]> granicus.if.org Git - curl/log
curl
5 years agoaltsvc: make quiche use h3-22 now
Daniel Stenberg [Mon, 5 Aug 2019 21:13:17 +0000 (23:13 +0200)]
altsvc: make quiche use h3-22 now

5 years agoquiche: show the actual version number
Daniel Stenberg [Mon, 5 Aug 2019 21:12:59 +0000 (23:12 +0200)]
quiche: show the actual version number

5 years agoquiche: first working HTTP/3 request
Daniel Stenberg [Mon, 5 Aug 2019 13:17:31 +0000 (15:17 +0200)]
quiche: first working HTTP/3 request

 - enable debug log
 - fix use of quiche API
 - use download buffer
 - separate header/body

Closes #4193

5 years agohttp09: disable HTTP/0.9 by default in both tool and library
Daniel Stenberg [Mon, 5 Aug 2019 07:45:23 +0000 (09:45 +0200)]
http09: disable HTTP/0.9 by default in both tool and library

As the plan has been laid out in DEPRECATED. Update docs accordingly and
verify in test 1174. Now requires the option to be set to allow HTTP/0.9
responses.

Closes #4191

5 years agoquiche: initial h3 request send/receive
Daniel Stenberg [Mon, 5 Aug 2019 08:19:48 +0000 (10:19 +0200)]
quiche: initial h3 request send/receive

5 years agolib/Makefile.am: make checksrc run in vquic too
Daniel Stenberg [Mon, 5 Aug 2019 08:36:29 +0000 (10:36 +0200)]
lib/Makefile.am: make checksrc run in vquic too

5 years agoaltsvc: fix removal of expired cache entry
Daniel Stenberg [Mon, 5 Aug 2019 08:17:10 +0000 (10:17 +0200)]
altsvc: fix removal of expired cache entry

Closes #4192

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sun, 4 Aug 2019 21:03:57 +0000 (23:03 +0200)]
RELEASE-NOTES: synced

5 years agomd4: Use our own MD4 implementation when no crypto libraries are available
Steve Holme [Sun, 14 Apr 2019 18:24:28 +0000 (19:24 +0100)]
md4: Use our own MD4 implementation when no crypto libraries are available

Closes #3780

5 years agomd4: No need to include Curl_md4.h for each TLS library
Steve Holme [Sun, 14 Apr 2019 09:33:46 +0000 (10:33 +0100)]
md4: No need to include Curl_md4.h for each TLS library

5 years agomd4: No need for the NTLM code to call Curl_md4it() for each TLS library
Steve Holme [Sun, 14 Apr 2019 02:52:16 +0000 (03:52 +0100)]
md4: No need for the NTLM code to call Curl_md4it() for each TLS library

As the NTLM code no longer calls any of TLS libraries' specific MD4
functions, there is no need to call this function for each #ifdef.

5 years agomd4: Move the mbed TLS MD4 implementation out of the NTLM code
Steve Holme [Sun, 14 Apr 2019 02:27:21 +0000 (03:27 +0100)]
md4: Move the mbed TLS MD4 implementation out of the NTLM code

5 years agomd4: Move the WinCrypt implementation out of the NTLM code
Steve Holme [Sun, 14 Apr 2019 02:17:23 +0000 (03:17 +0100)]
md4: Move the WinCrypt implementation out of the NTLM code

5 years agomd4: Move the SecureTransport implementation out of the NTLM code
Steve Holme [Sun, 14 Apr 2019 01:45:02 +0000 (02:45 +0100)]
md4: Move the SecureTransport implementation out of the NTLM code

5 years agomd4: Use the Curl_md4it() function for OpenSSL based NTLM
Steve Holme [Sun, 14 Apr 2019 01:25:50 +0000 (02:25 +0100)]
md4: Use the Curl_md4it() function for OpenSSL based NTLM

5 years agomd4: Move the GNU TLS gcrypt MD4 implementation out of the NTLM code
Steve Holme [Sun, 14 Apr 2019 01:09:52 +0000 (02:09 +0100)]
md4: Move the GNU TLS gcrypt MD4 implementation out of the NTLM code

