gdal-async
Version:
Bindings to GDAL (Geospatial Data Abstraction Library) with full async support
1,832 lines (1,134 loc) • 231 kB
Plain Text
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
Changelog
Version 7.79.1 (22 Sep 2021)
Daniel Stenberg (22 Sep 2021)
- RELEASE-NOTES: synced
curl 7.79.1 release
- THANKS: added names from the 7.79.1 release
- test897: verify delivery of IMAP post-body header content
The "content" is delivered as "body" by curl, but the envelope continues
after the body and the rest of it should be delivered as header.
The IMAP server can now get 'POSTFETCH' set to include more data to
include after the body and test 897 is done to verify that such "extra"
header data is in fact delivered by curl as header.
Ref: #7284 but fails to reproduce the issue
Closes #7748
- KNOWN_BUGS: connection migration doesn't work
Closes #7695
- RELEASE-NOTES: synced
- http: fix the broken >3 digit response code detection
When the "reason phrase" in the HTTP status line starts with a digit,
that was treated as the forth response code digit and curl would claim
the response to be non-compliant.
Added test 1466 to verify this case.
Regression brought by 5dc594e44f73b17
Reported-by: Glenn de boer
Fixes #7738
Closes #7739
Jay Satiro (17 Sep 2021)
- strerror: use sys_errlist instead of strerror on Windows
- Change Curl_strerror to use sys_errlist[errnum] instead of strerror to
retrieve the error message on Windows.
Windows' strerror writes to a static buffer and is not thread-safe.
Follow-up to 2f0bb86 which removed most instances of strerror in favor
of calling Curl_strerror (which calls strerror_r for other platforms).
Ref: https://github.com/curl/curl/pull/7685
Ref: https://github.com/curl/curl/commit/2f0bb86
Closes https://github.com/curl/curl/pull/7735
Daniel Stenberg (16 Sep 2021)
- dist: provide lib/.checksrc in the tarball
So that debug builds work (checksrc really)
Reported-by: Marcel Raad
Reported-by: tawmoto on github
Fixes #7733
Closes #7734
- TODO: Improve documentation about fork safety
Closes #6968
- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
... and have CURLE_ABORTED_BY_CALLBACK returned.
Extended test 1915 to verify.
Reported-by: Jonathan Cardoso
Fixes #7726
Closes #7729
- test1184: disable
The test should be fine and it works for me repeated when run manually,
but clearly it causes CI failures and it needs more research.
Reported-by: RiderALT on github
Fixes #7725
Closes #7732
- Curl_http2_setup: don't change connection data on repeat invokes
Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
transfer oriented inits to before the check but also erroneously moved a
few connection oriented ones, which causes problems.
Reported-by: Evangelos Foutras
Fixes #7730
Closes #7731
- RELEASE-NOTES: synced
and bump to 7.79.1
Kamil Dudka (16 Sep 2021)
- tests/sshserver.pl: make it work with openssh-8.7p1
... by not using options with no argument where an argument is required:
=== Start of file tests/log/ssh_server.log
curl_sshd_config line 6: no argument after keyword "DenyGroups"
curl_sshd_config line 7: no argument after keyword "AllowGroups"
curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
curl_sshd_config line 40: Deprecated option RSAAuthentication
curl_sshd_config line 41: Deprecated option ServerKeyBits
curl_sshd_config line 45: Deprecated option UseLogin
curl_sshd_config line 56: no argument after keyword "AcceptEnv"
curl_sshd_config: terminating, 3 bad configuration options
=== End of file tests/log/ssh_server.log
=== Start of file log/sftp_server.log
curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
curl_sftp_config line 34: Unsupported option "rsaauthentication"
curl_sftp_config line 52: no argument after keyword "sendenv"
curl_sftp_config: terminating, 1 bad configuration options
Connection closed.
Connection closed
=== End of file log/sftp_server.log
Closes #7724
Daniel Stenberg (15 Sep 2021)
- hsts: handle unlimited expiry
When setting a blank expire string, meaning unlimited, curl would pass
TIME_T_MAX to getime_r() when creating the output, while on 64 bit
systems such a large value cannot be convetered to a tm struct making
curl to exit the loop with an error instead. It can't be converted
because the year it would represent doesn't fit in the 'int tm_year'
field!
Starting now, unlimited expiry is instead handled differently by using a
human readable expiry date spelled out as "unlimited" instead of trying
to use a distant actual date.
Test 1660 and 1915 have been updated to help verify this change.
Reported-by: Jonathan Cardoso
Fixes #7720
Closes #7721
- curl_multi_fdset: make FD_SET() not operate on sockets out of range
The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
built to use select(), even though the curl_multi_fdset() function
always and unconditionally uses FD_SET and needs the check.
Reported-by: 0xee on github
Fixes #7718
Closes #7719
- FAQ: add GOPHERS + curl works on data, not files
Version 7.79.0 (14 Sep 2021)
Daniel Stenberg (14 Sep 2021)
- RELEASE-NOTES: synced
For the 7.79.0 release
- THANKS: add contributors from 7.79.0 release cycle
- FAQ: add two dev related questions
8.1 Why does curl use C89?
8.2 Will curl be rewritten?
Spell-checked-by: Paul Johnson
Closes #7715
- zuul.d/jobs: disable three tests for *-openssl-disable-proxy
... as they mysteriously seem to permfail without being related to
proxy.
Closes #7714
- [Patrick Monnerat brought this change]
ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
If a server pipelines future responses within the STARTTLS response, the
former are preserved in the pingpong cache across TLS negotiation and
used as responses to the encrypted commands.
This fix detects pipelined STARTTLS responses and rejects them with an
error.
