Commit Graph

26670 Commits

Author SHA1 Message Date
Daniel Stenberg
d16fb4d056
Revert "CI/github: work-around for brew breakage on macOS"
This reverts commit 4cbb17a2cb.

... as the work-around now causes failures.

Closes #6332
2020-12-16 14:37:41 +01:00
Daniel Stenberg
1451f4d2e1
examples: remove superfluous asterisk uses
... for function pointers. Breaks in ancient compilers.
2020-12-16 09:24:16 +01:00
Daniel Stenberg
4dc710b198
RELEASE-NOTES: synced 2020-12-16 08:22:28 +01:00
Daniel Stenberg
354bc95d96
test1272: fix line ending
Follow-up to f24784f914
2020-12-15 17:38:42 +01:00
Daniel Stenberg
98b6aa14d9
URL-SYNTAX: add gophers details 2020-12-15 12:58:19 +01:00
Daniel Stenberg
f24784f914
test1272: test gophers 2020-12-15 12:58:19 +01:00
Daniel Stenberg
48b85c46f1
runtests: add support for gophers, gopher over TLS 2020-12-15 12:58:19 +01:00
parazyd
a1f06f32b8
gopher: Implement secure gopher protocol.
This commit introduces a "gophers" handler inside the gopher protocol if
USE_SSL is defined. This protocol is no different than the usual gopher
prococol, with the added TLS encapsulation upon connecting. The protocol
has been adopted in the gopher community, and many people have enabled
TLS in their gopher daemons like geomyidae(8), and clients, like clic(1)
and hurl(1).

I have not implemented test units for this protocol because my knowledge
of Perl is sub-par. However, for someone more knowledgeable it might be
fairly trivial, because the same test that tests the plain gopher
protocol can be used for "gophers" just by adding a TLS listener.

Signed-off-by: parazyd <parazyd@dyne.org>

Closes #6208
2020-12-15 12:58:12 +01:00
Daniel Stenberg
be8c94da78
TODO: Package curl for Windows in a signed installer
Closes #5424
2020-12-15 12:02:14 +01:00
Daniel Stenberg
a259eee99f
mqtt: deal with 0 byte reads correctly
OSS-Fuzz found it
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28676

Closes #6327
2020-12-15 11:38:29 +01:00
Daniel Stenberg
c4d88f89a9
BUG-BOUNTY: minor language update
... and remove the wording about entries from before 2019 as the "within
12 months" is still there and covers that.

Closes #6318
2020-12-15 08:57:07 +01:00
Daniel Stenberg
bc7ecc71c0
tooĺ_writeout: fix the -w time output units
Fix regression from commit fc813f80e1 (#6248) that changed the unit
to microseconds instead of seconds with fractions

Reported-by: 不确定
Fixes #6321
Closes #6322
2020-12-15 08:09:29 +01:00
Daniel Stenberg
796c068895
quiche: remove fprintf() leftover 2020-12-14 11:19:48 +01:00
Jay Satiro
9f85b986a9 KNOWN_BUGS: SHA-256 digest not supported in Windows SSPI builds
Closes https://github.com/curl/curl/issues/6302
2020-12-14 01:08:15 -05:00
Jay Satiro
c54565915f digest_sspi: Show InitializeSecurityContext errors in verbose mode
The error is shown with infof rather than failf so that the user will
see the extended error message information only in verbose mode, and
will still see the standard CURLE_AUTH_ERROR message. For example:

---

* schannel: InitializeSecurityContext failed: SEC_E_QOP_NOT_SUPPORTED
(0x8009030A) - The per-message Quality of Protection is not supported by
the security package
* multi_done
* Connection #1 to host 127.0.0.1 left intact
curl: (94) An authentication function returned an error

---

Ref: https://github.com/curl/curl/issues/6302

Closes https://github.com/curl/curl/pull/6315
2020-12-14 00:25:10 -05:00
Daniel Stenberg
78af8b68cf
URL-SYNTAX: add default port numbers and IDNA details
Closes #6316
2020-12-13 23:20:36 +01:00
Daniel Stenberg
7ba2577988
URL-SYNTAX: mention how FILE:// access can access network on windows
Closes #6314
2020-12-13 12:24:57 +01:00
Jay Satiro
b90c23d580 URL-SYNTAX: Document default SMTP port 25
Note that ports 25 and 587 are common ports for smtp, the former being
the default.