5 years agomd4: Move the GNU TLS Nettle MD4 implementation out of the NTLM code
Steve Holme [Sun, 14 Apr 2019 00:55:18 +0000 (01:55 +0100)]
md4: Move the GNU TLS Nettle MD4 implementation out of the NTLM code

5 years agoOS400: Add CURLOPT_H3 symbols
Jay Satiro [Fri, 2 Aug 2019 18:37:20 +0000 (14:37 -0400)]
OS400: Add CURLOPT_H3 symbols

Follow-up to 3af0e76 which added experimental H3 support.

Closes https://github.com/curl/curl/pull/4185

5 years agourl: make use of new HTTP version if alt-svc has one
Daniel Stenberg [Fri, 2 Aug 2019 12:28:54 +0000 (14:28 +0200)]
url: make use of new HTTP version if alt-svc has one

5 years agourl: set conn->transport to default TCP at init time
Daniel Stenberg [Fri, 2 Aug 2019 12:28:22 +0000 (14:28 +0200)]
url: set conn->transport to default TCP at init time

5 years agoaltsvc: with quiche, use the quiche h3 alpn string
Daniel Stenberg [Fri, 2 Aug 2019 12:27:26 +0000 (14:27 +0200)]
altsvc: with quiche, use the quiche h3 alpn string

Closes #4183

5 years agoalt-svc: more liberal ALPN name parsing
Daniel Stenberg [Fri, 2 Aug 2019 11:46:49 +0000 (13:46 +0200)]
alt-svc: more liberal ALPN name parsing

Allow pretty much anything to be part of the ALPN identifier. In
particular minus, which is used for "h3-20" (in-progress HTTP/3
versions) etc.

Updated test 356.
Closes #4182

5 years agoquiche: use the proper HTTP/3 ALPN
Daniel Stenberg [Fri, 2 Aug 2019 11:22:26 +0000 (13:22 +0200)]
quiche: use the proper HTTP/3 ALPN

5 years agoquiche: add failf() calls for two error cases
Daniel Stenberg [Fri, 2 Aug 2019 09:25:40 +0000 (11:25 +0200)]
quiche: add failf() calls for two error cases

To aid debugging

Closes #4181

5 years agomailmap: added Kyohei Kadota
Daniel Stenberg [Fri, 2 Aug 2019 05:56:07 +0000 (07:56 +0200)]
mailmap: added Kyohei Kadota

5 years agohttp_negotiate: improve handling of gss_init_sec_context() failures
Kamil Dudka [Tue, 30 Jul 2019 10:59:35 +0000 (12:59 +0200)]
http_negotiate: improve handling of gss_init_sec_context() failures

If HTTPAUTH_GSSNEGOTIATE was used for a POST request and
gss_init_sec_context() failed, the POST request was sent
with empty body.  This commit also restores the original
behavior of `curl --fail --negotiate`, which was changed
by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59.

Add regression tests 2077 and 2078 to cover this.

Fixes #3992
Closes #4171

5 years agomailmap: added 4 more names
Daniel Stenberg [Thu, 1 Aug 2019 07:13:38 +0000 (09:13 +0200)]
mailmap: added 4 more names

Evgeny Grin, Peter Pih, Anton Malov and Marquis de Muesli

5 years agomailmap: add Giorgos Oikonomou
Daniel Stenberg [Thu, 1 Aug 2019 07:07:30 +0000 (09:07 +0200)]
mailmap: add Giorgos Oikonomou

5 years agosrc/makefile: fix uncompressed hugehelp.c generation
Daniel Stenberg [Wed, 31 Jul 2019 20:40:24 +0000 (22:40 +0200)]
src/makefile: fix uncompressed hugehelp.c generation

Regression from 5cf5d57ab9 (7.64.1)

Fixed-by: Lance Ware
Fixes #4176
Closes #4177

5 years agoappveyor: pass on -k to make
Daniel Stenberg [Wed, 31 Jul 2019 15:17:52 +0000 (17:17 +0200)]
appveyor: pass on -k to make

5 years agotimediff: make it 64 bit (if possible) even with 32 bit time_t
Daniel Stenberg [Wed, 31 Jul 2019 13:30:31 +0000 (15:30 +0200)]
timediff: make it 64 bit (if possible) even with 32 bit time_t

... to make it hold microseconds too.

