Commit Graph

28710 Commits

Author SHA1 Message Date
Thomas Guillem
2ed1012564
curl_version_info: add CURL_VERSION_THREADSAFE_INIT
This flag can be used to make sure that curl_global_init() is
thread-safe.

This can be useful for libraries that can't control what other
dependencies are doing with Curl.

Closes #8680
2022-06-07 13:34:03 +02:00
Thomas Guillem
23af112f55
lib: make curl_global_init() threadsafe when possible
Use a posix pthread or a Windows SRWLOCK to lock curl_global_init*() and
curl_global_cleanup().

Closes #8680
2022-06-07 13:34:03 +02:00
Daniel Stenberg
134963a5ef
RELEASE-NOTES: synced 2022-06-06 12:29:51 +02:00
Fabian Keil
77ad759366
test414: add the '--resolve' keyword
... so the test can be automatically skipped when
using an external proxy like Privoxy.

Closes #8959
2022-06-06 12:26:26 +02:00
Fabian Keil
d313db70f8
test{440,441,493,977}: add "HTTP proxy" keywords
... so the tests can be automatically skipped when
using an external proxy like Privoxy.

Closes #8959
2022-06-06 12:26:23 +02:00
Fabian Keil
3561e4ed9b
runtests.pl: add the --repeat parameter to the --help output
Closes #8959
2022-06-06 12:26:18 +02:00
Fabian Keil
1d288d46d5
test 2081: add a valid reply for the second request
... so the test works when using a HTTP proxy like
Privoxy that sends an error message if the server
doesn't send data.

Closes #8959
2022-06-06 12:26:14 +02:00
Fabian Keil
9dfa1dcfa0
test 675: add missing CR so the test passes when run through Privoxy
Closes #8959
2022-06-06 12:26:06 +02:00
Daniel Stenberg
6754f99398
ftp: when failing to do a secure GSSAPI login, fail hard
... instead of switching to cleartext. For the sake of security.

Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1590102
Closes #8963
2022-06-06 11:55:39 +02:00
Daniel Stenberg
21ea13cfe1
http2: reject overly many push-promise headers
Getting more than a thousand of them is rather a sign of some kind of
attack.

Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1589847
Closes #8962
2022-06-06 11:53:49 +02:00
Fabian Keil
9dbce9b3d0
misc: spelling improvements
Closes #8956
2022-06-05 12:15:23 +02:00
Tatsuhiro Tsujikawa
298c1dfc7b
ngtcp2: fix assertion failure on EMSGSIZE
Closes #8958
2022-06-05 12:12:26 +02:00
Daniel Stenberg
2bd75e5686
easy/transfer: fix cookie-disabled build
Follow-up from 45de940ceb
Reported-by: Marcel Raad
Fixes #8953
Closes #8954
2022-06-02 22:54:12 +02:00
Daniel Stenberg
07a9b89fed
examples/crawler.c: use the curl license
With permission from Jeroen Ooms

URL: https://github.com/curl/curl/pull/8869#issuecomment-1144742731
Closes #8950
2022-06-02 15:41:01 +02:00
Daniel Stenberg
cce50bd323
speed-limit/time.d: mention these affect transfers in either direction
Reported-by: Ladar Levison
Fixes #8948
Closes #8951
2022-06-02 15:40:09 +02:00
Daniel Stenberg
e517b63223
scripts/copyright.pl: fix the exclusion to not ignore man pages
Ref: #8869
Closes #8952
2022-06-02 15:39:14 +02:00
Daniel Stenberg
df829a1fa9
examples: remove fopen.c and rtsp.c
To simplify the license situation, as they were the only files in the
source tree using these specific BSD-3 clause licenses.