CVE-2021-22947
Bug: https://curl.se/docs/CVE-2021-22947.html
- [Patrick Monnerat brought this change]
ftp,imap,pop3: do not ignore --ssl-reqd
In imap and pop3, check if TLS is required even when capabilities
request has failed.
In ftp, ignore preauthentication (230 status of server greeting) if TLS
is required.
Bug: https://curl.se/docs/CVE-2021-22946.html
CVE-2021-22946
- [z2_ on hackerone brought this change]
mqtt: clear the leftovers pointer when sending succeeds
CVE-2021-22945
Bug: https://curl.se/docs/CVE-2021-22945.html
- zuul: bump the rustls job to use v0.7.2
... and add -lm when using a rust library.
Closes #7701
- RELEASE-PROCEDURE: add release dates from now to 8.0.0 in 2023
- SECURITY-PROCESS: tweak a little to match current practices
Closes #7713
- http_proxy: fix the User-Agent inclusion in CONNECT
It should not refer to the uagent string that is allocated and created
for the end server http request, as that pointer may be cleared on
subsequent CONNECT requests.
Added test case 1184 to verify.
Reported-by: T200proX7 on github
Fixes #7705
Closes #7707
- Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
Reported-by: Jonathan Cardoso
Fixes #7710
Closes #7711
- [Tatsuhiro Tsujikawa brought this change]
ngtcp2: fix build with ngtcp2 and nghttp3
ngtcp2_conn_client_new and nghttp3_conn_client_new are now macros.
Check the wrapped functions instead.
ngtcp2_stream_close callback now takes flags parameter.
Closes #7709
- write-out.d: clarify size_download/upload
They show the number of "body" bytes transfered.
Fixes #7702
Closes #7706
- http2: Curl_http2_setup needs to init stream data in all invokes
Thus function was written to avoid doing multiple connection data
initializations, which is fine, but since it also initiates stream
related data it is crucial that it doesn't skip those even if called
again for the same connection. Solved by moving the stream
initializations before the "doing-it-again" check.
Reported-by: Inho Oh
Fixes #7630
Closes #7692
- url: fix compiler warning in no-verbose builds
Follow-up from 2f0bb864c12
Closes #7700
- non-ascii: fix build errors from strerror fix
Follow-up to 2f0bb864c12
Closes #7697
- parse_args: redo the warnings for --remote-header-name combos
... to avoid the memory leak risk pointed out by scan-build.
Follow-up from 7a3e981781d6c18a
Closes #7698
- ngtcp2: adapt to new size defintions upstream
Reviewed-by: Tatsuhiro Tsujikawa
Closes #7699
- rustls: add strerror.h include
Follow-up to 2f0bb864c12
- docs: the security list is reached at security at curl.se now
Also update the FAQ section a bit to encourage users to rather submit
security issues on hackerone than sending email.
Closes #7689
Marc Hoersken (9 Sep 2021)
- runtests: add option -u to error on server unexpectedly alive
Let's try to actually handle the server unexpectedly alive
case by first making them visible on CI builds as failures.
This is needed to detect issues with killing of the test
servers completely including nested process chains with
multiple PIDs per test server (including bash and perl).
On Windows/cygwin platforms this is especially helpful with
debugging PID mixups due to cygwin using its own PID space.
Reviewed-by: Daniel Stenberg
Closes #7180
Daniel Stenberg (9 Sep 2021)
- opts docs: unify phrasing in NAME header
- avoid writing "set ..." or "enable/disable ..." or "specify ..."
*All* options for curl_easy_setopt() are about setting or enabling
things and most of the existing options didn't use that way of
description.
- start with lowercase letter, unless abbreviation. For consistency.
- Some additional touch-ups
Closes #7688
- strerror.h: remove the #include from files not using it
- lib: don't use strerror()
We have and provide Curl_strerror() internally for a reason: strerror()
is not necessarily thread-safe so we should always try to avoid it.
Extended checksrc to warn for this, but feature the check disabled by
default and only enable it in lib/
Closes #7685
Daniel Gustafsson (8 Sep 2021)
- cirrus: Add FreeBSD 13.0 job and disable sanitizer build
As alluded to the in the now removed comment, a 13.0 image became
available and is now ready to be used.
The sanitizer builds were running on the 12.1 image which since has
been removed from the config, leaving the builds not running at all.
When enabled it turns out that they don't actually work due to very
long timeouts in executing the tests, so keep the disabled for now
but a bit more controlled.
Closes #7592
Daniel Stenberg (8 Sep 2021)
- copyrights: update copyright year ranges
- RELEASE-NOTES: synced
- INTERNALS: c-ares has a new home: c-ares.org
- docs: remove experimental mentions from HSTS and MQTT
Reported-by: Jonathan Cardoso
Bug: https://github.com/curl/curl/pull/6700#issuecomment-913792863
Closes #7681
- [Cao ZhenXiang brought this change]
curl: add warning for incompatible parameters usage
--continue-at - and --remote-header-name are known incompatible parameters
Closes #7674
- [git-bruh brought this change]
examples/*hiperfifo.c: fix calloc arguments to match function proto
Closes #7678
- INTERNALS: bump c-ares requirement to 1.16.0
Since ba904db0705c93 we use ares_getaddrinfo, added in c-ares 1.16.0
- curl: stop retry if Retry-After: is longer than allowed
If Retry-After: specifies a period that is longer than what fits within
--retry-max-time, then stop retrying immediately.
Added test 366 to verify.
Reported-by: Kari Pahula
Fixes #7675
Closes #7676
- [Michał Antoniak brought this change]
mbedtls: avoid using a large buffer on the stack
Use dynamic memory allocation for the buffer used in checking "pinned
public key". The PUB_DER_MAX_BYTES parameter with default settings is
set to a value greater than 2kB.
