Curl_strerror(error, buffer, sizeof(buffer)));
return;
}
-
+#endif
+#ifdef HAVE_GETSOCKNAME
len = sizeof(struct Curl_sockaddr_storage);
memset(&ssloc, 0, sizeof(ssloc));
if(getsockname(sockfd, (struct sockaddr*) &ssloc, &len)) {
@@ -706,7 +707,8 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
error, Curl_strerror(error, buffer, sizeof(buffer)));
return;
}
-
+#endif
+#ifdef HAVE_GETPEERNAME
if(!getaddressinfo((struct sockaddr*)&ssrem,
conn->primary_ip, &conn->primary_port)) {
failf(data, "ssrem inet_ntop() failed with errno %d: %s",
@@ -714,15 +716,19 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
return;
}
memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
-
+#endif
+#ifdef HAVE_GETSOCKNAME
if(!getaddressinfo((struct sockaddr*)&ssloc,
conn->local_ip, &conn->local_port)) {
failf(data, "ssloc inet_ntop() failed with errno %d: %s",
errno, Curl_strerror(errno, buffer, sizeof(buffer)));
return;
}
-
+#endif
}
+#else /* !HAVE_GETSOCKNAME && !HAVE_GETPEERNAME */
+ (void)sockfd; /* unused */
+#endif
/* persist connection info in session handle */
Curl_persistconninfo(conn);
@@ -1028,7 +1034,7 @@ static CURLcode singleipconnect(struct connectdata *conn,
Curl_closesocket(conn, sockfd);
return CURLE_OK;
}
- infof(data, " Trying %s...\n", ipaddress);
+ infof(data, " Trying %s:%ld...\n", ipaddress, port);
#ifdef ENABLE_IPV6
is_tcp = (addr.family == AF_INET || addr.family == AF_INET6) &&
diff --git a/libs/libcurl/src/cookie.c b/libs/libcurl/src/cookie.c
index 44851a52f5..05ce62193a 100644
--- a/libs/libcurl/src/cookie.c
+++ b/libs/libcurl/src/cookie.c
@@ -93,6 +93,7 @@ Example set of cookies:
#include "share.h"
#include "strtoofft.h"
#include "strcase.h"
+#include "curl_get_line.h"
#include "curl_memrchr.h"
#include "inet_pton.h"
@@ -873,11 +874,13 @@ Curl_cookie_add(struct Curl_easy *data,
co->name = strdup(ptr);
if(!co->name)
badcookie = TRUE;
- /* For Netscape file format cookies we check prefix on the name */
- if(strncasecompare("__Secure-", co->name, 9))
- co->prefix |= COOKIE_PREFIX__SECURE;
- else if(strncasecompare("__Host-", co->name, 7))
- co->prefix |= COOKIE_PREFIX__HOST;
+ else {
+ /* For Netscape file format cookies we check prefix on the name */
+ if(strncasecompare("__Secure-", co->name, 9))
+ co->prefix |= COOKIE_PREFIX__SECURE;
+ else if(strncasecompare("__Host-", co->name, 7))
+ co->prefix |= COOKIE_PREFIX__HOST;
+ }
break;
case 6:
co->value = strdup(ptr);
@@ -1085,33 +1088,6 @@ Curl_cookie_add(struct Curl_easy *data,
return co;
}
-/*
- * get_line() makes sure to only return complete whole lines that fit in 'len'
- * bytes and end with a newline.
- */
-char *Curl_get_line(char *buf, int len, FILE *input)
-{
- bool partial = FALSE;
- while(1) {
- char *b = fgets(buf, len, input);
- if(b) {
- size_t rlen = strlen(b);
- if(rlen && (b[rlen-1] == '\n')) {
- if(partial) {
- partial = FALSE;
- continue;
- }
- return b;
- }
- /* read a partial, discard the next piece that ends with newline */
- partial = TRUE;
- }
- else
- break;
- }
- return NULL;
-}
-
/*****************************************************************************
*
@@ -1533,10 +1509,6 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
struct Cookie *co;
FILE *out;
bool use_stdout = FALSE;
- char *format_ptr;
- unsigned int i;
- unsigned int j;
- struct Cookie **array;
if(!c)
/* no cookie engine alive */
@@ -1563,6 +1535,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
out);
if(c->numcookies) {
+ unsigned int i;
+ unsigned int j;
+ struct Cookie **array;
+
array = malloc(sizeof(struct Cookie *) * c->numcookies);
if(!array) {
if(!use_stdout)
@@ -1582,7 +1558,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct);
for(i = 0; i < j; i++) {
- format_ptr = get_netscape_format(array[i]);
+ char *format_ptr = get_netscape_format(array[i]);
if(format_ptr == NULL) {
fprintf(out, "#\n# Fatal libcurl error\n");
free(array);
diff --git a/libs/libcurl/src/cookie.h b/libs/libcurl/src/cookie.h
index 6ac4a6ac09..b2730cfb91 100644
--- a/libs/libcurl/src/cookie.h
+++ b/libs/libcurl/src/cookie.h
@@ -101,7 +101,6 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
void Curl_cookie_freelist(struct Cookie *cookies);
void Curl_cookie_clearall(struct CookieInfo *cookies);
void Curl_cookie_clearsess(struct CookieInfo *cookies);
-char *Curl_get_line(char *buf, int len, FILE *input);
#if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
#define Curl_cookie_list(x) NULL
diff --git a/libs/libcurl/src/curl_config.h.cmake b/libs/libcurl/src/curl_config.h.cmake
index 5308eb579d..9ac64f651b 100644
--- a/libs/libcurl/src/curl_config.h.cmake
+++ b/libs/libcurl/src/curl_config.h.cmake
@@ -235,6 +235,12 @@
/* Define to 1 if you have the `getprotobyname' function. */
#cmakedefine HAVE_GETPROTOBYNAME 1
+/* Define to 1 if you have the `getpeername' function. */
+#cmakedefine HAVE_GETPEERNAME 1
+
+/* Define to 1 if you have the `getsockname' function. */
+#cmakedefine HAVE_GETSOCKNAME 1
+
/* Define to 1 if you have the `getpwuid' function. */
#cmakedefine HAVE_GETPWUID 1
@@ -930,8 +936,8 @@
/* if PolarSSL is enabled */
#cmakedefine USE_POLARSSL 1
-/* if DarwinSSL is enabled */
-#cmakedefine USE_DARWINSSL 1
+/* if Secure Transport is enabled */
+#cmakedefine USE_SECTRANSP 1
/* if mbedTLS is enabled */
#cmakedefine USE_MBEDTLS 1
diff --git a/libs/libcurl/src/curl_config.h.in b/libs/libcurl/src/curl_config.h.in
index 04ed02a566..2be4755f8c 100644
--- a/libs/libcurl/src/curl_config.h.in
+++ b/libs/libcurl/src/curl_config.h.in
@@ -262,6 +262,9 @@
/* Define to 1 if you have the `getpass_r' function. */
#undef HAVE_GETPASS_R
+/* Define to 1 if you have the getpeername function. */
+#undef HAVE_GETPEERNAME
+
/* Define to 1 if you have the `getppid' function. */
#undef HAVE_GETPPID
@@ -277,6 +280,9 @@
/* Define to 1 if you have the getservbyport_r function. */
#undef HAVE_GETSERVBYPORT_R
+/* Define to 1 if you have the getsockname function. */
+#undef HAVE_GETSOCKNAME
+
/* Define to 1 if you have the `gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY
diff --git a/libs/libcurl/src/curl_fnmatch.c b/libs/libcurl/src/curl_fnmatch.c
index 846ecaec3a..ab3e7428d7 100644
--- a/libs/libcurl/src/curl_fnmatch.c
+++ b/libs/libcurl/src/curl_fnmatch.c
@@ -32,15 +32,6 @@
#ifndef HAVE_FNMATCH
-/*
- * TODO:
- *
- * Make this function match POSIX. Test 1307 includes a set of test patterns
- * that returns different results with a POSIX fnmatch() than with this
- * implementation and this is considered a bug where POSIX is the guiding
- * light.
- */
-
#define CURLFNM_CHARSET_LEN (sizeof(char) * 256)
#define CURLFNM_CHSET_SIZE (CURLFNM_CHARSET_LEN + 15)
diff --git a/libs/libcurl/src/curl_get_line.c b/libs/libcurl/src/curl_get_line.c
new file mode 100644
index 0000000000..c4194851ae
--- /dev/null
+++ b/libs/libcurl/src/curl_get_line.c
@@ -0,0 +1,55 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "curl_get_line.h"
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/*
+ * get_line() makes sure to only return complete whole lines that fit in 'len'
+ * bytes and end with a newline.
+ */
+char *Curl_get_line(char *buf, int len, FILE *input)
+{
+ bool partial = FALSE;
+ while(1) {
+ char *b = fgets(buf, len, input);
+ if(b) {
+ size_t rlen = strlen(b);
+ if(rlen && (b[rlen-1] == '\n')) {
+ if(partial) {
+ partial = FALSE;
+ continue;
+ }
+ return b;
+ }
+ /* read a partial, discard the next piece that ends with newline */
+ partial = TRUE;
+ }
+ else
+ break;
+ }
+ return NULL;
+}
diff --git a/libs/libcurl/src/curl_get_line.h b/libs/libcurl/src/curl_get_line.h
new file mode 100644
index 0000000000..532ab080a2
--- /dev/null
+++ b/libs/libcurl/src/curl_get_line.h
@@ -0,0 +1,29 @@
+#ifndef HEADER_CURL_GET_LINE_H
+#define HEADER_CURL_GET_LINE_H
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* get_line() makes sure to only return complete whole lines that fit in 'len'
+ * bytes and end with a newline. */
+char *Curl_get_line(char *buf, int len, FILE *input);
+
+#endif /* HEADER_CURL_GET_LINE_H */
diff --git a/libs/libcurl/src/curl_md4.h b/libs/libcurl/src/curl_md4.h
index e0690416dd..392203f9e3 100644
--- a/libs/libcurl/src/curl_md4.h
+++ b/libs/libcurl/src/curl_md4.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -25,11 +25,13 @@
#include "curl_setup.h"
#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \
+ (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) || \
(defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))
void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len);
#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||
+ (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) ||
(defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */
#endif /* HEADER_CURL_MD4_H */
diff --git a/libs/libcurl/src/curl_md5.h b/libs/libcurl/src/curl_md5.h
index 5f70c96346..aaf25f61bb 100644
--- a/libs/libcurl/src/curl_md5.h
+++ b/libs/libcurl/src/curl_md5.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -53,10 +53,10 @@ void Curl_md5it(unsigned char *output,
const unsigned char *input);
MD5_context * Curl_MD5_init(const MD5_params *md5params);
-int Curl_MD5_update(MD5_context *context,
- const unsigned char *data,
- unsigned int len);
-int Curl_MD5_final(MD5_context *context, unsigned char *result);
+CURLcode Curl_MD5_update(MD5_context *context,
+ const unsigned char *data,
+ unsigned int len);
+CURLcode Curl_MD5_final(MD5_context *context, unsigned char *result);
#endif
diff --git a/libs/libcurl/src/curl_memory.h b/libs/libcurl/src/curl_memory.h
index fccf46879a..ce38a08cd3 100644
--- a/libs/libcurl/src/curl_memory.h
+++ b/libs/libcurl/src/curl_memory.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@
*
* File lib/strdup.c is an exception, given that it provides a strdup
* clone implementation while using malloc. Extra care needed inside
- * this one. TODO: revisit this paragraph and related code.
+ * this one.
*
* The need for curl_memory.h inclusion is due to libcurl's feature
* of allowing library user to provide memory replacement functions,
diff --git a/libs/libcurl/src/curl_ntlm_core.c b/libs/libcurl/src/curl_ntlm_core.c
index e7060eb29a..b6df38f710 100644
--- a/libs/libcurl/src/curl_ntlm_core.c
+++ b/libs/libcurl/src/curl_ntlm_core.c
@@ -57,6 +57,8 @@
# include <openssl/des.h>
# ifndef OPENSSL_NO_MD4
# include <openssl/md4.h>
+# else
+# include "curl_md4.h"
# endif
# include <openssl/md5.h>
# include <openssl/ssl.h>
@@ -568,10 +570,14 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct Curl_easy *data,
{
/* Create NT hashed password. */
#ifdef USE_OPENSSL
+#if !defined(OPENSSL_NO_MD4)
MD4_CTX MD4pw;
MD4_Init(&MD4pw);
MD4_Update(&MD4pw, pw, 2 * len);
MD4_Final(ntbuffer, &MD4pw);
+#else
+ Curl_md4it(ntbuffer, pw, 2 * len);
+#endif
#elif defined(USE_GNUTLS_NETTLE)
struct md4_ctx MD4pw;
md4_init(&MD4pw);
diff --git a/libs/libcurl/src/curl_ntlm_core.h b/libs/libcurl/src/curl_ntlm_core.h
index 07ef5deae9..3b4b8053c3 100644
--- a/libs/libcurl/src/curl_ntlm_core.h
+++ b/libs/libcurl/src/curl_ntlm_core.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -43,9 +43,7 @@
/* Define USE_NTRESPONSES in order to make the type-3 message include
* the NT response message. */
-#if !defined(USE_OPENSSL) || !defined(OPENSSL_NO_MD4)
#define USE_NTRESPONSES
-#endif
/* Define USE_NTLM2SESSION in order to make the type-3 message include the
NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a
diff --git a/libs/libcurl/src/curl_ntlm_wb.c b/libs/libcurl/src/curl_ntlm_wb.c
index 18ee75dd90..80266e2a45 100644
--- a/libs/libcurl/src/curl_ntlm_wb.c
+++ b/libs/libcurl/src/curl_ntlm_wb.c
@@ -53,6 +53,8 @@
#include "url.h"
#include "strerror.h"
#include "strdup.h"
+#include "strcase.h"
+
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
@@ -74,7 +76,7 @@
# define sclose_nolog(x) close((x))
#endif
-void Curl_ntlm_wb_cleanup(struct connectdata *conn)
+void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn)
{
if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
sclose(conn->ntlm_auth_hlpr_socket);
@@ -333,6 +335,48 @@ done:
return CURLE_REMOTE_ACCESS_DENIED;
}
+CURLcode Curl_input_ntlm_wb(struct connectdata *conn,
+ bool proxy,
+ const char *header)
+{
+ curlntlm *state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
+
+ if(!checkprefix("NTLM", header))
+ return CURLE_BAD_CONTENT_ENCODING;
+
+ header += strlen("NTLM");
+ while(*header && ISSPACE(*header))
+ header++;
+
+ if(*header) {
+ conn->challenge_header = strdup(header);
+ if(!conn->challenge_header)
+ return CURLE_OUT_OF_MEMORY;
+
+ *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
+ }
+ else {
+ if(*state == NTLMSTATE_LAST) {
+ infof(conn->data, "NTLM auth restarted\n");
+ Curl_http_auth_cleanup_ntlm_wb(conn);
+ }
+ else if(*state == NTLMSTATE_TYPE3) {
+ infof(conn->data, "NTLM handshake rejected\n");
+ Curl_http_auth_cleanup_ntlm_wb(conn);
+ *state = NTLMSTATE_NONE;
+ return CURLE_REMOTE_ACCESS_DENIED;
+ }
+ else if(*state >= NTLMSTATE_TYPE1) {
+ infof(conn->data, "NTLM handshake failure (internal error)\n");
+ return CURLE_REMOTE_ACCESS_DENIED;
+ }
+
+ *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
+ }
+
+ return CURLE_OK;
+}
+
/*
* This is for creating ntlm header output by delegating challenge/response
* to Samba's winbind daemon helper ntlm_auth.
@@ -345,8 +389,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
char **allocuserpwd;
/* point to the name and password for this */
const char *userp;
- /* point to the correct struct with this */
- struct ntlmdata *ntlm;
+ curlntlm *state;
struct auth *authp;
CURLcode res = CURLE_OK;
@@ -358,13 +401,13 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
- ntlm = &conn->proxyntlm;
+ state = &conn->proxy_ntlm_state;
authp = &conn->data->state.authproxy;
}
else {
allocuserpwd = &conn->allocptr.userpwd;
userp = conn->user;
- ntlm = &conn->ntlm;
+ state = &conn->http_ntlm_state;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
@@ -373,7 +416,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(!userp)
userp = "";
- switch(ntlm->state) {
+ switch(*state) {
case NTLMSTATE_TYPE1:
default:
/* Use Samba's 'winbind' daemon to support NTLM authentication,
@@ -392,7 +435,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
res = ntlm_wb_init(conn, userp);
if(res)
return res;
- res = ntlm_wb_response(conn, "YR\n", ntlm->state);
+ res = ntlm_wb_response(conn, "YR\n", *state);
if(res)
return res;
@@ -406,11 +449,12 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
return CURLE_OUT_OF_MEMORY;
conn->response_header = NULL;
break;
+
case NTLMSTATE_TYPE2:
input = aprintf("TT %s\n", conn->challenge_header);
if(!input)
return CURLE_OUT_OF_MEMORY;
- res = ntlm_wb_response(conn, input, ntlm->state);
+ res = ntlm_wb_response(conn, input, *state);
free(input);
input = NULL;
if(res)
@@ -421,17 +465,20 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
proxy ? "Proxy-" : "",
conn->response_header);
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
- ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
+ *state = NTLMSTATE_TYPE3; /* we sent a type-3 */
authp->done = TRUE;
- Curl_ntlm_wb_cleanup(conn);
+ Curl_http_auth_cleanup_ntlm_wb(conn);
if(!*allocuserpwd)
return CURLE_OUT_OF_MEMORY;
break;
+
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
- free(*allocuserpwd);
- *allocuserpwd = NULL;
+ *state = NTLMSTATE_LAST;
+ /* FALLTHROUGH */
+ case NTLMSTATE_LAST:
+ Curl_safefree(*allocuserpwd);
authp->done = TRUE;
break;
}
diff --git a/libs/libcurl/src/curl_ntlm_wb.h b/libs/libcurl/src/curl_ntlm_wb.h
index aba3d469c3..3cf841cf24 100644
--- a/libs/libcurl/src/curl_ntlm_wb.h
+++ b/libs/libcurl/src/curl_ntlm_wb.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -27,11 +27,14 @@
#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
defined(NTLM_WB_ENABLED)
-/* this is for creating ntlm header output by delegating challenge/response
- to Samba's winbind daemon helper ntlm_auth */
+/* this is for ntlm header input */
+CURLcode Curl_input_ntlm_wb(struct connectdata *conn, bool proxy,
+ const char *header);
+
+/* this is for creating ntlm header output */
CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
-void Curl_ntlm_wb_cleanup(struct connectdata *conn);
+void Curl_http_auth_cleanup_ntlm_wb(struct connectdata *conn);
#endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */
diff --git a/libs/libcurl/src/curl_path.c b/libs/libcurl/src/curl_path.c
index ad386e7433..85dddcef1b 100644
--- a/libs/libcurl/src/curl_path.c
+++ b/libs/libcurl/src/curl_path.c
@@ -22,7 +22,7 @@
#include "curl_setup.h"
-#if defined(USE_LIBSSH2) || defined(USE_LIBSSH)
+#if defined(USE_SSH)
#include <curl/curl.h>
#include "curl_memory.h"
diff --git a/libs/libcurl/src/curl_sasl.c b/libs/libcurl/src/curl_sasl.c
index 9e1a72e5e4..018e4228b3 100644
--- a/libs/libcurl/src/curl_sasl.c
+++ b/libs/libcurl/src/curl_sasl.c
@@ -31,6 +31,9 @@
#include "curl_setup.h"
+#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
+ !defined(CURL_DISABLE_POP3)
+
#include <curl/curl.h>
#include "urldata.h"
@@ -83,14 +86,14 @@ void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
#if defined(USE_KERBEROS5)
/* Cleanup the gssapi structure */
if(authused == SASL_MECH_GSSAPI) {
- Curl_auth_gssapi_cleanup(&conn->krb5);
+ Curl_auth_cleanup_gssapi(&conn->krb5);
}
#endif
#if defined(USE_NTLM)
/* Cleanup the NTLM structure */
if(authused == SASL_MECH_NTLM) {
- Curl_auth_ntlm_cleanup(&conn->ntlm);
+ Curl_auth_cleanup_ntlm(&conn->ntlm);
}
#endif
@@ -290,7 +293,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
#if defined(USE_KERBEROS5)
if((enabledmechs & SASL_MECH_GSSAPI) && Curl_auth_is_gssapi_supported() &&
Curl_auth_user_contains_domain(conn->user)) {
- sasl->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */
+ sasl->mutual_auth = FALSE;
mech = SASL_MECH_STRING_GSSAPI;
state1 = SASL_GSSAPI;
state2 = SASL_GSSAPI_TOKEN;
@@ -357,10 +360,9 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
sasl->authused = SASL_MECH_XOAUTH2;
if(force_ir || data->set.sasl_ir)
- result = Curl_auth_create_oauth_bearer_message(data, conn->user,
- NULL, 0,
- conn->oauth_bearer,
- &resp, &len);
+ result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
+ conn->oauth_bearer,
+ &resp, &len);
}
else if(enabledmechs & SASL_MECH_PLAIN) {
mech = SASL_MECH_STRING_PLAIN;
@@ -368,8 +370,8 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
sasl->authused = SASL_MECH_PLAIN;
if(force_ir || data->set.sasl_ir)
- result = Curl_auth_create_plain_message(data, conn->user, conn->passwd,
- &resp, &len);
+ result = Curl_auth_create_plain_message(data, NULL, conn->user,
+ conn->passwd, &resp, &len);
}
else if(enabledmechs & SASL_MECH_LOGIN) {
mech = SASL_MECH_STRING_LOGIN;
@@ -451,9 +453,8 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
*progress = SASL_DONE;
return result;
case SASL_PLAIN:
- result = Curl_auth_create_plain_message(data, conn->user, conn->passwd,
- &resp,
- &len);
+ result = Curl_auth_create_plain_message(data, NULL, conn->user,
+ conn->passwd, &resp, &len);
break;
case SASL_LOGIN:
result = Curl_auth_create_login_message(data, conn->user, &resp, &len);
@@ -562,10 +563,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
newstate = SASL_OAUTH2_RESP;
}
else
- result = Curl_auth_create_oauth_bearer_message(data, conn->user,
- NULL, 0,
- conn->oauth_bearer,
- &resp, &len);
+ result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
+ conn->oauth_bearer,
+ &resp, &len);
break;
case SASL_OAUTH2_RESP:
@@ -626,3 +626,4 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
return result;
}
+#endif /* protocols are enabled that use SASL */
diff --git a/libs/libcurl/src/curl_setup.h b/libs/libcurl/src/curl_setup.h
index 4c3a173596..e5b5c863bc 100644
--- a/libs/libcurl/src/curl_setup.h
+++ b/libs/libcurl/src/curl_setup.h
@@ -686,6 +686,10 @@ int netware_init(void);
#error "No longer supported. Set CURLOPT_CAINFO at runtime instead."
#endif
+#if defined(USE_LIBSSH2) || defined(USE_LIBSSH) || defined(USE_WOLFSSH)
+#define USE_SSH
+#endif
+
/*
* Provide a mechanism to silence picky compilers, such as gcc 4.6+.
* Parameters should of course normally not be unused, but for example when
diff --git a/libs/libcurl/src/doh.c b/libs/libcurl/src/doh.c
index b5327c4aef..6d1f3303b5 100644
--- a/libs/libcurl/src/doh.c
+++ b/libs/libcurl/src/doh.c
@@ -22,6 +22,8 @@
#include "curl_setup.h"
+#ifndef CURL_DISABLE_DOH
+
#include "urldata.h"
#include "curl_addrinfo.h"
#include "doh.h"
@@ -582,7 +584,6 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
unsigned short qdcount;
unsigned short ancount;
unsigned short type = 0;
- unsigned short class;
unsigned short rdlength;
unsigned short nscount;
unsigned short arcount;
@@ -610,6 +611,7 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
ancount = get16bit(doh, 6);
while(ancount) {
+ unsigned short class;
unsigned int ttl;
rc = skipqname(doh, dohlen, &index);
@@ -894,8 +896,6 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
DOHcode rc;
DOHcode rc2;
struct dohentry de;
- struct Curl_dns_entry *dns;
- struct Curl_addrinfo *ai;
/* remove DOH handles from multi handle and close them */
curl_multi_remove_handle(data->multi, data->req.doh.probe[0].easy);
Curl_close(data->req.doh.probe[0].easy);
@@ -925,6 +925,9 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
data->req.doh.host);
}
if(!rc || !rc2) {
+ struct Curl_dns_entry *dns;
+ struct Curl_addrinfo *ai;
+
infof(data, "DOH Host name: %s\n", data->req.doh.host);
showdoh(data, &de);
@@ -960,3 +963,5 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
return CURLE_OK;
}
+
+#endif /* CURL_DISABLE_DOH */
diff --git a/libs/libcurl/src/doh.h b/libs/libcurl/src/doh.h
index 83c79bc5df..34bfa6f2ba 100644
--- a/libs/libcurl/src/doh.h
+++ b/libs/libcurl/src/doh.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2018 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -25,6 +25,8 @@
#include "urldata.h"
#include "curl_addrinfo.h"
+#ifndef CURL_DISABLE_DOH
+
/*
* Curl_doh() resolve a name using DoH (DNS-over-HTTPS). It resolves a name
* and returns a 'Curl_addrinfo *' with the address information.
@@ -102,4 +104,10 @@ DOHcode doh_decode(unsigned char *doh,
struct dohentry *d);
void de_cleanup(struct dohentry *d);
#endif
+
+#else /* if DOH is disabled */
+#define Curl_doh(a,b,c,d) NULL
+#define Curl_doh_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST
+#endif
+
#endif /* HEADER_CURL_DOH_H */
diff --git a/libs/libcurl/src/easy.c b/libs/libcurl/src/easy.c
index ae6176f25b..4a6f965677 100644
--- a/libs/libcurl/src/easy.c
+++ b/libs/libcurl/src/easy.c
@@ -265,7 +265,6 @@ void curl_global_cleanup(void)
if(--initialized)
return;
- Curl_global_host_cache_dtor();
Curl_ssl_cleanup();
Curl_resolver_global_cleanup();
@@ -428,8 +427,8 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */
mask. Convert from libcurl bitmask to the poll one. */
m->socket.events = socketcb2poll(what);
infof(easy, "socket cb: socket %d UPDATED as %s%s\n", s,
- what&CURL_POLL_IN?"IN":"",
- what&CURL_POLL_OUT?"OUT":"");
+ (what&CURL_POLL_IN)?"IN":"",
+ (what&CURL_POLL_OUT)?"OUT":"");
}
break;
}
@@ -452,8 +451,8 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */
m->socket.revents = 0;
ev->list = m;
infof(easy, "socket cb: socket %d ADDED as %s%s\n", s,
- what&CURL_POLL_IN?"IN":"",
- what&CURL_POLL_OUT?"OUT":"");
+ (what&CURL_POLL_IN)?"IN":"",
+ (what&CURL_POLL_OUT)?"OUT":"");
}
else
return CURLE_OUT_OF_MEMORY;
@@ -560,7 +559,7 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
return CURLE_RECV_ERROR;
if(mcode)
- return CURLE_URL_MALFORMAT; /* TODO: return a proper error! */
+ return CURLE_URL_MALFORMAT;
/* we don't really care about the "msgs_in_queue" value returned in the
second argument */
@@ -962,7 +961,10 @@ void curl_easy_reset(struct Curl_easy *data)
/* zero out authentication data: */
memset(&data->state.authhost, 0, sizeof(struct auth));
memset(&data->state.authproxy, 0, sizeof(struct auth));
- Curl_digest_cleanup(data);
+
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
+ Curl_http_auth_cleanup_digest(data);
+#endif
}
/*
diff --git a/libs/libcurl/src/fileinfo.c b/libs/libcurl/src/fileinfo.c
index 4e72e1eba0..2630c9e460 100644
--- a/libs/libcurl/src/fileinfo.c
+++ b/libs/libcurl/src/fileinfo.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
***************************************************************************/
#include "curl_setup.h"
-
+#ifndef CURL_DISABLE_FTP
#include "strdup.h"
#include "fileinfo.h"
#include "curl_memory.h"
@@ -41,3 +41,4 @@ void Curl_fileinfo_cleanup(struct fileinfo *finfo)
Curl_safefree(finfo->info.b_data);
free(finfo);
}
+#endif
diff --git a/libs/libcurl/src/formdata.c b/libs/libcurl/src/formdata.c
index 202d930c70..429d479da5 100644
--- a/libs/libcurl/src/formdata.c
+++ b/libs/libcurl/src/formdata.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -24,14 +24,14 @@
#include <curl/curl.h>
-#ifndef CURL_DISABLE_HTTP
+#include "formdata.h"
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_MIME)
#if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME)
#include <libgen.h>
#endif
#include "urldata.h" /* for struct Curl_easy */
-#include "formdata.h"
#include "mime.h"
#include "non-ascii.h"
#include "vtls/vtls.h"
@@ -569,7 +569,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
if(((form->flags & HTTPPOST_FILENAME) ||
(form->flags & HTTPPOST_BUFFER)) &&
!form->contenttype) {
- char *f = form->flags & HTTPPOST_BUFFER?
+ char *f = (form->flags & HTTPPOST_BUFFER)?
form->showfilename : form->value;
char const *type;
type = Curl_mime_contenttype(f);
@@ -921,7 +921,8 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
return result;
}
-#else /* CURL_DISABLE_HTTP */
+#else
+/* if disabled */
CURLFORMcode curl_formadd(struct curl_httppost **httppost,
struct curl_httppost **last_post,
...)
@@ -946,5 +947,4 @@ void curl_formfree(struct curl_httppost *form)
/* does nothing HTTP is disabled */
}
-
-#endif /* !defined(CURL_DISABLE_HTTP) */
+#endif /* if disabled */
diff --git a/libs/libcurl/src/formdata.h b/libs/libcurl/src/formdata.h
index 1246c2bc8e..cb20805f52 100644
--- a/libs/libcurl/src/formdata.h
+++ b/libs/libcurl/src/formdata.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,6 +22,10 @@
*
***************************************************************************/
+#include "curl_setup.h"
+
+#ifndef CURL_DISABLE_MIME
+
/* used by FormAdd for temporary storage */
typedef struct FormInfo {
char *name;
@@ -47,5 +51,10 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
curl_mimepart *,
struct curl_httppost *post,
curl_read_callback fread_func);
+#else
+/* disabled */
+#define Curl_getformdata(a,b,c,d) CURLE_NOT_BUILT_IN
+#endif
+
#endif /* HEADER_CURL_FORMDATA_H */
diff --git a/libs/libcurl/src/ftp.c b/libs/libcurl/src/ftp.c
index 825aaaa1d7..d6343fd516 100644
--- a/libs/libcurl/src/ftp.c
+++ b/libs/libcurl/src/ftp.c
@@ -572,7 +572,6 @@ static CURLcode ftp_readresp(curl_socket_t sockfd,
#if defined(HAVE_GSSAPI)
/* handle the security-oriented responses 6xx ***/
- /* FIXME: some errorchecking perhaps... ***/
switch(code) {
case 631:
code = Curl_sec_read_msg(conn, buf, PROT_SAFE);
@@ -1080,7 +1079,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
}
/* resolv ip/host to ip */
- rc = Curl_resolv(conn, host, 0, &h);
+ rc = Curl_resolv(conn, host, 0, FALSE, &h);
if(rc == CURLRESOLV_PENDING)
(void)Curl_resolver_wait_resolv(conn, &h);
if(h) {
@@ -1934,7 +1933,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
*/
const char * const host_name = conn->bits.socksproxy ?
conn->socks_proxy.host.name : conn->http_proxy.host.name;
- rc = Curl_resolv(conn, host_name, (int)conn->port, &addr);
+ rc = Curl_resolv(conn, host_name, (int)conn->port, FALSE, &addr);
if(rc == CURLRESOLV_PENDING)
/* BLOCKING, ignores the return code but 'addr' will be NULL in
case of failure */
@@ -1950,7 +1949,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
}
else {
/* normal, direct, ftp connection */
- rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, &addr);
+ rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, FALSE, &addr);
if(rc == CURLRESOLV_PENDING)
/* BLOCKING */
(void)Curl_resolver_wait_resolv(conn, &addr);
@@ -3490,7 +3489,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
if(Curl_connect_ongoing(conn)) {
/* As we're in TUNNEL_CONNECT state now, we know the proxy name and port
- aren't used so we blank their arguments. TODO: make this nicer */
+ aren't used so we blank their arguments. */
result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, NULL, 0);
return result;
diff --git a/libs/libcurl/src/ftplistparser.c b/libs/libcurl/src/ftplistparser.c
index 1b1de5c3cd..c4eb43732d 100644
--- a/libs/libcurl/src/ftplistparser.c
+++ b/libs/libcurl/src/ftplistparser.c
@@ -914,10 +914,7 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
case PL_WINNT_DIRORSIZE:
switch(parser->state.NT.sub.dirorsize) {
case PL_WINNT_DIRORSIZE_PRESPACE:
- if(c == ' ') {
-
- }
- else {
+ if(c != ' ') {
parser->item_offset = finfo->b_used - 1;
parser->item_length = 1;
parser->state.NT.sub.dirorsize = PL_WINNT_DIRORSIZE_CONTENT;
diff --git a/libs/libcurl/src/hostcheck.c b/libs/libcurl/src/hostcheck.c
index 6fcd0a9011..115d24b2e2 100644
--- a/libs/libcurl/src/hostcheck.c
+++ b/libs/libcurl/src/hostcheck.c
@@ -127,16 +127,14 @@ static int hostmatch(char *hostname, char *pattern)
int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
{
- char *matchp;
- char *hostp;
int res = 0;
if(!match_pattern || !*match_pattern ||
!hostname || !*hostname) /* sanity check */
;
else {
- matchp = strdup(match_pattern);
+ char *matchp = strdup(match_pattern);
if(matchp) {
- hostp = strdup(hostname);
+ char *hostp = strdup(hostname);
if(hostp) {
if(hostmatch(hostp, matchp) == CURL_HOST_MATCH)
res = 1;
diff --git a/libs/libcurl/src/hostip.c b/libs/libcurl/src/hostip.c
index 7909141c17..cf33ed8f4d 100644
--- a/libs/libcurl/src/hostip.c
+++ b/libs/libcurl/src/hostip.c
@@ -114,42 +114,8 @@
* CURLRES_* defines based on the config*.h and curl_setup.h defines.
*/
-/* These two symbols are for the global DNS cache */
-static struct curl_hash hostname_cache;
-static int host_cache_initialized;
-
static void freednsentry(void *freethis);
-/*
- * Curl_global_host_cache_init() initializes and sets up a global DNS cache.
- * Global DNS cache is general badness. Do not use. This will be removed in
- * a future version. Use the share interface instead!
- *
- * Returns a struct curl_hash pointer on success, NULL on failure.
- */
-struct curl_hash *Curl_global_host_cache_init(void)
-{
- int rc = 0;
- if(!host_cache_initialized) {
- rc = Curl_hash_init(&hostname_cache, 7, Curl_hash_str,
- Curl_str_key_compare, freednsentry);
- if(!rc)
- host_cache_initialized = 1;
- }
- return rc?NULL:&hostname_cache;
-}
-
-/*
- * Destroy and cleanup the global DNS cache
- */
-void Curl_global_host_cache_dtor(void)
-{
- if(host_cache_initialized) {
- Curl_hash_destroy(&hostname_cache);
- host_cache_initialized = 0;
- }
-}
-
/*
* Return # of addresses in a Curl_addrinfo struct
*/
@@ -368,9 +334,9 @@ Curl_fetch_addr(struct connectdata *conn,
return dns;
}
+#ifndef CURL_DISABLE_SHUFFLE_DNS
UNITTEST CURLcode Curl_shuffle_addr(struct Curl_easy *data,
Curl_addrinfo **addr);
-
/*
* Curl_shuffle_addr() shuffles the order of addresses in a 'Curl_addrinfo'
* struct by re-linking its linked list.
@@ -435,6 +401,7 @@ UNITTEST CURLcode Curl_shuffle_addr(struct Curl_easy *data,
}
return result;
}
+#endif
/*
* Curl_cache_addr() stores a 'Curl_addrinfo' struct in the DNS cache.
@@ -456,12 +423,14 @@ Curl_cache_addr(struct Curl_easy *data,
struct Curl_dns_entry *dns;
struct Curl_dns_entry *dns2;
+#ifndef CURL_DISABLE_SHUFFLE_DNS
/* shuffle addresses if requested */
if(data->set.dns_shuffle_addresses) {
CURLcode result = Curl_shuffle_addr(data, &addr);
if(result)
return NULL;
}
+#endif
/* Create a new cache entry */
dns = calloc(1, sizeof(struct Curl_dns_entry));
@@ -516,6 +485,7 @@ Curl_cache_addr(struct Curl_easy *data,
int Curl_resolv(struct connectdata *conn,
const char *hostname,
int port,
+ bool allowDOH,
struct Curl_dns_entry **entry)
{
struct Curl_dns_entry *dns = NULL;
@@ -561,7 +531,7 @@ int Curl_resolv(struct connectdata *conn,
return CURLRESOLV_ERROR;
}
- if(data->set.doh) {
+ if(allowDOH && data->set.doh) {
addr = Curl_doh(conn, hostname, port, &respwait);
}
else {
@@ -687,7 +657,7 @@ int Curl_resolv_timeout(struct connectdata *conn,
if(!timeout)
/* USE_ALARM_TIMEOUT defined, but no timeout actually requested */
- return Curl_resolv(conn, hostname, port, entry);
+ return Curl_resolv(conn, hostname, port, TRUE, entry);
if(timeout < 1000) {
/* The alarm() function only provides integer second resolution, so if
@@ -749,7 +719,7 @@ int Curl_resolv_timeout(struct connectdata *conn,
/* Perform the actual name resolution. This might be interrupted by an
* alarm if it takes too long.
