|
|
@@ -6,8295 +6,7935 @@
|
|
|
|
|
|
Changelog
|
|
|
|
|
|
-Version 7.80.0 (10 Nov 2021)
|
|
|
+Version 7.81.0 (5 Jan 2022)
|
|
|
|
|
|
-Daniel Stenberg (10 Nov 2021)
|
|
|
+Daniel Stenberg (5 Jan 2022)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
- for curl 7.80.0
|
|
|
+ curl 7.81.0 release
|
|
|
|
|
|
-- THANKS: add contributors from the 7.80.0 cycle
|
|
|
+- THANKS: add names from 7.81.0 release
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- curl_multi_init.3: fix the copyright year range
|
|
|
|
|
|
- ngtcp2: advertise h3 as well as h3-29
|
|
|
+- test719-721: require "proxy" feature present to run
|
|
|
|
|
|
- Advertise h3 as well as h3-29 since some servers out there require h3
|
|
|
- for QUIC v1.
|
|
|
+ Bug: https://github.com/curl/curl/pull/8223#issuecomment-1005188696
|
|
|
+ Reported-by: Marc Hörsken
|
|
|
|
|
|
- Closes #7979
|
|
|
-
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+ Closes #8226
|
|
|
|
|
|
- ngtcp2: use QUIC v1 consistently
|
|
|
+- test719: require ipv6 support to run
|
|
|
|
|
|
- Since we switched to v1 quic_transport_parameters codepoint in #7960
|
|
|
- with quictls, lets use QUIC v1 consistently.
|
|
|
+ Follow-up to effd2bd7ba2a5fd244
|
|
|
+ Reported-by: Marc Hörsken
|
|
|
+ Bug: https://github.com/curl/curl/pull/8217#issuecomment-1004681145
|
|
|
|
|
|
- Closes #7979
|
|
|
+ Closes #8223
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- test719-721: verify SOCKS details
|
|
|
+
|
|
|
+ Using the new verify/socks details
|
|
|
|
|
|
- ngtcp2: compile with the latest nghttp3
|
|
|
+- runtests: add verify/socks check
|
|
|
|
|
|
- Closes #7978
|
|
|
+ If used, this data is compared with the data in log/socksd-request.log
|
|
|
+ which the socksd server logs.
|
|
|
+
|
|
|
+ Added to FILEFORMAT.md
|
|
|
|
|
|
-Marc Hoersken (9 Nov 2021)
|
|
|
-- tests: add Schannel-specific tests and disable unsupported ones
|
|
|
+- server/socksd: log atyp + address in a separate log
|
|
|
|
|
|
- Adds Schannel variants of SSLpinning tests that include the option
|
|
|
- --ssl-revoke-best-effort to ignore certificate revocation check
|
|
|
- failures which is required due to our custom test CA certificate.
|
|
|
+ To allow the test suite to verify that the right data arrived
|
|
|
+
|
|
|
+- socks5: use appropriate ATYP for numerical IP address host names
|
|
|
|
|
|
- Disable the original variants if the Schannel backend is enabled.
|
|
|
+ When not resolving the address locallly (known as socks5h).
|
|
|
|
|
|
- Also skip all IDN tests which are broken while using an msys shell.
|
|
|
+ Add test 719 and 720 to verify.
|
|
|
|
|
|
- This is a step to simplify test exclusions for Windows and MinGW.
|
|
|
+ Reported-by: Peter Piekarski
|
|
|
+ Fixes #8216
|
|
|
+ Closes #8217
|
|
|
+
|
|
|
+Jay Satiro (3 Jan 2022)
|
|
|
+- curl_multi_init.3: fix EXAMPLE formatting
|
|
|
+
|
|
|
+Daniel Stenberg (3 Jan 2022)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- libtest: avoid "assignment within conditional expression"
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7968
|
|
|
+ In lib530, lib540 and lib582
|
|
|
+
|
|
|
+ Closes #8218
|
|
|
|
|
|
-Daniel Stenberg (8 Nov 2021)
|
|
|
-- docs: NAME fixes in easy option man pages
|
|
|
+- ftp: disable warning 4706 in MSVC
|
|
|
|
|
|
- Closes #7975
|
|
|
+ Follow-up to 21248e052d
|
|
|
+
|
|
|
+ Disabling "assignment within conditional expression" for MSVC needs to
|
|
|
+ be done before the function starts, for it to take effect.
|
|
|
+
|
|
|
+ Closes #8218
|
|
|
|
|
|
-- [Roger Young brought this change]
|
|
|
+- tool_operate: warn if too many output arguments were found
|
|
|
+
|
|
|
+ More output instructions than URLs is likely a user error.
|
|
|
+
|
|
|
+ Add test case 371 to verify
|
|
|
+
|
|
|
+ Closes #8210
|
|
|
|
|
|
- ftp: make the MKD retry to retry once per directory
|
|
|
+- .github/workflows/mbedtls.yml: bump to mbedtls 3.1.0
|
|
|
|
|
|
- Reported-by: Roger Young
|
|
|
- Fixes #7967
|
|
|
- Closes #7976
|
|
|
+ Closes #8215
|
|
|
|
|
|
-- tool_operate: reorder code to avoid compiler warning
|
|
|
+- zuul: remove the mbedtls jobs
|
|
|
|
|
|
- tool_operate.c(889) : warning C4701: potentially uninitialized local
|
|
|
- variable 'per' use
|
|
|
+ Now running as github workflows
|
|
|
|
|
|
- Follow-up to cc71d352651a0d95
|
|
|
- Reported-by: Marc Hörsken
|
|
|
- Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
|
|
|
- Closes #7971
|
|
|
+ Closes #8215
|
|
|
|
|
|
-- curl_easy_perform.3: add a para about recv and send data
|
|
|
+- github/workflows: add mbedtls and mbedtls-clang
|
|
|
|
|
|
- Reported-by: Godwin Stewart
|
|
|
- Fixes #7973
|
|
|
- Closes #7974
|
|
|
+ Closes #8215
|
|
|
|
|
|
-- tool_operate: fclose stream only if fopened
|
|
|
+- [Valentin Richter brought this change]
|
|
|
+
|
|
|
+ mbedtls: fix private member designations for v3.1.0
|
|
|
|
|
|
- Fixes torture test failures
|
|
|
- Follow-up to cc71d352651
|
|
|
+ "As a last resort, you can access the field foo of a structure bar by
|
|
|
+ writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk,
|
|
|
+ since such code is likely to break in a future minor version of Mbed
|
|
|
+ TLS." -
|
|
|
+ https://github.com/ARMmbed/mbedtls/blob/f2d1199edc5834df4297f247f213e614f7782d1d/docs/3.0-migration-guide.md
|
|
|
|
|
|
- Closes #7972
|
|
|
+ That future minor version is v3.1.0. I set the >= to == for the version
|
|
|
+ checks because v3.1.0 is a release, and I am not sure when the private
|
|
|
+ designation was reverted after v3.0.0.
|
|
|
+
|
|
|
+ Closes #8214
|
|
|
|
|
|
-- libcurl-easy.3: language polish
|
|
|
+- [Valentin Richter brought this change]
|
|
|
|
|
|
-- limit-rate.d: this is average over several seconds
|
|
|
+ cmake: prevent dev warning due to mismatched arg
|
|
|
|
|
|
- Closes #7970
|
|
|
+ -- curl version=[7.81.0-DEV]
|
|
|
+ CMake Warning (dev) at /usr/share/cmake-3.22.1/Modules/FindPackageHandleStandardArgs.cmake:438 (message):
|
|
|
+ The package name passed to `find_package_handle_standard_args` (MBEDTLS)
|
|
|
+ does not match the name of the calling package (MbedTLS). This can lead to
|
|
|
+ problems in calling code that expects `find_package` result variables
|
|
|
+ (e.g., `_FOUND`) to follow a certain pattern.
|
|
|
+ Call Stack (most recent call first):
|
|
|
+ deps/curl/CMake/FindMbedTLS.cmake:31 (find_package_handle_standard_args)
|
|
|
+ deps/curl/CMakeLists.txt:473 (find_package)
|
|
|
+ This warning is for project developers. Use -Wno-dev to suppress it.
|
|
|
+
|
|
|
+ Closes #8207
|
|
|
|
|
|
-- docs: reduce/avoid English contractions
|
|
|
+- urlapi: if possible, shorten given numerical IPv6 addresses
|
|
|
|
|
|
- You're => You are
|
|
|
- Hasn't => Has not
|
|
|
- Doesn't => Does not
|
|
|
- Don't => Do not
|
|
|
- You'll => You will
|
|
|
- etc
|
|
|
+ Extended test 1560 to verify
|
|
|
|
|
|
- Closes #7930
|
|
|
+ Closes #8206
|
|
|
|
|
|
-- tool_operate: fix torture leaks with etags
|
|
|
-
|
|
|
- Spotted by torture testing 343 344 345 347.
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ url: reduce ssl backend count for CURL_DISABLE_PROXY builds
|
|
|
|
|
|
- Follow-up from cc71d352651a0
|
|
|
- Pointed-out-by: Dan Fandrich
|
|
|
+ Closes #8212
|
|
|
+
|
|
|
+- KNOWN_BUGS: "Trying local ports fails on Windows"
|
|
|
|
|
|
- Closes #7969
|
|
|
+ Reported-by: gclinch on github
|
|
|
+ Closes #8112
|
|
|
|
|
|
-- [Amaury Denoyelle brought this change]
|
|
|
+- misc: update copyright year range
|
|
|
|
|
|
- ngtcp2: support latest QUIC TLS RFC9001
|
|
|
+- zuul: remove the wolfssl even more
|
|
|
|
|
|
- QUIC Transport Parameters Extension has been changed between draft-29
|
|
|
- and latest RFC9001. Most notably, its identifier has been updated from
|
|
|
- 0xffa5 to 0x0039. The version is selected through the QUIC TLS library
|
|
|
- via the legacy codepoint.
|
|
|
+ Follow-up to 1914465cf180d32b3d
|
|
|
+
|
|
|
+- examples/multi-single.c: remove WAITMS()
|
|
|
|
|
|
- Disable the usage of legacy codepoint in curl to switch to latest
|
|
|
- RFC9001. This is required to be able to keep up with latest QUIC
|
|
|
- implementations.
|
|
|
+ As it isn't used.
|
|
|
|
|
|
- Acked-by: Tatsuhiro Tsujikawa
|
|
|
- Closes #7960
|
|
|
+ Reported-by: Melroy van den Berg
|
|
|
+ Fixes #8200
|
|
|
+ Closes #8201
|
|
|
|
|
|
-- test1173: make manpage-syntax.pl spot \n errors in examples
|
|
|
+- gtls: add gnutls include for the session type
|
|
|
+
|
|
|
+ Follow-up to 8fbd6feddfa5 to make it build more universally
|
|
|
|
|
|
-- man pages: fix backslash-n in examples
|
|
|
+- m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
|
|
|
|
|
|
- ... to be proper backslash-backslash-n sequences to render nicely in man
|
|
|
- and on website.
|
|
|
+ To hush compiler warnings we don't care for: error: address of function
|
|
|
+ 'X' will always evaluate to 'true'
|
|
|
|
|
|
- Follow-up to 24155569d8a
|
|
|
- Reported-by: Sergey Markelov
|
|
|
+ Fixes #8197
|
|
|
+ Closes #8198
|
|
|
+
|
|
|
+- http_proxy: don't close the socket (too early)
|
|
|
|
|
|
- Fixes https://github.com/curl/curl-www/issues/163
|
|
|
- Closes #7962
|
|
|
+ ... and double-check in the OpenSSL shutdown that the socket is actually
|
|
|
+ still there before it is used.
|
|
|
+
|
|
|
+ Fixes #8193
|
|
|
+ Closes #8195
|
|
|
+
|
|
|
+ Reported-by: Leszek Kubik
|
|
|
|
|
|
-- scripts/release-notes.pl: use out of repo links verbatim in refs
|
|
|
+- ngtcp2: verify the server certificate for the gnutls case
|
|
|
+
|
|
|
+ Closes #8178
|
|
|
|
|
|
-- tool_operate: a failed etag save now only fails that transfer
|
|
|
+- ngtcp2: verify the server cert on connect (quictls)
|
|
|
|
|
|
- When failing to create the output file for saving an etag, only fail
|
|
|
- that particular single transfer and allow others to follow.
|
|
|
+ Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and
|
|
|
+ `CURLOPT_SSL_VERIFYHOST`.
|
|
|
|
|
|
- In a serial transfer setup, if no transfer at all is done due to them
|
|
|
- all being skipped because of this error, curl will output an error
|
|
|
- message and return exit code 26.
|
|
|
+ The name check now uses a function from lib/vtls/openssl.c which will
|
|
|
+ need attention for when TLS is not done by OpenSSL or is disabled while
|
|
|
+ QUIC is enabled.
|
|
|
|
|
|
- Added test 369 and 370 to verify.
