1 _ _ ____ _ 2 ___| | | | _ \| | 3 / __| | | | |_) | | 4 | (__| |_| | _ <| |___ 5 \___|\___/|_| \_\_____| 6 7 Changelog 8 9Version 7.73.0 (14 Oct 2020) 10 11Daniel Stenberg (14 Oct 2020) 12- RELEASE-NOTES: synced 13 14 for 7.73.0 15 16- THANKS: from 7.73.0 and .mailmap fixes 17 18- mailmap: fixups of some contributors 19 20- projects/build-wolfssl.bat: fix the copyright year range 21 22Marc Hoersken (14 Oct 2020) 23- [Sergei Nikulov brought this change] 24 25 CI/tests: fix invocation of tests for CMake builds 26 27 Update appveyor.yml to set env variable TFLAGS and run tests 28 Remove curly braces due to CMake error (${TFLAGS} -> $TFLAGS) 29 Move testdeps build to build step (per review comments) 30 31 Reviewed-by: Marc Hörsken 32 33 Closes #6066 34 Fixes #6052 35 36- tests/server/util.c: fix support for Windows Unicode builds 37 38 Detected via #6066 39 Closes #6070 40 41Daniel Stenberg (13 Oct 2020) 42- [Jay Satiro brought this change] 43 44 strerror: Revert to local codepage for Windows error string 45 46 - Change get_winapi_error() to return the error string in the local 47 codepage instead of UTF-8 encoding. 48 49 Two weeks ago bed5f84 fixed get_winapi_error() to work on xbox, but it 50 also changed the error string's encoding from local codepage to UTF-8. 51 52 We return the local codepage version of the error string because if it 53 is output to the user's terminal it will likely be with functions which 54 expect the local codepage (eg fprintf, failf, infof). 55 56 This is essentially a partial revert of bed5f84. The support for xbox 57 remains but the error string is reverted back to local codepage. 58 59 Ref: https://github.com/curl/curl/pull/6005 60 61 Reviewed-by: Marcel Raad 62 Closes #6065 63 64Marc Hoersken (13 Oct 2020) 65- CI/tests: use verification curl for test reporting APIs 66 67 Avoid using our own, potentially installed, curl for 68 the test reporting APIs in case it is broken. 69 70 Reviewed-by: Daniel Stenberg 71 72 Preparation for #6049 73 Closes #6063 74 75Viktor Szakats (12 Oct 2020) 76- windows: fix comparison of mismatched types warning 77 78 clang 10, mingw-w64: 79 ``` 80 vtls/openssl.c:2917:33: warning: comparison of integers of different signs: 'DWORD' (aka 'unsigned long') and 'HRESULT' (aka 'long') 81 [-Wsign-compare] 82 if(GetLastError() != CRYPT_E_NOT_FOUND) 83 ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~ 84 ``` 85 86 Approved-by: Daniel Stenberg 87 Closes #6062 88 89Daniel Stenberg (11 Oct 2020) 90- [Viktor Szakats brought this change] 91 92 src/Makefile.m32: fix undefined curlx_dyn_* errors 93 94 by linking `lib/dynbuf.c` when building a static curl binary. 95 Previously this source file was only included when building 96 a dynamic curl binary. This was likely possibly because no 97 functions from the `src/Makefile.inc` / `CURLX_CFILES` sources 98 were actually required for a curl tool build. This has 99 recently changed with the introduction of `curlx_dyn_*()` 100 memory functions and their use by the tool sources. 101 102 Closes #6060 103 104- HISTORY: curl verifies SSL certs by default since version 7.10 105 106Marc Hoersken (8 Oct 2020) 107- runtests.pl: use $LIBDIR variable instead of hardcoded path 108 109 Reviewed-by: Daniel Stenberg 110 Closes #6051 111 112Daniel Stenberg (7 Oct 2020) 113- checksrc: detect // comments on column 0 114 115 Spotted while working on #6045 116 117 Closes #6048 118 119- [Frederik Wedel-Heinen brought this change] 120 121 mbedtls: add missing header when defining MBEDTLS_DEBUG 122 123 Closes #6045 124 125- curl: make sure setopt CURLOPT_IPRESOLVE passes on a long 126 127 Previously, it would pass on a define (int) which could make libcurl 128 read junk as a value - which prevented the CURLOPT_IPRESOLVE option to 129 "take". This could then make test 2100 do two DoH requests instead of 130 one! 131 132 Fixes #6042 133 Closes #6043 134 135- RELEASE-NOTES: synced 136 137- scripts/release-notes.pl: don't "embed" $ in format string for printf() 138 139 ... since they might contain %-codes that mess up the output! 140 141Jay Satiro (5 Oct 2020) 142- [M.R.T brought this change] 143 144 build-wolfssl: fix build with Visual Studio 2019 145 146 Closes https://github.com/curl/curl/pull/6033 147 148Daniel Stenberg (4 Oct 2020) 149- runtests: add %repeat[]% for test files 150 151 ... and use this new keywords in all the test files larger than 50K to reduce 152 their sizes and make them a lot easier to read and understand. 153 154 Closes #6040 155 156- [Emil Engler brought this change] 157 158 --help: move two options from the misc category 159 160 The cmdline opts delegation and suppress-connect-headers 161 fit better into auth and proxy rather than misc. 162 163 Follow-up to aa8777f63febc 164 Closes #6038 165 166- [Samanta Navarro brought this change] 167 168 docs/opts: fix typos in two manual pages 169 170 Closes #6039 171 172- ldap: reduce the amount of #ifdefs needed 173 174 Closes #6035 175 176- runtests: provide curl's version string as %VERSION for tests 177 178 ... so that we can check HTTP requests for User-Agent: curl/%VERSION 179 180 Update 600+ test cases accordingly. 181 182 Closes #6037 183 184- checksrc: warn on space after exclamation mark 185 186 Closes #6034 187 188- test1465: verify --libcurl with binary POST data 189 190- runtests: allow generating a binary sequence from hex 191 192- tool_setopt: escape binary data to hex, not octal 193 194- curl: make --libcurl show binary posts correctly 195 196 Reported-by: Stephan Mühlstrasser 197 Fixes #6031 198 Closes #6032 199 200Jay Satiro (1 Oct 2020) 201- strerror: fix null deref on winapi out-of-memory 202 203 Follow-up to bed5f84 from several days ago. 204 205 Ref: https://github.com/curl/curl/pull/6005 206 207Daniel Stenberg (1 Oct 2020) 208- [Kamil Dudka brought this change] 209 210 vtls: deduplicate some DISABLE_PROXY ifdefs 211 212 ... in the code of gtls, nss, and openssl 213 214 Closes #5735 215 216- RELEASE-NOTES: synced 217 218- [Emil Engler brought this change] 219 220 TODO: Add OpenBSD libtool notice 221 222 See #5862 223 Closes #6030 224 225- tests/unit/README: convert to markdown 226 227 ... and add to dist! 228 229 Closes #6028 230 231- tests/README: convert to markdown 232 233 Closes #6028 234 235- include/README: convert to markdown 236 237 Closes #6028 238 239- examples/README: convert to markdown 240 241 Closes #6028 242 243- configure: don't say HTTPS-proxy is enabled when disabled! 244 245 Reported-by: Kamil Dudka 246 Reviewed-by: Kamil Dudka 247 Bug: https://github.com/curl/curl/pull/5735#issuecomment-701376388 248 Closes #6029 249 250Daniel Gustafsson (30 Sep 2020) 251- src: Consistently spell whitespace without whitespace 252 253 Whitespace is spelled without a space between white and space, so 254 make sure to consistently spell it that way across the codebase. 255 256 Closes #6023 257 Reviewed-by: Daniel Stenberg <daniel@haxx.se> 258 Reviewed-by: Emil Engler <me@emilengler.com> 259 260- MANUAL: update examples to resolve without redirects 261 262 www.netscape.com is redirecting to a cookie consent form on Aol, and 263 cool.haxx.se isn't responding to FTP anymore. Replace with examples 264 that resolves in case users try out the commands when reading the 265 manual. 266 267 Closes #6024 268 Reviewed-by: Daniel Stenberg <daniel@haxx.se> 269 Reviewed-by: Emil Engler <me@emilengler.com> 270 271Daniel Stenberg (30 Sep 2020) 272- HISTORY: add some 2020 events 273 274- sectransp: make it build with --disable-proxy 275 276 Follow-up from #5466 and f3d501dc678d80 277 Reported-by: Javier Navarro 278 Fixes #6025 279 Closes #6026 280 281- ECH: renamed from ESNI in docs and configure 282 283 Encrypted Client Hello (ECH) is the current name. 284 285 Closes #6022 286 287- configure: use "no" instead of "disabled" for the end summary 288 289 ... for consistency but also to make them more distinctly stand out next 290 to the "enabled" lines. 291 292- TODO: SSH over HTTPS proxy with more backends 293 294 ... as right now only the libssh2 backend supports it. 295 296- libssh2: handle the SSH protocols done over HTTPS proxy 297 298 Reported-by: Robin Douine 299 Fixes #4295 300 Closes #6021 301 302- [Emil Engler brought this change] 303 304 memdebug: remove 9 year old unused debug function 305 306 There used to be a way to have memdebug fill allocated memory. 9 years 307 later this has no value there (valgrind and ASAN etc are way better). If 308 people need to know about it they can have a look at VCS logs. 309 310 Closes #5973 311 312- sendf: move Curl_sendf to dict.c and make it static 313 314 ... as the only remaining user of that function. Also fix gopher.c to 315 instead use Curl_write() 316 317 Closes #6020 318 319- ROADMAP: updates and cleanups 320 321 Fix the HSTS PR 322 323 Remove DoT, thread-safe init and hard-coded localhost. I feel very 324 little interest for these with users so I downgrade them to plain "TODO" 325 entries again. 326 327- schannel: return CURLE_PEER_FAILED_VERIFICATION for untrusted root 328 329 This matches what is returned in other TLS backends in the same 330 situation. 331 332 Reviewed-by: Jay Satiro 333 Reviewed-by: Emil Engler 334 Follow-up to 5a3efb1 335 Reported-by: iammrtau on github 336 Fixes #6003 337 Closes #6018 338 339- RELEASE-NOTES: synced 340 341- ftp: make a 552 response return CURLE_REMOTE_DISK_FULL 342 343 Added test 348 to verify. Added a 'STOR' command to the test FTP 344 server to enable test 348. Documented the command in FILEFORMAT.md 345 346 Reported-by: Duncan Wilcox 347 Fixes #6016 348 Closes #6017 349 350- pause: only trigger a reread if the unpause sticks 351 352 As an unpause might itself get paused again and then triggering another 353 reread doesn't help. 354 355 Follow-up from e040146f22608fd9 (shipped since 7.69.1) 356 357 Bug: https://curl.haxx.se/mail/lib-2020-09/0081.html 358 Patch-by: Kunal Chandarana 359 Fixes #5988 360 Closes #6013 361 362- test163[12]: require http to be built-in to run 363 364 ... as speaking over an HTTPS proxy implies http! 365 366 Closes #6014 367 368- ngtcp2: adapt to new NGTCP2_PROTO_VER_MAX define 369 370 Closes #6012 371 372- [Javier Blazquez brought this change] 373 374 strerror: honor Unicode API choice on Windows 375 376 Closes #6005 377 378- imap: make imap_send use dynbuf for the send buffer management 379 380 Reuses the buffer and thereby reduces number of mallocs over a transfer. 381 382 Closes #6010 383 384- Curl_send: return error when pre_receive_plain can't malloc 385 386 ... will probably trigger some false DEAD CODE positives on non-windows 387 code analyzers for the conditional code. 388 389 Closes #6011 390 391- ftp: separate FTPS from FTP over "HTTPS proxy" 392 393 When using HTTPS proxy, SSL is used but not in the view of the FTP 394 protocol handler itself so separate the connection's use of SSL from the 395 FTP control connection's sue. 396 397 Reported-by: Mingtao Yang 398 Fixes #5523 399 Closes #6006 400 401Dan Fandrich (23 Sep 2020) 402- tests/data: Fix some mismatched XML tags in test cases 403 404 This allows these test files to pass xmllint. 405 406Daniel Stenberg (23 Sep 2020) 407- pingpong: use a dynbuf for the *_pp_sendf() function 408 409 ... reuses the same dynamic buffer instead of doing repeated malloc/free 410 cycles. 411 412 Test case 100 (FTP dir list PASV) does 7 fewer memory allocation calls 413 after this change in my test setup (132 => 125), curl 7.72.0 needed 140 414 calls for this. 415 416 Test case 103 makes 9 less allocations now (130). Down from 149 in 417 7.72.0. 418 419 Closes #6004 420 421- dynbuf: add Curl_dyn_vaddf 422 423 Closes #6004 424 425- dynbuf: make *addf() not require extra mallocs 426 427 ... by introducing a printf() function that appends directly into a 428 dynbuf: Curl_dyn_vprintf(). This avoids the mandatory extra malloc so if 429 the buffer is already big enough it can just printf directly into it. 430 431 Since this less-malloc version requires tthe use of a library internal 432 printf function, we only provide this version when building libcurl and 433 not for the dynbuf code that is used when building the curl tool. 434 435 Closes #5998 436 437- KNOWN_BUGS: Unable to use PKCS12 certificate with Secure Transport 438 439 Closes #5403 440 441- pingpong: remove a malloc per Curl_pp_vsendf call 442 443 This typically makes 7-9 fewer mallocs per FTP transfer. 444 445 Closes #5997 446 447- symbian: drop support 448 449 The OS is deprecated. I see no traces of anyone having actually built 450 curl for Symbian after 2012. 451 452 The public headers are unmodified. 453 454 Closes #5989 455 456- RELEASE-NOTES: synced 457 458- curl_krb5.h: rename from krb5.h 459 460 Follow-up from f4873ebd0be32cf 461 462 Turns out some older openssl installations go bananas otherwise. 463 Reported-by: Tom van der Woerdt 464 Fixes #5995 465 Closes #5996 466 467- test1297: verify GOT_NOTHING with http proxy tunnel 468 469- http_proxy: do not count proxy headers in the header bytecount 470 471 ... as that counter is subsequently used to detect if nothing was 472 returned from the peer. This made curl return CURLE_OK when it should 473 have returned CURLE_GOT_NOTHING. 474 475 Fixes #5992 476 Reported-by: Tom van der Woerdt 477 Closes #5994 478 479- setopt: return CURLE_BAD_FUNCTION_ARGUMENT on bad argument 480 481 Fixed two return code mixups. CURLE_UNKNOWN_OPTION is saved for when the 482 option is, yeah, not known. Clarified this in the setopt man page too. 483 484 Closes #5993 485 486- krb5: merged security.c and krb specific FTP functions in here 487 488 These two files were always tightly connected and it was hard to 489 understand what went into which. This also allows us to make the 490 ftpsend() function static (moved from ftp.c). 491 492 Removed security.c 493 Renamed curl_sec.h to krb5.h 494 495 Closes #5987 496 497- Curl_handler: add 'family' to each protocol 498 499 Makes get_protocol_family() faster and it moves the knowledge about the 500 "families" to each protocol handler, where it belongs. 501 502 Closes #5986 503 504- parsedate: tune the date to epoch conversion 505 506 By avoiding an unnecessary error check and the temp use of the tm 507 struct, the time2epoch conversion function gets a little bit faster. 508 When repeating test 517, the updated version is perhaps 1% faster (on 509 one particular build on one particular architecture). 510 511 Closes #5985 512 513- cmake: remove scary warning 514 515 Remove the text saying 516 517 "the curl cmake build system is poorly maintained. Be aware" 518 519 ... not because anything changed just now, but to encourage users to use 520 it and subsequently improve it. 521 522 Closes #5984 523 524- docs/MQTT: remove outdated paaragraphs 525 526- docs/MQTT: not experimental anymore 527 528 Follow-up to e37e4468688d8f 529 530- docs/RESOURCES: remove 531 532 This document is not maintained and rather than trying to refresh it, 533 let's kill it. A more up-to-date document with relevant RFCs is this 534 page on the curl website: https://curl.haxx.se/rfc/ 535 536 Closes #5980 537 538- docs/TheArtOfHttpScripting: convert to markdown 539 540 Makes it easier to browse on github etc. Offers (better) links. 541 542 It should be noted that this document is already mostly outdated and 543 "Everything curl" at https://ec.haxx.se/ is a better resource and 544 tutorial. 545 546 Closes #5981 547 548- BUGS: convert document to markdown 549 550 Closes #5979 551 552- --help: strdup the category 553 554 ... since it is converted and the original pointer is freed on Windows 555 unicode handling. 556 557 Follow-up to aa8777f63febc 558 Fixes #5977 559 Closes #5978 560 Reported-by: xwxbug on github 561 562- CHECKSRC: document two missing warnings 563 564- RELEASE-NOTES: synced 565 566- ftp: avoid risk of reading uninitialized integers 567 568 If the received PASV response doesn't match the expected pattern, we 569 could end up reading uninitialized integers for IP address and port 570 number. 571 572 Issue pointed out by muse.dev 573 Closes #5972 574 575- [Quentin Balland brought this change] 576 577 easy_reset: clear retry counter 578 579 Closes #5975 580 Fixes #5974 581 582- ftp: get rid of the PPSENDF macro 583 584 The use of such a macro hides some of what's actually going on to the 585 reader and is generally disapproved of in the project. 586 587 Closes #5971 588 589- man pages: switch to https://example.com URLs 590 591 Since HTTPS is "the new normal", this update changes a lot of man page 592 examples to use https://example.com instead of the previous "http://..." 593 594 Closes #5969 595 596- github: remove the duplicate "Security vulnerability" entry 597 598 ... since github adds an entry automatically by itself. 599 600 Closes #5970 601 602- [Emil Engler brought this change] 603 604 github: use new issue template feature 605 606 This helps us to avoid getting feature requests as well as security 607 bugs reported into the issue tracker. 608 609 Closes #5936 610 611- [Emil Engler brought this change] 612 613 urlapi: use more Curl_safefree 614 615 Closes #5968 616 617Marc Hoersken (17 Sep 2020) 618- multi: align WinSock mask variables in Curl_multi_wait 619 620 Also skip pre-checking sockets to set timeout_ms to 0 621 after the first socket has been detected to be ready. 622 623 Reviewed-by: rcombs on github 624 Reviewed-by: Daniel Stenberg 625 626 Follow up to #5886 627 628- multi: reuse WinSock events variable in Curl_multi_wait 629 630 Since the struct is quite large (1 long and 10 ints) we 631 declare it once at the beginning of the function instead 632 of multiple times inside loops to avoid stack movements. 633 634 Reviewed-by: Viktor Szakats 635 Reviewed-by: Daniel Stenberg 636 637 Closes #5886 638 639Daniel Stenberg (16 Sep 2020) 640- TODO: dynamically decide to use socketpair 641 642 Suggested-by: Anders Bakken 643 644 Closes #4829 645 646- TODO: add PR reference for native IDN support on macOS 647 648 As there was work started on this that never got completed. 649 650 Closes #5371 651 652- tool_help.h: update copyright year range 653 654 Follow-up from aa8777f63febca 655 656- CI/azure: disable test 571 in the msys2 builds 657 658 It's just too flaky there 659 660 Reviewed-by: Marc Hoersken 661 Closes #5954 662 663- tool_writeout: protect fputs() from NULL 664 665 When the code was changed to do fputs() instead of fprintf() it got 666 sensitive for NULL pointers; add checks for that. 667 668 Follow-up from 0c1e767e83ec66 669 670 Closes #5963 671 672- test3015: verify stdout "as text" 673 674 Follow-up from 0c1e767e83e to please win32 tests 675 676 Closes #5962 677 678- travis: use libressl v3.1.4 instead of master 679 680 ... as their git master seems too fragile to use (and 3.2.1 which is the 681 latest has a build failure). 682 683 Closes #5964 684 685- tests/FILEFORMAT: document type=shell for <command> 686 687- tests/FILEFORMAT: document nonewline support for <file> 688 689 The one in <client>, that creates files. 690 691 Follow-up from b83947c8df7 692 693- [anio brought this change] 694 695 tool_writeout: add new writeout variable, %{num_headers} 696 697 This variable gives the number of headers. 698 699 Closes #5947 700 701- tool_urlglob: fix compiler warning "unreachable code" 702 703 (On Windows builds.) 704 705 Follow-up to 70a3b003d9 706 707- [Gergely Nagy brought this change] 708 709 vtls: deduplicate client certificates in ssl_config_data 710 711 Closes #5629 712 713- ftp: a 550 response to SIZE returns CURLE_REMOTE_FILE_NOT_FOUND 714 715 This is primarily interesting for cases where CURLOPT_NOBODY is set as 716 previously curl would not return an error for this case. 717 718 MDTM getting 550 now also returns this error (it returned 719 CURLE_FTP_COULDNT_RETR_FILE before) in order to unify return codes for 720 missing files across protocols and specific FTP commands. 721 722 libcurl already returns error on a 550 as a MDTM response (when 723 CURLOPT_FILETIME is set). If CURLOPT_NOBODY is not set, an error would 724 happen subsequently anyway since the RETR command would fail. 725 726 Add test 1913 and 1914 to verify. Updated several tests accordingly due 727 to the updated SIZE behavior. 728 729 Reported-by: Tomas Berger 730 Fixes #5953 731 Closes #5957 732 733- curl: make checkpasswd use dynbuf 734 735 Closes #5952 736 737- curl: make glob_match_url use dynbuf 738 739 Closes #5952 740 741- curl: make file2memory use dynbuf 742 743 Closes #5952 744 745- curl: make file2string use dynbuf 746 747 Closes #5952 748 749- [Antarpreet Singh brought this change] 750 751 imap: set cselect_bits to CURL_CSELECT_IN initially 752 753 ... when continuing a transfer from a FETCH response. 754 755 When the size of the file was small enough that the entirety of the 756 transfer happens in a single go and schannel buffers holds the entire 757 data. However, it wasn't completely read in Curl_pp_readresp since a 758 line break was found before that could happen. So, by the time we are in 759 imap_state_fetch_resp - there's data in buffers that needs to be read 760 via Curl_read but nothing to read from the socket. After we setup a 761 transfer (Curl_setup_transfer), curl just waits on the socket state to 762 change - which doesn't happen since no new data ever comes. 763 764 Closes #5961 765 766- RELEASE-NOTES: synced 767 768- test434: test -K use in a single line without newline 769 770 Closes #5946 771 772- runtests: allow creating files without newlines 773 774 Closes #5946 775 776- curl: use curlx_dynbuf for realloc when loading config files 777 778 ... fixes an integer overflow at the same time. 779 780 Reported-by: ihsinme on github 781 Assisted-by: Jay Satiro 782 783 Closes #5946 784 785- dynbuf: provide curlx_ names for reuse by the curl tool 786 787 Closes #5946 788 789- dynbuf: make sure Curl_dyn_tail() zero terminates 790 791 Closes #5959 792 793- tests: add test1912 to the dist 794 795 Follow-up to 70984ce1be4cab6c 796 797- docs/LICENSE-MIXING: remove 798 799 This document is not maintained and I feel that it doesn't provide much 800 value to users anymore (if it ever did). 801 802 Closes #5955 803 804- [Laramie Leavitt brought this change] 805 806 http: consolidate nghttp2_session_mem_recv() call paths 807 808 Previously there were several locations that called 809 nghttp2_session_mem_recv and handled responses slightly differently. 810 Those have been converted to call the existing 811 h2_process_pending_input() function. 812 813 Moved the end-of-session check to h2_process_pending_input() since the 814 only place the end-of-session state can change is after nghttp2 815 processes additional input frames. 816 817 This will likely fix the fuzzing error. While I don't have a root cause 818 the out-of-bounds read seems like a use after free, so moving the 819 nghttp2_session_check_request_allowed() call to a location with a 820 guaranteed nghttp2 session seems reasonable. 821 822 Also updated a few nghttp2 callsites to include error messages and added 823 a few additional error checks. 824 825 Closes #5648 826 827- HISTORY: mention alt-svc added in 2019 828 829 ... and make 1996 the first year subtitle 830 831- base64: also build for pop3 and imap 832 833 Follow-up to the fix in 20417a13fb8f83 834 835 Reported-by: Michael Olbrich 836 Fixes #5937 837 Closes #5948 838 839- base64: enable in build with SMTP 840 841 The oauth2 support is used with SMTP and it uses base64 functions. 842 843 Reported-by: Michael Olbrich 844 Fixes #5937 845 Closes #5938 846 847- curl_mime_headers.3: fix the example's use of curl_slist_append 848 849 Reported-by: sofaboss on github 850 Fixes #5942 851 Closes #5943 852 853- lib583: fix enum mixup 854 855 grrr the previous follow-up to 17fcdf6a31 was wrong 856 857- libtest: fix build errors 858 859 Follow-up from 17fcdf6a310d4c8076 860 861- lib: fix -Wassign-enum warnings 862 863 configure --enable-debug now enables -Wassign-enum with clang, 864 identifying several enum "abuses" also fixed. 865 866 Reported-by: Gisle Vanem 867 Bug: https://github.com/curl/curl/commit/879007f8118771f4896334731aaca5850a154675#commitcomment-42087553 868 869 Closes #5929 870 871- RELEASE-NOTES: synced 872 873- [Diven Qi brought this change] 874 875 url: use blank credentials when using proxy w/o username and password 876 877 Fixes proxy regression brought in commit ad829b21ae (7.71.0) 878 879 Fixed #5911 880 Closes #5914 881 882- travis: add a build using libressl (from git master) 883 884 The v3.2.1 tag (latest release atm) results in a broken build. 885 886 Closes #5932 887 888- configure: let --enable-debug set -Wenum-conversion with gcc >= 10 889 890 Unfortunately, this option is not detecting the same issues as clang's 891 -Wassign-enum flag, but should still be useful to detect future 892 mistakes. 893 894 Closes #5930 895 896- openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification 897 898 If the error reason from the lib is 899 SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return 900 CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR. 901 902 This unifies the libcurl return code and makes libressl run test 313 903 (CRL testing) fine. 904 905 Closes #5934 906 907- FAQ: refreshed some very old language 908 909- cmake: make HTTP_ONLY also disable MQTT 910 911 ... and alphasort the order of disabling protocols to make it easier to 912 browse. 913 914 Closes #5931 915 916- libtest: remove lib1541 leftovers 917 918 Caused automake errors. 919 920 Follow-up to 8ca54a03ea08a 921 922- tests/libtests: remove test 1900 and 2033 923 924 We already remove the test files, now remove the libtest codes as well. 925 926 Follow-up to e50a877df74 927 928Marc Hoersken (7 Sep 2020) 929- CI/azure: add test number to title for display in analytics 930 931 To ease identification of tests the test number is added to 932 the test case title in order to have it on the Azure DevOps 933 Analytics pages and reports which currently do not show it. 934 935 Bump test case revision to make Azure DevOps update titles. 936 937 Closes #5927 938 939Daniel Stenberg (6 Sep 2020) 940- altsvc: clone setting in curl_easy_duphandle 941 942 The cache content is not duplicated, like other caches, but the setting 943 and specified file name are. 944 945 Test 1908 is extended to verify this somewhat. Since the duplicated 946 handle gets the same file name, the test unfortunately overwrites the 947 same file twice (with different contents) which makes it hard to check 948 automatically. 949 950 Closes #5923 951 952- test1541: remove since it is a known bug 953 954 A shared connection cache is not thread-safe is a known issue. Stop 955 testing this until we believe this issue is addressed. Reduces 956 occasional test failures we don't care about. 957 958 The test code in lib1541.c is left in git to allow us to restore it when 959 we get to fix this. 960 961 Closes #5922 962 963- tests: remove pipelining tests 964 965 Remove the tests 530, 584, 1900, 1901, 1902, 1903 and 2033. They were 966 previously disabled. 967 968 The Pipelining code was removed from curl in commit 2f44e94efb3df8e, 969 April 2019. 970 971 Closes #5921 972 973- curl: retry delays in parallel mode no longer sleeps blocking 974 975 The previous sleep for retries would block all other concurrent 976 transfers. Starting now, the retry will instead be properly marked to 977 not get restarted until after the delay time but other transfers can 978 still continue in the mean time. 979 980 Closes #5917 981 982- curl:parallel_transfers: make sure retry readds the transfer 983 984 Reported-by: htasta on github 985 Fixes #5905 986 Closes #5917 987 988- build: drop support for building with Watcom 989 990 These files are not maintained, they seem to have no users, Watcom 991 compilers look like not having users nor releases anymore. 992 993 Closes #5918 994 995- winbuild/rundebug.cmd: remove 996 997 Seems to have been added by mistake? Not included in dists. 