Fixes #4165
Closes #4168

5 years agoROADMAP: parallel transfers are merged now
Daniel Stenberg [Wed, 31 Jul 2019 14:47:23 +0000 (16:47 +0200)]
ROADMAP: parallel transfers are merged now

5 years agogetenv: support up to 4K environment variable contents on windows
Daniel Stenberg [Tue, 30 Jul 2019 18:26:59 +0000 (20:26 +0200)]
getenv: support up to 4K environment variable contents on windows

Reported-by: Michal Čaplygin
Fixes #4174
Closes #4175

5 years agoplan9: add support for running on Plan 9
lufia [Tue, 26 Mar 2019 13:26:05 +0000 (22:26 +0900)]
plan9: add support for running on Plan 9

Closes #3701

5 years agontlm: explicit type casting
lufia [Tue, 26 Mar 2019 13:23:28 +0000 (22:23 +0900)]
ntlm: explicit type casting

5 years agocurl.h: fix outdated comment
Justin [Tue, 30 Jul 2019 02:52:09 +0000 (22:52 -0400)]
curl.h: fix outdated comment

Closes #4167

5 years agocurl: remove outdated comment
Daniel Stenberg [Tue, 30 Jul 2019 15:48:10 +0000 (17:48 +0200)]
curl: remove outdated comment

Turned bad with commit b8894085000

Reported-by: niallor on github
Fixes #4172
Closes #4173

5 years agocleanup: remove the 'numsocks' argument used in many places
Daniel Stenberg [Tue, 30 Jul 2019 09:02:03 +0000 (11:02 +0200)]
cleanup: remove the 'numsocks' argument used in many places

It was used (intended) to pass in the size of the 'socks' array that is
also passed to these functions, but was rarely actually checked/used and
the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries
that should be used instead.

Closes #4169

5 years agoreadwrite_data: repair setting the TIMER_STARTTRANSFER stamp
Daniel Stenberg [Mon, 29 Jul 2019 10:49:05 +0000 (12:49 +0200)]
readwrite_data: repair setting the TIMER_STARTTRANSFER stamp

Regression, broken in commit 65eb65fde64bd5f (curl 7.64.1)

Reported-by: Jonathan Cardoso Machado
Assisted-by: Jay Satiro
Fixes #4136
Closes #4162

5 years agomailmap: Amit Katyal
Daniel Stenberg [Tue, 30 Jul 2019 10:51:55 +0000 (12:51 +0200)]
mailmap: Amit Katyal

5 years agoasyn-thread: removed unused variable
Daniel Stenberg [Tue, 30 Jul 2019 08:29:54 +0000 (10:29 +0200)]
asyn-thread: removed unused variable

Follow-up to eb9a604f. Mistake caused by me when I edited the commit
before push...

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 30 Jul 2019 07:28:44 +0000 (09:28 +0200)]
RELEASE-NOTES: synced

5 years agoasyn-thread: create a socketpair to wait on
amkatyal [Fri, 26 Jul 2019 15:58:41 +0000 (21:28 +0530)]
asyn-thread: create a socketpair to wait on

Closes #4157

5 years agocurl: cap the maximum allowed values for retry time arguments
Daniel Stenberg [Mon, 29 Jul 2019 20:10:13 +0000 (22:10 +0200)]
curl: cap the maximum allowed values for retry time arguments

... to avoid integer overflows later when multiplying with 1000 to
convert seconds to milliseconds.

Added test 1269 to verify.

