Daniel Stenberg
37c5a527a8
RELEASE-NOTES: synced
2022-06-10 09:18:39 +02:00
Tatsuhiro Tsujikawa
927ede7edc
ngtcp2: build without sendmsg
...
Closes #8981
2022-06-10 09:10:54 +02:00
Tatsuhiro Tsujikawa
d2c6d8be18
ngtcp2: use handshake helper funcs to simplify TLS handshake integration
...
Closes #8968
2022-06-10 09:07:33 +02:00
Daniel Stenberg
95f5aae9ad
test390: verify --parallel
...
Closes #8985
2022-06-10 09:05:25 +02:00
Daniel Stenberg
5121d98c22
test1543: verify CURLINFO_EFFECTIVE_URL with CURLOPT_CURLU set
...
Triggered by a bug report from Adam Light:
https://curl.se/mail/lib-2022-06/0013.html - which ended up being mostly
a misunderstanding of how CURLINFO_EFFECTIVE_URL works.
Closes #8971
2022-06-08 16:32:46 +02:00
Daniel Stenberg
90a7017acb
url: URL encode the path when extracted, if spaces were set
2022-06-08 16:32:46 +02:00
Daniel Stenberg
c3fc406ebb
urlapi: support CURLU_URLENCODE for curl_url_get()
2022-06-08 16:32:46 +02:00
Daniel Stenberg
db8cfdc8f7
server/sws: support spaces in the HTTP request path
2022-06-08 16:32:46 +02:00
Daniel Stenberg
d391c57990
tests/getpart: fix getpartattr to work with "data" and "data2"
2022-06-08 16:32:46 +02:00
Daniel Stenberg
5912da253b
select: return error from "lethal" poll/select errors
...
Adds two new error codes: CURLE_UNRECOVERABLE_POLL and
CURLM_UNRECOVERABLE_POLL one each for the easy and the multi interfaces.
Reported-by: Harry Sintonen
Fixes #8921
Closes #8961
2022-06-08 11:07:01 +02:00
Daniel Stenberg
7007324a6a
test3026: add missing control file
...
Follow-up from 2ed1012564
Makes the test run, makes 'make dist' work
This single test takes 24-25 seconds on my machine (with valgrind). For
this reason I tag it with a "slow" keyword.
Closes #8976
2022-06-08 11:00:02 +02:00
Daniel Stenberg
f317b75c5e
runtests: fix skipping tests not done event-based
...
... and call timestampskippedevents() to avoid the flood of
uninitialized variable warnings.
Closes #8977
2022-06-08 10:56:37 +02:00
Daniel Stenberg
07058f6ad8
transfer: maintain --path-as-is after redirects
...
Reported-by: Marcus T
Fixes #8974
Closes #8975
2022-06-08 10:30:36 +02:00
Daniel Stenberg
5394cbf570
test391: verify --path-as-is with redirect
2022-06-08 10:30:28 +02:00
Jay Satiro
ae8a329e81
curl_global_init.3: Separate the Windows loader lock warning
...
This is a slight correction of the parent commit which implied the
loader lock warning only applied if not thread-safe. In fact the loader
lock warning applies either way.
Ref: https://github.com/curl/curl/pull/8972#discussion_r891987030
2022-06-08 03:02:51 -04:00
Daniel Stenberg
ba47566863
curl_global_init.3: this is now (usually) thread-safe
...
Follow-up to 23af112f55
Closes #8972
2022-06-08 08:50:15 +02:00
Haxatron
23408f1fd2
libcurl-security.3: Document CRLF header injection
...
- Document that user input to header options is not sanitized, which
could result in CRLF used to modify the request in a way other than
what was intended.
Ref: https://hackerone.com/reports/1589877
Ref: https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545
Closes https://github.com/curl/curl/pull/8964
2022-06-08 02:32:35 -04:00
Jay Satiro
c11380d213
CURLOPT_RANGE.3: remove ranged upload advice
...
