Commit Graph

28645 Commits

Author SHA1 Message Date
Viktor Szakats
16a58e9f93
Makefile.m32: delete obsolete options, improve -On [ci skip]
- `-D_AMD64_` has not been necessary for mingw-w64 builds for a long time now.
- `-fno-strict-aliasing` is mentioned for Intel C compiler in autotools, and
  I used this with VxWorks in another project, but otherwise this isn't
  necessary anymore as a default. If a target still needs it, it can be
  added with `CURL_CFLAG_EXTRAS=-fno-strict-aliasing`
- bump up default optimization level to `-O3` (from `-O2`), and also rearrange
  option order so the default can now be overridden via
  `CURL_CFLAG_EXTRAS`.
- delete `-g` (generate debug info) from `CFLAGS` and `-s` from `LDFLAGS`
  (strip debug info). They were working against each other. Now, if someone
  needs debug info, it can be enabled via `CURL_CFLAG_EXTRAS=-g`

Closes #8904
2022-05-24 17:04:38 +00:00
Daniel Gustafsson
a8a1b666c4 ntlm: fix one more hostname test fallout
This fixup was missed in commit 5a41abef6d.

Closes: #8901
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-24 12:51:28 +02:00
Daniel Gustafsson
e70928b091 doh: remove UNITTEST macro definition
The UNITTEST macro is defined by curl_setup.h so there is no use in
carry a local copy of the logic.

Closes: #8902
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-24 12:46:22 +02:00
Daniel Stenberg
dcaae6bb5b
cookie: fix false positive "potentially uninitialized local variable"
Reviewed-by: Daniel Gustafsson
Closes #8903
2022-05-24 12:16:08 +02:00
Daniel Stenberg
8f48b5d783
curl: add --rate to set max request rate per time unit
--rate "12/m" - for 12 per minute or
--rate "5/h" - for 5 per hour

Removed from TODO

Closes #8671
2022-05-23 17:59:56 +02:00
Jay Satiro
64641d2170
max-time.d: clarify max-time sets max transfer time
Prior to this change the doc said --max-time set the maximum time of the
'whole operation' which is not accurate. The option maps to
CURLOPT_TIMEOUT_MS which sets maximum transfer time.

For example, the maximum time on a transfer is reset if the transfer is
retried (--retry).

Reported-by: Nuru@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/8877
Closes #8879
2022-05-23 17:14:57 +02:00
Daniel Stenberg
e41a090b80
GHA/hyper: enable debug in the build 2022-05-23 16:47:22 +02:00
Daniel Stenberg
5a4dbb8ae3
hyper: use 'alt-used'
Makes test 412+413 work

Closes #8898
2022-05-23 16:47:17 +02:00
Daniel Stenberg
6e489e00a5
RELEASE-NOTES: synced 2022-05-23 09:11:32 +02:00
Daniel Stenberg
7bc785387d
CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
Closes #8888
2022-05-23 08:44:29 +02:00
Daniel Stenberg
3c8b969de6
links: update dead links
The wiki pages are gone, remove and link to more long-living docs.

Closes #8897
2022-05-23 08:40:13 +02:00
Daniel Stenberg
216636a4ce
ntlm: (void) typecast msnprintf() where we ignore return code
Follow-up to 5a41abef6, to please Coverity
2022-05-23 08:13:48 +02:00
Daniel Gustafsson
5a41abef6d ntlm: copy NTLM_HOSTNAME to host buffer
Commit 709ae2454f added a fake hostname to avoid leaking the local
hostname, but omitted copying it to the host buffer.  Fix by copying
and adjust the test fallout.

Closes: #8895
Fixes: #8893
Reported-by: Patrick Monnerat <patrick@monnerat.net>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-22 23:26:24 +02:00
Daniel Gustafsson
5b9770e5fc configure: use the SED value to invoke sed
Rather than assuming sed in PATH, use the resolved $SED variable
like in all other invocations of sed in configure.

Closes: #8891
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2022-05-21 15:34:24 +02:00
Tatsuhiro Tsujikawa
8ea851b29d
ngtcp2: Allow curl to send larger UDP datagrams
Allow curl to send larger UDP datagram if Path MTU Discovery finds the
availability of larger path MTU.  To make it work and not to send
fragmented packet, we need to set DF bit.  That makes send(2) fail with
EMSGSIZE if UDP datagram is too large.  In that case, just let it be
lost.  This patch enables DF bit for Linux only.

Closes #8883
2022-05-20 17:50:38 +02:00
Daniel Stenberg
7f2e1d345a
libcurl-security.3: add "Secrets in memory"
Closes #8881
2022-05-20 17:36:25 +02:00
Daniel Stenberg
cb41a0169c
tests: update NTLM tests to use new host name
Also drop the debug requirement, remove the setenv sections, remove
prechecks and add NTLM to the top keywords.

Closes #8889
2022-05-20 16:24:13 +02:00
Daniel Stenberg
709ae2454f
ntlm: provide a fixed fake host name
The NTLM protocol includes providing the local host name, but apparently
other implementations already provide a fixed fake name instead to avoid
leaking the real local name.