For an fopen style API, we recommend instead going
https://github.com/curl/fcurl

Ref: #8869
Closes #8949
2022-06-02 13:03:07 +02:00
Wolf Vollprecht
4d4eb8e587
netrc: check %USERPROFILE% as well on Windows
Closes #8855
2022-06-02 09:32:51 +02:00
Daniel Stenberg
665138b2dd
CURLOPT_SSH_HOSTKEYDATA/FUNCTION.3: minor polish 2022-06-02 09:30:52 +02:00
michael musset
1544513958
libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.

The host key is passed in argument with a custom handle for the
application.

It overrides CURLOPT_SSH_KNOWNHOSTS

Closes #7959
2022-06-02 08:34:31 +02:00
Daniel Stenberg
267d560b5a
docs/CONTRIBUTE.md: document the 'needs-votes' concept
A pull request sent to the project might get labeled `needs-votes` by a
project maintainer. This label means that in addition to meeting all
other checks and qualifications this pull request must also receive
proven support/thumbs-ups from more community members to be considered
for merging.

Closes #8910
2022-06-02 08:21:24 +02:00
Evgeny Grin
f59508e6cd
digest: tolerate missing "realm"
Server headers may not define "realm", avoid NULL pointer dereference
in such cases.

Closes #8912
2022-06-02 08:18:54 +02:00
Evgeny Grin
807f440301
digest: added detection of more syntax error in server headers
Invalid headers should not be processed otherwise they may create
a security risk.

Closes #8912
2022-06-02 08:18:48 +02:00
Evgeny Grin
3a6fe0c767
digest: unquote realm and nonce before processing
RFC 7616 (and 2617) requires values to be "unquoted" before used for
digest calculations. The only place where unquoting can be done
correctly is header parsing function (realm="DOMAIN\\host" and
realm=DOMAN\\host are different realms).

This commit adds unquoting (de-escaping) of all values during header
parsing and quoting of the values during header forming. This approach
should be most straightforward and easy to read/maintain as all values
are processed in the same way as required by RFC.

Closes #8912
2022-06-02 08:18:34 +02:00
Daniel Stenberg
f810047f9d
headers: handle unfold of space-cleansed headers
Detected by OSS-fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47767

Updated test 1274

Closes #8947
2022-06-01 15:24:49 +02:00
Daniel Stenberg
45de940ceb
lib: make more protocol specific struct fields #ifdefed
... so that they don't take up space if the protocols are disabled in
the build.

Closes #8944
2022-06-01 14:31:49 +02:00
Daniel Stenberg
bb130871c0
DISABLED: disable 1021 for hyper again
due to flakiness in the CI builds
2022-06-01 09:43:48 +02:00
Daniel Stenberg
8b1ae28509
urldata: store tcp_keepidle and tcp_keepintvl as ints
They can't be set larger than INT_MAX in the setsocket API calls.

Also document the max values in their respective man pages.

Closes #8940
2022-06-01 08:12:09 +02:00
Daniel Stenberg
4651945822
urldata: reduce size of a few struct fields
When the values are never larger than 32 bit, ints are better than longs.

Closes #8940
2022-06-01 08:12:09 +02:00
Daniel Stenberg
b1c1df0b6b
urldata: remove three unused booleans from struct UserDefined
- is_fwrite_set
- free_referer
- strip_path_slash

Closes #8940
2022-06-01 08:12:09 +02:00
Daniel Stenberg
c6b2bc6db8
remote-name.d: mention --output-dir
plus add two see-alsos

Closes #8945
2022-06-01 08:11:16 +02:00
Jay Satiro
fde966b69f configure: skip libidn2 detection when winidn is used
Prior to this change --with-winidn could be overridden by libidn2
detection.

Closes https://github.com/curl/curl/pull/8934
2022-06-01 01:58:43 -04:00
Daniel Stenberg
c80f0aebbb
CURLOPT_FILETIME.3: fix the protocols this works with 2022-05-31 17:40:47 +02:00
Daniel Stenberg
ef94c972bc
test681: verify --no-remote-name
Follow-up to 83ee5c428d (from #8931)

Closes #8942
2022-05-31 16:09:53 +02:00
Tatsuhiro Tsujikawa
3288e9c6d3
ngtcp2: enable Linux GSO
Enable Linux GSO in ngtcp2 QUIC.  In order to recover from the
EAGAIN/EWOULDBLOCK by sendmsg with multiple packets in one GSO write,
packet buffer is now held by struct quicsocket.  GSO write might fail in
runtime depending on NIC.  Disable GSO if sendmsg returns EIO.