|
|
|
+ Possibly the servercert() function in openssl.c should be adjusted to be
|
|
|
+ able to use for both regular TLS and QUIC.
|
|
|
|
|
|
- Reported-by: Earnestly on github
|
|
|
- Ref: #7942
|
|
|
- Closes #7945
|
|
|
+ Ref: #8173
|
|
|
+ Closes #8178
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- zuul: remove the wolfssl build
|
|
|
|
|
|
- .github: retry macos "brew install" command on failure
|
|
|
-
|
|
|
- Previously we saw errors attempting to run "brew install", see
|
|
|
- https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for
|
|
|
- an example, since this command is idempotent, it is safe to run again.
|
|
|
+- github workflow: add wolfssl
|
|
|
|
|
|
- Closes #7955
|
|
|
+ Closes #8196
|
|
|
|
|
|
-- CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred
|
|
|
+- [Nicolas Sterchele brought this change]
|
|
|
+
|
|
|
+ zuul: fix quiche build pointing to wrong Cargo
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/discussions/7954
|
|
|
+ Fixes #8184
|
|
|
+ Closes #8189
|
|
|
+
|
|
|
+- checksrc: detect more kinds of NULL comparisons we avoid
|
|
|
|
|
|
- Closes #7957
|
|
|
+ Co-authored-by: Jay Satiro
|
|
|
+ Closes #8180
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- zuul: pin the quiche build to use an older cmake-rs
|
|
|
-
|
|
|
- The latest cmake-rs assumes cmake's --parallel works. That was added in
|
|
|
- cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
|
|
|
- has cmake 3.10.
|
|
|
+- mesalink: remove the BACKEND define kludge
|
|
|
|
|
|
- Fixes #7927
|
|
|
- Closes #7952
|
|
|
-
|
|
|
-- [Marc Hoersken brought this change]
|
|
|
+ Closes #8183
|
|
|
|
|
|
- Revert "src/tool_filetime: disable -Wformat on mingw for this file"
|
|
|
-
|
|
|
- This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f.
|
|
|
+- schannel: remove the BACKEND define kludge
|
|
|
|
|
|
- Follow up to #6535 as the pragma is obsolete with warnf
|
|
|
+ Closes #8182
|
|
|
+
|
|
|
+- gtls: check return code for gnutls_alpn_set_protocols
|
|
|
|
|
|
- Closes #7941
|
|
|
+ Closes #8181
|
|
|
|
|
|
-Jay Satiro (2 Nov 2021)
|
|
|
-- schannel: fix memory leak due to failed SSL connection
|
|
|
+- [Stefan Huber brought this change]
|
|
|
+
|
|
|
+ README: label the link to the support document
|
|
|
|
|
|
- - Call schannel_shutdown if the SSL connection fails.
|
|
|
+ Closes #8185
|
|
|
+
|
|
|
+- docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
|
|
|
|
|
|
- Prior to this change schannel_shutdown (which shuts down the SSL
|
|
|
- connection as well as memory cleanup) was not called when the SSL
|
|
|
- connection failed (eg due to failed handshake).
|
|
|
+ Assisted-by: Matt Holt
|
|
|
|
|
|
- Co-authored-by: Gisle Vanem
|
|
|
+ Closes #8177
|
|
|
+
|
|
|
+- libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7877
|
|
|
- Closes https://github.com/curl/curl/pull/7878
|
|
|
+ Since 4a4b63daaa0
|
|
|
|
|
|
-Daniel Stenberg (2 Nov 2021)
|
|
|
-- Curl_updateconninfo: store addresses for QUIC connections too
|
|
|
+- [Vladimir Panteleev brought this change]
|
|
|
+
|
|
|
+ tests: Add test for CURLOPT_HTTP200ALIASES
|
|
|
+
|
|
|
+- [Vladimir Panteleev brought this change]
|
|
|
+
|
|
|
+ http: Fix CURLOPT_HTTP200ALIASES
|
|
|
|
|
|
- So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP
|
|
|
- versions.
|
|
|
+ The httpcode < 100 check was also triggered when none of the fields were
|
|
|
+ parsed, thus making the if(!nc) block unreachable.
|
|
|
|
|
|
- Reported-by: Jerome Mao
|
|
|
- Fixes #7939
|
|
|
- Closes #7944
|
|
|
+ Closes #8171
|
|
|
|
|
|
-- [Sergio Durigan Junior brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- curl.1: fix typos in the manpage
|
|
|
+- language: "email"
|
|
|
|
|
|
- s/transfering/transferring/
|
|
|
- s/transfered/transferred/
|
|
|
+ Missed three occurrences.
|
|
|
|
|
|
- Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
|
|
|
- Closes #7937
|
|
|
+ Follow-up to 7a92f86
|
|
|
|
|
|
-Marc Hoersken (1 Nov 2021)
|
|
|
-- tests/smbserver.py: fix compatibility with impacket 0.9.23+
|
|
|
-
|
|
|
- impacket now performs sanity checks if the requested and to
|
|
|
- be served file path actually is inside the real share path.
|
|
|
+- nss:set_cipher don't clobber the cipher list
|
|
|
|
|
|
- Ref: https://github.com/SecureAuthCorp/impacket/pull/1066
|
|
|
+ The string is set by the user and needs to remain intact for proper
|
|
|
+ connection reuse etc.
|
|
|
|
|
|
- Fixes #7924
|
|
|
- Closes #7935
|
|
|
+ Reported-by: Eric Musser
|
|
|
+ Fixes #8160
|
|
|
+ Closes #8161
|
|
|
|
|
|
-Daniel Stenberg (1 Nov 2021)
|
|
|
-- docs: reduce use of "very"
|
|
|
+- misc: s/e-mail/email
|
|
|
|
|
|
- "Very" should be avoided in most texts. If intensifiers are needed, try
|
|
|
- find better words instead.
|
|
|
+ Consistency is king. Following the lead in everything curl.
|
|
|
|
|
|
- Closes #7936
|
|
|
+ Closes #8159
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [Tobias Nießen brought this change]
|
|
|
|
|
|
- ngtcp2: specify the missing required callback functions
|
|
|
+ docs: fix typo in OpenSSL 3 build instructions
|
|
|
|
|
|
- Closes #7929
|
|
|
+ Closes #8162
|
|
|
|
|
|
-- CURLOPT_[PROXY]_SSL_CIPHER_LIST.3: bold instead of quote
|
|
|
+- linkcheck.yml: add CI job that checks markdown links
|
|
|
|
|
|
- Bold the example ciphers instead of using single quotes, which then also
|
|
|
- avoids the problem of how to use single quotes when first in a line.
|
|
|
-
|
|
|
- Also rephrased the pages a little.
|
|
|
-
|
|
|
- Reported-by: Sergio Durigan Junior
|
|
|
- Ref: #7928
|
|
|
- Closes #7934
|
|
|
+ Closes #8158
|
|
|
|
|
|
-- gen.pl: replace leading single quotes with \(aq
|
|
|
+- RELEASE-PROCEDURE.md: remove ICAL link and old release dates
|
|
|
+
|
|
|
+- BINDINGS.md: "markdown-link-check-disable"
|
|
|
|
|
|
- ... and allow single quotes to be used "normally" in the .d files.
|
|
|
+ It feels a bit unfortunate to litter an ugly tag for this functionality,
|
|
|
+ but if we get link scans of all markdown files, this might be worth the
|
|
|
+ price.
|
|
|
+
|
|
|
+- docs: fix dead links, remove ECH.md
|
|
|
+
|
|
|
+Jay Satiro (16 Dec 2021)
|
|
|
+- openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
|
|
|
|
|
|
- Makes the output curl.1 use better nroff.
|
|
|
+ Prior to this change OpenSSL_version was only detected in configure
|
|
|
+ builds. For other builds the old version parsing code was used which
|
|
|
+ would result in incorrect versioning for OpenSSL 3:
|
|
|
|
|
|
- Reported-by: Sergio Durigan Junior
|
|
|
- Ref: #7928
|
|
|
- Closes #7933
|
|
|
-
|
|
|
-Marc Hoersken (1 Nov 2021)
|
|
|
-- tests: kill some test servers afterwards to avoid locked logfiles
|
|
|
+ Before:
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7925
|
|
|
-
|
|
|
-Daniel Stenberg (1 Nov 2021)
|
|
|
-- smooth-gtk-thread.c: enhance the mutex lock use
|
|
|
+ curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
|
|
|
+ WinIDN libssh2/1.9.0
|
|
|
|
|
|
- Reported-by: ryancaicse on github
|
|
|
- Fixes #7926
|
|
|
- Closes #7931
|
|
|
-
|
|
|
-Marc Hoersken (31 Oct 2021)
|
|
|
-- CI/runtests.pl: restore -u flag, but remove it from CI runs
|
|
|
+ After:
|
|
|
|
|
|
- This makes it possible to use -u again for local testing,
|
|
|
- but removes the flag from CI config files and make targets.
|
|
|
+ curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
|
|
|
+ WinIDN libssh2/1.9.0
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ Reported-by: lllaffer@users.noreply.github.com
|
|
|
|
|
|
- Partially reverts #7841
|
|
|
- Closes #7921
|
|
|
+ Fixes https://github.com/curl/curl/issues/8154
|
|
|
+ Closes https://github.com/curl/curl/pull/8155
|
|
|
|
|
|
-Daniel Stenberg (29 Oct 2021)
|
|
|
-- [Jonathan Cardoso Machado brought this change]
|
|
|
+Daniel Stenberg (16 Dec 2021)
|
|
|
+- [James Fuller brought this change]
|
|
|
|
|
|
- CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required
|
|
|
+ docs: add known bugs list to HTTP3.md
|
|
|
|
|
|
- Closes #7923
|
|
|
+ Closes #8156
|
|
|
|
|
|
-- [Axel Morawietz brought this change]
|
|
|
+Dan Fandrich (15 Dec 2021)
|
|
|
+- BINDINGS: add one from Everything curl and update a link
|
|
|
|
|
|
- imap: display quota information
|
|
|
+- libcurl-security.3: mention address and URL mitigations
|
|
|
|
|
|
- Show response to "GETQUOTAROOT INBOX" command.
|
|
|
-
|
|
|
- Closes #6973
|
|
|
+ The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
|
|
|
+ addresses.
|
|
|
+ Using the curl_url API is a way to mitigate against attacks relying on
|
|
|
+ URL parsing differences.
|
|
|
|
|
|
+Daniel Stenberg (15 Dec 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Boris Rasin brought this change]
|
|
|
-
|
|
|
- cmake: fix error getting LOCATION property on non-imported target
|
|
|
+- x509asn1: return early on errors
|
|
|
|
|
|
- Closes #7885
|
|
|
+ Overhaul to make sure functions that detect errors bail out early with
|
|
|
+ error rather than trying to continue and risk hiding the problem.
|
|
|
+
|
|
|
+ Closes #8147
|
|
|
|
|
|
-- [x2018 brought this change]
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- url: check the return value of curl_url()
|
|
|
+ openldap: several minor improvements
|
|
|
|
|
|
- Closes #7917
|
|
|
+ - Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
|
|
|
+ - Use dynamic memory for ldap_init_fd() URL rather than a
|
|
|
+ stack-allocated buffer.
|
|
|
+ - Never chase referrals: supporting it would require additional parallel
|
|
|
+ connections and alternate authentication credentials.
|
|
|
+ - Do not wait 1 microsecond while polling/reading query response data.
|
|
|
+ - Store last received server code for retrieval with CURLINFO_RESPONSE_CODE.
|
|
|
+
|
|
|
+ Closes #8140
|
|
|
|
|
|
-- [Roy Li brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- configure.ac: replace krb5-config with pkg-config
|
|
|
+ misc: remove unused doh flags when CURL_DISABLE_DOH is defined
|
|
|
|
|
|
- The rationale is that custom *-config tools don't work well when
|
|
|
- cross-compiling or using sysroots (such as when using Yocto project) and
|
|
|
- require custom fixing for each of them; pkg-config on the other hand
|
|
|
- works similarly everywhere.
|
|
|
+ Closes #8148
|
|
|
+
|
|
|
+- mbedtls: fix CURLOPT_SSLCERT_BLOB
|
|
|
|
|
|
- Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
|
|
- Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
|
|
+ The memory passed to mbedTLS for this needs to be null terminated.