Closes https://github.com/curl/curl/pull/6310
2020-12-12 19:09:42 -05:00
Daniel Stenberg
a0f0c7149f
CURLOPT_URL.3: remove scheme specific details
... that are now found in URL-SYNTAX.md

Closes #6307
2020-12-12 22:46:37 +01:00
Dan Fandrich
2a264d494e docs: Fix some typos
[skip ci]
2020-12-12 09:59:28 -08:00
Daniel Stenberg
c29db0303d
URL-SYNTAX: mention all supported schemes
Closes #6311
2020-12-12 16:37:16 +01:00
Douglas R. Reno
940d414980
URL-SYNTAX.md: minor language improvements
Closes #6308
2020-12-12 11:19:10 +01:00
Daniel Stenberg
ea0916d41b
docs/URL-SYNTAX: the URL syntax curl accepts and works with
Closes #6285
2020-12-11 23:57:46 +01:00
0xflotus
5253444090
docs: enable syntax highlighting in several docs files
... for better readability

Closes #6286
2020-12-11 18:06:41 +01:00
Daniel Stenberg
eddae97406
test1564/1565: require the 'wakeup' feature to run
Fixes #6299
Fixes #6300
Closes #6301
2020-12-11 17:42:18 +01:00
Daniel Stenberg
34bb59a868
runtests: add 'wakeup' as a feature 2020-12-11 17:42:17 +01:00
Daniel Stenberg
769a4687df
tests/server/disabled: add "wakeup"
To allow the test suite to know if wakeup support is disabled in the
build.
2020-12-11 17:42:17 +01:00
Daniel Stenberg
6cd066f64b
lib1564/5: verify that curl_multi_wakeup returns OK 2020-12-11 17:42:17 +01:00
Daniel Stenberg
3a63c190bb
tests: make --libcurl tests only test FTP options if ftp enabled
Adjust six --libcurl tests to only check the FTP option if FTP is
actually present in the build.

Fixes #6303
Closes #6305
2020-12-11 17:28:35 +01:00
Daniel Stenberg
3e92799171
runtests.pl: fix "uninitialized value" warning
follow-up to e12825c642
2020-12-11 13:53:23 +01:00
Daniel Stenberg
e12825c642
runtests: add support for %if [feature] conditions
... to make tests run differently or expect different results depending
on what features that are present or not in curl.

Bonus: initial minor 'Hyper' awareness but nothing is using that yet

Closes #6304
2020-12-11 13:16:02 +01:00
Jon Rumsey
117b94eb0b
OS400: update ccsidcurl.c
Add 'struct' to cast and declaration of cfcdata to fix compilation
error.

Fixes #6292
Closes #6297
2020-12-10 11:30:19 +01:00
Daniel Stenberg
32793b2c4f
ngtcp2: make it build it current master again
Closes #6296
2020-12-10 08:57:07 +01:00
Cristian Rodríguez
25b4e158e9
connect: defer port selection until connect() time
If supported, defer port selection until connect() time
if --interface is given and source port is 0.

Reproducer:

* start fast webserver on port 80
* starve system of ephemeral ports
$  sysctl net.ipv4.ip_local_port_range="60990 60999"

* start a curl/libcurl "crawler"
$curl --keepalive --parallel --parallel-immediate --head --interface
127.0.0.2 "http://127.0.0.[1-254]/file[001-002].txt"

current result:
(possible some successful data)
curl: (45) bind failed with errno 98: Address already in use

result after patch:
(complete success or few connections failing, higlhy depending on load)

Fail only when all the possible 4-tuple combinations are exhausted,
which is impossible to do when port is selected at bind() time becuse
the kernel does not know if socket will be listen()'ed on or connect'ed
yet.