998 999 Closes #5919 1000 1001- curl: in retry output don't call all problems "transient" 1002 1003 ... because when --retry-all-errors is used, the error isn't necessarily 1004 transient at all. 1005 1006 Closes #5916 1007 1008- easygetopt: pass a valid enum to avoid compiler warning 1009 1010 "integer constant not in range of enumerated type 'CURLoption'" 1011 1012 Reported-by: Gisle Vanem 1013 Bug: https://github.com/curl/curl/commit/6ebe63fac23f38df911edc348e8ccc72280f9434#commitcomment-42042843 1014 1015 Closes #5915 1016 1017- [Emil Engler brought this change] 1018 1019 tests: Add tests for new --help 1020 1021 This commit is a part of "--help me if you can" 1022 1023 Closes #5680 1024 1025- [Emil Engler brought this change] 1026 1027 tool: update --help with categories 1028 1029 This commit is a part of "--help me if you can" 1030 1031 Closes #5680 1032 1033- [Emil Engler brought this change] 1034 1035 docs: add categories to all cmdline opts 1036 1037 Adapted gen.pl with 'listcats' 1038 1039 This commit is a part of "--help me if you can" 1040 1041 Closes #5680 1042 1043- RELEASE-NOTES: synced 1044 1045- [ihsinme brought this change] 1046 1047 connect.c: remove superfluous 'else' in Curl_getconnectinfo 1048 1049 Closes #5912 1050 1051- [Samuel Marks brought this change] 1052 1053 CMake: remove explicit `CMAKE_ANSI_CFLAGS` 1054 1055 This variable was removed from cmake in commit 1056 https://gitlab.kitware.com/cmake/cmake/commit/5a834b0bb0bc288. A later 1057 CMake commit removes the variable from the tests, claiming that it was 1058 removed in CMake 2.6 1059 1060 Reviewed-By: Peter Wu 1061 Closes #5439 1062 1063- [cbe brought this change] 1064 1065 libssh2: pass on the error from ssh_force_knownhost_key_type 1066 1067 Closes #5909 1068 1069- scripts/delta: add diffstat summary 1070 1071 ... and make output more table-like 1072 1073- [Martin Bašti brought this change] 1074 1075 http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set 1076 1077 ... in case NO_PROXY takes an effect 1078 1079 Without this patch, the following command crashes: 1080 1081 $ GIT_CURL_VERBOSE=1 NO_PROXY=github.com HTTPS_PROXY=https://example.com \ 1082 git clone https://github.com/curl/curl.git 1083 1084 Minimal libcurl-based reproducer: 1085 1086 #include <curl/curl.h> 1087 1088 int main() { 1089 CURL *curl = curl_easy_init(); 1090 if(curl) { 1091 CURLcode ret; 1092 curl_easy_setopt(curl, CURLOPT_URL, "https://github.com/"); 1093 curl_easy_setopt(curl, CURLOPT_PROXY, "example.com"); 1094 /* set the proxy type */ 1095 curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); 1096 curl_easy_setopt(curl, CURLOPT_NOPROXY, "github.com"); 1097 curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); 1098 ret = curl_easy_perform(curl); 1099 curl_easy_cleanup(curl); 1100 return ret; 1101 } 1102 return -1; 1103 } 1104 1105 Assisted-by: Kamil Dudka 1106 Bug: https://bugzilla.redhat.com/1873327 1107 Closes #5902 1108 1109- travis: add a CI job with openssl3 (from git master) 1110 1111 Closes #5908 1112 1113- openssl: avoid error conditions when importing native CA 1114 1115 The code section that is OpenSSL 3+ specific now uses the same logic as 1116 is used in the version < 3 section. It caused a compiler error without 1117 it. 1118 1119 Closes #5907 1120 1121- setopt: avoid curl_ on local variable 1122 1123 Closes #5906 1124 1125- mqtt.c: avoid curl_ prefix on local variable 1126 1127 Closes #5906 1128 1129- wildcard: strip "curl_" prefix from private symbols 1130 1131 Closes #5906 1132 1133- vtls: make it 'struct Curl_ssl_session' 1134 1135 Use uppercase C for internal symbols. 1136 1137 Closes #5906 1138 1139- curl_threads: make it 'struct Curl_actual_call' 1140 1141 Internal names should not be prefixed "curl_" 1142 1143 Closes #5906 1144 1145- schannel: make it 'struct Curl_schannel*' 1146 1147 As internal global names should use captical C. 1148 1149 Closes #5906 1150 1151- hash: make it 'struct Curl_hash' 1152 1153 As internal global names should use captical C. 1154 1155 Closes #5906 1156 1157- llist: make it "struct Curl_llist" 1158 1159 As internal global names should use captical C. 1160 1161 Closes #5906 1162 1163Marc Hoersken (2 Sep 2020) 1164- telnet.c: depend on static requirement of WinSock version 2 1165 1166 Drop dynamic loading of ws2_32.dll and instead rely on the 1167 imported version which is now required to be at least 2.2. 1168 1169 Reviewed-by: Marcel Raad 1170 Reviewed-by: Jay Satiro 1171 Reviewed-by: Daniel Stenberg 1172 Reviewed-by: Viktor Szakats 1173 1174 Closes #5854 1175 1176- win32: drop support for WinSock version 1, require version 2 1177 1178 IPv6, telnet and now also the multi API require WinSock 1179 version 2 which is available starting with Windows 95. 1180 1181 Therefore we think it is time to drop support for version 1. 1182 1183 Reviewed-by: Marcel Raad 1184 Reviewed-by: Jay Satiro 1185 Reviewed-by: Daniel Stenberg 1186 Reviewed-by: Viktor Szakats 1187 1188 Follow up to #5634 1189 Closes #5854 1190 1191- select: align poll emulation to return all relevant events 1192 1193 The poll emulation via select already consumes POLLRDNORM, 1194 POLLWRNORM and POLLRDBAND as input events. Therefore it 1195 should also return them as output events if signaled. 1196 1197 Also fix indentation in input event handling block. 1198 1199 Assisted-by: Jay Satiro 1200 Reviewed-by: Daniel Stenberg 1201 1202 Replaces #5852 1203 Closes #5883 1204 1205- CI/azure: MQTT is now enabled by default 1206 1207 Reviewed-by: Daniel Stenberg 1208 1209 Follow up to #5858 1210 Closes #5903 1211 1212Daniel Stenberg (2 Sep 2020) 1213- copyright.pl: ignore buildconf 1214 1215- test971: show test mismatches "inline" 1216 1217- lib/Makefile.am: bump VERSIONINFO due to new functions 1218 1219 ... we're generally bad at this, but we are adding new functions for 1220 this release. 1221 1222 Closes #5899 1223 1224- optiontable: use DEBUGBUILD 1225 1226 Follow-up to commit 6e18568ba38 (#5877) 1227 1228- cmdline-opts/gen.pl: generate nicer "See Also" in curl.1 1229 1230 If there are more than two items in the list, use commas for all but the 1231 last separator which is set to 'and'. Reads better. 1232 1233 Closes #5898 1234 1235- curl.1: add see also no-progress-meter on two spots 1236 1237 Ref: #5894 1238 1239 Closes #5897 1240 1241- RELEASE-NOTES: synced 1242 1243- mqtt: enable by default 1244 1245 No longer considered experimental. 1246 1247 Closes #5858 1248 1249- [Michael Baentsch brought this change] 1250 1251 tls: add CURLOPT_SSL_EC_CURVES and --curves 1252 1253 Closes #5892 1254 1255- url: remove funny embedded comments in Curl_disonnect calls 1256 1257- [Chris Paulson-Ellis brought this change] 1258 1259 conn: check for connection being dead before reuse 1260 1261 Prevents incorrect reuse of an HTTP connection that has been prematurely 1262 shutdown() by the server. 1263 1264 Partial revert of 755083d00deb16 1265 1266 Fixes #5884 1267 Closes #5893 1268 1269Marc Hoersken (29 Aug 2020) 1270- buildconf: exec autoreconf to avoid additional process 1271 1272 Also make buildconf exit with the return code of autoreconf. 1273 1274 Reviewed-by: Daniel Stenberg 1275 1276 Follow up to #5853 1277 Closes #5890 1278 1279- CI/azure: no longer ignore results of test 1013 1280 1281 Follow up to #5771 1282 Closes #5889 1283 1284- docs: add description about CI platforms to CONTRIBUTE.md 1285 1286 Reviewed-by: Daniel Stenberg 1287 Reviewed-by: Marcel Raad 1288 Reviewed-by: Jay Satiro 1289 1290 Closes #5882 1291 1292Daniel Stenberg (29 Aug 2020) 1293- tests/getpart: use MIME::Base64 instead of home-cooked 1294 1295 Since we already use the base64 package since a while back, we can just 1296 as well switch to that here too. 1297 1298 It also happens to use the exact same function name, which otherwise 1299 causes a run-time warning. 1300 1301 Reported-by: Marc Hörsken 1302 Fixes #5885 1303 Closes #5887 1304 1305Marcel Raad (29 Aug 2020) 1306- ntlm: fix condition for curl_ntlm_core usage 1307 1308 `USE_WINDOWS_SSPI` without `USE_WIN32_CRYPTO` but with any other DES 1309 backend is fine, but was excluded before. 1310 1311 This also fixes test 1013 as the condition for SMB support in 1312 configure.ac didn't match the condition in the source code. Now it 1313 does. 1314 1315 Fixes https://github.com/curl/curl/issues/1262 1316 Closes https://github.com/curl/curl/pull/5771 1317 1318- AppVeyor: switch 64-bit Schannel Debug CMake builds to Unicode 1319 1320 The Schannel builds are the most useful to verify as they make the most 1321 use of the Windows API. Classic MinGW doesn't support Unicode at all, 1322 only MinGW-w64 and MSVC do. 1323 1324 Closes https://github.com/curl/curl/pull/5843 1325 1326- CMake: add option to enable Unicode on Windows 1327 1328 As already existing for winbuild. 1329 1330 Closes https://github.com/curl/curl/pull/5843 1331 1332Marc Hoersken (29 Aug 2020) 1333- select: simplify return code handling for poll and select 1334 1335 poll and select already return -1 on error according to POSIX, 1336 so there is no need to perform a <0 to -1 conversion in code. 1337 1338 Also we can just use one check with <= 0 on the return code. 1339 1340 Assisted-by: Daniel Stenberg 1341 Reviewed-by: Jay Satiro 1342 1343 Replaces #5852 1344 Closes #5880 1345 1346Daniel Stenberg (28 Aug 2020) 1347- RELEASE-NOTES: synced 1348 1349- [Jeroen Ooms brought this change] 1350 1351 tests: add test1912 with typechecks 1352 1353 Validates that gcc-typecheck macros match the new option type API. 1354 1355 Closes #5873 1356 1357- easyoptions: provide debug function when DEBUGBUILD 1358 1359 ... not CURLDEBUG as they're not always set in conjunction. 1360 1361 Follow-up to 6ebe63fac23f38df 1362 1363 Fixes #5877 1364 Closes #5878 1365 1366Marc Hoersken (28 Aug 2020) 1367- sockfilt: handle FD_CLOSE winsock event on write socket 1368 1369 Learn from the way Cygwin handles and maps the WinSock events 1370 to simulate correct and complete poll and select behaviour 1371 according to Richard W. Stevens Network Programming book. 1372 1373 Follow up to #5867 1374 Closes #5879 1375 1376- multi: handle connection state winsock events 1377 1378 Learn from the way Cygwin handles and maps the WinSock events 1379 to simulate correct and complete poll and select behaviour 1380 according to Richard W. Stevens Network Programming book. 1381 1382 Reviewed-by: Jay Satiro 1383 Reviewed-by: Marcel Raad 1384 1385 Follow up to #5634 1386 Closes #5867 1387 1388Daniel Stenberg (28 Aug 2020) 1389- Curl_pgrsTime - return new time to avoid timeout integer overflow 1390 1391 Setting a timeout to INT_MAX could cause an immediate error to get 1392 returned as timeout because of an overflow when different values of 1393 'now' were used. 1394 1395 This is primarily fixed by having Curl_pgrsTime() return the "now" when 1396 TIMER_STARTSINGLE is set so that the parent function will continue using 1397 that time. 1398 1399 Reported-by: Ionuț-Francisc Oancea 1400 Fixes #5583 1401 Closes #5847 1402 1403- TLS: fix SRP detection by using the proper #ifdefs 1404 1405 USE_TLS_SRP will be true if *any* selected TLS backend can use SRP 1406 1407 HAVE_OPENSSL_SRP is defined when OpenSSL can use it 1408 1409 HAVE_GNUTLS_SRP is defined when GnuTLS can use it 1410 1411 Clarify in the curl_verison_info docs that CURL_VERSION_TLSAUTH_SRP is 1412 set if at least one of the supported backends offers SRP. 1413 1414 Reported-by: Stefan Strogin 1415 Fixes #5865 1416 Closes #5870 1417 1418- [Dan Kenigsberg brought this change] 1419 1420 docs: SSLCERTS: fix English syntax 1421 1422 Signed-off-by: Dan Kenigsberg <danken@redhat.com> 1423 1424 Closes #5876 1425 1426- [Alessandro Ghedini brought this change] 1427 1428 docs: non-existing macros in man pages 1429 1430 As reported by man(1) when invoked as: 1431 1432 man --warnings -E UTF-8 -l -Tutf8 -Z <file> >/dev/null 1433 1434 Closes #5846 1435 1436- [Alessandro Ghedini brought this change] 1437 1438 curl.1: fix typo invokved -> invoked 1439 1440 Closes #5846 1441 1442- buildconf: invoke 'autoreconf -fi' instead 1443 1444 The custom script isn't necessary anymore - but remains for simplicity 1445 and just invokes autoreconf. 1446 1447 Closes #5853 1448 1449- [Emil Engler brought this change] 1450 1451 lib: make Curl_gethostname accept a const pointer 1452 1453 The address of that variable never gets changed, only the data in it so 1454 why not make it a "char * const"? 1455 1456 Closes #5866 1457 1458- docs/libcurl: update "Added in" version for curl_easy_option* 1459 1460 Follow-up to 6ebe63fac23f38 1461 1462- scripts: improve the "get latest curl release tag" logic 1463 1464 ... by insiting on it matching "^curl-". 1465 1466- configure: added --disable-get-easy-options 1467 1468 To allow disabling of the curl_easy_option APIs in a build. 1469 1470 Closes #5365 1471 1472- options: API for meta-data about easy options 1473 1474 const struct curl_easyoption *curl_easy_option_by_name(const char *name); 1475 1476 const struct curl_easyoption *curl_easy_option_by_id (CURLoption id); 1477 1478 const struct curl_easyoption * 1479 curl_easy_option_next(const struct curl_easyoption *prev); 1480 1481 The purpose is to provide detailed enough information to allow for 1482 example libcurl bindings to get option information at run-time about 1483 what easy options that exist and what arguments they expect. 1484 1485 Assisted-by: Jeroen Ooms 1486 Closes #5365 1487 1488- [Eric Curtin brought this change] 1489 1490 HTTP/3: update to OpenSSL_1_1_1g-quic-draft-29 1491 1492 Closes #5871 1493 1494- RELEASE-NOTES: synced 1495 1496Jay Satiro (26 Aug 2020) 1497- openssl: Fix wincrypt symbols conflict with BoringSSL 1498 1499 OpenSSL undefines the conflicting symbols but BoringSSL does not so we 1500 must do it ourselves. 1501 1502 Reported-by: Samuel Tranchet 1503 Assisted-by: Javier Blazquez 1504 1505 Ref: https://bugs.chromium.org/p/boringssl/issues/detail?id=371 1506 Ref: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1g/include/openssl/ossl_typ.h#L66-L73 1507 1508 Fixes https://github.com/curl/curl/issues/5669 1509 Closes https://github.com/curl/curl/pull/5857 1510 1511Daniel Stenberg (26 Aug 2020) 1512- socketpair: allow CURL_DISABLE_SOCKETPAIR 1513 1514 ... to completely disable the use of socketpair 1515 1516 Closes #5850 1517 1518- curl_get_line: build only if cookies or alt-svc are enabled 1519 1520 Closes #5851 1521 1522- [fullincome brought this change] 1523 1524 schannel: fix memory leak when using get_cert_location 1525 1526 The get_cert_location function allocates memory only on success. 1527 Previously get_cert_location was able to allocate memory and return 1528 error. It wasn't obvious and in this case the memory wasn't 1529 released. 1530 1531 Fixes #5855 1532 Closes #5860 1533 1534- [Emil Engler brought this change] 1535 1536 git: ignore libtests in 3XXX area 1537 1538 Currently the file tests/libtest/lib3010 is not getting 1539 ignored by git. This fixes it by adding the 3XXX area to 1540 the according .gitignore file. 1541 1542 Closes #5859 1543 1544- [Emil Engler brought this change] 1545 1546 doh: add error message for DOH_DNS_NAME_TOO_LONG 1547 1548 When this error code was introduced in b6a53fff6c1d07e8a9, it was 1549 forgotten to be added in the errors array and doh_strerror function. 1550 1551 Closes #5863 1552 1553- ngtcp2: adapt to the new pkt_info arguments 1554 1555 Guidance-by: Tatsuhiro Tsujikawa 1556 1557 Closes #5864 1558 1559- winbuild/README.md: make <options> visible 1560 1561 Follow-up to be753add31c2d8c 1562 1563- winbuild: convert the instruction text to README.md 1564 1565 Closes #5861 1566 1567- lib1560: verify "redirect" to double-slash leading URL 1568 1569 Closes #5849 1570 1571Marc Hoersken (25 Aug 2020) 1572- multi: expand pre-check for socket readiness 1573 1574 Check readiness of all sockets before waiting on them 1575 to avoid locking in case the one-time event FD_WRITE 1576 was already consumed by a previous wait operation. 1577 1578 More information about WinSock network events: 1579 https://docs.microsoft.com/en-us/windows/win32/api/ 1580 winsock2/nf-winsock2-wsaeventselect#return-value 1581 1582 Closes #5634 1583 1584- [rcombs brought this change] 1585 1586 multi: implement wait using winsock events 1587 1588 This avoids using a pair of TCP ports to provide wakeup functionality 1589 for every multi instance on Windows, where socketpair() is emulated 1590 using a TCP socket on loopback which could in turn lead to socket 1591 resource exhaustion. 1592 1593 A previous version of this patch failed to account for how in WinSock, 1594 FD_WRITE is set only once when writing becomes possible and not again 1595 until after a send has failed due to the buffer filling. This contrasts 1596 to how FD_READ and FD_OOB continue to be set until the conditions they 1597 refer to no longer apply. This meant that if a user wrote some data to 1598 a socket, but not enough data to completely fill its send buffer, then 1599 waited on that socket to become writable, we'd erroneously stall until 1600 their configured timeout rather than returning immediately. 1601 1602 This version of the patch addresses that issue by checking each socket 1603 we're waiting on to become writable with select() before the wait, and 1604 zeroing the timeout if it's already writable. 1605 1606 Assisted-by: Marc Hörsken 1607 Reviewed-by: Marcel Raad 1608 Reviewed-by: Daniel Stenberg 1609 Tested-by: Gergely Nagy 1610 Tested-by: Rasmus Melchior Jacobsen 1611 Tested-by: Tomas Berger 1612 1613 Replaces #5397 1614 Reverts #5632 1615 Closes #5634 1616 1617- select: reduce duplication of Curl_poll in Curl_socket_check 1618 1619 Change Curl_socket_check to use select-fallback in Curl_poll 1620 instead of implementing it in Curl_socket_check and Curl_poll. 1621 1622 Reviewed-by: Daniel Stenberg 1623 Reviewed-by: Jay Satiro 1624 1625 Replaces #5262 and #5492 1626 Closes #5707 1627 1628- select: fix poll-based check not detecting connect failure 1629 1630 This commit changes Curl_socket_check to use POLLPRI to 1631 check for connect failure on the write socket, because 1632 POLLPRI maps to fds_err. This is in line with select(2). 1633 1634 The select-based socket check correctly checks for connect 1635 failures by adding the write socket also to fds_err. 1636 1637 The poll-based implementation (which internally can itself 1638 fallback to select again) did not previously check for 1639 connect failure by using POLLPRI with the write socket. 1640 1641 See the follow up commit to this for more information. 1642 1643 This commit makes sure connect failures can be detected 1644 and handled if HAVE_POLL_FINE is defined, eg. on msys2-devel. 1645 1646 Reviewed-by: Daniel Stenberg 1647 Reviewed-by: Jay Satiro 1648 1649 Replaces #5509 1650 Prepares #5707 1651 1652- select.h: make socket validation macros test for INVALID_SOCKET 1653 1654 With Winsock the valid range is [0..INVALID_SOCKET-1] according to 1655 https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2 1656 1657 Reviewed-by: Jay Satiro 1658 Reviewed-by: Marcel Raad 1659 Reviewed-by: Daniel Stenberg 1660 1661 Closes #5760 1662 1663Daniel Stenberg (24 Aug 2020) 1664- docs: --output-dir is added in 7.73.0, nothing else 1665 1666 Follow-up to 5620d2cc78c0 1667 1668- curl: add --output-dir 1669 1670 Works with --create-dirs and with -J 1671 1672 Add test 3008, 3009, 3011, 3012 and 3013 to verify. 1673 1674 Closes #5637 1675 1676- configure: fix pkg-config detecting wolfssl 1677 1678 When amending the include path with "/wolfssl", this now properly strips 1679 off all whitespace from the path variable! Previously this would lead to 1680 pkg-config builds creating bad command lines. 1681 1682 Closes #5848 1683 1684- [Michael Musset brought this change] 1685 1686 sftp: add the option CURLKHSTAT_FINE_REPLACE 1687 1688 Replace the old fingerprint of the host with a new. 1689 1690 Closes #5685 1691 1692- RELEASE-NOTES: synced 1693 1694 The next release is now to become 7.73.0 1695 1696- checksrc: verify do-while and spaces between the braces 1697 1698 Updated mprintf.c to comply 1699 1700 Closes #5845 1701 1702- curl: support XDG_CONFIG_HOME to find .curlrc 1703 1704 Added test433 to verify. Updated documentation. 1705 1706 Reviewed-by: Jay Satiro 1707 Suggested-by: Eli Schwartz 1708 Fixes #5829 1709 Closes #5837 1710 1711- etag: save and use the full received contents 1712 1713 ... which makes it support weak tags and non-standard etags too! 1714 1715 Added test case 347 to verify blank incoming ETag: 1716 1717 Fixes #5610 1718 Closes #5833 1719 1720- setopt: if the buffer exists, refuse the new BUFFERSIZE 1721 1722 The buffer only exists during transfer and then we shouldn't change the 1723 size (the setopt is not documented to work then). 1724 1725 Reported-by: Harry Sintonen 1726 Closes #5842 1727 1728- [COFFEETALES brought this change] 1729 1730 sftp: add new quote commands 'atime' and 'mtime' 1731 1732 Closes #5810 1733 1734- CURLE_PROXY: new error code 1735 1736 Failures clearly returned from a (SOCKS) proxy now causes this return 1737 code. Previously the situation was not very clear as what would be 1738 returned and when. 1739 1740 In addition: when this error code is returned, an application can use 1741 CURLINFO_PROXY_ERROR to query libcurl for the detailed error, which then 1742 returns a value from the new 'CURLproxycode' enum. 1743 1744 Closes #5770 1745 1746- runtests: make cleardir() erase dot files too 1747 1748 Because test cases might use dot files. 1749 1750 Closes #5838 1751 1752- KNOWN_BUGS: 'no_proxy' string-matches IPv6 numerical addreses 1753 1754 Also: the current behavior is now documented in the curl.1 and 1755 CURLOPT_NOPROXY.3 man pages. 1756 1757 Reported-by: Andrew Barnes 1758 Closes #5745 1759 Closes #5841 1760 1761Viktor Szakats (22 Aug 2020) 1762- Makefile.m32: add ability to override zstd libs [ci skip] 1763 1764 Similarly to brotli, where this was already possible. 1765 E.g. it allows to link zstd statically to libcurl.dll. 1766 1767 Ref: https://github.com/curl/curl-for-win/issues/12 1768 Ref: https://github.com/curl/curl-for-win/commit/d9b266afd2e5d3f5604483010ef62340b5918c89 1769 1770 Closes https://github.com/curl/curl/pull/5840 1771 1772Daniel Stenberg (21 Aug 2020) 1773- runtests: avoid 'fail to start' repeated messages in attempt loops 1774 1775 Closes #5834 1776 1777- runtests: clear pid variables when failing to start a server 1778 1779 ... as otherwise the parent doesn't detect the failure and believe it 1780 actually worked to start. 1781 1782 Reported-by: Christian Weisgerber 1783 Bug: https://curl.haxx.se/mail/lib-2020-08/0018.html 1784 Closes #5834 1785 1786- TODO: Virtual external sockets 1787 1788 Closes #5835 1789 1790- [Don J Olmstead brought this change] 1791 1792 dist: add missing CMake Find modules to the distribution 1793 1794 Closes #5836 1795 1796- RELEASE-NOTES: synced 1797 1798 ... and version bumped to 7.72.1 1799 1800- tls: provide the CApath verbose log on its own line 1801 1802 ... not newline separated from the previous line. This makes it output 1803 asterisk prefixed properly like other verbose putput! 1804 1805 Reported-by: jmdavitt on github 1806 Fixes #5826 1807 Closes #5827 1808 1809Version 7.72.0 (19 Aug 2020) 1810 1811Daniel Stenberg (19 Aug 2020) 1812- RELEASE-NOTES: synced 1813 1814 The curl 7.72.0 release 1815 1816- THANKS: add names from curl 7.72.0 release 1817 1818Jay Satiro (18 Aug 2020) 1819- KNOWN_BUGS: Schannel TLS 1.2 handshake bug in old Windows versions 1820 1821 Reported-by: plujon@users.noreply.github.com 1822 1823 Closes https://github.com/curl/curl/issues/5488 1824 1825Daniel Stenberg (17 Aug 2020) 1826- Curl_easy: remember last connection by id, not by pointer 1827 1828 CVE-2020-8231 1829 1830 Bug: https://curl.haxx.se/docs/CVE-2020-8231.html 1831 1832 Reported-by: Marc Aldorasi 1833 Closes #5824 1834 1835- examples/rtsp.c: correct the copyright year 1836 1837- RELEASE-PROCEDURE.md: add more future release dates 1838 1839- [H3RSKO brought this change] 1840 1841 docs: change "web site" to "website" 1842 1843 According to wikipedia: 1844 1845 While "web site" was the original spelling, this variant has become 1846 rarely used, and "website" has become the standard spelling 1847 1848 Closes #5822 1849 1850- [Bevan Weiss brought this change] 1851 1852 CMake: don't complain about missing nroff 1853 1854 The curl_nroff_check() was always being called, and complaining if 1855 *NROFF wasn't found, even when not making the manual. 1856 1857 Only check for nroff (and complain) if actually making the manual 1858 1859 Closes #5817 1860 1861- [Brian Inglis brought this change] 1862 1863 libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin 1864 1865 copy the LDFLAGS approach for adding same option with `libhostname` in 1866 `libtest/Makefile.am`: 1867 1868 - init `libstubgss_la_LDFLAGS_EXTRA` variable, 1869 - add option to variable inside conditional, 1870 - use variable in `libstubgss_la_LDFLAGS` 1871 1872 Fixes #5819 1873 Closes #5820 1874 1875- docs: clarify MAX_SEND/RECV_SPEED functionality 1876 1877 ... in particular what happens if the maximum speed limit is set to a 1878 value that's smaller than the transfer buffer size in use. 1879 1880 Reported-by: Tomas Berger 1881 Fixes #5788 1882 Closes #5813 1883 1884- test1140: compare stdout 1885 1886 To make problems more immediately obvious when tests fail. 1887 1888 Closes #5814 1889 1890- asyn-ares: correct some bad comments 1891 1892 Closes #5812 1893 1894- [Emil Engler brought this change] 1895 1896 docs: Add video link to docs/CONTRIBUTE.md 1897 1898 Closes #5811 1899 1900- curl-config: ignore REQUIRE_LIB_DEPS in --libs output 1901 1902 Fixes a curl-config issue on cygwin by making sure REQUIRE_LIB_DEPS is 1903 not considered for the --libs output. 1904 1905 Reported-by: ramsay-jones on github 1906 Assisted-by: Brian Inglis and Ken Brown 1907 Fixes #5793 1908 Closes #5808 1909 1910- copyright: update/correct the year range on a few files 1911 1912- scripts/copyright.pl: ignore .muse files 1913 1914- [Emil Engler brought this change] 1915 1916 multi: Remove 10-year old out-commented code 1917 1918 The code hasn't been touched since 2010-08-18 1919 1920 Closes #5805 1921 1922- KNOWN_BUGS: A shared connection cache is not thread-safe 1923 1924 Closes #4915 1925 Closes #5802 1926 1927- CONTRIBUTE: extend git commit message description 1928 1929 In particular how the first line works. 1930 1931 Closes #5803 1932 1933- RELEASE-NOTES: synced 1934 1935- [Stefan Yohansson brought this change] 1936 1937 transfer: move retrycount from connect struct to easy handle 1938 1939 This flag was applied to the connection struct that is released on 1940 retry. These changes move the retry counter into Curl_easy struct that 1941 lives across retries and retains the new connection. 1942 1943 Reported-by: Cherish98 on github 1944 Fixes #5794 1945 Closes #5800 1946 1947- libssh2: s/ssherr/sftperr/ 1948 1949 The debug output used ssherr instead of sftperr which not only outputs 1950 the wrong error code but also casues a warning on Windows. 1951 1952 Follow-up to 7370b4e39f1 1953 1954 Reported-by: Gisle Vanem 1955 Bug: https://github.com/curl/curl/commit/7370b4e39f1390e701f5b68d910c619151daf72b#r41334700 1956 Closes #5799 1957 1958- ftp: don't do ssl_shutdown instead of ssl_close 1959 1960 The shutdown function is for downgrading a connection from TLS to plain, 1961 and this is not requested here. 1962 1963 Have ssl_close reset the TLS connection state. 1964 1965 This partially reverts commit f002c850d98d 1966 1967 Reported-by: Rasmus Melchior Jacobsen 1968 Reported-by: Denis Goleshchikhin 1969 Fixes #5797 1970 1971Marc Hoersken (9 Aug 2020) 1972- CI/azure: fix test outcome values and use latest API version 1973 1974 This makes sure that tests ignored or skipped are not shown 1975 just in the category "Other", but with their correct state. 1976 1977 Closes #5796 1978 1979- CI/azure: show runtime stats to investigate slowness 1980 1981 Also avoid naming conflict of TFLAGS env and tflags variables. 1982 1983 Closes #5776 1984 1985Daniel Stenberg (8 Aug 2020) 1986- TLS naming: fix more Winssl and Darwinssl leftovers 1987 1988 The CMake option is now called CMAKE_USE_SCHANNEL 1989 1990 The winbuild flag is USE_SCHANNEL 1991 1992 The CI jobs and build scripts only use the new names and the new name 1993 options 1994 1995 Tests now require 'Schannel' (when necessary) 1996 1997 Closes #5795 1998 1999- smtp_parse_address: handle blank input string properly 2000 2001 Closes #5792 2002 2003- runtests: run the DICT server on a random port number 2004 2005 Removed support for -b (base port number) 2006 2007 Closes #5783 2008 2009- RELEASE-NOTES: synced 2010 2011- runtests: move the TELNET server to a dynamic port 2012 2013 Rename the port variable to TELNETPORT to better match the existing 2014 pattern. 2015 2016 Closes #5785 2017 2018- ngtcp2: adapt to error code rename 2019 2020 Closes #5786 2021 2022- runtests: move the smbserver to use a dynamic port number 2023 2024 Closes #5782 2025 2026- runtests: run the http2 tests on a random port number 2027 2028 Closes #5779 2029 2030- gtls: survive not being able to get name/issuer 2031 2032 Closes #5778 2033 2034- runtests: move the gnutls-serv tests to a dynamic port 2035 2036 Affects test 320, 321, 322 and 324. 