|
|
|
|
|
|
- Closes #7916
|
|
|
+ Reported-by: Florian Van Heghe
|
|
|
+ Closes #8146
|
|
|
|
|
|
-- test1160: edited to work with hyper
|
|
|
+- asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
|
|
|
|
|
|
- Closes #7912
|
|
|
+ Closes #8142
|
|
|
|
|
|
-- data/DISABLED: enable tests that now work with hyper
|
|
|
+- mailmap: add Yongkang Huang
|
|
|
|
|
|
- Closes #7911
|
|
|
+ From #8141
|
|
|
|
|
|
-- test559: add 'HTTP' in keywords
|
|
|
-
|
|
|
- Makes it run fine with hyper
|
|
|
-
|
|
|
- Closes #7911
|
|
|
+- [Yongkang Huang brought this change]
|
|
|
|
|
|
-- test552: updated to work with hyper
|
|
|
-
|
|
|
- Closes #7911
|
|
|
+ check ssl_config when re-use proxy connection
|
|
|
|
|
|
-Marc Hoersken (27 Oct 2021)
|
|
|
-- github: fix incomplete permission to label PRs for Hacktoberfest
|
|
|
+- mbedtls: do a separate malloc for ca_info_blob
|
|
|
|
|
|
- Unfortunately the GitHub API requires a token with write permission
|
|
|
- for both issues and pull-requests to edit labels on even just PRs.
|
|
|
+ Since the mbedTLS API requires the data to the null terminated.
|
|
|
|
|
|
- Follow up to #7897
|
|
|
-
|
|
|
-Daniel Stenberg (27 Oct 2021)
|
|
|
-- opt-manpages: use 'Added in' instead of 'Since'
|
|
|
+ Follow-up to 456c53730d21b1fad0c7f72c1817
|
|
|
|
|
|
- Closes #7913
|
|
|
+ Fixes #8139
|
|
|
+ Closes #8145
|
|
|
|
|
|
-Marc Hoersken (27 Oct 2021)
|
|
|
-- github: fix missing permission to label PRs for Hacktoberfest
|
|
|
+Marc Hoersken (14 Dec 2021)
|
|
|
+- CI: build examples for additional code verification
|
|
|
|
|
|
- Follow up to #7897
|
|
|
+ Some CIs already build them, let's do it on more of them.
|
|
|
|
|
|
- Test references to see if permissions are now sufficient:
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7832
|
|
|
- Closes #7897
|
|
|
+ Follow up to #7690 and 77311f420a541a0de5b3014e0e40ff8b4205d4af
|
|
|
+ Replaces #7591
|
|
|
+ Closes #7922
|
|
|
|
|
|
-- CI: more use of test-ci make target and verbose output
|
|
|
+- docs/examples: workaround broken -Wno-pedantic-ms-format
|
|
|
|
|
|
- Replace test-nonflaky with test-ci and enable verbose output
|
|
|
- in all remaining CIs except Zuul which is customized a lot.
|
|
|
+ Avoid CURL_FORMAT_CURL_OFF_T by using unsigned long instead.
|
|
|
+ Improve size_t to long conversion in imap-append.c example.
|
|
|
|
|
|
+ Ref: https://github.com/curl/curl/issues/6079
|
|
|
+ Ref: https://github.com/curl/curl/pull/6082
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
Reviewed-by: Daniel Stenberg
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
|
|
|
- Follow up to #7785
|
|
|
- Closes #7832
|
|
|
+ Preparation of #7922
|
|
|
|
|
|
-- github: add support for Hacktoberfest using labels
|
|
|
+- tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
|
|
|
|
|
|
- Automatically add hacktoberfest-accepted label to PRs opened between
|
|
|
- September 30th and November 1st once a commit with a close reference
|
|
|
- to it is pushed onto the master branch.
|
|
|
+ Ref: https://www.msys2.org/wiki/Porting/#filesystem-namespaces
|
|
|
|
|
|
- With this workflow we can participate in Hacktoberfest while not
|
|
|
- relying on GitHub to identify PRs as merged due to our rebasing.
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
|
|
|
- Requires hacktoberfest-accepted labels to exist for PRs on the
|
|
|
- participating repository. Also requires hacktoberfest topic on
|
|
|
- the participating repository to avoid applying to forked repos.
|
|
|
+ Fixes #8084
|
|
|
+ Closes #8138
|
|
|
+
|
|
|
+Daniel Stenberg (13 Dec 2021)
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ openldap: simplify ldif generation code
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ and take care of zero-length values, avoiding conversion to base64
|
|
|
+ and/or trailing spaces.
|
|
|
|
|
|
- Fixes #7865
|
|
|
- Closes #7897
|
|
|
+ Closes #8136
|
|
|
|
|
|
-Daniel Stenberg (27 Oct 2021)
|
|
|
-- http: reject HTTP response codes < 100
|
|
|
-
|
|
|
- ... which then also includes negative ones as test 1430 uses.
|
|
|
+- example/progressfunc: remove code for old libcurls
|
|
|
|
|
|
- This makes native + hyper backend act identically on this and therefore
|
|
|
- test 1430 can now be enabled when building with hyper. Adjust test 1431
|
|
|
- as well.
|
|
|
+ 7.61.0 is over three years old now, remove all #ifdefs for handling
|
|
|
+ ancient libcurl versions so that the example gets easier to read and
|
|
|
+ understand
|
|
|
|
|
|
- Closes #7909
|
|
|
+ Closes #8137
|
|
|
|
|
|
-- [Kerem Kat brought this change]
|
|
|
+- [x2018 brought this change]
|
|
|
|
|
|
- docs: fix typo in CURLOPT_TRAILERFUNCTION example
|
|
|
+ sha256/md5: return errors when init fails
|
|
|
|
|
|
- Closes #7910
|
|
|
-
|
|
|
-- docs/HYPER: remove some remaining issues, add HTTP/0.9 limitation
|
|
|
+ Closes #8133
|
|
|
|
|
|
-- configure: when hyper is selected, deselect nghttp2
|
|
|
+- TODO: 13.3 Defeat TLS fingerprinting
|
|
|
|
|
|
- Closes #7908
|
|
|
+ Closes #8119
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- sendf: accept zero-length data in Curl_client_write()
|
|
|
-
|
|
|
- Historically, Curl_client_write() used a length value of 0 as a marker
|
|
|
- for a null-terminated data string. This feature has been removed in
|
|
|
- commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT
|
|
|
- statement rejecting a length with value 0 was introduced, effectively
|
|
|
- precluding use of this function with zero-length data.
|
|
|
+ openldap: process search query response messages one by one
|
|
|
|
|
|
- The current commit removes the DEBUGASSERT and makes the function to
|
|
|
- return immediately if length is 0.
|
|
|
+ Upon receiving large result sets, this reduces memory consumption and
|
|
|
+ allows starting to output results while the transfer is still in
|
|
|
+ progress.
|
|
|
|
|
|
- A direct effect is to fix trying to output a zero-length distinguished
|
|
|
- name in openldap.
|
|
|
+ Closes #8101
|
|
|
+
|
|
|
+- hash: lazy-alloc the table in Curl_hash_add()
|
|
|
|
|
|
- Another DEBUGASSERT statement is also rephrased for better readability.
|
|
|
+ This makes Curl_hash_init() infallible which saves error paths.
|
|
|
|
|
|
- Closes #7898
|
|
|
+ Closes #8132
|
|
|
|
|
|
-- hyper: disable test 1294 since hyper doesn't allow such crazy headers
|
|
|
+- multi: cleanup the socket hash when destroying it
|
|
|
|
|
|
- Closes #7905
|
|
|
+ Since each socket hash entry may themselves have a hash table in them,
|
|
|
+ the destroying of the socket hash needs to make sure all the subhashes
|
|
|
+ are also correctly destroyed to avoid leaking memory.
|
|
|
+
|
|
|
+ Fixes #8129
|
|
|
+ Closes #8131
|
|
|
|
|
|
-- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
|
|
|
+- test1156: fixup the stdout check for Windows
|
|
|
|
|
|
- Verified by the enabled test 1288
|
|
|
+ It is not text mode.
|
|
|
|
|
|
- Closes #7905
|
|
|
+ Follow-up to 6f73e68d182
|
|
|
+
|
|
|
+ Closes #8134
|
|
|
|
|
|
-- test1287: make work on hyper
|
|
|
+- test1528: enable for hyper
|
|
|
|
|
|
- Closes #7905
|
|
|
+ Closes #8128
|
|
|
|
|
|
-- test1266/1267: disabled on hyper: no HTTP/0.9 support
|
|
|
+- test1527: enable for hyper
|
|
|
|
|
|
- Closes #7905
|
|
|
+ Closes #8128
|
|
|
|
|
|
-Viktor Szakats (25 Oct 2021)
|
|
|
-- Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options
|
|
|
+- test1526: enable for hyper
|
|
|
|
|
|
- Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled
|
|
|
- (and then failed with an error when not finding expected OpenSSL headers),
|
|
|
- but this isn't necessarly true, e.g. when building both libssh2 and curl
|
|
|
- against Schannel. This patch makes sure to only enable the OpenSSL backend
|
|
|
- with -libssh2/-rtmp, when there was no SSL option explicitly selected.
|
|
|
+ Closes #8128
|
|
|
+
|
|
|
+- test1525: slightly tweaked for hyper
|
|
|
|
|
|
- - Re-implement the logic as a single block of script.
|
|
|
- - Also fix an indentation while there.
|
|
|
+ Closes #8128
|
|
|
+
|
|
|
+- test1156: enable for hyper
|
|
|
|
|
|
- Assisted-by: Jay Satiro
|
|
|
+ Minor reorg of the lib1156 code and it works fine for hyper.
|
|
|
|
|
|
- Closes #7895
|
|
|
+ Closes #8127
|
|
|
|
|
|
-Daniel Stenberg (25 Oct 2021)
|
|
|
-- docs: consistent use of "Added in"
|
|
|
+- test661: enable for hyper
|
|
|
|
|
|
- Make them all say "Added in [version]" without using 'curl' or 'libcurl'
|
|
|
- in that phrase.
|
|
|
+ Closes #8126
|
|
|
|
|
|
-- man pages: require all to use the same section header order
|
|
|
-
|
|
|
- This is the same order we already enforce among the options' man pages:
|
|
|
- consistency is good. Add lots of previously missing examples.
|
|
|
+- docs: fix proselint nits
|
|
|
|
|
|
- Adjust the manpage-syntax script for this purpose, used in test 1173.
|
|
|
+ - remove a lot of exclamation marks
|
|
|
+ - use consistent spaces (1, not 2)
|
|
|
+ - use better words at some places
|
|
|
|
|
|
- Closes #7904
|
|
|
+ Closes #8123
|
|
|
|
|
|
-- [David Hu brought this change]
|
|
|
+- [RekGRpth brought this change]
|
|
|
|
|
|
- docs/HTTP3: improve build instructions
|
|
|
-
|
|
|
- 1. If writing to a system path if the command is not prefixed with
|
|
|
- `sudo` it will cause a permission denied error
|
|
|
+ BINDINGS.md: add cURL client for PostgreSQL
|
|
|
|
|
|
- 2. The patched OpenSSL branch has been updated to `openssl-3.0.0+quic`
|
|
|
- to match upstream OpenSSL version.
|
|
|
+ Closes #8125
|
|
|
+
|
|
|
+- [RekGRpth brought this change]
|
|
|
+
|
|
|
+ CURLSHOPT_USERDATA.3: fix copy-paste mistake
|
|
|
|
|
|
- 3. We should not disable GnuTLS docs.
|
|
|
+ Closes #8124
|
|
|
+
|
|
|
+- docs: fix minor nroff format nits
|
|
|
|
|
|
- Updated some commands about `make install`
|
|
|
+ Repairs test 1140
|
|
|
|
|
|
- Closes #7842
|
|
|
+ Follow-up to 436cdf82041
|
|
|
|
|
|
-- [Ricardo Martins brought this change]
|
|
|
+- docs/URL-SYNTAX.md: space is not fine in a given URL
|
|
|
|
|
|
- CMake: restore support for SecureTransport on iOS
|
|
|
+- curl_multi_perform/socket_action.3: clarify what errors mean
|
|
|
|
|
|
- Restore support for building curl for iOS with SecureTransport enabled.
|
|
|
+ An error returned from one of these funtions mean that ALL still ongoing
|
|
|
+ transfers are to be considered failed.
|
|
|
|
|
|
- Closes #7501
|
|
|
+ Ref: #8114
|
|
|
+ Closes #8120
|
|
|
|
|
|
-- tests: enable more tests with hyper
|
|
|
+- libcurl-errors.3: add CURLM_ABORTED_BY_CALLBACK
|
|
|
|
|
|
- Adjusted 1144, 1164 and 1176.
|
|
|
+ Follow-up to #8089 (2b3dd01)
|
|
|
|
|
|
- Closes #7900
|
|
|
+ Closes #8116
|
|
|
|
|
|
-- docs: provide "RETURN VALUE" section for more func manpages
|
|
|
+- hash: add asserts to help detect bad usage
|
|
|
|
|
|
- Three were missing, one used a non-standard name for the header.
|
|
|
+ For example trying to add entries after the hash has been "cleaned up"
|
|
|
|
|
|
- Closes #7902
|
|
|
+ Closes #8115
|
|
|
|
|
|
-Jay Satiro (25 Oct 2021)
|
|
|
-- curl_multi_socket_action.3: add a "RETURN VALUE" section
|
|
|
+- lib530: abort on curl_multi errors
|
|
|
|
|
|
- .. because it may not be immediately clear to the user what
|
|
|
- curl_multi_socket_action returns.
|
|
|
+ This makes torture tests run more proper.
