2
0
mirror of https://github.com/curl/curl.git synced 2024-12-15 06:40:09 +08:00
Commit Graph

29031 Commits

Author SHA1 Message Date
Daniel Stenberg
5162ba0562
curl_easy_pause.3: unpausing is as fast as possible
Reported-by: ssdbest on github
Fixes 
Closes 
2022-09-05 17:34:49 +02:00
Daniel Stenberg
ad9383bd7d
CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
Except file.

Reported-by: ProceduralMan on github
Fixes 
Closes 
2022-09-05 08:36:06 +02:00
Daniel Stenberg
472f1cbe7e
NPN: remove support for and use of
Next Protocol Negotiation is a TLS extension that was created and used
for agreeing to use the SPDY protocol (the precursor to HTTP/2) for
HTTPS. In the early days of HTTP/2, before the spec was finalized and
shipped, the protocol could be enabled using this extension with some
servers.

curl supports the NPN extension with some TLS backends since then, with
a command line option `--npn` and in libcurl with
`CURLOPT_SSL_ENABLE_NPN`.

HTTP/2 proper is made to use the ALPN (Application-Layer Protocol
Negotiation) extension and the NPN extension has no purposes
anymore. The HTTP/2 spec was published in May 2015.

Today, use of NPN in the wild should be extremely rare and most likely
totally extinct. Chrome removed NPN support in Chrome 51, shipped in
June 2016. Removed in Firefox 53, April 2017.

Closes 
2022-09-05 07:39:02 +02:00
Daniel Stenberg
e08c82f046
RELEASE-NOTES: synced
and bump the tentative next release version to 7.85.1
2022-09-04 23:13:34 +02:00
Samuel Henrique
7d69924ce7
configure: fail if '--without-ssl' + explicit parameter for an ssl lib
A side effect of a previous change to configure (576e507c78)
exposed a non-critical issue that can happen if configure is called with
both '--without-ssl' and some parameter setting the use of a ssl library
(e.g. --with-gnutls). The configure script would end up assuming this is
a MultiSSL build, due to the way the case statement is written.

I have changed the order of the variables in the string concatenation
for the case statement and also tweaked the options so that
--without-ssl never turns the build into a MultiSSL one and also clearly
stating that there are conflicting parameters if the user sets it like
described above.

Closes 
2022-09-04 15:57:12 +02:00
Daniel Stenberg
9178208a8e
tests/certs/scripts: insert standard curl source headers
... including the SPDX-License-Identifier.

These omissions were not detected by the RUEUSE CI job nor the copyright.pl
scanners because we have a general wildcard in .reuse/dep5 for
"tests/certs/*".

Reported-by: Samuel Henrique
Fixes 
Closes 
2022-09-04 15:55:19 +02:00
Samuel Henrique
7e6140cb93
docs: remove mentions of deprecated '--without-openssl' config parameter
Closes 
2022-09-02 14:46:05 +02:00
Samuel Henrique
464ff5a610
manpages: Fix spelling of "allows to" -> "allows one to"
References:
 https://salsa.debian.org/lintian/lintian/-/blob/master/tags/t/typo-in-manual-page.tag
 https://english.stackexchange.com/questions/60271/grammatical-complements-for-allow/60285#60285

Closes 
2022-09-02 14:45:01 +02:00
Samuel Henrique
5c095a4435
CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
Lintian (on Debian) has been complaining about this for a while but
 I didn't bother initially as the groff parser that we use is not
 affected by this.

 But I have now noticed that the online manpage is affected by it:
 https://curl.se/libcurl/c/CURLOPT_WILDCARDMATCH.html

 (I'm using double quotes for quoting-only down below)

 The section that should be parsed as "'\'" ends up being parsed as
 "'´".

 This is due to roffit not parsing "'\\'" correctly, which is fine
 as the "correct" way of writing "'\'" is "'\e'" instead.

 Note that this fix is not enough to fix the online manpage at
 curl's website, as roffit seems to parse it wrongly either way.

 My intent is to at least fix the manpage so that roffit can
 be changed to parse "'\e'" correctly (although I suggest making
 roffit parse both ways correctly, since that's what groff does).