The e-mail link in the advice contains instructions that are prone to
error. We need an example that works and can demonstrate how to properly
perform a ranged upload, and then we can refer to that example instead.
Bug: https://github.com/curl/curl/issues/8969
Reported-by: Simon Berger
Closes https://github.com/curl/curl/pull/8970
2022-06-08 01:47:17 -04:00
Thomas Guillem
2ed1012564
curl_version_info: add CURL_VERSION_THREADSAFE_INIT
...
This flag can be used to make sure that curl_global_init() is
thread-safe.
This can be useful for libraries that can't control what other
dependencies are doing with Curl.
Closes #8680
2022-06-07 13:34:03 +02:00
Thomas Guillem
23af112f55
lib: make curl_global_init() threadsafe when possible
...
Use a posix pthread or a Windows SRWLOCK to lock curl_global_init*() and
curl_global_cleanup().
Closes #8680
2022-06-07 13:34:03 +02:00
Daniel Stenberg
134963a5ef
RELEASE-NOTES: synced
2022-06-06 12:29:51 +02:00
Fabian Keil
77ad759366
test414: add the '--resolve' keyword
...
... so the test can be automatically skipped when
using an external proxy like Privoxy.
Closes #8959
2022-06-06 12:26:26 +02:00
Fabian Keil
d313db70f8
test{440,441,493,977}: add "HTTP proxy" keywords
...
... so the tests can be automatically skipped when
using an external proxy like Privoxy.
Closes #8959
2022-06-06 12:26:23 +02:00
Fabian Keil
3561e4ed9b
runtests.pl: add the --repeat parameter to the --help output
...
Closes #8959
2022-06-06 12:26:18 +02:00
Fabian Keil
1d288d46d5
test 2081: add a valid reply for the second request
...
... so the test works when using a HTTP proxy like
Privoxy that sends an error message if the server
doesn't send data.
Closes #8959
2022-06-06 12:26:14 +02:00
Fabian Keil
9dfa1dcfa0
test 675: add missing CR so the test passes when run through Privoxy
...
Closes #8959
2022-06-06 12:26:06 +02:00
Daniel Stenberg
6754f99398
ftp: when failing to do a secure GSSAPI login, fail hard
...
... instead of switching to cleartext. For the sake of security.
Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1590102
Closes #8963
2022-06-06 11:55:39 +02:00
Daniel Stenberg
21ea13cfe1
http2: reject overly many push-promise headers
...
Getting more than a thousand of them is rather a sign of some kind of
attack.
Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1589847
Closes #8962
2022-06-06 11:53:49 +02:00
Fabian Keil
9dbce9b3d0
misc: spelling improvements
...
Closes #8956
2022-06-05 12:15:23 +02:00
Tatsuhiro Tsujikawa
298c1dfc7b
ngtcp2: fix assertion failure on EMSGSIZE
...
Closes #8958
2022-06-05 12:12:26 +02:00
Daniel Stenberg
2bd75e5686
easy/transfer: fix cookie-disabled build
...
Follow-up from 45de940ceb
Reported-by: Marcel Raad
Fixes #8953
Closes #8954
2022-06-02 22:54:12 +02:00
Daniel Stenberg
07a9b89fed
examples/crawler.c: use the curl license
...
With permission from Jeroen Ooms
URL: https://github.com/curl/curl/pull/8869#issuecomment-1144742731
Closes #8950
2022-06-02 15:41:01 +02:00
Daniel Stenberg
cce50bd323
speed-limit/time.d: mention these affect transfers in either direction
...
Reported-by: Ladar Levison
Fixes #8948
Closes #8951
2022-06-02 15:40:09 +02:00
Daniel Stenberg
e517b63223
scripts/copyright.pl: fix the exclusion to not ignore man pages
...
Ref: #8869
Closes #8952
2022-06-02 15:39:14 +02:00
Daniel Stenberg
df829a1fa9
examples: remove fopen.c and rtsp.c
...