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-10/0035.html
|
|
|
+ Also add an assert to trap situations where it would end up with no
|
|
|
+ sockets to wait for.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7901
|
|
|
+ Closes #8121
|
|
|
|
|
|
-Daniel Stenberg (24 Oct 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- FAQ: we never pronounced it "see URL", we say "kurl"
|
|
|
|
|
|
-- [Samuel Henrique brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- tests: use python3 in test 1451
|
|
|
+- CURLOPT_RESOLVE.3: minor polish
|
|
|
|
|
|
- This is a continuation of commit ec91b5a69000bea0794bbb3 in which
|
|
|
- changing this test was missed. There are no other python2 leftovers
|
|
|
- now.
|
|
|
+ Minor rephrasing for some explanations.
|
|
|
|
|
|
- Based on a Debian patch originally written by Alessandro Ghedini
|
|
|
- <ghedo@debian.org>
|
|
|
+ Put the format strings in stand-alone lines with .nf/.fi to be easier to spot.
|
|
|
|
|
|
- Closes #7899
|
|
|
+ Move "added in" to AVAILABILITY
|
|
|
+
|
|
|
+ Closed #8110
|
|
|
|
|
|
-- [Eddie Lumpkin brought this change]
|
|
|
+- test1556: adjust for hyper
|
|
|
+
|
|
|
+ Closes #8105
|
|
|
|
|
|
- lib: fixing comment spelling typos in lib files
|
|
|
+- test1554: adjust for hyper
|
|
|
|
|
|
- Closes #7894
|
|
|
- Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
|
|
|
+ Closes #8104
|
|
|
|
|
|
-- openssl: if verifypeer is not requested, skip the CA loading
|
|
|
+- retry-all-errors.d: make the example complete
|
|
|
|
|
|
- It was previously done mostly to show a match/non-match in the verbose
|
|
|
- output even when verification was not asked for. This change skips the
|
|
|
- loading of the CA certs unless verifypeer is set to save memory and CPU.
|
|
|
+ ... as it needs --retry too to work
|
|
|
+
|
|
|
+- TODO: 5.7 Require HTTP version X or higher
|
|
|
|
|
|
- Closes #7892
|
|
|
+ Closes #7980
|
|
|
|
|
|
-- curl-confopts.m4: remove --enable/disable-hidden-symbols
|
|
|
+- CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
|
|
|
|
|
|
- These configure options have been saying "deprecated" since 9e24b9c7af
|
|
|
- (April 2012). It was about time we remove them.
|
|
|
+ This is the exact same limitation already documented for
|
|
|
+ CURLOPT_WRITEDATA but should be clarified here. It also has a different
|
|
|
+ work-around.
|
|
|
|
|
|
- Closes #7891
|
|
|
+ Reported-by: Stephane Pellegrino
|
|
|
+ Bug: https://github.com/curl/curl/issues/8102
|
|
|
+ Closes #8103
|
|
|
|
|
|
-- c-hyper: don't abort CONNECT responses early when auth-in-progress
|
|
|
+- multi: handle errors returned from socket/timer callbacks
|
|
|
|
|
|
- ... and make sure to stop ignoring the body once the CONNECT is done.
|
|
|
+ The callbacks were partially documented to support this. Now the
|
|
|
+ behavior is documented and returning error from either of these
|
|
|
+ callbacks will effectively kill all currently ongoing transfers.
|
|
|
|
|
|
- This should make test 206 work proper again and not be flaky.
|
|
|
+ Added test 530 to verify
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Reported-by: Marcelo Juchem
|
|
|
+ Fixes #8083
|
|
|
+ Closes #8089
|
|
|
|
|
|
-- hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING
|
|
|
+- http2:set_transfer_url() return early on OOM
|
|
|
|
|
|
- Simply because hyper doesn't have this ability. Mentioned in docs now.
|
|
|
+ If curl_url() returns NULL this should return early to avoid mistakes -
|
|
|
+ even if right now the subsequent function invokes are all OK.
|
|
|
|
|
|
- Skip test 326 then
|
|
|
+ Coverity (wrongly) pointed out this as a NULL deref.
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8100
|
|
|
|
|
|
-- test262: don't attempt with hyper
|
|
|
+- tool_parsecfg: use correct free() call to free memory
|
|
|
|
|
|
- This test verifies that curl works with binary zeroes in HTTP response
|
|
|
- headers and hyper refuses such. They're not kosher http.
|
|
|
+ Detected by Coverity. CID 1494642.
|
|
|
+ Follow-up from 2be1aa619bca
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8099
|
|
|
|
|
|
-- c-hyper: make test 217 run
|
|
|
+- tool_operate: fix potential memory-leak
|
|
|
|
|
|
- Closes #7889
|
|
|
+ A 'CURLU *' would leak if url_proto() is called with no URL.
|
|
|
+
|
|
|
+ Detected by Coverity. CID 1494643.
|
|
|
+ Follow-up to 18270893abdb19
|
|
|
+ Closes #8098
|
|
|
|
|
|
-- DISABLED: enable test 209+213 for hyper
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ openldap: implement STARTTLS
|
|
|
|
|
|
- Follow-up to 823d3ab855c
|
|
|
+ As this introduces use of CURLOPT_USE_SSL option for LDAP, also check
|
|
|
+ this option in ldap.c as it is not supported by this backend.
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8065
|
|
|
|
|
|
-- test207: accept a different error code for hyper
|
|
|
+- [Jun Tseng brought this change]
|
|
|
+
|
|
|
+ curl_easy_unescape.3: call curl_easy_cleanup in example
|
|
|
|
|
|
- It returns HYPERE_UNEXPECTED_EOF for this case which we convert to the
|
|
|
- somewhat generic CURLE_RECV_ERROR.
|
|
|
+ Closes #8097
|
|
|
+
|
|
|
+- [Jun Tseng brought this change]
|
|
|
+
|
|
|
+ curl_easy_escape.3: call curl_easy_cleanup in example
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8097
|
|
|
|
|
|
-- [Érico Nogueira brought this change]
|
|
|
+- tool_listhelp: sync
|
|
|
+
|
|
|
+ Follow-up to 172068b76f
|
|
|
|
|
|
- INSTALL: update symbol hiding option
|
|
|
+- [Damien Walsh brought this change]
|
|
|
+
|
|
|
+ request.d: refer to 'method' rather than 'command'
|
|
|
|
|
|
- --enable-hidden-symbols was deprecated in
|
|
|
- 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224.
|
|
|
+ Closes #8094
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- writeout: fix %{http_version} for HTTP/3
|
|
|
|
|
|
- Closes #7890
|
|
|
+ Output "3" properly when HTTP/3 was used.
|
|
|
+
|
|
|
+ Reported-by: Bernat Mut
|
|
|
+ Fixes #8072
|
|
|
+ Closes #8092
|
|
|
|
|
|
-- http_proxy: multiple CONNECT with hyper done better
|
|
|
+- urlapi: accept port number zero
|
|
|
|
|
|
- Enabled test 206
|
|
|
+ This is a regression since 7.62.0 (fb30ac5a2d).
|
|
|
|
|
|
- Closes #7888
|
|
|
+ Updated test 1560 accordingly
|
|
|
+
|
|
|
+ Reported-by: Brad Fitzpatrick
|
|
|
+ Fixes #8090
|
|
|
+ Closes #8091
|
|
|
|
|
|
-- hyper: pass the CONNECT line to the debug callback
|
|
|
+- [Mark Dodgson brought this change]
|
|
|
+
|
|
|
+ lift: ignore is a deprecated config option, use ignoreRules
|
|
|
|
|
|
- Closes #7887
|
|
|
+ Closes #8082
|
|
|
|
|
|
-- mailmap: Malik Idrees Hasan Khan
|
|
|
+- [Alessandro Ghedini brought this change]
|
|
|
|
|
|
-Jay Satiro (21 Oct 2021)
|
|
|
-- [Malik Idrees Hasan Khan brought this change]
|
|
|
+ HTTP3: update quiche build instructions
|
|
|
+
|
|
|
+ The repo repo was re-organized a bit, so the build instructions need to
|
|
|
+ be updated.
|
|
|
+
|
|
|
+ Closes #8076
|
|
|
|
|
|
- build: fix typos
|
|
|
+- CURLMOPT_TIMERFUNCTION.3: call it expire time, not interval
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7886
|
|
|
+ Since we say it is a non-repating timer
|
|
|
|
|
|
-- URL-SYNTAX: add IMAP UID SEARCH example
|
|
|
+- [Florian Van Heghe brought this change]
|
|
|
+
|
|
|
+ mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB
|
|
|
|
|
|
- - Explain the difference between IMAP search via URL (which returns
|
|
|
- message sequence numbers) and IMAP search via custom request (which
|
|
|
- can return UID numbers if prefixed with UID, eg "UID SEARCH ...").
|
|
|
+ Fixes #8079
|
|
|
+ Closes #8081
|
|
|
+
|
|
|
+Jay Satiro (2 Dec 2021)
|
|
|
+- [Wyatt O'Day brought this change]
|
|
|
+
|
|
|
+ version_win32: Check build number and platform id
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/issues/7626
|
|
|
- Reported-by: orycho@users.noreply.github.com
|
|
|
+ Prior to this change the build number was not checked during version
|
|
|
+ comparison, and the platform id was supposed to be checked but wasn't.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/2789
|
|
|
+ Checking the build number is required for enabling "evergreen"
|
|
|
+ Windows 10/11 features (like TLS 1.3).
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7881
|
|
|
-
|
|
|
-Daniel Stenberg (20 Oct 2021)
|
|
|
-- manpage: adjust the asterisk in some SYNOPSIS sections
|
|
|
+ Ref: https://github.com/curl/curl/pull/7784
|
|
|
|
|
|
- Closes #7884
|
|
|
+ Closes https://github.com/curl/curl/pull/7824
|
|
|
+ Closes https://github.com/curl/curl/pull/7867
|
|
|
|
|
|
-- curl_multi_perform.3: polish wording
|
|
|
+- libssh2: fix error message for sha256 mismatch
|
|
|
|
|
|
- - simplify the example by using curl_multi_poll
|
|
|
+ - On mismatch error show sha256 fingerprint in base64 format.
|
|
|
|
|
|
- - mention curl_multi_add_handle in the text
|
|
|
+ Prior to this change the fingerprint was mistakenly printed in binary.
|
|
|
+
|
|
|
+Daniel Stenberg (1 Dec 2021)
|
|
|
+- [x2018 brought this change]
|
|
|
+
|
|
|
+ openssl: check the return value of BIO_new()
|
|
|
|
|
|
- - cut out the description of pre-7.20.0 return code behavior - that version
|
|
|
- is now more than eleven years old and is basically no longer out there
|
|
|
+ Closes #8078
|
|
|
+
|
|
|
+Dan Fandrich (30 Nov 2021)
|
|
|
+- docs: Update the Reducing Size section
|
|
|
|
|
|
- - adjust the "typical usage" to mention curl_multi_poll
|
|
|
+ Add many more options that can reduce the size of the binary that were
|
|
|
+ added since the last update. Update the sample minimal binary size for
|
|
|
+ version 7.80.0.
|
|
|
+
|
|
|
+- tests: Add some missing keywords to tests
|
|
|
|
|
|
- Closes #7883
|
|
|
+ These are needed to skip some tests when configure options have disabled
|
|
|
+ certain features.
|
|
|
|
|
|
-- docs/THANKS: removed on request
|
|
|
+Daniel Stenberg (30 Nov 2021)
|
|
|
+- [Florian Van Heghe brought this change]
|
|
|
|
|
|
-- FAQ: polish the explanation of libcurl
|
|
|
+ mbedTLS: add support for CURLOPT_CAINFO_BLOB
|
|
|
+
|
|
|
+ Closes #8071
|
|
|
|
|
|
-- curl_easy_perform.3: minor wording tweak
|
|
|
+- [Glenn Strauss brought this change]
|
|
|
|
|
|
-- [Erik Stenlund brought this change]
|
|
|
+ digest: compute user:realm:pass digest w/o userhash
|
|
|
+
|
|
|
+ https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4
|
|
|
+ ... the client MUST calculate a hash of the username after
|
|
|
+ any other hash calculation ...
|
|
|
+
|
|
|
+ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
|
|
+ Closes #8066
|
|
|
|
|
|
- mime: mention CURL_DISABLE_MIME in comment
|
|
|
+- config.d: update documentation to match the path search
|
|
|
|
|
|
- CURL_DISABLE_MIME is not mentioned in the comment describing the if else
|
|
|
- preprocessor directive.