Co-authored-by: Daniel Stenberg
Closes #7586
- configure: make --disable-hsts work
The AC_ARG_ENABLE() macro itself uses a variable called
'enable_[option]', so when our script also used a variable with that
name for the purpose of storing what the user wants, it also
accidentally made it impossible to switch off the feature with
--disable-hsts. Fix this by renaming our variable.
Reported-by: Michał Antoniak
Fixes #7669
Closes #7672
Jay Satiro (5 Sep 2021)
- config.d: note that curlrc is used even when --config
Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
Reported-by: Viktor Szakats
Closes https://github.com/curl/curl/pull/7667
Daniel Stenberg (4 Sep 2021)
- RELEASE-NOTES: synced
- test1173: check references to libcurl options
... that they refer to actual existing libcurl options.
Reviewed-by: Daniel Gustafsson
Closes #7656
- CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
Closes #7656
- opt-docs: verify man page sections + order
In every libcurl option man page there are now 8 mandatory sections that
must use the right name in the correct order and test 1173 verifies
this. Only 14 man pages needed adjustments.
The sections and the order is as follows:
- NAME
- SYNOPSIS
- DESCRIPTION
- PROTOCOLS
- EXAMPLE
- AVAILABILITY
- RETURN VALUE
- SEE ALSO
Reviewed-by: Daniel Gustafsson
Closes #7656
- opt-docs: make sure all man pages have examples
Extended manpage-syntax.pl (run by test 1173) to check that every man
page for a libcurl option has an EXAMPLE section that is more than two
lines. Then fixed all errors it found and added examples.
Reviewed-by: Daniel Gustafsson
Closes #7656
- get.d: provide more useful examples
Closes #7668
- page-header: add GOPHERS, simplify wording in the 1st para
Closes #7665
- connect: get local port + ip also when reusing connections
Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
(connection + easy handle), so this info needs be extracted again even
for re-used connections.
Add test 435 to verify
Reported-by: Max Dymond
Fixes #7660
Closes #7662
Marcel Raad (2 Sep 2021)
- multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
`use_wakeup` is unused in this case.
Closes https://github.com/curl/curl/pull/7661
Daniel Stenberg (1 Sep 2021)
- tests: adjust the tftpd output to work with hyper mode
By making them look less like http headers, the hyper mode "tweak"
doesn't interfere.
Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated
but should be enabled).
Closes #7658
Daniel Gustafsson (1 Sep 2021)
- [Gisle Vanem brought this change]
openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
This adds support for the previously unhandled supplemental data which
in -v output was printed like:
TLSv1.2 (IN), TLS header, Unknown (23):
These will now be printed with proper annotation:
TLSv1.2 (OUT), TLS header, Supplemental data (23):
Closes #7652
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Stenberg (1 Sep 2021)
- curl.1: provide examples for each option
The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the
output. All options MUST have at least one example or gen.pl complains
at build-time.
This fix also does a few other minor format and consistency cleanups.
Closes #7654
- progress: make trspeed avoid floats
and compiler warnings for data conversions.
Reported-by: Michał Antoniak
Fixes #7645
Closes #7653
- test365: verify response with chunked AND Content-Length headers
- http: ignore content-length if any transfer-encoding is used
Fixes #7643
Closes #7649
- RELEASE-NOTES: synced
- Revert "http2: skip immediate parsing of payload following protocol switch"
This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb.
Reported-by: Tk Xiong
Fixes #7633
Closes #7648
- KNOWN_BUGS: HTTP/3 doesn't support client certs
Closes #7625
- mailing lists: move from cool.haxx.se to lists.haxx.se
- http_proxy: only wait for writable socket while sending request
Otherwise it would wait socket writability even after the entire CONNECT
request has sent and make curl basically busy-loop while waiting for a
response to come back.
The previous fix attempt in #7484 (c27a70a591a4) was inadequate.
Reported-by: zloi-user on github
Reported-by: Oleguer Llopart
Fixes #7589
Closes #7647
- http: disallow >3-digit response codes
Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.
Updated test 1432 accordingly.
Enabled test 1432 in the hyper builds.
Closes #7641
- [Tatsuhiro Tsujikawa brought this change]
ngtcp2: stop buffering crypto data
Stop buffering crypto data because libngtcp2 now buffers submitted
crypto data.
Closes #7637
- test1280: CRLFify the response to please hyper
Closes #7639
- tests: enable test 1129 for hyper builds
Closes #7638
- curl: better error message when -O fails to get a good name
Due to how this currently works internally, it needs a working initial
file name to store contents in, so it may still fail even with -J is
used (and thus accepting a name from content-disposition:) if the file
name part of the URL isn't "good enough".
Fixes #7628
Closes #7635
- curl_easy_setopt: tweak the string copy wording
Reported-by: Yaobin Wen
Fixes #7632
Closes #7634
- RELEASE-NOTES: synced
- [Don J Olmstead brought this change]
cmake: sync CURL_DISABLE options
Adds the full listing of CURL_DISABLE options to the CMake build. Moves
all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
resides near OpenSSL configuration, to the same block of code. Also
sorts the options here and in the cmake config header.
Additionally sorted the CURL-DISABLE listing and fixed the
CURL_DISABLE_POP3 option.
Closes #7624
Jay Satiro (25 Aug 2021)
- KNOWN_BUGS: FTPS upload data loss with TLS 1.3
Bug: https://github.com/curl/curl/issues/6149
Reported-by: Bylon2@users.noreply.github.com
Closes https://github.com/curl/curl/pull/7623
Daniel Stenberg (24 Aug 2021)
- cmake: avoid poll() on macOS
... like we do in configure builds. Since poll() on macOS is not
reliable enough.
