Commit Graph

31210 Commits

Author SHA1 Message Date
Daniel Stenberg
9ff73274df
THANKS: add contributors from 8.4.0 2023-10-11 07:34:19 +02:00
Jay Satiro
fb4415d8ae
socks: return error if hostname too long for remote resolve
Prior to this change the state machine attempted to change the remote
resolve to a local resolve if the hostname was longer than 255
characters. Unfortunately that did not work as intended and caused a
security issue.

Bug: https://curl.se/docs/CVE-2023-38545.html
2023-10-11 07:34:19 +02:00
Stefan Eissing
09e25b9d94 CI: remove slowed-network tests
- remove these tests as they are currently not reliable in our CI
  setups.

curl handles the test cases, but CI sometimes fails on these due to
additional conditions. Rather than mix them in, an additional CI job
will be added in the future that is specific to them.

Closes https://github.com/curl/curl/pull/12075
2023-10-10 16:29:01 -04:00
Jay Satiro
ba8c5c49a3 libcurl-env-dbg.3: move debug variables from libcurl-env.3
- Move documentation of libcurl environment variables used only in debug
  builds from libcurl-env into a separate document libcurl-env-dbg.

- Document more debug environment variables.

Previously undocumented or missing a description:

CURL_ALTSVC_HTTP, CURL_DBG_SOCK_WBLOCK, CURL_DBG_SOCK_WPARTIAL,
CURL_DBG_QUIC_WBLOCK, CURL_DEBUG, CURL_DEBUG_SIZE, CURL_GETHOSTNAME,
CURL_HSTS_HTTP, CURL_FORCETIME, CURL_SMALLREQSEND, CURL_SMALLSENDS,
CURL_TIME.

Closes https://github.com/curl/curl/pull/11811
2023-10-10 15:37:16 -04:00
Dan Fandrich
f64ecb2bc0 test670: increase the test timeout
This should make it more immune to loaded servers.

Ref: #11328
2023-10-09 14:15:29 -07:00
Stefan Eissing
b0f3d71c1f
MQTT: improve receive of ACKs
- add `mq->recvbuf` to provide buffering of incomplete
  ACK responses
- continue ACK reading until sufficient bytes available
- fixes test failures on low network receives

Closes #12071
2023-10-09 18:34:17 +02:00
Viktor Szakats
5032f04ee9
quic: fix BoringSSL build
Add guard around `SSL_CTX_set_ciphersuites()` use.

Bug: https://github.com/curl/curl/pull/12065#issuecomment-1752171885

Follow-up to aa9a6a1770

Co-authored-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes #12067
2023-10-09 12:43:56 +00:00
Stefan Eissing
a383d1372f
test1540: improve reliability
- print that bytes have been received on pausing, but not how many

Closes #12069
2023-10-09 14:07:59 +02:00
Stefan Eissing
56d373033d
test2302: improve reliability
- make result print collected write data, unless
  change in meta flags is detected
- will show same result even when data arrives via
  several writecb invocations

Closes #12068
2023-10-09 14:07:08 +02:00
Daniel Stenberg
dc4e885f35
curl_easy_pause: set "in callback" true on exit if true
Because it might have called another callback in the mean time that then
set the bit FALSE on exit.

Reported-by: Jay Satiro
Fixes #12059
Closes #12061
2023-10-09 08:21:51 +02:00
Viktor Szakats
0e4bef0862
h3: add support for ngtcp2 with AWS-LC builds
```
curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS-LC/1.15.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile MultiSSL NTLM SSL threadsafe UnixSockets
```

Also delete an obsolete GnuTLS TODO and update the header comment in
`FindNGTCP2.cmake`.

Reviewed-by: Daniel Stenberg
Closes #12066
2023-10-08 22:35:04 +00:00
Viktor Szakats
58a95b6a49
build: do not publish HAVE_BORINGSSL, HAVE_AWSLC macros
Syncing this up with CMake.

Source code uses the built-in `OPENSSL_IS_AWSLC` and
`OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is
necessary from the build tools.

The one use of `HAVE_BORINGSSL` in the source turned out to be no longer
necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634

autotools detects this anyway for display purposes.
CMake detects this to decide whether to use the BoringSSL-specific
crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection
result just yet (planned in #12066).