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+
|
|
|
+- tool_findfile: search for a file in the homedir
|
|
|
|
|
|
- Closes #7882
|
|
|
+ The homedir() function is now renamed into findfile() and iterates over
|
|
|
+ all the environment variables trying to access the file in question
|
|
|
+ until it finds it. Last resort is then getpwuid() if
|
|
|
+ available. Previously it would first try to find a home directory and if
|
|
|
+ that was set, insist on checking only that directory for the file. This
|
|
|
+ now returns the full file name it finds.
|
|
|
+
|
|
|
+ The Windows specific checks are now done differently too and in this
|
|
|
+ order:
|
|
|
+
|
|
|
+ 1 - %USERPROFILE%
|
|
|
+ 2 - %APPDATA%
|
|
|
+ 3 - %USERPROFILE%\\Application Data
|
|
|
+
|
|
|
+ The windows order is modified to match how the Windows 10 ssh tool works
|
|
|
+ when it searches for .ssh/known_hosts.
|
|
|
+
|
|
|
+ Reported-by: jeffrson on github
|
|
|
+ Co-authored-by: Jay Satiro
|
|
|
+ Fixes #8033
|
|
|
+ Closes #8035
|
|
|
|
|
|
-- tls: remove newline from three infof() calls
|
|
|
+- docs: consistent manpage SYNOPSIS
|
|
|
|
|
|
- Follow-up to e7416cf
|
|
|
+ Make all libcurl related options use .nf (no fill) for the SYNOPSIS
|
|
|
+ section - for consistent look. roffit then renders that section using
|
|
|
+ <pre> (monospace font) in html for the website.
|
|
|
|
|
|
- Reported-by: billionai on github
|
|
|
- Fixes #7879
|
|
|
- Closes #7880
|
|
|
+ Extended manpage-syntax (test 1173) with a basic check for it.
|
|
|
+
|
|
|
+ Closes #8062
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- curl_gssapi: fix build warnings by removing const
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ openldap: handle connect phase with a state machine
|
|
|
|
|
|
- Follow-up to 20e980f85b0ea6
|
|
|
+ Closes #8054
|
|
|
+
|
|
|
+- docs: address proselint nits
|
|
|
|
|
|
- In #7875 these inits were modified but I get two warnings that these new
|
|
|
- typecasts are necessary for.
|
|
|
+ - avoid exclamation marks
|
|
|
+ - use consistent number of spaces after periods: one
|
|
|
+ - avoid clichés
|
|
|
+ - avoid using 'very'
|
|
|
|
|
|
- Closes #7876
|
|
|
+ Closes #8060
|
|
|
|
|
|
-- [Bo Anderson brought this change]
|
|
|
+- [Bruno Baguette brought this change]
|
|
|
|
|
|
- curl_gssapi: fix link error on macOS Monterey
|
|
|
+ FAQ: typo fix : "yout" ➤ "your"
|
|
|
|
|
|
- Fixes #7657
|
|
|
- Closes #7875
|
|
|
+ Closes #8059
|
|
|
|
|
|
-- test1185: verify checksrc
|
|
|
-
|
|
|
- Closes #7866
|
|
|
+- [Bruno Baguette brought this change]
|
|
|
|
|
|
-- checksrc: improve the SPACESEMICOLON error message
|
|
|
+ docs/INSTALL.md: typo fix : added missing "get" verb
|
|
|
|
|
|
- and adjust the MULTISPACE one to use plural
|
|
|
+ Closes #8058
|
|
|
+
|
|
|
+- insecure.d: detail its use for SFTP and SCP as well
|
|
|
|
|
|
- Closes #7866
|
|
|
+ Closes #8056
|
|
|
|
|
|
-- url: set "k->size" -1 at start of request
|
|
|
+Viktor Szakats (25 Nov 2021)
|
|
|
+- Makefile.m32: rename -winssl option to -schannel and tidy up
|
|
|
|
|
|
- The size of the transfer is unknown at that point.
|
|
|
+ - accept `-schannel` as an alternative to `CFG` option `-winssl`
|
|
|
+ (latter still accepted, but deprecated)
|
|
|
+ - rename internal variable `WINSSL` to `SCHANNEL`
|
|
|
+ - make the `CFG` option evaluation shorter, without repeating the option
|
|
|
+ name
|
|
|
|
|
|
- Fixes #7871
|
|
|
- Closes #7872
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #8053
|
|
|
|
|
|
-Daniel Gustafsson (18 Oct 2021)
|
|
|
-- doh: remove experimental code for DoH with GET
|
|
|
-
|
|
|
- The code for sending DoH requests with GET was never enabled in a way
|
|
|
- such that it could be used or tested. As there haven't been requests
|
|
|
- for this feature, and since it at this is effectively dead, remove it
|
|
|
- and favor reimplementing the feature in case anyone is interested.
|
|
|
+Daniel Stenberg (25 Nov 2021)
|
|
|
+- KNOWN_BUGS: 5.6 make distclean loops forever
|
|
|
|
|
|
- Closes #7870
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Reported-by: David Bohman
|
|
|
+ Closes #7716
|
|
|
|
|
|
-Daniel Stenberg (18 Oct 2021)
|
|
|
-- cirrus: remove FreeBSD 11.4 from the matrix
|
|
|
+- KNOWN_BUGS: add one, remove one
|
|
|
|
|
|
- It has reached End-Of-Life and causes some LDAP CI issues.
|
|
|
+ - 5.10 SMB tests fail with Python 2
|
|
|
|
|
|
- Closes #7869
|
|
|
-
|
|
|
-- cirrus: switch to openldap24-client
|
|
|
+ Just use python 3.
|
|
|
|
|
|
- ... as it seems openldap-client doesn't exist anymore.
|
|
|
+ + 5.10 curl hangs on SMB upload over stdin
|
|
|
|
|
|
- Reported-by: Jay Satiro
|
|
|
- Fixes #7868
|
|
|
- Closes #7869
|
|
|
+ Closes #7896
|
|
|
|
|
|
-- checksrc: ignore preprocessor lines
|
|
|
+- urlapi: provide more detailed return codes
|
|
|
|
|
|
- In order to check the actual code better, checksrc now ignores
|
|
|
- everything that look like preprocessor instructions. It also means
|
|
|
- that code in macros are now longer checked.
|
|
|
+ Previously, the return code CURLUE_MALFORMED_INPUT was used for almost
|
|
|
+ 30 different URL format violations. This made it hard for users to
|
|
|
+ understand why a particular URL was not acceptable. Since the API cannot
|
|
|
+ point out a specific position within the URL for the problem, this now
|
|
|
+ instead introduces a number of additional and more fine-grained error
|
|
|
+ codes to allow the API to return more exactly in what "part" or section
|
|
|
+ of the URL a problem was detected.
|
|
|
|
|
|
- Note that some rules then still don't need to be followed when code is
|
|
|
- exactly below a cpp instruction.
|
|
|
+ Also bug-fixes curl_url_get() with CURLUPART_ZONEID, which previously
|
|
|
+ returned CURLUE_OK even if no zoneid existed.
|
|
|
|
|
|
- Removes two checksrc exceptions we needed previously because of
|
|
|
- preprocessor lines being checked.
|
|
|
+ Test cases in 1560 have been adjusted and extended. Tests 1538 and 1559
|
|
|
+ have been updated.
|
|
|
|
|
|
- Reported-by: Marcel Raad
|
|
|
- Fixes #7863
|
|
|
- Closes #7864
|
|
|
+ Updated libcurl-errors.3 and curl_url_strerror() accordingly.
|
|
|
+
|
|
|
+ Closes #8049
|
|
|
|
|
|
-- urlapi: skip a strlen(), pass in zero
|
|
|
+- urlapi: make Curl_is_absolute_url always use MAX_SCHEME_LEN
|
|
|
|
|
|
- ... to let curl_easy_escape() itself do the strlen. This avoids a (false
|
|
|
- positive) Coverity warning and it avoids us having to store the strlen()
|
|
|
- return value in an int variable.
|
|
|
+ Instad of having all callers pass in the maximum length, always use
|
|
|
+ it. The passed in length is instead used only as the length of the
|
|
|
+ target buffer for to storing the scheme name in, if used.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7862
|
|
|
+ Added the scheme max length restriction to the curl_url_set.3 man page.
|
|
|
+
|
|
|
+ Follow-up to 45bcb2eaa78c79
|
|
|
+
|
|
|
+ Closes #8047
|
|
|
|
|
|
-- misc: update copyright years
|
|
|
+- [Jay Satiro brought this change]
|
|
|
|
|
|
-- examples/htmltidy: correct wrong printf() use
|
|
|
+ cmake: warn on use of the now deprecated symbols
|
|
|
|
|
|
- ... and update the includes to match how current htmltidy wants them
|
|
|
- used.
|
|
|
+ Follow-up to 9108da2c26d
|
|
|
|
|
|
- Reported-by: Stathis Kapnidis
|
|
|
- Fixes #7860
|
|
|
- Closes #7861
|
|
|
+ Closes #8052
|
|
|
|
|
|
-Jay Satiro (15 Oct 2021)
|
|
|
-- http: set content length earlier
|
|
|
-
|
|
|
- - Make content length (ie download size) accessible to the user in the
|
|
|
- header callback, but only after all headers have been processed (ie
|
|
|
- only in the final call to the header callback).
|
|
|
+- [Kevin Burke brought this change]
|
|
|
+
|
|
|
+ tests/CI.md: add more information on CI environments
|
|
|
|
|
|
- Background:
|
|
|
+ Fixes #8012
|
|
|
+ Closes #8022
|
|
|
+
|
|
|
+- cmake: private identifiers use CURL_ instead of CMAKE_ prefix
|
|
|
|
|
|
- For a long time the content length could be retrieved in the header
|
|
|
- callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
|
|
|
- by curl.
|
|
|
+ Since the 'CMAKE_' prefix is reserved for cmake's own private use.
|
|
|
+ Ref: https://cmake.org/cmake/help/latest/manual/cmake-variables.7.html
|
|
|
|
|
|
- Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
|
|
|
- if any transfer encoding is used. A side effect of that was that
|
|
|
- content length was not set by libcurl until after the header callback
|
|
|
- was called the final time, because until all headers are processed it
|
|
|
- cannot be determined if content length is valid.
|
|
|
+ Reported-by: Boris Rasin
|
|
|
+ Fixes #7988
|
|
|
+ Closes #8044
|
|
|
+
|
|
|
+- urlapi: reject short file URLs
|
|
|
|
|
|
- This change keeps the same intention --all headers must be processed--
|
|
|
- but now the content length is available before the final call to the
|
|
|
- header function that indicates all headers have been processed (ie
|
|
|
- a blank header).
|
|
|
+ file URLs that are 6 bytes or shorter are not complete. Return
|
|
|
+ CURLUE_MALFORMED_INPUT for those. Extended test 1560 to verify.
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
|
|
|
- Reported-by: sergio-nsk@users.noreply.github.com
|
|
|
+ Triggered by #8041
|
|
|
+ Closes #8042
|
|
|
+
|
|
|
+- curl: improve error message for --head with -J
|
|
|
|
|
|
- Co-authored-by: Daniel Stenberg
|
|
|
+ ... it now focuses on the "output of headers" combined with the
|
|
|
+ --remote-header-name option, as that is actually the problem. Both
|
|
|
+ --head and --include can output headers.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7804
|
|
|
- Closes https://github.com/curl/curl/pull/7803
|
|
|
+ Reported-by: nimaje on github
|
|
|
+ Fixes #7987
|
|
|
+ Closes #8045
|
|
|
|
|
|
-Daniel Stenberg (15 Oct 2021)
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- aws-sigv4: make signature work when post data is binary
|
|
|
+- [Stefan Eissing brought this change]
|
|
|
+
|
|
|
+ urlapi: cleanup scheme parsing
|
|
|
|
|
|
- User sets the post fields size for binary data. Hence, we should not be
|
|
|
- using strlen on it.
|
|
|
+ Makea Curl_is_absolute_url() always leave a defined 'buf' and avoids
|
|
|
+ copying on urls that do not start with a scheme.
|
|
|
|
|
|
- Added test 1937 and 1938 to verify.
|
|
|
+ Closes #8043
|
|
|
+
|
|
|
+- tool_operate: only set SSH related libcurl options for SSH URLs
|
|
|
|
|
|
- Closes #7844
|
|
|
+ For example, this avoids trying to find and set the known_hosts file (or
|
|
|
+ warn for its absence) if SFTP or SCP are not used.
|
|
|
+
|
|
|
+ Closes #8040
|
|
|
|
|
|
-- [a1346054 brought this change]
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- MacOSX-Framework: remove redundant ';'
|
|
|
+ rustls: remove comment about checking handshaking
|
|
|
|
|
|
- Closes #7859
|
|
|
+ The comment is incorrect in two ways:
|
|
|
+ - It says the check needs to be last, but the check is actually first.
|
|
|
+ - is_handshaking actually starts out true.