Reported-by: marc-groundctl
Fixes #7595
Closes #7619
- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
Enable test 1074
Closes #7617
- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
Enable test 1130 and 1131
Closes #7616
- [a1346054 brought this change]
tests: be explicit about using 'python3' instead of 'python'
This fixes running tests in virtualenvs (or on distros) that no longer
have a symlink from python to python2 or python3.
Closes #7602
- [a1346054 brought this change]
scripts: invoke interpreters through /usr/bin/env
Closes #7602
- DISABLED: enable 11 more tests for hyper builds
Closes #7612
- setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
Since this option is also used for FTP, it needs to work to set for
applications even if hyper doesn't support it for HTTP. Verified by test
1137.
Updated docs to specify that the option doesn't work for HTTP when using
the hyper backend.
Closes #7614
- test1138: remove trailing space to make work with hyper
Closes #7613
- libcurl-errors.3: clarify two CURLUcode errors
CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or
wrong pointers in a generic sense, not just for NULL pointers.
Reviewed-by: Jay Satiro
Ref: #7605
Closes #7611
Jay Satiro (23 Aug 2021)
- symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
... and also change the 'Removed' column name to 'Last' since that
column is for the last version to contain the symbol.
Closes https://github.com/curl/curl/pull/7609
Daniel Stenberg (23 Aug 2021)
- urlapi.c:seturl: assert URL instead of using if-check
There's no code flow possible where this can happen. The assert makes
sure it also won't be introduced undetected in the future.
Closes #7610
- curl-openssl.m4: show correct output for OpenSSL v3
Using 3.0.0 versions configure should now show this:
checking for OpenSSL headers version... 3.0.0 - 0x300
checking for OpenSSL library version... 3.0.0
checking for OpenSSL headers and library versions matching... yes
This output doesn't actually change what configure generates but is only
"cosmetic".
Reported-by: Randall S. Becker
Fixes #7606
Closes #7608
Jay Satiro (22 Aug 2021)
- mksymbolsmanpage.pl: Fix showing symbol's last used version
Prior to this change the symbol's deprecated version was erroneously
shown as its last used version.
Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509
Reported-by: i-ky@users.noreply.github.com
Daniel Stenberg (21 Aug 2021)
- mksymbolsmanpage.pl: match symbols case insenitively
Follow-up to 4e53b9430c750 which made this bug show.
Reported-by: i-ky
Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253
Closes #7607
- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results
As this leaks memory otherwise
Follow-up to ba904db0705c931
Closes #7599
- [Ehren Bendler brought this change]
wolfssl: clean up wolfcrypt error queue
If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
queue gets added on to for each session and never freed. Fix it by
calling ERR_clear_error() like in vtls/openssl when needed. This func is
a no-op in wolfcrypt if the error queue is not enabled.
Closes #7594
- man pages: remove trailing whitespaces
Extended test 1173 (via the manpage-syntax.pl script) to detect and warn
for them.
Ref: #7602
Reported-by: a1346054 on github
Closes #7604
- mailmap: add Gleb Ivanovsky
- config.d: escape the backslash properly
Closes #7603
- [Don J Olmstead brought this change]
curl_setup.h: sync values for HTTP_ONLY
The values for HTTP_ONLY differed between CMakeLists.txt and
curl_setup.h. Sync them and sort the values in curl_setup.h to make it
easier to spot differences.
Closes #7601
Jay Satiro (21 Aug 2021)
- configure: set classic mingw minimum OS version to XP
- If the user has not specified a minimum OS version (via WINVER or
_WIN32_WINNT macros) then set it to Windows XP.
Prior to this change classic MinGW defaulted the minimum OS version
to Windows NT 4.0 which is way too old. At least Windows XP is needed
for getaddrinfo (which resolves hostnames to IPv6 addresses).
Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034
Closes https://github.com/curl/curl/pull/7581
- schannel: Work around typo in classic mingw macro
- Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH.
Prior to this change there was an incomplete fix to ignore the
CALG_TLS1PRF macro on those versions of MinGW where it uses the
ALG_CLASS_DHASH typoed macro.
Ref: 48cf45c
Ref: https://osdn.net/projects/mingw/ticket/38391
Ref: https://github.com/curl/curl/issues/2924
Closes https://github.com/curl/curl/pull/7580
Daniel Stenberg (20 Aug 2021)
- RELEASE-NOTES: synced
- http_proxy: fix user-agent and custom headers for CONNECT with hyper
Enable test 287
Closes #7598
- c-hyper: initial support for "dumping" 1xx HTTP responses
With the use hyper_request_on_informational()
Enable test 155 and 158
Closes #7597
Marc Hoersken (18 Aug 2021)
- tests/*server.pl: flush output before executing subprocess
Also avoid shell processes staying around by using exec.
This is necessary to avoid output data being buffering
inside the process chain of Perl, Bash/Shell and our
test server binaries. On non-Windows systems the exec
will also make the subprocess replace the intermediate
shell, but on Windows it will at least bind the processes
together since there is no real fork or exec available.
See: https://cygwin.com/cygwin-ug-net/highlights.html
and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions
Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010
Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes #7530
- CI: use GitHub Container Registry instead of Docker Hub
Avoid limits on Docker Hub and improve image pull/download speed.
Closes #7587
Daniel Stenberg (18 Aug 2021)
- openssl: when creating a new context, there cannot be an old one
Remove the previous handling that would call SSL_CTX_free(), and instead
add an assert that halts a debug build if there ever is a context
already set at this point.