2037 2038 Closes #5778 2039 2040- runtests: support dynamicly base64 encoded sections in tests 2041 2042 This allows us to make test cases to use base64 at run-time and still 2043 use and verify information determined at run-time, such as the IMAP test 2044 server's port number in test 842. 2045 2046 This change makes 12 tests run again that basically never ran since we 2047 moved to dynamic port numbers. 2048 2049 ftpserver.pl is adjusted to load test instructions and test number from 2050 the preprocessed test file. 2051 2052 FILEFORMAT.md now documents the new base64 encoding syntax. 2053 2054 Reported-by: Marcel Raad 2055 Fixes #5761 2056 Closes #5775 2057 2058- curl.1: add a few missing valid exit codes 2059 2060 93 - 96 can be returned as well. 2061 2062 Closes #5777 2063 2064- TODO: Use multiple parallel transfers for a single download 2065 2066 Closes #5774 2067 2068- TODO: Set the modification date on an uploaded file 2069 2070 Closes #5768 2071 2072- [Thomas M. DuBuisson brought this change] 2073 2074 CI: Add muse CI config 2075 2076 Closes #5772 2077 2078- [Thomas M. DuBuisson brought this change] 2079 2080 travis/script.sh: fix use of `-n' with unquoted envvar 2081 2082 Shellcheck tells us "-n doesn't work with unquoted arguments. quote or 2083 use [[ ]]." 2084 2085 And testing shows: 2086 2087 ``` 2088 docker run --rm -it ubuntu bash 2089 root@fe85ce156856:/# [ -n $DOES_NOT_EXIST ] && echo "I ran" 2090 I ran 2091 root@fe85ce156856:/# [ -n "$DOES_NOT_EXIST" ] && echo "I ran" 2092 root@fe85ce156856:/# 2093 ``` 2094 2095 Closes #5773 2096 2097- h2: repair trailer handling 2098 2099 The previous h2 trailer fix in 54a2b63 was wrong and caused a 2100 regression: it cannot deal with trailers immediately when read since 2101 they may be read off the connection by the wrong 'data' owner. 2102 2103 This change reverts the logic back to gathering all trailers into a 2104 single buffer, like before 54a2b63. 2105 2106 Reported-by: Tadej Vengust 2107 Fixes #5663 2108 Closes #5769 2109 2110Viktor Szakats (3 Aug 2020) 2111- windows: disable Unix Sockets for old mingw 2112 2113 Classic mingw and 10y+ old versions of mingw-w64 don't ship with 2114 Windows headers having the typedef necessary for Unix Sockets 2115 support, so try detecting these environments to disable this 2116 feature. 2117 2118 Ref: https://sourceforge.net/p/mingw-w64/mingw-w64/ci/cf6afc57179a5910621215f8f4037d406892072c/ 2119 2120 Reviewed-by: Daniel Stenberg 2121 2122 Fixes #5674 2123 Closes #5758 2124 2125Marcel Raad (3 Aug 2020) 2126- test1908: treat file as text 2127 2128 Fixes the line endings on Windows. 2129 2130 Closes https://github.com/curl/curl/pull/5767 2131 2132- TrackMemory tests: ignore realloc and free in getenv.c 2133 2134 These are only called for WIN32. 2135 2136 Closes https://github.com/curl/curl/pull/5767 2137 2138Daniel Stenberg (3 Aug 2020) 2139- tests/FILEFORMAT.md: mention %HTTP2PORT 2140 2141- RELEASE-NOTES: synced 2142 2143- tlsv1.3.d. only for TLS-using connections 2144 2145 ... and rephrase that "not all" TLS backends support it. 2146 2147 Closes #5764 2148 2149- tls-max.d: this option is only for TLS-using connections 2150 2151 Ref: #5763 2152 Closes #5764 2153 2154Marcel Raad (2 Aug 2020) 2155- [Cameron Cawley brought this change] 2156 2157 tool_doswin: Simplify Windows version detection 2158 2159 Closes https://github.com/curl/curl/pull/5754 2160 2161- [Cameron Cawley brought this change] 2162 2163 win32: Add Curl_verify_windows_version() to curlx 2164 2165 Closes https://github.com/curl/curl/pull/5754 2166 2167- runtests.pl: treat LibreSSL and BoringSSL as OpenSSL 2168 2169 This makes the tests that require the OpenSSL feature also run for 2170 those two compatible libraries. 2171 2172 Closes https://github.com/curl/curl/pull/5762 2173 2174Daniel Stenberg (1 Aug 2020) 2175- multi: Condition 'extrawait' is always true 2176 2177 Reported by Codacy. 2178 2179 Reviewed-by: Marcel Raad 2180 Closes #5759 2181 2182Marcel Raad (1 Aug 2020) 2183- openssl: fix build with LibreSSL < 2.9.1 2184 2185 `SSL_CTX_add0_chain_cert` and `SSL_CTX_clear_chain_certs` were 2186 introduced in LibreSSL 2.9.1 [0]. 2187 2188 [0] https://github.com/libressl-portable/openbsd/commit/0db809ee178457c8170abfae3931d7bd13abf3ef 2189 2190 Closes https://github.com/curl/curl/pull/5757 2191 2192Daniel Stenberg (1 Aug 2020) 2193- [Marc Aldorasi brought this change] 2194 2195 multi_remove_handle: close unused connect-only connections 2196 2197 Previously any connect-only connections in a multi handle would be kept 2198 alive until the multi handle was closed. Since these connections cannot 2199 be re-used, they can be marked for closure when the associated easy 2200 handle is removed from the multi handle. 2201 2202 Closes #5749 2203 2204- checksrc: invoke script with -D to find .checksrc proper 2205 2206 Without the -D command line option, checksrc.pl won't know which 2207 directory to load the ".checksrc" file from when building out of the 2208 source tree. 2209 2210 Reported-by: Marcel Raad 2211 Fixes #5715 2212 Closes #5755 2213 2214- [Carlo Marcelo Arenas Belón brought this change] 2215 2216 buildconf: retire ares buildconf invocation 2217 2218 no longer needed after 4259d2df7dd95637a4b1e3fb174fe5e5aef81069 2219 2220- [Carlo Marcelo Arenas Belón brought this change] 2221 2222 buildconf: excempt defunct reference to ACLOCAL_FLAGS 2223 2224 retired with 09f278121e815028adb24d228d8092fc6cb022aa but kept around as 2225 the name is generic enough that it might be in use and relied upon from 2226 the environment. 2227 2228- [Carlo Marcelo Arenas Belón brought this change] 2229 2230 buildconf: avoid array concatenation in die() 2231 2232 reported as error SC2145[1] by shellcheck, but not expected to cause 2233 any behavioural differences otherwise. 2234 2235 [1] https://github.com/koalaman/shellcheck/wiki/SC2145 2236 2237 Closes #5701 2238 2239- travis: add ppc64le and s390x builds 2240 2241 Closes #5752 2242 2243Marc Hoersken (31 Jul 2020) 2244- connect: remove redundant message about connect failure 2245 2246 Reviewed-by: Daniel Stenberg 2247 2248 Closes #5708 2249 2250- tests/sshserver.pl: fix compatibility with OpenSSH for Windows 2251 2252 Follow up to #5721 2253 2254- CI/azure: install libssh2 for use with msys2-based builds 2255 2256 This enables building and running the SFTP tests. 2257 Unfortunately OpenSSH for Windows does not support SCP (yet). 2258 2259 Reviewed-by: Daniel Stenberg 2260 2261 Closes #5721 2262 2263- CI/azure: increase Windows job timeout once again 2264 2265 Avoid aborted jobs due to performance issues on Azure DevOps. 2266 2267 Reviewed-by: Daniel Stenberg 2268 Reviewed-by: Jay Satiro 2269 2270 Closes #5738 2271 2272Jay Satiro (30 Jul 2020) 2273- TODO: Schannel: 'Add option to allow abrupt server closure' 2274 2275 We should offer an option to allow abrupt server closures (server closes 2276 SSL transfer without sending a known termination point such as length of 2277 transfer or close_notify alert). Abrupt server closures are usually 2278 because of misconfigured or very old servers. 2279 2280 Closes https://github.com/curl/curl/issues/4427 2281 2282- url: fix CURLU and location following 2283 2284 Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was 2285 incorrectly used for the location follow, resulting in infinite requests 2286 to the original location. 2287 2288 Reported-by: sspiri@users.noreply.github.com 2289 2290 Fixes https://github.com/curl/curl/issues/5709 2291 Closes https://github.com/curl/curl/pull/5713 2292 2293Daniel Stenberg (30 Jul 2020) 2294- RELEASE-NOTES: synced 2295 2296- [divinity76 brought this change] 2297 2298 docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions 2299 2300 it helps make it obvious that most developers don't have to care about 2301 the CURLM_CALL_MULTI_PERFORM value (last release using it is nearly 11 2302 years old, November 4 2009) 2303 2304 Closes #5744 2305 2306Jay Satiro (29 Jul 2020) 2307- tool_cb_wrt: fix outfile mode flags for Windows 2308 2309 - Use S_IREAD and S_IWRITE mode permission flags to create the file 2310 on Windows instead of S_IRUSR, S_IWUSR, etc. 2311 2312 Windows only accepts a combination of S_IREAD and S_IWRITE. It does not 2313 acknowledge other combinations, for which it may generate an assertion. 2314 2315 This is a follow-up to 81b4e99 from yesterday, which improved the 2316 existing file check with -J. 2317 2318 Ref: https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/open-wopen#remarks 2319 Ref: https://github.com/curl/curl/pull/5731 2320 2321 Closes https://github.com/curl/curl/pull/5742 2322 2323Daniel Stenberg (28 Jul 2020) 2324- checksrc: ban gmtime/localtime 2325 2326 They're not thread-safe so they should not be used in libcurl code. 2327 2328 Explictly enabled when deemed necessary and in examples and tests 2329 2330 Reviewed-by: Nicolas Sterchele 2331 Closes #5732 2332 2333- transfer: fix data_pending for builds with both h2 and h3 enabled 2334 2335 Closes #5734 2336 2337- curl_multi_setopt: fix compiler warning "result is always false" 2338 2339 On systems with 32 bit long the expression is always false. Avoid 2340 the warning. 2341 2342 Reported-by: Gisle Vanem 2343 Bug: https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232 2344 Closes #5736 2345 2346- curl: improve the existing file check with -J 2347 2348 Previously a file that isn't user-readable but is user-writable would 2349 not be properly avoided and would get overwritten. 2350 2351 Reported-by: BrumBrum on hackerone 2352 Assisted-by: Jay Satiro 2353 Bug: https://hackerone.com/reports/926638 2354 Closes #5731 2355 2356- [Jonathan Nieder brought this change] 2357 2358 multi: update comment to say easyp list is linear 2359 2360 Since 09b9fc900 (multi: remove 'Curl_one_easy' struct, phase 1, 2361 2013-08-02), the easy handle list is not circular but ends with 2362 ->next pointing to NULL. 2363 2364 Reported-by: Masaya Suzuki <masayasuzuki@google.com> 2365 Closes #5737 2366 2367- CURLOPT_NOBODY.3: fix the syntax for referring to options 2368 2369 As test 1140 fails otherwise! 2370 2371 Follow-up to e1bac81cc815 2372 2373- ngtcp2: store address in sockaddr_storage 2374 2375 Reported-by: Tatsuhiro Tsujikawa 2376 Closes #5733 2377 2378- CURLOPT_NOBODY.3: clarify what setting to 0 means 2379 2380 ... and mention that HTTP with other methods than HEAD might get a body and 2381 there's no option available to stop that. 2382 2383 Closes #5729 2384 2385- setopt: unset NOBODY switches to GET if still HEAD 2386 2387 Unsetting CURLOPT_NOBODY with 0L when doing HTTP has no documented 2388 action but before 7.71.0 that used to switch back to GET and with this 2389 change (assuming the method is still set to HEAD) this behavior is 2390 brought back. 2391 2392 Reported-by: causal-agent on github 2393 Fixes #5725 2394 Closes #5728 2395 2396- [Ehren Bendler brought this change] 2397 2398 configure: cleanup wolfssl + pkg-config conflicts when cross compiling. 2399 2400 Also choose a different wolfSSL function to test for NTLM support. 2401 2402 Fixes #5605 2403 Closes #5682 2404 2405- configure: show zstd "no" in summary when built without it 2406 2407 Reported-by: Marc Hörsken 2408 Fixes #5720 2409 Closes #5730 2410 2411- quiche: handle calling disconnect twice 2412 2413 Reported-by: lilongyan-huawei on github 2414 Fixes #5726 2415 Closes #5727 2416 2417- [Nicolas Sterchele brought this change] 2418 2419 getinfo: reset retry-after value in initinfo 2420 2421 - Avoid re-using retry_after value from preceding request 2422 - Add libtest 3010 to verify 2423 2424 Reported-by: joey-l-us on github 2425 Fixes #5661 2426 Closes #5672 2427 2428Marcel Raad (27 Jul 2020) 2429- WIN32: stop forcing narrow-character API 2430 2431 Except where the results are only used for character output. 2432 getenv is not touched because it's part of the public API, and having 2433 it return UTF-8 instead of ANSI would be a breaking change. 2434 2435 Fixes https://github.com/curl/curl/issues/5658 2436 Fixes https://github.com/curl/curl/issues/5712 2437 Closes https://github.com/curl/curl/pull/5718 2438 2439Jay Satiro (27 Jul 2020) 2440- [Tobias Stoeckmann brought this change] 2441 2442 mprintf: Fix stack overflows 2443 2444 Stack overflows can occur with precisions for integers and floats. 2445 2446 Proof of concepts: 2447 - curl_mprintf("%d, %.*1$d", 500, 1); 2448 - curl_mprintf("%d, %+0500.*1$f", 500, 1); 2449 2450 Ideally, compile with -fsanitize=address which makes this undefined 2451 behavior a bit more defined for debug purposes. 2452 2453 The format strings are valid. The overflows occur due to invalid 2454 arguments. If these arguments are variables with contents controlled 2455 by an attacker, the function's stack can be corrupted. 2456 2457 Also see CVE-2016-9586 which partially fixed the float aspect. 2458 2459 Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> 2460 2461 Closes https://github.com/curl/curl/pull/5722 2462 2463- [Tobias Stoeckmann brought this change] 2464 2465 mprintf: Fix dollar string handling 2466 2467 Verify that specified parameters are in range. If parameters are too 2468 large, fail early on and avoid out of boundary accesses. 2469 2470 Also do not read behind boundaries of illegal format strings. 2471 2472 These are defensive measures since it is expected that format strings 2473 are well-formed. Format strings should not be modifiable by user 2474 input due to possible generic format string attacks. 2475 2476 Closes https://github.com/curl/curl/pull/5722 2477 2478Daniel Stenberg (26 Jul 2020) 2479- ntlm: free target_info before (re-)malloc 2480 2481 OSS-Fuzz found a way this could get called again with the pointer still 2482 pointing to a malloc'ed memory, leading to a leak. 2483 2484 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379 2485 2486 Closes #5724 2487 2488Marcel Raad (26 Jul 2020) 2489- CI/macos: set minimum macOS version 2490 2491 This enables some deprecation warnings. 2492 Previously, autotools defaulted to 10.8. 2493 2494 Closes https://github.com/curl/curl/pull/5723 2495 2496Daniel Stenberg (26 Jul 2020) 2497- RELEASE-NOTES: synced 2498 2499Marcel Raad (25 Jul 2020) 2500- CI/macos: enable warnings as errors for CMake builds 2501 2502 Closes https://github.com/curl/curl/pull/5716 2503 2504- CMake: fix test for warning suppressions 2505 2506 GCC doesn't warn for unknown `-Wno-` options, except if there are other 2507 warnings or errors [0]. This was problematic with `CURL_WERROR` as that 2508 warning-as-error cannot be suppressed. Notably, this always happened 2509 with `-Wno-pedantic-ms-format` when not targeting Windows. So test for 2510 the positive form of the warning instead, which should always result in 2511 a diagnostic if unknown. 2512 2513 [0] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html 2514 2515 Closes https://github.com/curl/curl/pull/5714 2516 2517Jay Satiro (23 Jul 2020) 2518- curl.h: update CURLINFO_LASTONE 2519 2520 CURLINFO_LASTONE should have been updated when 2521 CURLINFO_EFFECTIVE_METHOD was added. 2522 2523 Reported-by: xwxbug@users.noreply.github.com 2524 2525 Fixes https://github.com/curl/curl/issues/5711 2526 2527Marc Hoersken (22 Jul 2020) 2528- CI/azure: unconditionally enable warnings-as-errors with autotools 2529 2530 Reviewed-by: Marcel Raad 2531 2532 Follow up to #5694 2533 Closes #5706 2534 2535Marcel Raad (21 Jul 2020) 2536- doh: remove redundant cast 2537 2538 Closes https://github.com/curl/curl/pull/5704 2539 2540- CI/macos: unconditionally enable warnings-as-errors with autotools 2541 2542 Previously, warnings were only visible in the output for most jobs. 2543 2544 Closes https://github.com/curl/curl/pull/5694 2545 2546- util: silence conversion warnings 2547 2548 timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might 2549 be a 64-bit integer. This is the case when building for recent macOS 2550 versions, for example. Just treat tv_usec as an int, which should 2551 hopefully always be sufficient on systems with 2552 `HAVE_CLOCK_GETTIME_MONOTONIC`. 2553 2554 Closes https://github.com/curl/curl/pull/5695 2555 2556- md(4|5): don't use deprecated macOS functions 2557 2558 They are marked as deprecated for -mmacosx-version-min >= 10.15, 2559 which might result in warnings-as-errors. 2560 2561 Closes https://github.com/curl/curl/pull/5695 2562 2563Daniel Stenberg (18 Jul 2020) 2564- strdup: remove the odd strlen check 2565 2566 It confuses code analyzers with its use of -1 for unsigned value. Also, 2567 a check that's not normally used in strdup() code - and not necessary. 2568 2569 Closes #5697 2570 2571- [Alessandro Ghedini brought this change] 2572 2573 travis: update quiche builds for new boringssl layout 2574 2575 This is required after https://github.com/cloudflare/quiche/pull/593 2576 moved BoringSSL around slightly. 2577 2578 This also means that Go is not needed to build BoringSSL anymore (the 2579 one provided by quiche anyway). 2580 2581 Closes #5691 2582 2583Marcel Raad (17 Jul 2020) 2584- configure: allow disabling warnings 2585 2586 When using `--enable-warnings`, it was not possible to disable warnings 2587 via CFLAGS that got explicitly enabled. Now warnings are not enabled 2588 anymore if they are explicitly disabled (or enabled) in CFLAGS. This 2589 works for at least GCC, clang, and TCC as they have corresponding 2590 `-Wno-` options for every warning. 2591 2592 Closes https://github.com/curl/curl/pull/5689 2593 2594Daniel Stenberg (16 Jul 2020) 2595- ngtcp2: adjust to recent sockaddr updates 2596 2597 Closes #5690 2598 2599- page-header: provide protocol details in the curl.1 man page 2600 2601 Add protocol and version specific information about all protocols curl 2602 supports. 2603 2604 Fixes #5679 2605 Reported-by: tbugfinder on github 2606 Closes #5686 2607 2608Daniel Gustafsson (16 Jul 2020) 2609- docs: Update a few leftover mentions of DarwinSSL 2610 2611 Commit 76a9c3c4be10b3d4d379d5b23ca76806bbae536a renamed DarwinSSL to the 2612 more correct/common name Secure Transport, but a few mentions in the docs 2613 remained. 2614 2615 Closes #5688 2616 Reviewed-by: Daniel Stenberg <daniel@haxx.se> 2617 2618Daniel Stenberg (16 Jul 2020) 2619- file2memory: use a define instead of -1 unsigned value 2620 2621 ... to use the maximum value for 'size_t' when detecting integer overflow. 2622 Changed the limit to max/4 as already that seems unreasonably large. 2623 2624 Codacy didn't like the previous approach. 2625 2626 Closes #5683 2627 2628- CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream 2629 2630 ... by adding support for a new dedicated return code. 2631 2632 Suggested-by: Jonathan Cardoso 2633 Assisted-by: Erik Johansson 2634 URL: https://curl.haxx.se/mail/lib-2020-06/0099.html 2635 Closes #5636 2636 2637- [Baruch Siach brought this change] 2638 2639 nss: fix build with disabled proxy support 2640 2641 Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is 2642 defined. 2643 2644 Closes #5667 2645 2646- test1139: make it display the difference on test failures 2647 2648- test1119: verify stdout in the test 2649 2650 So that failures will be displayed in the terminal, as it makes test failures 2651 visually displayed easier and faster. 2652 2653 Closes #5644 2654 2655- curl: add %{method} to the -w variables 2656 2657 Gets the CURLINFO_EFFECTIVE_METHOD from libcurl. 2658 2659 Added test 1197 to verify. 2660 2661- CURLINFO_EFFECTIVE_METHOD: added 2662 2663 Provide the HTTP method that was used on the latest request, which might 2664 be relevant for users when there was one or more redirects involved. 2665 2666 Closes #5511 2667 2668Viktor Szakats (14 Jul 2020) 2669- windows: add unicode to feature list 2670 2671 Reviewed-by: Marcel Raad 2672 Reviewed-by: Marc Hörsken 2673 2674 Closes #5491 2675 2676Daniel Stenberg (14 Jul 2020) 2677- multi: remove two checks always true 2678 2679 Detected by Codacy 2680 Closes #5676 2681 2682Marc Hoersken (13 Jul 2020) 2683- workflows: limit what branches to run CodeQL on 2684 2685 Align CodeQL action with existing CI actions: 2686 - Update branch filter to avoid duplicate CI runs. 2687 - Shorten workflow name due to informative job name. 2688 2689 Reviewed-by: Daniel Stenberg 2690 2691 Closes #5660 2692 2693- appveyor: collect libcurl.dll variants with prefix or suffix 2694 2695 On some platforms libcurl is build with a platform-specific 2696 prefix and/or a version number suffix. 2697 2698 Assisted-by: Jay Satiro 2699 2700 Closes #5659 2701 2702Daniel Stenberg (12 Jul 2020) 2703- [ihsinme brought this change] 2704 2705 socks: use size_t for size variable 2706 2707 Use the unsigned type (size_t) in the arithmetic of pointers. In this 2708 context, the signed type (ssize_t) is used unnecessarily. 2709 2710 Authored-by: ihsinme on github 2711 Closes #5654 2712 2713- RELEASE-NOTES: synced 2714 2715 ... and bumped to 7.72.0 as the next release version number 2716 2717- [Gilles Vollant brought this change] 2718 2719 content_encoding: add zstd decoding support 2720 2721 include zstd curl patch for Makefile.m32 from vszakats 2722 and include Add CMake support for zstd from Peter Wu 2723 2724 Helped-by: Viktor Szakats 2725 Helped-by: Peter Wu 2726 Closes #5453 2727 2728- asyn.h: remove the Curl_resolver_getsock define 2729 2730 - not used 2731 - used the wrong number of arguments 2732 - confused the Codeacy code analyzer 2733 2734 Closes #5647 2735 2736- [Nicolas Sterchele brought this change] 2737 2738 configure.ac: Sort features name in summary 2739 2740 - Same as protocols 2741 2742 Closes #5656 2743 2744- [Matthias Naegler brought this change] 2745 2746 cmake: fix windows xp build 2747 2748 Reviewed-by: Marcel Raad 2749 Closes #5662 2750 2751- ngtcp2: update to modified qlog callback prototype 2752 2753 Closes #5675 2754 2755- transfer: fix memory-leak with CURLOPT_CURLU in a duped handle 2756 2757 Added test case 674 to reproduce and verify the bug report. 2758 2759 Fixes #5665 2760 Reported-by: NobodyXu on github 2761 Closes #5673 2762 2763- [Baruch Siach brought this change] 2764 2765 bearssl: fix build with disabled proxy support 2766 2767 Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is 2768 defined. 2769 2770 Reviewed-by: Nicolas Sterchele 2771 Closes #5666 2772 2773- RELEASE-NOTES: synced 2774 2775Jay Satiro (11 Jul 2020) 2776- [Carlo Marcelo Arenas Belón brought this change] 2777 2778 cirrus-ci: upgrade 11-STABLE to 11.4 2779 2780 Meant to be the last of the 11 series and so make sure that all 2781 other references reflect all 11 versions so they can be retired 2782 together later. 2783 2784 Closes https://github.com/curl/curl/pull/5668 2785 2786- [Filip Salomonsson brought this change] 2787 2788 CURLINFO_CERTINFO.3: fix typo 2789 2790 Closes https://github.com/curl/curl/pull/5655 2791 2792Daniel Stenberg (4 Jul 2020) 2793- http2: only do the *done() cleanups for HTTP 2794 2795 Follow-up to ef86daf4d3 2796 2797 Closes #5650 2798 Fixes #5646 2799 2800- [Alex Kiernan brought this change] 2801 2802 gnutls: repair the build with `CURL_DISABLE_PROXY` 2803 2804 `http_proxy`/`proxy_ssl`/`tunnel_proxy` will not be available in `conn` 2805 if `CURL_DISABLE_PROXY` is enabled. Repair the build with that 2806 configuration. 2807 2808 Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> 2809 Closes #5645 2810 2811Alex Kiernan (3 Jul 2020) 2812- gnutls: Fetch backend when using proxy 2813 2814 Fixes: 89865c149 ("gnutls: remove the BACKEND define kludge") 2815 Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> 2816 2817Daniel Stenberg (3 Jul 2020) 2818- [Laramie Leavitt brought this change] 2819 2820 http2: close the http2 connection when no more requests may be sent 2821 2822 Well-behaving HTTP2 servers send two GOAWAY messages. The first 2823 message is a warning that indicates that the server is going to 2824 stop accepting streams. The second one actually closes the stream. 2825 2826 nghttp2 reports this state (and the other state of no more stream 2827 identifiers) via the call nghttp2_session_check_request_allowed(). 2828 In this state the client should not create more streams on the 2829 session (tcp connection), and in curl this means that the server 2830 has requested that the connection is closed. 2831 2832 It would be also be possible to put the connclose() call into the 2833 on_http2_frame_recv() function that triggers on the GOAWAY message. 2834 2835 This fixes a bug seen when the client sees the following sequence of 2836 frames: 2837 2838 // advisory GOAWAY 2839 HTTP2 GOAWAY [stream-id = 0, promised-stream-id = -1] 2840 ... some additional frames 2841 2842 // final GOAWAY 2843 HTTP2 GOAWAY [stream-id = 0, promised-stream-id = N ] 2844 2845 Before this change, curl will attempt to reuse the connection even 2846 after the last stream, will encounter this error: 2847 2848 * Found bundle for host localhost: 0x5595f0a694e0 [can multiplex] 2849 * Re-using existing connection! (#0) with host localhost 2850 * Connected to localhost (::1) port 10443 (#0) 2851 * Using Stream ID: 9 (easy handle 0x5595f0a72e30) 2852 > GET /index.html?5 HTTP/2 2853 > Host: localhost:10443 2854 > user-agent: curl/7.68.0 2855 > accept: */* 2856 > 2857 * stopped the pause stream! 2858 * Connection #0 to host localhost left intact 2859 curl: (16) Error in the HTTP2 framing layer 2860 2861 This error may posion the connection cache, causing future requests 2862 which resolve to the same curl connection to go through the same error 2863 path. 2864 2865 Closes #5643 2866 2867- ftpserver: don't verify SMTP MAIL FROM names 2868 2869 Rely on tests asking the names to get refused instead - test servers 2870 should be as dumb as possible. Edited test 914, 955 and 959 accordingly. 2871 2872 Closes #5639 2873 2874- curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated 2875 2876 This came up in #5640. It make sense to clarify this in the docs! 2877 2878 Reminded-by: Kamil Dudka 2879 Closes #5642 2880 2881Kamil Dudka (3 Jul 2020) 2882- tool_getparam: make --krb option work again 2883 2884 It was disabled by mistake in commit curl-7_37_1-23-ge38ba4301. 2885 2886 Bug: https://bugzilla.redhat.com/1833193 2887 Closes #5640 2888 2889Daniel Stenberg (2 Jul 2020) 2890- [Jeremy Maitin-Shepard brought this change] 2891 2892 http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages 2893 2894 Confusingly, nghttp2 has two different error code enums: 2895 2896 - nghttp2_error, to be used with nghttp2_strerror 2897 - nghttp2_error_code, to be used with nghttp2_http2_strerror 2898 2899 Closes #5641 2900 2901Marcel Raad (2 Jul 2020) 2902- url: silence MSVC warning 2903 2904 Since commit f3d501dc678, if proxy support is disabled, MSVC warns: 2905 url.c : warning C4701: potentially uninitialized local variable 2906 'hostaddr' used 2907 url.c : error C4703: potentially uninitialized local pointer variable 2908 'hostaddr' used 2909 2910 That could actually only happen if both `conn->bits.proxy` and 2911 `CURL_DISABLE_PROXY` were enabled. 2912 Initialize it to NULL to silence the warning. 2913 2914 Closes https://github.com/curl/curl/pull/5638 2915 2916Daniel Stenberg (1 Jul 2020) 2917- RELEASE-NOTES: synced 2918 2919Version 7.71.1 (30 Jun 2020) 2920 2921Daniel Stenberg (30 Jun 2020) 2922- RELEASE-NOTES: curl 7.71.1 2923 2924- THANKS: add contributors to 7.71.1 2925 2926- scripts/copyright.pl: skip .dcignore 2927 2928- Revert "multi: implement wait using winsock events" 2929 2930 This reverts commit 8bc25c590e530de87595d1bb3577f699eb1309b9. 2931 2932 That commit (from #5397) introduced a regression in 7.71.0. 2933 2934 Reported-by: tmkk on github 2935 Fixes #5631 2936 Closes #5632 2937 2938- TODO: Add flag to specify download directory 2939 2940- TODO: return code to CURLMOPT_PUSHFUNCTION to fail connection 2941 2942- cirrus-ci: disable FreeBSD 13 (again) 2943 2944 It has been failing for a good while again. This time we better leave it 2945 disabled until we have more reason to believe it behaves. 2946 2947 Closes #5628 2948 2949- ngtcp2: sync with current master 2950 2951 ngtcp2 added two new callbacks 2952 2953 Reported-by: Lucien Zürcher 2954 Fixes #5624 2955 Closes #5627 2956 2957- examples/multithread.c: call curl_global_cleanup() 2958 2959 Reported-by: qiandu2006 on github 2960 Fixes #5622 2961 Closes #5623 2962 2963- vtls: compare cert blob when finding a connection to reuse 2964 2965 Reported-by: Gergely Nagy 2966 Fixes #5617 2967 Closes #5619 2968 2969- RELEASE-NOTES: synced 2970 2971- terminology: call them null-terminated strings 2972 2973 Updated terminology in docs, comments and phrases to refer to C strings 2974 as "null-terminated". Done to unify with how most other C oriented docs 2975 refer of them and what users in general seem to prefer (based on a 2976 single highly unscientific poll on twitter). 