|
|
|
+
|
|
|
+ Closes #8038
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+Marcel Raad (20 Nov 2021)
|
|
|
+- openssl: use non-deprecated API to read key parameters
|
|
|
+
|
|
|
+ With OpenSSL 3.0, the parameters are read directly from the `EVP_PKEY`
|
|
|
+ using `EVP_PKEY_get_bn_param`.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
-- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
|
|
|
+- openssl: reduce code duplication
|
|
|
|
|
|
- One reason we know it can fail is if a provider is used that doesn't do
|
|
|
- a proper job or is wrongly configured.
|
|
|
+ `BN_print`'s `BIGNUM` parameter has been `const` since OpenSSL 0.9.4.
|
|
|
|
|
|
- Reported-by: Michael Baentsch
|
|
|
- Fixes #7840
|
|
|
- Closes #7856
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
-Marcel Raad (14 Oct 2021)
|
|
|
-- [Ryan Mast brought this change]
|
|
|
+- openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
|
|
|
+
|
|
|
+ The flag has been deprecated without replacement in OpenSSL 3.0.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
- cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend on it
|
|
|
+- openssl: remove usage of deprecated `SSL_get_peer_certificate`
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7822
|
|
|
+ The function name was changed to `SSL_get1_peer_certificate` in OpenSSL
|
|
|
+ 3.0.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
-Daniel Stenberg (14 Oct 2021)
|
|
|
-- http: remove assert that breaks hyper
|
|
|
+Daniel Stenberg (19 Nov 2021)
|
|
|
+- page-footer: fix typo
|
|
|
|
|
|
- Reported-by: Jay Satiro
|
|
|
- Fixes #7852
|
|
|
- Closes #7855
|
|
|
+ Closes #8036
|
|
|
|
|
|
-- http_proxy: fix one more result assign for hyper
|
|
|
+- http: enable haproxy support for hyper backend
|
|
|
|
|
|
- and remove the bad assert again, since it was run even with no error!
|
|
|
+ This is done by having native code do the haproxy header output before
|
|
|
+ hyper issues its request. The little downside with this approach is that
|
|
|
+ we need the entire Curl_buffer_send() function built, which is otherwise
|
|
|
+ not used for hyper builds.
|
|
|
|
|
|
- Closes #7854
|
|
|
+ If hyper ends up getting native support for the haproxy protocols we can
|
|
|
+ backpedal on this.
|
|
|
+
|
|
|
+ Enables test 1455 and 1456
|
|
|
+
|
|
|
+ Closes #8034
|
|
|
|
|
|
-Jay Satiro (14 Oct 2021)
|
|
|
-- sws: fix memory leak on exit
|
|
|
+- [Bernhard Walle brought this change]
|
|
|
+
|
|
|
+ configure: fix runtime-lib detection on macOS
|
|
|
|
|
|
- - Free the allocated http request struct on cleanup.
|
|
|
+ With a non-standard installation of openssl we get this error:
|
|
|
|
|
|
- Prior to this change if sws was built with leak sanitizer it would
|
|
|
- report a memory leak error during testing.
|
|
|
+ checking run-time libs availability... failed
|
|
|
+ configure: error: one or more libs available at link-time are not available run-time. Libs used at link-time: -lnghttp2 -lssl -lcrypto -lssl -lcrypto -lz
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7849
|
|
|
-
|
|
|
-Daniel Stenberg (14 Oct 2021)
|
|
|
-- c-hyper: make Curl_http propagate errors better
|
|
|
+ There's already code to set LD_LIBRARY_PATH on Linux, so set
|
|
|
+ DYLD_LIBRARY_PATH equivalent on macOS.
|
|
|
|
|
|
- Pass on better return codes when errors occur within Curl_http instead
|
|
|
- of insisting that CURLE_OUT_OF_MEMORY is the only possible one.
|
|
|
+ Closes #8028
|
|
|
+
|
|
|
+- [Don J Olmstead brought this change]
|
|
|
+
|
|
|
+ cmake: don't set _USRDLL on a static Windows build
|
|
|
|
|
|
- Pointed-out-by: Jay Satiro
|
|
|
- Closes #7851
|
|
|
+ Closes #8030
|
|
|
|
|
|
-- http_proxy: make hyper CONNECT() return the correct error code
|
|
|
+- page-footer: document more environment variables
|
|
|
|
|
|
- For every 'goto error', make sure the result variable holds the error
|
|
|
- code for what went wrong.
|
|
|
+ ... that curl might use.
|
|
|
|
|
|
- Reported-by: Rafał Mikrut
|
|
|
- Fixes #7825
|
|
|
- Closes #7846
|
|
|
+ Closes #8027
|
|
|
|
|
|
-- docs/Makefile.am: repair 'make html'
|
|
|
+- netrc.d: edit the .netrc example to look nicer
|
|
|
|
|
|
- by removing index.html which isn't around anymore
|
|
|
+ Works nicely thanks to d1828b470f43d
|
|
|
|
|
|
- Closes #7853
|
|
|
+ Closes #8025
|
|
|
|
|
|
-- [Борис Верховский brought this change]
|
|
|
+- tftp: mark protocol as not possible to do over CONNECT
|
|
|
+
|
|
|
+ ... and make connect_init() refusing trying to tunnel protocols marked
|
|
|
+ as not working. Avoids a double-free.
|
|
|
+
|
|
|
+ Reported-by: Even Rouault
|
|
|
+ Fixes #8018
|
|
|
+ Closes #8020
|
|
|
|
|
|
- curl: correct grammar in generated libcurl code
|
|
|
+- docs/cmdline-opts: do not say "protocols: all"
|
|
|
|
|
|
- Closes #7802
|
|
|
+ Remove the lines saying "protocols: all". It makes the output in the
|
|
|
+ manpage look funny, and the expectation is probably by default that if
|
|
|
+ not anything is mentioned about protocols the option apply to them all.
|
|
|
+
|
|
|
+ Closes #8021
|
|
|
|
|
|
-- tests: disable test 2043
|
|
|
+- curl.1: require "see also" for every documented option
|
|
|
|
|
|
- It uses revoked.badssl.com which now is expired and therefor this now
|
|
|
- permafails. We should not use external sites for tests, this test should
|
|
|
- be converted to use our own infra.
|
|
|
+ gen.pl now generates a warning if the "See Also" field is not filled in for a
|
|
|
+ command line option
|
|
|
|
|
|
- Closes #7845
|
|
|
+ All command line options now provide one or more related options. 167
|
|
|
+ "See alsos" added!
|
|
|
+
|
|
|
+ Closes #8019
|
|
|
|
|
|
-- runtests: split out ignored tests
|
|
|
+- insecure.d: expand and clarify
|
|
|
|
|
|
- Report ignore tests separately from the actual fails.
|
|
|
+ Closes #8017
|
|
|
+
|
|
|
+- gen.pl: improve example output format
|
|
|
|
|
|
- Don't exit non-zero if test servers couldn't get killed.
|
|
|
+ Treat consecutive lines that start with a space to be "examples". They
|
|
|
+ are output enclosed by .nf and .fi
|
|
|
|
|
|
- Assisted-by: Jay Satiro
|
|
|
+ Updated form.d to use this new fanciness
|
|
|
|
|
|
- Fixes #7818
|
|
|
- Closes #7841
|
|
|
+ Closes #8016
|
|
|
|
|
|
-- http2: make getsock not wait for write if there's no remote window
|
|
|
+- Revert "form-escape.d: double the back-slashes for proper man page output"
|
|
|
|
|
|
- While uploading, check for remote window availability in the getsock
|
|
|
- function so that we don't wait for a writable socket if no data can be
|
|
|
- sent.
|
|
|
+ This reverts commit a2d8eac04a4eb1d5a98cf24b4e5cec5cec565d27.
|
|
|
|
|
|
- Reported-by: Steini2000 on github
|
|
|
- Fixes #7821
|
|
|
- Closes #7839
|
|
|
+ silly me, it was intended to be one backslash!
|
|
|
|
|
|
-- test368: verify dash is appended for "-r [num]"
|
|
|
+- form-escape.d: double the back-slashes for proper man page output
|
|
|
+
|
|
|
+- page-footer: add a mention of how to report bugs to the man page
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Follow-up to 8758a26f8878
|
|
|
+ and bump to 7.81.0-DEV
|
|
|
|
|
|
-- [Борис Верховский brought this change]
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- curl: actually append "-" to --range without number only
|
|
|
+ mime: use percent-escaping for multipart form field and file names
|
|
|
|
|
|
- Closes #7837
|
|
|
+ Until now, form field and file names where escaped using the
|
|
|
+ backslash-escaping algorithm defined for multipart mails. This commit
|
|
|
+ replaces this with the percent-escaping method for URLs.
|
|
|
+
|
|
|
+ As this may introduce incompatibilities with server-side applications, a
|
|
|
+ new libcurl option CURLOPT_MIME_OPTIONS with bitmask
|
|
|
+ CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of
|
|
|
+ backslash-escaping. This is controlled by new cli tool option
|
|
|
+ --form-escape.
|
|
|
+
|
|
|
+ New tests and documentation are provided for this feature.
|
|
|
+
|
|
|
+ Reported by: Ryan Sleevi
|
|
|
+ Fixes #7789
|
|
|
+ Closes #7805
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
-- urlapi: URL decode percent-encoded host names
|
|
|
+ zuul.d: update rustls-ffi to version 0.8.2
|
|
|
|
|
|
- The host name is stored decoded and can be encoded when used to extract
|
|
|
- the full URL. By default when extracting the URL, the host name will not
|
|
|
- be URL encoded to work as similar as possible as before. When not URL
|
|
|
- encoding the host name, the '%' character will however still be encoded.
|
|
|
+ This version fixes errors with ALPN negotiation in rustls, which is
|
|
|
+ necessary for HTTP/2 support. For more information see the rustls-ffi
|
|
|
+ changelog.
|
|
|
|
|
|
- Getting the URL with the CURLU_URLENCODE flag set will percent encode
|
|
|
- the host name part.
|
|
|
+ Closes #8013
|
|
|
+
|
|
|
+- configure: better diagnostics if hyper is built wrong
|
|
|
|
|
|
- As a bonus, setting the host name part with curl_url_set() no longer
|
|
|
- accepts a name that contains space, CR or LF.
|
|
|
+ If hyper is indeed present in the specified directory but couldn't be
|
|
|
+ used to find the correct symbol, then offer a different error message to
|
|
|
+ better help the user understand the issue.
|
|
|
|
|
|
- Test 1560 has been extended to verify percent encodings.
|
|
|
+ Suggested-by: Jacob Hoffman-Andrews
|
|
|
+ Fixes #8001
|
|
|
+ Closes #8005
|
|
|
+
|
|
|
+- test1939: require proxy support to run
|
|
|
|
|
|
- Reported-by: Noam Moshe
|
|
|
- Reported-by: Sharon Brizinov
|
|
|
- Reported-by: Raul Onitza-Klugman
|
|
|
- Reported-by: Kirill Efimov
|
|
|
- Fixes #7830
|
|
|
- Closes #7834
|
|
|
+ Follow-up to f0b7099a10d1a
|
|
|
+
|
|
|
+ Closes #8011
|
|
|
|
|
|
-Marc Hoersken (8 Oct 2021)
|
|
|
-- CI/makefiles: introduce dedicated test target
|
|
|
+- test302[12]: run only with the libssh2 backend
|
|
|
|
|
|
- Make it easy to use the same set of test flags
|
|
|
- throughout all current and future CI builds.
|
|
|
+ ... as the others don't support --hostpubsha256
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
+ Reported-by: Paul Howarth
|
|
|
+ Fixes #8009
|
|
|
+ Closes #8010
|
|
|
+
|
|
|
+- runtests: make the SSH library a testable feature
|
|
|
|
|
|
- Follow up to #7690
|
|
|
- Closes #7785
|
|
|
+ libssh2, libssh and wolfssh
|
|
|
|
|
|
-Daniel Stenberg (8 Oct 2021)
|
|
|
-- maketgz: redirect updatemanpages.pl output to /dev/null
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-- CURLOPT_HTTPHEADER.3: add descripion for specific headers
|
|
|
-
|
|
|
- Settting Host: or Transfer-Encoding: chunked actually have special
|
|
|
- meanings to libcurl. This change tries to document them
|
|
|
+ rustls: read of zero bytes might be okay
|
|
|
|
|
|
- Closes #7829
|
|
|
-
|
|
|
-- c-hyper: use hyper_request_set_uri_parts to make h2 better
|
|
|
+ When we're reading out plaintext from rustls' internal buffers, we might
|
|
|
+ get a read of zero bytes (meaning a clean TCP close, including
|
|
|
+ close_notify). However, we shouldn't return immediately when that
|
|
|
+ happens, since we may have already copied out some plaintext bytes.
|
|
|
+ Break out of the loop when we get a read of zero bytes, and figure out
|
|
|
+ which path we're dealing with.
|
|
|
|
|
|
- and make sure to not send Host: over h2.