Ref: #11964

Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes #12065
2023-10-08 22:29:45 +00:00
Marc Hoersken
2e93c07c87
CI: move distcheck job from Azure Pipelines to GitHub Actions
This will allow for more trigger excludes within Azure Pipelines.

Also fixes seemingly broken check with scripts/installcheck.sh.
Ref: 190374c74e

Assisted-by: Philip Heiduck
Closes #9532
2023-10-08 19:36:16 +02:00
Daniel Stenberg
43215842f2
url: fall back to http/https proxy env-variable if ws/wss not set
Reported-by: Craig Andrews
Fixes #12031
Closes #12058
2023-10-08 11:29:10 +02:00
Stefan Eissing
b9c78eeac1
cf-socket: simulate slow/blocked receives in debug
add 2 env variables for non-UDP sockets:
1. CURL_DBG_SOCK_RBLOCK: percentage of receive calls that randomly
   should return EAGAIN
2. CURL_DBG_SOCK_RMAX: max amount of bytes read from socket

Closes #12035
2023-10-08 11:04:09 +02:00
Stefan Eissing
ba1e559bd8
http2: refused stream handling for retry
- answer HTTP/2 streams refused via a GOAWAY from the server to
  respond with CURLE_RECV_ERROR in order to trigger a retry
  on another connection

Reported-by: black-desk on github
Ref #11859
Closes #12054
2023-10-08 11:01:47 +02:00
Jay Satiro
0dc40b2a0f CURLOPT_DEBUGFUNCTION.3: warn about internal handles
- Warn that the user's debug callback may be called with the handle
  parameter set to an internal handle.

Without this warning the user may assume that the only handles their
debug callback receives are the easy handles on which they set
CURLOPT_DEBUGFUNCTION.

This is a follow-up to f8cee8cc which changed DoH handles to inherit
the debug callback function set in the user's easy handle. As a result
those handles are now passed to the user's debug callback function.

Closes https://github.com/curl/curl/pull/12034
2023-10-08 00:21:10 -04:00
Jay Satiro
cf577bca84 url: fix typo 2023-10-07 18:43:14 -04:00
Daniel Stenberg
c20f425192
test458: verify --expand-output, expanding a file name accepting option
Verifies the fix in #12055 (commit f2c8086ff1)
2023-10-08 00:29:36 +02:00
Daniel Stenberg
f2c8086ff1
tool_getparam: accept variable expansion on file names too
Reported-by: PBudmark on github
Fixes #12048
Closes #12055
2023-10-08 00:28:50 +02:00
Daniel Stenberg
38fbe8dbfe
RELEASE-NOTES: synced 2023-10-07 23:01:06 +02:00
Daniel Stenberg
07008ee8ac
multi: do CURLM_CALL_MULTI_PERFORM at two more places
... when it does a state transition but there is no particular socket or
timer activity. This was made apparent when commit b5bb84c removed a
superfluous timer expiry.

Reported-by: Dan Fandrich.
Fixes #12033
Closes #12056
2023-10-07 22:54:54 +02:00
Viktor Szakats
9243ed6f4b
GHA/linux: mbedtls 3.5.0 + minor dep bumps
Closes #12057
2023-10-07 20:34:53 +00:00
Dan Fandrich
dff6b78fe7 CI: bump OpenLDAP package version on FreeBSD
The old one is no longer available.
2023-10-07 12:52:07 -07:00
Marc Hoersken
190374c74e
docs/libcurl/opts/Makefile.inc: add missing manpage files
Detected with #9532
2023-10-07 20:54:38 +02:00
Dan Fandrich
f6513b9982 tests: fix a race condition in ftp server disconnect
If a client disconnected and reconnected quickly, before the ftp server
had a chance to respond, the protocol message/ack (ping/pong) sequence
got out of sync, causing messages sent to the old client to be delivered
to the new.  A disconnect must now be acknowledged and intermediate
requests thrown out until it is, which ensures that such synchronization
problems can't occur. This problem could affect ftp, pop3, imap and smtp
tests.