2977 2978 Reported-by: coinhubs on github 2979 Fixes #5598 2980 Closes #5608 2981 2982- http: fix proxy auth with blank password 2983 2984 Regression in 7.71.0 2985 2986 Added test case 346 to verify. 2987 2988 Reported-by: Kristoffer Gleditsch 2989 Fixes #5613 2990 Closes #5616 2991 2992- .dcignore: ignore tests and docs directories 2993 2994 This is a config file for deepcode.ai, a static code analyzer. 2995 2996Jay Satiro (26 Jun 2020) 2997- tool_cb_hdr: Fix etag warning output and return code 2998 2999 - Return 'failure' on failure, to follow the existing style. 3000 3001 - Put Warning: and the warning message on the same line. 3002 3003 Ref: https://github.com/curl/curl/issues/5610 3004 3005 Closes https://github.com/curl/curl/pull/5612 3006 3007Daniel Stenberg (26 Jun 2020) 3008- CURLOPT_READFUNCTION.3: provide the upload data size up front 3009 3010 Assisted-by: Jay Satiro 3011 Closes #5607 3012 3013- test1539: do a HTTP 1.0 POST without a set size (fails) 3014 3015 Attempt to reproduce #5593. Test case 1514 is very similar but uses 3016 HTTP/1.1 and thus switches to chunked. 3017 3018 Closes #5595 3019 3020- [Baruch Siach brought this change] 3021 3022 mbedtls: fix build with disabled proxy support 3023 3024 Don't reference fields that do not exist. Fixes build failure: 3025 3026 vtls/mbedtls.c: In function 'mbed_connect_step1': 3027 vtls/mbedtls.c:249:54: error: 'struct connectdata' has no member named 'http_proxy' 3028 3029 Closes #5615 3030 3031- codeql-analysis.yml: fix the 'languages' setting 3032 3033 It needs a 'with:' in front of it. 3034 3035GitHub (26 Jun 2020) 3036- [Daniel Stenberg brought this change] 3037 3038 gtihub: codeql-analysis.yml 3039 3040 enables code security scanning with github actions 3041 3042Daniel Stenberg (25 Jun 2020) 3043- tests: verify newline in username and password for HTTP 3044 3045 test 1296 is a simply command line test 3046 3047 test 1910 is a libcurl test including a redirect 3048 3049- url: allow user + password to contain "control codes" for HTTP(S) 3050 3051 Reported-by: Jon Johnson Jr 3052 Fixes #5582 3053 Closes #5592 3054 3055- escape: make the URL decode able to reject only %00 bytes 3056 3057 ... or all "control codes" or nothing. 3058 3059 Assisted-by: Nicolas Sterchele 3060 3061- http2: set the correct URL in pushed transfers 3062 3063 ...previously CURLINFO_EFFECTIVE_URL would report the URL of the 3064 original "mother transfer", not the actually pushed resource. 3065 3066 Reported-by: Jonathan Cardoso Machado 3067 Fixes #5589 3068 Closes #5591 3069 3070Jay Satiro (25 Jun 2020) 3071- [Javier Blazquez brought this change] 3072 3073 openssl: Fix compilation on Windows when ngtcp2 is enabled 3074 3075 - Include wincrypt before OpenSSL includes so that the latter can 3076 properly handle any conflicts between the two. 3077 3078 Closes https://github.com/curl/curl/pull/5606 3079 3080Daniel Stenberg (25 Jun 2020) 3081- test543: extended to verify zero length input 3082 3083 As was reported in #5601 3084 3085- escape: zero length input should return a zero length output 3086 3087 Regression added in 7.71.0. 3088 3089 Fixes #5601 3090 Reported-by: Kristoffer Gleditsch 3091 Closes #5602 3092 3093- Curl_inet_ntop: always check the return code 3094 3095 Reported-by: Siva Sivaraman 3096 Fixes #5412 3097 Closes #5597 3098 3099- sendf: improve the message on client write errors 3100 3101 Replace "Failed writing body (X != Y)" with 3102 "Failure writing output to destination". Possibly slightly less cryptic. 3103 3104 Reported-by: coinhubs on github 3105 Fixes #5594 3106 Closes #5596 3107 3108- RELEASE-NOTES: synced 3109 3110- curlver: start working on 7.71.1 3111 3112- [Denis Baručić brought this change] 3113 3114 DYNBUF.md: fix a typo: trail => tail 3115 3116 Closes #5599 3117 3118Version 7.71.0 (23 Jun 2020) 3119 3120Daniel Stenberg (23 Jun 2020) 3121- RELEASE-NOTES: curl 7.71.0 release 3122 3123- THANKS: curl 7.71.0 additions 3124 3125- url: make sure pushed streams get an allocated download buffer 3126 3127 Follow-up to c4e6968127e876b0 3128 3129 When a new transfer is created, as a resuly of an acknowledged push, 3130 that transfer needs a download buffer allocated. 3131 3132 Closes #5590 3133 3134Jay Satiro (22 Jun 2020) 3135- openssl: Don't ignore CA paths when using Windows CA store 3136 3137 This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does 3138 not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default 3139 locations. Instead the CA store can now be used at the same time. 3140 3141 The change is due to the impending release. The issue is still being 3142 discussed. The behavior of CURLSSLOPT_NATIVE_CA is subject to change and 3143 is now documented as experimental. 3144 3145 Ref: bc052cc (parent commit) 3146 Ref: https://github.com/curl/curl/issues/5585 3147 3148- tool_operate: Don't use Windows CA store as a fallback 3149 3150 Background: 3151 3152 148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate 3153 store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides 3154 CURLOPT_CAINFO if both are set. The curl tool will fall back to 3155 CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set 3156 via CURLOPT_CAINFO. 3157 3158 Problem: 3159 3160 libcurl may be built with hardcoded paths to a certificate bundle or 3161 directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are 3162 ignored. 3163 3164 Solution: 3165 3166 A solution is still being discussed but since there's an impending 3167 release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool. 3168 3169 Ref: https://github.com/curl/curl/issues/5585 3170 3171- openssl: Fix CA fallback logic for OpenSSL 3.0 build 3172 3173 Prior to this change I assume a build error would occur when 3174 CURL_CA_FALLBACK was used. 3175 3176 Closes https://github.com/curl/curl/pull/5587 3177 3178Daniel Stenberg (22 Jun 2020) 3179- copyright: update mismatched copyright years 3180 3181- test1460: verify that -Ji is not ok 3182 3183- tool_getparam: -i is not OK if -J is used 3184 3185 Reported-by: sn on hackerone 3186 Bug: https://curl.haxx.se/docs/CVE-2020-8177.html 3187 3188- [Peter Wu brought this change] 3189 3190 CMake: ignore INTERFACE_LIBRARY targets for pkg-config file 3191 3192 Reviewed-by: Marcel Raad 3193 Fixes #5512 3194 Closes #5517 3195 3196- [Valentyn Korniienko brought this change] 3197 3198 multibyte: Fixed access-> waccess to file for Windows Plarform 3199 3200 Reviewed-by: Marcel Raad 3201 Closes #5580 3202 3203- altsvc: bump to h3-29 3204 3205 Closes #5584 3206 3207- urlglob: treat literal IPv6 addresses with zone IDs as a host name 3208 3209 ... and not as a "glob". Now done by passing the supposed host to the 3210 URL parser which supposedly will do a better job at identifying "real" 3211 numerical IPv6 addresses. 3212 3213 Reported-by: puckipedia on github 3214 Fixes #5576 3215 Closes #5579 3216 3217- test1179: verify error message for non-existing cmdline option 3218 3219- tool_getparam: repair the error message for unknown flag 3220 3221 Follow-up to 9e5669f3880674 3222 Detected by Coverity CID 1464582 ("Logically dead code") 3223 3224 Closes #5577 3225 3226- FILEFORMAT: describe verify/stderr 3227 3228- connect: improve happy eyeballs handling 3229 3230 For QUIC but also for regular TCP when the second family runs out of IPs 3231 with a failure while the first family is still trying to connect. 3232 3233 Separated the timeout handling for IPv4 and IPv6 connections when they 3234 both have a number of addresses to iterate over. 3235 3236- ngtcp2: never call fprintf() in lib code in release version 3237 3238- ngtcp2: fix happy eyeballs quic connect crash 3239 3240 Reported-by: Peter Wu 3241 Fixes #5565 3242 Closes #5568 3243 3244- select: remove the unused ELAPSED_MS() macro 3245 3246 Closes #5573 3247 3248Marc Hoersken (17 Jun 2020) 3249- [rcombs brought this change] 3250 3251 multi: implement wait using winsock events 3252 3253 This avoids using a pair of TCP ports to provide wakeup functionality 3254 for every multi instance on Windows, where socketpair() is emulated 3255 using a TCP socket on loopback which could in turn lead to socket 3256 resource exhaustion. 3257 3258 Reviewed-by: Gergely Nagy 3259 Reviewed-by: Marc Hörsken 3260 3261 Closes #5397 3262 3263Daniel Stenberg (17 Jun 2020) 3264- manpage: add three missing environment variables 3265 3266 CURL_SSL_BACKEND, QLOGDIR and SSLKEYLOGFILE 3267 3268 Closes #5571 3269 3270- RELEASE-NOTES: synced 3271 3272- configure: for wolfSSL, check for the DES func needed for NTLM 3273 3274 Also adds pkg-config support for the wolfSSL detection. 3275 3276- [Ruurd Beerstra brought this change] 3277 3278 ntlm: enable NTLM support with wolfSSL 3279 3280 When wolfSSL is built with its OpenSSL API layer, it fetures the same DES* 3281 functions that OpenSSL has. This change take advantage of that. 3282 3283 Co-authored-by: Daniel Stenberg 3284 Closes #5556 3285 Fixes #5548 3286 3287- http: move header storage to Curl_easy from connectdata 3288 3289 Since the connection can be used by many independent requests (using 3290 HTTP/2 or HTTP/3), things like user-agent and other transfer-specific 3291 data MUST NOT be kept connection oriented as it could lead to requests 3292 getting the wrong string for their requests. This struct data was 3293 lingering like this due to old HTTP1 legacy thinking where it didn't 3294 mattered.. 3295 3296 Fixes #5566 3297 Closes #5567 3298 3299- CODE_REVIEW.md: how to do code reviews in curl 3300 3301 Assisted-by: Daniel Gustafsson 3302 Assisted-by: Rich Salz 3303 Assisted-by: Hugo van Kemenade 3304 Assisted-by: James Fuller 3305 Assisted-by: Marc Hörsken 3306 Assisted-by: Jay Satiro 3307 3308 Closes #5555 3309 3310- altsvc: remove the num field from the altsvc struct 3311 3312 It was superfluous since we have the list.size alredy 3313 3314 Reported-by: Jay Satiro 3315 Fixes #5553 3316 Closes #5563 3317 3318- version.d: expanded and alpha-sorted 3319 3320 Added a few missing features not previously mentioned. Ordered them 3321 alphabetically. 3322 3323 Closes #5558 3324 3325- ABI.md: rename to .md and polish the markdown 3326 3327 Closes #5562 3328 3329- HELP-US: add a section for "smaller tasks" 3330 3331 The point of this section is to meet the CII Best Practices gold level 3332 critera: 3333 3334 "The project MUST clearly identify small tasks that can be performed by 3335 new or casual contributors" 3336 3337 Closes #5560 3338 3339- TODO: retry on the redirected-to URL 3340 3341 Closes #5462 3342 3343- mailmap: Nicolas Sterchele 3344 3345- [Nicolas Sterchele brought this change] 3346 3347 TODO: remove 19.3 section title 3348 3349 Follow-up to ad6416986755e417c66e2c6, which caused wrong formatting on 3350 curl documentation website 3351 3352 Closes #5561 3353 3354- [Martin V brought this change] 3355 3356 test1560: avoid possibly negative association in wording 3357 3358 Closes #5549 3359 3360- share: don't set the share flag it something fails 3361 3362 When asking for a specific feature to be shared in the share object, 3363 that bit was previously set unconditionally even if the shared feature 3364 failed or otherwise wouldn't work. 3365 3366 Closes #5554 3367 3368- buildconf: remove -print from the find command that removes files 3369 3370 It's just too annoying and unnecessary to get a long list of files shown 3371 3372- RELEASE-NOTES: synced 3373 3374- wording: avoid blacklist/whitelist stereotypes 3375 3376 Instead of discussing if there's value or meaning (implied or not) in 3377 the colors, let's use words without the same possibly negative 3378 associations. 3379 3380 Closes #5546 3381 3382Jay Satiro (9 Jun 2020) 3383- tool_getparam: fix memory leak in parse_args 3384 3385 Prior to this change in Windows Unicode builds most parsed options would 3386 not be freed. 3387 3388 Found using _CrtDumpMemoryLeaks(). 3389 3390 Ref: https://github.com/curl/curl/issues/5545 3391 3392Daniel Stenberg (8 Jun 2020) 3393- socks: detect connection close during handshake 3394 3395 The SOCKS4/5 state machines weren't properly terminated when the proxy 3396 connection got closed, leading to a busy-loop. 3397 3398 Reported-By: zloi-user on github 3399 Fixes #5532 3400 Closes #5542 3401 3402- [James Fuller brought this change] 3403 3404 multi: add defensive check on data->multi->num_alive 3405 3406 Closes #5540 3407 3408- Curl_addrinfo: use one malloc instead of three 3409 3410 To reduce the amount of allocations needed for creating a Curl_addrinfo 3411 struct, make a single larger malloc instead of three separate smaller 3412 ones. 3413 3414 Closes #5533 3415 3416- [Alessandro Ghedini brought this change] 3417 3418 quiche: update SSLKEYLOGFILE support 3419 3420 quiche now requires the application to explicitly set the keylog path 3421 for each connection, rather than reading the environment variable 3422 itself. 3423 3424 Closes #5541 3425 3426- tests: add two simple tests for --login-options 3427 3428 Test 895 and 896 - as a follow-up to a3e972313b 3429 3430 Closes #5539 3431 3432- ngtcp2: update with recent API changes 3433 3434 Syncs with ngtcp2 commit 7e9a917d386d98 merged June 7 2020. 3435 3436 Assisted-by: Tatsuhiro Tsujikawa 3437 Closes #5538 3438 3439- [James Fuller brought this change] 3440 3441 socks: remove unreachable breaks in socks.c and mime.c 3442 3443 Closes #5537 3444 3445- tool_cfgable: free login_options at exit 3446 3447 Memory leak 3448 Reported-by: Geeknik Labs 3449 Fixes #5535 3450 Closes #5536 3451 3452- libssh2: keep sftp errors as 'unsigned long' 3453 3454 Remove weird work-around for storing the SFTP errors as int instead of 3455 the "unsigned long" that libssh2 actually returns for SFTP errors. 3456 3457 Closes #5534 3458 3459Marc Hoersken (6 Jun 2020) 3460- timeouts: move ms timeouts to timediff_t from int and long 3461 3462 Now that all functions in select.[ch] take timediff_t instead 3463 of the limited int or long, we can remove type conversions 3464 and related preprocessor checks to silence compiler warnings. 3465 3466 Avoiding conversions from time_t was already done in 842f73de. 3467 3468 Based upon #5262 3469 Supersedes #5214, #5220 and #5221 3470 Follow up to #5343 and #5479 3471 Closes #5490 3472 3473Daniel Stenberg (6 Jun 2020) 3474- [François Rigault brought this change] 3475 3476 openssl: set FLAG_TRUSTED_FIRST unconditionally 3477 3478 On some systems, openssl 1.0.x is still the default, but it has been 3479 patched to contain all the recent security fixes. As a result of this 3480 patching, it is possible for macro X509_V_FLAG_NO_ALT_CHAINS to be 3481 defined, while the previous behavior of openssl to not look at trusted 3482 chains first, remains. 3483 3484 Fix it: ensure X509_V_FLAG_TRUSTED_FIRST is always set, do not try to 3485 probe for the behavior of openssl based on the existence ofmacros. 3486 3487 Closes #5530 3488 3489- server/util: fix logmsg format using curl_off_t argument 3490 3491 ... this caused segfaults on armv7. 3492 3493 Regression added in dd0365d560aea5a (7.70.0) 3494 3495 Reviewed-by: Jay Satiro 3496 Closes #5529 3497 3498- RELEASE-NOTES: synced 3499 3500- [Cherish98 brought this change] 3501 3502 socks: fix expected length of SOCKS5 reply 3503 3504 Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the 3505 reply ATYP is X'01'. This resulted in erroneously expecting more bytes 3506 when the request length is greater than the reply length (e.g., when 3507 remotely resolving the hostname). 3508 3509 Closes #5527 3510 3511Marc Hoersken (5 Jun 2020) 3512- .gitignore: add directory containing the stats repo 3513 3514 Since the new curl/stats repository is designed to be 3515 checked out into the curl repository working tree as stats/ 3516 it should be on the ignore list to aid in commit staging. 3517 3518Daniel Stenberg (5 Jun 2020) 3519- [Adnan Khan brought this change] 3520 3521 HTTP3.md: clarify cargo build directory 3522 3523 Cargo needs to be called from within the 'quiche' directory. 3524 3525 Closes #5522 3526 3527- user-agent.d: spell out what happens given a blank argument 3528 3529 Closes #5525 3530 3531- trailers: switch h1-trailer logic to use dynbuf 3532 3533 In the continued effort to remove "manual" realloc schemes. 3534 3535 Closes #5524 3536 3537- CURLINFO_ACTIVESOCKET.3: clarify the description 3538 3539 Reported-by: Jay Satiro 3540 Fixes #5299 3541 Closes #5520 3542 3543- mailmap: Don J Olmstead 3544 3545- configure: only strip first -L from LDFLAGS 3546 3547 In the logic that works out if a given OpenSSL path works, it stripped 3548 off a possibly leading -L flag using an incorrect sed pattern which 3549 would remove all instances of -L in the string, including if the path 3550 itself contained that two-letter sequence! 3551 3552 The same pattern was used and is now updated in multiple places. Now it 3553 only removes -L if it starts the strings. 3554 3555 Reported-by: Mohamed Osama 3556 Fixes #5519 3557 Closes #5521 3558 3559Peter Wu (4 Jun 2020) 3560- quiche: advertise draft 28 support 3561 3562 Fix the verbose message while at it, quiche currently supports draft 3563 27 and draft 28 simultaneously. 3564 3565 Closes #5518 3566 3567Daniel Stenberg (4 Jun 2020) 3568- KNOWN_BUGS: RTSP authentication breaks without redirect support 3569 3570 Closes #4750 3571 3572Jay Satiro (4 Jun 2020) 3573- projects: Add crypt32.lib to dependencies for all OpenSSL configs 3574 3575 Windows project configurations that use OpenSSL with USE_WIN32_CRYPTO 3576 need crypt32. 3577 3578 Follow-up to 148534d which added CURLSSLOPT_NATIVE_CA for 7.71.0. 3579 3580 The changes that are in this commit were made by script. 3581 3582 Ref: https://gist.github.com/jay/a1861b50ecce2b32931237180f856e28 3583 3584 Closes https://github.com/curl/curl/pull/5516 3585 3586Marc Hoersken (3 Jun 2020) 3587- CI/macos: fix 'is already installed' errors by using bundle 3588 3589 Avoid failing CI builds due to nghttp2 being already installed. 3590 3591 Closes #5513 3592 3593Daniel Stenberg (3 Jun 2020) 3594- altsvc: fix 'dsthost' may be used uninitialized in this function 3595 3596- RELEASE-NOTES: synced 3597 3598- urldata: let the HTTP method be in the set.* struct 3599 3600 When the method is updated inside libcurl we must still not change the 3601 method as set by the user as then repeated transfers with that same 3602 handle might not execute the same operation anymore! 3603 3604 This fixes the libcurl part of #5462 3605 3606 Test 1633 added to verify. 3607 3608 Closes #5499 3609 3610- hostip: fix the memory-leak introduced in 67d2802 3611 3612 Fixes #5503 3613 Closes #5504 3614 3615- test970: make it require proxy support 3616 3617 This test verifies the -w %json output and the test case includes a full 3618 generated "blob". If there's no proxy support built into libcurl, it 3619 will return an error for proxy related info variables and they will not 3620 be included in the json, thus causing a mismatch and this test fails. 3621 3622 Reported-by: Marc Hörsken 3623 Fixes #5501 3624 Closes #5502 3625 3626- [Radoslav Georgiev brought this change] 3627 3628 examples/http2-down/upload: add error checks 3629 3630 If `index.html` does not exist in the directory from which the example 3631 is invoked, the fopen(upload, "rb") invocation in `setup` would fail, 3632 returning NULL. This value is subsequently passed as the FILE* argument 3633 of the `fread` invocation in the `read_callback` function, which is the 3634 actual cause of the crash (apparently `fread` assumes that argument to 3635 be non-null). 3636 3637 In addition, mitigate some possible crashes of similar origin. 3638 3639 Closes #5463 3640 3641- [kotoriのねこ brought this change] 3642 3643 examples/ephiperfifo: turn off interval when setting timerfd 3644 3645 Reported-by: therealhirudo on github 3646 Fixes #5485 3647 Closes #5497 3648 3649- [Saleem Abdulrasool brought this change] 3650 3651 vtls: repair the build with `CURL_DISABLE_PROXY` 3652 3653 `http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY` 3654 is enabled. Repair the build with that configuration. 3655 3656 Follow-up to f3d501dc67 3657 3658 Closes #5498 3659 3660- transfer: remove k->str NULL check 3661 3662 "Null-checking k->str suggests that it may be null, but it has already 3663 been dereferenced on all paths leading to the check" - and it can't 3664 legally be NULL at this point. Remove check. 3665 3666 Detected by Coverity CID 1463884 3667 3668 Closes #5495 3669 3670Marc Hoersken (1 Jun 2020) 3671- select: always use Sleep in Curl_wait_ms on Win32 3672 3673 Since Win32 almost always will also have USE_WINSOCK, 3674 we can reduce complexity and always use Sleep there. 3675 3676 Assisted-by: Jay Satiro 3677 Reviewed-by: Daniel Stenberg 3678 3679 Follow up to #5343 3680 Closes #5489 3681 3682Daniel Stenberg (31 May 2020) 3683- conncache: download buffer needs +1 size for trailing zero 3684 3685 Follow-up to c4e6968127e 3686 Detected by OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5727799779524608 3687 3688Marc Hoersken (31 May 2020) 3689- azure: use matrix strategy to avoid configuration redundancy 3690 3691 This also includes the following changes: 3692 3693 - Use the same timeout for all jobs on Linux (60 minutes) 3694 and Windows (90 minutes) 3695 - Use CLI stable apt-get install -y instead of apt install 3696 which warns about that and run apt-get update first 3697 - Enable MQTT for Windows msys2 builds instead of 3698 legacy msys1 builds 3699 - Add ./configure --prefix parameter to the msys2 builds 3700 - The MSYSTEM environment variable is now preset inside 3701 the container images for the msys2 builds 3702 3703 Note: on Azure Pipelines the matrix strategy is basically 3704 just a simple list of job copies and not really a matrix. 3705 3706 Closes #5468 3707 3708Daniel Stenberg (30 May 2020) 3709- build: disable more code/data when built without proxy support 3710 3711 Added build to travis to verify 3712 3713 Closes #5466 3714 3715- url: alloc the download buffer at transfer start 3716 3717 ... and free it as soon as the transfer is done. It removes the extra 3718 alloc when a new size is set with setopt() and reduces memory for unused 3719 easy handles. 3720 3721 In addition: the closure_handle now doesn't use an allocated buffer at 3722 all but the smallest supported size as a stack based one. 3723 3724 Closes #5472 3725 3726- timeouts: change millisecond timeouts to timediff_t from time_t 3727 3728 For millisecond timers we like timediff_t better. Also, time_t can be 3729 unsigned so returning a negative value doesn't work then. 3730 3731 Closes #5479 3732 3733Marc Hoersken (30 May 2020) 3734- select: add overflow checks for timeval conversions 3735 3736 Using time_t and suseconds_t if suseconds_t is available, 3737 long on Windows (maybe others in the future) and int elsewhere. 3738 3739 Also handle case of ULONG_MAX being greater or equal to INFINITE. 3740 3741 Assisted-by: Jay Satiro 3742 Reviewed-by: Daniel Stenberg 3743 3744 Part of #5343 3745 3746- select: use timediff_t instead of time_t and int for timeout_ms 3747 3748 Make all functions in select.[ch] take timeout_ms as timediff_t 3749 which should always be large enough and signed on all platforms 3750 to take all possible timeout values and avoid type conversions. 3751 3752 Reviewed-by: Jay Satiro 3753 Reviewed-by: Daniel Stenberg 3754 3755 Replaces #5107 and partially #5262 3756 Related to #5240 and #5286 3757 Closes #5343 3758 3759- unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode' 3760 3761 GCC 10 warns about this with warning: implicit conversion 3762 from 'SANITIZEcode' to 'CURLcode' [-Wenum-conversion] 3763 3764 Since 'expected_result' is not really of type 'CURLcode' and 3765 it is not exposed in any way, we can just use 'SANITIZEcode'. 3766 3767 Reviewed-by: Daniel Stenberg 3768 Reviewed-by: Marcel Raad 3769 3770 Closes #5476 3771 3772- tests/libtest: fix undefined reference to 'curlx_win32_fopen' 3773 3774 Since curl_setup.h now makes use of curlx_win32_fopen for Win32 3775 builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined, 3776 we need to include the relevant files for tests using fopen, 3777 because the libtest sources are also including curl_setup.h 3778 3779 Reviewed-by: Marcel Raad 3780 Reviewed-by: Daniel Stenberg 3781 3782 Follow up to #3784 (ffdddb45d9) 3783 Closes #5475 3784 3785- appveyor: add non-debug plain autotools-based build 3786 3787 This should enable us to catch linking issues with the 3788 testsuite early, like the one described/fixed in #5475. 3789 3790 Reviewed-by: Daniel Stenberg 3791 Reviewed-by: Marcel Raad 3792 3793 Closes #5477 3794 3795Daniel Stenberg (29 May 2020) 3796- RELEASE-NOTES: synced 3797 3798- Revert "buildconf: use find -execdir" 3799 3800 This partially reverts commit c712009838f44211958854de431315586995bc61. 3801 3802 Keep the ares_ files removed but bring back the older way to run find, 3803 to make it work with busybox's find, as apparently that's being used. 3804 3805 Reported-by: Max Peal 3806 Fixes #5483 3807 Closes #5484 3808 3809- server/sws: fix asan warning on use of uninitialized variable 3810 3811- libssh2: improved error output for wrong quote syntax 3812 3813 Reported-by: Werner Stolz 3814 3815 Closes #5474 3816 3817- mk-lib1521: generate code for testing BLOB options as well 3818 3819 Follow-up to cac5374298b3 3820 3821 Closes #5478 3822 3823- configure: repair the check if argv can be written to 3824 3825 Due to bad escaping of the test code, the test wouldn't build and thus 3826 result in a negative test result, which would lead to the unconditional 3827 assumption that overwriting the arguments doesn't work and thus curl 3828 would never hide credentials given in the command line, even when it 3829 would otherwise be possible. 3830 3831 Regression from commit 2d4c2152c (7.60.0) 3832 3833 Reported-by: huzunhao on github 3834 Fixes #5470 3835 Closes #5471 3836 3837Peter Wu (28 May 2020) 3838- CMake: rebuild Makefile.inc.cmake when Makefile.inc changes 3839 3840 Otherwise the build might fail due to missing source files, as 3841 demonstrated by the recent keylog.c addition on an existing build dir. 3842 3843 Closes #5469 3844 3845Daniel Stenberg (28 May 2020) 3846- urldata: fix comments: Curl_done() is called multi_done() now 3847 3848 ... since 575e885db 3849 3850Peter Wu (27 May 2020) 3851- ngtcp2: use common key log routine for better thread-safety 3852 3853 Tested with ngtcp2 built against the OpenSSL library. Additionally 3854 tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC). 3855 3856 The TLS backend (independent of QUIC) may or may not already have opened 3857 the keylog file before. Therefore Curl_tls_keylog_open is always called 3858 to ensure the file is open. 3859 3860- wolfssl: add SSLKEYLOGFILE support 3861 3862 Tested following the same curl and tshark commands as in commit 3863 "vtls: Extract and simplify key log file handling from OpenSSL" using 3864 WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with 3865 `./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`. 3866 3867 Full support for this feature requires certain wolfSSL build options, 3868 see "Availability note" in lib/vtls/wolfssl.c for details. 3869 3870 Closes #5327 3871 3872- vtls: Extract and simplify key log file handling from OpenSSL 3873 3874 Create a set of routines for TLS key log file handling to enable reuse 3875 with other TLS backends. Simplify the OpenSSL backend as follows: 3876 3877 - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled. 3878 - Do not perform dynamic memory allocation when preparing a log entry. 3879 Unless the TLS specifications change we can suffice with a reasonable 3880 fixed-size buffer. 3881 - Simplify state tracking when SSL_CTX_set_keylog_callback is 3882 unavailable. My original sslkeylog.c code included this tracking in 3883 order to handle multiple calls to SSL_connect and detect new keys 3884 after renegotiation (via SSL_read/SSL_write). For curl however we can 3885 be sure that a single master secret eventually becomes available 3886 after SSL_connect, so a simple flag is sufficient. An alternative to 3887 the flag is examining SSL_state(), but this seems more complex and is 3888 not pursued. Capturing keys after server renegotiation was already 3889 unsupported in curl and remains unsupported. 