Reported-by: Jason Lee
Closes #4166

5 years agoprogress: reset download/uploaded counter
Daniel Stenberg [Mon, 29 Jul 2019 10:16:43 +0000 (12:16 +0200)]
progress: reset download/uploaded counter

... to make CURLOPT_MAX_RECV_SPEED_LARGE and
CURLOPT_MAX_SEND_SPEED_LARGE work correctly on subsequent transfers that
reuse the same handle.

Fixed-by: Ironbars13 on github
Fixes #4084
Closes #4161

5 years agohttp2_recv: trigger another read when the last data is returned
Daniel Stenberg [Mon, 29 Jul 2019 09:15:33 +0000 (11:15 +0200)]
http2_recv: trigger another read when the last data is returned

... so that end-of-stream is detected properly.

Reported-by: Tom van der Woerdt
Fixes #4043
Closes #4160

5 years agocurl: avoid uncessary libcurl timeouts (in parallel mode)
Daniel Stenberg [Mon, 29 Jul 2019 06:50:25 +0000 (08:50 +0200)]
curl: avoid uncessary libcurl timeouts (in parallel mode)

When curl_multi_wait() returns OK without file descriptors to wait for,
it might already have done a long timeout.

Closes #4159

5 years agoHTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
Balazs Kovacsics [Mon, 22 Jul 2019 12:37:37 +0000 (14:37 +0200)]
HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown

If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set,
automatically add a Transfer-Encoding: chunked header, same as it is
already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME.  Update
test 1514 according to the new behaviour.

Closes #4138

5 years agowinbuild: add vquic to list of build directories
Daniel Stenberg [Mon, 29 Jul 2019 05:49:08 +0000 (01:49 -0400)]
winbuild: add vquic to list of build directories

This fixes the winbuild build method which broke several days ago
when experimental quic support was added in 3af0e76.

Reported-by: Michael Lee
Fixes https://github.com/curl/curl/issues/4158

5 years agoeasy: resize receive buffer on easy handle reset
Jay Satiro [Tue, 23 Jul 2019 21:59:18 +0000 (17:59 -0400)]
easy: resize receive buffer on easy handle reset

- In curl_easy_reset attempt to resize the receive buffer to its default
  size. If realloc fails then continue using the previous size.

Prior to this change curl_easy_reset did not properly handle resetting
the receive buffer (data->state.buffer). It reset the variable holding
its size (data->set.buffer_size) to the default size (READBUFFER_SIZE)
but then did not actually resize the buffer. If a user resized the
buffer by using CURLOPT_BUFFERSIZE to set the size smaller than the
default, later called curl_easy_reset and attempted to reuse the handle
then a heap overflow would very likely occur during that handle's next
transfer.

Reported-by: Felix Hädicke
Fixes https://github.com/curl/curl/issues/4143
Closes https://github.com/curl/curl/pull/4145

5 years agoexamples: Avoid reserved names in hiperfifo examples
Brad Spencer [Thu, 18 Jul 2019 18:25:25 +0000 (15:25 -0300)]
examples: Avoid reserved names in hiperfifo examples

- Trade in __attribute__((unused)) for the classic (void)x to silence
  unused symbols.

Because the classic way is not gcc specific. Also because the prior
method mapped to symbol _Unused, which starts with _ and a capital
letter which is reserved.

Assisted-by: The Infinnovation team
Bug: https://github.com/curl/curl/issues/4120#issuecomment-512542108

Closes https://github.com/curl/curl/pull/4153

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Thu, 25 Jul 2019 21:49:16 +0000 (23:49 +0200)]
RELEASE-NOTES: synced

5 years agossh-libssh: do not specify O_APPEND when not in append mode
Felix Hädicke [Wed, 24 Jul 2019 09:47:51 +0000 (11:47 +0200)]
ssh-libssh: do not specify O_APPEND when not in append mode

Specifying O_APPEND in conjunction with O_TRUNC and O_CREAT does not
make much sense. And this combination of flags is not accepted by all
SFTP servers (at least not Apache SSHD).