*/
- rc = Curl_resolv(conn, hostname, port, entry);
+ rc = Curl_resolv(conn, hostname, port, TRUE, entry);
#ifdef USE_ALARM_TIMEOUT
clean_up:
diff --git a/libs/libcurl/src/hostip.h b/libs/libcurl/src/hostip.h
index cd43882af6..9dc0d5a177 100644
--- a/libs/libcurl/src/hostip.h
+++ b/libs/libcurl/src/hostip.h
@@ -83,8 +83,11 @@ struct Curl_dns_entry {
#define CURLRESOLV_ERROR -1
#define CURLRESOLV_RESOLVED 0
#define CURLRESOLV_PENDING 1
-int Curl_resolv(struct connectdata *conn, const char *hostname,
- int port, struct Curl_dns_entry **dnsentry);
+int Curl_resolv(struct connectdata *conn,
+ const char *hostname,
+ int port,
+ bool allowDOH,
+ struct Curl_dns_entry **dnsentry);
int Curl_resolv_timeout(struct connectdata *conn, const char *hostname,
int port, struct Curl_dns_entry **dnsentry,
time_t timeoutms);
diff --git a/libs/libcurl/src/hostip6.c b/libs/libcurl/src/hostip6.c
index fb2f35ce3d..5511f1aab1 100644
--- a/libs/libcurl/src/hostip6.c
+++ b/libs/libcurl/src/hostip6.c
@@ -102,14 +102,15 @@ static void dump_addrinfo(struct connectdata *conn, const Curl_addrinfo *ai)
printf("dump_addrinfo:\n");
for(; ai; ai = ai->ai_next) {
char buf[INET6_ADDRSTRLEN];
- char buffer[STRERROR_LEN];
printf(" fam %2d, CNAME %s, ",
ai->ai_family, ai->ai_canonname ? ai->ai_canonname : "<none>");
if(Curl_printable_address(ai, buf, sizeof(buf)))
printf("%s\n", buf);
- else
+ else {
+ char buffer[STRERROR_LEN];
printf("failed; %s\n",
Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
+ }
}
}
#else
diff --git a/libs/libcurl/src/http.c b/libs/libcurl/src/http.c
index a0520b40ec..338c59a22c 100644
--- a/libs/libcurl/src/http.c
+++ b/libs/libcurl/src/http.c
@@ -73,7 +73,6 @@
#include "http_proxy.h"
#include "warnless.h"
#include "non-ascii.h"
-#include "pipeline.h"
#include "http2.h"
#include "connect.h"
#include "strdup.h"
@@ -93,7 +92,9 @@ static int http_getsock_do(struct connectdata *conn,
int numsocks);
static int http_should_fail(struct connectdata *conn);
+#ifndef CURL_DISABLE_PROXY
static CURLcode add_haproxy_protocol_header(struct connectdata *conn);
+#endif
#ifdef USE_SSL
static CURLcode https_connecting(struct connectdata *conn, bool *done);
@@ -177,7 +178,7 @@ static CURLcode http_setup_conn(struct connectdata *conn)
return CURLE_OK;
}
-
+#ifndef CURL_DISABLE_PROXY
/*
* checkProxyHeaders() checks the linked list of custom proxy headers
* if proxy headers are not available, then it will lookup into http header
@@ -204,6 +205,10 @@ char *Curl_checkProxyheaders(const struct connectdata *conn,
return NULL;
}
+#else
+/* disabled */
+#define Curl_checkProxyheaders(x,y) NULL
+#endif
/*
* Strip off leading and trailing whitespace from the value in the
@@ -258,6 +263,7 @@ char *Curl_copy_header_value(const char *header)
return value;
}
+#ifndef CURL_DISABLE_HTTP_AUTH
/*
* http_output_basic() sets up an Authorization: header (or the proxy version)
* for HTTP Basic authentication.
@@ -339,6 +345,8 @@ static CURLcode http_output_bearer(struct connectdata *conn)
return result;
}
+#endif
+
/* pickoneauth() selects the most favourable authentication method from the
* ones available and the ones we want.
*
@@ -458,8 +466,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
(data->state.authproxy.picked == CURLAUTH_NTLM_WB) ||
(data->state.authhost.picked == CURLAUTH_NTLM_WB)) {
if(((expectsend - bytessent) < 2000) ||
- (conn->ntlm.state != NTLMSTATE_NONE) ||
- (conn->proxyntlm.state != NTLMSTATE_NONE)) {
+ (conn->http_ntlm_state != NTLMSTATE_NONE) ||
+ (conn->proxy_ntlm_state != NTLMSTATE_NONE)) {
/* The NTLM-negotiation has started *OR* there is just a little (<2K)
data left to send, keep on sending. */
@@ -486,8 +494,8 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
if((data->state.authproxy.picked == CURLAUTH_NEGOTIATE) ||
(data->state.authhost.picked == CURLAUTH_NEGOTIATE)) {
if(((expectsend - bytessent) < 2000) ||
- (conn->negotiate.state != GSS_AUTHNONE) ||
- (conn->proxyneg.state != GSS_AUTHNONE)) {
+ (conn->http_negotiate_state != GSS_AUTHNONE) ||
+ (conn->proxy_negotiate_state != GSS_AUTHNONE)) {
/* The NEGOTIATE-negotiation has started *OR*
there is just a little (<2K) data left to send, keep on sending. */
@@ -612,6 +620,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
return result;
}
+#ifndef CURL_DISABLE_HTTP_AUTH
/*
* Output the correct authentication header depending on the auth type
* and whether or not it is to a proxy.
@@ -800,6 +809,22 @@ Curl_http_output_auth(struct connectdata *conn,
return result;
}
+#else
+/* when disabled */
+CURLcode
+Curl_http_output_auth(struct connectdata *conn,
+ const char *request,
+ const char *path,
+ bool proxytunnel)
+{
+ (void)conn;
+ (void)request;
+ (void)path;
+ (void)proxytunnel;
+ return CURLE_OK;
+}
+#endif
+
/*
* Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate:
* headers. They are dealt with both in the transfer.c main loop and in the
@@ -815,8 +840,8 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
struct Curl_easy *data = conn->data;
#ifdef USE_SPNEGO
- struct negotiatedata *negdata = proxy?
- &conn->proxyneg:&conn->negotiate;
+ curlnegotiate *negstate = proxy ? &conn->proxy_negotiate_state :
+ &conn->http_negotiate_state;
#endif
unsigned long *availp;
struct auth *authp;
@@ -863,7 +888,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
return CURLE_OUT_OF_MEMORY;
data->state.authproblem = FALSE;
/* we received a GSS auth token and we dealt with it fine */
- negdata->state = GSS_AUTHRECV;
+ *negstate = GSS_AUTHRECV;
}
else
data->state.authproblem = TRUE;
@@ -894,19 +919,10 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
*availp |= CURLAUTH_NTLM_WB;
authp->avail |= CURLAUTH_NTLM_WB;
- /* Get the challenge-message which will be passed to
- * ntlm_auth for generating the type 3 message later */
- while(*auth && ISSPACE(*auth))
- auth++;
- if(checkprefix("NTLM", auth)) {
- auth += strlen("NTLM");
- while(*auth && ISSPACE(*auth))
- auth++;
- if(*auth) {
- conn->challenge_header = strdup(auth);
- if(!conn->challenge_header)
- return CURLE_OUT_OF_MEMORY;
- }
+ result = Curl_input_ntlm_wb(conn, proxy, auth);
+ if(result) {
+ infof(data, "Authentication problem. Ignoring this.\n");
+ data->state.authproblem = TRUE;
}
}
#endif
@@ -1280,7 +1296,6 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer **inp,
This needs FIXing.
*/
return CURLE_SEND_ERROR;
- Curl_pipeline_leave_write(conn);
}
}
Curl_add_buffer_free(&in);
@@ -1457,12 +1472,14 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
/* nothing else to do except wait right now - we're not done here. */
return CURLE_OK;
+#ifndef CURL_DISABLE_PROXY
if(conn->data->set.haproxyprotocol) {
/* add HAProxy PROXY protocol header */
result = add_haproxy_protocol_header(conn);
if(result)
return result;
}
+#endif
if(conn->given->protocol & CURLPROTO_HTTPS) {
/* perform SSL initialization */
@@ -1489,6 +1506,7 @@ static int http_getsock_do(struct connectdata *conn,
return GETSOCK_WRITESOCK(0);
}
+#ifndef CURL_DISABLE_PROXY
static CURLcode add_haproxy_protocol_header(struct connectdata *conn)
{
char proxy_header[128];
@@ -1529,6 +1547,7 @@ static CURLcode add_haproxy_protocol_header(struct connectdata *conn)
return result;
}
+#endif
#ifdef USE_SSL
static CURLcode https_connecting(struct connectdata *conn, bool *done)
@@ -1689,8 +1708,6 @@ CURLcode Curl_http_compile_trailers(struct curl_slist *trailers,
const char *endofline_native = NULL;
const char *endofline_network = NULL;
- /* TODO: Maybe split Curl_add_custom_headers to make it reusable here */
-
if(
#ifdef CURL_DO_LINEEND_CONV
(handle->set.prefer_ascii) ||
@@ -1863,6 +1880,7 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn,
return CURLE_OK;
}
+#ifndef CURL_DISABLE_PARSEDATE
CURLcode Curl_add_timecondition(struct Curl_easy *data,
Curl_send_buffer *req_buffer)
{
@@ -1921,6 +1939,16 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data,
return result;
}
+#else
+/* disabled */
+CURLcode Curl_add_timecondition(struct Curl_easy *data,
+ Curl_send_buffer *req_buffer)
+{
+ (void)data;
+ (void)req_buffer;
+ return CURLE_OK;
+}
+#endif
/*
* Curl_http() gets called from the generic multi_do() function when a HTTP
@@ -1972,6 +2000,13 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
#ifdef USE_NGHTTP2
if(conn->data->set.httpversion ==
CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE) {
+ if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
+ /* We don't support HTTP/2 proxies yet. Also it's debatable whether
+ or not this setting should apply to HTTP/2 proxies. */
+ infof(data, "Ignoring HTTP/2 prior knowledge due to proxy\n");
+ break;
+ }
+
DEBUGF(infof(data, "HTTP/2 over clean TCP\n"));
conn->httpversion = 20;
@@ -2149,6 +2184,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
http->sendit = NULL;
}
+#ifndef CURL_DISABLE_MIME
if(http->sendit) {
const char *cthdr = Curl_checkheaders(conn, "Content-Type");
@@ -2173,6 +2209,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
return result;
http->postsize = Curl_mime_size(http->sendit);
}
+#endif
ptr = Curl_checkheaders(conn, "Transfer-Encoding");
if(ptr) {
@@ -2741,6 +2778,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
return result;
}
+#ifndef CURL_DISABLE_MIME
/* Output mime-generated headers. */
{
struct curl_slist *hdr;
@@ -2751,6 +2789,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
return result;
}
}
+#endif
/* For really small posts we don't use Expect: headers at all, and for
the somewhat bigger ones we allow the app to disable it. Just make
@@ -3372,9 +3411,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
#if defined(USE_NTLM)
if(conn->bits.close &&
(((data->req.httpcode == 401) &&
- (conn->ntlm.state == NTLMSTATE_TYPE2)) ||
+ (conn->http_ntlm_state == NTLMSTATE_TYPE2)) ||
((data->req.httpcode == 407) &&
- (conn->proxyntlm.state == NTLMSTATE_TYPE2)))) {
+ (conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) {
infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
data->state.authproblem = TRUE;
}
@@ -3382,19 +3421,19 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
#if defined(USE_SPNEGO)
if(conn->bits.close &&
(((data->req.httpcode == 401) &&
- (conn->negotiate.state == GSS_AUTHRECV)) ||
+ (conn->http_negotiate_state == GSS_AUTHRECV)) ||
((data->req.httpcode == 407) &&
- (conn->proxyneg.state == GSS_AUTHRECV)))) {
+ (conn->proxy_negotiate_state == GSS_AUTHRECV)))) {
infof(data, "Connection closure while negotiating auth (HTTP 1.0?)\n");
data->state.authproblem = TRUE;
}
- if((conn->negotiate.state == GSS_AUTHDONE) &&
+ if((conn->http_negotiate_state == GSS_AUTHDONE) &&
(data->req.httpcode != 401)) {
- conn->negotiate.state = GSS_AUTHSUCC;
+ conn->http_negotiate_state = GSS_AUTHSUCC;
}
- if((conn->proxyneg.state == GSS_AUTHDONE) &&
+ if((conn->proxy_negotiate_state == GSS_AUTHDONE) &&
(data->req.httpcode != 407)) {
- conn->proxyneg.state = GSS_AUTHSUCC;
+ conn->proxy_negotiate_state = GSS_AUTHSUCC;
}
#endif
/*
@@ -3632,6 +3671,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
if(conn->httpversion != 20)
infof(data, "Lying server, not serving HTTP/2\n");
}
+ if(conn->httpversion < 20) {
+ conn->bundle->multiuse = BUNDLE_NO_MULTIUSE;
+ infof(data, "Mark bundle as not supporting multiuse\n");
+ }
}
else if(!nc) {
/* this is the real world, not a Nirvana
@@ -3669,7 +3712,6 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */
}
else {
- /* TODO: do we care about the other cases here? */
nc = 0;
}
}
@@ -3722,16 +3764,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
}
else if(conn->httpversion >= 11 &&
!conn->bits.close) {
- /* If HTTP version is >= 1.1 and connection is persistent
- server supports pipelining. */
+ /* If HTTP version is >= 1.1 and connection is persistent */
DEBUGF(infof(data,
- "HTTP 1.1 or later with persistent connection, "
- "pipelining supported\n"));
- /* Activate pipelining if needed */
- if(conn->bundle) {
- if(!Curl_pipeline_site_blacklisted(data, conn))
- conn->bundle->multiuse = BUNDLE_PIPELINING;
- }
+ "HTTP 1.1 or later with persistent connection\n"));
}
switch(k->httpcode) {
@@ -3816,19 +3851,6 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
data->info.contenttype = contenttype;
}
}
- else if(checkprefix("Server:", k->p)) {
- if(conn->httpversion < 20) {
- /* only do this for non-h2 servers */
- char *server_name = Curl_copy_header_value(k->p);
-
- /* Turn off pipelining if the server version is blacklisted */
- if(conn->bundle && (conn->bundle->multiuse == BUNDLE_PIPELINING)) {
- if(Curl_pipeline_server_blacklisted(data, server_name))
- conn->bundle->multiuse = BUNDLE_NO_MULTIUSE;
- }
- free(server_name);
- }
- }
else if((conn->httpversion == 10) &&
conn->bits.httpproxy &&
Curl_compareheader(k->p,
diff --git a/libs/libcurl/src/http2.c b/libs/libcurl/src/http2.c
index b5c53cdf60..8e7bc217e6 100644
--- a/libs/libcurl/src/http2.c
+++ b/libs/libcurl/src/http2.c
@@ -111,8 +111,6 @@ static int http2_perform_getsock(const struct connectdata *conn,
int bitmap = GETSOCK_BLANK;
(void)numsocks;
- /* TODO We should check underlying socket state if it is SSL socket
- because of renegotiation. */
sock[0] = conn->sock[FIRSTSOCKET];
/* in a HTTP/2 connection we can basically always get a frame so we should
@@ -620,7 +618,7 @@ static int push_promise(struct Curl_easy *data,
/*
* multi_connchanged() is called to tell that there is a connection in
- * this multi handle that has changed state (pipelining become possible, the
+ * this multi handle that has changed state (multiplexing become possible, the
* number of allowed streams changed or similar), and a subsequent use of this
* multi handle should move CONNECT_PEND handles back to CONNECT to have them
* retry.
@@ -970,7 +968,7 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,
char *h;
if(!strcmp(":authority", (const char *)name)) {
- /* psuedo headers are lower case */
+ /* pseudo headers are lower case */
int rc = 0;
char *check = aprintf("%s:%d", conn->host.name, conn->remote_port);
if(!check)
@@ -1847,9 +1845,9 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
const void *mem, size_t len, CURLcode *err)
{
/*
- * BIG TODO: Currently, we send request in this function, but this
- * function is also used to send request body. It would be nice to
- * add dedicated function for request.
+ * Currently, we send request in this function, but this function is also
+ * used to send request body. It would be nice to add dedicated function for
+ * request.
*/
int rv;
struct http_conn *httpc = &conn->proto.httpc;
diff --git a/libs/libcurl/src/http_digest.c b/libs/libcurl/src/http_digest.c
index e2d865b0af..9616c30ed4 100644
--- a/libs/libcurl/src/http_digest.c
+++ b/libs/libcurl/src/http_digest.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -28,6 +28,7 @@
#include "strcase.h"
#include "vauth/vauth.h"
#include "http_digest.h"
+
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
@@ -171,7 +172,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
return CURLE_OK;
}
-void Curl_digest_cleanup(struct Curl_easy *data)
+void Curl_http_auth_cleanup_digest(struct Curl_easy *data)
{
Curl_auth_digest_cleanup(&data->state.digest);
Curl_auth_digest_cleanup(&data->state.proxydigest);
diff --git a/libs/libcurl/src/http_digest.h b/libs/libcurl/src/http_digest.h
index fd225c7c1b..73410ae88e 100644
--- a/libs/libcurl/src/http_digest.h
+++ b/libs/libcurl/src/http_digest.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -23,6 +23,8 @@
***************************************************************************/
#include "curl_setup.h"
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
+
/* this is for digest header input */
CURLcode Curl_input_digest(struct connectdata *conn,
bool proxy, const char *header);
@@ -33,10 +35,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
const unsigned char *request,
const unsigned char *uripath);
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
-void Curl_digest_cleanup(struct Curl_easy *data);
-#else
-#define Curl_digest_cleanup(x) Curl_nop_stmt
-#endif
+void Curl_http_auth_cleanup_digest(struct Curl_easy *data);
+
+#endif /* !CURL_DISABLE_HTTP && !CURL_DISABLE_CRYPTO_AUTH */
#endif /* HEADER_CURL_HTTP_DIGEST_H */
diff --git a/libs/libcurl/src/http_negotiate.c b/libs/libcurl/src/http_negotiate.c
index 9415236fb1..c8f4064449 100644
--- a/libs/libcurl/src/http_negotiate.c
+++ b/libs/libcurl/src/http_negotiate.c
@@ -49,6 +49,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
/* Point to the correct struct with this */
struct negotiatedata *neg_ctx;
+ curlnegotiate state;
if(proxy) {
userp = conn->http_proxy.user;
@@ -57,6 +58,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
host = conn->http_proxy.host.name;
neg_ctx = &conn->proxyneg;
+ state = conn->proxy_negotiate_state;
}
else {
userp = conn->user;
@@ -65,6 +67,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
data->set.str[STRING_SERVICE_NAME] : "HTTP";
host = conn->host.name;
neg_ctx = &conn->negotiate;
+ state = conn->http_negotiate_state;
}
/* Not set means empty */
@@ -82,14 +85,14 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
len = strlen(header);
neg_ctx->havenegdata = len != 0;
if(!len) {
- if(neg_ctx->state == GSS_AUTHSUCC) {
+ if(state == GSS_AUTHSUCC) {
infof(conn->data, "Negotiate auth restarted\n");
- Curl_cleanup_negotiate(conn);
+ Curl_http_auth_cleanup_negotiate(conn);
}
- else if(neg_ctx->state != GSS_AUTHNONE) {
+ else if(state != GSS_AUTHNONE) {
/* The server rejected our authentication and hasn't supplied any more
negotiation mechanisms */
- Curl_cleanup_negotiate(conn);
+ Curl_http_auth_cleanup_negotiate(conn);
return CURLE_LOGIN_DENIED;
}
}
@@ -104,7 +107,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
host, header, neg_ctx);
if(result)
- Curl_auth_spnego_cleanup(neg_ctx);
+ Curl_http_auth_cleanup_negotiate(conn);
return result;
}
@@ -115,6 +118,8 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
&conn->negotiate;
struct auth *authp = proxy ? &conn->data->state.authproxy :
&conn->data->state.authhost;
+ curlnegotiate *state = proxy ? &conn->proxy_negotiate_state :
+ &conn->http_negotiate_state;
char *base64 = NULL;
size_t len = 0;
char *userp;
@@ -122,28 +127,34 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
authp->done = FALSE;
- if(neg_ctx->state == GSS_AUTHRECV) {
+ if(*state == GSS_AUTHRECV) {
if(neg_ctx->havenegdata) {
neg_ctx->havemultiplerequests = TRUE;
}
}
- else if(neg_ctx->state == GSS_AUTHSUCC) {
+ else if(*state == GSS_AUTHSUCC) {
if(!neg_ctx->havenoauthpersist) {
neg_ctx->noauthpersist = !neg_ctx->havemultiplerequests;
}
}
if(neg_ctx->noauthpersist ||
- (neg_ctx->state != GSS_AUTHDONE && neg_ctx->state != GSS_AUTHSUCC)) {
+ (*state != GSS_AUTHDONE && *state != GSS_AUTHSUCC)) {
- if(neg_ctx->noauthpersist && neg_ctx->state == GSS_AUTHSUCC) {
+ if(neg_ctx->noauthpersist && *state == GSS_AUTHSUCC) {
infof(conn->data, "Curl_output_negotiate, "
"no persistent authentication: cleanup existing context");
- Curl_auth_spnego_cleanup(neg_ctx);
+ Curl_http_auth_cleanup_negotiate(conn);
}
if(!neg_ctx->context) {
result = Curl_input_negotiate(conn, proxy, "Negotiate");
- if(result)
+ if(result == CURLE_LOGIN_DENIED) {
+ /* negotiate auth failed, let's continue unauthenticated to stay
+ * compatible with the behavior before curl-7_64_0-158-g6c6035532 */
+ conn->data->state.authproblem = TRUE;
+ return CURLE_OK;
+ }
+ else if(result)
return result;
}
@@ -170,23 +181,23 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
return CURLE_OUT_OF_MEMORY;
}
- neg_ctx->state = GSS_AUTHSENT;
+ *state = GSS_AUTHSENT;
#ifdef HAVE_GSSAPI
if(neg_ctx->status == GSS_S_COMPLETE ||
neg_ctx->status == GSS_S_CONTINUE_NEEDED) {
- neg_ctx->state = GSS_AUTHDONE;
+ *state = GSS_AUTHDONE;
}
#else
#ifdef USE_WINDOWS_SSPI
if(neg_ctx->status == SEC_E_OK ||
neg_ctx->status == SEC_I_CONTINUE_NEEDED) {
- neg_ctx->state = GSS_AUTHDONE;
+ *state = GSS_AUTHDONE;
}
#endif
#endif
}
- if(neg_ctx->state == GSS_AUTHDONE || neg_ctx->state == GSS_AUTHSUCC) {
+ if(*state == GSS_AUTHDONE || *state == GSS_AUTHSUCC) {
/* connection is already authenticated,
* don't send a header in future requests */
authp->done = TRUE;
@@ -197,10 +208,13 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
return CURLE_OK;
}
-void Curl_cleanup_negotiate(struct connectdata *conn)
+void Curl_http_auth_cleanup_negotiate(struct connectdata *conn)
{
- Curl_auth_spnego_cleanup(&conn->negotiate);
- Curl_auth_spnego_cleanup(&conn->proxyneg);
+ conn->http_negotiate_state = GSS_AUTHNONE;
+ conn->proxy_negotiate_state = GSS_AUTHNONE;
+
+ Curl_auth_cleanup_spnego(&conn->negotiate);
+ Curl_auth_cleanup_spnego(&conn->proxyneg);
}
#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
diff --git a/libs/libcurl/src/http_negotiate.h b/libs/libcurl/src/http_negotiate.h
index d4a7f09e09..4f0ac1686a 100644
--- a/libs/libcurl/src/http_negotiate.h
+++ b/libs/libcurl/src/http_negotiate.h
@@ -22,7 +22,7 @@
*
***************************************************************************/
-#ifdef USE_SPNEGO
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
/* this is for Negotiate header input */
CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
@@ -31,8 +31,8 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
/* this is for creating Negotiate header output */
CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy);
-void Curl_cleanup_negotiate(struct connectdata *conn);
+void Curl_http_auth_cleanup_negotiate(struct connectdata *conn);
-#endif /* USE_SPNEGO */
+#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */
#endif /* HEADER_CURL_HTTP_NEGOTIATE_H */
diff --git a/libs/libcurl/src/http_ntlm.c b/libs/libcurl/src/http_ntlm.c
index aaf8a3deb1..e4a4fe05d0 100644
--- a/libs/libcurl/src/http_ntlm.c
+++ b/libs/libcurl/src/http_ntlm.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -68,9 +68,11 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
{
/* point to the correct struct with this */
struct ntlmdata *ntlm;
+ curlntlm *state;
CURLcode result = CURLE_OK;
ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
+ state = proxy ? &conn->proxy_ntlm_state : &conn->http_ntlm_state;
if(checkprefix("NTLM", header)) {
header += strlen("NTLM");
@@ -83,25 +85,25 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
if(result)
return result;
- ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
+ *state = NTLMSTATE_TYPE2; /* We got a type-2 message */
}
else {
- if(ntlm->state == NTLMSTATE_LAST) {
+ if(*state == NTLMSTATE_LAST) {
infof(conn->data, "NTLM auth restarted\n");
- Curl_http_ntlm_cleanup(conn);
+ Curl_http_auth_cleanup_ntlm(conn);
}
- else if(ntlm->state == NTLMSTATE_TYPE3) {
+ else if(*state == NTLMSTATE_TYPE3) {
infof(conn->data, "NTLM handshake rejected\n");
- Curl_http_ntlm_cleanup(conn);
- ntlm->state = NTLMSTATE_NONE;
+ Curl_http_auth_cleanup_ntlm(conn);
+ *state = NTLMSTATE_NONE;
return CURLE_REMOTE_ACCESS_DENIED;
}
- else if(ntlm->state >= NTLMSTATE_TYPE1) {
+ else if(*state >= NTLMSTATE_TYPE1) {
infof(conn->data, "NTLM handshake failure (internal error)\n");
return CURLE_REMOTE_ACCESS_DENIED;
}
- ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
+ *state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
}
}
@@ -129,6 +131,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
/* point to the correct struct with this */
struct ntlmdata *ntlm;
+ curlntlm *state;
struct auth *authp;
DEBUGASSERT(conn);
@@ -147,6 +150,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
conn->data->set.str[STRING_PROXY_SERVICE_NAME] : "HTTP";
hostname = conn->http_proxy.host.name;
ntlm = &conn->proxyntlm;
+ state = &conn->proxy_ntlm_state;
authp = &conn->data->state.authproxy;
}
else {
@@ -157,6 +161,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
conn->data->set.str[STRING_SERVICE_NAME] : "HTTP";
hostname = conn->host.name;
ntlm = &conn->ntlm;
+ state = &conn->http_ntlm_state;
authp = &conn->data->state.authhost;
}
authp->done = FALSE;
@@ -180,7 +185,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
#endif
#endif
- switch(ntlm->state) {
+ switch(*state) {
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
/* Create a type-1 message */
@@ -222,7 +227,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
- ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
+ *state = NTLMSTATE_TYPE3; /* we send a type-3 */
authp->done = TRUE;
}
break;
@@ -230,7 +235,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
case NTLMSTATE_TYPE3:
/* connection is already authenticated,
* don't send a header in future requests */
- ntlm->state = NTLMSTATE_LAST;
+ *state = NTLMSTATE_LAST;
/* FALLTHROUGH */
case NTLMSTATE_LAST:
Curl_safefree(*allocuserpwd);
@@ -241,13 +246,13 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
return CURLE_OK;
}
-void Curl_http_ntlm_cleanup(struct connectdata *conn)
+void Curl_http_auth_cleanup_ntlm(struct connectdata *conn)
{
- Curl_auth_ntlm_cleanup(&conn->ntlm);
- Curl_auth_ntlm_cleanup(&conn->proxyntlm);
+ Curl_auth_cleanup_ntlm(&conn->ntlm);
+ Curl_auth_cleanup_ntlm(&conn->proxyntlm);
#if defined(NTLM_WB_ENABLED)
- Curl_ntlm_wb_cleanup(conn);
+ Curl_http_auth_cleanup_ntlm_wb(conn);
#endif
}
diff --git a/libs/libcurl/src/http_ntlm.h b/libs/libcurl/src/http_ntlm.h
index d186bbe370..003714dbde 100644
--- a/libs/libcurl/src/http_ntlm.h
+++ b/libs/libcurl/src/http_ntlm.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_NTLM_H
-#define HEADER_CURL_NTLM_H
+#ifndef HEADER_CURL_HTTP_NTLM_H
+#define HEADER_CURL_HTTP_NTLM_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -33,8 +33,8 @@ CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy,
/* this is for creating ntlm header output */
CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
-void Curl_http_ntlm_cleanup(struct connectdata *conn);
+void Curl_http_auth_cleanup_ntlm(struct connectdata *conn);
#endif /* !CURL_DISABLE_HTTP && USE_NTLM */
-#endif /* HEADER_CURL_NTLM_H */
+#endif /* HEADER_CURL_HTTP_NTLM_H */
diff --git a/libs/libcurl/src/if2ip.c b/libs/libcurl/src/if2ip.c
index acbcff71e5..d003de6783 100644
--- a/libs/libcurl/src/if2ip.c
+++ b/libs/libcurl/src/if2ip.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -97,7 +97,7 @@ unsigned int Curl_ipv6_scope(const struct sockaddr *sa)
#if defined(HAVE_GETIFADDRS)
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- unsigned int remote_scope_id, const char *interf,
+ unsigned int local_scope_id, const char *interf,
char *buf, int buf_size)
{
struct ifaddrs *iface, *head;
@@ -109,7 +109,7 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
#if !defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) || \
!defined(ENABLE_IPV6)
- (void) remote_scope_id;
+ (void) local_scope_id;
#endif
if(getifaddrs(&head) >= 0) {
@@ -123,7 +123,9 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
char ipstr[64];
#ifdef ENABLE_IPV6
if(af == AF_INET6) {
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
unsigned int scopeid = 0;
+#endif
unsigned int ifscope = Curl_ipv6_scope(iface->ifa_addr);
if(ifscope != remote_scope) {
@@ -143,15 +145,16 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
->sin6_scope_id;
/* If given, scope id should match. */
- if(remote_scope_id && scopeid != remote_scope_id) {
+ if(local_scope_id && scopeid != local_scope_id) {
if(res == IF2IP_NOT_FOUND)
res = IF2IP_AF_NOT_SUPPORTED;
continue;
}
-#endif
+
if(scopeid)
- msnprintf(scope, sizeof(scope), "%%%u", scopeid);
+ msnprintf(scope, sizeof(scope), "%%%u", scopeid);
+#endif
}
else
#endif
@@ -179,7 +182,7 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
#elif defined(HAVE_IOCTL_SIOCGIFADDR)
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- unsigned int remote_scope_id, const char *interf,
+ unsigned int local_scope_id, const char *interf,
char *buf, int buf_size)
{
struct ifreq req;
@@ -189,7 +192,7 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
size_t len;
(void)remote_scope;
- (void)remote_scope_id;
+ (void)local_scope_id;
if(!interf || (af != AF_INET))
return IF2IP_NOT_FOUND;
@@ -225,12 +228,12 @@ if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
#else
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- unsigned int remote_scope_id, const char *interf,
+ unsigned int local_scope_id, const char *interf,
char *buf, int buf_size)
{
(void) af;
(void) remote_scope;
- (void) remote_scope_id;
+ (void) local_scope_id;
(void) interf;
(void) buf;
(void) buf_size;
diff --git a/libs/libcurl/src/if2ip.h b/libs/libcurl/src/if2ip.h
index a11b1c222f..f193d42573 100644
--- a/libs/libcurl/src/if2ip.h
+++ b/libs/libcurl/src/if2ip.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@ typedef enum {
} if2ip_result_t;
if2ip_result_t Curl_if2ip(int af, unsigned int remote_scope,
- unsigned int remote_scope_id, const char *interf,
+ unsigned int local_scope_id, const char *interf,
char *buf, int buf_size);
#ifdef __INTERIX
diff --git a/libs/libcurl/src/imap.c b/libs/libcurl/src/imap.c
index 075b3ad201..bdcc69c67a 100644
--- a/libs/libcurl/src/imap.c
+++ b/libs/libcurl/src/imap.c
@@ -28,6 +28,7 @@
* RFC4959 IMAP Extension for SASL Initial Client Response
* RFC5092 IMAP URL Scheme
* RFC6749 OAuth 2.0 Authorization Framework
+ * RFC8314 Use of TLS for Email Submission and Access
* Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
***************************************************************************/
@@ -1042,7 +1043,7 @@ static CURLcode imap_state_listsearch_resp(struct connectdata *conn,
line[len] = '\0';
}
else if(imapcode != IMAP_RESP_OK)
- result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
+ result = CURLE_QUOTE_ERROR;
else
/* End of DO phase */
state(conn, IMAP_STOP);
@@ -1114,7 +1115,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
if(imapcode != '*') {
Curl_pgrsSetDownloadSize(data, -1);
state(conn, IMAP_STOP);
- return CURLE_REMOTE_FILE_NOT_FOUND; /* TODO: Fix error code */
+ return CURLE_REMOTE_FILE_NOT_FOUND;
}
/* Something like this is received "* 1 FETCH (BODY[TEXT] {2021}\r" so parse
@@ -1491,12 +1492,7 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
state(conn, IMAP_APPEND_FINAL);
}
- /* Run the state-machine
-
- TODO: when the multi interface is used, this _really_ should be using
- the imap_multi_statemach function but we have no general support for
- non-blocking DONE operations!