3890 3891 Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f 3892 (`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`) 3893 against an OpenSSL 1.1.1f server configured with: 3894 3895 # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2 3896 openssl s_server -www -tls1 3897 # Likewise, but fail the server handshake. 3898 openssl s_server -www -tls1 -Verify 2 3899 # TLS 1.3 test. No need to test the failing server handshake. 3900 openssl s_server -www -tls1_3 3901 3902 Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly 3903 written using Wireshark. For the first and third case, expect four 3904 matches per connection (decrypted Server Finished, Client Finished, HTTP 3905 Request, HTTP Response). For the second case where the handshake fails, 3906 expect a decrypted Server Finished only. 3907 3908 tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \ 3909 -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \ 3910 -dtls.port==4433,http -ohttp.desegment_body:FALSE \ 3911 -Y 'tls.handshake.verify_data or http' 3912 3913 A single connection can easily be identified via the `tcp.stream` field. 3914 3915Daniel Stenberg (27 May 2020) 3916- FILEFORMAT: add more features that tests can depend on 3917 3918- [Michael Kaufmann brought this change] 3919 3920 transfer: close connection after excess data has been read 3921 3922 For HTTP 1.x, it's a protocol error when the server sends more bytes 3923 than announced. If this happens, don't reuse the connection, because the 3924 start position of the next response is undefined. 3925 3926 Closes #5440 3927 3928- [Estanislau Augé-Pujadas brought this change] 3929 3930 Revert "ssh: ignore timeouts during disconnect" 3931 3932 This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in 3933 curl 7.54.1. 3934 3935 Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html 3936 Closes #5465 3937 3938- urldata: connect related booleans live in struct ConnectBits 3939 3940 And remove a few unused booleans! 3941 3942 Closes #5461 3943 3944- hostip: on macOS avoid DoH when given a numerical IP address 3945 3946 When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that 3947 numerical IP addresses still need to get "resolved" - but not with DoH. 3948 3949 Reported-by: Viktor Szakats 3950 Fixes #5454 3951 Closes #5459 3952 3953- ngtcp2: cleanup memory when failing to connect 3954 3955 Reported-by: Peter Wu 3956 Fixes #5447 (the ngtcp2 side of it) 3957 Closes #5451 3958 3959- quiche: clean up memory properly when failing to connect 3960 3961 Addresses the quiche side of #5447 3962 Reported-by: Peter Wu 3963 Closes #5450 3964 3965- cleanup: use a single space after equals sign in assignments 3966 3967- url: accept "any length" credentials for proxy auth 3968 3969 They're only limited to the maximum string input restrictions, not to 3970 256 bytes. 3971 3972 Added test 1178 to verify 3973 3974 Reported-by: Will Roberts 3975 Fixes #5448 3976 Closes #5449 3977 3978- [Maksim Stsepanenka brought this change] 3979 3980 test1167: fixes in badsymbols.pl 3981 3982 Closes #5442 3983 3984- altsvc: fix parser for lines ending with CRLF 3985 3986 Fixed the alt-svc parser to treat a newline as end of line. 3987 3988 The unit tests in test 1654 were done without CRLF and thus didn't quite 3989 match the real world. Now they use CRLF as well. 3990 3991 Reported-by: Peter Wu 3992 Assisted-by: Peter Wu 3993 Assisted-by: Jay Satiro 3994 Fixes #5445 3995 Closes #5446 3996 3997Viktor Szakats (25 May 2020) 3998- all: fix codespell errors 3999 4000 Reviewed-by: Jay Satiro 4001 Reviewed-by: Daniel Stenberg 4002 Closes https://github.com/curl/curl/pull/5452 4003 4004Peter Wu (25 May 2020) 4005- ngtcp2: fix build with current ngtcp2 master implementing draft 28 4006 4007 Based on client.cc changes from ngtcp2. Tested with current git master, 4008 ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff479d4380. 4009 4010 Fixes #5444 4011 Closes #5443 4012 4013Daniel Stenberg (25 May 2020) 4014- RELEASE-NOTES: synced 4015 4016 moved the new setopts up to a "change" 4017 4018- RELEASE-NOTES: synced 4019 4020- copyright: updated year ranges out of sync 4021 4022 ... and whitelisted a few more files in the the copyright.pl script. 4023 4024- [Gilles Vollant brought this change] 4025 4026 setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency 4027 4028 Closes #5431 4029 4030- curl: remove -J "informational" written on stdout 4031 4032 curl would previously show "curl: Saved to filename 'name from header'" 4033 if -J was used and a name was picked from the Content-Disposition 4034 header. That output could interfer with other stdout output, such as -w. 4035 4036 This commit removes that output line. 4037 Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html 4038 Reported-by: Коваленко Анатолий Викторович 4039 Closes #5435 4040 4041Peter Wu (22 May 2020) 4042- travis: simplify quiche build instructions wrt boringssl 4043 4044 quiche builds boringssl as static library, reuse that instead of 4045 building another shared library. 4046 4047 Closes #5438 4048 4049- configure: fix pthread check with static boringssl 4050 4051 A shared boringssl/OpenSSL library requires -lcrypto only for linking. 4052 A static build additionally requires `-ldl -lpthread`. In the latter 4053 case `-lpthread` is added to LIBS which prevented `-pthread` from being 4054 added to CFLAGS. Clear LIBS to fix linking failures for libtest tests. 4055 4056Daniel Stenberg (22 May 2020) 4057- Revert "sendf: make failf() use the mvsnprintf() return code" 4058 4059 This reverts commit 74623551f306990e70c7c5515b88972005604a74. 4060 4061 Instead mark the function call with (void). Getting the return code and 4062 using it instead triggered Coverity warning CID 1463596 because 4063 snprintf() can return a negative value... 4064 4065 Closes #5441 4066 4067- typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *' 4068 4069 Reported-by: Billyzou0741326 on github 4070 Fixes #5432 4071 Closes #5436 4072 4073- tests/server/util.h: add extern to silence compiler warning 4074 4075 Follow-up from a3b0699d5c1 4076 4077- typecheck-gcc.h: fix the OFF_T check 4078 4079 The option number also needs to be less than CURLOPTTYPE_BLOB. 4080 4081 Follow-up to cac5374298 4082 Reported-by: Jeroen Ooms 4083 Bug: https://github.com/curl/curl/pull/5365#issuecomment-631084114 4084 4085- TODO: --dry-run 4086 4087 Closes #5426 4088 4089- TODO: Ratelimit or wait between serial requests 4090 4091 Closes #5406 4092 4093- tool_paramhlp: fixup C89 mistake 4094 4095 Follow-up to c5f0a9db22. 4096 4097- [Siva Sivaraman brought this change] 4098 4099 tool_paramhlp: fixed potentially uninitialized strtol() variable 4100 4101 Seems highly unlikely to actually be possible, but better safe than 4102 sorry. 4103 4104 Closes #5417 4105 4106- [Siva Sivaraman brought this change] 4107 4108 tool_operate: fixed potentially uninitialized variables 4109 4110 ... in curl_easy_getinfo() calls. They're harmless but clearing the 4111 variables makes the code safer and comforts the reader. 4112 4113 Closes #5416 4114 4115- sha256: move assign to the declaration line 4116 4117 Follow-up to fae30656. Should've been squashed with that commit... 4118 4119- [Siva Sivaraman brought this change] 4120 4121 sha256: fixed potentially uninitialized variable 4122 4123 Closes #5414 4124 4125- sendf: make failf() use the mvsnprintf() return code 4126 4127 ... and avoid a strlen() call. Fixes a MonocleAI warning. 4128 4129 Reported-by: MonocleAI 4130 Fixes #5413 4131 Closes #5420 4132 4133- hostip: make Curl_printable_address not return anything 4134 4135 It was not used much anyway and instead we let it store a blank buffer 4136 in case of failure. 4137 4138 Reported-by: MonocleAI 4139 Fixes #5411 4140 Closes #5418 4141 4142- ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void) 4143 4144 They're done on purpose, make that visible in the code. 4145 Reported-by: MonocleAI 4146 Fixes #5412 4147 Closes #549 4148 4149- TODO: forbid TLS post-handshake auth and do TLS record padding 4150 4151 Closes #5396 4152 Closes #5398 4153 4154- RELEASE-NOTES: synced 4155 4156- dynbuf: return NULL when there's no buffer length 4157 4158 ... as returning a "" is not a good idea as the string is supposed to be 4159 allocated and returning a const string will cause issues. 4160 4161 Reported-by: Brian Carpenter 4162 Follow-up to ed35d6590e72c 4163 Closes #5405 4164 4165Peter Wu (16 May 2020) 4166- travis: upgrade to bionic, clang-9, improve readability 4167 4168 Changes, partially to reduce build failures from external dependencies: 4169 - Upgrade Ubuntu and drop unnecessary third-party repos. 4170 - Properly clone apt config to ensure retries. 4171 - Upgrade to clang-9 from the standard repos. 4172 - Use Ubuntu 20.04 focal for the libssh build, use of ssh_get_publickey 4173 fails on -Werror=deprecated-declarations in Ubuntu 18.04. Do not use 4174 focal everywhere yet since Travis CI has not documented this option. 4175 In focal, python-impacket (Py2.7) has been removed, leaving only 4176 python3-impacket. Since it is only needed for SMB tests and not SSH, 4177 skip it for the libssh job since it might need more work. 4178 - apt: Remove gcc-8 and libstdc++-8-dev, already installed via g++-8. 4179 4180 Non-functional cleanups: 4181 - Simplify test matrix, drop redundant os and compiler keys. 4182 - Deprecation fixes: remove sudo, rename matrix -> jobs. 4183 - Every job has an 'env' key, put this key first in a list item. 4184 4185 Closes #5370 4186 4187- travis: whitespace-only changes for consistency 4188 4189 Automatically apply a consistent indentation with: 4190 4191 python3 -c 'from ruamel.yaml import YAML;y=YAML();d=y.load(open(".travis.yml"));y.width=500;y.dump(d,open(".travis.yml.new","w"))' 4192 4193 followed by manually re-indenting three comments. 4194 4195 Closes #5370 4196 4197- CMake: add libssh build support 4198 4199 Closes #5372 4200 4201Daniel Stenberg (15 May 2020) 4202- KNOWN_BUGS: wolfssh: publickey auth doesn't work 4203 4204 Closes #4820 4205 4206- KNOWN_BUGS: OS400 port requires deprecated IBM library 4207 4208 Closes #5176 4209 4210- [Vyron Tsingaras brought this change] 4211 4212 http2: keep trying to send pending frames after req.upload_done 4213 4214 Fixes #1410 4215 Closes #5401 4216 4217- [Gilles Vollant brought this change] 4218 4219 setopt: support certificate options in memory with struct curl_blob 4220 4221 This change introduces a generic way to provide binary data in setopt 4222 options, called BLOBs. 4223 4224 This change introduces these new setopts: 4225 4226 CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB, 4227 CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB. 4228 4229 Reviewed-by: Daniel Stenberg 4230 Closes #5357 4231 4232- source cleanup: remove all custom typedef structs 4233 4234 - Stick to a single unified way to use structs 4235 - Make checksrc complain on 'typedef struct {' 4236 - Allow them in tests, public headers and examples 4237 4238 - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually 4239 typedef different types/structs depending on build conditions. 4240 4241 Closes #5338 4242 4243- travis: remove the .checksrc fiddling 4244 4245- ftp: make domore_getsock() return the secondary socket properly 4246 4247 Previously, after PASV and immediately after the data connection has 4248 connected, the function would only return the control socket to wait for 4249 which then made the data connection simply timeout and not get polled 4250 correctly. This become obvious when running test 1631 and 1632 event- 4251 based. 4252 4253- test1632: verify FTP through HTTPS-proxy with connection re-use 4254 4255- test1631: verify FTP download through HTTPS-proxy 4256 4257- sws: as last resort, get test number from server cmd file 4258 4259 If it can't be found in the request. Also support --cmdfile to set it to 4260 a custom file name. 4261 4262 runtests.pl always writes this file with the test number in it since a 4263 while back. 4264 4265- ftp: shut down the secondary connection properly when SSL is used 4266 4267 Reported-by: Neal Poole 4268 Fixes #5340 4269 Closes #5385 4270 4271Marcel Raad (14 May 2020) 4272- KNOWN_BUGS: adapt 5.5 to recent changes 4273 4274 It only applies to non-Unicode builds now. 4275 Also merge 5.10 into it as it's effectively a duplicate. 4276 4277 Closes https://github.com/curl/curl/pull/3784 4278 4279- curl_setup: support Unicode functions to open files on Windows 4280 4281 Use them only if `_UNICODE` is defined, in which case command-line 4282 arguments have been converted to UTF-8. 4283 4284 Closes https://github.com/curl/curl/pull/3784 4285 4286- tool: support UTF-16 command line on Windows 4287 4288 - use `wmain` instead of `main` when `_UNICODE` is defined [0] 4289 - define `argv_item_t` as `wchar_t *` in this case 4290 - use the curl_multibyte gear to convert the command-line arguments to 4291 UTF-8 4292 4293 This makes it possible to pass parameters with characters outside of 4294 the current locale on Windows, which is required for some tests, e.g. 4295 the IDN tests. Out of the box, this currently only works with the 4296 Visual Studio project files, which default to Unicode, and winbuild 4297 with the `ENABLE_UNICODE` option. 4298 4299 [0] https://devblogs.microsoft.com/oldnewthing/?p=40643 4300 4301 Ref: https://github.com/curl/curl/issues/3747 4302 Closes https://github.com/curl/curl/pull/3784 4303 4304- curl_multibyte: add to curlx 4305 4306 This will also be needed in the tool and tests. 4307 4308 Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512 4309 Closes https://github.com/curl/curl/pull/3784 4310 4311Daniel Stenberg (14 May 2020) 4312- url: make the updated credentials URL-encoded in the URL 4313 4314 Found-by: Gregory Jefferis 4315 Reported-by: Jeroen Ooms 4316 Added test 1168 to verify. Bug spotted when doing a redirect. 4317 Bug: https://github.com/jeroen/curl/issues/224 4318 Closes #5400 4319 4320- tests: add https-proxy support to the test suite 4321 4322 Initial test 1630 added with basic HTTPS-proxy use. HTTPS-proxy is like 4323 HTTP proxy but with a full TLS connection to the proxy. 4324 4325 Closes #5399 4326 4327- mailmap: James Fuller 4328 4329- [Major_Tom brought this change] 4330 4331 vauth/cleartext: fix theoretical integer overflow 4332 4333 Fix theoretical integer overflow in Curl_auth_create_plain_message. 4334 4335 The security impact of the overflow was discussed on hackerone. We 4336 agreed this is more of a theoretical vulnerability, as the integer 4337 overflow would only be triggerable on systems using 32-bits size_t with 4338 over 4GB of available memory space for the process. 4339 4340 Closes #5391 4341 4342Jay Satiro (13 May 2020) 4343- curl.1: Quote globbed URLs 4344 4345 - Quote the globbing example URLs that contain characters [] {} since 4346 otherwise they may be interpreted as shell metacharacters. 4347 4348 Bug: https://github.com/curl/curl/issues/5388 4349 Reported-by: John Simpson 4350 4351 Closes https://github.com/curl/curl/pull/5394 4352 4353Daniel Stenberg (14 May 2020) 4354- checksrc: enhance the ASTERISKSPACE and update code accordingly 4355 4356 Fine: "struct hello *world" 4357 4358 Not fine: "struct hello* world" (and variations) 4359 4360 Closes #5386 4361 4362- docs/options-in-versions: which version added each cmdline option 4363 4364 Added test 971 to verify that the list is in sync with the files in 4365 cmdline-opts. The check also verifies that .d-files that uses Added: 4366 specify the same version number as the options-in-versions file does. 4367 4368 Closes #5381 4369 4370- docs: unify protocol lists 4371 4372 We boast support for 25 transfer protocols. Make sure the lists are 4373 consistent 4374 4375 Closes #5384 4376 4377- OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN 4378 4379 ... to avoid an OpenSSL bug that otherwise makes the CRL check to fail. 4380 4381 Reported-by: Michael Kaufmann 4382 Fixes #5374 4383 Closes #5376 4384 4385- tls13-ciphers.d: shorten the Arg 4386 4387- sasl-authzid.d: add Arg: and shorten the desc 4388 4389- cert-type.d: mention the available types in the desc 4390 4391- tool: shorten 3 --help descriptions 4392 4393 --happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort 4394 4395 gen.pl already warned about these lines but we didn't listen 4396 4397 Closes #5379 4398 4399- configure: the wolfssh backend does not provide SCP 4400 4401 Closes #5387 4402 4403- RELEASE-NOTES: synced 4404 4405- url: reject too long input when parsing credentials 4406 4407 Since input passed to libcurl with CURLOPT_USERPWD and 4408 CURLOPT_PROXYUSERPWD circumvents the regular string length check we have 4409 in Curl_setstropt(), the input length limit is enforced in 4410 Curl_parse_login_details too, separately. 4411 4412 Reported-by: Thomas Bouzerar 4413 Closes #5383 4414 4415- list-only.d: this option existed already in 4.0 4416 4417Jay Satiro (12 May 2020) 4418- retry-all-errors.d: Shorten the summary line 4419 4420 Follow-up to b995bb5 from a few moments ago. 4421 4422 Reported-by: Daniel Stenberg 4423 4424 Ref: https://github.com/curl/curl/commit/b995bb5#r39108929 4425 4426- [denzor brought this change] 4427 4428 easy: fix dangling pointer on easy_perform fail 4429 4430 Closes https://github.com/curl/curl/pull/5363 4431 4432- tool: Add option --retry-all-errors to retry on any error 4433 4434 The "sledgehammer" of retrying. 4435 4436 Closes https://github.com/curl/curl/pull/5185 4437 4438Daniel Stenberg (12 May 2020) 4439- [James Le Cuirot brought this change] 4440 4441 libcurl.pc: Merge Libs.private into Libs for static-only builds 4442 4443 A project being built entirely statically will call pkg-config with 4444 --static, which utilises the Libs.private field. Conversely it will 4445 not use --static when not being built entirely statically, even if 4446 there is only a static build of libcurl available. This will most 4447 likely cause the build to fail due to underlinking unless we merge the 4448 Libs fields. 4449 4450 Consider that this is what the Meson build system does when it 4451 generates pkg-config files. 4452 4453 I have also reflected this in the --libs argument of curl-config even 4454 though REQUIRE_LIB_DEPS always seems to be "yes" anyway. 4455 4456 Closes #5373 4457 4458- [Peter Wu brought this change] 4459 4460 CMake: fix runtests.pl with CMake, add new test targets 4461 4462 * runtests.pl: 4463 - Fix out-of-tree build under CMake when srcdir is not set. Default 4464 srcdir to the location of runtests.pl. 4465 - Add a hack to allow CMake to use the TFLAGS option as documented 4466 in tests/README and used in scripts/travis/script.sh. 4467 * Bump CMake version to 3.2 for USES_TERMINAL, dropping Debian Jessie 4468 support (no one should care, it is already EOL.). 4469 * Remove CTest since it defines its own 'test' target with no tests 4470 since all unittests are already broken and not built by default. 4471 * Add new test targets based on the options from Makefile.am. Since 4472 new test targets are rarely added, I opted for duplicating the 4473 runtests.pl options as opposed to creating a new Makefile.inc file. 4474 Use top-level target names (test-x) instead of x-test since that is 4475 used by CI and others. 4476 4477 Closes #5358 4478 4479- [Peter Wu brought this change] 4480 4481 CMake: do not build test programs by default 4482 4483 The default target should only build libcurl and curl. Add a dedicated 4484 'testdeps' target which will be used later when running tests. Note that 4485 unittests are currently broken in CMake and already excluded. 4486 4487 Closes #5368 4488 4489- FILEFORMAT: moved up the variables section and further polished 4490 4491- runtests: remove ftp2 support, not used 4492 4493 We once supported two separate ftp instances in the test suite. Has not 4494 been used the last decade. 4495 4496 Closes #5375 4497 4498- url: sort the protocol schemes in rough popularity order 4499 4500 When looking for a protocol match among supported schemes, check the 4501 most "popular" schemes first. It has zero functionality difference and 4502 for all practical purposes a speed difference will not be measureable 4503 but it still think it makes sense to put the least likely matches last. 4504 4505 "Popularity" based on the 2019 user survey. 4506 4507 Closes #5377 4508 4509Marc Hoersken (11 May 2020) 4510- test1238: avoid tftpd being busy for tests shortly following 4511 4512 The tftpd server may still be busy if the total timeout of 4513 25 seconds has not been reached or no sread error was received 4514 during or after the execution of the timeout test 1238. 4515 4516 Once the next TFTP test comes around (eg. 1242 or 1243), 4517 those will fail because the tftpd server is still waiting 4518 on data from curl due to the UDP protocol being stateless 4519 and having no connection close. On Linux this error may not 4520 happen, because ICMP errors generated due to a swrite error 4521 can also be returned async on the next sread call instead. 4522 4523 Therefore we will now just kill the tftpd server after test 4524 1238 to make sure that the following tests are not affected. 4525 4526 This enables us to no longer ignore tests 1242, 1243, 2002 4527 and 2003 on the CI platforms CirrusCI and AppVeyor. 4528 4529 Assisted-by: Peter Wu 4530 Closes #5364 4531 4532Daniel Stenberg (11 May 2020) 4533- write-out.d: added "response_code" 4534 4535- KNOWN_BUGS: Build with staticly built dependency 4536 4537 I rewrote the item 5.4 to be more generic about static dependencies. 4538 4539- ROADMAP: remove old entries 4540 4541 MQTT - the start has already landed 4542 4543 tiny-curl - also mostly landed and is a continuous work 4544 4545 make menuconfig - basically no interest from users, not pushing there 4546 4547- [Peter Wu brought this change] 4548 4549 travis: Add ngtcp2 and quiche tests for CMake 4550 4551 To avoid an explosion of jobs, extend the existing CMake tests with 4552 ngtcp2 and quiche support. macOS was previously moved to GitHub actions, 4553 so the non-Linux case can be dropped. 4554 4555- [Peter Wu brought this change] 4556 4557 CMake: add ENABLE_ALT_SVC option 4558 4559 Tested alt-svc with quiche. While at it, add missing MultiSSL reporting 4560 (not tested). 4561 4562- [Peter Wu brought this change] 4563 4564 CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) 4565 4566 Add three new CMake Find modules (using the curl license, but I grant 4567 others the right to apply the CMake BSD license instead). 4568 4569 This CMake config is simpler than the autotools one because it assumes 4570 ngtcp2 and nghttp3 to be used together. Another difference is that this 4571 CMake config checks whether QUIC is actually supported by the TLS 4572 library (patched OpenSSL or boringssl) since this can be a common 4573 configuration mistake that could result in build errors later. 4574 4575 Unlike autotools, CMake does not warn you that the features are 4576 experimental. The user is supposed to already know that and read the 4577 documentation. It requires a very special build environment anyway. 4578 4579 Tested with ngtcp2+OpenSSL+nghttp3 and quiche+boringssl, both built from 4580 current git master. Use `LD_DEBUG=files src/curl |& grep need` to figure 4581 out which features (libldap-2.4, libssh2) to disable due to conflicts 4582 with boringssl. 4583 4584 Closes #5359 4585 4586Marc Hoersken (10 May 2020) 4587- tests/server/tftpd.c: fix include and enhance debug logging 4588 4589 setjmp.h should only be included if HAVE_SETJMP_H is defined. 4590 4591 Add additional log statements to see wether reads and writes 4592 are blocking or finishing before an alarm signal is received. 4593 4594 Assisted-by: Peter Wu 4595 Part of #5364 4596 4597Daniel Stenberg (10 May 2020) 4598- tool_operate: only set CURLOPT_SSL_OPTIONS if SSL support is present 4599 4600 Reported-by: Marcel Raad 4601 Follow-up to 148534db5 4602 Fixes #5367 4603 Closes #5369 4604 4605Marc Hoersken (9 May 2020) 4606- appveyor: update comments to be clear about toolchain 4607 4608 - CMake-based MSYS builds use mingw-w64 to cross-compile. 4609 - autotools-based builds are compiled using msys2-devel. 4610 4611 The difference is that the later ones are not cross-compiled 4612 to Windows and instead require the msys2 runtime to be present. 4613 4614 At the moment only the Azure Pipelines CI builds actually 4615 run autotools-based cross-compilation builds for Windows. 4616 4617- TODO: update regarding missing Schannel features 4618 4619 Some aspects have already been implemented over the years. 4620 4621 15.1 Client certificates are now supported: 4622 4623 - System stores via e35b0256eb34f1fe562e3e2a2615beb50a391c52 4624 - PKCS#12 files via 0fdf96512613574591f501d63fe49495ba40e1d5 4625 4626 15.2 Ciphers can now be specified through: 4627 4628 - Algorithms via 9aefbff30d280c60fc9d8cc3e0b2f19fc70a2f28 4629 4630 Reviewed-by: Daniel Stenberg and Marcel Raad 4631 Closes #5358 4632 4633Daniel Stenberg (8 May 2020) 4634- checksrc: close the .checksrc file handle when done reading 4635 4636- RELEASE-NOTES: synced 4637 4638 And bumped next version to 7.71.0 4639 4640- [Gilles Vollant brought this change] 4641 4642 CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl) 4643 4644 Closes #4346 4645 4646- TODO: native IDN support on macOS 4647 4648- urlapi: accept :: as a valid IPv6 address 4649 4650 Text 1560 is extended to verify. 4651 4652 Reported-by: Pavel Volgarev 4653 Fixes #5344 4654 Closes #5351 4655 4656- THANKS-filter: Peter Wang 4657 4658- [Peter Wang brought this change] 4659 4660 *_sspi: fix bad uses of CURLE_NOT_BUILT_IN 4661 4662 Return CURLE_AUTH_ERROR instead of CURLE_NOT_BUILT_IN for other 4663 instances of QuerySecurityPackageInfo failing, as in 4664 commit 2a81439553286f12cd04a4bdcdf66d8e026d8201. 4665 4666 Closes #5355 4667 4668- docs/HTTP3: add qlog to the quiche build instruction 4669 4670- ngtcp2: introduce qlog support 4671 4672 If the QLOGDIR environment variable is set, enable qlogging. 4673 4674 ... and create Curl_qlogdir() in the new generic vquic/vquic.c file for 4675 QUIC functions that are backend independent. 4676 4677 Closes #5353 4678 4679- ntlm_sspi: fix bad use of CURLE_NOT_BUILT_IN 4680 4681 That return code is reserved for build-time conditional code not being 4682 present while this was a regular run-time error from a Windows API. 4683 4684 Reported-by: wangp on github 4685 Fixes #5349 4686 Closes #5350 4687 4688- runtests: show elapsed test time with higher precision (ms) 4689 4690- RELEASE-NOTES: synced 4691 4692- http2: simplify and clean up trailer handling 4693 4694 Triggered by a crash detected by OSS-Fuzz after the dynbuf introduction in 4695 ed35d6590e72. This should make the trailer handling more straight forward and 4696 hopefully less error-prone. 4697 4698 Deliver the trailer header to the callback already at receive-time. No 4699 longer caches the trailers to get delivered at end of stream. 4700 4701 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22030 4702 Closes #5348 4703 4704Marc Hoersken (7 May 2020) 4705- appveyor: disable test 1139 instead of ignoring it 4706 4707 Spending time on manpage checking makes no sense 4708 for these builds due to lacking manpage support. 4709 4710- appveyor: disable flaky test 1501 and ignore broken 1056 4711 4712 Test 1501 is flaky on Windows CI due to being time sensitive 4713 and the testsuite relying on taskkill.exe to check for the 4714 existance of processes which can take to much time itself. 4715 4716 Test 1056 is broken in autotools-based Windows builds due 4717 to scope ID support missing in these builds at the moment. 4718 4719- test613.pl: make tests 613 and 614 work with OpenSSH for Windows 4720 4721 OpenSSH for Windows shows group and other/world permissions as *, 4722 because those concepts do not exist on Windows. It also does not 4723 show the current or parent directory, so we just ignore those. 4724 4725 Reviewed-by: Daniel Stenberg 4726 Closes #5328 4727 4728Daniel Stenberg (6 May 2020) 4729- runtests: set +x mode again 4730 4731- libssh2: convert over to use dynbuf 4732 4733 In my very basic test that lists sftp://127.0.0.1/tmp/, this patched 4734 code makes 161 allocations compared to 194 in git master. A 17% 4735 reduction. 