Closes #7585
Jay Satiro (18 Aug 2021)
- KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend
Closes https://github.com/curl/curl/issues/6785
Viktor Szakats (17 Aug 2021)
- docs/BINDINGS: URL update
Marc Hoersken (17 Aug 2021)
- tests/server/*.c: align handling of portfile argument and file
1. Call the internal variable portname (like pidname) everywhere.
2. Have a variable wroteportfile (like wrotepidfile) everywhere.
3. Make sure the file is cleaned up on exit (like pidfile).
4. Add parameter --portfile to usage outputs everywhere.
Reviewed-by: Daniel Stenberg
Replaces #7523
Closes #7574
Daniel Gustafsson (17 Aug 2021)
- KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS
Fixes a set of typos found in section 11.3.
Daniel Stenberg (17 Aug 2021)
- getparameter: fix the --local-port number parser
It could previously get tricked into parsing the uninitialized stack
based buffer.
Reported-by: Brian Carpenter
Closes #7582
- KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit
Closes #7048
- [Jan Verbeek brought this change]
curl: add warning for ignored data after quoted form parameter
In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
is ignored. This adds a warning if the ignored data isn't all
whitespace.
Closes #7394
Jay Satiro (17 Aug 2021)
- codeql: fix error "Resource not accessible by integration"
- Enable codeql writing security-events.
GitHub set the default permissions to read, apparently since earlier
this year.
Ref: https://github.com/github/codeql-action/issues/464
Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
Fixes https://github.com/curl/curl/issues/7575
Closes https://github.com/curl/curl/pull/7576
- tool_operate: Fix --fail-early with parallel transfers
- Abort via progress callback to fail early during parallel transfers.
When a critical error occurs during a transfer (eg --fail-early
constraint) then other running transfers will be aborted via progress
callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this
case, the callback error does not become the most recent error and a
custom error message is used for those transfers:
curld --fail --fail-early --parallel
https://httpbin.org/status/404 https://httpbin.org/delay/10
curl: (22) The requested URL returned error: 404
curl: (42) Transfer aborted due to critical error in another transfer
> echo %ERRORLEVEL%
22
Fixes https://github.com/curl/curl/issues/6939
Closes https://github.com/curl/curl/pull/6984
Daniel Stenberg (17 Aug 2021)
- [Sergey Markelov brought this change]
sectransp: support CURLINFO_CERTINFO
Fixes #4130
Closes #7372
- ngtcp2: remove the acked_crypto_offset struct field init
... as it is gone from the API upstream.
Closes #7578
- misc: update incorrect copyright year ranges
Closes #7577
- KNOWN_BUGS: HTTP/3 quiche upload large file fails
Closes #7532
- KNOWN_BUGS: CMake build with MIT Kerberos does not work
Closes #6904
- TODO: add asynch getaddrinfo support
Closes #6746
- RELEASE-NOTES: synced
- [Artur Sinila brought this change]
http2: revert call the handle-closed function correctly on closed stream
Reverts 252790c5335a221
Assisted-by: Gergely Nagy
Fixes #7400
Closes #7525
- [Patrick Monnerat brought this change]
auth: do not append zero-terminator to authorisation id in kerberos
RFC4752 Section 3.1 states "The authorization identity is not terminated
with a zero-valued (%x00) octet". Although a comment in code said it may
be needed anyway, nothing confirms it. In addition, servers may consider
it as part of the identity, causing a failure.
Closes #7008
- [Patrick Monnerat brought this change]
auth: use sasl authzid option in kerberos
... instead of deriving it from active ticket.
Closes #7008
- [Patrick Monnerat brought this change]
auth: we do not support a security layer after kerberos authentication
Closes #7008
- [Patrick Monnerat brought this change]
auth: properly handle byte order in kerberos security message
Closes #7008
- [z2_ brought this change]
x509asn1: fix heap over-read when parsing x509 certificates
Assisted-by: Patrick Monnerat
Closes #7536
- KNOWN_BUGS: Disconnects don't do verbose
Closes #6995
- mailmap: fixup Michał Antoniak
- [Michał Antoniak brought this change]
build: fix compiler warnings
For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both
active.
- socks.c : warning C4100: 'lineno': unreferenced formal parameter
(co-authored by Daniel Stenberg)
- mbedtls.c: warning C4189: 'port': local variable is initialized but
not referenced
- schannel.c: warning C4189: 'hostname': local variable is initialized
but not referenced
Cloes #7528
- [Gleb Ivanovsky brought this change]
CODE_STYLE-md: fix bold font style
Markdown gets confused with abundance of asterisks, so use underscores
instead.
Reviewed-by: Daniel Gustafsson
Closes #7569
- [Gleb Ivanovsky brought this change]
CODE_STYLE-md: add missing comma
Reviewed-by: Daniel Gustafsson
Closes #7570
- [Daniel Gustafsson brought this change]
examples/ephiperfifo.c: simplify signal handler
The signal handler registered for SIGINT is only handling SIGINT
so there isn't much need for inspecting the signo. While there,
rename the handler to be more specific.
g_should_exit should really be of sig_atomic_t type, but relying
on autoconf in the examples seems like a bad idea so keep that
for now.
Reviewed-by: Daniel Stenberg
Closes #7310
- c-hyper: initial step for 100-continue support
Enabled test 154
Closes #7568
- [Ikko Ashimine brought this change]
vtls: fix typo in schannel_verify.c
occurence -> occurrence
Closes #7566
- [Emil Engler brought this change]
curl_url_get.3: clarify about path and query
The current man-page lacks some details regarding the obtained path and
query.