- */
+ /* Run the state-machine */
if(!result)
result = imap_block_statemach(conn, FALSE);
}
@@ -1794,7 +1790,7 @@ static char *imap_atom(const char *str, bool escape_only)
return NULL;
/* Look for "atom-specials", counting the backslash and quote characters as
- these will need escapping */
+ these will need escaping */
p1 = str;
while(*p1) {
if(*p1 == '\\')
diff --git a/libs/libcurl/src/inet_pton.c b/libs/libcurl/src/inet_pton.c
index fef9610d1e..0d65ae0ec7 100644
--- a/libs/libcurl/src/inet_pton.c
+++ b/libs/libcurl/src/inet_pton.c
@@ -153,7 +153,7 @@ inet_pton6(const char *src, unsigned char *dst)
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
- const char *xdigits, *curtok;
+ const char *curtok;
int ch, saw_xdigit;
size_t val;
@@ -168,6 +168,7 @@ inet_pton6(const char *src, unsigned char *dst)
saw_xdigit = 0;
val = 0;
while((ch = *src++) != '\0') {
+ const char *xdigits;
const char *pch;
pch = strchr((xdigits = xdigits_l), ch);
diff --git a/libs/libcurl/src/ldap.c b/libs/libcurl/src/ldap.c
index 79dc2f2ed8..fd31faa3e7 100644
--- a/libs/libcurl/src/ldap.c
+++ b/libs/libcurl/src/ldap.c
@@ -1069,8 +1069,6 @@ static int _ldap_url_parse(const struct connectdata *conn,
static void _ldap_free_urldesc(LDAPURLDesc *ludp)
{
- size_t i;
-
if(!ludp)
return;
@@ -1078,6 +1076,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp)
free(ludp->lud_filter);
if(ludp->lud_attrs) {
+ size_t i;
for(i = 0; i < ludp->lud_attrs_dups; i++)
free(ludp->lud_attrs[i]);
free(ludp->lud_attrs);
diff --git a/libs/libcurl/src/libcurl.plist b/libs/libcurl/src/libcurl.plist
index 7d005b7955..8e7624a1c2 100644
--- a/libs/libcurl/src/libcurl.plist
+++ b/libs/libcurl/src/libcurl.plist
@@ -15,7 +15,7 @@
<string>se.haxx.curl.libcurl</string>
<key>CFBundleVersion</key>
- <string>7.64.1</string>
+ <string>7.65.0</string>
<key>CFBundleName</key>
<string>libcurl</string>
@@ -27,9 +27,9 @@
<string>????</string>
<key>CFBundleShortVersionString</key>
- <string>libcurl 7.64.1</string>
+ <string>libcurl 7.65.0</string>
<key>CFBundleGetInfoString</key>
- <string>libcurl.plist 7.64.1</string>
+ <string>libcurl.plist 7.65.0</string>
</dict>
</plist>
diff --git a/libs/libcurl/src/md4.c b/libs/libcurl/src/md4.c
index 4691904be4..e7c77bc36e 100644
--- a/libs/libcurl/src/md4.c
+++ b/libs/libcurl/src/md4.c
@@ -38,9 +38,11 @@
#include "curl_setup.h"
-/* The NSS, OS/400 and sometimes mbed TLS crypto libraries do not provide the
- * MD4 hash algorithm, so we have a local implementation of it */
+/* The NSS, OS/400, and when not included, OpenSSL and mbed TLS crypto
+ * libraries do not provide the MD4 hash algorithm, so we use this
+ * implementation of it */
#if defined(USE_NSS) || defined(USE_OS400CRYPTO) || \
+ (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) || \
(defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C))
#include "curl_md4.h"
@@ -113,7 +115,6 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
{
const unsigned char *ptr;
MD4_u32plus a, b, c, d;
- MD4_u32plus saved_a, saved_b, saved_c, saved_d;
ptr = (const unsigned char *)data;
@@ -123,6 +124,8 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
d = ctx->d;
do {
+ MD4_u32plus saved_a, saved_b, saved_c, saved_d;
+
saved_a = a;
saved_b = b;
saved_c = c;
@@ -130,59 +133,59 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
/* Round 1 */
STEP(F, a, b, c, d, SET(0), 3)
- STEP(F, d, a, b, c, SET(1), 7)
- STEP(F, c, d, a, b, SET(2), 11)
- STEP(F, b, c, d, a, SET(3), 19)
- STEP(F, a, b, c, d, SET(4), 3)
- STEP(F, d, a, b, c, SET(5), 7)
- STEP(F, c, d, a, b, SET(6), 11)
- STEP(F, b, c, d, a, SET(7), 19)
- STEP(F, a, b, c, d, SET(8), 3)
- STEP(F, d, a, b, c, SET(9), 7)
- STEP(F, c, d, a, b, SET(10), 11)
- STEP(F, b, c, d, a, SET(11), 19)
- STEP(F, a, b, c, d, SET(12), 3)
- STEP(F, d, a, b, c, SET(13), 7)
- STEP(F, c, d, a, b, SET(14), 11)
- STEP(F, b, c, d, a, SET(15), 19)
+ STEP(F, d, a, b, c, SET(1), 7)
+ STEP(F, c, d, a, b, SET(2), 11)
+ STEP(F, b, c, d, a, SET(3), 19)
+ STEP(F, a, b, c, d, SET(4), 3)
+ STEP(F, d, a, b, c, SET(5), 7)
+ STEP(F, c, d, a, b, SET(6), 11)
+ STEP(F, b, c, d, a, SET(7), 19)
+ STEP(F, a, b, c, d, SET(8), 3)
+ STEP(F, d, a, b, c, SET(9), 7)
+ STEP(F, c, d, a, b, SET(10), 11)
+ STEP(F, b, c, d, a, SET(11), 19)
+ STEP(F, a, b, c, d, SET(12), 3)
+ STEP(F, d, a, b, c, SET(13), 7)
+ STEP(F, c, d, a, b, SET(14), 11)
+ STEP(F, b, c, d, a, SET(15), 19)
/* Round 2 */
- STEP(G, a, b, c, d, GET(0) + 0x5a827999, 3)
- STEP(G, d, a, b, c, GET(4) + 0x5a827999, 5)
- STEP(G, c, d, a, b, GET(8) + 0x5a827999, 9)
- STEP(G, b, c, d, a, GET(12) + 0x5a827999, 13)
- STEP(G, a, b, c, d, GET(1) + 0x5a827999, 3)
- STEP(G, d, a, b, c, GET(5) + 0x5a827999, 5)
- STEP(G, c, d, a, b, GET(9) + 0x5a827999, 9)
- STEP(G, b, c, d, a, GET(13) + 0x5a827999, 13)
- STEP(G, a, b, c, d, GET(2) + 0x5a827999, 3)
- STEP(G, d, a, b, c, GET(6) + 0x5a827999, 5)
- STEP(G, c, d, a, b, GET(10) + 0x5a827999, 9)
- STEP(G, b, c, d, a, GET(14) + 0x5a827999, 13)
- STEP(G, a, b, c, d, GET(3) + 0x5a827999, 3)
- STEP(G, d, a, b, c, GET(7) + 0x5a827999, 5)
- STEP(G, c, d, a, b, GET(11) + 0x5a827999, 9)
- STEP(G, b, c, d, a, GET(15) + 0x5a827999, 13)
+ STEP(G, a, b, c, d, GET(0) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(4) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(8) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(12) + 0x5a827999, 13)
+ STEP(G, a, b, c, d, GET(1) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(5) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(9) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(13) + 0x5a827999, 13)
+ STEP(G, a, b, c, d, GET(2) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(6) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(10) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(14) + 0x5a827999, 13)
+ STEP(G, a, b, c, d, GET(3) + 0x5a827999, 3)
+ STEP(G, d, a, b, c, GET(7) + 0x5a827999, 5)
+ STEP(G, c, d, a, b, GET(11) + 0x5a827999, 9)
+ STEP(G, b, c, d, a, GET(15) + 0x5a827999, 13)
/* Round 3 */
- STEP(H, a, b, c, d, GET(0) + 0x6ed9eba1, 3)
- STEP(H, d, a, b, c, GET(8) + 0x6ed9eba1, 9)
- STEP(H, c, d, a, b, GET(4) + 0x6ed9eba1, 11)
- STEP(H, b, c, d, a, GET(12) + 0x6ed9eba1, 15)
- STEP(H, a, b, c, d, GET(2) + 0x6ed9eba1, 3)
- STEP(H, d, a, b, c, GET(10) + 0x6ed9eba1, 9)
- STEP(H, c, d, a, b, GET(6) + 0x6ed9eba1, 11)
- STEP(H, b, c, d, a, GET(14) + 0x6ed9eba1, 15)
- STEP(H, a, b, c, d, GET(1) + 0x6ed9eba1, 3)
- STEP(H, d, a, b, c, GET(9) + 0x6ed9eba1, 9)
- STEP(H, c, d, a, b, GET(5) + 0x6ed9eba1, 11)
- STEP(H, b, c, d, a, GET(13) + 0x6ed9eba1, 15)
- STEP(H, a, b, c, d, GET(3) + 0x6ed9eba1, 3)
- STEP(H, d, a, b, c, GET(11) + 0x6ed9eba1, 9)
- STEP(H, c, d, a, b, GET(7) + 0x6ed9eba1, 11)
- STEP(H, b, c, d, a, GET(15) + 0x6ed9eba1, 15)
-
- a += saved_a;
+ STEP(H, a, b, c, d, GET(0) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(8) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(4) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(12) + 0x6ed9eba1, 15)
+ STEP(H, a, b, c, d, GET(2) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(10) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(6) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(14) + 0x6ed9eba1, 15)
+ STEP(H, a, b, c, d, GET(1) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(9) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(5) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(13) + 0x6ed9eba1, 15)
+ STEP(H, a, b, c, d, GET(3) + 0x6ed9eba1, 3)
+ STEP(H, d, a, b, c, GET(11) + 0x6ed9eba1, 9)
+ STEP(H, c, d, a, b, GET(7) + 0x6ed9eba1, 11)
+ STEP(H, b, c, d, a, GET(15) + 0x6ed9eba1, 15)
+
+ a += saved_a;
b += saved_b;
c += saved_c;
d += saved_d;
@@ -212,7 +215,7 @@ static void MD4_Init(MD4_CTX *ctx)
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
{
MD4_u32plus saved_lo;
- unsigned long used, available;
+ unsigned long used;
saved_lo = ctx->lo;
ctx->lo = (saved_lo + size) & 0x1fffffff;
@@ -223,7 +226,7 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
used = saved_lo & 0x3f;
if(used) {
- available = 64 - used;
+ unsigned long available = 64 - used;
if(size < available) {
memcpy(&ctx->buffer[used], data, size);
@@ -304,5 +307,7 @@ void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
MD4_Update(&ctx, input, curlx_uztoui(len));
MD4_Final(output, &ctx);
}
+
#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) ||
+ (defined(USE_OPENSSL) && defined(OPENSSL_NO_MD4)) ||
(defined(USE_MBEDTLS) && !defined(MBEDTLS_MD4_C)) */
diff --git a/libs/libcurl/src/md5.c b/libs/libcurl/src/md5.c
index db4cc2656f..2b81ca455a 100644
--- a/libs/libcurl/src/md5.c
+++ b/libs/libcurl/src/md5.c
@@ -39,19 +39,19 @@
typedef struct md5_ctx MD5_CTX;
-static void MD5_Init(MD5_CTX * ctx)
+static void MD5_Init(MD5_CTX *ctx)
{
md5_init(ctx);
}
-static void MD5_Update(MD5_CTX * ctx,
+static void MD5_Update(MD5_CTX *ctx,
const unsigned char *input,
unsigned int inputLen)
{
md5_update(ctx, inputLen, input);
}
-static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
+static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
{
md5_digest(ctx, 16, digest);
}
@@ -65,19 +65,19 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
typedef gcry_md_hd_t MD5_CTX;
-static void MD5_Init(MD5_CTX * ctx)
+static void MD5_Init(MD5_CTX *ctx)
{
gcry_md_open(ctx, GCRY_MD_MD5, 0);
}
-static void MD5_Update(MD5_CTX * ctx,
+static void MD5_Update(MD5_CTX *ctx,
const unsigned char *input,
unsigned int inputLen)
{
gcry_md_write(*ctx, input, inputLen);
}
-static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
+static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
{
memcpy(digest, gcry_md_read(*ctx, 0), 16);
gcry_md_close(*ctx);
@@ -124,7 +124,7 @@ static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
CC_MD5_Final(digest, ctx);
}
-#elif defined(_WIN32) && !defined(CURL_WINDOWS_APP)
+#elif defined(WIN32) && !defined(CURL_WINDOWS_APP)
#include <wincrypt.h>
#include "curl_memory.h"
@@ -275,7 +275,6 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
{
const unsigned char *ptr;
MD5_u32plus a, b, c, d;
- MD5_u32plus saved_a, saved_b, saved_c, saved_d;
ptr = (const unsigned char *)data;
@@ -285,6 +284,8 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
d = ctx->d;
do {
+ MD5_u32plus saved_a, saved_b, saved_c, saved_d;
+
saved_a = a;
saved_b = b;
saved_c = c;
@@ -292,77 +293,77 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
/* Round 1 */
STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7)
- STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
- STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
- STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
- STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
- STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
- STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
- STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
- STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
- STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
- STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
- STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
- STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
- STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
- STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
- STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
+ STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12)
+ STEP(F, c, d, a, b, SET(2), 0x242070db, 17)
+ STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22)
+ STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7)
+ STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12)
+ STEP(F, c, d, a, b, SET(6), 0xa8304613, 17)
+ STEP(F, b, c, d, a, SET(7), 0xfd469501, 22)
+ STEP(F, a, b, c, d, SET(8), 0x698098d8, 7)
+ STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12)
+ STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17)
+ STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22)
+ STEP(F, a, b, c, d, SET(12), 0x6b901122, 7)
+ STEP(F, d, a, b, c, SET(13), 0xfd987193, 12)
+ STEP(F, c, d, a, b, SET(14), 0xa679438e, 17)
+ STEP(F, b, c, d, a, SET(15), 0x49b40821, 22)
/* Round 2 */
- STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
- STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
- STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
- STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
- STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
- STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
- STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
- STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
- STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
- STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
- STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
- STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
- STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
- STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
- STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
- STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
+ STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5)
+ STEP(G, d, a, b, c, GET(6), 0xc040b340, 9)
+ STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14)
+ STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20)
+ STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5)
+ STEP(G, d, a, b, c, GET(10), 0x02441453, 9)
+ STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14)
+ STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20)
+ STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5)
+ STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9)
+ STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14)
+ STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20)
+ STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5)
+ STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9)
+ STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14)
+ STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20)
/* Round 3 */
- STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
- STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11)
- STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
- STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23)
- STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
- STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11)
- STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
- STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23)
- STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
- STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11)
- STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
- STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23)
- STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
- STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11)
- STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
- STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23)
+ STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4)
+ STEP(H2, d, a, b, c, GET(8), 0x8771f681, 11)
+ STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16)
+ STEP(H2, b, c, d, a, GET(14), 0xfde5380c, 23)
+ STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4)
+ STEP(H2, d, a, b, c, GET(4), 0x4bdecfa9, 11)
+ STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16)
+ STEP(H2, b, c, d, a, GET(10), 0xbebfbc70, 23)
+ STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4)
+ STEP(H2, d, a, b, c, GET(0), 0xeaa127fa, 11)
+ STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16)
+ STEP(H2, b, c, d, a, GET(6), 0x04881d05, 23)
+ STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4)
+ STEP(H2, d, a, b, c, GET(12), 0xe6db99e5, 11)
+ STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16)
+ STEP(H2, b, c, d, a, GET(2), 0xc4ac5665, 23)
/* Round 4 */
- STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
- STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
- STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
- STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
- STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
- STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
- STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
- STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
- STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
- STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
- STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
- STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
- STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
- STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
- STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
- STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
-
- a += saved_a;
+ STEP(I, a, b, c, d, GET(0), 0xf4292244, 6)
+ STEP(I, d, a, b, c, GET(7), 0x432aff97, 10)
+ STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15)
+ STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21)
+ STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6)
+ STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10)
+ STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15)
+ STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21)
+ STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6)
+ STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10)
+ STEP(I, c, d, a, b, GET(6), 0xa3014314, 15)
+ STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21)
+ STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6)
+ STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10)
+ STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15)
+ STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21)
+
+ a += saved_a;
b += saved_b;
c += saved_c;
d += saved_d;
@@ -392,7 +393,7 @@ static void MD5_Init(MD5_CTX *ctx)
static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
{
MD5_u32plus saved_lo;
- unsigned long used, available;
+ unsigned long used;
saved_lo = ctx->lo;
ctx->lo = (saved_lo + size) & 0x1fffffff;
@@ -403,7 +404,7 @@ static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
used = saved_lo & 0x3f;
if(used) {
- available = 64 - used;
+ unsigned long available = 64 - used;
if(size < available) {
memcpy(&ctx->buffer[used], data, size);
@@ -545,23 +546,23 @@ MD5_context *Curl_MD5_init(const MD5_params *md5params)
return ctxt;
}
-int Curl_MD5_update(MD5_context *context,
- const unsigned char *data,
- unsigned int len)
+CURLcode Curl_MD5_update(MD5_context *context,
+ const unsigned char *data,
+ unsigned int len)
{
(*context->md5_hash->md5_update_func)(context->md5_hashctx, data, len);
- return 0;
+ return CURLE_OK;
}
-int Curl_MD5_final(MD5_context *context, unsigned char *result)
+CURLcode Curl_MD5_final(MD5_context *context, unsigned char *result)
{
(*context->md5_hash->md5_final_func)(result, context->md5_hashctx);
free(context->md5_hashctx);
free(context);
- return 0;
+ return CURLE_OK;
}
#endif /* CURL_DISABLE_CRYPTO_AUTH */
diff --git a/libs/libcurl/src/memdebug.c b/libs/libcurl/src/memdebug.c
index e3ac8edf74..ede60094bb 100644
--- a/libs/libcurl/src/memdebug.c
+++ b/libs/libcurl/src/memdebug.c
@@ -114,8 +114,8 @@ void curl_dbg_memdebug(const char *logname)
curl_dbg_logfile = stderr;
#ifdef MEMDEBUG_LOG_SYNC
/* Flush the log file after every line so the log isn't lost in a crash */
- if(logfile)
- setbuf(logfile, (char *)NULL);
+ if(curl_dbg_logfile)
+ setbuf(curl_dbg_logfile, (char *)NULL);
#endif
}
}
@@ -306,9 +306,8 @@ void *curl_dbg_realloc(void *ptr, size_t wantedsize,
void curl_dbg_free(void *ptr, int line, const char *source)
{
- struct memdebug *mem;
-
if(ptr) {
+ struct memdebug *mem;
#ifdef __INTEL_COMPILER
# pragma warning(push)
diff --git a/libs/libcurl/src/mime.c b/libs/libcurl/src/mime.c
index 48147d4f59..2135f72c25 100644
--- a/libs/libcurl/src/mime.c
+++ b/libs/libcurl/src/mime.c
@@ -29,8 +29,8 @@
#include "urldata.h"
#include "sendf.h"
-#if !defined(CURL_DISABLE_HTTP) || !defined(CURL_DISABLE_SMTP) || \
- !defined(CURL_DISABLE_IMAP)
+#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_MIME)) || \
+ !defined(CURL_DISABLE_SMTP) || !defined(CURL_DISABLE_IMAP)
#if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME)
#include <libgen.h>
@@ -821,8 +821,10 @@ static size_t readback_part(curl_mimepart *part,
struct curl_slist *hdr = (struct curl_slist *) part->state.ptr;
switch(part->state.state) {
case MIMESTATE_BEGIN:
- mimesetstate(&part->state, part->flags & MIME_BODY_ONLY? MIMESTATE_BODY:
- MIMESTATE_CURLHEADERS, part->curlheaders);
+ mimesetstate(&part->state,
+ (part->flags & MIME_BODY_ONLY)?
+ MIMESTATE_BODY: MIMESTATE_CURLHEADERS,
+ part->curlheaders);
break;
case MIMESTATE_USERHEADERS:
if(!hdr) {
@@ -1899,72 +1901,4 @@ CURLcode curl_mime_headers(curl_mimepart *part,
return CURLE_NOT_BUILT_IN;
}
-void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy)
-{
- (void) part;
- (void) easy;
-}
-
-void Curl_mime_cleanpart(curl_mimepart *part)
-{
- (void) part;
-}
-
-CURLcode Curl_mime_duppart(curl_mimepart *dst, const curl_mimepart *src)
-{
- (void) dst;
- (void) src;
- return CURLE_OK; /* Nothing to duplicate: always succeed. */
-}
-
-CURLcode Curl_mime_set_subparts(curl_mimepart *part,
- curl_mime *subparts, int take_ownership)
-{
- (void) part;
- (void) subparts;
- (void) take_ownership;
- return CURLE_NOT_BUILT_IN;
-}
-
-CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
- const char *contenttype,
- const char *disposition,
- enum mimestrategy strategy)
-{
- (void) part;
- (void) contenttype;
- (void) disposition;
- (void) strategy;
- return CURLE_NOT_BUILT_IN;
-}
-
-curl_off_t Curl_mime_size(curl_mimepart *part)
-{
- (void) part;
- return (curl_off_t) -1;
-}
-
-size_t Curl_mime_read(char *buffer, size_t size, size_t nitems, void *instream)
-{
- (void) buffer;
- (void) size;
- (void) nitems;
- (void) instream;
- return 0;
-}
-
-CURLcode Curl_mime_rewind(curl_mimepart *part)
-{
- (void) part;
- return CURLE_NOT_BUILT_IN;
-}
-
-/* VARARGS2 */
-CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...)
-{
- (void) slp;
- (void) fmt;
- return CURLE_NOT_BUILT_IN;
-}
-
-#endif /* !CURL_DISABLE_HTTP || !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */
+#endif /* if disabled */
diff --git a/libs/libcurl/src/mime.h b/libs/libcurl/src/mime.h
index 0721c8ca45..4c9a5fb71f 100644
--- a/libs/libcurl/src/mime.h
+++ b/libs/libcurl/src/mime.h
@@ -22,6 +22,8 @@
*
***************************************************************************/
+#include "curl_setup.h"
+
#define MIME_RAND_BOUNDARY_CHARS 16 /* Nb. of random boundary chars. */
#define MAX_ENCODED_LINE_LENGTH 76 /* Maximum encoded line length. */
#define ENCODING_BUFFER_SIZE 256 /* Encoding temp buffers size. */
@@ -69,7 +71,7 @@ enum mimestrategy {
typedef struct {
const char * name; /* Encoding name. */
size_t (*encodefunc)(char *buffer, size_t size, bool ateof,
- curl_mimepart *part); /* Encoded read. */
+ curl_mimepart *part); /* Encoded read. */
curl_off_t (*sizefunc)(curl_mimepart *part); /* Encoded size. */
} mime_encoder;
@@ -125,6 +127,8 @@ struct curl_mimepart_s {
mime_encoder_state encstate; /* Data encoder state. */
};
+#if (!defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_MIME)) || \
+ !defined(CURL_DISABLE_SMTP) || !defined(CURL_DISABLE_IMAP)
/* Prototypes. */
void Curl_mime_initpart(curl_mimepart *part, struct Curl_easy *easy);
@@ -143,4 +147,18 @@ CURLcode Curl_mime_rewind(curl_mimepart *part);
CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...);
const char *Curl_mime_contenttype(const char *filename);
+#else
+/* if disabled */
+#define Curl_mime_initpart(x,y)
+#define Curl_mime_cleanpart(x)
+#define Curl_mime_duppart(x,y) CURLE_OK /* Nothing to duplicate. Succeed */
+#define Curl_mime_set_subparts(a,b,c) CURLE_NOT_BUILT_IN
+#define Curl_mime_prepare_headers(a,b,c,d) CURLE_NOT_BUILT_IN
+#define Curl_mime_size(x) (curl_off_t) -1
+#define Curl_mime_read NULL
+#define Curl_mime_rewind(x) ((void)x, CURLE_NOT_BUILT_IN)
+#define Curl_mime_add_header(x,y,...) CURLE_NOT_BUILT_IN
+#endif
+
+
#endif /* HEADER_CURL_MIME_H */
diff --git a/libs/libcurl/src/multi.c b/libs/libcurl/src/multi.c
index cc16924a3c..c7c46eefc9 100644
--- a/libs/libcurl/src/multi.c
+++ b/libs/libcurl/src/multi.c
@@ -41,7 +41,6 @@
#include "speedcheck.h"
#include "conncache.h"
#include "multihandle.h"
-#include "pipeline.h"
#include "sigpipe.h"
#include "vtls/vtls.h"
#include "connect.h"
@@ -92,12 +91,10 @@ static const char * const statename[]={
"WAITPROXYCONNECT",
"SENDPROTOCONNECT",
"PROTOCONNECT",
- "WAITDO",
"DO",
"DOING",
"DO_MORE",
"DO_DONE",
- "WAITPERFORM",
"PERFORM",
"TOOFAST",
"DONE",
@@ -136,12 +133,10 @@ static void mstate(struct Curl_easy *data, CURLMstate state
NULL, /* WAITPROXYCONNECT */
NULL, /* SENDPROTOCONNECT */
NULL, /* PROTOCONNECT */
- NULL, /* WAITDO */
Curl_connect_free, /* DO */
NULL, /* DOING */
NULL, /* DO_MORE */
NULL, /* DO_DONE */
- NULL, /* WAITPERFORM */
NULL, /* PERFORM */
NULL, /* TOOFAST */
NULL, /* DONE */
@@ -349,9 +344,6 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */
Curl_llist_init(&multi->msglist, multi_freeamsg);
Curl_llist_init(&multi->pending, multi_freeamsg);
- multi->max_pipeline_length = 5;
- multi->pipelining = CURLPIPE_MULTIPLEX;
-
/* -1 means it not set by user, use the default value */
multi->maxconnects = -1;
return multi;
@@ -408,19 +400,9 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
/* set the easy handle */
multistate(data, CURLM_STATE_INIT);
- if((data->set.global_dns_cache) &&
- (data->dns.hostcachetype != HCACHE_GLOBAL)) {
- /* global dns cache was requested but still isn't */
- struct curl_hash *global = Curl_global_host_cache_init();
- if(global) {
- /* only do this if the global cache init works */
- data->dns.hostcache = global;
- data->dns.hostcachetype = HCACHE_GLOBAL;
- }
- }
/* for multi interface connections, we share DNS cache automatically if the
easy handle's one is currently not set. */
- else if(!data->dns.hostcache ||
+ if(!data->dns.hostcache ||
(data->dns.hostcachetype == HCACHE_NONE)) {
data->dns.hostcache = &multi->hostcache;
data->dns.hostcachetype = HCACHE_MULTI;
@@ -440,12 +422,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
data->psl = &multi->psl;
#endif
- /* This adds the new entry at the 'end' of the doubly-linked circular
- list of Curl_easy structs to try and maintain a FIFO queue so
- the pipelined requests are in order. */
-
- /* We add this new entry last in the list. */
-
+ /* We add the new entry last in the list. */
data->next = NULL; /* end of the line */
if(multi->easyp) {
struct Curl_easy *last = multi->easylp;
@@ -497,8 +474,6 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi,
data->set.server_response_timeout;
data->state.conn_cache->closure_handle->set.no_signal =
data->set.no_signal;
- data->state.conn_cache->closure_handle->set.verbose =
- data->set.verbose;
update_timer(multi);
return CURLM_OK;
@@ -538,8 +513,6 @@ static CURLcode multi_done(struct Curl_easy *data,
/* Stop the resolver and free its own resources (but not dns_entry yet). */
Curl_resolver_kill(conn);
- Curl_getoff_all_pipelines(data, conn);
-
/* Cleanup possible redirect junk */
Curl_safefree(data->req.newurl);
Curl_safefree(data->req.location);
@@ -573,12 +546,12 @@ static CURLcode multi_done(struct Curl_easy *data,
process_pending_handles(data->multi); /* connection / multiplex */
- if(conn->send_pipe.size || conn->recv_pipe.size) {
- /* Stop if pipeline is not empty . */
- detach_connnection(data);
- DEBUGF(infof(data, "Connection still in use %zu/%zu, "
+ detach_connnection(data);
+ if(CONN_INUSE(conn)) {
+ /* Stop if still used. */
+ DEBUGF(infof(data, "Connection still in use %zu, "
"no more multi_done now!\n",
- conn->send_pipe.size, conn->recv_pipe.size));
+ conn->easyq.size));
return CURLE_OK;
}
@@ -615,12 +588,12 @@ static CURLcode multi_done(struct Curl_easy *data,
if((data->set.reuse_forbid
#if defined(USE_NTLM)
- && !(conn->ntlm.state == NTLMSTATE_TYPE2 ||
- conn->proxyntlm.state == NTLMSTATE_TYPE2)
+ && !(conn->http_ntlm_state == NTLMSTATE_TYPE2 ||
+ conn->proxy_ntlm_state == NTLMSTATE_TYPE2)
#endif
#if defined(USE_SPNEGO)
- && !(conn->negotiate.state == GSS_AUTHRECV ||
- conn->proxyneg.state == GSS_AUTHRECV)
+ && !(conn->http_negotiate_state == GSS_AUTHRECV ||
+ conn->proxy_negotiate_state == GSS_AUTHRECV)
#endif
) || conn->bits.close
|| (premature && !(conn->handler->flags & PROTOPT_STREAM))) {
@@ -652,7 +625,6 @@ static CURLcode multi_done(struct Curl_easy *data,
data->state.lastconnect = NULL;
}
- detach_connnection(data);
Curl_free_request_state(data);
return result;
}
@@ -698,9 +670,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
/* Set connection owner so that the DONE function closes it. We can
safely do this here since connection is killed. */
data->conn->data = easy;
- /* If the handle is in a pipeline and has started sending off its
- request but not received its response yet, we need to close
- connection. */
streamclose(data->conn, "Removed with partial response");
easy_owns_conn = TRUE;
}
@@ -723,9 +692,6 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
nothing really useful to do with it anyway! */
(void)multi_done(data, data->result, premature);
}
- else
- /* Clear connection pipelines, if multi_done above was not called */
- Curl_getoff_all_pipelines(data, data->conn);
}
if(data->connect_queue.ptr)
@@ -803,16 +769,19 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi,
return CURLM_OK;
}
-/* Return TRUE if the application asked for a certain set of pipelining */
-bool Curl_pipeline_wanted(const struct Curl_multi *multi, int bits)
+/* Return TRUE if the application asked for multiplexing */
+bool Curl_multiplex_wanted(const struct Curl_multi *multi)
{
- return (multi && (multi->pipelining & bits)) ? TRUE : FALSE;
+ return (multi && (multi->multiplexing));
}
/* This is the only function that should clear data->conn. This will
occasionally be called with the pointer already cleared. */
static void detach_connnection(struct Curl_easy *data)
{
+ struct connectdata *conn = data->conn;
+ if(conn)
+ Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL);
data->conn = NULL;
}
@@ -821,7 +790,10 @@ void Curl_attach_connnection(struct Curl_easy *data,
struct connectdata *conn)
{
DEBUGASSERT(!data->conn);
+ DEBUGASSERT(conn);
data->conn = conn;
+ Curl_llist_insert_next(&conn->easyq, conn->easyq.tail, data,
+ &data->conn_queue);
}
static int waitconnect_getsock(struct connectdata *conn,
@@ -935,7 +907,6 @@ static int multi_getsock(struct Curl_easy *data,
to waiting for the same as the *PERFORM
states */
case CURLM_STATE_PERFORM:
- case CURLM_STATE_WAITPERFORM:
return Curl_single_getsock(data->conn, socks, numsocks);
}
@@ -1203,7 +1174,7 @@ CURLMcode Curl_multi_add_perform(struct Curl_multi *multi,
* do_complete is called when the DO actions are complete.
*
* We init chunking and trailer bits to their default values here immediately
- * before receiving any header data for the current request in the pipeline.
+ * before receiving any header data for the current request.
*/
static void do_complete(struct connectdata *conn)
{
@@ -1216,6 +1187,9 @@ static CURLcode multi_do(struct Curl_easy *data, bool *done)
CURLcode result = CURLE_OK;
struct connectdata *conn = data->conn;
+ DEBUGASSERT(conn);
+ DEBUGASSERT(conn->handler);
+
if(conn->handler->do_it) {
/* generic protocol-specific function pointer set in curl_connect() */
result = conn->handler->do_it(conn, done);
@@ -1232,8 +1206,6 @@ static CURLcode multi_do(struct Curl_easy *data, bool *done)
* second stage DO state which (wrongly) was introduced to support FTP's
* second connection.
*
- * TODO: A future libcurl should be able to work away this state.
- *
* 'complete' can return 0 for incomplete, 1 for done and -1 for go back to
* DOING state there's more work to do!
*/
@@ -1266,7 +1238,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
bool done = FALSE;
CURLMcode rc;
CURLcode result = CURLE_OK;
- struct SingleRequest *k;
timediff_t timeout_ms;
timediff_t recv_timeout_ms;
timediff_t send_timeout_ms;
@@ -1293,7 +1264,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(multi_ischanged(multi, TRUE)) {
DEBUGF(infof(data, "multi changed, check CONNECT_PEND queue!\n"));
- process_pending_handles(multi); /* pipelined/multiplexed */
+ process_pending_handles(multi); /* multiplexed */
}
if(data->conn && data->mstate > CURLM_STATE_CONNECT &&
@@ -1308,7 +1279,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* we need to wait for the connect state as only then is the start time
stored, but we must not check already completed handles */
timeout_ms = Curl_timeleft(data, &now,
- (data->mstate <= CURLM_STATE_WAITDO)?
+ (data->mstate <= CURLM_STATE_DO)?
TRUE:FALSE);
if(timeout_ms < 0) {
@@ -1322,7 +1293,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
" milliseconds",
Curl_timediff(now, data->progress.t_startsingle));
else {
- k = &data->req;
+ struct SingleRequest *k = &data->req;
if(k->size != -1) {
failf(data, "Operation timed out after %" CURL_FORMAT_TIMEDIFF_T
" milliseconds with %" CURL_FORMAT_CURL_OFF_T " out of %"
@@ -1390,33 +1361,31 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
result = CURLE_OK;
break;
}
+ else if(data->state.previouslypending) {
+ /* this transfer comes from the pending queue so try move another */
+ infof(data, "Transfer was pending, now try another\n");
+ process_pending_handles(data->multi);
+ }
if(!result) {
- /* Add this handle to the send or pend pipeline */
- result = Curl_add_handle_to_pipeline(data, data->conn);
- if(result)
- stream_error = TRUE;
+ if(async)
+ /* We're now waiting for an asynchronous name lookup */
+ multistate(data, CURLM_STATE_WAITRESOLVE);
else {
- if(async)
- /* We're now waiting for an asynchronous name lookup */
- multistate(data, CURLM_STATE_WAITRESOLVE);
- else {
- /* after the connect has been sent off, go WAITCONNECT unless the
- protocol connect is already done and we can go directly to
- WAITDO or DO! */
- rc = CURLM_CALL_MULTI_PERFORM;
+ /* after the connect has been sent off, go WAITCONNECT unless the
+ protocol connect is already done and we can go directly to
+ WAITDO or DO! */
+ rc = CURLM_CALL_MULTI_PERFORM;
- if(protocol_connect)
- multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
- CURLM_STATE_WAITDO:CURLM_STATE_DO);
- else {
+ if(protocol_connect)
+ multistate(data, CURLM_STATE_DO);
+ else {
#ifndef CURL_DISABLE_HTTP
- if(Curl_connect_ongoing(data->conn))
- multistate(data, CURLM_STATE_WAITPROXYCONNECT);
- else
+ if(Curl_connect_ongoing(data->conn))
+ multistate(data, CURLM_STATE_WAITPROXYCONNECT);
+ else
#endif
- multistate(data, CURLM_STATE_WAITCONNECT);
- }
+ multistate(data, CURLM_STATE_WAITCONNECT);
}
}
}
@@ -1429,6 +1398,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
struct connectdata *conn = data->conn;
const char *hostname;
+ DEBUGASSERT(conn);
if(conn->bits.httpproxy)
hostname = conn->http_proxy.host.name;
else if(conn->bits.conn_to_host)
@@ -1467,13 +1437,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(result)
/* if Curl_once_resolved() returns failure, the connection struct
is already freed and gone */
- detach_connnection(data); /* no more connection */
+ data->conn = NULL; /* no more connection */
else {
/* call again please so that we get the next socket setup */
rc = CURLM_CALL_MULTI_PERFORM;
if(protocol_connect)
- multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
- CURLM_STATE_WAITDO:CURLM_STATE_DO);
+ multistate(data, CURLM_STATE_DO);
else {
#ifndef CURL_DISABLE_HTTP
if(Curl_connect_ongoing(data->conn))
@@ -1496,6 +1465,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
#ifndef CURL_DISABLE_HTTP
case CURLM_STATE_WAITPROXYCONNECT:
/* this is HTTP-specific, but sending CONNECT to a proxy is HTTP... */
+ DEBUGASSERT(data->conn);
result = Curl_http_connect(data->conn, &protocol_connect);
if(data->conn->bits.proxy_connect_closed) {
@@ -1521,6 +1491,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_WAITCONNECT:
/* awaiting a completion of an asynch TCP connect */
+ DEBUGASSERT(data->conn);
result = Curl_is_connected(data->conn, FIRSTSOCKET, &connected);
if(connected && !result) {
#ifndef CURL_DISABLE_HTTP
@@ -1552,8 +1523,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
multistate(data, CURLM_STATE_PROTOCONNECT);
else if(!result) {
/* protocol connect has completed, go WAITDO or DO */
- multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
- CURLM_STATE_WAITDO:CURLM_STATE_DO);
+ multistate(data, CURLM_STATE_DO);
rc = CURLM_CALL_MULTI_PERFORM;
}
else if(result) {
@@ -1569,8 +1539,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
result = Curl_protocol_connecting(data->conn, &protocol_connect);
if(!result && protocol_connect) {
/* after the connect has completed, go WAITDO or DO */
- multistate(data, Curl_pipeline_wanted(multi, CURLPIPE_HTTP1)?
- CURLM_STATE_WAITDO:CURLM_STATE_DO);
+ multistate(data, CURLM_STATE_DO);
rc = CURLM_CALL_MULTI_PERFORM;
}
else if(result) {
@@ -1581,15 +1550,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
break;
- case CURLM_STATE_WAITDO:
- /* Wait for our turn to DO when we're pipelining requests */
- if(Curl_pipeline_checkget_write(data, data->conn)) {
- /* Grabbed the channel */
- multistate(data, CURLM_STATE_DO);
- rc = CURLM_CALL_MULTI_PERFORM;
- }
- break;
-
case CURLM_STATE_DO:
if(data->set.connect_only) {
/* keep connection open for application to use the socket */
@@ -1606,6 +1566,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(!result) {
if(!dophase_done) {
+#ifndef CURL_DISABLE_FTP
/* some steps needed for wildcard matching */
if(data->state.wildcardmatch) {
struct WildcardData *wc = &data->wildcard;
@@ -1617,6 +1578,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
break;
}
}
+#endif
/* DO was not completed in one function call, we must continue
DOING... */
multistate(data, CURLM_STATE_DOING);
@@ -1696,6 +1658,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
case CURLM_STATE_DOING:
/* we continue DOING until the DO phase is complete */
+ DEBUGASSERT(data->conn);
result = Curl_protocol_doing(data->conn,
&dophase_done);
if(!result) {
@@ -1719,10 +1682,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/*
* When we are connected, DO MORE and then go DO_DONE
*/
+ DEBUGASSERT(data->conn);
result = multi_do_more(data->conn, &control);
- /* No need to remove this handle from the send pipeline here since that
- is done in multi_done() */
if(!result) {
if(control) {
/* if positive, advance to DO_DONE
@@ -1745,38 +1707,30 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
break;
case CURLM_STATE_DO_DONE:
- /* Move ourselves from the send to recv pipeline */
- Curl_move_handle_from_send_to_recv_pipe(data, data->conn);
-
- if(data->conn->bits.multiplex || data->conn->send_pipe.size)
+ DEBUGASSERT(data->conn);
+ if(data->conn->bits.multiplex)
/* Check if we can move pending requests to send pipe */
- process_pending_handles(multi); /* pipelined/multiplexed */
+ process_pending_handles(multi); /* multiplexed */
/* Only perform the transfer if there's a good socket to work with.
Having both BAD is a signal to skip immediately to DONE */
if((data->conn->sockfd != CURL_SOCKET_BAD) ||
(data->conn->writesockfd != CURL_SOCKET_BAD))
- multistate(data, CURLM_STATE_WAITPERFORM);
+ multistate(data, CURLM_STATE_PERFORM);
else {
+#ifndef CURL_DISABLE_FTP
if(data->state.wildcardmatch &&
((data->conn->handler->flags & PROTOPT_WILDCARD) == 0)) {
- data->wildcard.state = CURLWC_DONE;
+ data->wildcard.state = CURLWC_DONE;
}
+#endif
multistate(data, CURLM_STATE_DONE);
}
rc = CURLM_CALL_MULTI_PERFORM;
break;
- case CURLM_STATE_WAITPERFORM:
- /* Wait for our turn to PERFORM */
- if(Curl_pipeline_checkget_read(data, data->conn)) {
- /* Grabbed the channel */
- multistate(data, CURLM_STATE_PERFORM);
- rc = CURLM_CALL_MULTI_PERFORM;
- }
- break;
-
case CURLM_STATE_TOOFAST: /* limit-rate exceeded in either direction */
+ DEBUGASSERT(data->conn);
/* if both rates are within spec, resume transfer */
if(Curl_pgrsUpdate(data->conn))
result = CURLE_ABORTED_BY_CALLBACK;
@@ -1850,18 +1804,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* read/write data if it is ready to do so */
result = Curl_readwrite(data->conn, data, &done, &comeback);
- k = &data->req;
-
- if(!(k->keepon & KEEP_RECV)) {
- /* We're done receiving */
- Curl_pipeline_leave_read(data->conn);
- }
-
- if(!(k->keepon & KEEP_SEND)) {
- /* We're done sending */
- Curl_pipeline_leave_write(data->conn);
- }
-
if(done || (result == CURLE_RECV_ERROR)) {
/* If CURLE_RECV_ERROR happens early enough, we assume it was a race
* condition and the server closed the re-used connection exactly when
@@ -1881,23 +1823,25 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
}
else if((CURLE_HTTP2_STREAM == result) &&
- Curl_h2_http_1_1_error(data->conn)) {
+ Curl_h2_http_1_1_error(data->conn)) {
CURLcode ret = Curl_retry_request(data->conn, &newurl);
- infof(data, "Forcing HTTP/1.1 for NTLM");
- data->set.httpversion = CURL_HTTP_VERSION_1_1;
-
- if(!ret)
- retry = (newurl)?TRUE:FALSE;
- else
- result = ret;
-
- if(retry) {
- /* if we are to retry, set the result to OK and consider the
- request as done */
+ if(!ret) {
+ infof(data, "Downgrades to HTTP/1.1!\n");
+ data->set.httpversion = CURL_HTTP_VERSION_1_1;
+ /* clear the error message bit too as we ignore the one we got */
+ data->state.errorbuf = FALSE;
+ if(!newurl)
+ /* typically for HTTP_1_1_REQUIRED error on first flight */
+ newurl = strdup(data->change.url);
+ /* if we are to retry, set the result to OK and consider the request
+ as done */
+ retry = TRUE;
result = CURLE_OK;
done = TRUE;
}
+ else
+ result = ret;
}
if(result) {
@@ -1922,13 +1866,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* call this even if the readwrite function returned error */
Curl_posttransfer(data);
- /* we're no longer receiving */
- Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe);
-
- /* expire the new receiving pipeline head */
- if(data->conn->recv_pipe.head)
- Curl_expire(data->conn->recv_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
-
/* When we follow redirects or is set to retry the connection, we must
to go back to the CONNECT state */
if(data->req.newurl || retry) {
@@ -1942,13 +1879,12 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
}
else
follow = FOLLOW_RETRY;
- result = multi_done(data, CURLE_OK, FALSE);
+ (void)multi_done(data, CURLE_OK, FALSE);
+ /* multi_done() might return CURLE_GOT_NOTHING */
+ result = Curl_follow(data, newurl, follow);
if(!result) {
- result = Curl_follow(data, newurl, follow);
- if(!result) {
- multistate(data, CURLM_STATE_CONNECT);
- rc = CURLM_CALL_MULTI_PERFORM;
- }
+ multistate(data, CURLM_STATE_CONNECT);
+ rc = CURLM_CALL_MULTI_PERFORM;
}
free(newurl);
}
@@ -1987,12 +1923,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
if(data->conn) {
CURLcode res;
- /* Remove ourselves from the receive pipeline, if we are there. */
- Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe);
-
- if(data->conn->bits.multiplex || data->conn->send_pipe.size)
+ if(data->conn->bits.multiplex)
/* Check if we can move pending requests to connection */
- process_pending_handles(multi); /* pipelined/multiplexing */
+ process_pending_handles(multi); /* multiplexing */
/* post-transfer command */
res = multi_done(data, result, FALSE);
@@ -2002,7 +1935,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
result = res;
/*
- * If there are other handles on the pipeline, multi_done won't set
+ * If there are other handles on the connection, multi_done won't set
* conn to NULL. In such a case, curl_multi_remove_handle() can
* access free'd data, if the connection is free'd and the handle
* removed before we perform the processing in CURLM_STATE_COMPLETED
@@ -2011,6 +1944,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
detach_connnection(data);
}
+#ifndef CURL_DISABLE_FTP
if(data->state.wildcardmatch) {
if(data->wildcard.state != CURLWC_DONE) {
/* if a wildcard is set and we are not ending -> lets start again
@@ -2019,7 +1953,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
break;
}
}
-
+#endif
/* after we have DONE what we're supposed to do, go COMPLETED, and
it doesn't matter what the multi_done() returned! */
multistate(data, CURLM_STATE_COMPLETED);
@@ -2051,12 +1985,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
process_pending_handles(multi); /* connection */
if(data->conn) {
- /* if this has a connection, unsubscribe from the pipelines */
- Curl_pipeline_leave_write(data->conn);
- Curl_pipeline_leave_read(data->conn);
- Curl_removeHandleFromPipeline(data, &data->conn->send_pipe);
- Curl_removeHandleFromPipeline(data, &data->conn->recv_pipe);
-
if(stream_error) {
/* Don't attempt to send data over a connection that timed out */
bool dead_connection = result == CURLE_OPERATION_TIMEDOUT;
@@ -2217,12 +2145,6 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi)
Curl_hash_destroy(&multi->hostcache);
Curl_psl_destroy(&multi->psl);
-
- /* Free the blacklists by setting them to NULL */
- (void)Curl_pipeline_set_site_blacklist(NULL, &multi->pipelining_site_bl);
- (void)Curl_pipeline_set_server_blacklist(NULL,
- &multi->pipelining_server_bl);
-
free(multi);
return CURLM_OK;
@@ -2575,19 +2497,6 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
/* bad bad bad bad bad bad bad */
return CURLM_INTERNAL_ERROR;
- /* If the pipeline is enabled, take the handle which is in the head of
- the pipeline. If we should write into the socket, take the
- send_pipe head. If we should read from the socket, take the
- recv_pipe head. */
- if(data->conn) {
- if((ev_bitmask & CURL_POLL_OUT) &&
- data->conn->send_pipe.head)
- data = data->conn->send_pipe.head->ptr;
- else if((ev_bitmask & CURL_POLL_IN) &&
- data->conn->recv_pipe.head)
- data = data->conn->recv_pipe.head->ptr;
- }
-
if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK))
/* set socket event bitmask if they're not locked */
data->conn->cselect_bits = ev_bitmask;
@@ -2694,7 +2603,7 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi,
multi->push_userp = va_arg(param, void *);
break;
case CURLMOPT_PIPELINING:
- multi->pipelining = va_arg(param, long) & CURLPIPE_MULTIPLEX;
+ multi->multiplexing = va_arg(param, long) & CURLPIPE_MULTIPLEX;
break;
case CURLMOPT_TIMERFUNCTION:
multi->timer_cb = va_arg(param, curl_multi_timer_callback);
@@ -2708,25 +2617,19 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi,
case CURLMOPT_MAX_HOST_CONNECTIONS:
multi->max_host_connections = va_arg(param, long);
break;
+ case CURLMOPT_MAX_TOTAL_CONNECTIONS:
+ multi->max_total_connections = va_arg(param, long);
+ break;
+ /* options formerly used for pipelining */
case CURLMOPT_MAX_PIPELINE_LENGTH:
- multi->max_pipeline_length = va_arg(param, long);
break;
case CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE:
- multi->content_length_penalty_size = va_arg(param, long);
break;
case CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE:
- multi->chunk_length_penalty_size = va_arg(param, long);
break;
case CURLMOPT_PIPELINING_SITE_BL:
- res = Curl_pipeline_set_site_blacklist(va_arg(param, char **),
- &multi->pipelining_site_bl);
break;
case CURLMOPT_PIPELINING_SERVER_BL:
- res = Curl_pipeline_set_server_blacklist(va_arg(param, char **),
- &multi->pipelining_server_bl);
- break;
- case CURLMOPT_MAX_TOTAL_CONNECTIONS:
- multi->max_total_connections = va_arg(param, long);
break;
default:
res = CURLM_UNKNOWN_OPTION;
@@ -3079,24 +2982,20 @@ size_t Curl_multi_max_total_connections(struct Curl_multi *multi)
return multi ? multi->max_total_connections : 0;
}
-curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi)
-{
- return multi ? multi->content_length_penalty_size : 0;
-}
-
-curl_off_t Curl_multi_chunk_length_penalty_size(struct Curl_multi *multi)
-{
- return multi ? multi->chunk_length_penalty_size : 0;
-}
+/*
+ * When information about a connection has appeared, call this!
