Commit Graph

30675 Commits

Author SHA1 Message Date
Daniel Stenberg
47e4fcf7b9
page-header: mention curl version and how to figure out current release
Closes #11216
2023-05-29 14:21:08 +02:00
Daniel Stenberg
d53cf9e733
RELEASE-NOTES: synced 2023-05-28 10:29:15 +02:00
Daniel Stenberg
814d3ffe74
configure: without pkg-config and no custom path, use -lnghttp2
Reported-by: correctmost on github
Fixes #11186
Closes #11210
2023-05-28 10:23:45 +02:00
Stefan Eissing
64dedb45b5
curl: cache the --trace-time value for a second
- caches HH:MM:SS computed and reuses it for logging during
  the same second.
- common function for plain log line start formatting

Closes #11211
2023-05-28 10:22:53 +02:00
Kev Jackson
ac90962954
libcurl.m4: remove trailing 'dnl' that causes this to break autoconf
Closes #11212
2023-05-28 08:40:33 +02:00
Stefan Eissing
c4bd61ddff
http3: send EOF indicator early as possible
- ngtcp2 and quiche implementations relied on the DONE_SEND event
  to forward the EOF for uploads to the libraries. This often
  result in a last 0 length EOF data. Tracking the amount of
  data left to upload allows EOF indication earlier.
- refs #11205 where CloudFlare DoH servers did not like to
  receive the initial upload DATA without EOF and returned
  a 400 Bad Request

Reported-by: Sergey Fionov
Fixes #11205
Closes #11207
2023-05-26 08:37:58 +02:00
Daniel Stenberg
af7670cf76
scripts/contri*sh: no longer grep -v ' '
Originally these scripts filtered out names that have no space so that
they better avoid nick names not intended for credits. Such names are
not too commonly used, plus we now give credit even to those.

Additionally: non-latin names, like Asian, don't have spaces at all so
they were also filtered out and had to be manually added which made it
an error-prone operation where Asian names eventually easily fell off by
mistake.

Closes #11206
2023-05-26 08:36:41 +02:00
Daniel Stenberg
196f3c3484
cf-socket: restore Curl_sock_assign_addr()
Regression since it was not private. Also used by msh3.c

Follow-up to 8e85764b7b
Reported-by: Gisle Vanem
Fixes #11202
Closes #11204
2023-05-25 14:34:39 +02:00
Daniel Stenberg
3df6693787
RELEASE-NOTES: synced
Taken down to 8.1.2 now for pending patch release
2023-05-25 13:36:49 +02:00
Daniel Stenberg
be17dc9d31
libssh: when keyboard-interactive auth fails, try password
The state machine had a mistake in that it would not carry on to that
next step.

This also adds a verbose output what methods that are available from the
server and renames the macros that change to the next auth methods to
try.

Reported-by: 左潇峰
Fixes #11196
Closes #11197
2023-05-25 11:09:29 +02:00
Emanuele Torre
c4a019603b
configure: fix build with arbitrary CC and LD_LIBRARY_PATH
Since ./configure and processes that inherit its environment variables
are the only callers of the run-compiler script, we can just save the
current value of the LD_LIBRARY_PATH and CC variables to another pair of
environment variables, and make run-compiler a static script that
simply restores CC and LD_LIBRARY_PATH to the saved value, and before
running the compiler.

This avoids having to inject the values of the variables in the script,
possibly causing problems if they contains spaces, quotes, and other
special characters.

Also add exports in the script just in case LD_LIBRARY_PATH and CC are
not already in the environment.

follow-up from 471dab2

Closes #11182
2023-05-25 10:36:43 +02:00
Daniel Stenberg
6375a65433
urlapi: remove superfluous host name check
... as it is checked later more proper.