Fixes #4147
Closes #4148

5 years agomulti: call detach_connection before Curl_disconnect
Gergely Nagy [Thu, 25 Jul 2019 08:26:16 +0000 (10:26 +0200)]
multi: call detach_connection before Curl_disconnect

Curl_disconnect bails out if conn->easyq is not empty, detach_connection
needs to be called first to remove the current easy from the queue.

Fixes #4144
Closes #4151

5 years agotool_operate: fix implicit call to easysrc_cleanup
Jay Satiro [Mon, 22 Jul 2019 19:43:41 +0000 (15:43 -0400)]
tool_operate: fix implicit call to easysrc_cleanup

easysrc_cleanup is only defined when CURL_DISABLE_LIBCURL_OPTION is not
defined, and prior to this change would be called regardless.

Bug: https://github.com/curl/curl/pull/3804#issuecomment-513922637
Reported-by: Marcel Raad
Closes https://github.com/curl/curl/pull/4142

5 years agocurl:create_transfers check return code from curl_easy_setopt
Daniel Stenberg [Sun, 21 Jul 2019 11:21:13 +0000 (13:21 +0200)]
curl:create_transfers check return code from curl_easy_setopt

From commit b8894085

Pointed out by Coverity CID 1451703

Closes #4134

5 years agoHTTP3: initial (experimental) support
Daniel Stenberg [Sun, 21 Jul 2019 21:48:58 +0000 (23:48 +0200)]
HTTP3: initial (experimental) support

USe configure --with-ngtcp2 or --with-quiche

Using either option will enable a HTTP3 build.
Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me>
Closes #3500

5 years agocurl: remove dead code
Daniel Stenberg [Sun, 21 Jul 2019 11:11:23 +0000 (13:11 +0200)]
curl: remove dead code

The loop never loops (since b889408500), pointed out by Coverity (CID
1451702)

Closes #4133

5 years agodocs/PARALLEL-TRANSFERS: correct the version number
Daniel Stenberg [Sat, 20 Jul 2019 17:19:56 +0000 (19:19 +0200)]
docs/PARALLEL-TRANSFERS: correct the version number

5 years agodocs/PARALLEL-TRANSFERS: added
Daniel Stenberg [Sat, 20 Jul 2019 17:14:00 +0000 (19:14 +0200)]
docs/PARALLEL-TRANSFERS: added

5 years agocurl: support parallel transfers
Daniel Stenberg [Sat, 20 Jul 2019 17:14:00 +0000 (19:14 +0200)]
curl: support parallel transfers

This is done by making sure each individual transfer is first added to a
linked list as then they can be performed serially, or at will, in
parallel.

Closes #3804

5 years agodocs/MANUAL.md: converted to markdown from plain text
Daniel Stenberg [Sat, 20 Jul 2019 11:13:37 +0000 (13:13 +0200)]
docs/MANUAL.md: converted to markdown from plain text

... will make it render as a nicer web page.

Closes #4131

5 years agocurl_version_info: provide nghttp2 details
Daniel Stenberg [Thu, 18 Jul 2019 08:43:16 +0000 (10:43 +0200)]
curl_version_info: provide nghttp2 details

Introducing CURLVERSION_SIXTH with nghttp2 info.

Closes #4121

5 years agobump: start working on 7.66.0
Daniel Stenberg [Fri, 19 Jul 2019 21:52:34 +0000 (23:52 +0200)]
bump: start working on 7.66.0

5 years agosource: remove names from source comments
Daniel Stenberg [Fri, 19 Jul 2019 10:05:05 +0000 (12:05 +0200)]
source: remove names from source comments

Several reasons:

- we can't add everyone who's helping out so its unfair to just a few
selected ones.
- we already list all helpers in THANKS and in RELEASE-NOTES for each
release
- we don't want to give the impression that some parts of the code is
"owned" or "controlled" by specific persons