+ */
-struct curl_llist *Curl_multi_pipelining_site_bl(struct Curl_multi *multi)
+void Curl_multiuse_state(struct connectdata *conn,
+ int bundlestate) /* use BUNDLE_* defines */
{
- return &multi->pipelining_site_bl;
-}
+ DEBUGASSERT(conn);
+ DEBUGASSERT(conn->bundle);
+ DEBUGASSERT(conn->data);
+ DEBUGASSERT(conn->data->multi);
-struct curl_llist *Curl_multi_pipelining_server_bl(struct Curl_multi *multi)
-{
- return &multi->pipelining_server_bl;
+ conn->bundle->multiuse = bundlestate;
+ process_pending_handles(conn->data->multi);
}
static void process_pending_handles(struct Curl_multi *multi)
@@ -3114,6 +3013,9 @@ static void process_pending_handles(struct Curl_multi *multi)
/* Make sure that the handle will be processed soonish. */
Curl_expire(data, 0, EXPIRE_RUN_NOW);
+
+ /* mark this as having been in the pending queue */
+ data->state.previouslypending = TRUE;
}
}
@@ -3157,8 +3059,8 @@ void Curl_multi_dump(struct Curl_multi *multi)
continue;
}
fprintf(stderr, "[%s %s] ",
- entry->action&CURL_POLL_IN?"RECVING":"",
- entry->action&CURL_POLL_OUT?"SENDING":"");
+ (entry->action&CURL_POLL_IN)?"RECVING":"",
+ (entry->action&CURL_POLL_OUT)?"SENDING":"");
}
if(data->numsocks)
fprintf(stderr, "\n");
diff --git a/libs/libcurl/src/multihandle.h b/libs/libcurl/src/multihandle.h
index ea2bf352df..279379ae0f 100644
--- a/libs/libcurl/src/multihandle.h
+++ b/libs/libcurl/src/multihandle.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -46,18 +46,16 @@ typedef enum {
CURLM_STATE_SENDPROTOCONNECT, /* 6 - initiate protocol connect procedure */
CURLM_STATE_PROTOCONNECT, /* 7 - completing the protocol-specific connect
phase */
- CURLM_STATE_WAITDO, /* 8 - wait for our turn to send the request */
- CURLM_STATE_DO, /* 9 - start send off the request (part 1) */
- CURLM_STATE_DOING, /* 10 - sending off the request (part 1) */
- CURLM_STATE_DO_MORE, /* 11 - send off the request (part 2) */
- CURLM_STATE_DO_DONE, /* 12 - done sending off request */
- CURLM_STATE_WAITPERFORM, /* 13 - wait for our turn to read the response */
- CURLM_STATE_PERFORM, /* 14 - transfer data */
- CURLM_STATE_TOOFAST, /* 15 - wait because limit-rate exceeded */
- CURLM_STATE_DONE, /* 16 - post data transfer operation */
- CURLM_STATE_COMPLETED, /* 17 - operation complete */
- CURLM_STATE_MSGSENT, /* 18 - the operation complete message is sent */
- CURLM_STATE_LAST /* 19 - not a true state, never use this */
+ CURLM_STATE_DO, /* 8 - start send off the request (part 1) */
+ CURLM_STATE_DOING, /* 9 - sending off the request (part 1) */
+ CURLM_STATE_DO_MORE, /* 10 - send off the request (part 2) */
+ CURLM_STATE_DO_DONE, /* 11 - done sending off request */
+ CURLM_STATE_PERFORM, /* 12 - transfer data */
+ CURLM_STATE_TOOFAST, /* 13 - wait because limit-rate exceeded */
+ CURLM_STATE_DONE, /* 14 - post data transfer operation */
+ CURLM_STATE_COMPLETED, /* 15 - operation complete */
+ CURLM_STATE_MSGSENT, /* 16 - the operation complete message is sent */
+ CURLM_STATE_LAST /* 17 - not a true state, never use this */
} CURLMstate;
/* we support N sockets per easy handle. Set the corresponding bit to what
@@ -66,7 +64,7 @@ typedef enum {
#define GETSOCK_READABLE (0x00ff)
#define GETSOCK_WRITABLE (0xff00)
-#define CURLPIPE_ANY (CURLPIPE_HTTP1 | CURLPIPE_MULTIPLEX)
+#define CURLPIPE_ANY (CURLPIPE_MULTIPLEX)
/* This is the struct known as CURLM on the outside */
struct Curl_multi {
@@ -112,8 +110,8 @@ struct Curl_multi {
same actual socket) */
struct curl_hash sockhash;
- /* pipelining wanted bits (CURLPIPE*) */
- long pipelining;
+ /* multiplexing wanted */
+ bool multiplexing;
bool recheckstate; /* see Curl_multi_connchanged */
@@ -129,24 +127,6 @@ struct Curl_multi {
long max_total_connections; /* if >0, a fixed limit of the maximum number
of connections in total */
- long max_pipeline_length; /* if >0, maximum number of requests in a
- pipeline */
-
- long content_length_penalty_size; /* a connection with a
- content-length bigger than
- this is not considered
- for pipelining */
-
- long chunk_length_penalty_size; /* a connection with a chunk length
- bigger than this is not
- considered for pipelining */
-
- struct curl_llist pipelining_site_bl; /* List of sites that are blacklisted
- from pipelining */
-
- struct curl_llist pipelining_server_bl; /* List of server types that are
- blacklisted from pipelining */
-
/* timer callback and user data pointer for the *socket() API */
curl_multi_timer_callback timer_cb;
void *timer_userp;
diff --git a/libs/libcurl/src/multiif.h b/libs/libcurl/src/multiif.h
index ed35ef4275..e8a5e7062d 100644
--- a/libs/libcurl/src/multiif.h
+++ b/libs/libcurl/src/multiif.h
@@ -30,10 +30,10 @@ void Curl_updatesocket(struct Curl_easy *data);
void Curl_expire(struct Curl_easy *data, time_t milli, expire_id);
void Curl_expire_clear(struct Curl_easy *data);
void Curl_expire_done(struct Curl_easy *data, expire_id id);
-bool Curl_pipeline_wanted(const struct Curl_multi* multi, int bits);
void Curl_detach_connnection(struct Curl_easy *data);
void Curl_attach_connnection(struct Curl_easy *data,
struct connectdata *conn);
+bool Curl_multiplex_wanted(const struct Curl_multi *multi);
void Curl_set_in_callback(struct Curl_easy *data, bool value);
bool Curl_is_in_callback(struct Curl_easy *easy);
@@ -64,22 +64,11 @@ void Curl_multi_dump(struct Curl_multi *multi);
/* Return the value of the CURLMOPT_MAX_HOST_CONNECTIONS option */
size_t Curl_multi_max_host_connections(struct Curl_multi *multi);
-/* Return the value of the CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE option */
-curl_off_t Curl_multi_content_length_penalty_size(struct Curl_multi *multi);
-
-/* Return the value of the CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE option */
-curl_off_t Curl_multi_chunk_length_penalty_size(struct Curl_multi *multi);
-
-/* Return the value of the CURLMOPT_PIPELINING_SITE_BL option */
-struct curl_llist *Curl_multi_pipelining_site_bl(struct Curl_multi *multi);
-
-/* Return the value of the CURLMOPT_PIPELINING_SERVER_BL option */
-struct curl_llist *Curl_multi_pipelining_server_bl(struct Curl_multi *multi);
-
/* Return the value of the CURLMOPT_MAX_TOTAL_CONNECTIONS option */
size_t Curl_multi_max_total_connections(struct Curl_multi *multi);
-void Curl_multi_connchanged(struct Curl_multi *multi);
+void Curl_multiuse_state(struct connectdata *conn,
+ int bundlestate); /* use BUNDLE_* defines */
/*
* Curl_multi_closed()
diff --git a/libs/libcurl/src/netrc.c b/libs/libcurl/src/netrc.c
index aba355b760..1bd998f9c5 100644
--- a/libs/libcurl/src/netrc.c
+++ b/libs/libcurl/src/netrc.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -21,6 +21,7 @@
***************************************************************************/
#include "curl_setup.h"
+#ifndef CURL_DISABLE_NETRC
#ifdef HAVE_PWD_H
#include <pwd.h>
@@ -240,3 +241,5 @@ int Curl_parsenetrc(const char *host,
return retcode;
}
+
+#endif
diff --git a/libs/libcurl/src/netrc.h b/libs/libcurl/src/netrc.h
index fe3dc357ec..7f56c4b4d6 100644
--- a/libs/libcurl/src/netrc.h
+++ b/libs/libcurl/src/netrc.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,6 +22,9 @@
*
***************************************************************************/
+#include "curl_setup.h"
+#ifndef CURL_DISABLE_NETRC
+
/* returns -1 on failure, 0 if the host is found, 1 is the host isn't found */
int Curl_parsenetrc(const char *host,
char **loginp,
@@ -34,5 +37,9 @@ int Curl_parsenetrc(const char *host,
* section in the netrc.
* If (*loginp)[0] != 0, search for password within machine and login.
*/
+#else
+/* disabled */
+#define Curl_parsenetrc(a,b,c,d,e,f) 1
+#endif
#endif /* HEADER_CURL_NETRC_H */
diff --git a/libs/libcurl/src/openldap.c b/libs/libcurl/src/openldap.c
index a98c50b460..eeab2c7a78 100644
--- a/libs/libcurl/src/openldap.c
+++ b/libs/libcurl/src/openldap.c
@@ -196,9 +196,6 @@ static CURLcode ldap_setup_connection(struct connectdata *conn)
li->proto = proto;
conn->proto.generic = li;
connkeep(conn, "OpenLDAP default");
- /* TODO:
- * - provide option to choose SASL Binds instead of Simple
- */
return CURLE_OK;
}
@@ -510,8 +507,6 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
lr->nument++;
rc = ldap_get_dn_ber(li->ld, ent, &ber, &bv);
if(rc < 0) {
- /* TODO: verify that this is really how this return code should be
- handled */
*err = CURLE_RECV_ERROR;
return -1;
}
diff --git a/libs/libcurl/src/parsedate.c b/libs/libcurl/src/parsedate.c
index 3d3c00b4f1..7ae5eb8cde 100644
--- a/libs/libcurl/src/parsedate.c
+++ b/libs/libcurl/src/parsedate.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -82,20 +82,6 @@
#include "warnless.h"
#include "parsedate.h"
-const char * const Curl_wkday[] =
-{"Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"};
-static const char * const weekday[] =
-{ "Monday", "Tuesday", "Wednesday", "Thursday",
- "Friday", "Saturday", "Sunday" };
-const char * const Curl_month[]=
-{ "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
-struct tzinfo {
- char name[5];
- int offset; /* +/- in minutes */
-};
-
/*
* parsedate()
*
@@ -114,6 +100,22 @@ static int parsedate(const char *date, time_t *output);
#define PARSEDATE_LATER 1
#define PARSEDATE_SOONER 2
+#ifndef CURL_DISABLE_PARSEDATE
+
+const char * const Curl_wkday[] =
+{"Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"};
+static const char * const weekday[] =
+{ "Monday", "Tuesday", "Wednesday", "Thursday",
+ "Friday", "Saturday", "Sunday" };
+const char * const Curl_month[]=
+{ "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
+
+struct tzinfo {
+ char name[5];
+ int offset; /* +/- in minutes */
+};
+
/* Here's a bunch of frequently used time zone names. These were supported
by the old getdate parser. */
#define tDAYZONE -60 /* offset for daylight savings time */
@@ -555,6 +557,15 @@ static int parsedate(const char *date, time_t *output)
return PARSEDATE_OK;
}
+#else
+/* disabled */
+static int parsedate(const char *date, time_t *output)
+{
+ (void)date;
+ *output = 0;
+ return PARSEDATE_OK; /* a lie */
+}
+#endif
time_t curl_getdate(const char *p, const time_t *now)
{
diff --git a/libs/libcurl/src/pipeline.c b/libs/libcurl/src/pipeline.c
deleted file mode 100644
index 8de3babd78..0000000000
--- a/libs/libcurl/src/pipeline.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2013, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2013 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#include "curl_setup.h"
-
-#include <curl/curl.h>
-
-#include "urldata.h"
-#include "url.h"
-#include "progress.h"
-#include "multiif.h"
-#include "pipeline.h"
-#include "sendf.h"
-#include "strcase.h"
-
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-struct site_blacklist_entry {
- struct curl_llist_element list;
- unsigned short port;
- char hostname[1];
-};
-
-static void site_blacklist_llist_dtor(void *user, void *element)
-{
- struct site_blacklist_entry *entry = element;
- (void)user;
- free(entry);
-}
-
-static void server_blacklist_llist_dtor(void *user, void *element)
-{
- (void)user;
- free(element);
-}
-
-bool Curl_pipeline_penalized(struct Curl_easy *data,
- struct connectdata *conn)
-{
- if(data) {
- bool penalized = FALSE;
- curl_off_t penalty_size =
- Curl_multi_content_length_penalty_size(data->multi);
- curl_off_t chunk_penalty_size =
- Curl_multi_chunk_length_penalty_size(data->multi);
- curl_off_t recv_size = -2; /* Make it easy to spot in the log */
-
- /* Find the head of the recv pipe, if any */
- if(conn->recv_pipe.head) {
- struct Curl_easy *recv_handle = conn->recv_pipe.head->ptr;
-
- recv_size = recv_handle->req.size;
-
- if(penalty_size > 0 && recv_size > penalty_size)
- penalized = TRUE;
- }
-
- if(chunk_penalty_size > 0 &&
- (curl_off_t)conn->chunk.datasize > chunk_penalty_size)
- penalized = TRUE;
-
- infof(data, "Conn: %ld (%p) Receive pipe weight: (%"
- CURL_FORMAT_CURL_OFF_T "/%" CURL_FORMAT_CURL_OFF_T
- "), penalized: %s\n",
- conn->connection_id, (void *)conn, recv_size,
- conn->chunk.datasize, penalized?"TRUE":"FALSE");
- return penalized;
- }
- return FALSE;
-}
-
-static CURLcode addHandleToPipeline(struct Curl_easy *data,
- struct curl_llist *pipeline)
-{
- Curl_llist_insert_next(pipeline, pipeline->tail, data,
- &data->pipeline_queue);
- return CURLE_OK;
-}
-
-
-CURLcode Curl_add_handle_to_pipeline(struct Curl_easy *handle,
- struct connectdata *conn)
-{
- struct curl_llist_element *sendhead = conn->send_pipe.head;
- struct curl_llist *pipeline;
- CURLcode result;
-
- pipeline = &conn->send_pipe;
-
- result = addHandleToPipeline(handle, pipeline);
- if((conn->bundle->multiuse == BUNDLE_PIPELINING) &&
- (pipeline == &conn->send_pipe && sendhead != conn->send_pipe.head)) {
- /* this is a new one as head, expire it */
- Curl_pipeline_leave_write(conn); /* not in use yet */
- Curl_expire(conn->send_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
- }
-
-#if 0 /* enable for pipeline debugging */
- print_pipeline(conn);
-#endif
-
- return result;
-}
-
-/* Move this transfer from the sending list to the receiving list.
-
- Pay special attention to the new sending list "leader" as it needs to get
- checked to update what sockets it acts on.
-
-*/
-void Curl_move_handle_from_send_to_recv_pipe(struct Curl_easy *handle,
- struct connectdata *conn)
-{
- struct curl_llist_element *curr;
-
- curr = conn->send_pipe.head;
- while(curr) {
- if(curr->ptr == handle) {
- Curl_llist_move(&conn->send_pipe, curr,
- &conn->recv_pipe, conn->recv_pipe.tail);
-
- if(conn->send_pipe.head) {
- /* Since there's a new easy handle at the start of the send pipeline,
- set its timeout value to 1ms to make it trigger instantly */
- Curl_pipeline_leave_write(conn); /* not used now */
-#ifdef DEBUGBUILD
- infof(conn->data, "%p is at send pipe head B!\n",
- (void *)conn->send_pipe.head->ptr);
-#endif
- Curl_expire(conn->send_pipe.head->ptr, 0, EXPIRE_RUN_NOW);
- }
-
- /* The receiver's list is not really interesting here since either this
- handle is now first in the list and we'll deal with it soon, or
- another handle is already first and thus is already taken care of */
-
- break; /* we're done! */
- }
- curr = curr->next;
- }
-}
-
-bool Curl_pipeline_site_blacklisted(struct Curl_easy *handle,
- struct connectdata *conn)
-{
- if(handle->multi) {
- struct curl_llist *blacklist =
- Curl_multi_pipelining_site_bl(handle->multi);
-
- if(blacklist) {
- struct curl_llist_element *curr;
-
- curr = blacklist->head;
- while(curr) {
- struct site_blacklist_entry *site;
-
- site = curr->ptr;
- if(strcasecompare(site->hostname, conn->host.name) &&
- site->port == conn->remote_port) {
- infof(handle, "Site %s:%d is pipeline blacklisted\n",
- conn->host.name, conn->remote_port);
- return TRUE;
- }
- curr = curr->next;
- }
- }
- }
- return FALSE;
-}
-
-CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
- struct curl_llist *list)
-{
- /* Free the old list */
- if(list->size)
- Curl_llist_destroy(list, NULL);
-
- if(sites) {
- Curl_llist_init(list, (curl_llist_dtor) site_blacklist_llist_dtor);
-
- /* Parse the URLs and populate the list */
- while(*sites) {
- char *port;
- struct site_blacklist_entry *entry;
-
- entry = malloc(sizeof(struct site_blacklist_entry) + strlen(*sites));
- if(!entry) {
- Curl_llist_destroy(list, NULL);
- return CURLM_OUT_OF_MEMORY;
- }
- strcpy(entry->hostname, *sites);
-
- port = strchr(entry->hostname, ':');
- if(port) {
- *port = '\0';
- port++;
- entry->port = (unsigned short)strtol(port, NULL, 10);
- }
- else {
- /* Default port number for HTTP */
- entry->port = 80;
- }
-
- Curl_llist_insert_next(list, list->tail, entry, &entry->list);
- sites++;
- }
- }
-
- return CURLM_OK;
-}
-
-struct blacklist_node {
- struct curl_llist_element list;
- char server_name[1];
-};
-
-bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle,
- char *server_name)
-{
- if(handle->multi && server_name) {
- struct curl_llist *list =
- Curl_multi_pipelining_server_bl(handle->multi);
-
- struct curl_llist_element *e = list->head;
- while(e) {
- struct blacklist_node *bl = (struct blacklist_node *)e;
- if(strncasecompare(bl->server_name, server_name,
- strlen(bl->server_name))) {
- infof(handle, "Server %s is blacklisted\n", server_name);
- return TRUE;
- }
- e = e->next;
- }
-
- DEBUGF(infof(handle, "Server %s is not blacklisted\n", server_name));
- }
- return FALSE;
-}
-
-CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
- struct curl_llist *list)
-{
- /* Free the old list */
- if(list->size)
- Curl_llist_destroy(list, NULL);
-
- if(servers) {
- Curl_llist_init(list, (curl_llist_dtor) server_blacklist_llist_dtor);
-
- /* Parse the URLs and populate the list */
- while(*servers) {
- struct blacklist_node *n;
- size_t len = strlen(*servers);
-
- n = malloc(sizeof(struct blacklist_node) + len);
- if(!n) {
- Curl_llist_destroy(list, NULL);
- return CURLM_OUT_OF_MEMORY;
- }
- strcpy(n->server_name, *servers);
-
- Curl_llist_insert_next(list, list->tail, n, &n->list);
- servers++;
- }
- }
-
-
- return CURLM_OK;
-}
-
-static bool pipe_head(struct Curl_easy *data,
- struct curl_llist *pipeline)
-{
- if(pipeline) {
- struct curl_llist_element *curr = pipeline->head;
- if(curr)
- return (curr->ptr == data) ? TRUE : FALSE;
- }
- return FALSE;
-}
-
-/* returns TRUE if the given handle is head of the recv pipe */
-bool Curl_recvpipe_head(struct Curl_easy *data,
- struct connectdata *conn)
-{
- return pipe_head(data, &conn->recv_pipe);
-}
-
-/* returns TRUE if the given handle is head of the send pipe */
-bool Curl_sendpipe_head(struct Curl_easy *data,
- struct connectdata *conn)
-{
- return pipe_head(data, &conn->send_pipe);
-}
-
-
-/*
- * Check if the write channel is available and this handle as at the head,
- * then grab the channel and return TRUE.
- *
- * If not available, return FALSE.
- */
-
-bool Curl_pipeline_checkget_write(struct Curl_easy *data,
- struct connectdata *conn)
-{
- if(conn->bits.multiplex)
- /* when multiplexing, we can use it at once */
- return TRUE;
-
- if(!conn->writechannel_inuse && Curl_sendpipe_head(data, conn)) {
- /* Grab the channel */
- conn->writechannel_inuse = TRUE;
- return TRUE;
- }
- return FALSE;
-}
-
-
-/*
- * Check if the read channel is available and this handle as at the head, then
- * grab the channel and return TRUE.
- *
- * If not available, return FALSE.
- */
-
-bool Curl_pipeline_checkget_read(struct Curl_easy *data,
- struct connectdata *conn)
-{
- if(conn->bits.multiplex)
- /* when multiplexing, we can use it at once */
- return TRUE;
-
- if(!conn->readchannel_inuse && Curl_recvpipe_head(data, conn)) {
- /* Grab the channel */
- conn->readchannel_inuse = TRUE;
- return TRUE;
- }
- return FALSE;
-}
-
-/*
- * The current user of the pipeline write channel gives it up.
- */
-void Curl_pipeline_leave_write(struct connectdata *conn)
-{
- conn->writechannel_inuse = FALSE;
-}
-
-/*
- * The current user of the pipeline read channel gives it up.
- */
-void Curl_pipeline_leave_read(struct connectdata *conn)
-{
- conn->readchannel_inuse = FALSE;
-}
-
-
-#if 0
-void print_pipeline(struct connectdata *conn)
-{
- struct curl_llist_element *curr;
- struct connectbundle *cb_ptr;
- struct Curl_easy *data = conn->data;
-
- cb_ptr = conn->bundle;
-
- if(cb_ptr) {
- curr = cb_ptr->conn_list->head;
- while(curr) {
- conn = curr->ptr;
- infof(data, "- Conn %ld (%p) send_pipe: %zu, recv_pipe: %zu\n",
- conn->connection_id,
- (void *)conn,
- conn->send_pipe->size,
- conn->recv_pipe->size);
- curr = curr->next;
- }
- }
-}
-
-#endif
diff --git a/libs/libcurl/src/pipeline.h b/libs/libcurl/src/pipeline.h
deleted file mode 100644
index 413ba31a06..0000000000
--- a/libs/libcurl/src/pipeline.h
+++ /dev/null
@@ -1,56 +0,0 @@
-#ifndef HEADER_CURL_PIPELINE_H
-#define HEADER_CURL_PIPELINE_H
-/***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 2015 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
- * Copyright (C) 2013 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-CURLcode Curl_add_handle_to_pipeline(struct Curl_easy *handle,
- struct connectdata *conn);
-void Curl_move_handle_from_send_to_recv_pipe(struct Curl_easy *handle,
- struct connectdata *conn);
-bool Curl_pipeline_penalized(struct Curl_easy *data,
- struct connectdata *conn);
-
-bool Curl_pipeline_site_blacklisted(struct Curl_easy *handle,
- struct connectdata *conn);
-
-CURLMcode Curl_pipeline_set_site_blacklist(char **sites,
- struct curl_llist *list_ptr);
-
-bool Curl_pipeline_server_blacklisted(struct Curl_easy *handle,
- char *server_name);
-
-CURLMcode Curl_pipeline_set_server_blacklist(char **servers,
- struct curl_llist *list_ptr);
-
-bool Curl_pipeline_checkget_write(struct Curl_easy *data,
- struct connectdata *conn);
-bool Curl_pipeline_checkget_read(struct Curl_easy *data,
- struct connectdata *conn);
-void Curl_pipeline_leave_write(struct connectdata *conn);
-void Curl_pipeline_leave_read(struct connectdata *conn);
-bool Curl_recvpipe_head(struct Curl_easy *data,
- struct connectdata *conn);
-bool Curl_sendpipe_head(struct Curl_easy *data,
- struct connectdata *conn);
-
-#endif /* HEADER_CURL_PIPELINE_H */
diff --git a/libs/libcurl/src/pop3.c b/libs/libcurl/src/pop3.c
index 8dbd448b2c..c8f3965e49 100644
--- a/libs/libcurl/src/pop3.c
+++ b/libs/libcurl/src/pop3.c
@@ -30,6 +30,7 @@
* RFC4752 The Kerberos V5 ("GSSAPI") SASL Mechanism
* RFC5034 POP3 SASL Authentication Mechanism
* RFC6749 OAuth 2.0 Authorization Framework
+ * RFC8314 Use of TLS for Email Submission and Access
* Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
***************************************************************************/
diff --git a/libs/libcurl/src/progress.c b/libs/libcurl/src/progress.c
index d37e1d5a63..f586d59b4c 100644
--- a/libs/libcurl/src/progress.c
+++ b/libs/libcurl/src/progress.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -31,6 +31,7 @@
/* check rate limits within this many recent milliseconds, at minimum. */
#define MIN_RATE_LIMIT_PERIOD 3000
+#ifndef CURL_DISABLE_PROGRESS_METER
/* Provide a string that is 2 + 1 + 2 + 1 + 2 = 8 letters long (plus the zero
byte) */
static void time2str(char *r, curl_off_t seconds)
@@ -119,6 +120,7 @@ static char *max5data(curl_off_t bytes, char *max5)
return max5;
}
+#endif
/*
@@ -362,17 +364,13 @@ void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size)
}
}
-/*
- * Curl_pgrsUpdate() returns 0 for success or the value returned by the
- * progress callback!
- */
-int Curl_pgrsUpdate(struct connectdata *conn)
+#ifndef CURL_DISABLE_PROGRESS_METER
+static void progress_meter(struct connectdata *conn)
{
struct curltime now;
curl_off_t timespent;
curl_off_t timespent_ms; /* milliseconds */
struct Curl_easy *data = conn->data;
- int nowindex = data->progress.speeder_c% CURR_TIME;
bool shownow = FALSE;
curl_off_t dl = data->progress.downloaded;
curl_off_t ul = data->progress.uploaded;
@@ -399,7 +397,9 @@ int Curl_pgrsUpdate(struct connectdata *conn)
/* Calculations done at most once a second, unless end is reached */
if(data->progress.lastshow != now.tv_sec) {
int countindex; /* amount of seconds stored in the speeder array */
- shownow = TRUE;
+ int nowindex = data->progress.speeder_c% CURR_TIME;
+ if(!(data->progress.flags & PGRS_HIDE))
+ shownow = TRUE;
data->progress.lastshow = now.tv_sec;
@@ -461,8 +461,12 @@ int Curl_pgrsUpdate(struct connectdata *conn)
data->progress.ulspeed + data->progress.dlspeed;
} /* Calculations end */
-
- if(!(data->progress.flags & PGRS_HIDE)) {
+ if(!shownow)
+ /* only show the internal progress meter once per second */
+ return;
+ else {
+ /* If there's no external callback set, use internal code to show
+ progress */
/* progress meter has not been shut off */
char max5[6][10];
curl_off_t dlpercen = 0;
@@ -477,42 +481,6 @@ int Curl_pgrsUpdate(struct connectdata *conn)
curl_off_t dlestimate = 0;
curl_off_t total_estimate;
- if(data->set.fxferinfo) {
- int result;
- /* There's a callback set, call that */
- Curl_set_in_callback(data, true);
- result = data->set.fxferinfo(data->set.progress_client,
- data->progress.size_dl,
- data->progress.downloaded,
- data->progress.size_ul,
- data->progress.uploaded);
- Curl_set_in_callback(data, false);
- if(result)
- failf(data, "Callback aborted");
- return result;
- }
- if(data->set.fprogress) {
- int result;
- /* The older deprecated callback is set, call that */
- Curl_set_in_callback(data, true);
- result = data->set.fprogress(data->set.progress_client,
- (double)data->progress.size_dl,
- (double)data->progress.downloaded,
- (double)data->progress.size_ul,
- (double)data->progress.uploaded);
- Curl_set_in_callback(data, false);
- if(result)
- failf(data, "Callback aborted");
- return result;
- }
-
- if(!shownow)
- /* only show the internal progress meter once per second */
- return 0;
-
- /* If there's no external callback set, use internal code to show
- progress */
-
if(!(data->progress.flags & PGRS_HEADERS_OUT)) {
if(data->state.resume_from) {
fprintf(data->set.err,
@@ -564,9 +532,9 @@ int Curl_pgrsUpdate(struct connectdata *conn)
/* Get the total amount of data expected to get transferred */
total_expected_transfer =
- (data->progress.flags & PGRS_UL_SIZE_KNOWN?
+ ((data->progress.flags & PGRS_UL_SIZE_KNOWN)?
data->progress.size_ul:data->progress.uploaded)+
- (data->progress.flags & PGRS_DL_SIZE_KNOWN?
+ ((data->progress.flags & PGRS_DL_SIZE_KNOWN)?
data->progress.size_dl:data->progress.downloaded);
/* We have transferred this much so far */
@@ -595,13 +563,57 @@ int Curl_pgrsUpdate(struct connectdata *conn)
time_total, /* 8 letters */ /* total time */
time_spent, /* 8 letters */ /* time spent */
time_left, /* 8 letters */ /* time left */
- max5data(data->progress.current_speed, max5[5]) /* current speed */
- );
+ max5data(data->progress.current_speed, max5[5])
+ );
/* we flush the output stream to make it appear as soon as possible */
fflush(data->set.err);
+ } /* don't show now */
+}
+#else
+ /* progress bar disabled */
+#define progress_meter(x)
+#endif
+
- } /* !(data->progress.flags & PGRS_HIDE) */
+/*
+ * Curl_pgrsUpdate() returns 0 for success or the value returned by the
+ * progress callback!
+ */
+int Curl_pgrsUpdate(struct connectdata *conn)
+{
+ struct Curl_easy *data = conn->data;
+ if(!(data->progress.flags & PGRS_HIDE)) {
+ if(data->set.fxferinfo) {
+ int result;
+ /* There's a callback set, call that */
+ Curl_set_in_callback(data, true);
+ result = data->set.fxferinfo(data->set.progress_client,
+ data->progress.size_dl,
+ data->progress.downloaded,
+ data->progress.size_ul,
+ data->progress.uploaded);
+ Curl_set_in_callback(data, false);
+ if(result)
+ failf(data, "Callback aborted");
+ return result;
+ }
+ if(data->set.fprogress) {
+ int result;
+ /* The older deprecated callback is set, call that */
+ Curl_set_in_callback(data, true);
+ result = data->set.fprogress(data->set.progress_client,
+ (double)data->progress.size_dl,
+ (double)data->progress.downloaded,
+ (double)data->progress.size_ul,
+ (double)data->progress.uploaded);
+ Curl_set_in_callback(data, false);
+ if(result)
+ failf(data, "Callback aborted");
+ return result;
+ }
+ }
+ progress_meter(conn);
return 0;
}
diff --git a/libs/libcurl/src/rtsp.c b/libs/libcurl/src/rtsp.c
index b9a8ef5e86..74cf232448 100644
--- a/libs/libcurl/src/rtsp.c
+++ b/libs/libcurl/src/rtsp.c
@@ -42,16 +42,6 @@
#include "curl_memory.h"
#include "memdebug.h"
-/*
- * TODO (general)
- * -incoming server requests
- * -server CSeq counter
- * -digest authentication
- * -connect through proxy
- * -pipelining?
- */
-
-
#define RTP_PKT_CHANNEL(p) ((int)((unsigned char)((p)[1])))
#define RTP_PKT_LENGTH(p) ((((int)((unsigned char)((p)[2]))) << 8) | \
@@ -236,7 +226,6 @@ static CURLcode rtsp_done(struct connectdata *conn,
if(data->set.rtspreq == RTSPREQ_RECEIVE &&
(conn->proto.rtspc.rtp_channel == -1)) {
infof(data, "Got an RTP Receive with a CSeq of %ld\n", CSeq_recv);
- /* TODO CPC: Server -> Client logic here */
}
}
@@ -336,8 +325,6 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
return CURLE_BAD_FUNCTION_ARGUMENT;
}
- /* TODO: proxy? */
-
/* Stream URI. Default to server '*' if not specified */
if(data->set.str[STRING_RTSP_STREAM_URI]) {
p_stream_uri = data->set.str[STRING_RTSP_STREAM_URI];
diff --git a/libs/libcurl/src/security.c b/libs/libcurl/src/security.c
index eec6e6f446..82ae5c2cda 100644
--- a/libs/libcurl/src/security.c
+++ b/libs/libcurl/src/security.c
@@ -151,7 +151,6 @@ socket_read(curl_socket_t fd, void *to, size_t len)
to_p += nread;
}
else {
- /* FIXME: We are doing a busy wait */
if(result == CURLE_AGAIN)
continue;
return result;
@@ -179,7 +178,6 @@ socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
to_p += written;
}
else {
- /* FIXME: We are doing a busy wait */
if(result == CURLE_AGAIN)
continue;
return result;
@@ -265,13 +263,11 @@ static ssize_t sec_recv(struct connectdata *conn, int sockindex,
total_read += bytes_read;
buffer += bytes_read;
}
- /* FIXME: Check for overflow */
return total_read;
}
/* Send |length| bytes from |from| to the |fd| socket taking care of encoding
and negociating with the server. |from| can be NULL. */
-/* FIXME: We don't check for errors nor report any! */
static void do_sec_send(struct connectdata *conn, curl_socket_t fd,
const char *from, int length)
{
@@ -406,18 +402,14 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
if(buf[decoded_len - 1] == '\n')
buf[decoded_len - 1] = '\0';
- /* FIXME: Is |buffer| length always greater than |decoded_len|? */
strcpy(buffer, buf);
free(buf);
return ret_code;
}
-/* FIXME: The error code returned here is never checked. */
static int sec_set_protection_level(struct connectdata *conn)
{
int code;
- char *pbsz;
- static unsigned int buffer_size = 1 << 20; /* 1048576 */
enum protection_level level = conn->request_data_prot;
DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
@@ -433,6 +425,9 @@ static int sec_set_protection_level(struct connectdata *conn)
return 0;
if(level) {
+ char *pbsz;
+ static unsigned int buffer_size = 1 << 20; /* 1048576 */
+
code = ftp_send_command(conn, "PBSZ %u", buffer_size);
if(code < 0)
return -1;
@@ -508,7 +503,6 @@ static CURLcode choose_mech(struct connectdata *conn)
infof(data, "Trying mechanism %s...\n", mech->name);
ret = ftp_send_command(conn, "AUTH %s", mech->name);
if(ret < 0)
- /* FIXME: This error is too generic but it is OK for now. */
return CURLE_COULDNT_CONNECT;
if(ret/100 != 3) {
@@ -575,7 +569,6 @@ Curl_sec_end(struct connectdata *conn)
conn->in_buffer.data = NULL;
conn->in_buffer.size = 0;
conn->in_buffer.index = 0;
- /* FIXME: Is this really needed? */
conn->in_buffer.eof_flag = 0;
}
conn->sec_complete = 0;
diff --git a/libs/libcurl/src/sendf.c b/libs/libcurl/src/sendf.c
index 5008d9333d..5913ea4060 100644
--- a/libs/libcurl/src/sendf.c
+++ b/libs/libcurl/src/sendf.c
@@ -595,7 +595,10 @@ static CURLcode chop_write(struct connectdata *conn,
size_t chunklen = len <= CURL_MAX_WRITE_SIZE? len: CURL_MAX_WRITE_SIZE;
if(writebody) {
- size_t wrote = writebody(ptr, 1, chunklen, data->set.out);
+ size_t wrote;
+ Curl_set_in_callback(data, true);
+ wrote = writebody(ptr, 1, chunklen, data->set.out);
+ Curl_set_in_callback(data, false);
if(CURL_WRITEFUNC_PAUSE == wrote) {
if(conn->handler->flags & PROTOPT_NONETWORK) {
@@ -724,10 +727,6 @@ CURLcode Curl_read(struct connectdata *conn, /* connection data */
char *buffertofill = NULL;
struct Curl_easy *data = conn->data;
- /* if HTTP/1 pipelining is both wanted and possible */
- bool pipelining = Curl_pipeline_wanted(data->multi, CURLPIPE_HTTP1) &&
- (conn->bundle->multiuse == BUNDLE_PIPELINING);
-
/* Set 'num' to 0 or 1, depending on which socket that has been sent here.