To simplify the license situation, as they were the only files in the
source tree using these specific BSD-3 clause licenses.
For an fopen style API, we recommend instead going
https://github.com/curl/fcurl
Ref: #8869
Closes #8949
2022-06-02 13:03:07 +02:00
Wolf Vollprecht
4d4eb8e587
netrc: check %USERPROFILE% as well on Windows
...
Closes #8855
2022-06-02 09:32:51 +02:00
Daniel Stenberg
665138b2dd
CURLOPT_SSH_HOSTKEYDATA/FUNCTION.3: minor polish
2022-06-02 09:30:52 +02:00
michael musset
1544513958
libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
...
The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.
The host key is passed in argument with a custom handle for the
application.
It overrides CURLOPT_SSH_KNOWNHOSTS
Closes #7959
2022-06-02 08:34:31 +02:00
Daniel Stenberg
267d560b5a
docs/CONTRIBUTE.md: document the 'needs-votes' concept
...
A pull request sent to the project might get labeled `needs-votes` by a
project maintainer. This label means that in addition to meeting all
other checks and qualifications this pull request must also receive
proven support/thumbs-ups from more community members to be considered
for merging.
Closes #8910
2022-06-02 08:21:24 +02:00
Evgeny Grin
f59508e6cd
digest: tolerate missing "realm"
...
Server headers may not define "realm", avoid NULL pointer dereference
in such cases.
Closes #8912
2022-06-02 08:18:54 +02:00
Evgeny Grin
807f440301
digest: added detection of more syntax error in server headers
...
Invalid headers should not be processed otherwise they may create
a security risk.
Closes #8912
2022-06-02 08:18:48 +02:00
Evgeny Grin
3a6fe0c767
digest: unquote realm and nonce before processing
...
RFC 7616 (and 2617) requires values to be "unquoted" before used for
digest calculations. The only place where unquoting can be done
correctly is header parsing function (realm="DOMAIN\\host" and
realm=DOMAN\\host are different realms).
This commit adds unquoting (de-escaping) of all values during header
parsing and quoting of the values during header forming. This approach
should be most straightforward and easy to read/maintain as all values
are processed in the same way as required by RFC.
Closes #8912
2022-06-02 08:18:34 +02:00
Daniel Stenberg
f810047f9d
headers: handle unfold of space-cleansed headers
...
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47767
Updated test 1274
Closes #8947
2022-06-01 15:24:49 +02:00
Daniel Stenberg
45de940ceb
lib: make more protocol specific struct fields #ifdefed
...
... so that they don't take up space if the protocols are disabled in
the build.
Closes #8944
2022-06-01 14:31:49 +02:00
Daniel Stenberg
bb130871c0
DISABLED: disable 1021 for hyper again
...
due to flakiness in the CI builds
2022-06-01 09:43:48 +02:00
Daniel Stenberg
8b1ae28509
urldata: store tcp_keepidle and tcp_keepintvl as ints
...
They can't be set larger than INT_MAX in the setsocket API calls.
Also document the max values in their respective man pages.
Closes #8940
2022-06-01 08:12:09 +02:00
Daniel Stenberg
4651945822
urldata: reduce size of a few struct fields
...
When the values are never larger than 32 bit, ints are better than longs.
Closes #8940
2022-06-01 08:12:09 +02:00
Daniel Stenberg
b1c1df0b6b
urldata: remove three unused booleans from struct UserDefined
...
- is_fwrite_set
- free_referer
- strip_path_slash
Closes #8940
2022-06-01 08:12:09 +02:00
Daniel Stenberg
c6b2bc6db8
remote-name.d: mention --output-dir
...
plus add two see-alsos
Closes #8945
2022-06-01 08:11:16 +02:00
Jay Satiro
fde966b69f
configure: skip libidn2 detection when winidn is used
...
Prior to this change --with-winidn could be overridden by libidn2
detection.
Closes https://github.com/curl/curl/pull/8934
2022-06-01 01:58:43 -04:00