|
|
|
+ Acked-by: Kevin Burke
|
|
|
|
|
|
- Fixes #7679
|
|
|
- Reported-by: David Cook
|
|
|
- Closes #7827
|
|
|
+ Closes #8003
|
|
|
|
|
|
-- [Michael Afanasiev brought this change]
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- curl-openssl.m4: modify library order for openssl linking
|
|
|
+ rustls: remove incorrect EOF check
|
|
|
|
|
|
- lcrypto may depend on lz, and configure corrently fails with when
|
|
|
- statically linking as the order is "-lz -lcrypto". This commit switches
|
|
|
- the order to "-lcrypto -lz".
|
|
|
+ The update to rustls-ffi 0.8.0 changed handling of EOF and close_notify.
|
|
|
+ From the CHANGELOG:
|
|
|
|
|
|
- Closes #7826
|
|
|
-
|
|
|
-Marcel Raad (7 Oct 2021)
|
|
|
-- sha256: use high-level EVP interface for OpenSSL
|
|
|
+ > Handling of unclean close and the close_notify TLS alert. Mirroring
|
|
|
+ > upstream changes, a rustls_connection now tracks TCP closed state like
|
|
|
+ > so: rustls_connection_read_tls considers a 0-length read from its
|
|
|
+ > callback to mean "TCP stream was closed by peer." If that happens
|
|
|
+ > before the peer sent close_notify, rustls_connection_read will return
|
|
|
+ > RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are
|
|
|
+ > exhausted. This is useful to protect against truncation attacks. Note:
|
|
|
+ > some TLS implementations don't send close_notify. If you are already
|
|
|
+ > getting length information from your protocol (e.g. Content-Length in
|
|
|
+ > HTTP) you may choose to ignore UNEXPECTED_EOF so long as the number of
|
|
|
+ > plaintext bytes was as expected.
|
|
|
|
|
|
- Available since OpenSSL 0.9.7. The low-level SHA256 interface is
|
|
|
- deprecated in OpenSSL v3, and its usage was discouraged even before.
|
|
|
+ That means we don't need to check for unclean EOF in `cr_recv()`,
|
|
|
+ because `process_new_packets()` will give us an error if appropriate.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7808
|
|
|
+ Closes #8003
|
|
|
|
|
|
-- curl_ntlm_core: use OpenSSL only if DES is available
|
|
|
+- lib1939: make it endure torture tests
|
|
|
|
|
|
- This selects another SSL backend then if available, or otherwise at
|
|
|
- least gives a meaningful error message.
|
|
|
+ Follow-up to f0b7099a10d1a
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7808
|
|
|
+ Closes #8007
|
|
|
|
|
|
-- md5: fix compilation with OpenSSL 3.0 API
|
|
|
+- azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
|
|
|
|
|
|
- Only use OpenSSL's MD5 code if it's available.
|
|
|
+ The configure line would previously depend on a configure mistake using
|
|
|
+ --without-openssl that is fixed and now this configure line needs
|
|
|
+ adjusting to use --without-ssl.
|
|
|
|
|
|
- Also fix wolfSSL build with `NO_MD5`, in which case neither the
|
|
|
- wolfSSL/OpenSSL implementation nor the fallback implementation was
|
|
|
- used.
|
|
|
+ Follow-up to b589696f0312d
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7808
|
|
|
+ Closes #8006
|
|
|
|
|
|
-Daniel Stenberg (7 Oct 2021)
|
|
|
-- print_category: printf %*s needs an int argument
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
+
|
|
|
+ configure: add -lm to configure for rustls build.
|
|
|
|
|
|
- ... not a size_t!
|
|
|
+ Note: The list of libraries that rustc tells us we need to include is
|
|
|
+ longer, but also includes some more platform-specific libraries that I
|
|
|
+ am not sure how to effectively incorporate. Adding just -lm seems to
|
|
|
+ solve an immediate problem, so I'm adding just that.
|
|
|
|
|
|
- Detected by Coverity: CID 1492331.
|
|
|
- Closes #7823
|
|
|
+ Closes #8002
|
|
|
|
|
|
-Jay Satiro (7 Oct 2021)
|
|
|
-- version_win32: use actual version instead of manifested version
|
|
|
-
|
|
|
- - Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
|
|
|
+- curl_share_setopt.3: refer to CURLSHOPT_USERDATA(3) properly
|
|
|
+
|
|
|
+- curl_share_setopt.3: split out options into their own manpages
|
|
|
|
|
|
- Later versions of Windows have normal version functions that compare and
|
|
|
- return versions based on the way the application is manifested, instead
|
|
|
- of the actual version of Windows the application is running on. We
|
|
|
- prefer the actual version of Windows so we'll now call the Rtl variant
|
|
|
- of version functions (RtlVerifyVersionInfo) which does a proper
|
|
|
- comparison of the actual version.
|
|
|
+ CURLSHOPT_LOCKFUNC.3
|
|
|
+ CURLSHOPT_SHARE.3
|
|
|
+ CURLSHOPT_UNLOCKFUNC.3
|
|
|
+ CURLSHOPT_UNSHARE.3
|
|
|
+ CURLSHOPT_USERDATA.3
|
|
|
|
|
|
- Reported-by: Wyatt O'Day
|
|
|
+ Closes #7998
|
|
|
+
|
|
|
+- http_proxy: make Curl_connect_done() work for proxy disabled builds
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7727
|
|
|
+ ... by making it an empty macro then.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7742
|
|
|
- Closes https://github.com/curl/curl/pull/7810
|
|
|
-
|
|
|
-Daniel Stenberg (6 Oct 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Follow-up to f0b7099a10d1a
|
|
|
+ Reported-by: Vincent Grande
|
|
|
+ Fixes #7995
|
|
|
+ Closes #7996
|
|
|
|
|
|
-- http: fix Basic auth with empty name field in URL
|
|
|
+- Curl_connect_done: handle being called twice
|
|
|
|
|
|
- Add test 367 to verify.
|
|
|
+ Follow-up to f0b7099a10d1a7c
|
|
|
|
|
|
- Reported-by: Rick Lane
|
|
|
- Fixes #7819
|
|
|
- Closes #7820
|
|
|
+ When torture testing 1021, it turns out the Curl_connect_done function
|
|
|
+ might be called twice and that previously then wrongly cleared the HTTP
|
|
|
+ pointer in the second invoke.
|
|
|
+
|
|
|
+ Closes #7999
|
|
|
|
|
|
-- [Jeffrey Tolar brought this change]
|
|
|
+- [Stan Hu brought this change]
|
|
|
|
|
|
- CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
|
|
|
-
|
|
|
- ... and close connections that are too old instead of reusing them.
|
|
|
+ configure: don't enable TLS when --without-* flags are used
|
|
|
|
|
|
- By default, this behavior is disabled.
|
|
|
+ Previously specifying `--without-gnutls` would unexpectedly attempt to
|
|
|
+ compile with GnuTLS, effectively interpreting this as
|
|
|
+ `--with-gnutls`. This caused a significant amount of confusion when
|
|
|
+ `libcurl` was built with SSL disabled since GnuTLS wasn't present.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-09/0058.html
|
|
|
- Closes #7751
|
|
|
-
|
|
|
-Daniel Gustafsson (6 Oct 2021)
|
|
|
-- docs/examples: add missing binaries to gitignore
|
|
|
+ 68d89f24 dropped the `--without-*` options from the configure help, but
|
|
|
+ `AC_ARG_WITH` still defines these flags automatically. As
|
|
|
+ https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/External-Software.html
|
|
|
+ describes, the `action-if-given` is called when the user specifies
|
|
|
+ `--with-*` or `--without-*` options.
|
|
|
|
|
|
- Commit f65d7889b added getreferrer, and commit ae8e11ed5 multi-legacy,
|
|
|
- both of which missed adding .gitignore clauses for the built binaries.
|
|
|
+ To prevent this confusion, we make the `--without` flag do the right
|
|
|
+ thing by ignoring the value if it set to "no".
|
|
|
|
|
|
- Closes #7817
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Closes #7994
|
|
|
|
|
|
-Daniel Stenberg (5 Oct 2021)
|
|
|
-- [Josip Medved brought this change]
|
|
|
+- [Rikard Falkeborn brought this change]
|
|
|
|
|
|
- HTTP3: fix the HTTP/3 Explained book link
|
|
|
+ docs/checksrc: Add documentation for STRERROR
|
|
|
|
|
|
- Closes #7813
|
|
|
-
|
|
|
-- [Lucas Holt brought this change]
|
|
|
+ Closes #7991
|
|
|
|
|
|
- misc: fix a few issues on MidnightBSD
|
|
|
+- vtls/rustls: adapt to the updated rustls_version proto
|
|
|
|
|
|
- Closes #7812
|
|
|
+ Closes #7956
|
|
|
|
|
|
-Daniel Gustafsson (4 Oct 2021)
|
|
|
-- [8U61ife brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- tool_main: fix typo in comment
|
|
|
+ vtls/rustls: handle RUSTLS_RESULT_PLAINTEXT_EMPTY
|
|
|
|
|
|
- Closes: #7811
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
+ Previously we'd return CURLE_READ_ERROR if we received this, instead
|
|
|
+ of triggering the error handling logic that's present in the next if
|
|
|
+ block down.
|
|
|
+
|
|
|
+ After this change, curl requests to https://go.googlesource.com using
|
|
|
+ HTTP/2 complete successfully.
|
|
|
+
|
|
|
+ Fixes #7949
|
|
|
+ Closes #7948
|
|
|
|
|
|
-Daniel Stenberg (4 Oct 2021)
|
|
|
-- [Ryan Mast brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- BINDINGS: URL updates
|
|
|
+ zuul: update build environment for rustls-ffi 0.8.0
|
|
|
+
|
|
|
+- [Kevin Burke brought this change]
|
|
|
+
|
|
|
+ vtls/rustls: update to compile with rustls-ffi v0.8.0
|
|
|
|
|
|
- For cpr, BBHTTP, Eiffel, Harbour, Haskell, Mono, and Rust
|
|
|
+ Some method names, as well as the generated library name, were changed
|
|
|
+ in a recent refactoring.
|
|
|
|
|
|
- Closes #7809
|
|
|
-
|
|
|
-- scripts/delta: hide a git error message we don't care about
|
|
|
+ Further, change the default configuration instructions to check for
|
|
|
+ Hyper in either "target/debug" or "target/release" - the latter
|
|
|
+ contains an optimized build configuration.
|
|
|
|
|
|
- fatal: path 'src/tool_listhelp.c' exists on disk, but not in [tag]
|
|
|
+ Fixes #7947
|
|
|
+ Closes #7948
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+ and bump the version to 7.80.1
|
|
|
|
|
|
- sasl: binary messages
|
|
|
+- multi: shut down CONNECT in Curl_detach_connnection
|
|
|
|
|
|
- Capabilities of sasl module are extended to exchange messages in binary
|
|
|
- as an alternative to base64.
|
|
|
+ ... to prevent a lingering pointer that would lead to a double-free.
|
|
|
|
|
|
- If http authentication flags have been set, those are used as sasl
|
|
|
- default preferred mechanisms.
|
|
|
+ Added test 1939 to verify.
|
|
|
|
|
|
- Closes #6930
|
|
|
+ Reported-by: Stephen M. Coakley
|
|
|
+ Fixes #7982
|
|
|
+ Closes #7986
|
|
|
|
|
|
-- [Hayden Roche brought this change]
|
|
|
-
|
|
|
- wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
|
|
|
+- curl_easy_cleanup.3: remove from multi handle first
|
|
|
|
|
|
- Prior to this commit, OpenSSL could be used for all these functions, but
|
|
|
- not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
|
|
|
- is defined.
|
|
|
+ Easy handles that are used by the multi interface should be removed from
|
|
|
+ the multi handle before they are cleaned up.
|
|
|
|
|
|
- Closes #7806
|
|
|
+ Reported-by: Stephen M. Coakley
|
|
|
+ Ref: #7982
|
|
|
+ Closes #7983
|
|
|
|
|
|
-- scripts/delta: count command line options in the new file
|
|
|
+- url.c: fix the SIGPIPE comment for Curl_close
|
|
|
|
|
|
- ... which makes the shown delta number wrong until next release.
|
|
|
+ Closes #7984
|
|
|
+
|
|
|
+Version 7.80.0 (10 Nov 2021)
|
|
|
|
|
|
+Daniel Stenberg (10 Nov 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+ for curl 7.80.0
|
|
|
|
|
|
-- print_category: print help descriptions aligned
|
|
|
+- THANKS: add contributors from the 7.80.0 cycle
|
|
|
+
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: advertise h3 as well as h3-29
|
|
|
|
|
|
- Adjust the description position to make an aligned column when doing
|
|
|
- help listings, which is more pleasing to the eye.
|
|
|
+ Advertise h3 as well as h3-29 since some servers out there require h3
|
|
|
+ for QUIC v1.
