mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-15 06:40:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
28,767 Commits 15 Branches 222 Tags 186 MiB
c717975eaa
Commit Graph

28767 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Stenberg
f317b75c5e
runtests: fix skipping tests not done event-based 
... and call timestampskippedevents() to avoid the flood of
uninitialized variable warnings.

Closes #8977
 2022-06-08 10:56:37 +02:00
Daniel Stenberg
07058f6ad8
transfer: maintain --path-as-is after redirects 
Reported-by: Marcus T
Fixes #8974
Closes #8975
 2022-06-08 10:30:36 +02:00
Daniel Stenberg
5394cbf570
test391: verify --path-as-is with redirect 2022-06-08 10:30:28 +02:00
Jay Satiro
ae8a329e81 curl_global_init.3: Separate the Windows loader lock warning 
This is a slight correction of the parent commit which implied the
loader lock warning only applied if not thread-safe. In fact the loader
lock warning applies either way.

Ref: https://github.com/curl/curl/pull/8972#discussion_r891987030
 2022-06-08 03:02:51 -04:00
Daniel Stenberg
ba47566863
curl_global_init.3: this is now (usually) thread-safe 
Follow-up to 23af112f55

Closes #8972
 2022-06-08 08:50:15 +02:00
Haxatron
23408f1fd2 libcurl-security.3: Document CRLF header injection 
- Document that user input to header options is not sanitized, which
  could result in CRLF used to modify the request in a way other than
  what was intended.

Ref: https://hackerone.com/reports/1589877
Ref: https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545

Closes https://github.com/curl/curl/pull/8964
 2022-06-08 02:32:35 -04:00
Jay Satiro
c11380d213 CURLOPT_RANGE.3: remove ranged upload advice 
The e-mail link in the advice contains instructions that are prone to
error. We need an example that works and can demonstrate how to properly
perform a ranged upload, and then we can refer to that example instead.

Bug: https://github.com/curl/curl/issues/8969
Reported-by: Simon Berger

Closes https://github.com/curl/curl/pull/8970
 2022-06-08 01:47:17 -04:00
Thomas Guillem
2ed1012564
curl_version_info: add CURL_VERSION_THREADSAFE_INIT 
This flag can be used to make sure that curl_global_init() is
thread-safe.

This can be useful for libraries that can't control what other
dependencies are doing with Curl.

Closes #8680
 2022-06-07 13:34:03 +02:00
Thomas Guillem
23af112f55
lib: make curl_global_init() threadsafe when possible 
Use a posix pthread or a Windows SRWLOCK to lock curl_global_init*() and
curl_global_cleanup().

Closes #8680
 2022-06-07 13:34:03 +02:00
Daniel Stenberg
134963a5ef
RELEASE-NOTES: synced 2022-06-06 12:29:51 +02:00
Fabian Keil
77ad759366
test414: add the '--resolve' keyword 
... so the test can be automatically skipped when
using an external proxy like Privoxy.

Closes #8959
 2022-06-06 12:26:26 +02:00
Fabian Keil
d313db70f8
test{440,441,493,977}: add "HTTP proxy" keywords 
... so the tests can be automatically skipped when
using an external proxy like Privoxy.

Closes #8959
 2022-06-06 12:26:23 +02:00
Fabian Keil
3561e4ed9b
runtests.pl: add the --repeat parameter to the --help output 
Closes #8959
 2022-06-06 12:26:18 +02:00
Fabian Keil
1d288d46d5
test 2081: add a valid reply for the second request 
... so the test works when using a HTTP proxy like
Privoxy that sends an error message if the server
doesn't send data.

Closes #8959
 2022-06-06 12:26:14 +02:00
Fabian Keil
9dfa1dcfa0
test 675: add missing CR so the test passes when run through Privoxy 
Closes #8959
 2022-06-06 12:26:06 +02:00
Daniel Stenberg
6754f99398
ftp: when failing to do a secure GSSAPI login, fail hard 
... instead of switching to cleartext. For the sake of security.

Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1590102
Closes #8963
 2022-06-06 11:55:39 +02:00
Daniel Stenberg
21ea13cfe1
http2: reject overly many push-promise headers 
Getting more than a thousand of them is rather a sign of some kind of
attack.

Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1589847
Closes #8962
 2022-06-06 11:53:49 +02:00
Fabian Keil
9dbce9b3d0
misc: spelling improvements 
Closes #8956
 2022-06-05 12:15:23 +02:00
Tatsuhiro Tsujikawa
298c1dfc7b
ngtcp2: fix assertion failure on EMSGSIZE 
Closes #8958
 2022-06-05 12:12:26 +02:00
Daniel Stenberg
2bd75e5686
easy/transfer: fix cookie-disabled build 
Follow-up from 45de940ceb
Reported-by: Marcel Raad
Fixes #8953
Closes #8954
 2022-06-02 22:54:12 +02:00
Daniel Stenberg
07a9b89fed
examples/crawler.c: use the curl license 
With permission from Jeroen Ooms

URL: https://github.com/curl/curl/pull/8869#issuecomment-1144742731
Closes #8950
 2022-06-02 15:41:01 +02:00
Daniel Stenberg
cce50bd323
speed-limit/time.d: mention these affect transfers in either direction 
Reported-by: Ladar Levison
Fixes #8948
Closes #8951
 2022-06-02 15:40:09 +02:00
Daniel Stenberg
e517b63223
scripts/copyright.pl: fix the exclusion to not ignore man pages 
Ref: #8869
Closes #8952
 2022-06-02 15:39:14 +02:00
Daniel Stenberg
df829a1fa9
examples: remove fopen.c and rtsp.c 
To simplify the license situation, as they were the only files in the
source tree using these specific BSD-3 clause licenses.

For an fopen style API, we recommend instead going
https://github.com/curl/fcurl

Ref: #8869
Closes #8949
 2022-06-02 13:03:07 +02:00
Wolf Vollprecht
4d4eb8e587
netrc: check %USERPROFILE% as well on Windows 
Closes #8855
 2022-06-02 09:32:51 +02:00
Daniel Stenberg
665138b2dd
CURLOPT_SSH_HOSTKEYDATA/FUNCTION.3: minor polish 2022-06-02 09:30:52 +02:00
michael musset
1544513958
libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION 
The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.

The host key is passed in argument with a custom handle for the
application.

It overrides CURLOPT_SSH_KNOWNHOSTS

Closes #7959
 2022-06-02 08:34:31 +02:00
Daniel Stenberg
267d560b5a
docs/CONTRIBUTE.md: document the 'needs-votes' concept 
A pull request sent to the project might get labeled `needs-votes` by a
project maintainer. This label means that in addition to meeting all
other checks and qualifications this pull request must also receive
proven support/thumbs-ups from more community members to be considered
for merging.

Closes #8910
 2022-06-02 08:21:24 +02:00
Evgeny Grin
f59508e6cd
digest: tolerate missing "realm" 
Server headers may not define "realm", avoid NULL pointer dereference
in such cases.

Closes #8912
 2022-06-02 08:18:54 +02:00
Evgeny Grin
807f440301
digest: added detection of more syntax error in server headers 
Invalid headers should not be processed otherwise they may create
a security risk.

Closes #8912
 2022-06-02 08:18:48 +02:00
Evgeny Grin
3a6fe0c767
digest: unquote realm and nonce before processing 
RFC 7616 (and 2617) requires values to be "unquoted" before used for
digest calculations. The only place where unquoting can be done
correctly is header parsing function (realm="DOMAIN\\host" and
realm=DOMAN\\host are different realms).

This commit adds unquoting (de-escaping) of all values during header
parsing and quoting of the values during header forming. This approach
should be most straightforward and easy to read/maintain as all values
are processed in the same way as required by RFC.