Assisted-by: Daniel Gustafsson
Closes #4129

5 years agoRELEASE-NOTES: 7.65.3 curl-7_65_3
Daniel Stenberg [Fri, 19 Jul 2019 09:32:23 +0000 (11:32 +0200)]
RELEASE-NOTES: 7.65.3

5 years agoTHANKS: 7.65.3 status
Daniel Stenberg [Fri, 19 Jul 2019 09:32:15 +0000 (11:32 +0200)]
THANKS: 7.65.3 status

5 years agoprogress: make the progress meter appear again
Daniel Stenberg [Thu, 18 Jul 2019 21:23:35 +0000 (23:23 +0200)]
progress: make the progress meter appear again

Fix regression caused by 21080e1

Reported-by: Chih-Hsuan Yen
Fixes #4122
Closes #4124

5 years agoversion: bump to 7.65.3
Daniel Stenberg [Thu, 18 Jul 2019 22:40:51 +0000 (00:40 +0200)]
version: bump to 7.65.3

5 years agoRELEASE-NOTES: Contributors or now 1990
Daniel Stenberg [Wed, 17 Jul 2019 07:34:49 +0000 (09:34 +0200)]
RELEASE-NOTES: Contributors or now 1990

5 years agoRELEASE-NOTES: 7.65.2 curl-7_65_2
Daniel Stenberg [Sun, 14 Jul 2019 22:59:09 +0000 (00:59 +0200)]
RELEASE-NOTES: 7.65.2

5 years agoTHANKS: add contributors from 7.65.2
Daniel Stenberg [Tue, 16 Jul 2019 09:48:41 +0000 (11:48 +0200)]
THANKS: add contributors from 7.65.2

5 years agocmake: Fix finding Brotli on case-sensitive file systems
aasivov [Wed, 17 Jul 2019 06:01:45 +0000 (02:01 -0400)]
cmake: Fix finding Brotli on case-sensitive file systems

- Find package "Brotli" instead of "BROTLI" since the former is the
  casing used for CMake/FindBrotli.cmake, and otherwise find_package
  may fail on a case-sensitive file system.

Fixes https://github.com/curl/curl/issues/4117

5 years agoCURLOPT_RANGE.3: Caution against using it for HTTP PUT
Jay Satiro [Wed, 17 Jul 2019 05:45:26 +0000 (01:45 -0400)]
CURLOPT_RANGE.3: Caution against using it for HTTP PUT

AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've
cautioned against using it for that purpose and included a workaround.

Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html
Reported-by: Christopher Head
Closes https://github.com/curl/curl/issues/3814

5 years agoCURLOPT_SEEKDATA.3: fix variable name
Stefano Simonelli [Tue, 16 Jul 2019 14:34:09 +0000 (16:34 +0200)]
CURLOPT_SEEKDATA.3: fix variable name

Closes https://github.com/curl/curl/pull/4118

5 years agoCIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
georgeok [Wed, 10 Jul 2019 11:34:17 +0000 (14:34 +0300)]
CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH

If the SSL backend is Schannel and the user specifies an Schannel CALG_
that is not supported by the protocol or the server then curl returns
CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH.

Fixes https://github.com/curl/curl/issues/3389
Closes https://github.com/curl/curl/pull/4106

5 years agonss: inspect returnvalue of token check
Daniel Gustafsson [Fri, 12 Jul 2019 14:13:31 +0000 (16:13 +0200)]
nss: inspect returnvalue of token check

PK11_IsPresent() checks for the token for the given slot is available,
and sets needlogin flags for the PK11_Authenticate() call.  Should it
return false, we should however treat it as an error and bail out.

Closes https://github.com/curl/curl/pull/4110

5 years agodocs: Explain behavior change in --tlsv1. options since 7.54
Jay Satiro [Tue, 16 Jul 2019 16:27:35 +0000 (12:27 -0400)]
docs: Explain behavior change in --tlsv1. options since 7.54

Since 7.54 --tlsv1. options use the specified version or later, however
older versions of curl documented it as using just the specified version
which may or may not have happened depending on the TLS library.
Document this discrepancy to allay confusion for users familiar with the
old documentation that expect just the specified version.