If it is the second socket, we set num to 1. Otherwise to 0. This lets
us use the correct ssl handle. */
@@ -735,40 +734,13 @@ CURLcode Curl_read(struct connectdata *conn, /* connection data */
*n = 0; /* reset amount to zero */
- /* If session can pipeline, check connection buffer */
- if(pipelining) {
- size_t bytestocopy = CURLMIN(conn->buf_len - conn->read_pos,
- sizerequested);
-
- /* Copy from our master buffer first if we have some unread data there*/
- if(bytestocopy > 0) {
- memcpy(buf, conn->master_buffer + conn->read_pos, bytestocopy);
- conn->read_pos += bytestocopy;
- conn->bits.stream_was_rewound = FALSE;
-
- *n = (ssize_t)bytestocopy;
- return CURLE_OK;
- }
- /* If we come here, it means that there is no data to read from the buffer,
- * so we read from the socket */
- bytesfromsocket = CURLMIN(sizerequested, MASTERBUF_SIZE);
- buffertofill = conn->master_buffer;
- }
- else {
- bytesfromsocket = CURLMIN(sizerequested, (size_t)data->set.buffer_size);
- buffertofill = buf;
- }
+ bytesfromsocket = CURLMIN(sizerequested, (size_t)data->set.buffer_size);
+ buffertofill = buf;
nread = conn->recv[num](conn, num, buffertofill, bytesfromsocket, &result);
if(nread < 0)
return result;
- if(pipelining) {
- memcpy(buf, conn->master_buffer, nread);
- conn->buf_len = nread;
- conn->read_pos = nread;
- }
-
*n += nread;
return CURLE_OK;
diff --git a/libs/libcurl/src/setopt.c b/libs/libcurl/src/setopt.c
index b5f74a93db..92cd5b271f 100644
--- a/libs/libcurl/src/setopt.c
+++ b/libs/libcurl/src/setopt.c
@@ -61,6 +61,13 @@ CURLcode Curl_setstropt(char **charp, const char *s)
if(s) {
char *str = strdup(s);
+ if(str) {
+ size_t len = strlen(str);
+ if(len > CURL_MAX_INPUT_LENGTH) {
+ free(str);
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ }
if(!str)
return CURLE_OUT_OF_MEMORY;
@@ -118,6 +125,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
char *argptr;
CURLcode result = CURLE_OK;
long arg;
+ unsigned long uarg;
curl_off_t bigsize;
switch(option) {
@@ -128,23 +136,20 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.dns_cache_timeout = arg;
break;
case CURLOPT_DNS_USE_GLOBAL_CACHE:
-#if 0 /* deprecated */
- /* remember we want this enabled */
- arg = va_arg(param, long);
- data->set.global_dns_cache = (0 != arg) ? TRUE : FALSE;
-#endif
+ /* deprecated */
break;
case CURLOPT_SSL_CIPHER_LIST:
/* set a list of cipher we want to use in the SSL connection */
result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_CIPHER_LIST:
/* set a list of cipher we want to use in the SSL connection for proxy */
result = Curl_setstropt(&data->set.str[STRING_SSL_CIPHER_LIST_PROXY],
va_arg(param, char *));
break;
-
+#endif
case CURLOPT_TLS13_CIPHERS:
if(Curl_ssl_tls13_ciphersuites()) {
/* set preferred list of TLS 1.3 cipher suites */
@@ -154,6 +159,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
else
return CURLE_NOT_BUILT_IN;
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_TLS13_CIPHERS:
if(Curl_ssl_tls13_ciphersuites()) {
/* set preferred list of TLS 1.3 cipher suites for proxy */
@@ -163,7 +169,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
else
return CURLE_NOT_BUILT_IN;
break;
-
+#endif
case CURLOPT_RANDOM_FILE:
/*
* This is the path name to a file that contains random data to seed
@@ -271,27 +277,6 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
*/
data->set.get_filetime = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
- case CURLOPT_FTP_CREATE_MISSING_DIRS:
- /*
- * An FTP option that modifies an upload to create missing directories on
- * the server.
- */
- switch(va_arg(param, long)) {
- case 0:
- data->set.ftp_create_missing_dirs = 0;
- break;
- case 1:
- data->set.ftp_create_missing_dirs = 1;
- break;
- case 2:
- data->set.ftp_create_missing_dirs = 2;
- break;
- default:
- /* reserve other values for future use */
- result = CURLE_UNKNOWN_OPTION;
- break;
- }
- break;
case CURLOPT_SERVER_RESPONSE_TIMEOUT:
/*
* Option that specifies how quickly an server response must be obtained
@@ -303,6 +288,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
else
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
+#ifndef CURL_DISABLE_TFTP
case CURLOPT_TFTP_NO_OPTIONS:
/*
* Option that prevents libcurl from sending TFTP option requests to the
@@ -319,28 +305,8 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.tftp_blksize = arg;
break;
- case CURLOPT_DIRLISTONLY:
- /*
- * An option that changes the command to one that asks for a list
- * only, no file info details.
- */
- data->set.ftp_list_only = (0 != va_arg(param, long)) ? TRUE : FALSE;
- break;
- case CURLOPT_APPEND:
- /*
- * We want to upload and append to an existing file.
- */
- data->set.ftp_append = (0 != va_arg(param, long)) ? TRUE : FALSE;
- break;
- case CURLOPT_FTP_FILEMETHOD:
- /*
- * How do access files over FTP.
- */
- arg = va_arg(param, long);
- if((arg < CURLFTPMETHOD_DEFAULT) || (arg > CURLFTPMETHOD_SINGLECWD))
- return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.ftp_filemethod = (curl_ftpfile)arg;
- break;
+#endif
+#ifndef CURL_DISABLE_NETRC
case CURLOPT_NETRC:
/*
* Parse the $HOME/.netrc file
@@ -357,6 +323,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_NETRC_FILE],
va_arg(param, char *));
break;
+#endif
case CURLOPT_TRANSFERTEXT:
/*
* This option was previously named 'FTPASCII'. Renamed to work with
@@ -664,6 +631,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
break;
#ifndef CURL_DISABLE_HTTP
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXYHEADER:
/*
* Set a list with proxy headers to use (or replace internals with)
@@ -677,7 +645,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
*/
data->set.proxyheaders = va_arg(param, struct curl_slist *);
break;
-
+#endif
case CURLOPT_HEADEROPT:
/*
* Set header option.
@@ -1072,7 +1040,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.socks5_gssapi_nec = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
#endif
-
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_SOCKS5_GSSAPI_SERVICE:
case CURLOPT_PROXY_SERVICE_NAME:
/*
@@ -1081,7 +1049,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_PROXY_SERVICE_NAME],
va_arg(param, char *));
break;
-
+#endif
case CURLOPT_SERVICE_NAME:
/*
* Set authentication service name for DIGEST-MD5, Kerberos 5 and SPNEGO
@@ -1110,6 +1078,33 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
*/
data->set.out = va_arg(param, void *);
break;
+
+ case CURLOPT_DIRLISTONLY:
+ /*
+ * An option that changes the command to one that asks for a list only, no
+ * file info details. Used for FTP, POP3 and SFTP.
+ */
+ data->set.ftp_list_only = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+ case CURLOPT_APPEND:
+ /*
+ * We want to upload and append to an existing file. Used for FTP and
+ * SFTP.
+ */
+ data->set.ftp_append = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+
+#ifndef CURL_DISABLE_FTP
+ case CURLOPT_FTP_FILEMETHOD:
+ /*
+ * How do access files over FTP.
+ */
+ arg = va_arg(param, long);
+ if((arg < CURLFTPMETHOD_DEFAULT) || (arg > CURLFTPMETHOD_SINGLECWD))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.ftp_filemethod = (curl_ftpfile)arg;
+ break;
case CURLOPT_FTPPORT:
/*
* Use FTP PORT, this also specifies which IP address to use
@@ -1146,6 +1141,55 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.ftp_skip_ip = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
+ case CURLOPT_FTP_ACCOUNT:
+ result = Curl_setstropt(&data->set.str[STRING_FTP_ACCOUNT],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_FTP_ALTERNATIVE_TO_USER:
+ result = Curl_setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER],
+ va_arg(param, char *));
+ break;
+
+ case CURLOPT_FTPSSLAUTH:
+ /*
+ * Set a specific auth for FTP-SSL transfers.
+ */
+ arg = va_arg(param, long);
+ if((arg < CURLFTPAUTH_DEFAULT) || (arg > CURLFTPAUTH_TLS))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.ftpsslauth = (curl_ftpauth)arg;
+ break;
+ case CURLOPT_KRBLEVEL:
+ /*
+ * A string that defines the kerberos security level.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_KRB_LEVEL],
+ va_arg(param, char *));
+ data->set.krb = (data->set.str[STRING_KRB_LEVEL]) ? TRUE : FALSE;
+ break;
+#endif
+ case CURLOPT_FTP_CREATE_MISSING_DIRS:
+ /*
+ * An FTP/SFTP option that modifies an upload to create missing
+ * directories on the server.
+ */
+ switch(va_arg(param, long)) {
+ case 0:
+ data->set.ftp_create_missing_dirs = 0;
+ break;
+ case 1:
+ data->set.ftp_create_missing_dirs = 1;
+ break;
+ case 2:
+ data->set.ftp_create_missing_dirs = 2;
+ break;
+ default:
+ /* reserve other values for future use */
+ result = CURLE_UNKNOWN_OPTION;
+ break;
+ }
+ break;
case CURLOPT_READDATA:
/*
* FILE pointer to read the file to be uploaded from. Or possibly
@@ -1554,6 +1598,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_CERT_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSLCERT:
/*
* String that holds file name of the SSL certificate to use for proxy
@@ -1561,6 +1606,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_CERT_PROXY],
va_arg(param, char *));
break;
+#endif
case CURLOPT_SSLCERTTYPE:
/*
* String that holds file type of the SSL certificate to use
@@ -1568,6 +1614,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSLCERTTYPE:
/*
* String that holds file type of the SSL certificate to use for proxy
@@ -1575,6 +1622,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_CERT_TYPE_PROXY],
va_arg(param, char *));
break;
+#endif
case CURLOPT_SSLKEY:
/*
* String that holds file name of the SSL key to use
@@ -1582,6 +1630,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_KEY_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSLKEY:
/*
* String that holds file name of the SSL key to use for proxy
@@ -1589,6 +1638,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_KEY_PROXY],
va_arg(param, char *));
break;
+#endif
case CURLOPT_SSLKEYTYPE:
/*
* String that holds file type of the SSL key to use
@@ -1596,6 +1646,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSLKEYTYPE:
/*
* String that holds file type of the SSL key to use for proxy
@@ -1603,6 +1654,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_KEY_TYPE_PROXY],
va_arg(param, char *));
break;
+#endif
case CURLOPT_KEYPASSWD:
/*
* String that holds the SSL or SSH private key password.
@@ -1610,6 +1662,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_KEYPASSWD:
/*
* String that holds the SSL private key password for proxy.
@@ -1617,6 +1670,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_KEY_PASSWD_PROXY],
va_arg(param, char *));
break;
+#endif
case CURLOPT_SSLENGINE:
/*
* String that holds the SSL crypto engine.
@@ -1643,14 +1697,14 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
*/
data->set.crlf = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
-
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_HAPROXYPROTOCOL:
/*
* Set to send the HAProxy Proxy Protocol header
*/
data->set.haproxyprotocol = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
-
+#endif
case CURLOPT_INTERFACE:
/*
* Set what interface or address/hostname to bind the socket to when
@@ -1677,14 +1731,6 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.localportrange = curlx_sltosi(arg);
break;
- case CURLOPT_KRBLEVEL:
- /*
- * A string that defines the kerberos security level.
- */
- result = Curl_setstropt(&data->set.str[STRING_KRB_LEVEL],
- va_arg(param, char *));
- data->set.krb = (data->set.str[STRING_KRB_LEVEL]) ? TRUE : FALSE;
- break;
case CURLOPT_GSSAPI_DELEGATION:
/*
* GSS-API credential delegation bitmask
@@ -1707,6 +1753,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.ssl.primary.verifypeer;
}
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_VERIFYPEER:
/*
* Enable peer SSL verifying for proxy.
@@ -1720,6 +1767,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.proxy_ssl.primary.verifypeer;
}
break;
+#endif
case CURLOPT_SSL_VERIFYHOST:
/*
* Enable verification of the host name in the peer certificate
@@ -1744,6 +1792,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.ssl.primary.verifyhost;
}
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_VERIFYHOST:
/*
* Enable verification of the host name in the peer certificate for proxy
@@ -1768,6 +1817,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.proxy_ssl.primary.verifyhost;
}
break;
+#endif
case CURLOPT_SSL_VERIFYSTATUS:
/*
* Enable certificate status verifying.
@@ -1840,6 +1890,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
#endif
result = CURLE_NOT_BUILT_IN;
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_PINNEDPUBLICKEY:
/*
* Set pinned public key for SSL connection.
@@ -1853,6 +1904,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
#endif
result = CURLE_NOT_BUILT_IN;
break;
+#endif
case CURLOPT_CAINFO:
/*
* Set CA info for SSL connection. Specify file name of the CA certificate
@@ -1860,6 +1912,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_CAINFO:
/*
* Set CA info SSL connection for proxy. Specify file name of the
@@ -1868,6 +1921,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_SSL_CAFILE_PROXY],
va_arg(param, char *));
break;
+#endif
case CURLOPT_CAPATH:
/*
* Set CA path info for SSL connection. Specify directory name of the CA
@@ -1882,6 +1936,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
#endif
result = CURLE_NOT_BUILT_IN;
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_CAPATH:
/*
* Set CA path info for SSL connection proxy. Specify directory name of the
@@ -1896,6 +1951,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
#endif
result = CURLE_NOT_BUILT_IN;
break;
+#endif
case CURLOPT_CRLFILE:
/*
* Set CRL file info for SSL connection. Specify file name of the CRL
@@ -1904,6 +1960,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_CRLFILE:
/*
* Set CRL file info for SSL connection for proxy. Specify file name of the
@@ -1912,6 +1969,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_SSL_CRLFILE_PROXY],
va_arg(param, char *));
break;
+#endif
case CURLOPT_ISSUERCERT:
/*
* Set Issuer certificate file
@@ -1920,13 +1978,14 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_SSL_ISSUERCERT_ORIG],
va_arg(param, char *));
break;
+#ifndef CURL_DISABLE_TELNET
case CURLOPT_TELNETOPTIONS:
/*
* Set a linked list of telnet options
*/
data->set.telnet_options = va_arg(param, struct curl_slist *);
break;
-
+#endif
case CURLOPT_BUFFERSIZE:
/*
* The application kindly asks for a differently sized receive buffer.
@@ -2084,24 +2143,16 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
break;
+#ifndef CURL_DISABLE_PROXY
case CURLOPT_PROXY_SSL_OPTIONS:
arg = va_arg(param, long);
data->set.proxy_ssl.enable_beast =
(bool)((arg&CURLSSLOPT_ALLOW_BEAST) ? TRUE : FALSE);
data->set.proxy_ssl.no_revoke = !!(arg & CURLSSLOPT_NO_REVOKE);
break;
-
#endif
- case CURLOPT_FTPSSLAUTH:
- /*
- * Set a specific auth for FTP-SSL transfers.
- */
- arg = va_arg(param, long);
- if((arg < CURLFTPAUTH_DEFAULT) || (arg > CURLFTPAUTH_TLS))
- return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.ftpsslauth = (curl_ftpauth)arg;
- break;
+#endif
case CURLOPT_IPRESOLVE:
arg = va_arg(param, long);
if((arg < CURL_IPRESOLVE_WHATEVER) || (arg > CURL_IPRESOLVE_V6))
@@ -2127,11 +2178,6 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.tcp_nodelay = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
- case CURLOPT_FTP_ACCOUNT:
- result = Curl_setstropt(&data->set.str[STRING_FTP_ACCOUNT],
- va_arg(param, char *));
- break;
-
case CURLOPT_IGNORE_CONTENT_LENGTH:
data->set.ignorecl = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
@@ -2143,11 +2189,6 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.connect_only = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
- case CURLOPT_FTP_ALTERNATIVE_TO_USER:
- result = Curl_setstropt(&data->set.str[STRING_FTP_ALTERNATIVE_TO_USER],
- va_arg(param, char *));
- break;
-
case CURLOPT_SOCKOPTFUNCTION:
/*
* socket callback function: called after socket() but before connect()
@@ -2213,7 +2254,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid;
break;
-#if defined(USE_LIBSSH2) || defined(USE_LIBSSH)
+#ifdef USE_SSH
/* we only include SSH options if explicitly built to support SSH */
case CURLOPT_SSH_AUTH_TYPES:
data->set.ssh_auth_types = va_arg(param, long);
@@ -2263,7 +2304,11 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
*/
data->set.ssh_keyfunc_userp = va_arg(param, void *);
break;
-#endif /* USE_LIBSSH2 */
+
+ case CURLOPT_SSH_COMPRESSION:
+ data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE;
+ break;
+#endif /* USE_SSH */
case CURLOPT_HTTP_TRANSFER_DECODING:
/*
@@ -2279,6 +2324,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.http_ce_skip = (0 == va_arg(param, long)) ? TRUE : FALSE;
break;
+#if !defined(CURL_DISABLE_FTP) || defined(USE_SSH)
case CURLOPT_NEW_FILE_PERMS:
/*
* Uses these permissions instead of 0644
@@ -2298,17 +2344,20 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.new_directory_perms = arg;
break;
+#endif
case CURLOPT_ADDRESS_SCOPE:
/*
- * We always get longs when passed plain numericals, but for this value we
- * know that an unsigned int will always hold the value so we blindly
- * typecast to this type
+ * Use this scope id when using IPv6
+ * We always get longs when passed plain numericals so we should check
+ * that the value fits into an unsigned 32 bit integer.
*/
- arg = va_arg(param, long);
- if((arg < 0) || (arg > 0xf))
+ uarg = va_arg(param, unsigned long);
+#if SIZEOF_LONG > 4
+ if(uarg > UINT_MAX)
return CURLE_BAD_FUNCTION_ARGUMENT;
- data->set.scope_id = curlx_sltoui(arg);
+#endif
+ data->set.scope_id = (unsigned int)uarg;
break;
case CURLOPT_PROTOCOLS:
@@ -2332,7 +2381,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = Curl_setstropt(&data->set.str[STRING_DEFAULT_PROTOCOL],
va_arg(param, char *));
break;
-
+#ifndef CURL_DISABLE_SMTP
case CURLOPT_MAIL_FROM:
/* Set the SMTP mail originator */
result = Curl_setstropt(&data->set.str[STRING_MAIL_FROM],
@@ -2349,12 +2398,13 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
/* Set the list of mail recipients */
data->set.mail_rcpt = va_arg(param, struct curl_slist *);
break;
+#endif
case CURLOPT_SASL_IR:
/* Enable/disable SASL initial response */
data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
-
+#ifndef CURL_DISABLE_RTSP
case CURLOPT_RTSP_REQUEST:
{
/*
@@ -2463,7 +2513,8 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
/* Set the user defined RTP write function */
data->set.fwrite_rtp = va_arg(param, curl_write_callback);
break;
-
+#endif
+#ifndef CURL_DISABLE_FTP
case CURLOPT_WILDCARDMATCH:
data->set.wildcard_enabled = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
@@ -2482,6 +2533,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
case CURLOPT_FNMATCH_DATA:
data->set.fnmatch_data = va_arg(param, void *);
break;
+#endif
#ifdef USE_TLS_SRP
case CURLOPT_TLSAUTH_USERNAME:
result = Curl_setstropt(&data->set.str[STRING_TLSAUTH_USERNAME_ORIG],
@@ -2526,6 +2578,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
data->set.proxy_ssl.authtype = CURL_TLSAUTH_NONE;
break;
#endif
+#ifdef USE_ARES
case CURLOPT_DNS_SERVERS:
result = Curl_set_dns_servers(data, va_arg(param, char *));
break;
@@ -2538,7 +2591,7 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
case CURLOPT_DNS_LOCAL_IP6:
result = Curl_set_dns_local_ip6(data, va_arg(param, char *));
break;
-
+#endif
case CURLOPT_TCP_KEEPALIVE:
data->set.tcp_keepalive = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
@@ -2562,13 +2615,14 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
result = CURLE_NOT_BUILT_IN;
#endif
break;
+#ifdef USE_NGHTTP2
case CURLOPT_SSL_ENABLE_NPN:
data->set.ssl_enable_npn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
case CURLOPT_SSL_ENABLE_ALPN:
data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
-
+#endif
#ifdef USE_UNIX_SOCKETS
case CURLOPT_UNIX_SOCKET_PATH:
data->set.abstract_unix_socket = FALSE;
@@ -2619,33 +2673,40 @@ static CURLcode vsetopt(struct Curl_easy *data, CURLoption option,
case CURLOPT_SUPPRESS_CONNECT_HEADERS:
data->set.suppress_connect_headers = (0 != va_arg(param, long))?TRUE:FALSE;
break;
- case CURLOPT_SSH_COMPRESSION:
- data->set.ssh_compression = (0 != va_arg(param, long))?TRUE:FALSE;
- break;
case CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS:
arg = va_arg(param, long);
if(arg < 0)
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.happy_eyeballs_timeout = arg;
break;
+#ifndef CURL_DISABLE_SHUFFLE_DNS
case CURLOPT_DNS_SHUFFLE_ADDRESSES:
data->set.dns_shuffle_addresses = (0 != va_arg(param, long)) ? TRUE:FALSE;
break;
+#endif
case CURLOPT_DISALLOW_USERNAME_IN_URL:
data->set.disallow_username_in_url =
(0 != va_arg(param, long)) ? TRUE : FALSE;
break;
+#ifndef CURL_DISABLE_DOH
case CURLOPT_DOH_URL:
result = Curl_setstropt(&data->set.str[STRING_DOH],
va_arg(param, char *));
data->set.doh = data->set.str[STRING_DOH]?TRUE:FALSE;
break;
+#endif
case CURLOPT_UPKEEP_INTERVAL_MS:
arg = va_arg(param, long);
if(arg < 0)
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.upkeep_interval_ms = arg;
break;
+ case CURLOPT_MAXAGE_CONN:
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.maxage_conn = arg;
+ break;
case CURLOPT_TRAILERFUNCTION:
#ifndef CURL_DISABLE_HTTP
data->set.trailer_callback = va_arg(param, curl_trailer_callback);
diff --git a/libs/libcurl/src/smtp.c b/libs/libcurl/src/smtp.c
index f3db714b5a..4a3462b84b 100644
--- a/libs/libcurl/src/smtp.c
+++ b/libs/libcurl/src/smtp.c
@@ -28,6 +28,7 @@
* RFC4954 SMTP Authentication
* RFC5321 SMTP protocol
* RFC6749 OAuth 2.0 Authorization Framework
+ * RFC8314 Use of TLS for Email Submission and Access
* Draft SMTP URL Interface <draft-earhart-url-smtp-00.txt>
* Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
@@ -1218,7 +1219,7 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
returned CURLE_AGAIN, we duplicate the EOB now rather than when the
bytes written doesn't equal len. */
if(smtp->trailing_crlf || !conn->data->state.infilesize) {
- eob = strdup(SMTP_EOB + 2);
+ eob = strdup(&SMTP_EOB[2]);
len = SMTP_EOB_LEN - 2;
}
else {
@@ -1252,12 +1253,7 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
state(conn, SMTP_POSTDATA);
- /* Run the state-machine
-
- TODO: when the multi interface is used, this _really_ should be using
- the smtp_multi_statemach function but we have no general support for
- non-blocking DONE operations!
- */
+ /* Run the state-machine */
result = smtp_block_statemach(conn, FALSE);
}
diff --git a/libs/libcurl/src/socks.c b/libs/libcurl/src/socks.c
index d0aba0605a..d8fcc3bbba 100644
--- a/libs/libcurl/src/socks.c
+++ b/libs/libcurl/src/socks.c
@@ -155,7 +155,7 @@ CURLcode Curl_SOCKS4(const char *proxy_user,
Curl_addrinfo *hp = NULL;
int rc;
- rc = Curl_resolv(conn, hostname, remote_port, &dns);
+ rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns);
if(rc == CURLRESOLV_ERROR)
return CURLE_COULDNT_RESOLVE_PROXY;
@@ -290,7 +290,7 @@ CURLcode Curl_SOCKS4(const char *proxy_user,
/* wrong version ? */
if(socksreq[0] != 0) {
failf(data,
- "SOCKS4 reply has wrong version, version should be 4.");
+ "SOCKS4 reply has wrong version, version should be 0.");
return CURLE_COULDNT_CONNECT;
}
@@ -527,12 +527,24 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
len = 0;
socksreq[len++] = 1; /* username/pw subnegotiation version */
socksreq[len++] = (unsigned char) proxy_user_len;
- if(proxy_user && proxy_user_len)
+ if(proxy_user && proxy_user_len) {
+ /* the length must fit in a single byte */
+ if(proxy_user_len >= 255) {
+ failf(data, "Excessive user name length for proxy auth");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
memcpy(socksreq + len, proxy_user, proxy_user_len);
+ }
len += proxy_user_len;
socksreq[len++] = (unsigned char) proxy_password_len;
- if(proxy_password && proxy_password_len)
+ if(proxy_password && proxy_password_len) {
+ /* the length must fit in a single byte */
+ if(proxy_password_len > 255) {
+ failf(data, "Excessive password length for proxy auth");
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
memcpy(socksreq + len, proxy_password, proxy_password_len);
+ }
len += proxy_password_len;
code = Curl_write_plain(conn, sock, (char *)socksreq, len, &written);
@@ -597,7 +609,7 @@ CURLcode Curl_SOCKS5(const char *proxy_user,
else {
struct Curl_dns_entry *dns;
Curl_addrinfo *hp = NULL;
- int rc = Curl_resolv(conn, hostname, remote_port, &dns);
+ int rc = Curl_resolv(conn, hostname, remote_port, FALSE, &dns);
if(rc == CURLRESOLV_ERROR)
return CURLE_COULDNT_RESOLVE_HOST;
diff --git a/libs/libcurl/src/splay.c b/libs/libcurl/src/splay.c
index baf07e00dc..0f5fcd1e8f 100644
--- a/libs/libcurl/src/splay.c
+++ b/libs/libcurl/src/splay.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1997 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1997 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -198,7 +198,7 @@ struct Curl_tree *Curl_splaygetbest(struct curltime i,
/* Deletes the very node we point out from the tree if it's there. Stores a
* pointer to the new resulting tree in 'newroot'.
*
- * Returns zero on success and non-zero on errors! TODO: document error codes.
+ * Returns zero on success and non-zero on errors!
* When returning error, it does not touch the 'newroot' pointer.
*
* NOTE: when the last node of the tree is removed, there's no tree left so
diff --git a/libs/libcurl/src/ssh-libssh.c b/libs/libcurl/src/ssh-libssh.c
index 609da1e09b..6cfd6bda8b 100644
--- a/libs/libcurl/src/ssh-libssh.c
+++ b/libs/libcurl/src/ssh-libssh.c
@@ -1946,14 +1946,13 @@ static int myssh_getsock(struct connectdata *conn,
static void myssh_block2waitfor(struct connectdata *conn, bool block)
{
struct ssh_conn *sshc = &conn->proto.sshc;
- int dir;
/* If it didn't block, or nothing was returned by ssh_get_poll_flags
* have the original set */
conn->waitfor = sshc->orig_waitfor;
if(block) {
- dir = ssh_get_poll_flags(sshc->ssh_session);
+ int dir = ssh_get_poll_flags(sshc->ssh_session);
if(dir & SSH_READ_PENDING) {
/* translate the libssh define bits into our own bit defines */
conn->waitfor = KEEP_RECV;
@@ -2012,9 +2011,7 @@ static CURLcode myssh_block_statemach(struct connectdata *conn,
}
if(!result && block) {
- curl_socket_t sock = conn->sock[FIRSTSOCKET];
- curl_socket_t fd_read = CURL_SOCKET_BAD;
- fd_read = sock;
+ curl_socket_t fd_read = conn->sock[FIRSTSOCKET];
/* wait for the socket to become ready */
(void) Curl_socket_check(fd_read, CURL_SOCKET_BAD,
CURL_SOCKET_BAD, left > 1000 ? 1000 : left);
@@ -2052,7 +2049,6 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
CURLcode result;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
struct Curl_easy *data = conn->data;
- int rc;
/* initialize per-handle data if not already */
if(!data->req.protop)
@@ -2106,8 +2102,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
ssh->pubkey = NULL;
if(data->set.str[STRING_SSH_PUBLIC_KEY]) {
- rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
- &ssh->pubkey);
+ int rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
+ &ssh->pubkey);
if(rc != SSH_OK) {
failf(data, "Could not load public key file");
/* ignore */
@@ -2227,12 +2223,7 @@ static CURLcode myssh_done(struct connectdata *conn, CURLcode status)
struct SSHPROTO *protop = conn->data->req.protop;
if(!status) {
- /* run the state-machine
-
- TODO: when the multi interface is used, this _really_ should be using
- the ssh_multi_statemach function but we have no general support for
- non-blocking DONE operations!
- */
+ /* run the state-machine */
result = myssh_block_statemach(conn, FALSE);
}
else
diff --git a/libs/libcurl/src/ssh.c b/libs/libcurl/src/ssh.c
index 46f52eceb0..a265c3c9ad 100644
--- a/libs/libcurl/src/ssh.c
+++ b/libs/libcurl/src/ssh.c
@@ -290,10 +290,6 @@ static CURLcode libssh2_session_error_to_CURLE(int err)
return CURLE_AGAIN;
}
- /* TODO: map some more of the libssh2 errors to the more appropriate CURLcode
- error code, and possibly add a few new SSH-related one. We must however
- not return or even depend on libssh2 errors in the public libcurl API */
-
return CURLE_SSH;
}
@@ -591,13 +587,13 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
struct Curl_easy *data = conn->data;
const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
char md5buffer[33];
- int i;
const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
LIBSSH2_HOSTKEY_HASH_MD5);
if(fingerprint) {
/* The fingerprint points to static storage (!), don't free() it. */
+ int i;
for(i = 0; i < 16; i++)
msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
@@ -737,18 +733,17 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
(strstr(sshc->authlist, "publickey") != NULL)) {
- char *home = NULL;
bool out_of_memory = FALSE;
sshc->rsa_pub = sshc->rsa = NULL;
- /* To ponder about: should really the lib be messing about with the
- HOME environment variable etc? */
- home = curl_getenv("HOME");
-
if(data->set.str[STRING_SSH_PRIVATE_KEY])
sshc->rsa = strdup(data->set.str[STRING_SSH_PRIVATE_KEY]);
else {
+ /* To ponder about: should really the lib be messing about with the
+ HOME environment variable etc? */
+ char *home = curl_getenv("HOME");
+
/* If no private key file is specified, try some common paths. */
if(home) {
/* Try ~/.ssh first. */
@@ -764,6 +759,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
Curl_safefree(sshc->rsa);
}
}
+ free(home);
}
if(!out_of_memory && !sshc->rsa) {
/* Nothing found; try the current dir. */
@@ -795,7 +791,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
}
if(out_of_memory || sshc->rsa == NULL) {
- free(home);
Curl_safefree(sshc->rsa);
Curl_safefree(sshc->rsa_pub);
state(conn, SSH_SESSION_FREE);
@@ -807,8 +802,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
if(!sshc->passphrase)
sshc->passphrase = "";
- free(home);
-
if(sshc->rsa_pub)
infof(data, "Using SSH public key file '%s'\n", sshc->rsa_pub);
infof(data, "Using SSH private key file '%s'\n", sshc->rsa);
@@ -3065,12 +3058,7 @@ static CURLcode ssh_done(struct connectdata *conn, CURLcode status)
struct SSHPROTO *sftp_scp = conn->data->req.protop;
if(!status) {
- /* run the state-machine
-
- TODO: when the multi interface is used, this _really_ should be using
- the ssh_multi_statemach function but we have no general support for
- non-blocking DONE operations!
- */
+ /* run the state-machine */
result = ssh_block_statemach(conn, FALSE);
}
else
diff --git a/libs/libcurl/src/tftp.c b/libs/libcurl/src/tftp.c
index 8b92b7bd68..289cda2825 100644
--- a/libs/libcurl/src/tftp.c
+++ b/libs/libcurl/src/tftp.c
@@ -1009,7 +1009,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
state->sockfd = state->conn->sock[FIRSTSOCKET];
state->state = TFTP_STATE_START;
state->error = TFTP_ERR_NONE;
- state->blksize = TFTP_BLKSIZE_DEFAULT;
+ state->blksize = blksize;
state->requested_blksize = blksize;
((struct sockaddr *)&state->local_addr)->sa_family =
diff --git a/libs/libcurl/src/timeval.c b/libs/libcurl/src/timeval.c
index ff8d8a69af..e2bd7fd143 100644
--- a/libs/libcurl/src/timeval.c
+++ b/libs/libcurl/src/timeval.c
@@ -66,7 +66,9 @@ struct curltime Curl_now(void)
** in any case the time starting point does not change once that the
** system has started up.
*/
+#ifdef HAVE_GETTIMEOFDAY
struct timeval now;
+#endif
struct curltime cnow;
struct timespec tsnow;
diff --git a/libs/libcurl/src/transfer.c b/libs/libcurl/src/transfer.c
index ca6031724b..514330e8c1 100644
--- a/libs/libcurl/src/transfer.c
+++ b/libs/libcurl/src/transfer.c
@@ -157,15 +157,8 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
size_t buffersize = bytes;
size_t nread;
-#ifndef CURL_DISABLE_HTTP
- struct curl_slist *trailers = NULL;
- CURLcode c;
- int trailers_ret_code;
-#endif
-
curl_read_callback readfunc = NULL;
void *extra_data = NULL;
- bool added_crlf = FALSE;
#ifdef CURL_DOES_CONVERSIONS
bool sending_http_headers = FALSE;
@@ -182,6 +175,10 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
#ifndef CURL_DISABLE_HTTP
if(data->state.trailers_state == TRAILERS_INITIALIZED) {
+ struct curl_slist *trailers = NULL;
+ CURLcode c;
+ int trailers_ret_code;
+
/* at this point we already verified that the callback exists
so we compile and store the trailers buffer, then proceed */
infof(data,
@@ -296,7 +293,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
here, knowing they'll become CRLFs later on.
*/
- char hexbuffer[11] = "";
+ bool added_crlf = FALSE;
int hexlen = 0;
const char *endofline_native;
const char *endofline_network;
@@ -317,6 +314,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
/* if we're not handling trailing data, proceed as usual */
if(data->state.trailers_state != TRAILERS_SENDING) {
+ char hexbuffer[11] = "";
hexlen = msnprintf(hexbuffer, sizeof(hexbuffer),
"%zx%s", nread, endofline_native);
@@ -463,7 +461,6 @@ CURLcode Curl_readrewind(struct connectdata *conn)
infof(data, "the ioctl callback returned %d\n", (int)err);
if(err) {
- /* FIXME: convert to a human readable error message */
failf(data, "ioctl callback returned error %d", (int)err);
return CURLE_SEND_FAIL_REWIND;
}
@@ -506,35 +503,6 @@ static int data_pending(const struct connectdata *conn)
#endif
}
-static void read_rewind(struct connectdata *conn,
- size_t thismuch)
-{
- DEBUGASSERT(conn->read_pos >= thismuch);
-
- conn->read_pos -= thismuch;
- conn->bits.stream_was_rewound = TRUE;
-
-#ifdef DEBUGBUILD
- {
- char buf[512 + 1];
- size_t show;
-
- show = CURLMIN(conn->buf_len - conn->read_pos, sizeof(buf)-1);
- if(conn->master_buffer) {
- memcpy(buf, conn->master_buffer + conn->read_pos, show);
- buf[show] = '\0';
- }
- else {
- buf[0] = '\0';
- }
-
- DEBUGF(infof(conn->data,
- "Buffer after stream rewind (read_pos = %zu): [%s]\n",
- conn->read_pos, buf));
- }
-#endif
-}
-
/*
* Check to see if CURLOPT_TIMECONDITION was met by comparing the time of the
* remote document with the time provided by CURLOPT_TIMEVAL
@@ -609,9 +577,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
conn->httpversion == 20) &&
#endif
k->size != -1 && !k->header) {
- /* make sure we don't read "too much" if we can help it since we
- might be pipelining and then someone else might want to read what
- follows! */
+ /* make sure we don't read too much */
curl_off_t totalleft = k->size - k->bytecount;
if(totalleft < (curl_off_t)bytestoread)
bytestoread = (size_t)totalleft;
@@ -650,7 +616,7 @@ static CURLcode readwrite_data(struct Curl_easy *data,
if(0 < nread || is_empty_data) {
k->buf[nread] = 0;
}
- else if(0 >= nread) {
+ else {
/* if we receive 0 or less here, the server closed the connection
and we bail out from this! */
DEBUGF(infof(data, "nread <= 0, server closed connection, bailing\n"));
@@ -693,20 +659,11 @@ static CURLcode readwrite_data(struct Curl_easy *data,
/* We've stopped dealing with input, get out of the do-while loop */
if(nread > 0) {
- if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) {
- infof(data,
- "Rewinding stream by : %zd"
- " bytes on url %s (zero-length body)\n",
- nread, data->state.up.path);
- read_rewind(conn, (size_t)nread);
- }
- else {
- infof(data,
- "Excess found in a non pipelined read:"
- " excess = %zd"
- " url = %s (zero-length body)\n",
- nread, data->state.up.path);
- }
+ infof(data,
+ "Excess found:"
+ " excess = %zd"
+ " url = %s (zero-length body)\n",
+ nread, data->state.up.path);
}
break;
@@ -837,19 +794,12 @@ static CURLcode readwrite_data(struct Curl_easy *data,
/* There are now possibly N number of bytes at the end of the
str buffer that weren't written to the client.
-
- We DO care about this data if we are pipelining.