The exact name used is 'WORKSTATION', because Firefox uses that.

The change is written to allow someone to "back-pedal" fairly easy in
case of need.

Reported-by: Carlo Alberto
Fixes #8859
Closes #8889
2022-05-20 16:24:13 +02:00
Daniel Gustafsson
c92c650413 KNOWN_BUGS: fix typo in problem description
s/TSL/TLS/
2022-05-20 13:43:35 +02:00
Daniel Gustafsson
93fe8a0476 FEATURES: remove yassl as TLS library for NTLM
yassl was added in commit 9d904ee41b but is no longer available
and is thus not a library to use for NTLM. This aligns the FEATURES
doc with the FAQ.

Closes: #8886
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-20 13:43:12 +02:00
Daniel Gustafsson
3022c5a946 FEATURES: reorder footnotes
The empty left-behind footnote confused the website rendering into
creating a nested emoty list, making the resulting page look quite
odd.  Remove and re-order the remaining ones to avoid a gap in the
sequence.

Closes: #8886
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-20 13:42:45 +02:00
Daniel Gustafsson
7652310e98 FAQ: remove opinionated sentence on NTLM
curl is a tool that support many different things, and it doesn't
really seem like our job to tell other what to use (as they might
not have much say in the matter even).  Also tidy up wording.

Closes: #8886
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-20 13:40:12 +02:00
Viktor Szakats
fde1cb9247
log2changes: do not indent empty lines [ci skip]
This will omit two spaces of indentation from lines with no content,
thus avoiding 'spaces @ EOL'.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes #8887
2022-05-20 05:58:05 +00:00
Daniel Stenberg
a7a18d7589
wolfssl: correct the failf() message when a handle can't be made
Closes #8885
2022-05-19 19:05:17 +02:00
Viktor Szakats
a820c55a72
Makefile.m32: delete two obsolete OpenSSL options [ci skip]
- -DOPENSSL_NO_KRB5: No longer used by OpenSSL 1.1.x, 3.x, or
  LibreSSL 3.5.x, yet it collides with the latter, which defines
  it unconditionally, resulting in this warning:
    ../../libressl/include/openssl/opensslfeatures.h:14:9: warning: 'OPENSSL_NO_KRB5' macro redefined [-Wmacro-redefined]
  It was originally added to curl in 2004.

- -DHAVE_OPENSSL_PKCS12_H: No longer used by OpenSSL 1.1.x, 3.x, or
  LibreSSL back to at least 2.5.5. Originally added in the same
  commit as the above, in 2004.

Closes #8884
2022-05-19 16:47:54 +00:00
Daniel Stenberg
d2c31ef3fb
RELEASE-NOTES: synced
bump to 7.84.0
2022-05-19 17:59:45 +02:00
Christian Weisgerber via curl-library
46f11a4cef
Makefile.am: fix portability issues
Commit a04f0b9613 made me notice that
there is a portability issue in curl's top-level Makefile.am.

$< can only be used in rules that deal with .SUFFIXES.  Its use
for general prerequisites is a GNU make extension.

$< could be replaced by $?, but I think in an autotools context,
something like this is better:

Bug: https://curl.se/mail/lib-2022-05/0024.html
Closes #8861
2022-05-19 15:45:26 +02:00
Balakrishnan Balasubramanian
dfa84a0450
socks: support unix sockets for socks proxy
Usage:
  curl -x "socks5h://localhost/run/tor/socks" "https://example.com"

Updated runtests.pl to run a socksd server listening on unix socket

Added tests test1467 test1468

Added documentation for proxy command line option and socks proxy
options

Closes #8668
2022-05-19 15:35:03 +02:00
Vincent Torri
ee52bead4d
cmake: add libpsl support
Fixes #8865
Closes #8867
2022-05-19 15:29:55 +02:00
Tatsuhiro Tsujikawa
9accb9a5be
ngtcp2: extend QUIC transport parameters buffer
Extend QUIC transport parameters buffer because 64 bytes are too
short for the ever increasing parameters.

Closes #8872
2022-05-19 14:56:50 +02:00
Tatsuhiro Tsujikawa
136ab928c8
ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
Closes #8871
2022-05-19 14:55:37 +02:00
Tatsuhiro Tsujikawa
fe1d00e71b
ngtcp2: send appropriate connection close error code
Closes #8870
2022-05-19 14:54:46 +02:00
Daniel Stenberg
b6487eb3d4
test1561: adjusted for the cookie fix 2022-05-19 14:48:26 +02:00
Daniel Stenberg
9ec22e4fe6
test414: verify secure cookie domain overlay 2022-05-19 14:48:26 +02:00
Harry Sintonen
e9a8451a3b
cookie: address secure domain overlay
Bug: https://hackerone.com/reports/1560324
Co-authored-by: Daniel Stenberg
Closes #8840
2022-05-19 14:48:26 +02:00
Frank Gevaerts
b12c2b91df
strcase: some optimisations
Lookup tables for toupper() and tolower() make Curl_strcasecompare()
about 1.5 times faster. Reorganising Curl_strcasecompare() to fully exit
early then also allows simplifying the check at the end, for another
15%. In total, the changes make Curl_strcasecompare() around 1.6 to 1.7
times faster.