4736 4737 Closes #5336 4738 4739- travis: add "qlog" as feature in the quiche build 4740 4741- quiche: enable qlog output 4742 4743 quiche has the potential to log qlog files. To enable this, you must 4744 build quiche with the qlog feature enabled `cargo build --features 4745 qlog`. curl then passes a file descriptor to quiche, which takes 4746 ownership of the file. The FD transfer only works on UNIX. 4747 4748 The convention is to enable logging when the QLOGDIR environment is 4749 set. This should be a path to a folder where files are written with the 4750 naming template <SCID>.qlog. 4751 4752 Co-authored-by: Lucas Pardue 4753 Replaces #5337 4754 Closes #5341 4755 4756- urldata.h: remove #define HEADERSIZE, not used anymore 4757 4758 Follow-up to ed35d6590e72c 4759 4760- ngtcp2: convert to dynbuf 4761 4762 Closes #5335 4763 4764- connect: make happy eyeballs work for QUIC (again) 4765 4766 Follow-up from dbd16c3e256c6c (regression in 7.70.0) 4767 4768 Closes #5334 4769 4770- connect: add two asserts to clue code analyzers in a little 4771 4772- http_proxy: ported to use dynbuf instead of a static size buffer 4773 4774 Removes a 16K static buffer from the easy handle. Simplifies the code. 4775 4776- dynbuf: introduce internal generic dynamic buffer functions 4777 4778 A common set of functions instead of many separate implementations for 4779 creating buffers that can grow when appending data to them. Existing 4780 functionality has been ported over. 4781 4782 In my early basic testing, the total number of allocations seem at 4783 roughly the same amount as before, possibly a few less. 4784 4785 See docs/DYNBUF.md for a description of the API. 4786 4787 Closes #5300 4788 4789- runtests: remove sleep calls 4790 4791 Remove many one second sleeps that were done *after* each newly started 4792 test server already has been verified. They should not have any purpose 4793 there. 4794 4795 Closes #5323 4796 4797- asyn-*: remove support for never-used NULL entry pointers 4798 4799 ... and instead convert those to asserts to make sure they are truly 4800 never NULL. 4801 4802 Closes #5324 4803 4804- [Emil Engler brought this change] 4805 4806 doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax 4807 4808 Closes #5325 4809 4810Jay Satiro (2 May 2020) 4811- asyn-thread: fix cppcheck warning 4812 4813 - Check for NULL entry parameter before attempting to deref entry in 4814 Curl_resolver_is_resolved, like is already done in asyn-ares. 4815 4816 This is to silence cppcheck which does not seem to understand that 4817 asyn-ares and asyn-thread have separate Curl_resolver_is_resolved 4818 and those units are mutually exclusive. Prior to this change it warned 4819 of a scenario where asyn-thread's Curl_resolver_is_resolved is called 4820 with a NULL entry from asyn-ares, but that couldn't happen. 4821 4822 Reported-by: rl1987@users.noreply.github.com 4823 4824 Fixes https://github.com/curl/curl/issues/5326 4825 4826- select: fix overflow protection in Curl_socket_check 4827 4828 Follow-up to a96c752 which changed the timeout_ms type from time_t to 4829 timediff_t. 4830 4831 Ref: https://github.com/curl/curl/pull/5240 4832 4833 Closes https://github.com/curl/curl/pull/5286 4834 4835Marc Hoersken (2 May 2020) 4836- sockfilt: make select_ws stop waiting on exit signal event 4837 4838 This makes sure that select_ws behaves similar to real select 4839 which stops waiting on a signal handler being triggered. 4840 4841 This makes it possible to gracefully stop sockfilt.exe on 4842 Windows with taskkill /IM sockfilt.exe (without /F force flag). 4843 4844 Reviewed-by: Jay Satiro 4845 Part of #5260 4846 4847- tests/server/util.[ch]: add exit event to stop waiting on Windows 4848 4849 This commit adds a global exit event to the test servers that 4850 Windows-specific wait routines can use to get triggered if the 4851 program was signaled to be terminated, eg. select_ws in sockfilt.c 4852 4853 The exit event will be managed by the signal handling code and is 4854 set to not reset automatically to support multiple wait routines. 4855 4856 Reviewed-by: Jay Satiro 4857 Closes #5260 4858 4859- tests/server/util.c: fix thread handle not being closed 4860 4861 Reviewed-by: Jay Satiro 4862 Part of #5260 4863 4864- tests/server/util.c: use raise instead of calling signal handler 4865 4866 Use raise to trigger signal handler instead of calling it 4867 directly and causing potential unexpected control flow. 4868 4869 Reviewed-by: Jay Satiro 4870 Part of #5260 4871 4872- tests: add support for SSH server variant specific transfer paths 4873 4874 OpenSSH for Windows requires paths in the format of /C:/ 4875 instead of the pseudo-POSIX paths /cygdrive/c/ or just /c/ 4876 4877 Reviewed-by: Daniel Stenberg 4878 Closes #5298 4879 4880Daniel Stenberg (2 May 2020) 4881- RELEASE-NOTES: synced 4882 4883- libssh2: set the expected total size in SCP upload init 4884 4885 ... as otherwise the progress callback gets called without that 4886 information, making the progress meter have less info. 4887 4888 Reported-by: Murugan Balraj 4889 Bug: https://curl.haxx.se/mail/archive-2020-05/0000.html 4890 Closes #5317 4891 4892- runtests: make the logmsg from the ssh server only show in verbose 4893 4894- tests: make test 1248 + 1249 use %NOLISTENPORT 4895 4896 ... instead of a port of a non-running server so that it works 4897 stand-alone. 4898 4899 Closes #5318 4900 4901- examples: remove asiohiper.cpp 4902 4903 This example has repeatedly been reported to contain bugs, and as users 4904 copy and paste code from this into production, I now deem it better to 4905 not provide the example at all. 4906 4907 Closes #5090 4908 Closes #5322 4909 4910- [Emil Engler brought this change] 4911 4912 doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3 4913 4914 Closes #5320 4915 4916- [Emil Engler brought this change] 4917 4918 KNOWN_BUGS: Remove "curl --upload-file . hang if delay in STDIN" 4919 4920 It was fixed in 9a2cbf3 4921 4922 Closes #5319 4923 4924- cirrus: disable SFTP and SCP tests 4925 4926 ... as we can't seem to start the sshd server on it. Those problems 4927 existed before d1239b50bececd (running the SSH server on a random port), 4928 but they're more noticable now since there are more failed attempts in 4929 the logs. 4930 4931 Closes #5315 4932 4933- [Emil Engler brought this change] 4934 4935 runtests: fix typo in the existence of disabled tests checker 4936 4937 Closes #5316 4938 4939Dan Fandrich (30 Apr 2020) 4940- test75: Remove precheck test 4941 4942 This has not been needed since commit 9fa42bed and often prevents it 4943 from running at all with dynamic test ports. 4944 4945- tests: Stop referring to server ports when they're not used 4946 4947 Several tests referred to specific server ports even when the test 4948 didn't actually use that server or specify that it's needed. In such 4949 cases, the test harness substitutes the text "[not running]" as the port 4950 number which causes many such tests to fail due to the inability to 4951 parse the URL. These tests are changed to use %NOLISTENPORT which will 4952 always be substituted correctly. 4953 4954Daniel Stenberg (30 Apr 2020) 4955- [Emil Engler brought this change] 4956 4957 GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT 4958 4959 Closes #5287 4960 4961- conncache: various concept cleanups 4962 4963 More connection cache accesses are protected by locks. 4964 4965 CONNCACHE_* is a beter prefix for the connection cache lock macros. 4966 4967 Curl_attach_connnection: now called as soon as there's a connection 4968 struct available and before the connection is added to the connection 4969 cache. 4970 4971 Curl_disconnect: now assumes that the connection is already removed from 4972 the connection cache. 4973 4974 Ref: #4915 4975 Closes #5009 4976 4977- tests: tests: run stunnel for HTTPS and FTPS on dynamic ports 4978 4979 As stunnel is an external tool and it has no specific option to export 4980 the actually used port number when asked to listen to 0, runtests 4981 instead iterates over ten randomly picked high number ports and sticks 4982 to the first one stunnel can listen to. 4983 4984 Closes #5267 4985 4986- tests: pick a random port number for SSH 4987 4988 Since sshd doesn't have such an option by itself, we iterate over a 4989 series of random ports until one works. 4990 4991 Closes #5273 4992 4993- [Rikard Falkeborn brought this change] 4994 4995 libtest/cmake: Remove commented code 4996 4997 These were commented out in e9dd0998706a when Makefile.inc was included 4998 instead. 11 years have passed since then and the commented code is of 4999 course very outdated. Remove it to avoid confusion. 5000 5001 Closes #5311 5002 5003- schannel: source code reindent 5004 5005 White space edits only. Conform better to standard curl source code 5006 indenting style. 5007 5008 Closes #5305 5009 5010Kamil Dudka (29 Apr 2020) 5011- test1177: look for curl.h in source directory 5012 5013 If we use a separate build directory, there is no copy of the header. 5014 5015 Closes #5310 5016 5017- tests: look for preprocessed tests in build directory 5018 5019 ... which is not always the same directory as source directory 5020 5021 Closes #5310 5022 5023Daniel Stenberg (29 Apr 2020) 5024- RELEASE-NOTES: synced 5025 5026 ... and bumped curlver.h to 7.70.1 5027 5028Version 7.70.0 (29 Apr 2020) 5029 5030Daniel Stenberg (29 Apr 2020) 5031- RELEASE-NOTES: 7.70.0 5032 5033- THANKS: synced with the 7.70.0 release 5034 5035- headers: copyright range fix 5036 5037- [Rikard Falkeborn brought this change] 5038 5039 doh: Constify some input pointers 5040 5041 Closes #5306 5042 5043- nss: check for PK11_CreateDigestContext() returning NULL 5044 5045 ... to avoid crashes! 5046 5047 Reported-by: Hao Wu 5048 Fixes #5302 5049 Closes #5303 5050 5051- travis: bump the wolfssl CI build to use 4.4.0 5052 5053 Closes #5301 5054 5055- copyright updates: adjust year ranges 5056 5057Marc Hoersken (26 Apr 2020) 5058- CI: do not include */ci branches in PR builds 5059 5060 Align Azure Pipelines with GitHub Actions. 5061 5062Daniel Stenberg (25 Apr 2020) 5063- runtests: check for the disabled tests relative srcdir 5064 5065 To make it work correctly for out-of-tree builds. 5066 5067 Follow-up to 75e8feb6fb08b 5068 5069 Bug: https://github.com/curl/curl/pull/5288#issuecomment-619346389 5070 Reported-by: Marcel Raad 5071 Closes #5297 5072 5073- runtests: revert commenting out a line I did for debugging 5074 5075 Follow-up to 11091cd4d. It was not meant to be pushed! 5076 5077- smtp: set auth correctly 5078 5079 Regression since 7.69.0 and 68fb25fa3fcff. 5080 5081 The code wrongly assigned 'from' instead of 'auth' which probably was a 5082 copy and paste mistake from other code, leading to that auth could 5083 remain NULL and later cause an error to be returned. 5084 5085 Assisted-by: Eric Sauvageau 5086 Fixes #5294 5087 Closes #5295 5088 5089Marcel Raad (25 Apr 2020) 5090- lib: clean up whitespace 5091 5092 This fixes CodeFactor warnings. 5093 5094Daniel Stenberg (25 Apr 2020) 5095- [Anderson Toshiyuki Sasaki brought this change] 5096 5097 libssh: avoid options override by configuration files 5098 5099 Previously, options set explicitly through command line options could be 5100 overridden by the configuration files parsed automatically when 5101 ssh_connect() was called. 5102 5103 By calling ssh_options_parse_config() explicitly, the configuration 5104 files are parsed before setting the options, avoiding the options 5105 override. Once the configuration files are parsed, the automatic 5106 configuration parsing is not executed. 5107 5108 Fixes #4972 5109 Closes #5283 5110 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 5111 5112- runtests: when <killserver> mentions http, kill http/2 too 5113 5114 Since the http2 test server is a mere proxy that needs to know about the 5115 dynamic port the HTTP server is using, it too needs to get restarted 5116 when the http server is killed. 5117 5118 A regression caused by 80d6515. 5119 5120 Fixes #5289 5121 Closes #5291 5122 5123- [Yuri Slobodyanyuk brought this change] 5124 5125 docs: fix two typos 5126 5127 Closes #5292 5128 5129- [Emil Engler brought this change] 5130 5131 tests/git: ignore mqttd and port files 5132 5133 Closes #5290 5134 5135- tests: make runtests check that disabled tests exists 5136 5137 ... and error out if so. Removed '536' from DISABLED as there is no such 5138 test file. 5139 5140 Closes #5288 5141 5142- test1154: set a proper name 5143 5144- select: make Curl_socket_check take timediff_t timeout 5145 5146 Coverity found CID 1461718: 5147 5148 Integer handling issues (CONSTANT_EXPRESSION_RESULT) "timeout_ms > 5149 9223372036854775807L" is always false regardless of the values of its 5150 operands. This occurs as the logical second operand of "||". 5151 5152 Closes #5240 5153 5154- [i-ky brought this change] 5155 5156 libcurl-multi.3: added missing full stop 5157 5158 Closes #5285 5159 5160Jay Satiro (22 Apr 2020) 5161- transfer: Switch PUT to GET/HEAD on 303 redirect 5162 5163 Prior to this change if there was a 303 reply to a PUT request then 5164 the subsequent request to respond to that redirect would also be a PUT. 5165 It was determined that was most likely incorrect based on the language 5166 of the RFCs. Basically 303 means "see other" resource, which implies it 5167 is most likely not the same resource, therefore we should not try to PUT 5168 to that different resource. 5169 5170 Refer to the discussions in #5237 and #5248 for more information. 5171 5172 Fixes https://github.com/curl/curl/issues/5237 5173 Closes https://github.com/curl/curl/pull/5248 5174 5175Daniel Stenberg (22 Apr 2020) 5176- lib/mk-ca-bundle: skip empty certs 5177 5178 Reviewed-by: Emil Engler 5179 Reported-by: Ashwin Metpalli 5180 Fixes #5278 5181 Closes #5280 5182 5183- version: skip idn2_check_version() check and add precaution 5184 5185 A gcc-10's -fanalyze complaint made me spot and do these improvements. 5186 5187 Closes #5281 5188 5189- RELEASE-NOTES: synced 5190 5191- [Brian Bergeron brought this change] 5192 5193 curl.h: update comment typo 5194 5195 "routines with be invoked" -> "routines will be invoked" 5196 5197 Closes #5279 5198 5199- [Emil Engler brought this change] 5200 5201 GnuTLS: Don't skip really long certificate fields 5202 5203 Closes #5271 5204 5205- gnutls: bump lowest supported version to 3.1.10 5206 5207 GnuTLS 3.1.10 added new functions we want to use. That version was 5208 released on Mar 22, 2013. Removing support for older versions also 5209 greatly simplifies the code. 5210 5211 Ref: #5271 5212 Closes #5276 5213 5214- mqtt: make NOSTATE get within the debug name array 5215 5216- tests: run the RTSP test server on a dynamic port number 5217 5218 To avoid port collisions. 5219 5220 Closes #5272 5221 5222- tests: add %NOLISTENPORT and use it 5223 5224 The purpose with this variable is to provide a port number that is 5225 reasonably likely to not have a listener on the local host so that tests 5226 can try connect failures against it. It uses port 47 - "reserved" 5227 according to IANA. 5228 5229 Updated six tests to use it instead of the previous different ports. 5230 5231 Assisted-by: Emil Engler 5232 Closes #5270 5233 5234- mqtt: remove code with no purpose 5235 5236 Detected by Coverity. CID 1462319. 5237 5238 "The same code is executed when the condition result is true or false, 5239 because the code in the if-then branch and after the if statement is 5240 identical." 5241 5242 Closes #5275 5243 5244- mqtt: fix Curl_read() error handling while reading remaining length 5245 5246 Detected by Coverity. CID 1462320. 5247 5248 Closes #5274 5249 5250- server/tftpd: fix compiler warning 5251 5252 Follow-up from 369ce38ac1d 5253 Reported-by: Marc Hörsken 5254 5255- http: free memory when Alt-Used header creation fails due to OOM 5256 5257 Reported-by: James Fuller 5258 Fixes #5268 5259 Closes #5269 5260 5261Daniel Gustafsson (20 Apr 2020) 5262- lib: fix typos in comments and errormessages 5263 5264 This fixes a few randomly spotted typos in recently merged code, most 5265 notably one in a userfacing errormessage the schannel code. 5266 5267Daniel Stenberg (20 Apr 2020) 5268- tests: run the SOCKS test server on a dynamic port number 5269 5270 Closes #5266 5271 5272- [Johannes Schindelin brought this change] 5273 5274 multi-ssl: reset the SSL backend on `Curl_global_cleanup()` 5275 5276 When cURL is compiled with support for multiple SSL backends, it is 5277 possible to configure an SSL backend via `curl_global_sslset()`, but 5278 only *before* `curl_global_init()` was called. 5279 5280 If another SSL backend should be used after that, a user might be 5281 tempted to call `curl_global_cleanup()` to start over. However, we did 5282 not foresee that use case and forgot to reset the SSL backend in that 5283 cleanup. 5284 5285 Let's allow that use case. 5286 5287 Fixes #5255 5288 Closes #5257 5289 Reported-by: davidedec on github 5290 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> 5291 5292- tests: run the TFTP test server on a dynamic port number 5293 5294 Picking a dynamic unused port is better than a fixed to avoid the 5295 collision risk. 5296 5297 Closes #5265 5298 5299- mqtt: improve the state machine 5300 5301 To handle PUBLISH before SUBACK and more. 5302 5303 Updated the existing tests and added three new ones. 5304 5305 Reported-by: Christoph Krey 5306 Bug: https://curl.haxx.se/mail/lib-2020-04/0021.html 5307 Closes #5246 5308 5309- runtests: always put test number in servercmd file 5310 5311- RELEASE-NOTES: synced 5312 5313- release-notes.pl: fix parsing typo 5314 5315James Fuller (20 Apr 2020) 5316- ensure all references to ports are replaced by vars 5317 5318- add more alt-svc test coverage 5319 5320Daniel Stenberg (20 Apr 2020) 5321- test1247: use http server to get the port number set 5322 5323 Follow-up to 0f5db7b263f 5324 5325- runtests: use a unix domain socket path with the pid in the name 5326 5327 To make it impossible for test cases to access the file name without 5328 using the proper variable for the purpose. 5329 5330 Closes #5264 5331 5332Daniel Gustafsson (19 Apr 2020) 5333- [Mipsters on github brought this change] 5334 5335 src: Remove C99 constructs to ensure C89 compliance 5336 5337 This fixes the error: 'for' loop initial declaration used outside C99 5338 mode by declaring the loop increment variable in the beginning of the 5339 block instead of inside the for loop. 5340 5341 Fixes #5254 5342 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> 5343 5344Daniel Stenberg (19 Apr 2020) 5345- runtests: dummy init the ports variables to avoid warnings 5346 5347 ... and generate something that can help debug test cases. 5348 5349- [Patrick Monnerat brought this change] 5350 5351 mime: properly check Content-Type even if it has parameters 5352 5353 New test 669 checks this fix is effective. 5354 5355 Fixes #5256 5356 Closes #5258 5357 Reported-by: thanhchungbtc on github 5358 5359- tests/FILEFORMAT: converted to markdown and extended 5360 5361 Closes #5261 5362 5363- test1245: make it work with dynamic FTP server port 5364 5365- test1055: make it work with dynamic FTP port 5366 5367- test1028: make it run on dynamic FTP server port 5368 5369- tests: move pingpong server to dynamic listening port 5370 5371 FTP, IMAP, POP3, SMTP and their IPv6 versions are now all on dynamic 5372 ports 5373 5374 Test 842-845 are unfortunately a bit hard to move over to this concept 5375 right now and require "default port" still... 5376 5377- test1056: work with dynamic HTTP ipv6 port 5378 5379- test1448: work with dynamic HTTP server port 5380 5381- tests: introduce preprocessed test cases 5382 5383 The runtests script now always performs variable replacement on the 5384 entire test source file before the test gets executed, and saves the 5385 updated version in a temporary file (log/test[num]) so that all test 5386 case readers/servers can use that version (if present) and thus enjoy 5387 the powers of test case variable substitution. 5388 5389 This is necessary to allow complete port number freedom. 5390 5391 Test 309 is updated to work with a non-fixed port number thanks to this. 5392 5393- tests: make 2006-2010 handle different port number lengths 5394 5395- tests: run the sws server on "any port" 5396 5397 Makes the test servers for HTTP and Gopher pop up on a currently unused 5398 port and runtests adapts to that! 5399 5400 Closes #5247 5401 5402Marc Hoersken (18 Apr 2020) 5403- sockfilt: tidy variable naming and data structure in select_ws 5404 5405 This commit does not introduce any logical changes to the code. 5406 5407 Reviewed-by: Jay Satiro and Marcel Raad 5408 Closes #5238 5409 5410Daniel Stenberg (17 Apr 2020) 5411- [Anderson Toshiyuki Sasaki brought this change] 5412 5413 libssh: Use new ECDSA key types to check known hosts 5414 5415 From libssh 0.9.0, ssh_key_type() returns different key types for ECDSA 5416 keys depending on the curve. 5417 5418 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 5419 Fixes #5252 5420 Closes #5253 5421 5422Marcel Raad (17 Apr 2020) 5423- appveyor: add Unicode winbuild jobs 5424 5425 These are cheap as they don't build tests. 5426 5427 Closes https://github.com/curl/curl/pull/5063 5428 5429Daniel Stenberg (16 Apr 2020) 5430- mqttd: s/errno/SOCKERRNO 5431 5432 To behave proper on Windows 5433 Reported-by: Gisle Vanem 5434 Bug: https://github.com/curl/curl/commit/5e855bbd18f84a02c951be7cac6188276818cdac#r38507132 5435 Closes #5241 5436 5437- buildconf: use find -execdir instead, remove -print and the ares files 5438 5439 Follow-up to 1e41bec96a6e 5440 5441 Suggested-by: Marc Hörsken 5442 5443- [Alexander V. Tikhonov brought this change] 5444 5445 buildconf: avoid using tempfile when removing files 5446 5447 Closes #5213 5448 5449- copyright: bump the copyright year range 5450 5451- scripts/release-notes.pl: accept colon after the Fixes/Closes keywords 5452 5453- [JP Mens brought this change] 5454 5455 docs/MQTT: replace confusing 80 by 75 5456 5457 I was a bit surprised by the `80`: first thought: what's HTTP doing 5458 here? ;) 5459 5460 Closes #5236 5461 5462- [Brad King brought this change] 5463 5464 cmake: Avoid MSVC C4273 warnings in send/recv checks 5465 5466 We use `check_c_source_compiles` to check possible send/recv signatures 5467 by reproducing the forward declarations from system headers. On Windows 5468 the `winsock2.h` header adds dll linkage settings to its forward 5469 declaration. If ours does not match the compiler warns: 5470 5471 warning C4273: 'recv': inconsistent dll linkage 5472 5473 Add `WINSOCK_API_LINKAGE` to our test signatures when it is defined so 5474 that our linkage is consistent with that from `winsock2.h`. 5475 5476 Fixes #4764 5477 Closes #5232 5478 5479Jay Satiro (14 Apr 2020) 5480- KNOWN_BUGS: Add entry 'Blocking socket operations' 5481 5482 - Add threaded resolver cleanup and GSSAPI for FTP to the TODO list of 5483 known blocking operations. 5484 5485 - New known bugs entry 'Blocking socket operations in non-blocking API' 5486 that directs to the TODO's list of known blocking operations. 5487 5488 Ref: https://github.com/curl/curl/pull/5214#issuecomment-612488021 5489 5490 Reported-by: Marc Hoersken 5491 5492 Closes https://github.com/curl/curl/pull/5216 5493 5494Marc Hoersken (14 Apr 2020) 5495- test2043: use revoked.badssl.com instead of revoked.grc.com 5496 5497 The certificate of revoked.grc.com has expired on 2020-04-13. 5498 5499 Reviewed-by: Jay Satiro 5500 5501 Closes #5233 5502 5503- sockfilt: fix broken pipe on Windows to be ready in select_ws 5504 5505 Closes #5228 5506 5507Daniel Stenberg (14 Apr 2020) 5508- RELEASE-NOTES: synced 5509 5510- scripts/release-notes: fix duplicate output header 5511 5512- github/workflow: enable MQTT in the macOS debug build 5513 5514- azure: add mqtt support to one of the Windows builds 5515 5516- travis: add mqtt job on Linux 5517 5518- tests: add four MQTT tests 1190 - 1193 5519 5520- tests: add the mqtt test server mqttd 5521 5522- tests: support hex encoded data and mqtt server 5523 5524 The mqtt server is started using a "random" port. 5525 5526- [Björn Stenberg brought this change] 5527 5528 mqtt: add new experimental protocol 5529 5530 Closes #5173 5531 5532- TODO: Consider convenience options for JSON and XML? 5533 5534 Closes #5203 5535 5536- tool: do not declare functions with Curl_ prefix 5537 5538 To avoid collision risks with private libcurl symbols when linked with 5539 static versions (or just versions not hiding internal symbols). 5540 5541 Reported-by: hydra3333 on github 5542 Fixes #5219 5543 Closes #5234 5544 5545- [Nathaniel R. Lewis brought this change] 5546 5547 cmake: add aliases so exported target names are available in tree 5548 5549 Reviewed-by: Brad King 5550 Closes #5206 5551 5552- version: increase buffer space for ssl version output 5553 5554 To avoid it getting truncated, especially when several SSL backends are 5555 built-in. 5556 5557 Reported-by: Gisle Vanem 5558 Fixes #5222 5559 Closes #5226 5560 5561Marc Hoersken (13 Apr 2020) 5562- cirrus: no longer ignore test 504 which is working again 5563 5564 The test is working again, because TCP blackholing is disabled. 5565 5566- appveyor: completely disable tests that fail to timeout early 5567 5568 The tests changed from ignored to disabled are tests that are 5569 about connecting to non-listening socket. On AppVeyor these 5570 tests are not reliable, because for some unknown reason the 5571 connect is not timing out before the test time limit is reached. 5572 5573Daniel Stenberg (13 Apr 2020) 5574- test1908: avoid using fixed port number in test data 5575 5576 Closes #5225 5577 5578Jay Satiro (12 Apr 2020) 5579- [Andrew Kurushin brought this change] 5580 5581 schannel: Fix blocking timeout logic 5582 5583 - Fix schannel_send for the case when no timeout was set. 5584 5585 Prior to this change schannel would error if the socket was not ready 5586 to send data and no timeout was set. 5587 5588 This commit is similar to parent commit 89dc6e0 which recently made the 5589 same change for SOCKS, for the same reason. Basically it was not well 5590 understood that when Curl_timeleft returns 0 it is not a timeout of 0 ms 5591 but actually means no timeout. 5592 5593 Fixes https://github.com/curl/curl/issues/5177 5594 Closes https://github.com/curl/curl/pull/5221 5595 5596- socks: Fix blocking timeout logic 5597 5598 - Document in Curl_timeleft's comment block that returning 0 signals no 5599 timeout (ie there's infinite time left). 5600 5601 - Fix SOCKS' Curl_blockread_all for the case when no timeout was set. 5602 5603 Prior to this change if the timeout had a value of 0 and that was passed 5604 to SOCKET_READABLE it would return right away instead of blocking. That 5605 was likely because it was not well understood that when Curl_timeleft 5606 returns 0 it is not a timeout of 0 ms but actually means no timeout. 5607 5608 Ref: https://github.com/curl/curl/pull/5214#issuecomment-612512360 5609 5610 Closes https://github.com/curl/curl/pull/5220 5611 5612- [Marc Hoersken brought this change] 5613 5614 gopher: check remaining time left during write busy loop 5615 5616 Prior to this change gopher's blocking code would block forever, 5617 ignoring any set timeout value. 5618 5619 Assisted-by: Jay Satiro 5620 Reviewed-by: Daniel Stenberg 5621 5622 Similar to #5220 and #5221 5623 Closes #5214 5624 5625Daniel Stenberg (13 Apr 2020) 5626- [Dirkjan Bussink brought this change] 5627 5628 gnutls: ensure TLS 1.3 when SRP isn't requested 5629 5630 When SRP is requested in the priority string, GnuTLS will disable 5631 support for TLS 1.3. Before this change, curl would always add +SRP to 5632 the priority list, effectively always disabling TLS 1.3 support. 5633 5634 With this change, +SRP is only added to the priority list when SRP 5635 authentication is also requested. This also allows updating the error 5636 handling here to not have to retry without SRP. This is because SRP is 5637 only added when requested and in that case a retry is not needed. 5638 5639 Closes #5223 5640 5641Marc Hoersken (12 Apr 2020) 5642- tests/server: add hidden window to gracefully handle WM_CLOSE 5643 5644 Forward Window events as signals to existing signal event handler. 5645 5646- tests/server: add CTRL event handler for Win32 consoles 5647 5648 Forward CTRL events as signals to existing signal event handler. 5649 5650- tests/server: move all signal handling routines to util.[ch] 5651 5652 Avoid code duplication to prepare for portability enhancements. 