 More details at:
 https://bugs.debian.org/966803
 930b18e4b2/tags/a/acute-accent-in-manual-page.tag

Closes 
2022-09-02 14:43:32 +02:00
Daniel Stenberg
7be53774c4
tool_operate: reduce errorbuffer allocs
- parallel transfers: only alloc and keep errorbuffers in memory for
  actual "live" transfers and not for the ones in the pending queue

- serial transfers: reuse the same fixed buffer for all transfers, not
  allocated at all.

Closes 
2022-09-01 09:25:00 +02:00
Viktor Szakats
c9061f242b
misc: spelling fixes
Found using codespell 2.2.1.

Also delete the redundant protocol designator from an archive.org URL.

Reviewed-by: Daniel Stenberg
Closes 
2022-08-31 14:31:01 +00:00
Daniel Stenberg
f2daef6ad4
tool_progress: remove 'Qd' from the parallel progress bar
The "queued" value is no longer showing anything useful to the user. It
is an internal number of transfers waiting at that moment.

Closes 
2022-08-31 15:58:15 +02:00
Daniel Stenberg
838d894504
tool_operate: prevent over-queuing in parallel mode
When doing a huge amount of parallel transfers, we must not add them to
the per_transfer list frivolously since they all use memory after all.
This was previous done without really considering millions or billions
of transfers. Massive parallelism would use a lot of memory for no good
purpose.

The queue is now limited to twice the paralleism number.

This makes the 'Qd' value in the parallel progress meter mostly useless
for users, but works for now for us as a debug display.

Reported-by: justchen1369 on github
Fixes 
Closes 
2022-08-31 15:58:03 +02:00
Viktor Szakats
7cd400a4d2
cmake: fix original MinGW builds
1. Re-enable `HAVE_GETADDRINFO` detection on Windows

   Commit d08ee3c83d (in 2013) added logic
   that automatically assumed `getaddrinfo()` to be present for builds
   with IPv6 enabled. As it turns out, certain toolchains (e.g. original
   MinGW) by default target older Windows versions, and thus do not
   support `getaddrinfo()` out of the box. The issue was masked for
   a while by CMake builds forcing a newer Windows version, but that
   logic got deleted in commit 8ba22ffb20.
   Since then, some CI builds started failing due to IPv6 enabled,
   `HAVE_GETADDRINFO` set, but `getaddrinfo()` in fact missing.

   It also turns out that IPv6 works without `getaddrinfo()` since commit
   67a08dca27 (from 2019, via ). So,
   to resolve all this, we can now revert the initial commit, thus
   restoring `getaddrinfo()` detection and support IPv6 regardless of its
   outcome.

   Reported-by: Daniel Stenberg

2. Omit `bcrypt` with original MinGW

   Original (aka legacy/old) MinGW versions do not support `bcrypt`
   (introduced with Vista). We already have logic to handle that in
   `lib/rand.c` and autotools builds, where we do not call the
   unsupported API and do not link `bcrypt`, respectively, when using
   original MinGW.

   This patch ports that logic to CMake, fixing the link error:
   `c:/mingw/bin/../lib/gcc/mingw32/9.2.0/../../../../mingw32/bin/ld.exe: cannot find -lbcrypt`

   Ref: https://ci.appveyor.com/project/curlorg/curl/builds/44624888/job/40vle84cn4vle7s0#L508
   Regression since 76172511e7

Fixes 
Fixes 
Fixes 
Closes 
2022-08-31 11:57:24 +00:00
Daniel Stenberg
93d092867f
RELEASE-NOTES: synced
curl 7.85.0 release
2022-08-31 08:09:21 +02:00
Daniel Stenberg
9b2f89b9ba
THANKS: add contributors from the 7.85.0 release 2022-08-31 08:09:21 +02:00
Daniel Stenberg
5b059ba895
getparam: correctly clean args
Follow-up to bf7e887b24

The previous fix for  was incomplete and caused .

Fixes 
Closes 
2022-08-31 01:03:36 +02:00
Daniel Stenberg
e43c3b3e3e
zuul: remove the clang-tidy job
Turns out we don't see the warnings, but the warnings right now are
plain ridiculous and unhelpful so we can just as well just kill this
job.

Closes 
2022-08-30 15:40:03 +02:00
Daniel Stenberg
cafb356e19
cmake: set feature PSL if present
... make test 1014 pass when libpsl is used.