Push it back to be read on the next pass. */
dataleft = conn->chunk.dataleft;
if(dataleft != 0) {
infof(conn->data, "Leftovers after chunking: %zu bytes\n",
dataleft);
- if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) {
- /* only attempt the rewind if we truly are pipelining */
- infof(conn->data, "Rewinding %zu bytes\n",dataleft);
- read_rewind(conn, dataleft);
- }
}
}
/* If it returned OK, we just keep going */
@@ -868,25 +818,13 @@ static CURLcode readwrite_data(struct Curl_easy *data,
excess = (size_t)(k->bytecount + nread - k->maxdownload);
if(excess > 0 && !k->ignorebody) {
- if(Curl_pipeline_wanted(conn->data->multi, CURLPIPE_HTTP1)) {
- infof(data,
- "Rewinding stream by : %zu"
- " bytes on url %s (size = %" CURL_FORMAT_CURL_OFF_T
- ", maxdownload = %" CURL_FORMAT_CURL_OFF_T
- ", bytecount = %" CURL_FORMAT_CURL_OFF_T ", nread = %zd)\n",
- excess, data->state.up.path,
- k->size, k->maxdownload, k->bytecount, nread);
- read_rewind(conn, excess);
- }
- else {
- infof(data,
- "Excess found in a non pipelined read:"
- " excess = %zu"
- ", size = %" CURL_FORMAT_CURL_OFF_T
- ", maxdownload = %" CURL_FORMAT_CURL_OFF_T
- ", bytecount = %" CURL_FORMAT_CURL_OFF_T "\n",
- excess, k->size, k->maxdownload, k->bytecount);
- }
+ infof(data,
+ "Excess found in a read:"
+ " excess = %zu"
+ ", size = %" CURL_FORMAT_CURL_OFF_T
+ ", maxdownload = %" CURL_FORMAT_CURL_OFF_T
+ ", bytecount = %" CURL_FORMAT_CURL_OFF_T "\n",
+ excess, k->size, k->maxdownload, k->bytecount);
}
nread = (ssize_t) (k->maxdownload - k->bytecount);
@@ -1565,6 +1503,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
data->state.authhost.picked &= data->state.authhost.want;
data->state.authproxy.picked &= data->state.authproxy.want;
+#ifndef CURL_DISABLE_FTP
if(data->state.wildcardmatch) {
struct WildcardData *wc = &data->wildcard;
if(wc->state < CURLWC_INIT) {
@@ -1573,6 +1512,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
return CURLE_OUT_OF_MEMORY;
}
}
+#endif
}
return result;
diff --git a/libs/libcurl/src/url.c b/libs/libcurl/src/url.c
index eb09a24be2..c441ae7165 100644
--- a/libs/libcurl/src/url.c
+++ b/libs/libcurl/src/url.c
@@ -109,14 +109,12 @@ bool curl_win32_idn_to_ascii(const char *in, char **out);
#include "connect.h"
#include "inet_ntop.h"
#include "http_ntlm.h"
-#include "curl_ntlm_wb.h"
#include "socks.h"
#include "curl_rtmp.h"
#include "gopher.h"
#include "http_proxy.h"
#include "conncache.h"
#include "multihandle.h"
-#include "pipeline.h"
#include "dotdot.h"
#include "strdup.h"
#include "setopt.h"
@@ -187,11 +185,11 @@ static const struct Curl_handler * const protocols[] = {
&Curl_handler_tftp,
#endif
-#if defined(USE_LIBSSH2) || defined(USE_LIBSSH)
+#if defined(USE_SSH)
&Curl_handler_scp,
#endif
-#if defined(USE_LIBSSH2) || defined(USE_LIBSSH)
+#if defined(USE_SSH)
&Curl_handler_sftp,
#endif
@@ -304,8 +302,7 @@ static void up_free(struct Curl_easy *data)
Curl_safefree(up->options);
Curl_safefree(up->path);
Curl_safefree(up->query);
- if(data->set.uh != data->state.uh)
- curl_url_cleanup(data->state.uh);
+ curl_url_cleanup(data->state.uh);
data->state.uh = NULL;
}
@@ -381,7 +378,9 @@ CURLcode Curl_close(struct Curl_easy *data)
Curl_altsvc_cleanup(data->asi);
data->asi = NULL;
#endif
- Curl_digest_cleanup(data);
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
+ Curl_http_auth_cleanup_digest(data);
+#endif
Curl_safefree(data->info.contenttype);
Curl_safefree(data->info.wouldredirect);
@@ -440,11 +439,12 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->httpreq = HTTPREQ_GET; /* Default HTTP request */
set->rtspreq = RTSPREQ_OPTIONS; /* Default RTSP request */
+#ifndef CURL_DISABLE_FILE
set->ftp_use_epsv = TRUE; /* FTP defaults to EPSV operations */
set->ftp_use_eprt = TRUE; /* FTP defaults to EPRT operations */
set->ftp_use_pret = FALSE; /* mainly useful for drftpd servers */
set->ftp_filemethod = FTPFILE_MULTICWD;
-
+#endif
set->dns_cache_timeout = 60; /* Timeout every 60 seconds by default */
/* Set the default size of the SSL session ID cache */
@@ -543,6 +543,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->fnmatch = ZERO_NULL;
set->upkeep_interval_ms = CURL_UPKEEP_INTERVAL_DEFAULT;
set->maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */
+ set->maxage_conn = 118;
set->http09_allowed = TRUE;
set->httpversion =
#ifdef USE_NGHTTP2
@@ -694,11 +695,6 @@ static void conn_shutdown(struct connectdata *conn)
if(CURL_SOCKET_BAD != conn->tempsock[1])
Curl_closesocket(conn, conn->tempsock[1]);
-#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
- defined(NTLM_WB_ENABLED)
- Curl_ntlm_wb_cleanup(conn);
-#endif
-
/* unlink ourselves. this should be called last since other shutdown
procedures need a valid conn->data and this may clear it. */
Curl_conncache_remove_conn(conn->data, conn, TRUE);
@@ -739,14 +735,10 @@ static void conn_free(struct connectdata *conn)
Curl_safefree(conn->secondaryhostname);
Curl_safefree(conn->http_proxy.host.rawalloc); /* http proxy name buffer */
Curl_safefree(conn->socks_proxy.host.rawalloc); /* socks proxy name buffer */
- Curl_safefree(conn->master_buffer);
Curl_safefree(conn->connect_state);
conn_reset_all_postponed_data(conn);
-
- Curl_llist_destroy(&conn->send_pipe, NULL);
- Curl_llist_destroy(&conn->recv_pipe, NULL);
-
+ Curl_llist_destroy(&conn->easyq, NULL);
Curl_safefree(conn->localdev);
Curl_free_primary_ssl_config(&conn->ssl_config);
Curl_free_primary_ssl_config(&conn->proxy_ssl_config);
@@ -804,17 +796,21 @@ CURLcode Curl_disconnect(struct Curl_easy *data,
#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
/* Cleanup NTLM connection-related data */
- Curl_http_ntlm_cleanup(conn);
+ Curl_http_auth_cleanup_ntlm(conn);
#endif
#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO)
/* Cleanup NEGOTIATE connection-related data */
- Curl_cleanup_negotiate(conn);
+ Curl_http_auth_cleanup_negotiate(conn);
#endif
/* the protocol specific disconnect handler and conn_shutdown need a transfer
for the connection! */
conn->data = data;
+ if(conn->bits.connect_only)
+ /* treat the connection as dead in CONNECT_ONLY situations */
+ dead_connection = TRUE;
+
if(conn->handler->disconnect)
/* This is set if protocol-specific cleanups should be made */
conn->handler->disconnect(conn, dead_connection);
@@ -843,28 +839,21 @@ static bool SocketIsDead(curl_socket_t sock)
}
/*
- * IsPipeliningPossible()
+ * IsMultiplexingPossible()
*
- * Return a bitmask with the available pipelining and multiplexing options for
- * the given requested connection.
+ * Return a bitmask with the available multiplexing options for the given
+ * requested connection.
*/
-static int IsPipeliningPossible(const struct Curl_easy *handle,
- const struct connectdata *conn)
+static int IsMultiplexingPossible(const struct Curl_easy *handle,
+ const struct connectdata *conn)
{
int avail = 0;
- /* If a HTTP protocol and pipelining is enabled */
+ /* If a HTTP protocol and multiplexing is enabled */
if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
(!conn->bits.protoconnstart || !conn->bits.close)) {
- if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) &&
- (handle->set.httpversion != CURL_HTTP_VERSION_1_0) &&
- (handle->set.httpreq == HTTPREQ_GET ||
- handle->set.httpreq == HTTPREQ_HEAD))
- /* didn't ask for HTTP/1.0 and a GET or HEAD */
- avail |= CURLPIPE_HTTP1;
-
- if(Curl_pipeline_wanted(handle->multi, CURLPIPE_MULTIPLEX) &&
+ if(Curl_multiplex_wanted(handle->multi) &&
(handle->set.httpversion >= CURL_HTTP_VERSION_2))
/* allows HTTP/2 */
avail |= CURLPIPE_MULTIPLEX;
@@ -872,84 +861,7 @@ static int IsPipeliningPossible(const struct Curl_easy *handle,
return avail;
}
-/* Returns non-zero if a handle was removed */
-int Curl_removeHandleFromPipeline(struct Curl_easy *handle,
- struct curl_llist *pipeline)
-{
- if(pipeline) {
- struct curl_llist_element *curr;
-
- curr = pipeline->head;
- while(curr) {
- if(curr->ptr == handle) {
- Curl_llist_remove(pipeline, curr, NULL);
- return 1; /* we removed a handle */
- }
- curr = curr->next;
- }
- }
-
- return 0;
-}
-
-#if 0 /* this code is saved here as it is useful for debugging purposes */
-static void Curl_printPipeline(struct curl_llist *pipeline)
-{
- struct curl_llist_element *curr;
-
- curr = pipeline->head;
- while(curr) {
- struct Curl_easy *data = (struct Curl_easy *) curr->ptr;
- infof(data, "Handle in pipeline: %s\n", data->state.path);
- curr = curr->next;
- }
-}
-#endif
-
-static struct Curl_easy* gethandleathead(struct curl_llist *pipeline)
-{
- struct curl_llist_element *curr = pipeline->head;
-#ifdef DEBUGBUILD
- {
- struct curl_llist_element *p = pipeline->head;
- while(p) {
- struct Curl_easy *e = p->ptr;
- DEBUGASSERT(GOOD_EASY_HANDLE(e));
- p = p->next;
- }
- }
-#endif
- if(curr) {
- return (struct Curl_easy *) curr->ptr;
- }
-
- return NULL;
-}
-
-/* remove the specified connection from all (possible) pipelines and related
- queues */
-void Curl_getoff_all_pipelines(struct Curl_easy *data,
- struct connectdata *conn)
-{
- if(!conn->bundle)
- return;
- if(conn->bundle->multiuse == BUNDLE_PIPELINING) {
- bool recv_head = (conn->readchannel_inuse &&
- Curl_recvpipe_head(data, conn));
- bool send_head = (conn->writechannel_inuse &&
- Curl_sendpipe_head(data, conn));
-
- if(Curl_removeHandleFromPipeline(data, &conn->recv_pipe) && recv_head)
- Curl_pipeline_leave_read(conn);
- if(Curl_removeHandleFromPipeline(data, &conn->send_pipe) && send_head)
- Curl_pipeline_leave_write(conn);
- }
- else {
- (void)Curl_removeHandleFromPipeline(data, &conn->recv_pipe);
- (void)Curl_removeHandleFromPipeline(data, &conn->send_pipe);
- }
-}
-
+#ifndef CURL_DISABLE_PROXY
static bool
proxy_info_matches(const struct proxy_info* data,
const struct proxy_info* needle)
@@ -961,6 +873,10 @@ proxy_info_matches(const struct proxy_info* data,
return FALSE;
}
+#else
+/* disabled, won't get called */
+#define proxy_info_matches(x,y) FALSE
+#endif
/*
* This function checks if the given connection is dead and extracts it from
@@ -974,10 +890,8 @@ proxy_info_matches(const struct proxy_info* data,
static bool extract_if_dead(struct connectdata *conn,
struct Curl_easy *data)
{
- size_t pipeLen = conn->send_pipe.size + conn->recv_pipe.size;
- if(!pipeLen && !CONN_INUSE(conn) && !conn->data) {
- /* The check for a dead socket makes sense only if there are no
- handles in pipeline and the connection isn't already marked in
+ if(!CONN_INUSE(conn) && !conn->data) {
+ /* The check for a dead socket makes sense only if the connection isn't in
use */
bool dead;
if(conn->handler->connection_check) {
@@ -1047,13 +961,25 @@ static void prune_dead_connections(struct Curl_easy *data)
}
}
+/* A connection has to have been idle for a shorter time than 'maxage_conn' to
+ be subject for reuse. The success rate is just too low after this. */
-static size_t max_pipeline_length(struct Curl_multi *multi)
+static bool conn_maxage(struct Curl_easy *data,
+ struct connectdata *conn,
+ struct curltime now)
{
- return multi ? multi->max_pipeline_length : 0;
-}
-
+ if(!conn->data) {
+ timediff_t idletime = Curl_timediff(now, conn->lastused);
+ idletime /= 1000; /* integer seconds is fine */
+ if(idletime/1000 > data->set.maxage_conn) {
+ infof(data, "Too old connection (%ld seconds), disconnect it\n",
+ idletime);
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
/*
* Given one filled in connection struct (named needle), this function should
* detect if there already is one that has all the significant details
@@ -1063,8 +989,7 @@ static size_t max_pipeline_length(struct Curl_multi *multi)
* connection as 'in-use'. It must later be called with ConnectionDone() to
* return back to 'idle' (unused) state.
*
- * The force_reuse flag is set if the connection must be used, even if
- * the pipelining strategy wants to open a new connection instead of reusing.
+ * The force_reuse flag is set if the connection must be used.
*/
static bool
ConnectionExists(struct Curl_easy *data,
@@ -1076,8 +1001,9 @@ ConnectionExists(struct Curl_easy *data,
struct connectdata *check;
struct connectdata *chosen = 0;
bool foundPendingCandidate = FALSE;
- int canpipe = IsPipeliningPossible(data, needle);
+ bool canmultiplex = IsMultiplexingPossible(data, needle);
struct connectbundle *bundle;
+ struct curltime now = Curl_now();
#ifdef USE_NTLM
bool wantNTLMhttp = ((data->state.authhost.want &
@@ -1092,59 +1018,47 @@ ConnectionExists(struct Curl_easy *data,
*force_reuse = FALSE;
*waitpipe = FALSE;
- /* We can't pipeline if the site is blacklisted */
- if((canpipe & CURLPIPE_HTTP1) &&
- Curl_pipeline_site_blacklisted(data, needle))
- canpipe &= ~ CURLPIPE_HTTP1;
-
/* Look up the bundle with all the connections to this particular host.
Locks the connection cache, beware of early returns! */
bundle = Curl_conncache_find_bundle(needle, data->state.conn_cache);
if(bundle) {
/* Max pipe length is zero (unlimited) for multiplexed connections */
- size_t max_pipe_len = (bundle->multiuse != BUNDLE_MULTIPLEX)?
- max_pipeline_length(data->multi):0;
- size_t best_pipe_len = max_pipe_len;
struct curl_llist_element *curr;
infof(data, "Found bundle for host %s: %p [%s]\n",
(needle->bits.conn_to_host ? needle->conn_to_host.name :
needle->host.name), (void *)bundle,
- (bundle->multiuse == BUNDLE_PIPELINING ?
- "can pipeline" :
- (bundle->multiuse == BUNDLE_MULTIPLEX ?
- "can multiplex" : "serially")));
-
- /* We can't pipeline if we don't know anything about the server */
- if(canpipe) {
- if(bundle->multiuse <= BUNDLE_UNKNOWN) {
+ (bundle->multiuse == BUNDLE_MULTIPLEX ?
+ "can multiplex" : "serially"));
+
+ /* We can't multiplex if we don't know anything about the server */
+ if(canmultiplex) {
+ if(bundle->multiuse == BUNDLE_UNKNOWN) {
if((bundle->multiuse == BUNDLE_UNKNOWN) && data->set.pipewait) {
- infof(data, "Server doesn't support multi-use yet, wait\n");
+ infof(data, "Server doesn't support multiplex yet, wait\n");
*waitpipe = TRUE;
Curl_conncache_unlock(data);
return FALSE; /* no re-use */
}
- infof(data, "Server doesn't support multi-use (yet)\n");
- canpipe = 0;
- }
- if((bundle->multiuse == BUNDLE_PIPELINING) &&
- !Curl_pipeline_wanted(data->multi, CURLPIPE_HTTP1)) {
- /* not asked for, switch off */
- infof(data, "Could pipeline, but not asked to!\n");
- canpipe = 0;
+ infof(data, "Server doesn't support multiplex (yet)\n");
+ canmultiplex = FALSE;
}
- else if((bundle->multiuse == BUNDLE_MULTIPLEX) &&
- !Curl_pipeline_wanted(data->multi, CURLPIPE_MULTIPLEX)) {
+ if((bundle->multiuse == BUNDLE_MULTIPLEX) &&
+ !Curl_multiplex_wanted(data->multi)) {
infof(data, "Could multiplex, but not asked to!\n");
- canpipe = 0;
+ canmultiplex = FALSE;
+ }
+ if(bundle->multiuse == BUNDLE_NO_MULTIUSE) {
+ infof(data, "Can not multiplex, even if we wanted to!\n");
+ canmultiplex = FALSE;
}
}
curr = bundle->conn_list.head;
while(curr) {
bool match = FALSE;
- size_t pipeLen;
+ size_t multiplexed;
/*
* Note that if we use a HTTP proxy in normal mode (no tunneling), we
@@ -1157,35 +1071,21 @@ ConnectionExists(struct Curl_easy *data,
/* connect-only connections will not be reused */
continue;
- if(extract_if_dead(check, data)) {
+ if(conn_maxage(data, check, now) || extract_if_dead(check, data)) {
/* disconnect it */
(void)Curl_disconnect(data, check, /* dead_connection */TRUE);
continue;
}
- pipeLen = check->send_pipe.size + check->recv_pipe.size;
+ multiplexed = CONN_INUSE(check) &&
+ (bundle->multiuse == BUNDLE_MULTIPLEX);
- if(canpipe) {
+ if(canmultiplex) {
if(check->bits.protoconnstart && check->bits.close)
continue;
-
- if(!check->bits.multiplex) {
- /* If not multiplexing, make sure the connection is fine for HTTP/1
- pipelining */
- struct Curl_easy* sh = gethandleathead(&check->send_pipe);
- struct Curl_easy* rh = gethandleathead(&check->recv_pipe);
- if(sh) {
- if(!(IsPipeliningPossible(sh, check) & CURLPIPE_HTTP1))
- continue;
- }
- else if(rh) {
- if(!(IsPipeliningPossible(rh, check) & CURLPIPE_HTTP1))
- continue;
- }
- }
}
else {
- if(pipeLen > 0) {
+ if(multiplexed) {
/* can only happen within multi handles, and means that another easy
handle is using this connection */
continue;
@@ -1210,13 +1110,6 @@ ConnectionExists(struct Curl_easy *data,
to get closed. */
infof(data, "Connection #%ld isn't open enough, can't reuse\n",
check->connection_id);
-#ifdef DEBUGBUILD
- if(check->recv_pipe.size > 0) {
- infof(data,
- "BAD! Unconnected #%ld has a non-empty recv pipeline!\n",
- check->connection_id);
- }
-#endif
continue;
}
}
@@ -1287,15 +1180,15 @@ ConnectionExists(struct Curl_easy *data,
}
}
- if(!canpipe && check->data)
- /* this request can't be pipelined but the checked connection is
+ if(!canmultiplex && check->data)
+ /* this request can't be multiplexed but the checked connection is
already in use so we skip it */
continue;
if(CONN_INUSE(check) && check->data &&
(check->data->multi != needle->data->multi))
- /* this could be subject for pipeline/multiplex use, but only if they
- belong to the same multi handle */
+ /* this could be subject for multiplex use, but only if they belong to
+ * the same multi handle */
continue;
if(needle->localdev || needle->localport) {
@@ -1386,7 +1279,7 @@ ConnectionExists(struct Curl_easy *data,
strcmp(needle->passwd, check->passwd))
continue;
}
- else if(check->ntlm.state != NTLMSTATE_NONE) {
+ else if(check->http_ntlm_state != NTLMSTATE_NONE) {
/* Connection is using NTLM auth but we don't want NTLM */
continue;
}
@@ -1402,7 +1295,7 @@ ConnectionExists(struct Curl_easy *data,
strcmp(needle->http_proxy.passwd, check->http_proxy.passwd))
continue;
}
- else if(check->proxyntlm.state != NTLMSTATE_NONE) {
+ else if(check->proxy_ntlm_state != NTLMSTATE_NONE) {
/* Proxy connection is using NTLM auth but we don't want NTLM */
continue;
}
@@ -1412,9 +1305,9 @@ ConnectionExists(struct Curl_easy *data,
chosen = check;
if((wantNTLMhttp &&
- (check->ntlm.state != NTLMSTATE_NONE)) ||
+ (check->http_ntlm_state != NTLMSTATE_NONE)) ||
(wantProxyNTLMhttp &&
- (check->proxyntlm.state != NTLMSTATE_NONE))) {
+ (check->proxy_ntlm_state != NTLMSTATE_NONE))) {
/* We must use this connection, no other */
*force_reuse = TRUE;
break;
@@ -1424,55 +1317,32 @@ ConnectionExists(struct Curl_easy *data,
continue;
}
#endif
- if(canpipe) {
- /* We can pipeline if we want to. Let's continue looking for
- the optimal connection to use, i.e the shortest pipe that is not
- blacklisted. */
+ if(canmultiplex) {
+ /* We can multiplex if we want to. Let's continue looking for
+ the optimal connection to use. */
- if(pipeLen == 0) {
+ if(!multiplexed) {
/* We have the optimal connection. Let's stop looking. */
chosen = check;
break;
}
- /* We can't use the connection if the pipe is full */
- if(max_pipe_len && (pipeLen >= max_pipe_len)) {
- infof(data, "Pipe is full, skip (%zu)\n", pipeLen);
- continue;
- }
#ifdef USE_NGHTTP2
/* If multiplexed, make sure we don't go over concurrency limit */
if(check->bits.multiplex) {
/* Multiplexed connections can only be HTTP/2 for now */
struct http_conn *httpc = &check->proto.httpc;
- if(pipeLen >= httpc->settings.max_concurrent_streams) {
+ if(multiplexed >= httpc->settings.max_concurrent_streams) {
infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)\n",
- pipeLen);
+ multiplexed);
continue;
}
}
#endif
- /* We can't use the connection if the pipe is penalized */
- if(Curl_pipeline_penalized(data, check)) {
- infof(data, "Penalized, skip\n");
- continue;
- }
-
- if(max_pipe_len) {
- if(pipeLen < best_pipe_len) {
- /* This connection has a shorter pipe so far. We'll pick this
- and continue searching */
- chosen = check;
- best_pipe_len = pipeLen;
- continue;
- }
- }
- else {
- /* When not pipelining (== multiplexed), we have a match here! */
- chosen = check;
- infof(data, "Multiplexed connection found!\n");
- break;
- }
+ /* When not multiplexed, we have a match here! */
+ chosen = check;
+ infof(data, "Multiplexed connection found!\n");
+ break;
}
else {
/* We have found a connection. Let's stop searching. */
@@ -1874,16 +1744,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
conn->http_proxy.proxytype = data->set.proxytype;
conn->socks_proxy.proxytype = CURLPROXY_SOCKS4;
-#ifdef CURL_DISABLE_PROXY
-
- conn->bits.proxy = FALSE;
- conn->bits.httpproxy = FALSE;
- conn->bits.socksproxy = FALSE;
- conn->bits.proxy_user_passwd = FALSE;
- conn->bits.tunnel_proxy = FALSE;
-
-#else /* CURL_DISABLE_PROXY */
-
+#if !defined(CURL_DISABLE_PROXY)
/* note that these two proxy bits are now just on what looks to be
requested, they may be altered down the road */
conn->bits.proxy = (data->set.str[STRING_PROXY] &&
@@ -1904,13 +1765,13 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
conn->bits.proxy_user_passwd =
(data->set.str[STRING_PROXYUSERNAME]) ? TRUE : FALSE;
conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy;
-
#endif /* CURL_DISABLE_PROXY */
conn->bits.user_passwd = (data->set.str[STRING_USERNAME]) ? TRUE : FALSE;
+#ifndef CURL_DISABLE_FTP
conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
-
+#endif
conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
@@ -1924,22 +1785,10 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
defined(NTLM_WB_ENABLED)
conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
- conn->ntlm_auth_hlpr_pid = 0;
- conn->challenge_header = NULL;
- conn->response_header = NULL;
#endif
- if(Curl_pipeline_wanted(data->multi, CURLPIPE_HTTP1) &&
- !conn->master_buffer) {
- /* Allocate master_buffer to be used for HTTP/1 pipelining */
- conn->master_buffer = calloc(MASTERBUF_SIZE, sizeof(char));
- if(!conn->master_buffer)
- goto error;
- }
-
- /* Initialize the pipeline lists */
- Curl_llist_init(&conn->send_pipe, (curl_llist_dtor) llist_dtor);
- Curl_llist_init(&conn->recv_pipe, (curl_llist_dtor) llist_dtor);
+ /* Initialize the easy handle list */
+ Curl_llist_init(&conn->easyq, (curl_llist_dtor) llist_dtor);
#ifdef HAVE_GSSAPI
conn->data_prot = PROT_CLEAR;
@@ -1962,10 +1811,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
return conn;
error:
- Curl_llist_destroy(&conn->send_pipe, NULL);
- Curl_llist_destroy(&conn->recv_pipe, NULL);
-
- free(conn->master_buffer);
+ Curl_llist_destroy(&conn->easyq, NULL);
free(conn->localdev);
#ifdef USE_SSL
free(conn->ssl_extra);
@@ -2052,7 +1898,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
/* parse the URL */
if(data->set.uh) {
- uh = data->state.uh = data->set.uh;
+ uh = data->state.uh = curl_url_dup(data->set.uh);
}
else {
uh = data->state.uh = curl_url();
@@ -2156,61 +2002,40 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
hostname = (char *)"";
if(hostname[0] == '[') {
- /* This looks like an IPv6 address literal. See if there is an address
+ /* This looks like an IPv6 address literal. See if there is an address
scope. */
- char *percent = strchr(++hostname, '%');
+ char *zoneid;
+ size_t hlen;
+ uc = curl_url_get(uh, CURLUPART_ZONEID, &zoneid, 0);
conn->bits.ipv6_ip = TRUE;
- if(percent) {
- unsigned int identifier_offset = 3;
+
+ /* cut off the brackets! */
+ hostname++;
+ hlen = strlen(hostname);
+ hostname[hlen - 1] = 0;
+ if(!uc && zoneid) {
char *endp;
unsigned long scope;
- if(strncmp("%25", percent, 3) != 0) {
- infof(data,
- "Please URL encode %% as %%25, see RFC 6874.\n");
- identifier_offset = 1;
- }
- scope = strtoul(percent + identifier_offset, &endp, 10);
- if(*endp == ']') {
- /* The address scope was well formed. Knock it out of the
- hostname. */
- memmove(percent, endp, strlen(endp) + 1);
+ scope = strtoul(zoneid, &endp, 10);
+ if(!*endp && (scope < UINT_MAX)) {
+ /* A plain number, use it direcly as a scope id. */
conn->scope_id = (unsigned int)scope;
}
+#ifdef HAVE_IF_NAMETOINDEX
else {
/* Zone identifier is not numeric */
-#if defined(HAVE_NET_IF_H) && defined(IFNAMSIZ) && defined(HAVE_IF_NAMETOINDEX)
- char ifname[IFNAMSIZ + 2];
- char *square_bracket;
unsigned int scopeidx = 0;
- strncpy(ifname, percent + identifier_offset, IFNAMSIZ + 2);
- /* Ensure nullbyte termination */
- ifname[IFNAMSIZ + 1] = '\0';
- square_bracket = strchr(ifname, ']');
- if(square_bracket) {
- /* Remove ']' */
- *square_bracket = '\0';
- scopeidx = if_nametoindex(ifname);
- if(scopeidx == 0) {
- infof(data, "Invalid network interface: %s; %s\n", ifname,
- strerror(errno));
- }
- }
- if(scopeidx > 0) {
- char *p = percent + identifier_offset + strlen(ifname);
-
- /* Remove zone identifier from hostname */
- memmove(percent, p, strlen(p) + 1);
- conn->scope_id = scopeidx;
- }
+ scopeidx = if_nametoindex(zoneid);
+ if(!scopeidx)
+ infof(data, "Invalid zoneid id: %s; %s\n", zoneid,
+ strerror(errno));
else
-#endif /* HAVE_NET_IF_H && IFNAMSIZ */
- infof(data, "Invalid IPv6 address format\n");
+ conn->scope_id = scopeidx;
+
}
+#endif /* HAVE_IF_NAMETOINDEX */
+ free(zoneid);
}
- percent = strchr(hostname, ']');
- if(percent)
- /* terminate IPv6 numerical at end bracket */
- *percent = 0;
}
/* make sure the connect struct gets its own copy of the host name */
@@ -2473,46 +2298,55 @@ static CURLcode parse_proxy(struct Curl_easy *data,
struct connectdata *conn, char *proxy,
curl_proxytype proxytype)
{
- char *prox_portno;
- char *endofprot;
-
- /* We use 'proxyptr' to point to the proxy name from now on... */
- char *proxyptr;
char *portptr;
- char *atsign;
long port = -1;
char *proxyuser = NULL;
char *proxypasswd = NULL;
+ char *host;
bool sockstype;
+ CURLUcode uc;
+ struct proxy_info *proxyinfo;
+ CURLU *uhp = curl_url();
+ CURLcode result = CURLE_OK;
+ char *scheme = NULL;
- /* We do the proxy host string parsing here. We want the host name and the
- * port name. Accept a protocol:// prefix
- */
+ /* When parsing the proxy, allowing non-supported schemes since we have
+ these made up ones for proxies. Guess scheme for URLs without it. */
+ uc = curl_url_set(uhp, CURLUPART_URL, proxy,
+ CURLU_NON_SUPPORT_SCHEME|CURLU_GUESS_SCHEME);
+ if(!uc) {
+ /* parsed okay as a URL */
+ uc = curl_url_get(uhp, CURLUPART_SCHEME, &scheme, 0);
+ if(uc) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto error;
+ }
- /* Parse the protocol part if present */
- endofprot = strstr(proxy, "://");
- if(endofprot) {
- proxyptr = endofprot + 3;
- if(checkprefix("https", proxy))
+ if(strcasecompare("https", scheme))
proxytype = CURLPROXY_HTTPS;
- else if(checkprefix("socks5h", proxy))
+ else if(strcasecompare("socks5h", scheme))
proxytype = CURLPROXY_SOCKS5_HOSTNAME;
- else if(checkprefix("socks5", proxy))
+ else if(strcasecompare("socks5", scheme))
proxytype = CURLPROXY_SOCKS5;
- else if(checkprefix("socks4a", proxy))
+ else if(strcasecompare("socks4a", scheme))
proxytype = CURLPROXY_SOCKS4A;
- else if(checkprefix("socks4", proxy) || checkprefix("socks", proxy))
+ else if(strcasecompare("socks4", scheme) ||
+ strcasecompare("socks", scheme))
proxytype = CURLPROXY_SOCKS4;
- else if(checkprefix("http:", proxy))
+ else if(strcasecompare("http", scheme))
; /* leave it as HTTP or HTTP/1.0 */
else {
/* Any other xxx:// reject! */
failf(data, "Unsupported proxy scheme for \'%s\'", proxy);
- return CURLE_COULDNT_CONNECT;
+ result = CURLE_COULDNT_CONNECT;
+ goto error;
}
}
- else
- proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */
+ else {
+ failf(data, "Unsupported proxy syntax in \'%s\'", proxy);
+ result = CURLE_COULDNT_RESOLVE_PROXY;
+ goto error;
+ }
#ifdef USE_SSL
if(!(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY))
@@ -2520,93 +2354,44 @@ static CURLcode parse_proxy(struct Curl_easy *data,
if(proxytype == CURLPROXY_HTTPS) {
failf(data, "Unsupported proxy \'%s\', libcurl is built without the "
"HTTPS-proxy support.", proxy);
- return CURLE_NOT_BUILT_IN;
+ result = CURLE_NOT_BUILT_IN;
+ goto error;
}
- sockstype = proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
- proxytype == CURLPROXY_SOCKS5 ||
- proxytype == CURLPROXY_SOCKS4A ||
- proxytype == CURLPROXY_SOCKS4;
+ sockstype =
+ proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
+ proxytype == CURLPROXY_SOCKS5 ||
+ proxytype == CURLPROXY_SOCKS4A ||
+ proxytype == CURLPROXY_SOCKS4;
- /* Is there a username and password given in this proxy url? */
- atsign = strchr(proxyptr, '@');
- if(atsign) {
- CURLcode result =
- Curl_parse_login_details(proxyptr, atsign - proxyptr,
- &proxyuser, &proxypasswd, NULL);
- if(result)
- return result;
- proxyptr = atsign + 1;
- }
-
- /* start scanning for port number at this point */
- portptr = proxyptr;
+ proxyinfo = sockstype ? &conn->socks_proxy : &conn->http_proxy;
+ proxyinfo->proxytype = proxytype;
- /* detect and extract RFC6874-style IPv6-addresses */
- if(*proxyptr == '[') {
- char *ptr = ++proxyptr; /* advance beyond the initial bracket */
- while(*ptr && (ISXDIGIT(*ptr) || (*ptr == ':') || (*ptr == '.')))
- ptr++;
- if(*ptr == '%') {
- /* There might be a zone identifier */
- if(strncmp("%25", ptr, 3))
- infof(data, "Please URL encode %% as %%25, see RFC 6874.\n");
- ptr++;
- /* Allow unreserved characters as defined in RFC 3986 */
- while(*ptr && (ISALPHA(*ptr) || ISXDIGIT(*ptr) || (*ptr == '-') ||
- (*ptr == '.') || (*ptr == '_') || (*ptr == '~')))
- ptr++;
+ /* Is there a username and password given in this proxy url? */
+ curl_url_get(uhp, CURLUPART_USER, &proxyuser, CURLU_URLDECODE);
+ curl_url_get(uhp, CURLUPART_PASSWORD, &proxypasswd, CURLU_URLDECODE);
+ if(proxyuser || proxypasswd) {
+ Curl_safefree(proxyinfo->user);
+ proxyinfo->user = proxyuser;
+ Curl_safefree(proxyinfo->passwd);
+ if(!proxypasswd) {
+ proxypasswd = strdup("");
+ if(!proxypasswd) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto error;
+ }
}
- if(*ptr == ']')
- /* yeps, it ended nicely with a bracket as well */
- *ptr++ = 0;
- else
- infof(data, "Invalid IPv6 address format\n");
- portptr = ptr;
- /* Note that if this didn't end with a bracket, we still advanced the
- * proxyptr first, but I can't see anything wrong with that as no host
- * name nor a numeric can legally start with a bracket.