Closes #11195
2023-05-25 08:30:20 +02:00
Stefan Eissing
5c58cb0212
http2: fix EOF handling on uploads with auth negotiation
- doing a POST with `--digest` does an override on the initial request
  with `Content-Length: 0`, but the http2 filter was unaware of that
  and expected the originally request body. It did therefore not
  send a final DATA frame with EOF flag to the server.
- The fix overrides any initial notion of post size when the `done_send`
  event is triggered by the transfer loop, leading to the EOF that
  is necessary.
- refs #11194. The fault did not happen in testing, as Apache httpd
  never tries to read the request body of the initial request,
  sends the 401 reply and closes the stream. The server used in the
  reported issue however tried to read the EOF and timed out on the
  request.

Reported-by: Aleksander Mazur
Fixes #11194
Cloes #11200
2023-05-25 08:26:18 +02:00
Daniel Stenberg
1fe8de85d3
RELEASE-NOTES: synced
bump to 8.2.0
2023-05-23 11:12:50 +02:00
Daniel Stenberg
8e85764b7b
lib: remove unused functions, make single-use static
Closes #11174
2023-05-23 11:08:51 +02:00
Daniel Stenberg
0768604196
scripts/singleuse.pl: add more API calls 2023-05-23 11:08:51 +02:00
Christian Hesse
471dab2da0
configure: quote the assignments for run-compiler
Building for multilib failed, as the compiler command contains an
extra argument. That needs quoting.

Regression from b78ca50cb3

Fixes #11179
Closes #11180
2023-05-23 10:46:44 +02:00
Daniel Stenberg
127eb0d83a
misc: fix spelling mistakes
Reported-by: musvaage on github
Fixes #11171
Closes #11172
2023-05-23 10:42:09 +02:00
Daniel Stenberg
1561d06752
RELEASE-NOTES: synced
curl 8.1.1
2023-05-23 08:11:32 +02:00
Daniel Stenberg
6b821c3543
THANKS: contributors from the 8.1.1 release 2023-05-23 08:10:56 +02:00
Dan Fandrich
023aa7b98a docs: fix fuzzing documentation link
Follow-up to 4c712a1b
2023-05-22 16:16:05 -07:00
Dan Fandrich
33849e4322 CI: add an Alpine build with MUSL
MUSL is another libc implementation which has its own unique issues
worth testing.

Ref: #11140
Closes #11178
2023-05-22 16:00:08 -07:00
Dan Fandrich
02c27bb429 runtests: add a missing \n at the end of a log message 2023-05-22 14:57:15 -07:00
correctmost on github
c1225c8915
SECURITY-PROCESS.md: link security advisory doc and fix typo
Closes #11177
2023-05-22 23:14:12 +02:00
Daniel Stenberg
7128ae8100
TODO: build curl with Windows Unicode support
Closes #7229
2023-05-22 17:08:45 +02:00
Daniel Stenberg
e37e92252d
KNOWN_BUGS: hyper memory-leaks
Closes #10803
2023-05-22 17:06:54 +02:00
Stefan Eissing
88332049ea
http/2: unstick uploads
- refs #11157 and #11175 where uploads get stuck or lead to RST streams
- fixes our h2 send behaviour to continue sending in the nghttp2 session
  as long as it wants to. This will empty our send buffer as long as
  the remote stream/connection window allows.
- in case the window is exhausted, the data remaining in the send buffer
  will wait for a WINDOW_UPDATE from the server. Which is a socket event
  that engages our transfer loop again
- the problem in the issue was that we did not exhaust the window, but
  left data in the sendbuffer and no further socket events did happen.
  The server was just waiting for us to send more.
- relatedly, there was an issue fixed that closing a stream with KEEP_HOLD
  set kept the transfer from shutting down - as it should have - leading
  to a timeout.