Closes #7563
- c-hyper: fix header value passed to debug callback
Closes #7567
Viktor Szakats (12 Aug 2021)
- cleanup: URL updates
- replace broken URL with the one it was most probably pointing to
when added (lib/tftp.c)
- replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
- delete unnecessary protocol designator from archive.org URL
(docs/BINDINGS.md)
Closes #7562
Daniel Stenberg (12 Aug 2021)
- [April King brought this change]
DEPRECATE.md: linkify curl-library mailing list
Closes #7561
- [Barry Pollard brought this change]
output.d: add method to suppress response bodies
Closes #7560
- TODO: remove 'c-ares deviates on http://1346569778'
Fixed since 56a037cc0ad1b2 (7.77.0)
- [Colin O'Dell brought this change]
BINDINGS.md: update links to use https where available
Closes #7558
- asyn-ares.c: move all version number checks to the top
... and use #ifdef [feature] in the code as per our guidelines.
- ares: use ares_getaddrinfo()
ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced
in version 1.16.0.
With older c-ares versions, curl invokes ares_gethostbyname() twice - once for
IPv4 and once for IPv6 to resolve both addresses, and then combines the
returned results.
Reported-by: jjandesmet
Fixes #7364
Closes #7552
- [Tatsuhiro Tsujikawa brought this change]
ngtcp2: utilize crypto API functions to simplify
Closes #7551
- [megatronking brought this change]
ngtcp2: reset the oustanding send buffer again when drained
Closes #7538
Michael Kaufmann (10 Aug 2021)
- progress: fix a compile warning on some systems
lib/progress.c:380:40: warning: conversion to 'long double' from
'curl_off_t {aka long long int}' may alter its value [-Wconversion]
Closes #7549
Daniel Stenberg (10 Aug 2021)
- RELEASE-NOTES: synced
- http: consider cookies over localhost to be secure
Updated test31.
Added test 392 to verify secure cookies used for http://localhost
Reviewed-by: Daniel Gustafsson
Fixes #6733
Closes #7263
- TODO: erase secrets from heap/stack after use
Closes #7268
Jay Satiro (10 Aug 2021)
- hostip: Make Curl_ipv6works function independent of getaddrinfo
- Do not assume IPv6 is not working when getaddrinfo is not present.
The check to see if IPv6 actually works is now independent of whether
there is any resolver that can potentially resolve a hostname to IPv6.
Prior to this change if getaddrinfo() was not found at compile time then
Curl_ipv6works() would be defined as a macro that returns FALSE.
When getaddrinfo is not found then libcurl is built with CURLRES_IPV4
defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups
in the traditional way. With this commit if libcurl is built with IPv6
support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the
IPv6 stack is actually working, then it is possible for libcurl to
resolve IPv6 addresses by using DoH.
Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
Closes https://github.com/curl/curl/pull/7529
- test1565: fix windows build errors
- Use our wait_ms() instead of sleep() since Windows doesn't have the
latter.
- Use a separate variable to keep track of whether the pthread_t thread
id is valid.
On Windows pthread_t is not an integer type. pthread offers no macro for
invalid pthread_t thread id, so validity is kept track of separately.
Closes https://github.com/curl/curl/pull/7527
- [Jeremy Falcon brought this change]
winbuild/README.md: clarify GEN_PDB option
- Document that GEN_PDB option creates an external database.
Ref: https://github.com/curl/curl/issues/7502
Daniel Stenberg (9 Aug 2021)
- [Tatsuhiro Tsujikawa brought this change]
ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
Closes #7546
- [Tatsuhiro Tsujikawa brought this change]
ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
Rework the return value handling of ngtcp2_conn_writev_stream and treat
NGTCP2_ERR_STREAM_SHUT_WR separately.
Closes #7546
- configure: error out if both ngtcp2 and quiche are specified
Reported-by: Vincent Grande
See #7539
Closes #7545
- [Jeff Mears brought this change]
easy: use a custom implementation of wcsdup on Windows
... so that malloc/free overrides from curl_global_init are used for
wcsdup correctly.
Closes #7540
- zuul: add an mbedtls3 CI job
Closes #7544
- [Benau brought this change]
mbedTLS: initial 3.0.0 support
Closes #7428
- RELEASE-NOTES: synced
- configure.ac: revert bad nghttp2 library detection improvements
This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b.
The logic is now back to assuming that the nghttp2 lib is called nghttp2 and
nothing else.
Reported-by: Rui Pinheiro
Reported-by: Alex Crichton
Fixes #7514
Closes #7515
- happy-eyeballs-timeout-ms.d: polish the wording
Reported-by: Josh Soref
Fixes #7433
Closes #7542
- [modbw brought this change]
mbedtls_threadlock: fix unused variable warning
Closes #7393
- [Tatsuhiro Tsujikawa brought this change]
ngtcp2: compile with the latest ngtcp2 and nghttp3
Closes #7541
Marc Hoersken (31 Jul 2021)
- CI/cirrus: reduce compile time with increased parallism
Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds.
Reviewed-by: Daniel Stenberg
Closes #7505
Daniel Stenberg (30 Jul 2021)
- [Bin Lan brought this change]
tool/tests: fix potential year 2038 issues
The length of 'long' in a 32-bit system is 32 bits, which cannot be used
to save timestamps after 2038. Most operating systems have extended
time_t to 64 bits.
Remove the castings to long.
Closes #7466
- compressed.d: it's a request, not an order
Clarified
Reported-by: Dan Jacobson
Reviewed-by: Daniel Gustafsson
Fixes #7516
Closes #7517
- [Bernhard M. Wiedemann brought this change]
tests: make three tests pass until 2037
after 2038 something in test1915 fails on 32-bit OSes
Closes #7512
Daniel Gustafsson (30 Jul 2021)
- connect: remove superfluous conditional
Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos,
but the move left a conditional on ai which no longer is needed as
the while loop reevaluation will cover it.