Fixes https://github.com/curl/curl/issues/4097
Closes https://github.com/curl/curl/pull/4119

5 years agolibcurl: Restrict redirect schemes (follow-up)
Jay Satiro [Tue, 16 Jul 2019 07:35:54 +0000 (03:35 -0400)]
libcurl: Restrict redirect schemes (follow-up)

- Allow FTPS on redirect.

- Update default allowed redirect protocols in documentation.

Follow-up to 6080ea0.

Ref: https://github.com/curl/curl/pull/4094

Closes https://github.com/curl/curl/pull/4115

5 years agotest1173: make it also check all libcurl option man pages
Daniel Stenberg [Tue, 16 Jul 2019 09:23:59 +0000 (11:23 +0200)]
test1173: make it also check all libcurl option man pages

... and adjust those that cause errors

Closes #4116

5 years agocurl: only accept COLUMNS less than 10000
Daniel Stenberg [Mon, 15 Jul 2019 21:52:43 +0000 (23:52 +0200)]
curl: only accept COLUMNS less than 10000

... as larger values would rather indicate something silly (and could
potentially cause buffer problems).

Reported-by: pendrek at hackerone
Closes #4114

5 years agodist: add manpage-syntax.pl
Daniel Stenberg [Mon, 15 Jul 2019 13:24:25 +0000 (15:24 +0200)]
dist: add manpage-syntax.pl

follow-up to 7fb66c403

5 years agotest1173: detect some basic man page format mistakes
Daniel Stenberg [Sun, 14 Jul 2019 23:38:39 +0000 (01:38 +0200)]
test1173: detect some basic man page format mistakes

Triggered by PR #4111

Closes #4113

5 years agodocs: Fix missing lines caused by undefined macros
Bjarni Ingi Gislason [Tue, 2 Apr 2019 21:55:11 +0000 (21:55 +0000)]
docs: Fix missing lines caused by undefined macros

- Escape apostrophes at line start.

Some lines begin with a "'" (apostrophe, single quote), which is then
interpreted as a control character in *roff.

Such lines are interpreted as being a call to a macro, and if
undefined, the lines are removed from the output.

Bug: https://bugs.debian.org/926352
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Submitted-by: Alessandro Ghedini
Closes https://github.com/curl/curl/pull/4111

5 years agolibcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults
Daniel Stenberg [Sun, 14 Jul 2019 14:32:50 +0000 (16:32 +0200)]
libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults

follow-up to 6080ea098

5 years agolibcurl: Add testcase for gopher redirects
Linos Giannopoulos [Wed, 10 Jul 2019 11:11:57 +0000 (14:11 +0300)]
libcurl: Add testcase for gopher redirects

The testcase ensures that redirects to CURLPROTO_GOPHER won't be
allowed, by default, in the future. Also, curl is being used
for convenience while keeping the testcases DRY.

The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is
redirected to CURLPROTO_GOPHER

Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
5 years agolibcurl: Restrict redirect schemes
Linos Giannopoulos [Fri, 5 Jul 2019 14:48:07 +0000 (17:48 +0300)]
libcurl: Restrict redirect schemes

All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS
counterpart were allowed for redirect. This vastly broadens the
exploitation surface in case of a vulnerability such as SSRF [1], where
libcurl-based clients are forced to make requests to arbitrary hosts.

For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based
protocol by URL-encoding a payload in the URI. Gopher will open a TCP
connection and send the payload.

Only HTTP/HTTPS and FTP are allowed. All other protocols have to be
explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS.

[1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/

Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
Closes #4094

5 years agoopenssl: define HAVE_SSL_GET_SHUTDOWN based on version number
Zenju [Tue, 9 Jul 2019 09:24:41 +0000 (11:24 +0200)]
openssl: define HAVE_SSL_GET_SHUTDOWN based on version number

Closes #4100

5 years agohttp: allow overriding timecond with custom header
Peter Simonyi [Wed, 10 Jul 2019 22:42:35 +0000 (18:42 -0400)]
http: allow overriding timecond with custom header

With CURLOPT_TIMECONDITION set, a header is automatically added (e.g.
If-Modified-Since).  Allow this to be replaced or suppressed with
CURLOPT_HTTPHEADER.