Fixes #12002
Closes #12049
2023-10-07 11:19:39 -07:00
Viktor Szakats
500f28f414
appveyor: bump mingw-w64 job to gcc 13 (was: 8)
This sets gcc 6, 7, 9, 13 in our test mix (was: 6, 7, 8, 9).
Adding a modern gcc version to the tests.

(The gcc 8 job used to take around 50 minutes. The new image with gcc 13
finished in 32, 35, 34 minutes in the 3 test runs so far.)

It also adds a modern CMake version and OS env to our mingw-w64 builds.

Closes #12051
2023-10-07 14:46:37 +00:00
David Benjamin
9eb774304e
openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR
While the struct is still public in OpenSSL, there is a (somewhat
inconvenient) accessor. Use it to remain compatible if it becomes opaque
in the future.

Closes #12038
2023-10-06 14:51:20 +02:00
Daniel Stenberg
a311c72723
curl_easy_pause.3: mention it works within callbacks
Reported-by: Maxim Dzhura
Bug: https://curl.se/mail/lib-2023-10/0010.html
Closes #12046
2023-10-06 14:48:32 +02:00
Daniel Stenberg
4a80c7503f
curl_easy_pause.3: mention h2/h3 buffering
Asked-by: Maxim Dzhura
Ref: https://curl.se/mail/lib-2023-10/0011.html

Closes #12045
2023-10-06 14:47:36 +02:00
Viktor Szakats
8bc474fa05
cmake: re-add missed C89 headers for specific detections
We removed C89 `setjmp.h` and `signal.h` detections and excluded them
from the global header list we use when detecting functions [1]. Then
missed to re-add these headers to the specific functions which need
them to be detected [2]. Fix this omission in this patch.

[1] Follow-up to 3795fcde99 #11951
[2] Follow-up to 96c29900bc #11940

Closes #12043
2023-10-06 09:46:02 +00:00
Daniel Stenberg
6dd6654f75
multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
Since there is nothing to wait for there. Avoids the test 1233 hang
reported in #12033.

Reported-by: Dan Fandrich
Closes #12042
2023-10-06 08:49:58 +02:00
Dan Fandrich
911d37bb2f test1903: actually verify the cookies after the test
The test otherwise could do just about anything (except leak memory in
debug mode) and its bad behaviour wouldn't be detected. Now, check the
resulting cookie file to ensure the cookies are still there.

Closes #12041
2023-10-05 13:13:43 -07:00
Dan Fandrich
361cd3edab test: add missing <feature>s
The tests will otherwise fail if curl has them disabled.
2023-10-05 13:10:51 -07:00
Dan Fandrich
930353d0af test1906: set a lower timeout since it's hit on Windows
msys2 builds actually hit the connect timeout in normal operation, so
lower the timeout from 5 minutes to 5 seconds to reduce test time.

Ref: #11328
Closes #12036
2023-10-05 02:05:13 -07:00
Daniel Stenberg
5ee0b9dd6e
RELEASE-NOTES: synced 2023-10-05 09:20:27 +02:00
Jay Satiro
021d04f291 idn: fix WinIDN null ptr deref on bad host
- Return CURLE_URL_MALFORMAT if IDN hostname cannot be converted from
  UTF-8 to UTF-16.

Prior to this change a failed conversion erroneously returned CURLE_OK
which meant 'decoded' pointer (what would normally point to the
punycode) would not be written to, remain NULL and be dereferenced
causing an access violation.

Closes https://github.com/curl/curl/pull/11983
2023-10-05 03:11:41 -04:00
Dan Fandrich
7d55ab1bff tests: close the shell used to start sshd
This shell isn't needed once sshd starts, so use "exec" so it doesn't
stick around.

Closes #12032
2023-10-04 15:20:45 -07:00
Daniel Stenberg
3ef3eaa27e
base64: also build for curl
Since the tool itself now uses the base64 code using the curlx way, it
needs to build also when the tool needs it. Starting now, the tool build
defines BULDING_CURL to allow lib-side code to use it.

Follow-up to 2e160c9c65

Closes #12010
2023-10-04 23:22:16 +02:00
Eduard Strehlau
f2ff730b38 tests: Fix zombie processes left behind by FTP tests.
ftpserver.pl correctly cleans up spawned server processes,
but forgets to wait for the shell used to spawn them.
This is barely noticeable during a normal testrun,
but causes process exhaustion and test failure
during a complete torture run of the FTP tests.