Closes #11176
2023-05-22 16:19:13 +02:00
Daniel Stenberg
7a48ebc08f
workflows/macos: add a job using gcc + debug + secure transport 2023-05-21 14:02:31 +02:00
Jay Satiro
6f93d5f604
lib: fix conversion warnings with gcc on macOS 2023-05-21 14:02:31 +02:00
Daniel Stenberg
954c7dfb91
sectransp.c: make the code c89 compatible
Follow-up to dd2bb48552

Reported-by: FeignClaims on github
Fixes #11155
Closes #11159
2023-05-21 14:02:11 +02:00
Emanuele Torre
eef076baa6
Revert "urlapi: respect CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY for redirects"
This reverts commit df6c2f7b54.
(It only keep the test case that checks redirection to an absolute URL
without hostname and CURLU_NO_AUTHORITY).

I originally wanted to make CURLU_ALLOW_SPACE accept spaces in the
hostname only because I thought
curl_url_set(CURLUPART_URL, CURLU_ALLOW_SPACE) was already accepting
them, and they were only not being accepted in the hostname when
curl_url_set(CURLUPART_URL) was used for a redirection.

That is not actually the case, urlapi never accepted hostnames with
spaces, and a hostname with a space in it never makes sense.
I probably misread the output of my original test when I they were
normally accepted when using CURLU_ALLOW_SPACE, and not redirecting.

Some other URL parsers seems to allow space in the host part of the URL,
e.g. both python3's urllib.parse module, and Chromium's javascript URL
object allow spaces (chromium percent escapes the spaces with %20),
(they also both ignore TABs, and other whitespace characters), but those
URLs with spaces in the hostname are useless, neither python3's requests
module nor Chromium's window.location can actually use them.

There is no reason to add support for URLs with spaces in the host,
since it was not a inconsistency bug; let's revert that patch before it
makes it into release. Sorry about that.

I also reverted the extra check for CURLU_NO_AUTHORITY since that does
not seem to be necessary, CURLU_NO_AUTHORITY already worked for
redirects.

Closes #11169
2023-05-21 13:59:04 +02:00
Dan Fandrich
c95ca8dfeb runtests: use the correct fd after select
The code was using the wrong fd when determining which runner was ready
with a response.

Ref: #10818
Closes #11160
2023-05-20 22:15:15 -07:00
Dan Fandrich
9f87dee556 test425: fix the log directory for the upload
This must be %LOGDIR to let it work with parallel tests.

Ref: #10969
2023-05-20 22:15:15 -07:00
Dan Fandrich
b43915b38f runtests: handle interrupted reads from IPC pipes
These can be interrupted by signals, especially SIGINT to shut down, and
must be restarted so the IPC call arrives correctly. If the read just
returns an error instead, the IPC calling state will go out of sync and
a proper shutdown won't happen.

Ref: #10818
2023-05-20 22:15:15 -07:00
Stefan Eissing
0cab1359a1
http2: upload improvements
Make send buffer smaller to have progress and "upload done" reporting
closer to reality. Fix handling of send "drain" condition to no longer
trigger once the transfer loop reports it is done sending. Also do not
trigger the send "drain" on RST streams.

Background:
- a upload stall was reported in #11157 that timed out
- test_07_33a reproduces a problem with such a stall if the
  server 404s the request and RSTs the stream.
- test_07_33b verifies a successful PUT, using the parameters
  from #11157 and checks success

Ref: #11157
Closes #11165
2023-05-20 23:07:45 +02:00
Stefan Eissing
1886eef7fa
http2: increase stream window size to 10 MB
Reported-by: pandada8 on github

Fixes #11162
Closes #11167
2023-05-20 23:05:07 +02:00
Daniel Stenberg
54ce13d3ff
lib: rename struct 'http_req' to 'httpreq'
Because FreeBSD 14 kidnapped the name.
Ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271526

Fixes #11163
Closes #11164
2023-05-20 23:03:01 +02:00
Viktor Szakats
36e998b18b
cmake: avoid list(PREPEND) for compatibility
`list(PREPEND)` requires CMake v3.15, our minimum is v3.7.