5653 5654Daniel Stenberg (12 Apr 2020) 5655- compressed.d: stress that the headers are not modified 5656 5657 Suggested-by: Michael Osipov 5658 Assisted-by: Jay Satiro 5659 Bug: https://github.com/curl/curl/issues/5182#issuecomment-611638008 5660 Closes #5217 5661 5662Marc Hoersken (11 Apr 2020) 5663- tests/server/util.c: use curl_off_t instead of long for pid 5664 5665 Avoid potential overflow of huge PIDs on Windows. 5666 5667 Related to #5188 5668 Assisted-by: Marcel Raad 5669 5670- tests: use Cygwin/msys PIDs for stunnel and sshd on Windows 5671 5672 Since the Windows versions of both programs would write Windows 5673 PIDs to their pidfiles which we cannot handle, we need to use 5674 our known perl.exe Cygwin/msys PID together with exec() in order 5675 to tie the spawned processes to the existance of our perl.exe 5676 5677 The perl.exe that is executing secureserver.pl and sshserver.pl 5678 has a Cygwin/msys PID, because it is started inside Cygwin/msys. 5679 5680 Related to #5188 5681 5682- tests: add Windows compatible pidwait like pidkill and pidterm 5683 5684 Related to #5188 5685 5686- tests: fix conflict between Cygwin/msys and Windows PIDs 5687 5688 Add 65536 to Windows PIDs to allow Windows specific treatment 5689 by having disjunct ranges for Cygwin/msys and Windows PIDs. 5690 5691 See also: 5692 - https://cygwin.com/git/?p=newlib-cygwin.git;a=commit; ↵ 5693 h=b5e1003722cb14235c4f166be72c09acdffc62ea 5694 - https://cygwin.com/git/?p=newlib-cygwin.git;a=commit; ↵ 5695 h=448cf5aa4b429d5a9cebf92a0da4ab4b5b6d23fe 5696 5697 Replaces #5178 5698 Closes #5188 5699 5700Daniel Stenberg (11 Apr 2020) 5701- RELEASE-NOTES: synced 5702 5703- release-notes.pl: detect the start of the references in cleanup mode 5704 5705- Revert "file: on Windows, refuse paths that start with \\" 5706 5707 This reverts commit 1b71bc532bde8621fd3260843f8197182a467ff2. 5708 5709 Reminded-by: Chris Roberts 5710 Bug: https://curl.haxx.se/mail/archive-2020-04/0013.html 5711 5712 Closes #5215 5713 5714Jay Satiro (11 Apr 2020) 5715- lib: fix conversion warnings for SOCKET_WRITABLE/READABLE 5716 5717 - If loss of data may occur converting a timediff_t to time_t and 5718 the time value is > TIME_T_MAX then treat it as TIME_T_MAX. 5719 5720 This is a follow-up to 8843678 which removed the (time_t) typecast 5721 from the macros so that conversion warnings could be identified. 5722 5723 Closes https://github.com/curl/curl/pull/5199 5724 5725- test1148: tolerate progress updates better (again) 5726 5727 - Ignore intermediate progress updates. 5728 5729 - Support locales that use a character other than period as decimal 5730 separator (eg 100,0%). 5731 5732 test1148 checks that the progress finishes at 100% and has the right 5733 bar width. Prior to this change the test assumed that the only progress 5734 reported for such a quick transfer was 100%, however in rare instances 5735 (like in the CI where transfer time can slow considerably) there may be 5736 intermediate updates. For example, below is stderrlog1148 from a failed 5737 CI run with explicit \r and \n added (it is one line; broken up so that 5738 it's easier to understand). 5739 5740 \r 5741 \r################################## 48.3% 5742 \r######################################################################## 100.0% 5743 \n 5744 5745 Closes https://github.com/curl/curl/pull/5194 5746 5747Marc Hoersken (10 Apr 2020) 5748- sshserver.pl: use cached Win32 environment check variable 5749 5750- appveyor: partially revert 3413a110 to keep build without proxy 5751 5752 Ref: #5211 and #4526 5753 Reported-by: Marcel Raad 5754 5755- appveyor: ignore failing 'connect to non-listening proxy' tests 5756 5757 Closes #5211 5758 5759- CI/macos: convert CRLF to LF and align indentation 5760 5761Daniel Stenberg (9 Apr 2020) 5762- url: allow non-HTTPS altsvc-matching for debug builds 5763 5764 This is already partly supported but this part was missing. 5765 Reported-by: James Fuller 5766 5767 Closes #5205 5768 5769- server/resolve: remove AI_CANONNAME to make macos tell the truth 5770 5771 With this bit set, my mac successfully resolves "ip6-localhost" when in 5772 fact there is no such host known to my machine! That in turn made test 5773 241 wrongly execute and fail. 5774 5775 Closes #5202 5776 5777- runtests: fix warning about using an undefined variable 5778 5779 Follow-up from 4d939ef6ceb2db1 5780 5781- release-notes: fix the initial reference list output 5782 5783- github actions: run when pushed to master or */ci + PRs 5784 5785 Avoid double-builds when using "local" branches for PRs. For both macos 5786 and fuzz jobs. 5787 5788 Closes #5201 5789 5790- runtests: provide nicer errormsg when protocol "dump" file is empty 5791 5792- [Gilles Vollant brought this change] 5793 5794 schannel: support .P12 or .PFX client certificates 5795 5796 Used with curl command line option like this: --cert 5797 <filename>:<password> --cert-type p12 5798 5799 Closes #5193 5800 5801- tests: verify split initial HTTP requests with CURL_SMALLREQSEND 5802 5803 test1294: "split request" being when the entire request isn't sent in 5804 the first go, and the remainder is sent in the PERFORM state. A GET 5805 request is otherwise not sending anything during PERFORM. 5806 5807 test1295: same kind of split but with POST 5808 5809 Closes #5197 5810 5811- http: don't consider upload done if the request isn't completely sent off 5812 5813 Fixes #4919 5814 Closes #5197 5815 5816- http: allow Curl_add_buffer_send() to do a short first send by force 5817 5818 In a debug build, settting the environment variable "CURL_SMALLREQSEND" 5819 will make the first HTTP request send not send more bytes than the set 5820 amount, thus ending up verifying that the logic for handling a split 5821 HTTP request send works correctly. 5822 5823- connect: store connection info for QUIC connections 5824 5825 Restores the --head functionality to the curl utility which extracts 5826 'protocol' that is stored that way. 5827 5828 Reported-by: James Fuller 5829 Fixes #5196 5830 Closes #5198 5831 5832- tests/README: update the port numbers list 5833 5834 Since the pipelining server is long gone. 5835 Reported-by: James Fuller 5836 5837- select: remove typecast from SOCKET_WRITABLE/READABLE macros 5838 5839 So that they don't hide conversions-by-mistake 5840 5841 Reviewed-by: Jay Satiro 5842 Closes #5190 5843 5844- CURLOPT_WRITEFUNCTION.3: add inline example and new see-also 5845 5846 Closes #5192 5847 5848- release-notes: output trailing references sorted numerically 5849 5850- cleanup: correct copyright year range on a few files 5851 5852- configure: remove use of -vec-report0 from CFLAGS with icc 5853 5854 ... as it apparently isn't (always) supported. 5855 Reported-by: Alain Miniussi 5856 Fixes #5096 5857 Closes #5191 5858 5859- warnless: remove code block for icc that didn't work 5860 5861 Reported-by: Alain Miniussi 5862 Fixes #5096 5863 5864Marc Hoersken (6 Apr 2020) 5865- dist: add missing setup-win32.h 5866 5867 Follow up to d820224b8b 5868 5869Daniel Stenberg (6 Apr 2020) 5870- RELEASE-NOTES: synced 5871 5872- scripts/release-notes.pl: add helper script for RELEASE-NOTES maintenance 5873 5874 This script helps putting entries in the RELEASE-NOTES using a coherent 5875 style and sorting with a minimal human editing effort - as long as the 5876 first line in the commit message is good enough! There's a short howto 5877 at the top of the file. 5878 5879- [Dennis Felsing brought this change] 5880 5881 configure: don't check for Security.framework when cross-compiling 5882 5883 Since it checks for the local file, not the cross-compiled one. 5884 5885 Closes #5189 5886 5887- TODO: Option to make -Z merge lined based outputs on stdout 5888 5889 Closes #5175 5890 5891- lib: never define CURL_CA_BUNDLE with a getenv 5892 5893 - it breaks the build (since 6de756c9b1de34b7a1) 5894 - it's not documented and not consistent across platforms 5895 - the curl tool does that getenv magic 5896 5897 Bug: https://github.com/curl/curl/commit/6de756c#r38127030 5898 Reported-by: Gisle Vanem 5899 5900 Closes #5187 5901 5902Marc Hoersken (5 Apr 2020) 5903- lib670: use the same Win32 API check as all other lib tests 5904 5905- appveyor: use random test server ports based upon APPVEYOR_API_URL 5906 5907 Avoid conflicts of test server ports with AppVeyor API on localhost. 5908 5909 Closes #5034 5910 5911- appveyor: sort builds by type and add two new variants 5912 5913 Related to #5034 and #5063 5914 5915- appveyor: show failed tests in log even if test is ignored 5916 5917 And print API response with newline only if there is one 5918 5919- appveyor: turn disabled tests into ignored result tests 5920 5921Daniel Stenberg (5 Apr 2020) 5922- KNOWN_BUGS: fixed "USE_UNIX_SOCKETS on Windows" 5923 5924 Fixed with #5170 (commit 23a870f2fd041278) 5925 5926- test1566: verify --etag-compare that gets a 304 back 5927 5928 Verifies the fix in #5183 5929 5930 Closes #5186 5931 5932- [Kwon-Young Choi brought this change] 5933 5934 CURLINFO_CONDITION_UNMET: return true for 304 http status code 5935 5936 In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the 5937 output file if the server did not transfered a file based on time 5938 condition. In the same manner, getting a 304 HTTP response back from the 5939 server, for example after passing a custom If-Match-* header, also 5940 fulfill this condition. 5941 5942 Fixes #5181 5943 Closes #5183 5944 5945- [Kwon-Young Choi brought this change] 5946 5947 curl: allow both --etag-compare and --etag-save with same file name 5948 5949 This change inverse the order of processing for the --etag-compare and 5950 --etag-save option to process first --etag-compare. This in turn allows 5951 to use the same file name to compare and save an etag. 5952 5953 The original behavior of not failing if the etag file does not exists is 5954 conserved. 5955 5956 Fixes #5179 5957 Closes #5180 5958 5959Viktor Szakats (4 Apr 2020) 5960- windows: enable UnixSockets with all build toolchains 5961 5962 Extend existing unix socket support in Windows builds to be 5963 enabled for all toolchain vendors or versions. (Previously 5964 it was only supported with certain MSVC versions + more recent 5965 Windows 10 SDKs) 5966 5967 Ref: https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/ 5968 Ref: https://github.com/curl/curl/issues/5162 5969 Closes: https://github.com/curl/curl/pull/5170 5970 5971Daniel Stenberg (4 Apr 2020) 5972- KNOWN_BUGS: Store TLS context per transfer instead of per connection 5973 5974 Closes #5102 5975 5976Marc Hoersken (3 Apr 2020) 5977- sockfilt: remove redundancy in timeout handling 5978 5979 And update other logmsg output in select_ws on Windows. 5980 5981- sockfilt: fix handling of ready closed sockets on Windows 5982 5983 Replace the incomplete workaround regarding FD_CLOSE 5984 only signalling once by instead doing a pre-check with 5985 standard select and storing the result for later use. 5986 5987 select keeps triggering on closed sockets on Windows while 5988 WSAEventSelect fires only once with data still available. 5989 By doing the pre-check we do not run in a deadlock 5990 due to waiting forever for another FD_CLOSE event. 5991 5992- sockfilt: fix race-condition of waiting threads and event handling 5993 5994 Fix race-condition of waiting threads finishing while events are 5995 already being processed which lead to invalid or skipped events. 5996 5997 Use mutex to check for one event at a time or do post-processing. 5998 In addition to mutex-based locking use specific event as signal. 5999 6000 Closes #5156 6001 6002Daniel Stenberg (2 Apr 2020) 6003- [Leo Neat brought this change] 6004 6005 CI-fuzz: increase fuzz time to 40 minutes 6006 6007 Closes #5174 6008 6009Marc Hoersken (2 Apr 2020) 6010- CI: increase Azure Pipelines timeouts due to performance issues 6011 6012 The current demand on Azure negatively impacts the CI performance. 6013 6014- runtests.pl: log host OS as detected by Perl environment 6015 6016- ftpserver.pl: log before and after data connection is closed 6017 6018Daniel Stenberg (1 Apr 2020) 6019- RELEASE-NOTES: synced 6020 6021- RELEASE-PROCEDURE.md: run the copyright.pl script! 6022 6023- vquic/ngtcp2.h: update copyright year range 6024 6025 Follow-up to 0736ee73d346a52 6026 6027- [Daiki Ueno brought this change] 6028 6029 CI: add build with ngtcp2 + gnutls on Travis CI 6030 6031- [Daiki Ueno brought this change] 6032 6033 vquic: add support for GnuTLS backend of ngtcp2 6034 6035 Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile 6036 time. Therefore OpenSSL support needs to be explicitly disabled. 6037 6038 Signed-off-by: Daiki Ueno <dueno@redhat.com> 6039 Closes #5148 6040 6041- [Gisle Vanem brought this change] 6042 6043 examples/sessioninfo.c: add include to fix compiler warning 6044 6045 Fixes #5171 6046 6047- misc: copyright year updates 6048 6049 Follow-up to 7a71965e9 6050 6051- [Harry Sintonen brought this change] 6052 6053 build: fixed build for systems with select() in unistd.h 6054 6055 Closes #5169 6056 6057- memdebug: don't log free(NULL) 6058 6059 ... it serves no purpose and fills up the log. 6060 6061- cleanup: insert newline after if() conditions 6062 6063 Our code style mandates we put the conditional block on a separate 6064 line. These mistakes are now detected by the updated checksrc. 6065 6066- checksrc: warn on obvious conditional blocks on the same line as if() 6067 6068 Closes #5164 6069 6070- [Roger Orr brought this change] 6071 6072 cmake: add CMAKE_MSVC_RUNTIME_LIBRARY 6073 6074 Fixes #5165 6075 Closes #5167 6076 6077- [Daiki Ueno brought this change] 6078 6079 ngtcp2: update to git master for the key installation API change 6080 6081 This updates the ngtcp2 OpenSSL backend to follow the API change in 6082 commit 32e703164 of ngtcp2. 6083 6084 Notable changes are: 6085 - ngtcp2_crypto_derive_and_install_{rx,tx}_key have been added to replace 6086 ngtcp2_crypto_derive_and_install_key 6087 - the 'side' argument of ngtcp2_crypto_derive_and_install_initial_key 6088 has been removed 6089 6090 Fixes #5166 6091 Closes #5168 6092 6093- [Cyrus brought this change] 6094 6095 SECURITY.md: minor rephrase 6096 6097 Closes #5158 6098 6099- output.d: quote the URL when globbing 6100 6101 Some shells do globbing of their own unless the URL is quoted, so maybe 6102 encourage this. 6103 6104 Co-authored-by: Jay Satiro 6105 Closes #5160 6106 6107- dist: add tests/version-scan.pl to tarball 6108 6109 ... used in test 1177. 6110 6111 Follow-up to a97d826f6de3 6112 6113- test1177: verify that all the CURL_VERSION_ bits are documented 6114 6115- curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented 6116 6117 Considered experimental and therefore we can do this. 6118 6119 Closes #5157 6120 6121- KNOWN_BUGS: DoH doesn't inherit all transfer options 6122 6123 Closes #4578 6124 Closes #4579 6125 6126- KNOWN_BUGS: DoH leaks memory after followlocation 6127 6128 Closes #4592 6129 6130- KNOWN_BUGS: "FTPS needs session reuse" 6131 6132 Closes #4654 6133 6134- KNOWN_BUGS: "stick to same family over SOCKS pro" is presumed fixed 6135 6136- TODO: Set custom client ip when using haproxy protocol 6137 6138 Closes #5125 6139 6140Michael Kaufmann (27 Mar 2020) 6141- writeout_json: Fix data type issues 6142 6143 Load long values correctly (e.g. for http_code). 6144 6145 Use curl_off_t (not long) for: 6146 - size_download (CURLINFO_SIZE_DOWNLOAD_T) 6147 - size_upload (CURLINFO_SIZE_UPLOAD_T) 6148 6149 The unit for these values is bytes/second, not microseconds: 6150 - speed_download (CURLINFO_SPEED_DOWNLOAD_T) 6151 - speed_upload (CURLINFO_SPEED_UPLOAD_T) 6152 6153 Fixes #5131 6154 Closes #5152 6155 6156Daniel Stenberg (27 Mar 2020) 6157- mailmap: fixup a few author names/fields 6158 6159 Douglas Steinwand, Gökhan Şengün, Jessa Chandler, Julian Z and 6160 Svyatoslav Mishyn 6161 6162- version: add 'cainfo' and 'capath' to version info struct 6163 6164 Suggested-by: Timothe Litt 6165 URL: https://curl.haxx.se/mail/lib-2020-03/0090.html 6166 Reviewed-by: Jay Satiro 6167 6168 Closes #5150 6169 6170- RELEASE-NOTES: synced 6171 6172Jay Satiro (26 Mar 2020) 6173- SSLCERTS.md: Fix example code for setting CA cert file 6174 6175 Prior to this change the documentation erroneously said use 6176 CURLOPT_CAPATH to set a CA cert file. 6177 6178 Bug: https://curl.haxx.se/mail/lib-2020-03/0121.html 6179 Reported-by: Timothe Litt 6180 6181 Closes https://github.com/curl/curl/pull/5151 6182 6183Marc Hoersken (26 Mar 2020) 6184- sockfilt: add logmsg output to select_ws_wait_thread on Windows 6185 6186 Assisted-by: Jay Satiro 6187 Reviewed-by: Daniel Stenberg 6188 6189 Closes #5086 6190 6191Daniel Stenberg (26 Mar 2020) 6192- docs/make: generate curl.1 from listed files only 6193 6194 Previously it rendered the page from files matching "*.d" in the correct 6195 directory, which worked fine in git builds when the files were added but 6196 made it easy to forget adding the files to the dist. 6197 6198 Now, only man page sections listed in DPAGES in Makefile.inc will be 6199 used, thus "forcing" us to update this to get the man page right and get 6200 it included in the dist at the same time. 6201 6202 Ref: #5146 6203 Closes #5149 6204 6205- openssl: adapt to functions marked as deprecated since version 3 6206 6207 OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES 6208 functions we use. 6209 6210 Fix the MD4 and SSL_CTX_load_verify_locations warnings. 6211 6212 In configure, detect OpenSSL v3 and if so, inhibit the deprecation 6213 warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and 6214 until we rewrite the code to use non-deprecated functions we better 6215 ignore these warnings as they don't help us. 6216 6217 Closes #5139 6218 6219- dist: add mail-rcpt-allowfails.d to the tarball 6220 6221 Reported-by: Maksim Stsepanenka 6222 Reviewed-by: Jat Satiro 6223 6224 Closes #5146 6225 6226- travis: update the ngtcp2 build to use the latest OpenSSL patch 6227 6228 ... which also makes it OpenSSL 1.1.1d based and not v3. 6229 6230Marc Hoersken (24 Mar 2020) 6231- CI: remove default Ubuntu build from GitHub Actions 6232 6233 We are already running a very similar Ubuntu build on Travis CI. 6234 The macOS variant of this default build is kept on Github Actions. 6235 6236- CI: bring GitHub Actions fuzzing job in line with macOS jobs 6237 6238 Update YAML formatting, job naming and triggers. 6239 6240- CI: migrate macOS jobs from Azure and Travis CI to GitHub Actions 6241 6242 Reduce workload on Azure Pipelines and Travis CI while 6243 consolidating macOS jobs onto less utilized GitHub Actions. 6244 6245 Reviewed-by: Daniel Stenberg 6246 6247 Closes #5124 6248 6249Daniel Stenberg (24 Mar 2020) 6250- config: remove all defines of HAVE_DES_H 6251 6252 As there's no code using it. 6253 6254 Closes #5144 6255 6256- copyright: fix out-of-date copyright ranges and missing headers 6257 6258 Reported by the new script 'scripts/copyright.pl'. The script has a 6259 regex whitelist for the files that don't need copyright headers. 6260 6261 Removed three (mostly usesless) README files from docs/ 6262 6263 Closes #5141 6264 6265- packages: add OS400/chkstrings.c to the dist 6266 6267 Reported-by: Jon Rumsey 6268 Fixes #5142 6269 Closes #5143 6270 6271- [Clément Notin brought this change] 6272 6273 nghttp2: 1.12.0 required 6274 6275 since nghttp2_session_set_local_window_size is needed 6276 6277 Closes #5140 6278 6279- RELEASE-NOTES: synced 6280 6281- [Calvin Buckley brought this change] 6282 6283 OS400: Update strings for ccsid-ifier 6284 6285 Fixes build. 6286 6287 Closes #5132 6288 6289- cirrus: make freebsd ignore the tests instead of skipping 6290 6291 To allow us to see in the CI logs how they actually behave 6292 6293 Closes #5091 6294 6295- cirrus: move the sanitizer build from freebsd 13 to freebsd 12 6296 6297- Revert "cirrus-ci: disable the FreeBSD 13 builds" 6298 6299 This reverts commit 691b71be930f0e285c8f7a76efd56bbe0576cda6. 6300 6301- getinfo: provide CURLINFO_HEADER_SIZE and CURLINFO_REQUEST_SIZE override 6302 6303 To let debug-builds return fake values, like in test 970. 6304 6305 Ref: #5131 6306 Closes #5136 6307 6308- test970: improve the test 6309 6310 - send more data to make problems more obvious 6311 - don't start the data with minus, it makes diffs harder to read 6312 - skip the headers in the stdout comparison 6313 - save to a file name to also verify 'filename_effective' 6314 6315 Ref: #5131 6316 6317- CURLINFO_NUM_CONNECTS: improve accuracy 6318 6319 The counter was not bumped in all cases correctly. 6320 6321 Reported-by: Marcel Raad 6322 Ref: #5131 6323 Closes #5135 6324 6325- TODO: Use "random" ports for the test servers 6326 6327- lib/curl_setup: adjust the copyright year range 6328 6329 Follow-up from d820224b8 6330 6331Jay Satiro (21 Mar 2020) 6332- curl_setup: define _WIN32_WINNT_[OS] symbols 6333 6334 .. because not all Windows build systems have those symbols, and even 6335 those that do may be missing newer symbols (eg the Windows 7 SDK does 6336 not define _WIN32_WINNT_WIN10). 6337 6338 Those symbols are used in build-time logic to decide which API to use 6339 and prior to this change if the symbols were missing it would have 6340 resulted in deprecated API being used when more recent functions were 6341 available (eg GetVersionEx used instead of VerifyVersionInfo). 6342 6343 Reported-by: FuccDucc@users.noreply.github.com 6344 6345 Probably fixes https://github.com/curl/curl/issues/4995 6346 Closes https://github.com/curl/curl/pull/5057 6347 6348- [Ross Burton brought this change] 6349 6350 curl-functions.m4: remove inappropriate AC_REQUIRE 6351 6352 AC_REQUIRE means "if this macro hasn't been executed already, execute 6353 it". So in a wrapper around AC_RUN_IFELSE, AC_REQUIRE(AC_RUN_IFELSE) 6354 isn't correct at that will execute AC_RUN_IFELSE without any arguments. 6355 6356 With autoconf 2.69 this is basically a no-op, but with autoconf 2.70, 6357 AC_RUN_IFELSE without a default value when cross-compiling is fatal. 6358 The result is that curl with autoconf 2.70 cannot cross-compile. 6359 6360 Fixes https://github.com/curl/curl/issues/5126 6361 Closes https://github.com/curl/curl/pull/5130 6362 6363Marc Hoersken (20 Mar 2020) 6364- ci/tests: fix Azure Pipelines not running Windows containers 6365 6366 Workaround posted here: microsoft/azure-pipelines-agent#2864 6367 6368 Assisted-by: Simon Chalifoux 6369 Assisted-by: Tommy Petty 6370 6371 Fixes #5117 6372 Closes #5129 6373 6374Daniel Stenberg (20 Mar 2020) 6375- tests: add test 430, 431 and 432 to verify the --config fix 6376 6377 Verify the fixes in 4e0b4fee4 6378 6379- [Rici Lake brought this change] 6380 6381 cmdline: fix handling of OperationConfig linked list (--next) 6382 6383 Ensures that -K/--config inserts new items at the end of the list 6384 instead of overwriting the second item, and that after a -K/--config 6385 option has been parsed, the option parser's view of the current config 6386 is update. 6387 6388 Fixes #5120 6389 Closes #5123 6390 6391Marc Hoersken (20 Mar 2020) 6392- test2100: fix static port instead of dynamic value being used 6393 6394- test970: fix static ip:port instead of dynamic values being used 6395 6396Daniel Stenberg (19 Mar 2020) 6397- secure transport: remove the BACKEND define kludge 6398 6399 Closes #5122 6400 6401- mbedtls: remove the BACKEND define kludge 6402 6403- bearssl: remove the BACKEND define kludge 6404 6405- wolfssl: remove the BACKEND define kludge 6406 6407- nss: remove the BACKEND define kludge 6408 6409- gnutls: remove the BACKEND define kludge 6410 6411- openssl: remove the BACKEND define kludge 6412 6413 Use a proper variable instead to make it easier to use a debugger and 6414 read the code. 6415 6416Marc Hoersken (19 Mar 2020) 6417- tests: make Python-based servers compatible with Python 2 and 3 6418 6419 Update smbserver.py and negtelnetserver.py to be compatible with 6420 Python 3 while staying backwards-compatible to support Python 2. 6421 6422 Fix string encoding and handling of echoed and transferred data. 6423 6424 Tested with both Python 2.7.17 and Python 3.7.7 6425 6426 Reported-by: Daniel Stenberg 6427 Assisted-by: Kamil Dudka 6428 Reviewed-by: Marcel Raad 6429 6430 Fixes #5104 6431 Closes #5110 6432 6433Daniel Stenberg (18 Mar 2020) 6434- writeout_json: use curl_off_t printf() option for the time output 6435 6436 Follow-up to: 04c03416e68fd635a15 6437 6438 Closes #5115 6439 6440- RELEASE-NOTES: synced 6441 6442 Uh, I missed this in 1a46b218db 6443 6444- RELEASE-NOTES: synced 6445 6446 ... and bumped curlver.h to 7.70.0 6447 6448Jay Satiro (18 Mar 2020) 6449- http2: Fix erroneous debug message that h2 connection closed 6450 6451 Prior to this change in libcurl debug builds http2 stream closure was 6452 erroneously referred to as connection closure. 6453 6454 Before: 6455 * nread <= 0, server closed connection, bailing 6456 6457 After: 6458 * nread == 0, stream closed, bailing 6459 6460 Closes https://github.com/curl/curl/pull/5118 6461 6462Daniel Stenberg (18 Mar 2020) 6463- tool_setopt: correct the copyright year range 6464 6465 Follow-up to 5450428491 6466 6467Jay Satiro (18 Mar 2020) 6468- [Johannes Schindelin brought this change] 6469 6470 schannel: add "best effort" revocation check option 6471 6472 - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and 6473 --ssl-revoke-best-effort to allow a "best effort" revocation check. 6474 6475 A best effort revocation check ignores errors that the revocation check 6476 was unable to take place. The reasoning is described in detail below and 6477 discussed further in the PR. 6478 6479 --- 6480 6481 When running e.g. with Fiddler, the schannel backend fails with an 6482 unhelpful error message: 6483 6484 Unknown error (0x80092012) - The revocation function was unable 6485 to check revocation for the certificate. 6486 6487 Sadly, many enterprise users who are stuck behind MITM proxies suffer 6488 the very same problem. 6489 6490 This has been discussed in plenty of issues: 6491 https://github.com/curl/curl/issues/3727, 6492 https://github.com/curl/curl/issues/264, for example. 6493 6494 In the latter, a Microsoft Edge developer even made the case that the 6495 common behavior is to ignore issues when a certificate has no recorded 6496 distribution point for revocation lists, or when the server is offline. 6497 This is also known as "best effort" strategy and addresses the Fiddler 6498 issue. 6499 6500 Unfortunately, this strategy was not chosen as the default for schannel 6501 (and is therefore a backend-specific behavior: OpenSSL seems to happily 6502 ignore the offline servers and missing distribution points). 6503 6504 To maintain backward-compatibility, we therefore add a new flag 6505 (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option 6506 (`--ssl-revoke-best-effort`) to select the new behavior. 6507 6508 Due to the many related issues Git for Windows and GitHub Desktop, the 6509 plan is to make this behavior the default in these software packages. 6510 6511 The test 2070 was added to verify this behavior, adapted from 310. 6512 6513 Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> 6514 Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> 6515 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> 6516 6517 Closes https://github.com/curl/curl/pull/4981 6518 6519- multi: Improve parameter check for curl_multi_remove_handle 6520 6521 - If an easy handle is owned by a multi different from the one specified 6522 then return CURLM_BAD_EASY_HANDLE. 6523 6524 Prior to this change I assume user error could cause corruption. 6525 6526 Closes https://github.com/curl/curl/pull/5116 6527 6528Viktor Szakats (17 Mar 2020) 6529- windows: suppress UI in all CryptAcquireContext() calls 6530 6531 Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters 6532 Reviewed-by: Marc Hörsken 6533 Closes https://github.com/curl/curl/pull/5088 6534 6535Daniel Stenberg (17 Mar 2020) 6536- writeout_json: add missing comma to fix the HTTP version 6537 6538 Follow-up to 04c03416e68fd635a15 6539 6540- test 970: verify --write-out '%{json}' 6541 6542 Makes curl_easy_getinfo() of "variable" numerical content instead return 6543 the number set in the env variable `CURL_TIME`. 6544 6545 Makes curl_version() of "variable" textual content. This guarantees a 6546 stable version string which can be tested against. Environment variable 6547 `CURL_VERSION` defines the content. 