Fixes #12018
Closes #12020
2023-10-04 14:04:12 -07:00
Dan Fandrich
d1b0317f9b github/labeler: improve labeler matches 2023-10-04 12:21:17 -07:00
Dan Fandrich
2e5ede8f7f test574: add a timeout to the test
This one hangs occasionally, so this will speed up a test run and allow
logs to be seen when it does.

Closes #12025
2023-10-04 12:15:57 -07:00
Dan Fandrich
2bee7aeb34 tests: propagate errors in libtests
Use the test macros to automatically propagate some errors, and check
and log others while running the tests. This can help in debugging
exactly why a test has failed.
2023-10-04 12:15:57 -07:00
Dan Fandrich
61c8f1edc3 tests: set --expect100-timeout to improve test reliability
On an overloaded server, the default 1 second timeout can go by without
the test server having a chance to respond with the expected headers,
causing tests to fail. Increase the 1 second timeout to 99 seconds so
this failure mode is no longer a problem on test 1129. Some other tests
already set a high value, but make them consistently 99 seconds so if
something goes wrong the test is stalled for less time.

Ref: #11328
2023-10-04 12:15:57 -07:00
Dan Fandrich
7c8efbfd5d CI: ignore the "flaky" and "timing-dependent" test results in CMake
This was already done for automake builds but CMake builds were missed.
Test 1086 actually causes the test harness to crash with:

Warning: unable to close filehandle DWRITE properly: Broken pipe at C:/projects/curl/tests/ftpserver.pl line 527

Rather than fix it now, this change leaves test 1086 entirely skipped on
those builds that show this problem.

Follow-up to 589dca761

Ref: #11865
2023-10-04 12:14:16 -07:00
Viktor Szakats
751e168d93
cmake: improve OpenLDAP builds
- cmake: detect OpenLDAP based on function `ldap_init_fd`.
  autotools does this. autotools also publishes this detection result
  in `HAVE_LDAP_INIT_FD`. We don't mimic that with CMake as the source
  doesn't use this value. (it might need to be remove-listed in
  `scripts/cmp-config.pl` for future OpenLDAP test builds.)
  This also deletes existing self-declaration method via the
  CMake-specific `CURL_USE_OPENLDAP` configuration.

- cmake: define `LDAP_DEPRECATED=1` for OpenLDAP.
  Like autotools does. This fixes a long list of these warnings:
  ```
  /usr/local/opt/openldap/include/ldap.h:1049:5: warning: 'LDAP_DEPRECATED' is not defined, evaluates to 0 [-Wundef]
  ```

- cmake: delete LDAP TODO comment no longer relevant.

Also:

- autotools: replace domain name `dummy` with `0.0.0.0` in LDAP feature
  detection functions.

Ref: #11964 (effort to sync cmake detections with autotools)

Closes #12024
2023-10-04 17:55:19 +00:00
Viktor Szakats
fd328fcaf1
cmake: fix unity builds for more build combinations
By using unique static function/variable names in source files
implementing these interfaces.

- OpenLDAP combined with any SSH backend.

- MultiSSL with mbedTLS, OpenSSL, wolfSSL, SecureTransport.

Closes #12027
2023-10-04 15:36:06 +00:00
Daniel Stenberg
3fd80c7b59
tests: remove leading spaces from some tags
The threee tags `<name>`, `</name>` and `<command>` were frequently used
with a leading space that this removes. The reason this habbit is so
widespread in testcases is probably that they have been copy and pasted.

Hence, fixing them all now might curb this practice from now on.

Closes #12028
2023-10-04 14:15:23 +02:00
Viktor Szakats
1b9becb5d9
GHA: bump actions/checkout
Follow-up to 2e0fa50fc1 #11964
Follow-up to c39585d9b7 #12000

Closes #12023
2023-10-04 09:11:46 +00:00
Viktor Szakats
3b6d18bbf6
spelling: fix codespell 2.2.6 typos
Closes #12019
2023-10-03 21:37:56 +00:00