Fixes #4103
Closes #4109

5 years agosmb: Use the correct error code for access denied on file open
Juergen Hoetzel [Sun, 7 Jul 2019 15:10:24 +0000 (17:10 +0200)]
smb: Use the correct error code for access denied on file open

- Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open.

Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead.

Closes https://github.com/curl/curl/pull/4095

5 years agoDEPRECATE: fixup versions and spelling
Daniel Gustafsson [Wed, 10 Jul 2019 11:12:40 +0000 (13:12 +0200)]
DEPRECATE: fixup versions and spelling

Correctly set the July 17 version to 7.65.2, and update spelling to
be consistent. Also fix a typo.

Closes https://github.com/curl/curl/pull/4107

5 years agosystem_win32: fix clang warning
Gisle Vanem [Thu, 11 Jul 2019 06:26:57 +0000 (02:26 -0400)]
system_win32: fix clang warning

- Declare variable in header as extern.

Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597

5 years agoheaders: Remove no longer exported functions
Daniel Gustafsson [Wed, 10 Jul 2019 17:26:40 +0000 (19:26 +0200)]
headers: Remove no longer exported functions

There were a leftover few prototypes of Curl_ functions that we used to
export but no longer do, this removes those prototypes and cleans up any
comments still referring to them.

Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free()
Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn()
were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c.
Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3.

For the remainder, I didn't trawl the Git logs hard enough to capture
their exact time of deletion, but they were all gone: Curl_splayprint(),
Curl_http2_send_request(), Curl_global_host_cache_dtor(),
Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(),
Curl_http_auth_stage() and Curl_close_connections().

Closes #4096
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agoCMake: fix typos and spelling
Daniel Gustafsson [Tue, 9 Jul 2019 20:27:59 +0000 (22:27 +0200)]
CMake: fix typos and spelling

5 years agoCMake: Convert errant elseif() to else()
Kyle Edwards [Tue, 9 Jul 2019 14:03:06 +0000 (10:03 -0400)]
CMake: Convert errant elseif() to else()

CMake interprets an elseif() with no arguments as elseif(FALSE),
resulting in the elseif() block not being executed. That is not what
was intended here. Change the empty elseif() to an else() as it was
intended.

Closes #4101
Reported-by: Artalus <artalus-mail@yandex.ru>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
5 years agobuildconf: fix header filename
Daniel Gustafsson [Tue, 9 Jul 2019 15:33:07 +0000 (17:33 +0200)]
buildconf: fix header filename

The header file inclusion had a typo, it should be .h and not .hd.
Fix by renaming.

Fixes #4102
Reported-by: AceCrow on Github
5 years agoconfigure: fix --disable-code-coverage
Jan Chren [Mon, 8 Jul 2019 20:20:26 +0000 (20:20 +0000)]
configure: fix --disable-code-coverage

This fixes the case when --disable-code-coverage supplied to ./configure
would result in coverage="yes" being set.

Closes #4099
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
5 years agocleanup: fix typo in comment
Daniel Gustafsson [Mon, 8 Jul 2019 11:19:35 +0000 (13:19 +0200)]
cleanup: fix typo in comment

5 years agoRELEASE-NOTES: synced
Daniel Gustafsson [Mon, 8 Jul 2019 10:56:20 +0000 (12:56 +0200)]
RELEASE-NOTES: synced

5 years agonss: support using libnss on macOS
Daniel Gustafsson [Wed, 19 Jun 2019 20:28:20 +0000 (22:28 +0200)]
nss: support using libnss on macOS

The file suffix for dynamically loadable objects on macOS is .dylib,
which need to be added for the module definitions in order to get the
NSS TLS backend to work properly on macOS.

Closes https://github.com/curl/curl/pull/4046