Closes #7511
Reviewed-by: Carlo Marcelo Arenas Belón
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Stenberg (29 Jul 2021)
- RELEASE-NOTES: synced
and bump curlver to 7.79.0 for next release
Marc Hoersken (29 Jul 2021)
- tests/*server.py: remove pidfile on server termination
Avoid pidfile leaking/laying around after server already exited.
Reviewed-by: Daniel Stenberg
Closes #7506
Daniel Gustafsson (27 Jul 2021)
- tool_main: fix typo in comment
The referred to library is NSPR, so fix the switched around characters.
Daniel Stenberg (28 Jul 2021)
- [Aleksandr Krotov brought this change]
bearssl: support CURLOPT_CAINFO_BLOB
Closes #7468
- curl.1: mention "global" flags
Mention options that are "global". A global command line option is one
that doesn't get reset at --next uses and therefore don't need to be
used again.
Reported-by: Josh Soref
Fixes #7457
Closes #7510
- CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
Reported-by: Daniel Woelfel
Fixes #7441
Closes #7509
- KNOWN_BUGS: add more HTTP/3 problems
Closes #7351
Closes #7339
Closes #7125
Marc Hoersken (27 Jul 2021)
- CI/azure: reduce compile time with increased parallism
Azure Pipelines CI VMs have 2 CPUs, let's use them.
Closes #7489
Jay Satiro (27 Jul 2021)
- [Josh Soref brought this change]
docs: fix grammar
Fixes https://github.com/curl/curl/issues/7444
Fixes https://github.com/curl/curl/issues/7451
Fixes https://github.com/curl/curl/issues/7465
Closes https://github.com/curl/curl/pull/7495
- mail-rcpt.d: fix grammar
Remove confusing sentence that says to specify an e-mail address for
mail transfer, since that's implied.
Reported-by: Josh Soref
Fixes https://github.com/curl/curl/issues/7452
Closes https://github.com/curl/curl/pull/7495
Daniel Stenberg (27 Jul 2021)
- c-hyper: remove the hyper_executor_poll() loop from Curl_http
1. it's superfluous
2. it didn't work identically to the Curl_hyper_stream one which could
cause problems like #7486
Pointed-out-by: David Cook
Closes #7499
- curl-openssl.m4: check lib64 for the pkg-config file
OpenSSL recently started putting the libs in $prefix/lib64 on 'make
install', so we check that directory for pkg-config data if the 'lib'
check fails.
Closes #7503
- CURLOPT_SSL_CTX_*.3: tidy up the example
Use the proper code style. Don't store return codes that aren't read.
Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well.
Closes #7500
- example/cookie_interface: fix scan-build printf warning
Follow-up to 4b79c4fb565
Fixes #7497
Closes #7498
- [Josh Soref brought this change]
limit-rate.d: clarify base unit
Fixes #7439
Closes #7494
- [Carlo Marcelo Arenas Belón brought this change]
examples/cookie_interface: avoid printfing time_t directly
time_t representation is undefined and varies on bitsize and signedness,
and as of C11 could be even non integer.
instead of casting to unsigned long (which would truncate in systems
with a 32bit long after 2106) use difftime to get the elapsed time as a
double and print that (without decimals) instead.
alternatively a cast to curl_off_t and its corresponding print
formatting could have been used (at least in POSIX) but portability and
curl agnostic code was prioritized.
Closes #7490
Marc Hoersken (25 Jul 2021)
- tests/servers: remove obsolete pid variable
Variable is not used since pidfile handling moved to util.[ch]
Reviewed-by: Jay Satiro
Closes #7482
- tests/servers: use our platform-aware pid for server verification
The pid used for server verification is later stored as pid2 in
the hash of running test servers and therefore used for shutdown.
The pid used for shutdown must be the platform-aware (Win32) pid
to avoid leaking test servers while running them using Cygwin/msys.
Reviewed-by: Jay Satiro
Closes #7481
- tests/runtests.pl: cleanup copy&paste mistakes and unused code
Reviewed-by: Jay Satiro
Part of #7481
Daniel Stenberg (25 Jul 2021)
- RELEASE-NOTES: synced
bumped to 7.78.1 for next release
- http_proxy: clear 'sending' when the outgoing request is sent
... so that Curl_connect_getsock() will know how to wait for the socket
to become readable and not writable after the entire CONNECT request has
been issued.
Regression added in 7.77.0
Reported-by: zloi-user on github
Assisted-by: Jay Satiro
Fixes #7155
Closes #7484
Jay Satiro (25 Jul 2021)
- [Josh Soref brought this change]
openssl: fix grammar
Closes https://github.com/curl/curl/pull/7480
- configure.ac: tweak nghttp2 library name fix again
- Change extraction to handle multiple library names returned by
pkg-config (eg a possible scenario with pkg-config --static).
Ref: https://github.com/curl/curl/pull/7472
Closes https://github.com/curl/curl/pull/7485
Dan Fandrich (23 Jul 2021)
- Get rid of the unused HAVE_SIG_ATOMIC_T et. al.
It was added in 2006 but I see no evidence it was ever used.
Jay Satiro (23 Jul 2021)
- docs: change max-filesize caveat again
- Add protocols field to max-filesize.d.
- Revert wording on unknown file size caveat and do not discuss specific
protocols in that section.
Partial revert of ecf0225. All max-filesize options now have the list of
protocols and it's clearer just to have that list without discussing
specific protocols in the caveat.