Closes #8912
 2022-06-02 08:18:34 +02:00
Daniel Stenberg
f810047f9d
headers: handle unfold of space-cleansed headers 
Detected by OSS-fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47767

Updated test 1274

Closes #8947
 2022-06-01 15:24:49 +02:00
Daniel Stenberg
45de940ceb
lib: make more protocol specific struct fields #ifdefed 
... so that they don't take up space if the protocols are disabled in
the build.

Closes #8944
 2022-06-01 14:31:49 +02:00
Daniel Stenberg
bb130871c0
DISABLED: disable 1021 for hyper again 
due to flakiness in the CI builds
 2022-06-01 09:43:48 +02:00
Daniel Stenberg
8b1ae28509
urldata: store tcp_keepidle and tcp_keepintvl as ints 
They can't be set larger than INT_MAX in the setsocket API calls.

Also document the max values in their respective man pages.

Closes #8940
 2022-06-01 08:12:09 +02:00
Daniel Stenberg
4651945822
urldata: reduce size of a few struct fields 
When the values are never larger than 32 bit, ints are better than longs.

Closes #8940
 2022-06-01 08:12:09 +02:00
Daniel Stenberg
b1c1df0b6b
urldata: remove three unused booleans from struct UserDefined 
- is_fwrite_set
- free_referer
- strip_path_slash

Closes #8940
 2022-06-01 08:12:09 +02:00
Daniel Stenberg
c6b2bc6db8
remote-name.d: mention --output-dir 
plus add two see-alsos

Closes #8945
 2022-06-01 08:11:16 +02:00
Jay Satiro
fde966b69f configure: skip libidn2 detection when winidn is used 
Prior to this change --with-winidn could be overridden by libidn2
detection.

Closes https://github.com/curl/curl/pull/8934
 2022-06-01 01:58:43 -04:00
Daniel Stenberg
c80f0aebbb
CURLOPT_FILETIME.3: fix the protocols this works with 2022-05-31 17:40:47 +02:00
Daniel Stenberg
ef94c972bc
test681: verify --no-remote-name 
Follow-up to 83ee5c428d (from #8931)

Closes #8942
 2022-05-31 16:09:53 +02:00
Tatsuhiro Tsujikawa
3288e9c6d3
ngtcp2: enable Linux GSO 
Enable Linux GSO in ngtcp2 QUIC.  In order to recover from the
EAGAIN/EWOULDBLOCK by sendmsg with multiple packets in one GSO write,
packet buffer is now held by struct quicsocket.  GSO write might fail in
runtime depending on NIC.  Disable GSO if sendmsg returns EIO.

Closes #8909
 2022-05-31 16:04:12 +02:00
Daniel Stenberg
b2175acc76
CURLOPT_PORT.3: We discourage using this option 
Closes #8941
 2022-05-31 15:58:20 +02:00
Daniel Stenberg
7f97d7053e
RELEASE-NOTES: synced 2022-05-31 14:59:23 +02:00
Daniel Stenberg
b7baa78451
headers_push: error out if a folded header has no previous header 
As that would indicate an illegal header. The fuzzer reached the assert
in unfold_value() proving that this case can happen.

Follow-up to c9b60f0053

Closes #8939
 2022-05-31 14:03:44 +02:00
Boris Verkhovskiy
83ee5c428d
curl: re-enable --no-remote-name 
Closes #8931
 2022-05-31 13:23:22 +02:00
Daniel Stenberg
472831256d
test680: require 'http' since it uses such a URL 
Follow-up to d1b376c035
 2022-05-31 13:14:28 +02:00
Daniel Stenberg
c31752a50e
CURLOPT_NETRC.3: document the .netrc file format 2022-05-31 09:05:01 +02:00
Daniel Stenberg
d1b376c035
test680: verify rejection of malformatted .netrc quoted password 2022-05-31 09:05:01 +02:00
Daniel Stenberg
19f981b4ff
test679: verify netrc quoted string 2022-05-31 09:05:01 +02:00