Ref: https://cmake.org/cmake/help/latest/command/list.html#prepend

Regression from 1e3319a167

Reported-by: Keitagit-kun on Github
Fixes #11141
Closes #11144
2023-05-20 11:50:40 +00:00
Daniel Stenberg
a64d7de61a
RELEASE-NOTES: synced 2023-05-19 16:38:20 +02:00
Stefan Eissing
7ab94d7d57
ngtcp2: proper handling of uint64_t when adjusting send buffer
Fixes #11149
Closes #11153
2023-05-19 16:23:19 +02:00
Stefan Eissing
e0ddfc8e05
ngtcp2: fix compiler warning about possible null-deref
- compiler analyzer did not include the call context for this
  static function where the condition had already been checked.
- eleminating the problem by making stream a call parameter

Fixes #11147
Closes #11151
2023-05-19 16:19:56 +02:00
Emanuele Torre
fbe23b5797
docs: document that curl_url_cleanup(NULL) is a safe no-op
This has always been the case, but it was not documented.

The paragraph was copied verbatim from curl_easy_cleanup.3

Closes #11150
2023-05-19 16:18:21 +02:00
Antoine Pitrou
d65321f939
select: avoid returning an error on EINTR from select() or poll()
This was already done for the poll() and select() calls
made directly from Curl_poll(), but was missed in
Curl_wait_ms(), which is called when there are no fds
to wait on.

Fixes #11135
Closes #11143
2023-05-19 16:16:26 +02:00
Daniel Stenberg
5b4bcc6ede
vquic.c: make recvfrom_packets static, avoid compiler warning
warning: no previous prototype for 'recvfrom_packets'

Reported-by: Keitagit-kun on github
Fixes #11146
Closes #11148
2023-05-19 16:15:22 +02:00
Daniel Stenberg
92772e6d39
urlapi: allow numerical parts in the host name
It can only be an IPv4 address if all parts are all digits and no more than
four parts, otherwise it is a host name. Even slightly wrong IPv4 will now be
passed through as a host name.

Regression from 17a15d8846 shipped in 8.1.0

Extended test 1560 accordingly.

Reported-by: Pavel Kalyugin
Fixes #11129
Closes #11131
2023-05-19 16:01:26 +02:00
Emilio Cobos Álvarez
77c9a9845b
http2: double http request parser max line length
This works around #11138, by doubling the limit, and should be a
relatively safe fix.

Ideally the buffer would grow as needed and there would be no need for a
limit? But that might be follow-up material.

Fixes #11138
Closes #11139
2023-05-19 01:09:36 +02:00
Emanuele Torre
81f3c4bc65
configure: fix --help alignment
AC_ARG_ENABLE seems to only trim off whitespace from the start and end
of its help-string argument, while prepending two spaces of indentation
to all lines.

This means that the two spaces of indentation between the --enable-rtsp
and the --disable-rtsp line were not removed causing ./configure --help
to print:

  Optional Features:
    [...]
    --enable-rtsp           Enable RTSP support
      --disable-rtsp          Disable RTSP support

I removed the indentation to fix the issue, now it prints:

  Optional Features:
    [...]
    --enable-rtsp           Enable RTSP support
    --disable-rtsp          Disable RTSP support

The --enable-hsts and --disable-hsts lines had the same problems, and
have been fixed too.

Closes #11142
2023-05-18 23:49:07 +02:00
Deal(一线灵)
446061e6cb
cmake: repair cross compiling
It cannot *run* code for testing purposes when cross-compiling.

Closes #11130
2023-05-18 21:13:12 +02:00
Daniel Stenberg
b78ca50cb3
configure: generate a script to run the compiler
in the CURL_RUN_IFELSE macro, with LD_LIBRARY_PATH set to the value of
the configure invoke, and not the value that might be used later,
intended for the execution of the output the compiler ouputs.

For example when the compiler uses the same library (like libz) that
configure checks for.

Reported-by: Jonas Bülow
Fixes #11114
Closes #11120
2023-05-18 20:57:11 +02:00
Stefan Eissing
408eb87bb3
cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND
Closes #11118
2023-05-18 20:55:16 +02:00