Reported-by: Josh Soref
Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762
Daniel Stenberg (22 Jul 2021)
- [Christian Weisgerber brought this change]
configure: tweak nghttp2 library name fix
commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by
assuming that LIB_H2 does not have any leading whitespace. At least
OpenBSD's native pkg-config can produce such whitespace, though:
$ pkg-config --libs-only-l libnghttp2
-lnghttp2
As a result, the configure check for libnghttp2 will erroneously fail.
Bug: https://curl.se/mail/lib-2021-07/0050.html
Closes #7472
- [Bastian Krause brought this change]
docs/MQTT: update state of username/password support
PR #7243 implemented username/password support for MQTT, so let's drop
these items from the caveats.
Signed-off-by: Bastian Krause <bst@pengutronix.de>
Closes #7474
- [Oleg Pudeyev brought this change]
CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
Closes #7470
Version 7.78.0 (21 Jul 2021)
Daniel Stenberg (21 Jul 2021)
- RELEASE-NOTES: synced
curl 7.78.0 release
- winbuild/MakefileBuild.vc: bump copyright year
Jay Satiro (21 Jul 2021)
- docs: mention max-filesize options also apply to MQTT transfers
Also make it clearer that the caveat 'if the file size is unknown it
the option will have no effect' may apply to protocols other than FTP
and HTTP.
Reported-by: Josh Soref
Fixes https://github.com/curl/curl/issues/7453
- [Josh Soref brought this change]
docs/cmdline: fix grammar and typos
- [Josh Soref brought this change]
dump-header.d: Drop suggestion to use for cookie storage
Since --cookie-jar is the preferred way to store cookies, no longer
suggest using --dump-header to do so.
Co-authored-by: Daniel Stenberg
Closes https://github.com/curl/curl/issues/7414
- [Josh Soref brought this change]
doc/cmdline: fix grammar and typos
Closes https://github.com/curl/curl/pull/7454
Closes https://github.com/curl/curl/pull/7455
Closes https://github.com/curl/curl/pull/7456
Closes https://github.com/curl/curl/pull/7459
Closes https://github.com/curl/curl/pull/7460
Closes https://github.com/curl/curl/pull/7461
Closes https://github.com/curl/curl/pull/7462
Closes https://github.com/curl/curl/pull/7463
Daniel Stenberg (20 Jul 2021)
- vtls: fix connection reuse checks for issuer cert and case sensitivity
CVE-2021-22924
Reported-by: Harry Sintonen
Bug: https://curl.se/docs/CVE-2021-22924.html
- sectransp: check for client certs by name first, then file
CVE-2021-22926
Bug: https://curl.se/docs/CVE-2021-22926.html
Assisted-by: Daniel Gustafsson
Reported-by: Harry Sintonen
- telnet: fix option parser to not send uninitialized contents
CVS-2021-22925
Reported-by: Red Hat Product Security
Bug: https://curl.se/docs/CVE-2021-22925.html
Jay Satiro (20 Jul 2021)
- connect: fix wrong format specifier in connect error string
0842175 (not in any release) used the wrong format specifier (long int)
for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
upper 32-bits of the timediff_t were erroneously then used by the next
format specifier. Usually since the timeout isn't larger than 32-bits
this would result in null as a pointer to the string with the reason for
the connection failing. On other OSes or maybe other compilers it could
probably result in garbage values (ie crash on deref).
Before:
Failed to connect to localhost port 12345 after 1201 ms: (nil)
After:
Failed to connect to localhost port 12345 after 1203 ms: Connection refused
Closes https://github.com/curl/curl/pull/7449
- winbuild: support alternate nghttp2 static lib name
- Support both nghttp2.lib and nghttp2_static.lib for static nghttp2.
nghttp2 briefly changed its static lib name to nghttp2_static, but then
made the _static suffix optional.
Ref: https://github.com/nghttp2/nghttp2/pull/1394
Ref: https://github.com/nghttp2/nghttp2/pull/1418
Ref: https://github.com/nghttp2/nghttp2/issues/1466
Reported-by: Pierre Yager
Fixes https://github.com/curl/curl/issues/7446
Closes https://github.com/curl/curl/pull/7447
- [Josh Soref brought this change]
docs/cmdline: fix grammar and typos
Closes https://github.com/curl/curl/pull/7432
Closes https://github.com/curl/curl/pull/7436
Closes https://github.com/curl/curl/pull/7438
Closes https://github.com/curl/curl/pull/7440
Closes https://github.com/curl/curl/pull/7445
- [Josh Soref brought this change]
delegation.d: mention what happens when used multiple times
Closes https://github.com/curl/curl/pull/7408
- [Josh Soref brought this change]
create-file-mode.d: mention what happens when used multiple times
Closes https://github.com/curl/curl/pull/7407
- [Josh Soref brought this change]
config.d: split comments and option-per line
Closes https://github.com/curl/curl/pull/7405
Daniel Stenberg (19 Jul 2021)
- misc: copyright year range updates
- mailmap: add Tobias and Timur
Daniel Gustafsson (18 Jul 2021)
- [Josh Soref brought this change]
docs: spell out directories instead of dirs in create-dirs
Write out directories rather than using the dirs abbrevation. Also
use plural form consistently, even if the code in the end might just
create a single directory.
Closes #7406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
- [Tobias Nyholm brought this change]
docs: correct spelling errors and a broken link
Update grammar and spelling in docs and source code comments.
Closes: #7427
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Marc Hoersken (18 Jul 2021)
- CI/cirrus: install impacket from PyPI instead of FreeBSD packages
Availability of impacket as FreeBSD package is too flaky.
Stick to legacy version of cryptography which still
supports OpenSSL version 1.0.2 due to FreeBSD 11.
Reviewed-by: Daniel