Closes #6295
2020-12-10 08:55:42 +01:00
Hans-Christian Noren Egtvedt
8a10abaf85
connect: zero variable on stack to silence valgrind complaint
Valgrind will complain that ssrem buffer usage if not explicit
initialized, hence initialize it to zero.

This completes the change intially started in commit 2c0d721215 ('ftp:
retry getpeername for FTP with TCP_FASTOPEN') where the ssloc buffer has
a similar memset to zero.

Signed-off-by: Hans-Christian Noren Egtvedt <hegtvedt@cisco.com>
Closes #6289
2020-12-09 23:36:15 +01:00
Daniel Stenberg
98dc917869
RELEASE-NOTES: synced
start over on the next release cycle
2020-12-09 22:57:47 +01:00
Daniel Stenberg
e052859759
RELEASE-NOTES: synced
for 7.74.0
2020-12-09 07:38:24 +01:00
Jacob Hoffman-Andrews
6d338a87d6 urldata: restore comment on ssl_connect_data.use
This comment was originally on the `use` field, but was separated from
its field in 62a2534.

Closes https://github.com/curl/curl/pull/6287
2020-12-07 18:45:47 -05:00
Daniel Stenberg
0611fded46
VERSIONS: refreshed
We always use the patch number these days: all releases are
"major.minor.patch"
2020-12-07 13:23:04 +01:00
Jakub Zakrzewski
cfea4f2f4d
cmake: don't use reserved target name 'test'
CMake up to 3.10 always reserves this name

Fixes #6257
Closes #6258
2020-12-07 10:33:35 +01:00
Daniel Stenberg
d9d0167278
openssl: make the OCSP verification verify the certificate id
CVE-2020-8286

Reported by anonymous

Bug: https://curl.se/docs/CVE-2020-8286.html
2020-12-07 09:27:10 +01:00
Daniel Stenberg
69a358f218
ftp: make wc_statemach loop instead of recurse
CVE-2020-8285

Fixes #6255
Bug: https://curl.se/docs/CVE-2020-8285.html
Reported-by: xnynx on github
2020-12-07 09:25:48 +01:00
Daniel Stenberg
ec9cc725d5
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.

Ten test cases updated to adapt the modified --libcurl output.

Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284

Reported-by: Varnavas Papaioannou
2020-12-07 08:38:05 +01:00
Daniel Stenberg
abd846c374
urlapi: don't accept blank port number field without scheme
... as it makes the URL parser accept "very-long-hostname://" as a valid
host name and we don't want that. The parser now only accepts a blank
(no digits) after the colon if the URL starts with a scheme.

Reported-by: d4d on hackerone

Closes #6283
2020-12-07 00:50:49 +01:00
Daniel Stenberg
2260e0ebe6
Revert "multi: implement wait using winsock events"
This reverts commit d2a7d7c185.

This commit also reverts the subsequent follow-ups to that commit, which
were all done within windows #ifdefs that are removed in this
change. Marc helped me verify this.

Fixes #6146
Closes #6281
2020-12-06 22:40:38 +01:00
Klaus Crusius
2c0d721215
ftp: retry getpeername for FTP with TCP_FASTOPEN
In the case of TFO, the remote host name is not resolved at the
connetion time.

For FTP that has lead to missing hostname for the secondary connection.
Therefore the name resolution is done at the time, when FTP requires it.

Fixes #6252
Closes #6265
Closes #6282
2020-12-06 11:18:28 +01:00
Thomas Danielsson
7a6fdd503d
scripts/completion.pl: parse all opts
For tab-completion it may be preferable to include all the
available options.

Closes #6280
2020-12-05 17:41:46 +01:00
Daniel Stenberg
b2bde86bbb
RELEASE-NOTES: synced 2020-12-04 16:27:35 +01:00
Daniel Stenberg
1835cb916e
openssl: use OPENSSL_init_ssl() with >= 1.1.0
Reported-by: Kovalkov Dmitrii and Per Nilsson
Fixes #6254
Fixes #6256
Closes #6260
2020-12-03 22:30:38 +01:00
Daniel Stenberg
6703eb2f4c
SECURITY-PROCESS: disclose on hackerone
Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.

Closes #6275
2020-12-03 22:29:34 +01:00