6548 6549 Assisted-by: Mathias Gumz 6550 6551- [Mathias Gumz brought this change] 6552 6553 writeout: support to generate JSON output 6554 6555 This commit adds support to generate JSON via the writeout feature: 6556 6557 -w "%{json}" 6558 6559 It leverages the existing infrastructure as much as possible. Thus, 6560 generating the JSON on STDERR is possible by: 6561 6562 -w "%{stderr}%{json}" 6563 6564 This implements a variant of 6565 https://github.com/curl/curl/wiki/JSON#--write-out-json. 6566 6567 Closes #4870 6568 6569- CI: stop ignoring 323, it is disabled 6570 6571- DISABLED: disable test 323 6572 6573 The test uses SRP to "a server not supporting it" but modern stunnel 6574 versions will silently accept it and remain happy. The test is therefore 6575 faulty. 6576 6577 I haven't figured out how to make stunnel explicitly reject SRP-using 6578 connects. 6579 6580 Reported-by: Marc Hörsken 6581 Fixes #5105 6582 Closes #5113 6583 6584Marc Hoersken (17 Mar 2020) 6585- ci/tests: increase timeouts for torture builds on Azure Pipelines 6586 6587 For some reason the torture builds have slowed down recently. 6588 6589 Reported-by: Daniel Stenberg 6590 6591Daniel Stenberg (16 Mar 2020) 6592- cmake: add support for building with wolfSSL 6593 6594 My working build cmdline: 6595 6596 $ cmake -DCMAKE_PREFIX_PATH=$HOME/build-wolfssl -DCMAKE_USE_WOLFSSL=ON . 6597 6598 Assisted-by: Brad King 6599 Closes #5095 6600 6601- tool_operate: fix add_parallel_transfers when more are in queue 6602 6603 Trying to return early from the function if no new transfers were added 6604 would break the "morep" argument and cause issues. This could lead to 6605 zero content "transfers" (within quotes since they would never be 6606 started) when parallel-max was reduced. 6607 6608 Reported-by: Gavin Wong 6609 Analyzed-by: Jay Satiro 6610 Fixes #4937 6611 Closes #5112 6612 6613- vtls: free ssl_config leftovers on out-of-memory 6614 6615 Torture testing 2034 and 2037 found this. 6616 6617 Reported-by: Marc Hörsken 6618 Fixes #5108 6619 Closes #5109 6620 6621Marc Hoersken (16 Mar 2020) 6622- ci/tests: fix Azure Pipelines not running for pull requests 6623 6624 Closes #5111 6625 6626Daniel Stenberg (15 Mar 2020) 6627- gskit: update the copyright year range 6628 6629 Follow-up from 083603c63a3 6630 6631Marc Hoersken (15 Mar 2020) 6632- gskit: use our internal select wrapper for portability 6633 6634 Follow up to c52b342 6635 Closes #5106 6636 6637- tests: fix verification of stdout in test 1452 due to newline 6638 6639 Fixes test1452:41:1: error: missing </stdout> tag before </verify> 6640 6641- ci/tests: install impacket for SMB tests on FreeBSD using CirrusCI 6642 6643 Also force the package index/cache to be updated before installing. 6644 6645 Closes #5103 6646 6647- tests/README: add note about manually installing python-impacket 6648 6649 Follow up to 4be2560 6650 6651Daniel Stenberg (15 Mar 2020) 6652- transfer: cap retries of "dead connections" to 5 6653 6654 When libcurl retries a connection due to it being "seemingly dead" or by 6655 REFUSED_STREAM, it will now only do it up five times before giving up, 6656 to avoid never-ending loops. 6657 6658 Reported-by: Dima Tisnek 6659 Bug: https://curl.haxx.se/mail/lib-2020-03/0044.html 6660 Closes #5074 6661 6662- TODO: TLS-PSK with OpenSSL 6663 6664 Closes #5081 6665 6666Marc Hoersken (15 Mar 2020) 6667- select: add 'timeout_ms' wrap-around precaution to Curl_select 6668 6669- select: fix 'pending_ms' is assigned a value that is never used 6670 6671 Detected by Codacy 6672 6673- select: move duplicate select preparation code into Curl_select 6674 6675 Reviewed by Daniel Stenberg 6676 Reviewed by Marcel Raad 6677 Closes #5078 6678 6679Daniel Stenberg (15 Mar 2020) 6680- connect: happy eyeballs cleanup 6681 6682 Make sure each separate index in connn->tempaddr[] is used for a fixed 6683 family (and only that family) during the connection process. 6684 6685 If family one takes a long time and family two fails immediately, the 6686 previous logic could misbehave and retry the same family two address 6687 repeatedly. 6688 6689 Reported-by: Paul Vixie 6690 Reported-by: Jay Satiro 6691 Fixes #5083 6692 Fixes #4954 6693 Closes #5089 6694 6695Marc Hoersken (15 Mar 2020) 6696- ci/tests: fix and align setting TFLAGS for make test-nonflaky 6697 6698- ci/tests: install test suite dependencies stunnel and impacket 6699 6700- tests: remove python_dependencies for smbserver from our tree 6701 6702 Users of the SMB tests will have to install impacket manually. 6703 6704 Reasoning: our in-tree version of impacket was quite outdated 6705 and only compatible with Python 2 which is already end-of-life. 6706 Upgrading to Python 3 and a compatible impacket version would 6707 require to import additional Python-only and CPython-extension 6708 dependencies. This would have hindered portability enormously. 6709 6710 Closes #5094 6711 6712Jay Satiro (14 Mar 2020) 6713- Makefile.m32: Improve windres parameter compatibility 6714 6715 - s/COFF/coff/ 6716 6717 Some versions of windres do not recognize uppercase COFF as a valid 6718 way to specify the COFF output format. 6719 6720 Reported-by: Steven Penny 6721 6722 Fixes https://github.com/curl/curl/issues/5099 6723 Closes https://github.com/curl/curl/pull/5101 6724 6725- easy: Fix curl_easy_duphandle for builds missing IPv6 that use c-ares 6726 6727 - Ignore CURLE_NOT_BUILT_IN errors returned by c-ares functions in 6728 curl_easy_duphandle. 6729 6730 Prior to this change if c-ares was used as the resolver backend and 6731 either it was too old or libcurl was built without IPv6 support then 6732 some of our resolver functions could return CURLE_NOT_BUILT_IN to 6733 curl_easy_duphandle causing it to fail. 6734 6735 Caused by c8f086b which shipped in 7.69.1. 6736 6737 Reported-by: Karl Chen 6738 6739 Fixes https://github.com/curl/curl/issues/5097 6740 Closes https://github.com/curl/curl/pull/5100 6741 6742Daniel Stenberg (13 Mar 2020) 6743- docs: add warnings about FILE: URLs on Windows 6744 6745 - --url man page section 6746 - libcurl-security.3 gets the full text 6747 - CURLOPT_URL.3 6748 6749 Reported-by: Tim Sedlmeyer 6750 6751- server/getpart: make the "XML-parser" stricter 6752 6753 When extracting a <section> <part> and there's no </part> before 6754 </section>, this now outputs an error and returns a wrong string to 6755 make users spot the mistake. 6756 6757 Ref: #5070 6758 Closes #5071 6759 6760Marc Hoersken (13 Mar 2020) 6761- impacket: some more Python 3 code compatibility updates 6762 6763 This makes smbserver load on Python 3, but still not work completely. 6764 6765- smbserver: pin Python version to 2 since we are not yet 3 compatible 6766 6767 Even though the existing code can be fixed to run on Python 3, the 6768 tests will fail due to the Unicode transition the protocol is invalid. 6769 6770 Follow up to ee63837 6771 Closes #5085 6772 6773Daniel Stenberg (12 Mar 2020) 6774- [Viktor Szakats brought this change] 6775 6776 cleanup: fix some text/comment typos 6777 6778 Closes #5087 6779 6780Marc Hoersken (12 Mar 2020) 6781- smbserver: fix Python version specific ConfigParser import 6782 6783 Follow up to ee63837 and 8c7c4a6 6784 Fixes #5077 6785 6786Daniel Stenberg (11 Mar 2020) 6787- RELEASE-NOTES: synced 6788 6789 bumped to 7.69.2 6790 6791Dan Fandrich (11 Mar 2020) 6792- tests/data: Fix some XML formatting issues in test cases 6793 6794 This allows these test files to pass xmllint. 6795 6796Daniel Stenberg (11 Mar 2020) 6797- [Muhammad Herdiansyah brought this change] 6798 6799 Makefile: run the cd commands in a subshell 6800 6801 In bmake, if the directory is changed (with cd or anything else), bmake 6802 won't return to the "root directory" on the next command (in the same 6803 Makefile rule). This commit runs the cd command in a subshell so it 6804 would work in bmake. 6805 6806 Closes #5073 6807 6808- configure: convert -I to -isystem as a last step 6809 6810 As all the -I uses in CFLAGS at that point are for system headers and 6811 third party libraries this helps us remove/ignore warnings on those! 6812 6813 Closes #5060 6814 6815- configure: fix -pedantic-errors for GCC 5 and later 6816 6817 If --enable-werror is used. 6818 6819 Follow-up to d5c0351055d5709da which added it too early in the configure 6820 script before $compiler_num was set correctly and thus this option was 6821 never used. 6822 6823 Reported-by: Stepan Efremov 6824 Fixes #5067 6825 Closes #5068 6826 6827- configure: document 'compiler_num' for gcc 6828 6829 The CURL_CHECK_COMPILER_GNU_C function sets the number to MAJOR*100 + 6830 MINOR and ignores the patch version, and since gcc version 7 it only 6831 sets it to MAJOR*100. 6832 6833 Reported-by: Stepan Efremov 6834 Ref: #5067 6835 Closes #5069 6836 6837Version 7.69.1 (11 Mar 2020) 6838 6839Daniel Stenberg (11 Mar 2020) 6840- RELEASE-NOTES: 7.69.1 6841 6842- THANKS: from the 7.69.1 release 6843 6844- [Marc Hoersken brought this change] 6845 6846 test1129: fix invalid case of closing XML-tag and Content-Length 6847 6848 Fixes #5070 6849 Closes #5072 6850 6851Marc Hoersken (10 Mar 2020) 6852- tests/data: fix static ip instead of dynamic value being used 6853 6854 Follow up to 94ced8e 6855 6856- tests/data: fix static ip:port instead of dynamic values being used 6857 6858 Closes #5065 6859 6860- tests/server: fix missing use of exe_ext helper function 6861 6862 Follow up to 9819984 and 3dce984 6863 Reviewed-By: Daniel Stenberg 6864 Closes #5064 6865 6866- runtests: log minimal and maximal used port numbers 6867 6868Daniel Stenberg (9 Mar 2020) 6869- [James Fuller brought this change] 6870 6871 sftp: fix segfault regression introduced by #4747 6872 6873 This fix adds a defensive check for the case where the char *name in 6874 struct libssh2_knownhost is NULL 6875 6876 Fixes #5041 6877 Closes #5062 6878 6879- RELEASE-NOTES: synced 6880 6881- socks4: fix host resolve regression 6882 6883 1. The socks4 state machine was broken in the host resolving phase 6884 6885 2. The code now insists on IPv4-only when using SOCKS4 as the protocol 6886 only supports that. 6887 6888 Regression from #4907 and 4a4b63d, shipped in 7.69.0 6889 6890 Reported-by: amishmm on github 6891 Bug: https://github.com/curl/curl/issues/5053#issuecomment-596191594 6892 Closes #5061 6893 6894- [Patrick Monnerat brought this change] 6895 6896 silly web server: silent a compilation warning 6897 6898 Recent gcc warns when byte count of strncpy() equals the destination 6899 buffer size. Since the destination buffer is previously cleared and 6900 the source string is always shorter, reducing the byte count by one 6901 silents the warning without affecting the result. 6902 6903 Closes #5059 6904 6905- [Patrick Monnerat brought this change] 6906 6907 cookie: get_top_domain() sets zero length for null domains 6908 6909 This silents a compilation warning with gcc -O3. 6910 6911- [Patrick Monnerat brought this change] 6912 6913 test 1560: avoid valgrind false positives 6914 6915 When using maximum code optimization level (-O3), valgrind wrongly 6916 detects uses of uninitialized values in strcmp(). 6917 6918 Preset buffers with all zeroes to avoid that. 6919 6920Steve Holme (8 Mar 2020) 6921- sha256: Added WinCrypt implementation 6922 6923 Closed #5030 6924 6925- sha256: Added SecureTransport implementation 6926 6927Daniel Stenberg (7 Mar 2020) 6928- lib1564: reduce number of mid-wait wakeup calls 6929 6930 This test does A LOT of *wakeup() calls and then calls curl_multi_poll() 6931 twice. The first *poll() is then expected to return early and the second 6932 not - as the first is supposed to drain the socketpair pipe. 6933 6934 It turns out however that when given "excessive" amounts of writes to 6935 the pipe, some operating systems (the Solaris based are known) will 6936 return EAGAIN before the pipe is drained, which in our test case causes 6937 the second *poll() call to also abort early. 6938 6939 This change attempts to avoid the OS-specific behaviors in the test by 6940 reducing the amount of wakeup calls from 1234567 to 10. 6941 6942 Reported-by: Andy Fiddaman 6943 Fixes #5037 6944 Closes #5058 6945 6946- [Patrick Monnerat brought this change] 6947 6948 mime: fix the binary encoder to handle large data properly 6949 6950 New test 666 checks this is effective. 6951 As upload buffer size is significant in this kind of tests, shorten it 6952 in similar test 652. 6953 6954 Fixes #4860 6955 Closes #4833 6956 Reported-by: RuurdBeerstra on github 6957 6958- [Patrick Monnerat brought this change] 6959 6960 mime: do not perform more than one read in a row 6961 6962 Input buffer filling may delay the data sending if data reads are slow. 6963 To overcome this problem, file and callback data reads do not accumulate 6964 in buffer anymore. All other data (memory data and mime framing) are 6965 considered as fast and still concatenated in buffer. 6966 As this may highly impact performance in terms of data overhead, an early 6967 end of part data check is added to spare a read call. 6968 When encoding a part's data, an encoder may require more bytes than made 6969 available by a single read. In this case, the above rule does not apply 6970 and reads are performed until the encoder is able to deliver some data. 6971 6972 Tests 643, 644, 645, 650 and 654 have been adapted to the output data 6973 changes, with test data size reduced to avoid the boredom of long lists of 6974 1-byte chunks in verification data. 6975 New test 667 checks mimepost using single-byte read callback with encoder. 6976 New test 668 checks the end of part data early detection. 6977 6978 Fixes #4826 6979 Reported-by: MrdUkk on github 6980 6981- [Patrick Monnerat brought this change] 6982 6983 mime: latch last read callback status. 6984 6985 In case a read callback returns a status (pause, abort, eof, 6986 error) instead of a byte count, drain the bytes read so far but 6987 remember this status for further processing. 6988 Takes care of not losing data when pausing, and properly resume a 6989 paused mime structure when requested. 6990 New tests 670-673 check unpausing cases, with easy or multi 6991 interface and mime or form api. 6992 6993 Fixes #4813 6994 Reported-by: MrdUkk on github 6995 6996Marc Hoersken (7 Mar 2020) 6997- runtests: fix missing use of exe_ext helper function 6998 6999Daniel Stenberg (7 Mar 2020) 7000- [Ernst Sjöstrand brought this change] 7001 7002 ares: store dns parameters for duphandle 7003 7004 With c-ares the dns parameters lives in ares_channel. Store them in the 7005 curl handle and set them again in easy_duphandle. 7006 7007 Regression introduced in #3228 (6765e6d), shipped in curl 7.63.0. 7008 7009 Fixes #4893 7010 Closes #5020 7011 Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com> 7012 7013- version: make curl_version* thread-safe without using global context 7014 7015 Closes #5010 7016 7017- RELEASE-NOTES: synced 7018 7019Marc Hoersken (7 Mar 2020) 7020- tests: use native Sleep function as fallback on Windows 7021 7022 Reviewed-By: Daniel Stenberg 7023 Closes #5054 7024 7025- perl: align order and completeness of Windows OS checks 7026 7027Daniel Stenberg (7 Mar 2020) 7028- tool_cb_see: set correct copyright year range 7029 7030 Follow-up to a39e5bfb9 7031 7032Marc Hoersken (7 Mar 2020) 7033- seek: fix fallback for missing ftruncate on Windows 7034 7035 This fixes test 198 on versions of MinGW-w64 without ftruncate 7036 7037 Reviewed-By: Daniel Stenberg 7038 Reviewed-By: Marcel Raad 7039 Closes #5055 7040 7041- config-win32: Windows does not have ftruncate 7042 7043Daniel Stenberg (7 Mar 2020) 7044- pause: force a connection (re-)check after unpausing 7045 7046 There might be data available that was already read off the socket, for 7047 example in the TLS layer. 7048 7049 Reported-by: Anders Berg 7050 Fixes #4966 7051 Closes #5049 7052 7053- socks5: switch state properly when the resolve is done 7054 7055 Regression from 4a4b63d (and #4907) 7056 Reported-by: vitaha85 on github 7057 Fixes #5053 7058 Closes #5056 7059 7060Jay Satiro (7 Mar 2020) 7061- libssh: Fix matching user-specified MD5 hex key 7062 7063 Prior to this change a match would never be successful because it 7064 was mistakenly coded to compare binary data from libssh to a 7065 user-specified hex string (ie CURLOPT_SSH_HOST_PUBLIC_KEY_MD5). 7066 7067 Reported-by: fds242@users.noreply.github.com 7068 7069 Fixes https://github.com/curl/curl/issues/4971 7070 Closes https://github.com/curl/curl/pull/4974 7071 7072Daniel Stenberg (6 Mar 2020) 7073- pause: bail out on bad input 7074 7075 A NULL easy handle or an easy handle without an associated connection 7076 cannot be paused or unpaused. 7077 7078 Closes #5050 7079 7080Steve Holme (6 Mar 2020) 7081- unit1612: fixed the inclusion and compilation of the HMAC unit test 7082 7083 Follow up to 3f74e5e6 to fix: 7084 7085 - A typo in Makefile.inc where unit1611 was used instead 7086 - Some compilation issues in unit1612.c 7087 7088 Closes #5024 7089 7090Daniel Stenberg (6 Mar 2020) 7091- pause: return early for calls that don't change pause state 7092 7093 Reviewed-by: Patrick Monnerat 7094 Ref: #4833 7095 Closes #5026 7096 7097Jay Satiro (6 Mar 2020) 7098- curl_share_setopt.3: Note sharing cookies doesn't enable the engine 7099 7100 Follow-up to d0a7ee3 which fixed a bug in 7.66.0 that caused 7101 CURL_LOCK_DATA_COOKIE to enable the easy handle's cookie engine. 7102 7103 Bug: https://curl.haxx.se/mail/lib-2020-03/0019.html 7104 Reported-by: Felipe Gasper 7105 7106 Closes https://github.com/curl/curl/pull/5048 7107 7108- multi: skip EINTR check on wakeup socket if it was closed 7109 7110 - Don't check errno on wakeup socket if sread returned 0 since sread 7111 doesn't set errno in that case. 7112 7113 This is a follow-up to cf7760a from several days ago which fixed 7114 Curl_multi_wait to stop busy looping sread on the non-blocking wakeup 7115 socket if it was closed (ie sread returns 0). Due to a logic error it 7116 was still possible to busy loop in that case if errno == EINTR. 7117 7118 Closes https://github.com/curl/curl/pull/5047 7119 7120Daniel Stenberg (6 Mar 2020) 7121- transfer: set correct copyright year range 7122 7123- urldata: remove the 'stream_was_rewound' connectdata struct member 7124 7125 ... as it is never set anywhere. 7126 7127 Follow-up to 2f44e94ef 7128 Closes #5046 7129 7130- Revert "pause: force-drain the transfer on unpause" 7131 7132 This reverts commit fa0216b294af4c7113a9040ca65eefc7fc18ac1c (from #5000) 7133 7134 Clearly that didn't solve the problem correctly. 7135 7136 Reported-by: Christopher Reid 7137 Reopens #4966 7138 Fixes #5044 7139 7140- RELEASE-NOTES: synced 7141 7142 and bumped curlver.h 7143 7144- MANUAL: update a dict-using command line 7145 7146 The 'web1913' database is now invalid, use 'gcide' instead. 7147 7148- KNOWN_BUGS: configure --with-gssapi with Heimdal is ignored on macOS 7149 7150 Closes #3841 7151 7152- polarssl: remove more references and mentions 7153 7154 Assisted-by: Jay Satiro 7155 Follow-up to 6357a19ff29dac04 7156 Closes #5036 7157 7158Marc Hoersken (4 Mar 2020) 7159- tests: wrap ignored test failures in braces 7160 7161- tests: align some Windows sleep defines with each other 7162 7163- tests: try to make sleeping portable by avoiding select 7164 7165 select does not support just waiting on Windows: 7166 https://perldoc.perl.org/perlport.html#select 7167 7168 Reviewed-By: Daniel Stenberg 7169 Closes #5035 7170 7171Daniel Stenberg (4 Mar 2020) 7172- runtests.1: rephrase how to specify what tests to run 7173 7174 Also mention the new tilde-prefixed way to ignore test results. 7175 7176 Reviewed-By: Marc Hoersken 7177 Closes #5033 7178 7179- cirrus-ci: disable the FreeBSD 13 builds 7180 7181 FreeBSD 13.0 is apparently close to a year away from a stable release 7182 and has proven to cause intermittent builds failures recently. 7183 7184 Assisted-by: Dan Fandrich 7185 Assisted-by: Fedor Korotkov 7186 Fixes #5028 7187 Closes #5029 7188 7189Version 7.69.0 (4 Mar 2020) 7190 7191Daniel Stenberg (4 Mar 2020) 7192- RELEASE-NOTES: 7.69.0 7193 7194- THANKS: from 7.69.0 7195 7196 Now sorted case insensitive 7197 7198Marc Hoersken (3 Mar 2020) 7199- ci/tests: fix escaping of testnames and disable proxy for CI APIs 7200 7201 Follow up to ada581f and c0d8b96 7202 Closes #5031 7203 7204Jay Satiro (3 Mar 2020) 7205- cmake: Show HTTPS-proxy in the features output 7206 7207 - Show HTTPS-proxy in the features output for those backends that 7208 support it: OpenSSL, GnuTLS and NSS. 7209 7210 Prior to this change HTTPS-proxy was missing from the cmake features 7211 output even if curl was built with it. Only cmake output was affected. 7212 Both the library and tool correctly reported the feature. 7213 7214 Bug: https://curl.haxx.se/mail/lib-2020-03/0008.html 7215 Reported-by: David Lopes 7216 7217 Closes https://github.com/curl/curl/pull/5025 7218 7219Marc Hoersken (3 Mar 2020) 7220- ci/tests: Make it possible to still run but ignore failing tests 7221 7222 This enables the development of a solution for the failing tests by 7223 running them on CI while ignoring their result for the overall status. 7224 7225 Closes #4994 7226 7227- README.md: add Azure DevOps Pipelines build status badge 7228 7229- ci/tests: Move CI test result creation above environment setup 7230 7231 This avoids using our test servers as proxy to the AppVeyor API. 7232 7233 Closes #5022 7234 7235- ci/tests: Send test results to AppVeyor for status overview 7236 7237 Closes #5021 7238 7239Daniel Stenberg (3 Mar 2020) 7240- Revert "sha256: Added SecureTransport implementation" 7241 7242 This reverts commit 4feb38deed33fed14ff7c370a6a9153c661dbb9c (from #4956) 7243 7244 That commit broke test 1610 on macos builds without TLS. 7245 7246 Closes #5027 7247 7248- dist: include tests/azure.pm in the tarball 7249 7250 Bug: https://github.com/curl/curl/commit/ada581f2cc32f48c1629b729707ac19208435b27#commitcomment-37601589 7251 Reported-by: Marcel Raad 7252 7253Steve Holme (3 Mar 2020) 7254- configure.ac: Disable metalink if mbedTLS is specified 7255 7256 Follow up to cdcc9df1 and #5006. Even though I mentioned mbedTLS as 7257 being one of the backends that metalink needs to be disabled for, I 7258 seem to have included it in the list of allowed SSL/TLS backends in 7259 comnfigure.ac :( 7260 7261 Closes #5013 7262 7263- sha256: Tidy up following recent changes 7264 7265 Reviewed-by: Daniel Stenberg 7266 Closes #4956 7267 7268- sha256: Added WinCrypt implementation 7269 7270- sha256: Added SecureTransport implementation 7271 7272- sha256: Added mbedtls implementation 7273 7274- sha256: Added GNU TLS gcrypt implementation 7275 7276- sha256: Added GNU TLS Nettle implementation 7277 7278Jay Satiro (2 Mar 2020) 7279- curl_escape.3: Add a link to curl_free 7280 7281 Ref: https://github.com/curl/curl/pull/5016#issuecomment-593628582 7282 7283- curl_getenv.3: Fix the memory handling description 7284 7285 - Tell the user to call curl_free() to free the pointer returned by 7286 curl_getenv(). 7287 7288 Prior to this change the user was directed to call free(), but that 7289 would not work in cases where the library and application use separate C 7290 runtimes and therefore have separate heap memory management. 7291 7292 Closes https://github.com/curl/curl/pull/5016 7293 7294Daniel Stenberg (2 Mar 2020) 7295- [Nick Zitzmann brought this change] 7296 7297 md4: use init/update/final functions in Secure Transport 7298 7299 We can use CC_MD4_Init/Update/Final without having to allocate memory 7300 directly. 7301 7302 Closes #4979 7303 7304Marc Hoersken (2 Mar 2020) 7305- ci/tests: some MacOS builds randomly take longer than 20min 7306 7307Daniel Stenberg (2 Mar 2020) 7308- multi_wait: stop loop when sread() returns zero 7309 7310 It's unclear why it would ever return zero here, but this change fixes 7311 Robert's problem and it shouldn't loop forever... 7312 7313 Reported-by: Robert Dunaj 7314 Bug: https://curl.haxx.se/mail/archive-2020-02/0011.html 7315 Closes #5019 7316 7317- http: mark POSTs with no body as "upload done" from the start 7318 7319 As we have logic that checks if we get a >= 400 reponse code back before 7320 the upload is done, which then got confused since it wasn't "done" but 7321 yet there was no data to send! 7322 7323 Reported-by: IvanoG on github 7324 Fixes #4996 7325 Closes #5002 7326 7327- tests: disable 962, 963 and 964 on Windows 7328 7329 These tests are also doing UTF-8 SMTP. 7330 7331 Follow-up to df207d2dd93b9e73 7332 7333Marc Hoersken (2 Mar 2020) 7334- ci/tests: fine-tune Azure Pipeline timeouts with a small puffer 7335 7336Daniel Stenberg (2 Mar 2020) 7337- configure: bump the AC_COPYRIGHT year range 7338 7339- [Steve Holme brought this change] 7340 7341 tests: disable SMTP UTF-8 tests on Windows 7342 7343 Fixes #4988 7344 Closes #4992 7345 7346- formdata/mime: copyright year range update 7347 7348 Due to the merge/revert cycle 7349 7350- Revert "mime: latch last read callback status." 7351 7352 This reverts commit 87869e38d7afdec3ef1bb4965711458b088e254f. 7353 7354 Fixes #5014 7355 Closes #5015 7356 Reopens #4833 7357 7358- Revert "mime: do not perform more than one read in a row" 7359 7360 This reverts commit ed0f357f7d25566110d4302f33759f4ffb5a6f83. 7361 7362- Revert "mime: fix the binary encoder to handle large data properly" 7363 7364 This reverts commit b2caaa0681f329eed317ffb6ae6927f4a539f0c1. 7365 7366- altsvc: both h3 backends now speak h3-27 7367 7368 ... also updated the HTTP3 build description for ngtcp2 accordingly. 7369 7370- [Patrick Monnerat brought this change] 7371 7372 mime: fix the binary encoder to handle large data properly 7373 7374 New test 666 checks this is effective. 7375 As upload buffer size is significant in this kind of tests, shorten it 7376 in similar test 652. 7377 7378 Fixes #4860 7379 Reported-by: RuurdBeerstra on github 7380 7381- [Patrick Monnerat brought this change] 7382 7383 mime: do not perform more than one read in a row 7384 7385 Input buffer filling may delay the data sending if data reads are slow. 7386 To overcome this problem, file and callback data reads do not accumulate 7387 in buffer anymore. All other data (memory data and mime framing) are 7388 considered as fast and still concatenated in buffer. 7389 As this may highly impact performance in terms of data overhead, an early 7390 end of part data check is added to spare a read call. 7391 When encoding a part's data, an encoder may require more bytes than made 7392 available by a single read. In this case, the above rule does not apply 7393 and reads are performed until the encoder is able to deliver some data. 7394 7395 Tests 643, 644, 645, 650 and 654 have been adapted to the output data 7396 changes, with test data size reduced to avoid the boredom of long lists of 7397 1-byte chunks in verification data. 7398 New test 664 checks mimepost using single-byte read callback with encoder. 7399 New test 665 checks the end of part data early detection. 7400 7401 Fixes #4826 7402 Reported-by: MrdUkk on github 7403 7404- [Patrick Monnerat brought this change] 7405 7406 mime: latch last read callback status. 7407 7408 In case a read callback returns a status (pause, abort, eof, 7409 error) instead of a byte count, drain the bytes read so far but 7410 remember this status for further processing. 7411 Takes care of not losing data when pausing, and properly resume a 7412 paused mime structure when requested. 7413 New tests 670-673 check unpausing cases, with easy or multi 7414 interface and mime or form api. 7415 7416 Fixes #4813 7417 Reported-by: MrdUkk on github 7418 Closes #4833 7419 7420Steve Holme (1 Mar 2020) 7421- unit1651: Fixed conversion compilation warning 7422 7423 371:17: warning: conversion to 'unsigned char' from 'int' may alter its 7424 value [-Wconversion] 7425 7426 Closes #5008 7427 7428- configure.ac: Disable metalink support if an incompatible SSL/TLS specified 7429 7430 tool_metalink only supports cryptography from OpenSSL, GnuTLS, NSS, 7431 The Win32 Crypto library and Apple's Common Crypto library. 7432 7433 If an TLS backend such as mbedTLS or WolfSSL is specified then the 7434 following error is given during compilation along, with a load of 7435 unresolved extern errors: 7436 7437 Can't compile METALINK support without a crypto library. 7438 7439 Reviewed-by: Daniel Stenberg 7440 Closes #5006 7441 7442Marc Hoersken (1 Mar 2020) 7443- ci/tests: Update Azure DevOps pipeline job display names 7444 7445 Make the configure step more descriptive and align others. 7446 7447- ci/tests: Fix typo in previous commit 597cf2 7448 7449- ci/tests: Make sure that the AZURE_ACCESS_TOKEN is available 7450 7451 For security reasons the access token is not available to PR builds. 7452 Therefore we should not try to use the DevOps API with an empty token. 7453