Closes #8909
2022-05-31 16:04:12 +02:00
Daniel Stenberg
b2175acc76
CURLOPT_PORT.3: We discourage using this option
Closes #8941
2022-05-31 15:58:20 +02:00
Daniel Stenberg
7f97d7053e
RELEASE-NOTES: synced 2022-05-31 14:59:23 +02:00
Daniel Stenberg
b7baa78451
headers_push: error out if a folded header has no previous header
As that would indicate an illegal header. The fuzzer reached the assert
in unfold_value() proving that this case can happen.

Follow-up to c9b60f0053

Closes #8939
2022-05-31 14:03:44 +02:00
Boris Verkhovskiy
83ee5c428d
curl: re-enable --no-remote-name
Closes #8931
2022-05-31 13:23:22 +02:00
Daniel Stenberg
472831256d
test680: require 'http' since it uses such a URL
Follow-up to d1b376c035
2022-05-31 13:14:28 +02:00
Daniel Stenberg
c31752a50e
CURLOPT_NETRC.3: document the .netrc file format 2022-05-31 09:05:01 +02:00
Daniel Stenberg
d1b376c035
test680: verify rejection of malformatted .netrc quoted password 2022-05-31 09:05:01 +02:00
Daniel Stenberg
19f981b4ff
test679: verify netrc quoted string 2022-05-31 09:05:01 +02:00
Daniel Stenberg
eeaae10c0f
netrc: support quoted strings
The .netrc parser now accepts strings within double-quotes in order to
deal with for example passwords containing white space - which
previously was not possible.

A password that starts with a double-quote also ends with one, and
double-quotes themselves are escaped with backslashes, like \". It also
supports \n, \r and \t for newline, carriage return and tabs
respectively.

If the password does not start with a double quote, it will end at first
white space and no escaping is performed.

WARNING: this change is not entirely backwards compatible. If anyone
previously used a double-quote as the first letter of their password,
the parser will now get it differently compared to before. This is
highly unfortunate but hard to avoid.

Reported-by: ImpatientHippo on GitHub
Fixes #8908
Closes #8937
2022-05-31 09:04:56 +02:00
Daniel Stenberg
b1f8d50a92
curl_getdate.3: document that some illegal dates pass through
Closes #8938
2022-05-31 09:03:50 +02:00
Daniel Stenberg
07a400c8e0
CI: remove configure --enable-headers-api flags 2022-05-30 14:13:48 +02:00
Daniel Stenberg
4d94fac9f0
headers api: remove EXPERIMENTAL tag
Closes #8900
2022-05-30 14:13:48 +02:00
Daniel Gustafsson
739275a1d9 cookies: fix documentation comment
Commit 4073cd83b2 added the noexpire parameter to Curl_cookie_add but
missed updating the documentation comment at the head of the file.
2022-05-30 13:46:25 +02:00
Marc Hoersken
2d7044a191
tests/data/test1940: use binary mode for expected stdout
The generated stdout data is written in binary mode with [LF]
line endings, therefore we also need to do a binary comparison.

Assisted-by: Jay Satiro
Assisted-by: Daniel Stenberg

Follow up to c9b60f0053
Fixes #8920
Closes #8936
2022-05-30 09:23:41 +02:00
Daniel Stenberg
22eab9d413
CURLINFO_CAINFO/PATH.3: clarify the multiple TLS situation
Spell out the multi-TLS situation.

Reported-by: Dan Fandrich
Fixes #8926
Closes #8932
2022-05-29 17:01:42 +02:00