Closes 
2022-08-30 15:39:12 +02:00
Daniel Stenberg
592290ed75
lib530: simplify realloc failure exit path
To make code analyzers happier

Closes 
2022-08-30 15:38:20 +02:00
Orgad Shaneh
56f1bbdd0c
tests: add tests for netrc login/password combinations
Covers the following PRs:

- 
- 
- 

Closes 
2022-08-29 17:26:21 +02:00
Orgad Shaneh
c40ec3178f
url: really use the user provided in the url when netrc entry exists
If the user is specified as part of the URL, and the same user exists
in .netrc, Authorization header was not sent at all.

The user and password fields were assigned in conn->user and password
but the user was not assigned to data->state.aptr, which is the field
that is used in output_auth_headers and friends.

Fix by assigning the user also to aptr.

Amends commit d1237ac906.

Fixes 
2022-08-29 17:25:29 +02:00
Orgad Shaneh
943fb2b26a
netrc: Use the password from lines without login
If netrc entry has password with empty login, use it for any username.

Example:
.netrc:
machine example.com password 123456

curl -vn http://user@example.com/

Fix it by initializing state_our_login to TRUE, and reset it only when
finding an entry with the same host and different login.

Closes 
2022-08-29 17:24:59 +02:00
Jay Satiro
8bd03516d6
url: treat missing usernames in netrc as empty
- If, after parsing netrc, there is a password with no username then
  set a blank username.

This used to be the case prior to 7d600ad (precedes 7.82). Note
parseurlandfillconn already does the same thing for URLs.

Reported-by: Raivis <standsed@users.noreply.github.com>
Testing-by: Domen Kožar

Fixes https://github.com/curl/curl/issues/8653
Closes 
Closes 
2022-08-29 17:24:22 +02:00
Daniel Stenberg
2fc031d834
test8: verify that "ctrl-byte cookies" are ignored 2022-08-29 11:20:53 +02:00
Daniel Stenberg
8dfc93e573
cookie: reject cookies with "control bytes"
Rejects 0x01 - 0x1f (except 0x09) plus 0x7f

Reported-by: Axel Chong

Bug: https://curl.se/docs/CVE-2022-35252.html

CVE-2022-35252

Closes 
2022-08-29 11:20:37 +02:00
Daniel Stenberg
74e156d00f
libssh: ignore deprecation warnings
libssh 0.10.0 marks all SCP functions as "deprecated" which causes
compiler warnings and errors in our CI jobs and elsewhere. Ignore
deprecation warnings if 0.10.0 or later is found in the build.

If they actually remove the functions at a later point, then someone can
deal with that pain and functionality break then.

Fixes 
Closes 
2022-08-29 10:54:39 +02:00
Daniel Stenberg
aec8d30624
Revert "schannel: when importing PFX, disable key persistence"
This reverts commit 70d010d285.

Due to further reports in  that indicate this commit might
introduce problems.
2022-08-29 08:16:20 +02:00
Daniel Stenberg
7632c0d25a
multi: use larger dns hash table for multi interface
Have curl_multi_init() use a much larger DNS hash table than used for
the easy interface to scale and perform better when used with _many_
host names.

curl_share_init() sets an in-between size.

Inspired-by: Ivan Tsybulin
See 
Closes 
2022-08-29 00:07:09 +02:00
Marc Hoersken
c5c6e86783
CI/runtests.pl: add param for dedicated curl to talk to APIs
This should make it possible to also report test failures
if our freshly build curl binary is not fully functional.

Reviewed-by: Daniel Stenberg
Closes 
2022-08-28 19:18:22 +02:00
Jacob Tolar
65bbb5e6f4
openssl: add cert path in error message
Closes 
2022-08-27 23:26:42 +02:00
Jacob Tolar
74af81ca03
cert.d: clarify that escape character works for file paths
Closes 
2022-08-27 23:25:32 +02:00
Daniel Stenberg
313e606d99
gha: move over ngtcp2-gnutls CI job from zuul
Closes 
2022-08-27 14:43:26 +02:00
Marc Hoersken
109e9730ee
cmake: add detection of threadsafe feature
Avoids failing test 1014 by replicating configure checks
for HAVE_ATOMIC and _WIN32_WINNT with custom CMake tests.

Reviewed-by: Marcel Raad

Follow up to 
Closes 
2022-08-26 21:09:32 +02:00
Daniel Stenberg
8c98d14b88
RELEASE-NOTES: synced 2022-08-26 16:23:20 +02:00
Marc Hoersken
d80b4f1ef0
CI/azure: align torture shallowness with GHA
There 25 is used with FTP tests skipped, and 20 for FTP tests.
This should make torture tests stay within the 60min timeout.