- */
+ proxyinfo->passwd = proxypasswd;
+ conn->bits.proxy_user_passwd = TRUE; /* enable it */
}
- /* Get port number off proxy.server.com:1080 */
- prox_portno = strchr(portptr, ':');
- if(prox_portno) {
- char *endp = NULL;
+ curl_url_get(uhp, CURLUPART_PORT, &portptr, 0);
- *prox_portno = 0x0; /* cut off number from host name */
- prox_portno ++;
- /* now set the local port number */
- port = strtol(prox_portno, &endp, 10);
- if((endp && *endp && (*endp != '/') && (*endp != ' ')) ||
- (port < 0) || (port > 65535)) {
- /* meant to detect for example invalid IPv6 numerical addresses without
- brackets: "2a00:fac0:a000::7:13". Accept a trailing slash only
- because we then allow "URL style" with the number followed by a
- slash, used in curl test cases already. Space is also an acceptable
- terminating symbol. */
- infof(data, "No valid port number in proxy string (%s)\n",
- prox_portno);
- }
- else
- conn->port = port;
+ if(portptr) {
+ port = strtol(portptr, NULL, 10);
+ free(portptr);
}
else {
- if(proxyptr[0]=='/') {
- /* If the first character in the proxy string is a slash, fail
- immediately. The following code will otherwise clear the string which
- will lead to code running as if no proxy was set! */
- Curl_safefree(proxyuser);
- Curl_safefree(proxypasswd);
- return CURLE_COULDNT_RESOLVE_PROXY;
- }
-
- /* without a port number after the host name, some people seem to use
- a slash so we strip everything from the first slash */
- atsign = strchr(proxyptr, '/');
- if(atsign)
- *atsign = '\0'; /* cut off path part from host name */
-
if(data->set.proxyport)
/* None given in the proxy string, then get the default one if it is
given */
@@ -2618,57 +2403,32 @@ static CURLcode parse_proxy(struct Curl_easy *data,
port = CURL_DEFAULT_PROXY_PORT;
}
}
-
- if(*proxyptr) {
- struct proxy_info *proxyinfo =
- sockstype ? &conn->socks_proxy : &conn->http_proxy;
- proxyinfo->proxytype = proxytype;
-
- if(proxyuser) {
- /* found user and password, rip them out. note that we are unescaping
- them, as there is otherwise no way to have a username or password
- with reserved characters like ':' in them. */
- Curl_safefree(proxyinfo->user);
- proxyinfo->user = curl_easy_unescape(data, proxyuser, 0, NULL);
- Curl_safefree(proxyuser);
-
- if(!proxyinfo->user) {
- Curl_safefree(proxypasswd);
- return CURLE_OUT_OF_MEMORY;
- }
-
- Curl_safefree(proxyinfo->passwd);
- if(proxypasswd && strlen(proxypasswd) < MAX_CURL_PASSWORD_LENGTH)
- proxyinfo->passwd = curl_easy_unescape(data, proxypasswd, 0, NULL);
- else
- proxyinfo->passwd = strdup("");
- Curl_safefree(proxypasswd);
-
- if(!proxyinfo->passwd)
- return CURLE_OUT_OF_MEMORY;
-
- conn->bits.proxy_user_passwd = TRUE; /* enable it */
- }
-
- if(port >= 0) {
- proxyinfo->port = port;
- if(conn->port < 0 || sockstype || !conn->socks_proxy.host.rawalloc)
- conn->port = port;
- }
-
- /* now, clone the cleaned proxy host name */
- Curl_safefree(proxyinfo->host.rawalloc);
- proxyinfo->host.rawalloc = strdup(proxyptr);
- proxyinfo->host.name = proxyinfo->host.rawalloc;
-
- if(!proxyinfo->host.rawalloc)
- return CURLE_OUT_OF_MEMORY;
+ if(port >= 0) {
+ proxyinfo->port = port;
+ if(conn->port < 0 || sockstype || !conn->socks_proxy.host.rawalloc)
+ conn->port = port;
}
- Curl_safefree(proxyuser);
- Curl_safefree(proxypasswd);
+ /* now, clone the proxy host name */
+ uc = curl_url_get(uhp, CURLUPART_HOST, &host, CURLU_URLDECODE);
+ if(uc) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto error;
+ }
+ Curl_safefree(proxyinfo->host.rawalloc);
+ proxyinfo->host.rawalloc = host;
+ if(host[0] == '[') {
+ /* this is a numerical IPv6, strip off the brackets */
+ size_t len = strlen(host);
+ host[len-1] = 0; /* clear the trailing bracket */
+ host++;
+ }
+ proxyinfo->host.name = host;
- return CURLE_OK;
+ error:
+ free(scheme);
+ curl_url_cleanup(uhp);
+ return result;
}
/*
@@ -3614,11 +3374,7 @@ static void reuse_conn(struct connectdata *old_conn,
Curl_safefree(old_conn->http_proxy.passwd);
Curl_safefree(old_conn->socks_proxy.passwd);
Curl_safefree(old_conn->localdev);
-
- Curl_llist_destroy(&old_conn->send_pipe, NULL);
- Curl_llist_destroy(&old_conn->recv_pipe, NULL);
-
- Curl_safefree(old_conn->master_buffer);
+ Curl_llist_destroy(&old_conn->easyq, NULL);
#ifdef USE_UNIX_SOCKETS
Curl_safefree(old_conn->unix_domain_socket);
@@ -3933,12 +3689,12 @@ static CURLcode create_conn(struct Curl_easy *data,
reuse = ConnectionExists(data, conn, &conn_temp, &force_reuse, &waitpipe);
/* If we found a reusable connection that is now marked as in use, we may
- still want to open a new connection if we are pipelining. */
- if(reuse && !force_reuse && IsPipeliningPossible(data, conn_temp)) {
- size_t pipelen = conn_temp->send_pipe.size + conn_temp->recv_pipe.size;
- if(pipelen > 0) {
- infof(data, "Found connection %ld, with requests in the pipe (%zu)\n",
- conn_temp->connection_id, pipelen);
+ still want to open a new connection if we are multiplexing. */
+ if(reuse && !force_reuse && IsMultiplexingPossible(data, conn_temp)) {
+ size_t multiplexed = CONN_INUSE(conn_temp);
+ if(multiplexed > 0) {
+ infof(data, "Found connection %ld, with %zu requests on it\n",
+ conn_temp->connection_id, multiplexed);
if(Curl_conncache_bundle_size(conn_temp) < max_host_connections &&
Curl_conncache_size(data) < max_total_connections) {
@@ -3988,7 +3744,7 @@ static CURLcode create_conn(struct Curl_easy *data,
}
if(waitpipe)
- /* There is a connection that *might* become usable for pipelining
+ /* There is a connection that *might* become usable for multiplexing
"soon", and we wait for that */
connections_available = FALSE;
else {
@@ -4201,7 +3957,7 @@ CURLcode Curl_connect(struct Curl_easy *data,
if(!result) {
if(CONN_INUSE(conn))
- /* pipelining */
+ /* multiplexed */
*protocol_done = TRUE;
else if(!*asyncp) {
/* DNS resolution is done: that's either because this is a reused
@@ -4219,7 +3975,7 @@ CURLcode Curl_connect(struct Curl_easy *data,
connectdata struct, free those here */
Curl_disconnect(data, conn, TRUE);
}
- else if(!data->conn)
+ else if(!result && !data->conn)
/* FILE: transfers already have the connection attached */
Curl_attach_connnection(data, conn);
diff --git a/libs/libcurl/src/url.h b/libs/libcurl/src/url.h
index fbd8ef9250..4db9e86532 100644
--- a/libs/libcurl/src/url.h
+++ b/libs/libcurl/src/url.h
@@ -71,14 +71,7 @@ int Curl_doing_getsock(struct connectdata *conn,
CURLcode Curl_parse_login_details(const char *login, const size_t len,
char **userptr, char **passwdptr,
char **optionsptr);
-
-int Curl_removeHandleFromPipeline(struct Curl_easy *handle,
- struct curl_llist *pipeline);
-/* remove the specified connection from all (possible) pipelines and related
- queues */
-void Curl_getoff_all_pipelines(struct Curl_easy *data,
- struct connectdata *conn);
-
+void Curl_close_connections(struct Curl_easy *data);
CURLcode Curl_upkeep(struct conncache *conn_cache, void *data);
const struct Curl_handler *Curl_builtin_scheme(const char *scheme);
diff --git a/libs/libcurl/src/urlapi-int.h b/libs/libcurl/src/urlapi-int.h
index 75a3605423..5f059c203a 100644
--- a/libs/libcurl/src/urlapi-int.h
+++ b/libs/libcurl/src/urlapi-int.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,9 +22,8 @@
*
***************************************************************************/
#include "curl_setup.h"
-/* scheme is not URL encoded, the longest libcurl supported ones are 6
- letters */
-#define MAX_SCHEME_LEN 8
+/* scheme is not URL encoded, the longest libcurl supported ones are... */
+#define MAX_SCHEME_LEN 40
bool Curl_is_absolute_url(const char *url, char *scheme, size_t buflen);
char *Curl_concat_url(const char *base, const char *relurl);
diff --git a/libs/libcurl/src/urlapi.c b/libs/libcurl/src/urlapi.c
index a19867eb0f..d07e4f5dff 100644
--- a/libs/libcurl/src/urlapi.c
+++ b/libs/libcurl/src/urlapi.c
@@ -56,6 +56,7 @@ struct Curl_URL {
char *password;
char *options; /* IMAP only? */
char *host;
+ char *zoneid; /* for numerical IPv6 addresses */
char *port;
char *path;
char *query;
@@ -74,6 +75,7 @@ static void free_urlhandle(struct Curl_URL *u)
free(u->password);
free(u->options);
free(u->host);
+ free(u->zoneid);
free(u->port);
free(u->path);
free(u->query);
@@ -504,7 +506,7 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname)
portptr = &hostname[len];
else if('%' == endbracket) {
int zonelen = len;
- if(1 == sscanf(hostname + zonelen, "25%*[^]]%c%n", &endbracket, &len)) {
+ if(1 == sscanf(hostname + zonelen, "%*[^]]%c%n", &endbracket, &len)) {
if(']' != endbracket)
return CURLUE_MALFORMED_INPUT;
portptr = &hostname[--zonelen + len + 1];
@@ -587,25 +589,45 @@ static CURLUcode junkscan(char *part)
return CURLUE_OK;
}
-static CURLUcode hostname_check(char *hostname, unsigned int flags)
+static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
{
const char *l = NULL; /* accepted characters */
size_t len;
size_t hlen = strlen(hostname);
- (void)flags;
if(hostname[0] == '[') {
hostname++;
- l = "0123456789abcdefABCDEF::.%";
+ l = "0123456789abcdefABCDEF::.";
hlen -= 2;
}
if(l) {
/* only valid letters are ok */
len = strspn(hostname, l);
- if(hlen != len)
- /* hostname with bad content */
- return CURLUE_MALFORMED_INPUT;
+ if(hlen != len) {
+ if(hostname[len] == '%') {
+ /* this could now be '%[zone id]' */
+ char zoneid[16];
+ int i = 0;
+ char *h = &hostname[len + 1];
+ /* pass '25' if present and is a url encoded percent sign */
+ if(!strncmp(h, "25", 2) && h[2] && (h[2] != ']'))
+ h += 2;
+ while(*h && (*h != ']') && (i < 15))
+ zoneid[i++] = *h++;
+ if(!i || (']' != *h))
+ return CURLUE_MALFORMED_INPUT;
+ zoneid[i] = 0;
+ u->zoneid = strdup(zoneid);
+ if(!u->zoneid)
+ return CURLUE_OUT_OF_MEMORY;
+ hostname[len] = ']'; /* insert end bracket */
+ hostname[len + 1] = 0; /* terminate the hostname */
+ }
+ else
+ return CURLUE_MALFORMED_INPUT;
+ /* hostname is fine */
+ }
}
else {
/* letters from the second string is not ok */
@@ -614,6 +636,8 @@ static CURLUcode hostname_check(char *hostname, unsigned int flags)
/* hostname with bad content */
return CURLUE_MALFORMED_INPUT;
}
+ if(!hostname[0])
+ return CURLUE_NO_HOST;
return CURLUE_OK;
}
@@ -628,7 +652,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
char *fragment = NULL;
CURLUcode result;
bool url_has_scheme = FALSE;
- char schemebuf[MAX_SCHEME_LEN];
+ char schemebuf[MAX_SCHEME_LEN + 1];
char *schemep = NULL;
size_t schemelen = 0;
size_t urllen;
@@ -642,6 +666,10 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
************************************************************/
/* allocate scratch area */
urllen = strlen(url);
+ if(urllen > CURL_MAX_INPUT_LENGTH)
+ /* excessive input length */
+ return CURLUE_MALFORMED_INPUT;
+
path = u->scratch = malloc(urllen * 2 + 2);
if(!path)
return CURLUE_OUT_OF_MEMORY;
@@ -852,7 +880,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
if(result)
return result;
- result = hostname_check(hostname, flags);
+ result = hostname_check(u, hostname);
if(result)
return result;
@@ -971,6 +999,9 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
ptr = u->host;
ifmissing = CURLUE_NO_HOST;
break;
+ case CURLUPART_ZONEID:
+ ptr = u->zoneid;
+ break;
case CURLUPART_PORT:
ptr = u->port;
ifmissing = CURLUE_NO_PORT;
@@ -1017,6 +1048,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
char *scheme;
char *options = u->options;
char *port = u->port;
+ char *allochost = NULL;
if(u->scheme && strcasecompare("file", u->scheme)) {
url = aprintf("file://%s%s%s",
u->path,
@@ -1055,6 +1087,18 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
if(h && !(h->flags & PROTOPT_URLOPTIONS))
options = NULL;
+ if((u->host[0] == '[') && u->zoneid) {
+ /* make it '[ host %25 zoneid ]' */
+ size_t hostlen = strlen(u->host);
+ size_t alen = hostlen + 3 + strlen(u->zoneid) + 1;
+ allochost = malloc(alen);
+ if(!allochost)
+ return CURLUE_OUT_OF_MEMORY;
+ memcpy(allochost, u->host, hostlen - 1);
+ msnprintf(&allochost[hostlen - 1], alen - hostlen + 1,
+ "%%25%s]", u->zoneid);
+ }
+
url = aprintf("%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
scheme,
u->user ? u->user : "",
@@ -1063,7 +1107,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
options ? ";" : "",
options ? options : "",
(u->user || u->password || options) ? "@": "",
- u->host,
+ allochost ? allochost : u->host,
port ? ":": "",
port ? port : "",
(u->path && (u->path[0] != '/')) ? "/": "",
@@ -1072,6 +1116,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
(u->query && u->query[0]) ? u->query : "",
u->fragment? "#": "",
u->fragment? u->fragment : "");
+ free(allochost);
}
if(!url)
return CURLUE_OUT_OF_MEMORY;
@@ -1144,7 +1189,11 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
case CURLUPART_HOST:
storep = &u->host;
break;
+ case CURLUPART_ZONEID:
+ storep = &u->zoneid;
+ break;
case CURLUPART_PORT:
+ u->portnum = 0;
storep = &u->port;
break;
case CURLUPART_PATH:
@@ -1168,6 +1217,9 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
switch(what) {
case CURLUPART_SCHEME:
+ if(strlen(part) > MAX_SCHEME_LEN)
+ /* too long */
+ return CURLUE_MALFORMED_INPUT;
if(!(flags & CURLU_NON_SUPPORT_SCHEME) &&
/* verify that it is a fine scheme */
!Curl_builtin_scheme(part))
@@ -1186,14 +1238,25 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
break;
case CURLUPART_HOST:
storep = &u->host;
+ free(u->zoneid);
+ u->zoneid = NULL;
+ break;
+ case CURLUPART_ZONEID:
+ storep = &u->zoneid;
break;
case CURLUPART_PORT:
+ {
+ char *endp;
urlencode = FALSE; /* never */
- port = strtol(part, NULL, 10); /* Port number must be decimal */
+ port = strtol(part, &endp, 10); /* Port number must be decimal */
if((port <= 0) || (port > 0xffff))
return CURLUE_BAD_PORT_NUMBER;
+ if(*endp)
+ /* weirdly provided number, not good! */
+ return CURLUE_MALFORMED_INPUT;
storep = &u->port;
- break;
+ }
+ break;
case CURLUPART_PATH:
urlskipslash = TRUE;
storep = &u->path;
@@ -1219,7 +1282,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
char *redired_url;
CURLU *handle2;
- if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN)) {
+ if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN + 1)) {
handle2 = curl_url();
if(!handle2)
return CURLUE_OUT_OF_MEMORY;
@@ -1272,8 +1335,12 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
const char *newp = part;
size_t nalloc = strlen(part);
+ if(nalloc > CURL_MAX_INPUT_LENGTH)
+ /* excessive input length */
+ return CURLUE_MALFORMED_INPUT;
+
if(urlencode) {
- const char *i;
+ const unsigned char *i;
char *o;
bool free_part = FALSE;
char *enc = malloc(nalloc * 3 + 1); /* for worst case! */
@@ -1281,7 +1348,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
return CURLUE_OUT_OF_MEMORY;
if(plusencode) {
/* space to plus */
- i = part;
+ i = (const unsigned char *)part;
for(o = enc; *i; ++o, ++i)
*o = (*i == ' ') ? '+' : *i;
*o = 0; /* zero terminate */
@@ -1292,7 +1359,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
}
free_part = TRUE;
}
- for(i = part, o = enc; *i; i++) {
+ for(i = (const unsigned char *)part, o = enc; *i; i++) {
if(Curl_isunreserved(*i) ||
((*i == '/') && urlskipslash) ||
((*i == '=') && equalsencode) ||
@@ -1355,6 +1422,13 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
}
}
+ if(what == CURLUPART_HOST) {
+ if(hostname_check(u, (char *)newp)) {
+ free((char *)newp);
+ return CURLUE_MALFORMED_INPUT;
+ }
+ }
+
free(*storep);
*storep = (char *)newp;
}
diff --git a/libs/libcurl/src/urldata.h b/libs/libcurl/src/urldata.h
index 24187a4c48..d759592d9d 100644
--- a/libs/libcurl/src/urldata.h
+++ b/libs/libcurl/src/urldata.h
@@ -79,6 +79,10 @@
*/
#define RESP_TIMEOUT (120*1000)
+/* Max string intput length is a precaution against abuse and to detect junk
+ input easier and better. */
+#define CURL_MAX_INPUT_LENGTH 8000000
+
#include "cookie.h"
#include "psl.h"
#include "formdata.h"
@@ -144,10 +148,6 @@ typedef ssize_t (Curl_recv)(struct connectdata *conn, /* connection data */
#include <libssh2_sftp.h>
#endif /* HAVE_LIBSSH2_H */
-
-/* The "master buffer" is for HTTP pipelining */
-#define MASTERBUF_SIZE 16384
-
/* Initial size of the buffer to store headers in, it'll be enlarged in case
of need. */
#define HEADERSIZE 256
@@ -303,6 +303,14 @@ typedef enum {
NTLMSTATE_LAST
} curlntlm;
+typedef enum {
+ GSS_AUTHNONE,
+ GSS_AUTHRECV,
+ GSS_AUTHSENT,
+ GSS_AUTHDONE,
+ GSS_AUTHSUCC
+} curlnegotiate;
+
#if defined(CURL_DOES_CONVERSIONS) && defined(HAVE_ICONV)
#include <iconv.h>
#endif
@@ -328,7 +336,6 @@ struct kerberos5data {
/* Struct used for NTLM challenge-response authentication */
#if defined(USE_NTLM)
struct ntlmdata {
- curlntlm state;
#ifdef USE_WINDOWS_SSPI
/* The sslContext is used for the Schannel bindings. The
* api is available on the Windows 7 SDK and later.
@@ -354,13 +361,9 @@ struct ntlmdata {
};
#endif
+/* Struct used for Negotiate (SPNEGO) authentication */
#ifdef USE_SPNEGO
struct negotiatedata {
- /* When doing Negotiate (SPNEGO) auth, we first need to send a token
- and then validate the received one. */
- enum {
- GSS_AUTHNONE, GSS_AUTHRECV, GSS_AUTHSENT, GSS_AUTHDONE, GSS_AUTHSUCC
- } state;
#ifdef HAVE_GSSAPI
OM_uint32 status;
gss_ctx_id_t context;
@@ -431,6 +434,7 @@ struct ConnectBits {
though it will be discarded. When the whole send
operation is done, we must call the data rewind
callback. */
+#ifndef CURL_DISABLE_FTP
bit ftp_use_epsv:1; /* As set with CURLOPT_FTP_USE_EPSV, but if we find out
EPSV doesn't work we disable it for the forthcoming
requests */
@@ -438,6 +442,7 @@ struct ConnectBits {
EPRT doesn't work we disable it for the forthcoming
requests */
bit ftp_use_data_ssl:1; /* Enabled SSL for the data connection */
+#endif
bit netrc:1; /* name+password provided by netrc */
bit userpwd_in_url:1; /* name+password found in url */
bit stream_was_rewound:1; /* The stream was rewound after a request read
@@ -604,7 +609,9 @@ struct SingleRequest {
char *upload_fromhere;
void *protop; /* Allocated protocol-specific data. Each protocol
handler makes sure this points to data it needs. */
+#ifndef CURL_DISABLE_DOH
struct dohdata doh; /* DoH specific data for this request */
+#endif
bit header:1; /* incoming data has HTTP header */
bit content_range:1; /* set TRUE if Content-Range: was found */
bit upload_done:1; /* set to TRUE when doing chunked transfer-encoding
@@ -796,11 +803,10 @@ struct connectdata {
void *closesocket_client;
/* This is used by the connection cache logic. If this returns TRUE, this
- handle is being used by one or more easy handles and can only used by any
+ handle is still used by one or more easy handles and can only used by any
other easy handle without careful consideration (== only for
- pipelining/multiplexing) and it cannot be used by another multi
- handle! */
-#define CONN_INUSE(c) ((c)->send_pipe.size + (c)->recv_pipe.size)
+ multiplexing) and it cannot be used by another multi handle! */
+#define CONN_INUSE(c) ((c)->easyq.size)
/**** Fields set when inited and not modified again */
long connection_id; /* Contains a unique number to make it easier to
@@ -871,6 +877,7 @@ struct connectdata {
struct curltime now; /* "current" time */
struct curltime created; /* creation time */
+ struct curltime lastused; /* when returned to the connection cache */
curl_socket_t sock[2]; /* two sockets, the second is used for the data
transfer when doing FTP */
curl_socket_t tempsock[2]; /* temporary sockets for happy eyeballs */
@@ -950,16 +957,7 @@ struct connectdata {
struct kerberos5data krb5; /* variables into the structure definition, */
#endif /* however, some of them are ftp specific. */
- struct curl_llist send_pipe; /* List of handles waiting to send on this
- pipeline */
- struct curl_llist recv_pipe; /* List of handles waiting to read their
- responses on this pipeline */
- char *master_buffer; /* The master buffer allocated on-demand;
- used for pipelining. */
- size_t read_pos; /* Current read position in the master buffer */
- size_t buf_len; /* Length of the buffer?? */
-
-
+ struct curl_llist easyq; /* List of easy handles using this connection */
curl_seek_callback seek_func; /* function that seeks the input */
void *seek_client; /* pointer to pass to the seek() above */
@@ -969,6 +967,9 @@ struct connectdata {
#endif
#if defined(USE_NTLM)
+ curlntlm http_ntlm_state;
+ curlntlm proxy_ntlm_state;
+
struct ntlmdata ntlm; /* NTLM differs from other authentication schemes
because it authenticates connections, not
single requests! */
@@ -984,6 +985,9 @@ struct connectdata {
#endif
#ifdef USE_SPNEGO
+ curlnegotiate http_negotiate_state;
+ curlnegotiate proxy_negotiate_state;
+
struct negotiatedata negotiate; /* state data for host Negotiate auth */
struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */
#endif
@@ -1209,6 +1213,7 @@ typedef enum {
EXPIRE_ASYNC_NAME,
EXPIRE_CONNECTTIMEOUT,
EXPIRE_DNS_PER_NAME,
+ EXPIRE_HAPPY_EYEBALLS_DNS, /* See asyn-ares.c */
EXPIRE_HAPPY_EYEBALLS,
EXPIRE_MULTI_PENDING,
EXPIRE_RUN_NOW,
@@ -1287,7 +1292,6 @@ struct UrlState {
struct auth authhost; /* auth details for host */
struct auth authproxy; /* auth details for proxy */
-
void *resolver; /* resolver state, if it is used in the URL state -
ares_channel f.e. */
@@ -1371,6 +1375,7 @@ struct UrlState {
when multi_done() is called, to prevent multi_done() to get
invoked twice when the multi interface is used. */
bit stream_depends_e:1; /* set or don't set the Exclusive bit */
+ bit previouslypending:1; /* this transfer WAS in the multi->pending queue */
};
@@ -1461,7 +1466,7 @@ enum dupstring {
STRING_RTSP_SESSION_ID, /* Session ID to use */
STRING_RTSP_STREAM_URI, /* Stream URI for this request */
STRING_RTSP_TRANSPORT, /* Transport for this session */
-#if defined(USE_LIBSSH2) || defined(USE_LIBSSH)
+#ifdef USE_SSH
STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */
STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */
STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */
@@ -1566,6 +1571,8 @@ struct UserDefined {
long accepttimeout; /* in milliseconds, 0 means no timeout */
long happy_eyeballs_timeout; /* in milliseconds, 0 is a valid value */
long server_response_timeout; /* in milliseconds, 0 means no timeout */
+ long maxage_conn; /* in seconds, max idle time to allow a connection that
+ is to be reused */
long tftp_blksize; /* in bytes, 0 means use default */
curl_off_t filesize; /* size of file to upload, -1 means unknown */
long low_speed_limit; /* bytes/second */
@@ -1609,7 +1616,11 @@ struct UserDefined {
long ipver; /* the CURL_IPRESOLVE_* defines in the public header file
0 - whatever, 1 - v2, 2 - v6 */
curl_off_t max_filesize; /* Maximum file size to download */
+#ifndef CURL_DISABLE_FTP
curl_ftpfile ftp_filemethod; /* how to get to a file when FTP is used */
+ curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */
+ curl_ftpccc ftp_ccc; /* FTP CCC options */
+#endif
int ftp_create_missing_dirs; /* 1 - create directories that don't exist
2 - the same but also allow MKD to fail once
*/
@@ -1619,8 +1630,6 @@ struct UserDefined {
use_netrc; /* defined in include/curl.h */
curl_usessl use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or
IMAP or POP3 or others! */
- curl_ftpauth ftpsslauth; /* what AUTH XXX to be attempted */
- curl_ftpccc ftp_ccc; /* FTP CCC options */
long new_file_perms; /* Permissions to use when creating remote files */
long new_directory_perms; /* Permissions to use when creating remote dirs */
long ssh_auth_types; /* allowed SSH auth types */
@@ -1681,7 +1690,14 @@ struct UserDefined {
bit prefer_ascii:1; /* ASCII rather than binary */
bit ftp_append:1; /* append, not overwrite, on upload */
bit ftp_list_only:1; /* switch FTP command for listing directories */
+#ifndef CURL_DISABLE_FTP
bit ftp_use_port:1; /* use the FTP PORT command */
+ bit ftp_use_epsv:1; /* if EPSV is to be attempted or not */
+ bit ftp_use_eprt:1; /* if EPRT is to be attempted or not */
+ bit ftp_use_pret:1; /* if PRET is to be used before PASV or not */
+ bit ftp_skip_ip:1; /* skip the IP address the FTP server passes on to
+ us */
+#endif
bit hide_progress:1; /* don't use the progress meter */
bit http_fail_on_error:1; /* fail on HTTP error codes >= 400 */
bit http_keep_sending_on_error:1; /* for HTTP status codes >= 300 */
@@ -1699,16 +1715,10 @@ struct UserDefined {
bit krb:1; /* Kerberos connection requested */
bit reuse_forbid:1; /* forbidden to be reused, close after use */
bit reuse_fresh:1; /* do not re-use an existing connection */
- bit ftp_use_epsv:1; /* if EPSV is to be attempted or not */
- bit ftp_use_eprt:1; /* if EPRT is to be attempted or not */
- bit ftp_use_pret:1; /* if PRET is to be used before PASV or not */
bit no_signal:1; /* do not use any signal/alarm handler */
- bit global_dns_cache:1; /* subject for future removal */
bit tcp_nodelay:1; /* whether to enable TCP_NODELAY or not */
bit ignorecl:1; /* ignore content length */
- bit ftp_skip_ip:1; /* skip the IP address the FTP server passes on to
- us */
bit connect_only:1; /* make connection, let application use the socket */
bit http_te_skip:1; /* pass the raw body data to the user, even when
transfer-encoded (chunked, compressed) */
@@ -1726,8 +1736,8 @@ struct UserDefined {
bit ssl_enable_npn:1; /* TLS NPN extension? */
bit ssl_enable_alpn:1;/* TLS ALPN extension? */
bit path_as_is:1; /* allow dotdots? */
- bit pipewait:1; /* wait for pipe/multiplex status before starting a
- new connection */
+ bit pipewait:1; /* wait for multiplex status before starting a new
+ connection */
bit suppress_connect_headers:1; /* suppress proxy CONNECT response headers
from user callbacks */
bit dns_shuffle_addresses:1; /* whether to shuffle addresses before use */
@@ -1745,7 +1755,6 @@ struct Names {
struct curl_hash *hostcache;
enum {
HCACHE_NONE, /* not pointing to anything */
- HCACHE_GLOBAL, /* points to the (shrug) global one */
HCACHE_MULTI, /* points to a shared one in the multi handle */
HCACHE_SHARED /* points to a shared one in a shared object */
} hostcachetype;
@@ -1768,8 +1777,8 @@ struct Curl_easy {
struct connectdata *conn;
struct curl_llist_element connect_queue;
- struct curl_llist_element pipeline_queue;
struct curl_llist_element sh_queue; /* list per Curl_sh_entry */
+ struct curl_llist_element conn_queue; /* list per connectdata */
CURLMstate mstate; /* the handle's state */
CURLcode result; /* previous result */
@@ -1809,7 +1818,9 @@ struct Curl_easy {
struct Progress progress; /* for all the progress meter data */
struct UrlState state; /* struct for fields used for state info and
other dynamic purposes */
+#ifndef CURL_DISABLE_FTP
struct WildcardData wildcard; /* wildcard download state info */
+#endif
struct PureInfo info; /* stats, reports and info data */
struct curl_tlssessioninfo tsi; /* Information about the TLS session, only
valid after a client has asked for it */
diff --git a/libs/libcurl/src/vauth/cleartext.c b/libs/libcurl/src/vauth/cleartext.c
index be6d6111e2..6f452c1694 100644
--- a/libs/libcurl/src/vauth/cleartext.c
+++ b/libs/libcurl/src/vauth/cleartext.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -25,6 +25,9 @@
#include "curl_setup.h"
+#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
+ !defined(CURL_DISABLE_POP3)
+
#include <curl/curl.h>
#include "urldata.h"
@@ -49,8 +52,9 @@
* Parameters:
*
* data [in] - The session handle.
- * userp [in] - The user name.
- * passwdp [in] - The user's password.
+ * authzid [in] - The authorization identity.
+ * authcid [in] - The authentication identity.
+ * passwd [in] - The password.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
@@ -58,36 +62,40 @@
* Returns CURLE_OK on success.
*/
CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
- const char *userp,
- const char *passwdp,
+ const char *authzid,
+ const char *authcid,
+ const char *passwd,
char **outptr, size_t *outlen)
{
CURLcode result;
char *plainauth;
- size_t ulen;
+ size_t zlen;
+ size_t clen;
size_t plen;
size_t plainlen;
*outlen = 0;
*outptr = NULL;
- ulen = strlen(userp);
- plen = strlen(passwdp);
+ zlen = (authzid == NULL ? 0 : strlen(authzid));
+ clen = strlen(authcid);
+ plen = strlen(passwd);
/* Compute binary message length. Check for overflows. */
- if((ulen > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
+ if(((zlen + clen) > SIZE_T_MAX/4) || (plen > (SIZE_T_MAX/2 - 2)))
return CURLE_OUT_OF_MEMORY;
- plainlen = 2 * ulen + plen + 2;
+ plainlen = zlen + clen + plen + 2;
plainauth = malloc(plainlen);
if(!plainauth)
return CURLE_OUT_OF_MEMORY;
/* Calculate the reply */
- memcpy(plainauth, userp, ulen);
- plainauth[ulen] = '\0';
- memcpy(plainauth + ulen + 1, userp, ulen);
- plainauth[2 * ulen + 1] = '\0';
- memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
+ if(zlen != 0)
+ memcpy(plainauth, authzid, zlen);
+ plainauth[zlen] = '\0';
+ memcpy(plainauth + zlen + 1, authcid, clen);
+ plainauth[zlen + clen + 1] = '\0';
+ memcpy(plainauth + zlen + clen + 2, passwd, plen);
/* Base64 encode the reply */
result = Curl_base64_encode(data, plainauth, plainlen, outptr, outlen);
@@ -157,3 +165,5 @@ CURLcode Curl_auth_create_external_message(struct Curl_easy *data,
/* This is the same formatting as the login message */
return Curl_auth_create_login_message(data, user, outptr, outlen);
}
+
+#endif /* if no users */
diff --git a/libs/libcurl/src/vauth/digest.c b/libs/libcurl/src/vauth/digest.c
index 0f2e6509ef..f9cdc9dd00 100644
--- a/libs/libcurl/src/vauth/digest.c
+++ b/libs/libcurl/src/vauth/digest.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -785,8 +785,7 @@ static CURLcode _Curl_auth_create_digest_http_message(
return CURLE_OUT_OF_MEMORY;
if(digest->qop && strcasecompare(digest->qop, "auth-int")) {
- /* We don't support auth-int for PUT or POST at the moment.
- TODO: replace hash of empty string with entity-body for PUT/POST */
+ /* We don't support auth-int for PUT or POST */
char hashed[65];
unsigned char *hashthis2;
diff --git a/libs/libcurl/src/vauth/krb5_gssapi.c b/libs/libcurl/src/vauth/krb5_gssapi.c
index 55daec1ff9..ea0a5f1892 100644
--- a/libs/libcurl/src/vauth/krb5_gssapi.c
+++ b/libs/libcurl/src/vauth/krb5_gssapi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014 - 2017, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>.
* Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
@@ -372,7 +372,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
}
/*
- * Curl_auth_gssapi_cleanup()
+ * Curl_auth_cleanup_gssapi()
*
* This is used to clean up the GSSAPI (Kerberos V5) specific data.
*
@@ -381,7 +381,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
* krb5 [in/out] - The Kerberos 5 data struct being cleaned up.
*
*/
-void Curl_auth_gssapi_cleanup(struct kerberos5data *krb5)
+void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5)
{
OM_uint32 minor_status;
diff --git a/libs/libcurl/src/vauth/krb5_sspi.c b/libs/libcurl/src/vauth/krb5_sspi.c
index cb11ed9012..1f6e462bf7 100644
--- a/libs/libcurl/src/vauth/krb5_sspi.c
+++ b/libs/libcurl/src/vauth/krb5_sspi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014 - 2017, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -474,7 +474,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
}
/*
- * Curl_auth_gssapi_cleanup()
+ * Curl_auth_cleanup_gssapi()
*
* This is used to clean up the GSSAPI (Kerberos V5) specific data.
*
@@ -483,7 +483,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
* krb5 [in/out] - The Kerberos 5 data struct being cleaned up.
*
*/
-void Curl_auth_gssapi_cleanup(struct kerberos5data *krb5)
+void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5)
{
/* Free our security context */
if(krb5->context) {
diff --git a/libs/libcurl/src/vauth/ntlm.c b/libs/libcurl/src/vauth/ntlm.c
index 6a8fc5ab3d..047c2b5a3f 100644
--- a/libs/libcurl/src/vauth/ntlm.c
+++ b/libs/libcurl/src/vauth/ntlm.c
@@ -403,7 +403,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
(void)hostname,
/* Clean up any former leftovers and initialise to defaults */
- Curl_auth_ntlm_cleanup(ntlm);
+ Curl_auth_cleanup_ntlm(ntlm);
#if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION)
#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
@@ -844,22 +844,22 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
/* Return with binary blob encoded into base64 */
result = Curl_base64_encode(data, (char *)ntlmbuf, size, outptr, outlen);
- Curl_auth_ntlm_cleanup(ntlm);
+ Curl_auth_cleanup_ntlm(ntlm);
return result;
}
/*
-* Curl_auth_ntlm_cleanup()
-*
-* This is used to clean up the NTLM specific data.
-*
-* Parameters:
-*
-* ntlm [in/out] - The NTLM data struct being cleaned up.
-*
-*/
-void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm)
+ * Curl_auth_cleanup_ntlm()
+ *
+ * This is used to clean up the NTLM specific data.
+ *
+ * Parameters:
+ *
+ * ntlm [in/out] - The NTLM data struct being cleaned up.
+ *
+ */
+void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm)
{
/* Free the target info */
Curl_safefree(ntlm->target_info);
diff --git a/libs/libcurl/src/vauth/ntlm_sspi.c b/libs/libcurl/src/vauth/ntlm_sspi.c
index 67112820e0..589cca16c0 100644
--- a/libs/libcurl/src/vauth/ntlm_sspi.c
+++ b/libs/libcurl/src/vauth/ntlm_sspi.c
@@ -95,7 +95,7 @@ CURLcode Curl_auth_create_ntlm_type1_message(struct Curl_easy *data,
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
/* Clean up any former leftovers and initialise to defaults */
- Curl_auth_ntlm_cleanup(ntlm);
+ Curl_auth_cleanup_ntlm(ntlm);
/* Query the security package for NTLM */
status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT(SP_NAME_NTLM),
@@ -323,13 +323,13 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
result = Curl_base64_encode(data, (char *) ntlm->output_token,
type_3_buf.cbBuffer, outptr, outlen);
- Curl_auth_ntlm_cleanup(ntlm);
+ Curl_auth_cleanup_ntlm(ntlm);
return result;
}
/*
- * Curl_auth_ntlm_cleanup()
+ * Curl_auth_cleanup_ntlm()
*
* This is used to clean up the NTLM specific data.
*
@@ -338,7 +338,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
* ntlm [in/out] - The NTLM data struct being cleaned up.
*
*/
-void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm)
+void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm)
{
/* Free our security context */
if(ntlm->context) {
diff --git a/libs/libcurl/src/vauth/oauth2.c b/libs/libcurl/src/vauth/oauth2.c
index 6288f89a38..b4e9f8e704 100644
--- a/libs/libcurl/src/vauth/oauth2.c
+++ b/libs/libcurl/src/vauth/oauth2.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -24,6 +24,9 @@
#include "curl_setup.h"
+#if !defined(CURL_DISABLE_IMAP) || !defined(CURL_DISABLE_SMTP) || \
+ !defined(CURL_DISABLE_POP3)
+
#include <curl/curl.h>
#include "urldata.h"
@@ -46,8 +49,8 @@
*
* data[in] - The session handle.
* user[in] - The user name.
- * host[in] - The host name(for OAUTHBEARER).
- * port[in] - The port(for OAUTHBEARER when not Port 80).
+ * host[in] - The host name.
+ * port[in] - The port(when not Port 80).
* bearer[in] - The bearer token.
* outptr[in / out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
@@ -66,13 +69,11 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
char *oauth = NULL;
/* Generate the message */
- if(host == NULL && (port == 0 || port == 80))
- oauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
- else if(port == 0 || port == 80)
- oauth = aprintf("user=%s\1host=%s\1auth=Bearer %s\1\1", user, host,
+ if(port == 0 || port == 80)
+ oauth = aprintf("n,a=%s,\1host=%s\1auth=Bearer %s\1\1", user, host,
bearer);
else
- oauth = aprintf("user=%s\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user,
+ oauth = aprintf("n,a=%s,\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user,
host, port, bearer);
if(!oauth)
return CURLE_OUT_OF_MEMORY;
@@ -84,3 +85,42 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
return result;
}
+
+/*
+ * Curl_auth_create_xoauth_bearer_message()
+ *
+ * This is used to generate an already encoded XOAuth 2.0 message ready for
+ * sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data[in] - The session handle.
+ * user[in] - The user name.
+ * bearer[in] - The bearer token.
+ * outptr[in / out] - The address where a pointer to newly allocated memory
+ * holding the result will be stored upon completion.
+ * outlen[out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data,
+ const char *user,
+ const char *bearer,
+ char **outptr, size_t *outlen)
+{
+ CURLcode result = CURLE_OK;
+
+ /* Generate the message */
+ char *xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
+ if(!xoauth)
+ return CURLE_OUT_OF_MEMORY;
+
+ /* Base64 encode the reply */
+ result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
+
+ free(xoauth);
+
+ return result;
+}
+#endif /* disabled, no users */
+
diff --git a/libs/libcurl/src/vauth/spnego_gssapi.c b/libs/libcurl/src/vauth/spnego_gssapi.c
index 7c4bd4b595..5d43e11001 100644
--- a/libs/libcurl/src/vauth/spnego_gssapi.c
+++ b/libs/libcurl/src/vauth/spnego_gssapi.c
@@ -97,7 +97,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
/* We finished successfully our part of authentication, but server
* rejected it (since we're again here). Exit with an error since we
* can't invent anything better */
- Curl_auth_spnego_cleanup(nego);
+ Curl_auth_cleanup_spnego(nego);
return CURLE_LOGIN_DENIED;
}
@@ -170,7 +170,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
Curl_gss_log_error(data, "gss_init_sec_context() failed: ",
major_status, minor_status);
- return CURLE_OUT_OF_MEMORY;
+ return CURLE_LOGIN_DENIED;
}
if(!output_token.value || !output_token.length) {
@@ -238,7 +238,7 @@ CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
}
/*
- * Curl_auth_spnego_cleanup()
+ * Curl_auth_cleanup_spnego()
*
* This is used to clean up the SPNEGO (Negotiate) specific data.
*
@@ -247,7 +247,7 @@ CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
* nego [in/out] - The Negotiate data struct being cleaned up.
*
*/
-void Curl_auth_spnego_cleanup(struct negotiatedata *nego)
+void Curl_auth_cleanup_spnego(struct negotiatedata *nego)
{
OM_uint32 minor_status;
@@ -273,7 +273,6 @@ void Curl_auth_spnego_cleanup(struct negotiatedata *nego)
/* Reset any variables */
nego->status = 0;
- nego->state = GSS_AUTHNONE;
nego->noauthpersist = FALSE;
nego->havenoauthpersist = FALSE;
nego->havenegdata = FALSE;
diff --git a/libs/libcurl/src/vauth/spnego_sspi.c b/libs/libcurl/src/vauth/spnego_sspi.c
index 0171ec52b5..4b21cc769e 100644
--- a/libs/libcurl/src/vauth/spnego_sspi.c
+++ b/libs/libcurl/src/vauth/spnego_sspi.c
@@ -107,7 +107,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
/* We finished successfully our part of authentication, but server
* rejected it (since we're again here). Exit with an error since we
* can't invent anything better */
- Curl_auth_spnego_cleanup(nego);
+ Curl_auth_cleanup_spnego(nego);
return CURLE_LOGIN_DENIED;
}
@@ -307,7 +307,7 @@ CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
}
/*
- * Curl_auth_spnego_cleanup()
+ * Curl_auth_cleanup_spnego()
*
* This is used to clean up the SPNEGO (Negotiate) specific data.