Note that these optimisation assume ASCII. The original
Curl_raw_toupper() and raw_tolower() look like they already made that
assumption.

Closes #8875
2022-05-19 12:03:57 +02:00
Daniel Stenberg
435acbd379
BUG-BOUNTY.md: mention the audit exception
Dedicated - paid for - security audits that are performed in
collaboration with curl developers are not eligible for bounties.

(plus I changed the sub-titles to use ## instead of # in the markdown)

Closes #8880
2022-05-19 11:14:54 +02:00
Daniel Stenberg
0842936292
lib/vssh/wolfssh.h: removed
Unused header file

Reported-by: Illarion Taev
Fixes #8863
Closes #8866
2022-05-17 17:31:02 +02:00
Elms
835a205370
wolfSSL: explicitly use compatibility layer
This change removes adding an include `$prefix/wolfssl` or similar to
allow for openssl include aliasing. Include paths of `wolfssl/openssl/`
are used to explicitly use wolfSSL includes. This fixes cmake builds as
well as avoiding potentially using openSSL headers since include path
order is not guaranteed.

Closes #8864
2022-05-17 16:58:03 +02:00
Daniel Stenberg
84052154f7
curl: deprecate --random-file and --egd-file
As libcurl no longer has any functionality for them, the tool now does
nothing with them.

Closes #8670
2022-05-17 11:06:07 +02:00
Daniel Stenberg
8d86718f3f
opts: deprecate RANDOM_FILE and EGDSOCKET
These two options were only ever used for the OpenSSL backend for
versions before 1.1.0. They were never used for other backends and they
are not used with recent OpenSSL versions. They were never used much by
applications.

The defines RANDOM_FILE and EGD_SOCKET can still be set at build-time
for ancient EOL OpenSSL versions.

Closes #8670
2022-05-17 11:05:54 +02:00
Harry Sintonen
1b3dcaed9f
bindlocal: don't use a random port if port number would wrap
Earlier if CURLOPT_LOCALPORT + CURLOPT_LOCALPORTRANGE would go past port
65535 the code would fall back to random port rather than giving up.

Closes #8862
2022-05-17 08:53:25 +02:00
Daniel Gustafsson
542c78dda7 transfer: Fix potential NULL pointer dereference
Commit 0ef54abf52 accidentally used the conn variable before the
assertion for it being NULL. Fix by moving the assignment which use
conn to after the assertion.

Closes: #8857
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-16 21:18:46 +02:00
Daniel Gustafsson
2df67e93c3 docs: clarify data replacement policy for MIME API
The API documentation for the MIME functions specify that the parts
can be set twice, with the last call winning.  While true, the user
can set the parts n times for n > 2, reword to specify multiple API
calls instead.

Closes: #8860
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-16 20:32:38 +02:00
vvb2060 on github
adde9f0e8c
ngtcp2: support boringssl crypto backend
Closes #8789
2022-05-16 18:21:54 +02:00
Tatsuhiro Tsujikawa
6fcd3e6f51
quic: add Curl_quic_idle
Add Curl_quic_idle which is called when no HTTP level read or write is
performed.  It is a good place to handle timer expiry for QUIC transport
(.e.g, retransmission).

Closes #8698
2022-05-16 18:19:08 +02:00
Gregor Jasny
53678992d5
mprintf: ignore clang non-literal format string
Closes #8740
2022-05-16 18:18:12 +02:00
Nick Zitzmann
e0b43c8eb9
sectransp: check for a function defined when __BLOCKS__ is undefined
SecTrustEvaluateAsync() is defined in the macOS 10.7 SDK, but it
requires Grand Central Dispatch to be supported by the compiler, and
some third-party macOS compilers do not support Grand Central Dispatch.
SecTrustCopyPublicKey() is not present in macOS 10.6, so this shouldn't
adversely affect anything.

Fixes #8846
Reported-by: Egor Pugin
Closes #8854
2022-05-16 18:15:04 +02:00
Daniel Gustafsson
d17db5713a test412/413: Use version macro for User-Agent
Commit 46d45ea3a incorrectly hardcoded the User-Agent in the test
output file which breaks when curlver is updated. Shift to using
the %VERSION macro instead.

Closes: #8856
2022-05-16 10:45:41 +02:00
Daniel Gustafsson
bf327a9dfe macos9: remove partial support
The support for compiling on Mac OS 9 hasn't been modified since 2001
and has no active maintainer or packager, so it's time to remove it as
it's incredibly unlikely to work. If a maintainer re-emerges it can be
resurrected from Git history.

Closes: #8836
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2022-05-16 10:10:16 +02:00