Reviewed-by: Daniel Stenberg
Closes 
2022-08-26 11:37:46 +02:00
Marc Hoersken
bc25c9e3ee
multi_wait: fix and improve Curl_poll error handling on Windows
First check for errors and return CURLM_UNRECOVERABLE_POLL
before moving forward and waiting on socket readiness events.

Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Reported-by: Daniel Stenberg
Ref: 

Follow up to 
Closes 
2022-08-26 11:36:42 +02:00
Marc Hoersken
a71fe41d2f
multi_wait: fix skipping to populate revents for extra_fds
On Windows revents was not populated for extra_fds if
multi_wait had to wait due to the Curl_poll pre-check
not signalling any readiness. This commit fixes that.

Reviewed-by: Marcel Raad
Reviewed-by: Jay Satiro

Closes 
2022-08-25 23:31:24 +02:00
Marc Hoersken
52484bf383
CI/appveyor: disable TLS in msys2-native autotools builds
Schannel cannot be used from msys2-native Linux-emulated builds.

Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg

Follow up to 
Closes 
2022-08-25 23:31:13 +02:00
Jay Satiro
ef121401d6 tests: fix http2 tests to use CRLF headers
Prior to this change some tests that rely on nghttpx proxy did not use
CRLF headers everywhere. A recent change in nghttp2, which updated its
version of llhttp (HTTP parser), requires curl's HTTP/1.1 test server to
use CRLF headers.

Ref: https://github.com/nghttp2/nghttp2/commit/9d389e8

Fixes https://github.com/curl/curl/issues/9364
Closes https://github.com/curl/curl/pull/9365
2022-08-25 12:05:30 -04:00
rcombs
07f80f968d
multi: use a pipe instead of a socketpair on apple platforms
Sockets may be shut down by the kernel when the app is moved to the
background, but pipes are not.

Removed from KNOWN_BUGS

Fixes 
Closes 
2022-08-25 17:43:08 +02:00
Somnath Kundu
89d204036a
libssh2: provide symlink name in SFTP dir listing
When reading the symbolic link name for a file, we need to add the file
name to base path name.

Closes 
2022-08-25 17:37:10 +02:00
Daniel Stenberg
576e507c78
configure: if asked to use TLS, fail if no TLS lib was detected
Previously the configure script would just warn about this fact and
continue with TLS disabled build which is not always helpful. TLS should
be explicitly disabled if that is what the user wants.

Closes 
2022-08-25 17:29:50 +02:00
Dustin Howett
70d010d285
schannel: when importing PFX, disable key persistence
By default, the PFXImportCertStore API persists the key in the user's
key store (as though the certificate was being imported for permanent,
ongoing use.)

The documentation specifies that keys that are not to be persisted
should be imported with the flag `PKCS12_NO_PERSIST_KEY`.
NOTE: this flag is only supported on versions of Windows newer than XP
and Server 2003.

Fixes 
Closes 
2022-08-25 13:47:27 +02:00
Daniel Stenberg
3f98eaafa0
unit1303: four tests should have TRUE for 'connecting'
To match the comments.

Reported-by: Wu Zheng

See 
Closes 
2022-08-23 17:39:37 +02:00
Daniel Stenberg
cf6e9ce80b
CURLOPT_BUFFERSIZE.3: add upload buffersize to see also
Closes 
2022-08-23 14:54:55 +02:00
Fabian Fischer
75ca89856c
HTTP3.md: add missing autoreconf command for building with wolfssl
Closes 
2022-08-23 14:17:20 +02:00
Daniel Stenberg
1e0f67f82b
RELEASE-NOTES: synced 2022-08-23 13:48:35 +02:00
Daniel Stenberg
31a41d45b7
multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
Ẃhen it has been used in the multi interface, it is otherwise left in
the connection cache, can't be reused and nothing will close them since
the easy handle loses the association with the multi handle and thus the
connection cache - until the multi handle is closed or it gets pruned
because the cache is full.

Reported-by: Dominik Thalhammer
Fixes 
Closes 
2022-08-23 13:44:11 +02:00
Daniel Stenberg
fdbcd39488
docs/cmdline-opts: remove \& escapes from all .d files
gen.pl escapes them itself now
2022-08-23 13:43:10 +02:00