*
@@ -316,7 +316,7 @@ CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
* nego [in/out] - The Negotiate data struct being cleaned up.
*
*/
-void Curl_auth_spnego_cleanup(struct negotiatedata *nego)
+void Curl_auth_cleanup_spnego(struct negotiatedata *nego)
{
/* Free our security context */
if(nego->context) {
@@ -343,7 +343,6 @@ void Curl_auth_spnego_cleanup(struct negotiatedata *nego)
/* Reset any variables */
nego->status = 0;
nego->token_max = 0;
- nego->state = GSS_AUTHNONE;
nego->noauthpersist = FALSE;
nego->havenoauthpersist = FALSE;
nego->havenegdata = FALSE;
diff --git a/libs/libcurl/src/vauth/vauth.c b/libs/libcurl/src/vauth/vauth.c
index 502d443ab7..a9c5c9c4f7 100644
--- a/libs/libcurl/src/vauth/vauth.c
+++ b/libs/libcurl/src/vauth/vauth.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014 - 2016, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -105,26 +105,26 @@ TCHAR *Curl_auth_build_spn(const char *service, const char *host,
#endif /* USE_WINDOWS_SSPI */
/*
-* Curl_auth_user_contains_domain()
-*
-* This is used to test if the specified user contains a Windows domain name as
-* follows:
-*
-* User\Domain (Down-level Logon Name)
-* User/Domain (curl Down-level format - for compatibility with existing code)
-* User@Domain (User Principal Name)
-*
-* Note: The user name may be empty when using a GSS-API library or Windows SSPI
-* as the user and domain are either obtained from the credentials cache when
-* using GSS-API or via the currently logged in user's credentials when using
-* Windows SSPI.
-*
-* Parameters:
-*
-* user [in] - The user name.
-*
-* Returns TRUE on success; otherwise FALSE.
-*/
+ * Curl_auth_user_contains_domain()
+ *
+ * This is used to test if the specified user contains a Windows domain name as
+ * follows:
+ *
+ * Domain\User (Down-level Logon Name)
+ * Domain/User (curl Down-level format - for compatibility with existing code)
+ * User@Domain (User Principal Name)
+ *
+ * Note: The user name may be empty when using a GSS-API library or Windows
+ * SSPI as the user and domain are either obtained from the credentials cache
+ * when using GSS-API or via the currently logged in user's credentials when
+ * using Windows SSPI.
+ *
+ * Parameters:
+ *
+ * user [in] - The user name.
+ *
+ * Returns TRUE on success; otherwise FALSE.
+ */
bool Curl_auth_user_contains_domain(const char *user)
{
bool valid = FALSE;
diff --git a/libs/libcurl/src/vauth/vauth.h b/libs/libcurl/src/vauth/vauth.h
index f43064211f..73bd25ed5e 100644
--- a/libs/libcurl/src/vauth/vauth.h
+++ b/libs/libcurl/src/vauth/vauth.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2014 - 2017, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2014 - 2019, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -60,8 +60,9 @@ bool Curl_auth_user_contains_domain(const char *user);
/* This is used to generate a base64 encoded PLAIN cleartext message */
CURLcode Curl_auth_create_plain_message(struct Curl_easy *data,
- const char *userp,
- const char *passwdp,
+ const char *authzid,
+ const char *authcid,
+ const char *passwd,
char **outptr, size_t *outlen);
/* This is used to generate a base64 encoded LOGIN cleartext message */
@@ -141,7 +142,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
char **outptr, size_t *outlen);
/* This is used to clean up the NTLM specific data */
-void Curl_auth_ntlm_cleanup(struct ntlmdata *ntlm);
+void Curl_auth_cleanup_ntlm(struct ntlmdata *ntlm);
#endif /* USE_NTLM */
/* This is used to generate a base64 encoded OAuth 2.0 message */
@@ -151,6 +152,13 @@ CURLcode Curl_auth_create_oauth_bearer_message(struct Curl_easy *data,
const long port,
const char *bearer,
char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded XOAuth 2.0 message */
+CURLcode Curl_auth_create_xoauth_bearer_message(struct Curl_easy *data,
+ const char *user,
+ const char *bearer,
+ char **outptr, size_t *outlen);
+
#if defined(USE_KERBEROS5)
/* This is used to evaluate if GSSAPI (Kerberos V5) is supported */
bool Curl_auth_is_gssapi_supported(void);
@@ -176,7 +184,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
size_t *outlen);
/* This is used to clean up the GSSAPI specific data */
-void Curl_auth_gssapi_cleanup(struct kerberos5data *krb5);
+void Curl_auth_cleanup_gssapi(struct kerberos5data *krb5);
#endif /* USE_KERBEROS5 */
#if defined(USE_SPNEGO)
@@ -200,7 +208,7 @@ CURLcode Curl_auth_create_spnego_message(struct Curl_easy *data,
char **outptr, size_t *outlen);
/* This is used to clean up the SPNEGO specifiec data */
-void Curl_auth_spnego_cleanup(struct negotiatedata *nego);
+void Curl_auth_cleanup_spnego(struct negotiatedata *nego);
#endif /* USE_SPNEGO */
diff --git a/libs/libcurl/src/version.c b/libs/libcurl/src/version.c
index 9369ae8e3f..14b0531d37 100644
--- a/libs/libcurl/src/version.c
+++ b/libs/libcurl/src/version.c
@@ -31,7 +31,7 @@
#ifdef USE_ARES
# if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
- (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
+ (defined(WIN32) || defined(__SYMBIAN32__))
# define CARES_STATICLIB
# endif
# include <ares.h>
@@ -274,7 +274,7 @@ static const char * const protocols[] = {
#ifndef CURL_DISABLE_RTSP
"rtsp",
#endif
-#if defined(USE_LIBSSH) || defined(USE_LIBSSH2)
+#if defined(USE_SSH)
"scp",
"sftp",
#endif
@@ -390,12 +390,16 @@ static curl_version_info_data version_info = {
curl_version_info_data *curl_version_info(CURLversion stamp)
{
static bool initialized;
-#if defined(USE_LIBSSH) || defined(USE_LIBSSH2)
+#if defined(USE_SSH)
static char ssh_buffer[80];
#endif
#ifdef USE_SSL
+#ifdef CURL_WITH_MULTI_SSL
+ static char ssl_buffer[200];
+#else
static char ssl_buffer[80];
#endif
+#endif
#ifdef HAVE_BROTLI
static char brotli_buffer[80];
#endif
diff --git a/libs/libcurl/src/vtls/cyassl.c b/libs/libcurl/src/vtls/cyassl.c
index c7a3268efa..44a2bdda62 100644
--- a/libs/libcurl/src/vtls/cyassl.c
+++ b/libs/libcurl/src/vtls/cyassl.c
@@ -79,6 +79,7 @@ and that's a problem since options.h hasn't been included yet. */
#include "strcase.h"
#include "x509asn1.h"
#include "curl_printf.h"
+#include "multiif.h"
#include <cyassl/openssl/ssl.h>
#include <cyassl/ssl.h>
@@ -142,7 +143,6 @@ static CURLcode
cyassl_connect_step1(struct connectdata *conn,
int sockindex)
{
- char error_buffer[CYASSL_MAX_ERROR_SZ];
char *ciphers;
struct Curl_easy *data = conn->data;
struct ssl_connect_data* connssl = &conn->ssl[sockindex];
@@ -419,6 +419,7 @@ cyassl_connect_step1(struct connectdata *conn,
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
/* we got a session id, use it! */
if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ char error_buffer[CYASSL_MAX_ERROR_SZ];
Curl_ssl_sessionid_unlock(conn);
failf(data, "SSL: SSL_set_session failed: %s",
ERR_error_string(SSL_get_error(BACKEND->handle, 0),
@@ -599,6 +600,8 @@ cyassl_connect_step2(struct connectdata *conn,
else
infof(data, "ALPN, unrecognized protocol %.*s\n", protocol_len,
protocol);
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
else if(rc == SSL_ALPN_NOT_FOUND)
infof(data, "ALPN, server did not agree to a protocol\n");
diff --git a/libs/libcurl/src/vtls/gskit.c b/libs/libcurl/src/vtls/gskit.c
index c4afc89041..b93ff5d4f4 100644
--- a/libs/libcurl/src/vtls/gskit.c
+++ b/libs/libcurl/src/vtls/gskit.c
@@ -734,12 +734,11 @@ static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf,
{
struct ssl_connect_data *connssl = &conn->ssl[num];
struct Curl_easy *data = conn->data;
- int buffsize;
int nread;
CURLcode cc = CURLE_RECV_ERROR;
if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) {
- buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
+ int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle,
buf, buffsize, &nread),
"gsk_secure_soc_read()", CURLE_RECV_ERROR);
@@ -806,7 +805,6 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
conn->host.name;
const char *sni;
unsigned int protoflags = 0;
- long timeout;
Qso_OverlappedIO_t commarea;
int sockpair[2];
static const int sobufsize = CURL_MAX_WRITE_SIZE;
@@ -914,7 +912,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
if(!result) {
/* Compute the handshake timeout. Since GSKit granularity is 1 second,
we round up the required value. */
- timeout = Curl_timeleft(data, NULL, TRUE);
+ long timeout = Curl_timeleft(data, NULL, TRUE);
if(timeout < 0)
result = CURLE_OPERATION_TIMEDOUT;
else
@@ -1021,14 +1019,13 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
Qso_OverlappedIO_t cstat;
- long timeout_ms;
struct timeval stmv;
CURLcode result;
/* Poll or wait for end of SSL asynchronous handshake. */
for(;;) {
- timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
+ long timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
if(timeout_ms < 0)
timeout_ms = 0;
stmv.tv_sec = timeout_ms / 1000;
@@ -1077,7 +1074,6 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
const char *cert = (const char *) NULL;
const char *certend;
const char *ptr;
- int i;
CURLcode result;
/* SSL handshake done: gather certificate info and verify host. */
@@ -1087,6 +1083,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
&cdev, &cdec),
"gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) ==
CURLE_OK) {
+ int i;
+
infof(data, "Server certificate:\n");
p = cdev;
for(i = 0; i++ < cdec; p++)
@@ -1160,7 +1158,6 @@ static CURLcode gskit_connect_common(struct connectdata *conn, int sockindex,
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
long timeout_ms;
- Qso_OverlappedIO_t cstat;
CURLcode result = CURLE_OK;
*done = connssl->state == ssl_connection_complete;
@@ -1262,7 +1259,6 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data;
- ssize_t nread;
int what;
int rc;
char buf[120];
@@ -1270,8 +1266,10 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
if(!BACKEND->handle)
return 0;
+#ifndef CURL_DISABLE_FTP
if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
return 0;
+#endif
close_one(connssl, conn, sockindex);
rc = 0;
@@ -1279,6 +1277,8 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
SSL_SHUTDOWN_TIMEOUT);
for(;;) {
+ ssize_t nread;
+
if(what < 0) {
/* anything that gets here is fatally bad */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
diff --git a/libs/libcurl/src/vtls/gtls.c b/libs/libcurl/src/vtls/gtls.c
index e224861c45..8693cdce3f 100644
--- a/libs/libcurl/src/vtls/gtls.c
+++ b/libs/libcurl/src/vtls/gtls.c
@@ -55,6 +55,7 @@
#include "strcase.h"
#include "warnless.h"
#include "x509asn1.h"
+#include "multiif.h"
#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
@@ -285,11 +286,11 @@ static CURLcode handshake(struct connectdata *conn,
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
gnutls_session_t session = BACKEND->session;
curl_socket_t sockfd = conn->sock[sockindex];
- time_t timeout_ms;
- int rc;
- int what;
for(;;) {
+ time_t timeout_ms;
+ int rc;
+
/* check allowed time left */
timeout_ms = Curl_timeleft(data, NULL, duringconnect);
@@ -302,7 +303,7 @@ static CURLcode handshake(struct connectdata *conn,
/* if ssl is expecting something, check if it's available. */
if(connssl->connecting_state == ssl_connect_2_reading
|| connssl->connecting_state == ssl_connect_2_writing) {
-
+ int what;
curl_socket_t writefd = ssl_connect_2_writing ==
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
curl_socket_t readfd = ssl_connect_2_reading ==
@@ -956,7 +957,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
gnutls_pubkey_t key = NULL;
/* Result is returned to caller */
- int ret = 0;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
/* if a path wasn't specified, don't pin */
@@ -967,6 +967,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
return result;
do {
+ int ret;
+
/* Begin Gyrations to get the public key */
gnutls_pubkey_init(&key);
@@ -1278,10 +1280,7 @@ gtls_connect_step3(struct connectdata *conn,
#define use_addr in_addr
#endif
unsigned char addrbuf[sizeof(struct use_addr)];
- unsigned char certaddr[sizeof(struct use_addr)];
- size_t addrlen = 0, certaddrlen;
- int i;
- int ret = 0;
+ size_t addrlen = 0;
if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0)
addrlen = 4;
@@ -1291,10 +1290,13 @@ gtls_connect_step3(struct connectdata *conn,
#endif
if(addrlen) {
+ unsigned char certaddr[sizeof(struct use_addr)];
+ int i;
+
for(i = 0; ; i++) {
- certaddrlen = sizeof(certaddr);
- ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
- &certaddrlen, NULL);
+ size_t certaddrlen = sizeof(certaddr);
+ int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
+ &certaddrlen, NULL);
/* If this happens, it wasn't an IP address. */
if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
continue;
@@ -1449,6 +1451,9 @@ gtls_connect_step3(struct connectdata *conn,
}
else
infof(data, "ALPN, server did not agree to a protocol\n");
+
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif
@@ -1461,8 +1466,6 @@ gtls_connect_step3(struct connectdata *conn,
already got it from the cache and asked to use it in the connection, it
might've been rejected and then a new one is in use now and we need to
detect that. */
- bool incache;
- void *ssl_sessionid;
void *connect_sessionid;
size_t connect_idsize = 0;
@@ -1471,6 +1474,9 @@ gtls_connect_step3(struct connectdata *conn,
connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
if(connect_sessionid) {
+ bool incache;
+ void *ssl_sessionid;
+
/* extract session ID to the allocated buffer */
gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
@@ -1631,12 +1637,10 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex)
static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- ssize_t result;
int retval = 0;
struct Curl_easy *data = conn->data;
- bool done = FALSE;
- char buf[120];
+#ifndef CURL_DISABLE_FTP
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
response. Thus we wait for a close notify alert from the server, but
@@ -1644,8 +1648,13 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR);
+#endif
if(BACKEND->session) {
+ ssize_t result;
+ bool done = FALSE;
+ char buf[120];
+
while(!done) {
int what = SOCKET_READABLE(conn->sock[sockindex],
SSL_SHUTDOWN_TIMEOUT);
@@ -1758,12 +1767,6 @@ static int Curl_gtls_seed(struct Curl_easy *data)
if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
data->set.str[STRING_SSL_EGDSOCKET]) {
-
- /* TODO: to a good job seeding the RNG
- This may involve the gcry_control function and these options:
- GCRYCTL_SET_RANDOM_SEED_FILE
- GCRYCTL_SET_RNDEGD_SOCKET
- */
ssl_seeded = TRUE;
}
return 0;
diff --git a/libs/libcurl/src/vtls/mbedtls.c b/libs/libcurl/src/vtls/mbedtls.c
index 27a9402cbc..63d1f4c81b 100644
--- a/libs/libcurl/src/vtls/mbedtls.c
+++ b/libs/libcurl/src/vtls/mbedtls.c
@@ -54,6 +54,7 @@
#include "parsedate.h"
#include "connect.h" /* for the connect timeout */
#include "select.h"
+#include "multiif.h"
#include "polarssl_threadlock.h"
/* The last 3 #include files should be in this order */
@@ -342,7 +343,8 @@ mbed_connect_step1(struct connectdata *conn,
if(SSL_SET_OPTION(key)) {
ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key),
SSL_SET_OPTION(key_passwd));
- if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA))
+ if(ret == 0 && !(mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA) ||
+ mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_ECKEY)))
ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
if(ret) {
@@ -539,13 +541,6 @@ mbed_connect_step2(struct connectdata *conn,
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
-#ifdef HAS_ALPN
- const char *next_protocol;
-#endif
-
- char errorbuf[128];
- errorbuf[0] = 0;
-
conn->recv[sockindex] = mbed_recv;
conn->send[sockindex] = mbed_send;
@@ -560,6 +555,8 @@ mbed_connect_step2(struct connectdata *conn,
return CURLE_OK;
}
else if(ret) {
+ char errorbuf[128];
+ errorbuf[0] = 0;
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
@@ -664,7 +661,7 @@ mbed_connect_step2(struct connectdata *conn,
#ifdef HAS_ALPN
if(conn->bits.tls_enable_alpn) {
- next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
+ const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
if(next_protocol) {
infof(data, "ALPN, server accepted to use %s\n", next_protocol);
@@ -684,6 +681,8 @@ mbed_connect_step2(struct connectdata *conn,
else {
infof(data, "ALPN, server did not agree to a protocol\n");
}
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif
diff --git a/libs/libcurl/src/vtls/mesalink.c b/libs/libcurl/src/vtls/mesalink.c
index db14115593..718c282ee5 100644
--- a/libs/libcurl/src/vtls/mesalink.c
+++ b/libs/libcurl/src/vtls/mesalink.c
@@ -268,7 +268,7 @@ mesalink_connect_step2(struct connectdata *conn, int sockindex)
char error_buffer[MESALINK_MAX_ERROR_SZ];
int detail = SSL_get_error(BACKEND->handle, ret);
- if(SSL_ERROR_WANT_CONNECT == detail) {
+ if(SSL_ERROR_WANT_CONNECT == detail || SSL_ERROR_WANT_READ == detail) {
connssl->connecting_state = ssl_connect_2_reading;
return CURLE_OK;
}
diff --git a/libs/libcurl/src/vtls/nss.c b/libs/libcurl/src/vtls/nss.c
index 08ee1aaaf2..491def106d 100644
--- a/libs/libcurl/src/vtls/nss.c
+++ b/libs/libcurl/src/vtls/nss.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -38,6 +38,7 @@
#include "select.h"
#include "vtls.h"
#include "llist.h"
+#include "multiif.h"
#include "curl_printf.h"
#include "nssg.h"
#include <nspr.h>
@@ -377,7 +378,7 @@ static int is_file(const char *filename)
return 0;
if(stat(filename, &st) == 0)
- if(S_ISREG(st.st_mode))
+ if(S_ISREG(st.st_mode) || S_ISFIFO(st.st_mode) || S_ISCHR(st.st_mode))
return 1;
return 0;
@@ -843,6 +844,8 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg)
!memcmp(ALPN_HTTP_1_1, buf, ALPN_HTTP_1_1_LENGTH)) {
conn->negnpn = CURL_HTTP_VERSION_1_1;
}
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
}
@@ -1305,6 +1308,8 @@ static void nss_unload_module(SECMODModule **pmod)
static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
{
NSSInitParameters initparams;
+ PRErrorCode err;
+ const char *err_name;
if(nss_context != NULL)
return CURLE_OK;
@@ -1325,7 +1330,9 @@ static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
if(nss_context != NULL)
return CURLE_OK;
- infof(data, "Unable to initialize NSS database\n");
+ err = PR_GetError();
+ err_name = nss_error_to_name(err);
+ infof(data, "Unable to initialize NSS database: %d (%s)\n", err, err_name);
}
infof(data, "Initializing NSS with certpath: none\n");
@@ -1335,7 +1342,9 @@ static CURLcode nss_init_core(struct Curl_easy *data, const char *cert_dir)
if(nss_context != NULL)
return CURLE_OK;
- infof(data, "Unable to initialize NSS\n");
+ err = PR_GetError();
+ err_name = nss_error_to_name(err);
+ failf(data, "Unable to initialize NSS: %d (%s)", err, err_name);
return CURLE_SSL_CACERT_BADFILE;
}
@@ -1822,7 +1831,6 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
/* list of all NSS objects we need to destroy in Curl_nss_close() */
Curl_llist_init(&BACKEND->obj_list, nss_destroy_object);
- /* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock);
result = nss_init(conn->data);
if(result) {
diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c
index eff5c2106c..85e9be6161 100644
--- a/libs/libcurl/src/vtls/openssl.c
+++ b/libs/libcurl/src/vtls/openssl.c
@@ -48,6 +48,7 @@
#include "vtls.h"
#include "strcase.h"
#include "hostcheck.h"
+#include "multiif.h"
#include "curl_printf.h"
#include <openssl/ssl.h>
#include <openssl/rand.h>
@@ -1307,6 +1308,7 @@ static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
int err;
bool done = FALSE;
+#ifndef CURL_DISABLE_FTP
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
response. Thus we wait for a close notify alert from the server, but
@@ -1314,6 +1316,7 @@ static int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
if(data->set.ftp_ccc == CURLFTPSSL_CCC_ACTIVE)
(void)SSL_shutdown(BACKEND->handle);
+#endif
if(BACKEND->handle) {
buffsize = (int)sizeof(buf);
@@ -2917,6 +2920,9 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
}
else
infof(data, "ALPN, server did not agree to a protocol\n");
+
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif
@@ -3223,11 +3229,6 @@ static CURLcode get_cert_chain(struct connectdata *conn,
#endif
break;
}
-#if 0
- case EVP_PKEY_EC: /* symbol not present in OpenSSL 0.9.6 */
- /* left TODO */
- break;
-#endif
}
EVP_PKEY_free(pubkey);
}
@@ -3756,7 +3757,10 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
switch(err) {
case SSL_ERROR_NONE: /* this is not an error */
+ break;
case SSL_ERROR_ZERO_RETURN: /* no more data */
+ /* close_notify alert */
+ connclose(conn, "TLS close_notify");
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
@@ -3819,7 +3823,11 @@ static size_t Curl_ossl_version(char *buffer, size_t size)
sub[0]='\0';
}
- return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s",
+ return msnprintf(buffer, size, "%s/%lx.%lx.%lx%s"
+#ifdef OPENSSL_FIPS
+ "-fips"
+#endif
+ ,
OSSL_PACKAGE,
(ssleay_value>>28)&0xf,
(ssleay_value>>20)&0xff,
diff --git a/libs/libcurl/src/vtls/polarssl.c b/libs/libcurl/src/vtls/polarssl.c
index 6ecabe94b5..7ea26b4425 100644
--- a/libs/libcurl/src/vtls/polarssl.c
+++ b/libs/libcurl/src/vtls/polarssl.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 2010 - 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
*
* This software is licensed as described in the file COPYING, which
@@ -55,6 +55,7 @@
#include "select.h"
#include "strcase.h"
#include "polarssl_threadlock.h"
+#include "multiif.h"
#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
@@ -593,6 +594,8 @@ polarssl_connect_step2(struct connectdata *conn,
}
else
infof(data, "ALPN, server did not agree to a protocol\n");
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif
@@ -908,9 +911,7 @@ const struct Curl_ssl Curl_ssl_polarssl = {
Curl_none_check_cxn, /* check_cxn */
Curl_none_shutdown, /* shutdown */
Curl_polarssl_data_pending, /* data_pending */
- /* This might cause libcurl to use a weeker random!
- * TODO: use Polarssl's CTR-DRBG or HMAC-DRBG
- */
+ /* This might cause libcurl to use a weeker random! */
Curl_none_random, /* random */
Curl_none_cert_status_request, /* cert_status_request */
Curl_polarssl_connect, /* connect */
diff --git a/libs/libcurl/src/vtls/polarssl_threadlock.c b/libs/libcurl/src/vtls/polarssl_threadlock.c
index dd5fbd7ec2..27c94b11e2 100644
--- a/libs/libcurl/src/vtls/polarssl_threadlock.c
+++ b/libs/libcurl/src/vtls/polarssl_threadlock.c
@@ -23,16 +23,15 @@
#include "curl_setup.h"
#if (defined(USE_POLARSSL) || defined(USE_MBEDTLS)) && \
- (defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32))
-
-#if defined(USE_THREADS_POSIX)
-# ifdef HAVE_PTHREAD_H
-# include <pthread.h>
-# endif
-#elif defined(USE_THREADS_WIN32)
-# ifdef HAVE_PROCESS_H
-# include <process.h>
-# endif
+ ((defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \
+ (defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)))
+
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
+# include <pthread.h>
+# define POLARSSL_MUTEX_T pthread_mutex_t
+#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
+# include <process.h>
+# define POLARSSL_MUTEX_T HANDLE
#endif
#include "polarssl_threadlock.h"
@@ -50,25 +49,23 @@ static POLARSSL_MUTEX_T *mutex_buf = NULL;
int Curl_polarsslthreadlock_thread_setup(void)
{
int i;
- int ret;
mutex_buf = calloc(NUMT * sizeof(POLARSSL_MUTEX_T), 1);
if(!mutex_buf)
return 0; /* error, no number of threads defined */
-#ifdef HAVE_PTHREAD_H
for(i = 0; i < NUMT; i++) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_init(&mutex_buf[i], NULL);
if(ret)
return 0; /* pthread_mutex_init failed */
- }
-#elif defined(HAVE_PROCESS_H)
- for(i = 0; i < NUMT; i++) {
+#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
mutex_buf[i] = CreateMutex(0, FALSE, 0);
if(mutex_buf[i] == 0)
return 0; /* CreateMutex failed */
+#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
-#endif /* HAVE_PTHREAD_H */
return 1; /* OK */
}
@@ -76,24 +73,22 @@ int Curl_polarsslthreadlock_thread_setup(void)
int Curl_polarsslthreadlock_thread_cleanup(void)
{
int i;
- int ret;
if(!mutex_buf)
return 0; /* error, no threads locks defined */
-#ifdef HAVE_PTHREAD_H
for(i = 0; i < NUMT; i++) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_destroy(&mutex_buf[i]);
if(ret)
return 0; /* pthread_mutex_destroy failed */
- }
-#elif defined(HAVE_PROCESS_H)
- for(i = 0; i < NUMT; i++) {
+#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
ret = CloseHandle(mutex_buf[i]);
if(!ret)
return 0; /* CloseHandle failed */
+#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
-#endif /* HAVE_PTHREAD_H */
free(mutex_buf);
mutex_buf = NULL;
@@ -102,51 +97,47 @@ int Curl_polarsslthreadlock_thread_cleanup(void)
int Curl_polarsslthreadlock_lock_function(int n)
{
- int ret;
-#ifdef HAVE_PTHREAD_H
if(n < NUMT) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_lock(&mutex_buf[n]);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_lock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
- }
-#elif defined(HAVE_PROCESS_H)
- if(n < NUMT) {
+#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_lock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
+#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
-#endif /* HAVE_PTHREAD_H */
return 1; /* OK */
}
int Curl_polarsslthreadlock_unlock_function(int n)
{
- int ret;
-#ifdef HAVE_PTHREAD_H
if(n < NUMT) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_unlock(&mutex_buf[n]);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_unlock_function failed\n"));
return 0; /* pthread_mutex_unlock failed */
}
- }
-#elif defined(HAVE_PROCESS_H)
- if(n < NUMT) {
+#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
ret = ReleaseMutex(mutex_buf[n]);
if(!ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_unlock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
+#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
}
-#endif /* HAVE_PTHREAD_H */
return 1; /* OK */
}
diff --git a/libs/libcurl/src/vtls/polarssl_threadlock.h b/libs/libcurl/src/vtls/polarssl_threadlock.h
index dda5359b81..122647528d 100644
--- a/libs/libcurl/src/vtls/polarssl_threadlock.h
+++ b/libs/libcurl/src/vtls/polarssl_threadlock.h
@@ -26,13 +26,8 @@
#if (defined USE_POLARSSL) || (defined USE_MBEDTLS)
-#if defined(USE_THREADS_POSIX)
-# define POLARSSL_MUTEX_T pthread_mutex_t
-#elif defined(USE_THREADS_WIN32)
-# define POLARSSL_MUTEX_T HANDLE
-#endif
-
-#if defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
+#if (defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)) || \
+ (defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H))
int Curl_polarsslthreadlock_thread_setup(void);
int Curl_polarsslthreadlock_thread_cleanup(void);
diff --git a/libs/libcurl/src/vtls/schannel.c b/libs/libcurl/src/vtls/schannel.c
index 39ac080e80..0f6f734fdc 100644
--- a/libs/libcurl/src/vtls/schannel.c
+++ b/libs/libcurl/src/vtls/schannel.c
@@ -58,6 +58,7 @@
#include "warnless.h"
#include "x509asn1.h"
#include "curl_printf.h"
+#include "multiif.h"
#include "system_win32.h"
/* The last #include file should be: */
@@ -522,7 +523,6 @@ schannel_connect_step1(struct connectdata *conn, int sockindex)
#endif
schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION;
- /* TODO s/data->set.ssl.no_revoke/SSL_SET_OPTION(no_revoke)/g */
if(data->set.ssl.no_revoke) {
schannel_cred.dwFlags |= SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
SCH_CRED_IGNORE_REVOCATION_OFFLINE;
@@ -868,13 +868,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
unsigned char *reallocated_buffer;
- size_t reallocated_length;
SecBuffer outbuf[3];
SecBufferDesc outbuf_desc;
SecBuffer inbuf[2];
SecBufferDesc inbuf_desc;
SECURITY_STATUS sspi_status = SEC_E_OK;
- TCHAR *host_name;
CURLcode result;
bool doread;
char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
@@ -917,7 +915,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
if(BACKEND->encdata_length - BACKEND->encdata_offset <
CURL_SCHANNEL_BUFFER_FREE_SIZE) {
/* increase internal encrypted data buffer */
- reallocated_length = BACKEND->encdata_offset +
+ size_t reallocated_length = BACKEND->encdata_offset +
CURL_SCHANNEL_BUFFER_FREE_SIZE;
reallocated_buffer = realloc(BACKEND->encdata_buffer,
reallocated_length);
@@ -933,6 +931,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
}
for(;;) {
+ TCHAR *host_name;
if(doread) {
/* read encrypted handshake data from socket */
result = Curl_read_plain(conn->sock[sockindex],
@@ -1269,6 +1268,8 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
}
else
infof(data, "ALPN, server did not agree to a protocol\n");
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
}
#endif
@@ -2129,14 +2130,9 @@ static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
const char *pinnedpubkey)
{
- SECURITY_STATUS sspi_status;
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CERT_CONTEXT *pCertContextServer = NULL;
- const char *x509_der;
- DWORD x509_der_len;
- curl_X509certificate x509_parsed;
- curl_asn1Element *pubkey;
/* Result is returned to caller */
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
@@ -2146,6 +2142,12 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
return CURLE_OK;
do {
+ SECURITY_STATUS sspi_status;
+ const char *x509_der;
+ DWORD x509_der_len;
+ curl_X509certificate x509_parsed;
+ curl_asn1Element *pubkey;
+
sspi_status =
s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
SECPKG_ATTR_REMOTE_CERT_CONTEXT,
diff --git a/libs/libcurl/src/vtls/sectransp.c b/libs/libcurl/src/vtls/sectransp.c
index 971dd78e6a..2fdf662a1d 100644
--- a/libs/libcurl/src/vtls/sectransp.c
+++ b/libs/libcurl/src/vtls/sectransp.c
@@ -31,6 +31,7 @@
#include "urldata.h" /* for the Curl_easy definition */
#include "curl_base64.h"
#include "strtok.h"
+#include "multiif.h"
#ifdef USE_SECTRANSP
@@ -1902,7 +1903,6 @@ static CURLcode sectransp_connect_step1(struct connectdata *conn,
/* We want to enable 1/n-1 when using a CBC cipher unless the user
specifically doesn't want us doing that: */
if(SSLSetSessionOption != NULL) {
- /* TODO s/data->set.ssl.enable_beast/SSL_SET_OPTION(enable_beast)/g */
SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionSendOneByteRecord,
!data->set.ssl.enable_beast);
SSLSetSessionOption(BACKEND->ssl_ctx, kSSLSessionOptionFalseStart,
@@ -2651,6 +2651,9 @@ sectransp_connect_step2(struct connectdata *conn, int sockindex)
else
infof(data, "ALPN, server did not agree to a protocol\n");
+ Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ?
+ BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE);
+
/* chosenProtocol is a reference to the string within alpnArr
and doesn't need to be freed separately */
if(alpnArr)
@@ -2960,8 +2963,10 @@ static int Curl_sectransp_shutdown(struct connectdata *conn, int sockindex)
if(!BACKEND->ssl_ctx)
return 0;
+#ifndef CURL_DISABLE_FTP
if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
return 0;
+#endif
Curl_sectransp_close(conn, sockindex);
diff --git a/libs/libcurl/src/vtls/vtls.c b/libs/libcurl/src/vtls/vtls.c
index 8a405c05cd..a7452dcd53 100644
--- a/libs/libcurl/src/vtls/vtls.c
+++ b/libs/libcurl/src/vtls/vtls.c
@@ -498,9 +498,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
void Curl_ssl_close_all(struct Curl_easy *data)
{
- size_t i;
/* kill the session ID cache if not shared */
if(data->state.session && !SSLSESSION_SHARED(data)) {
+ size_t i;
for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++)
/* the single-killer function handles empty table slots */
Curl_ssl_kill_session(&data->state.session[i]);
@@ -644,11 +644,11 @@ bool Curl_ssl_data_pending(const struct connectdata *conn,
void Curl_ssl_free_certinfo(struct Curl_easy *data)
{
- int i;
struct curl_certinfo *ci = &data->info.certs;
if(ci->num_of_certs) {
/* free all individual lists used */
+ int i;
for(i = 0; i<ci->num_of_certs; i++) {
curl_slist_free_all(ci->certinfo[i]);
ci->certinfo[i] = NULL;
@@ -808,14 +808,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
{
FILE *fp;
unsigned char *buf = NULL, *pem_ptr = NULL;
- long filesize;
- size_t size, pem_len;
- CURLcode pem_read;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
- CURLcode encode;
- size_t encodedlen, pinkeylen;
- char *encoded, *pinkeycopy, *begin_pos, *end_pos;
- unsigned char *sha256sumdigest = NULL;
/* if a path wasn't specified, don't pin */
if(!pinnedpubkey)
@@ -825,6 +818,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
+ CURLcode encode;
+ size_t encodedlen, pinkeylen;
+ char *encoded, *pinkeycopy, *begin_pos, *end_pos;
+ unsigned char *sha256sumdigest;
+
if(!Curl_ssl->sha256sum) {
/* without sha256 support, this cannot match */
return result;
@@ -895,6 +893,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
return result;
do {
+ long filesize;
+ size_t size, pem_len;
+ CURLcode pem_read;
+
/* Determine the file's size */
if(fseek(fp, 0, SEEK_END))
break;
@@ -1239,16 +1241,17 @@ static size_t Curl_multissl_version(char *buffer, size_t size)
if(current != selected) {
char *p = backends;
+ char *end = backends + sizeof(backends);
int i;
selected = current;
- for(i = 0; available_backends[i]; i++) {
+ for(i = 0; available_backends[i] && p < (end - 4); i++) {
if(i)
*(p++) = ' ';
if(selected != available_backends[i])
*(p++) = '(';
- p += available_backends[i]->version(p, backends + sizeof(backends) - p);
+ p += available_backends[i]->version(p, end - p - 2);
if(selected != available_backends[i])
*(p++) = ')';
}
@@ -1256,21 +1259,20 @@ static size_t Curl_multissl_version(char *buffer, size_t size)
total = p - backends;
}
- if(size < total)
+ if(size > total)
memcpy(buffer, backends, total + 1);
else {
memcpy(buffer, backends, size - 1);
buffer[size - 1] = '\0';
}
- return total;
+ return CURLMIN(size - 1, total);
}
static int multissl_init(const struct Curl_ssl *backend)
{
const char *env;
char *env_tmp;
- int i;
if(Curl_ssl != &Curl_ssl_multi)
return 1;
@@ -1289,6 +1291,7 @@ static int multissl_init(const struct Curl_ssl *backend)
env = CURL_DEFAULT_SSL_BACKEND;
#endif
if(env) {
+ int i;
for(i = 0; available_backends[i]; i++) {
if(strcasecompare(env, available_backends[i]->info.name)) {
Curl_ssl = available_backends[i];
diff --git a/libs/libcurl/src/wildcard.c b/libs/libcurl/src/wildcard.c
index 8ba0989b4a..e94d3c544c 100644
--- a/libs/libcurl/src/wildcard.c
+++ b/libs/libcurl/src/wildcard.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,6 +22,8 @@
#include "curl_setup.h"
+#ifndef CURL_DISABLE_FTP
+
#include "wildcard.h"
#include "llist.h"
#include "fileinfo.h"
@@ -67,3 +69,5 @@ void Curl_wildcard_dtor(struct WildcardData *wc)
wc->customptr = NULL;
wc->state = CURLWC_INIT;
}
+
+#endif /* if disabled */
diff --git a/libs/libcurl/src/wildcard.h b/libs/libcurl/src/wildcard.h
index b7826123ad..306c8c99ff 100644
--- a/libs/libcurl/src/wildcard.h
+++ b/libs/libcurl/src/wildcard.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2010 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2010 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,8 +22,9 @@
*
***************************************************************************/
-#include <curl/curl.h>
+#include "curl_setup.h"
+#ifndef CURL_DISABLE_FTP
#include "llist.h"
/* list of wildcard process states */
@@ -58,4 +59,9 @@ void Curl_wildcard_dtor(struct WildcardData *wc);
struct Curl_easy;
+#else
+/* FTP is disabled */
+#define Curl_wildcard_dtor(x)
+#endif
+
#endif /* HEADER_CURL_WILDCARD_H */
diff --git a/libs/libcurl/src/x509asn1.c b/libs/libcurl/src/x509asn1.c
index 25231921c4..0c1256ba89 100644
--- a/libs/libcurl/src/x509asn1.c
+++ b/libs/libcurl/src/x509asn1.c
@@ -266,8 +266,6 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
size_t inlength = end - from;
int size = 1;
size_t outlength;
- int charsize;
- unsigned int wc;
char *buf;
*to = NULL;
@@ -305,6 +303,9 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
}
else {
for(outlength = 0; from < end;) {
+ int charsize;
+ unsigned int wc;
+
wc = 0;
switch(size) {
case 4:
@@ -877,9 +878,6 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
curl_asn1Element elem;
curl_asn1Element pk;
const char *p;
- const char *q;
- unsigned long len;
- unsigned int i;
/* Generate all information records for the public key. */
@@ -888,6 +886,9 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
return;
if(strcasecompare(algo, "rsaEncryption")) {
+ const char *q;
+ unsigned long len;
+
p = getASN1Element(&elem, pk.beg, pk.end);
if(!p)
return;
@@ -896,9 +897,11 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
for(q = elem.beg; !*q && q < elem.end; q++)
;
len = (unsigned long)((elem.end - q) * 8);
- if(len)
+ if(len) {
+ unsigned int i;
for(i = *(unsigned char *) q; !(i & 0x80); i <<= 1)
len--;
+ }
if(len > 32)
elem.beg = q; /* Strip leading zero bytes. */
if(!certnum)
@@ -1056,8 +1059,6 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
do_pubkey(data, certnum, ccp, ¶m, &cert.subjectPublicKey);
free((char *) ccp);
-/* TODO: extensions. */
-
/* Signature. */
ccp = ASN1tostr(&cert.signature, 0);
if(!ccp)
--
cgit v1.2.3