|
|
|
|
|
|
- Suggested-by: Gisle Vanem
|
|
|
- Closes #7792
|
|
|
+ Closes #7979
|
|
|
|
|
|
-- lib/mk-ca-bundle.pl: skip certs passed Not Valid After date
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: use QUIC v1 consistently
|
|
|
|
|
|
- With this change applied, the now expired 'DST Root CA X3' cert will no
|
|
|
- longer be included in the output.
|
|
|
+ Since we switched to v1 quic_transport_parameters codepoint in #7960
|
|
|
+ with quictls, lets use QUIC v1 consistently.
|
|
|
|
|
|
- Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
|
|
|
+ Closes #7979
|
|
|
+
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: compile with the latest nghttp3
|
|
|
|
|
|
- Closes #7801
|
|
|
+ Closes #7978
|
|
|
|
|
|
-- tool_listhelp: easier to generate with gen.pl
|
|
|
+Marc Hoersken (9 Nov 2021)
|
|
|
+- tests: add Schannel-specific tests and disable unsupported ones
|
|
|
|
|
|
- tool_listhelp.c is now a separate file with only the command line --help
|
|
|
- output, exactly as generated by gen.pl. This makes it easier to generate
|
|
|
- updates according to what's in the docs/cmdline-opts docs.
|
|
|
+ Adds Schannel variants of SSLpinning tests that include the option
|
|
|
+ --ssl-revoke-best-effort to ignore certificate revocation check
|
|
|
+ failures which is required due to our custom test CA certificate.
|
|
|
|
|
|
- cd $srcroot/docs/cmdline-opts
|
|
|
- ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
|
|
|
+ Disable the original variants if the Schannel backend is enabled.
|
|
|
|
|
|
- With a configure build, this also works:
|
|
|
+ Also skip all IDN tests which are broken while using an msys shell.
|
|
|
|
|
|
- make -C src listhelp
|
|
|
+ This is a step to simplify test exclusions for Windows and MinGW.
|
|
|
|
|
|
- Closes #7787
|
|
|
-
|
|
|
-- [Anthony Hu brought this change]
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7968
|
|
|
|
|
|
- wolfssl: allow setting of groups/curves
|
|
|
-
|
|
|
- In particular, the quantum safe KEM and hybrid curves if wolfSSL is
|
|
|
- built to support them.
|
|
|
+Daniel Stenberg (8 Nov 2021)
|
|
|
+- docs: NAME fixes in easy option man pages
|
|
|
|
|
|
- Closes #7728
|
|
|
+ Closes #7975
|
|
|
|
|
|
-- [Jan Mazur brought this change]
|
|
|
+- [Roger Young brought this change]
|
|
|
|
|
|
- connnect: use sysaddr_un fron sys/un.h or custom-defined for windows
|
|
|
+ ftp: make the MKD retry to retry once per directory
|
|
|
|
|
|
- Closes #7737
|
|
|
-
|
|
|
-Jay Satiro (30 Sep 2021)
|
|
|
-- [Rikard Falkeborn brought this change]
|
|
|
+ Reported-by: Roger Young
|
|
|
+ Fixes #7967
|
|
|
+ Closes #7976
|
|
|
|
|
|
- hostip: Move allocation to clarify there is no memleak
|
|
|
+- tool_operate: reorder code to avoid compiler warning
|
|
|
|
|
|
- By just glancing at the code, it looks like there is a memleak if the
|
|
|
- call to Curl_inet_pton() fails. Looking closer, it is clear that the
|
|
|
- call to Curl_inet_pton() can not fail, so the code will never leak
|
|
|
- memory. However, we can make this obvious by moving the allocation
|
|
|
- after the if-statement.
|
|
|
+ tool_operate.c(889) : warning C4701: potentially uninitialized local
|
|
|
+ variable 'per' use
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7796
|
|
|
+ Follow-up to cc71d352651a0d95
|
|
|
+ Reported-by: Marc Hörsken
|
|
|
+ Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
|
|
|
+ Closes #7971
|
|
|
|
|
|
-Daniel Stenberg (30 Sep 2021)
|
|
|
-- gen.pl: make the output date format work better
|
|
|
+- curl_easy_perform.3: add a para about recv and send data
|
|
|
|
|
|
- Follow-up to 15910dfd143dd
|
|
|
+ Reported-by: Godwin Stewart
|
|
|
+ Fixes #7973
|
|
|
+ Closes #7974
|
|
|
+
|
|
|
+- tool_operate: fclose stream only if fopened
|
|
|
|
|
|
- The previous strftime format used didn't work correctly on Windows, so
|
|
|
- change to %B %d %Y which today looks like "September 29 2021".
|
|
|
+ Fixes torture test failures
|
|
|
+ Follow-up to cc71d352651
|
|
|
|
|
|
- Reported-by: Gisle Vanem
|
|
|
- Bug: #7782
|
|
|
- Closes #7793
|
|
|
+ Closes #7972
|
|
|
|
|
|
-- typecheck-gcc.h: add CURLOPT_PREREQDATA awareness
|
|
|
+- libcurl-easy.3: language polish
|
|
|
+
|
|
|
+- limit-rate.d: this is average over several seconds
|
|
|
|
|
|
- Follow-up to a517378de58358a
|
|
|
-
|
|
|
- To make test 1912 happy again
|
|
|
-
|
|
|
- Closes #7799
|
|
|
+ Closes #7970
|
|
|
|
|
|
-Marcel Raad (29 Sep 2021)
|
|
|
-- configure: remove `HAVE_WINSOCK_H` definition
|
|
|
+- docs: reduce/avoid English contractions
|
|
|
|
|
|
- It's not used anymore.
|
|
|
+ You're => You are
|
|
|
+ Hasn't => Has not
|
|
|
+ Doesn't => Does not
|
|
|
+ Don't => Do not
|
|
|
+ You'll => You will
|
|
|
+ etc
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
+ Closes #7930
|
|
|
|
|
|
-- CMake: remove `HAVE_WINSOCK_H` definition
|
|
|
-
|
|
|
- It's not used anymore.
|
|
|
+- tool_operate: fix torture leaks with etags
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
-
|
|
|
-- config: remove `HAVE_WINSOCK_H` definition
|
|
|
+ Spotted by torture testing 343 344 345 347.
|
|
|
|
|
|
- It's not used anymore.
|
|
|
+ Follow-up from cc71d352651a0
|
|
|
+ Pointed-out-by: Dan Fandrich
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
+ Closes #7969
|
|
|
|
|
|
-- lib: remove `HAVE_WINSOCK_H` usage
|
|
|
-
|
|
|
- WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H`
|
|
|
- instead.
|
|
|
-
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
+- [Amaury Denoyelle brought this change]
|
|
|
|
|
|
-Daniel Stenberg (29 Sep 2021)
|
|
|
-- easyoptions: add the two new PRE* options
|
|
|
+ ngtcp2: support latest QUIC TLS RFC9001
|
|
|
|
|
|
- Follow-up to a517378de58358a
|
|
|
+ QUIC Transport Parameters Extension has been changed between draft-29
|
|
|
+ and latest RFC9001. Most notably, its identifier has been updated from
|
|
|
+ 0xffa5 to 0x0039. The version is selected through the QUIC TLS library
|
|
|
+ via the legacy codepoint.
|
|
|
|
|
|
- Also fix optiontable.pl to do the correct remainder on the entry.
|
|
|
+ Disable the usage of legacy codepoint in curl to switch to latest
|
|
|
+ RFC9001. This is required to be able to keep up with latest QUIC
|
|
|
+ implementations.
|
|
|
|
|
|
- Reported-by: Gisle Vanem
|
|
|
- Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830
|
|
|
- Closes #7791
|
|
|
+ Acked-by: Tatsuhiro Tsujikawa
|
|
|
+ Closes #7960
|
|
|
|
|
|
-- Revert "build: remove checks for WinSock 1"
|
|
|
+- test1173: make manpage-syntax.pl spot \n errors in examples
|
|
|
+
|
|
|
+- man pages: fix backslash-n in examples
|
|
|
|
|
|
- Due to CI issues
|
|
|
+ ... to be proper backslash-backslash-n sequences to render nicely in man
|
|
|
+ and on website.
|
|
|
|
|
|
- This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc.
|
|
|
+ Follow-up to 24155569d8a
|
|
|
+ Reported-by: Sergey Markelov
|
|
|
|
|
|
- Closes #7790
|
|
|
+ Fixes https://github.com/curl/curl-www/issues/163
|
|
|
+ Closes #7962
|
|
|
|
|
|
-Daniel Gustafsson (29 Sep 2021)
|
|
|
-- lib: avoid fallthrough cases in switch statements
|
|
|
+- scripts/release-notes.pl: use out of repo links verbatim in refs
|
|
|
+
|
|
|
+- tool_operate: a failed etag save now only fails that transfer
|
|
|
|
|
|
- Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
|
|
|
- on implicit fallthrough cases, since the current coding of indicating
|
|
|
- fallthrough with comments is falling out of fashion with new compilers.
|
|
|
- This attempts to make the issue smaller by rewriting fallthroughs to no
|
|
|
- longer fallthrough, via either breaking the cases or turning switch
|
|
|
- statements into if statements.
|
|
|
+ When failing to create the output file for saving an etag, only fail
|
|
|
+ that particular single transfer and allow others to follow.
|
|
|
|
|
|
- lib/content_encoding.c: the fallthrough codepath is simply copied
|
|
|
- into the case as it's a single line.
|
|
|
- lib/http_ntlm.c: the fallthrough case skips a state in the state-
|
|
|
- machine and fast-forwards to NTLMSTATE_LAST. Do this before the
|
|
|
- switch statement instead to set up the states that we actually
|
|
|
- want.
|
|
|
- lib/http_proxy.c: the fallthrough is just falling into exiting the
|
|
|
- switch statement which can be done easily enough in the case.
|
|
|
- lib/mime.c: switch statement rewritten as if statement.
|
|
|
- lib/pop3.c: the fallthrough case skips to the next state in the
|
|
|
- statemachine, do this explicitly instead.
|
|
|
- lib/urlapi.c: switch statement rewritten as if statement.
|
|
|
- lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
|
|
|
- machine, do this by running another iteration of the switch
|
|
|
- statement instead.
|
|
|
- lib/vtls/gtls.c: switch statement rewritten as if statement.
|
|
|
- lib/vtls/nss.c: the fallthrough codepath is simply copied into the
|
|
|
- case as it's a single line. Also twiddle a comment to not be
|
|
|
- inside a non-brace if statement.
|
|
|
+ In a serial transfer setup, if no transfer at all is done due to them
|
|
|
+ all being skipped because of this error, curl will output an error
|
|
|
+ message and return exit code 26.
|
|
|
|
|
|
- Closes: #7322
|
|
|
- See-also: #7295
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
-
|
|
|
-Marcel Raad (28 Sep 2021)
|
|
|
-- config-win32ce: enable WinSock 2
|
|
|
+ Added test 369 and 370 to verify.
|
|
|
|
|
|
- WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of
|
|
|
- support since 2013).
|
|
|
+ Reported-by: Earnestly on github
|
|
|
+ Ref: #7942
|
|
|
+ Closes #7945
|
|
|
+
|
|
|
+- [Kevin Burke brought this change]
|
|
|
+
|
|
|
+ .github: retry macos "brew install" command on failure
|
|
|
|
|
|
- Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10)
|
|
|
+ Previously we saw errors attempting to run "brew install", see
|
|
|
+ https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for
|
|
|
+ an example, since this command is idempotent, it is safe to run again.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7778
|
|
|
+ Closes #7955
|
|
|
|
|
|
-- externalsocket: use WinSock 2.2
|
|
|
+- CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred
|
|
|
|
|
|
- That's the only version we support.
|
|
|
+ Ref: https://github.com/curl/curl/discussions/7954
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7778
|
|
|
+ Closes #7957
|
|
|
|
|
|
-- build: remove checks for WinSock 1
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- zuul: pin the quiche build to use an older cmake-rs
|
|
|
|
|
|
- It's not supported anymore.
|
|
|
+ The latest cmake-rs assumes cmake's --parallel works. That was added in
|
|
|
+ cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
|
|
|
+ has cmake 3.10.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7778
|
|
|
+ Fixes #7927
|
|
|
+ Closes #7952
|
|
|
|
|
|
-Daniel Stenberg (28 Sep 2021)
|
|
|
-- scripts/copyright: .muse is .lift now
|
|
|
-
|
|
|
- And update 5 files with old copyright year range
|
|
|
+- [Marc Hoersken brought this change]
|
|
|
|
|
|
-- cmdline-opts: made the 'Added:' field mandatory
|
|
|
+ Revert "src/tool_filetime: disable -Wformat on mingw for this file"
|
|
|
|
|
|
- Since "too old" versions are no longer included in the generated man
|
|
|
- page, this field is now mandatory so that it won't be forgotten and then
|
|
|
- not included in the documentation.
|
|
|
+ This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f.
|
|
|
|
|
|
- Closes #7786
|
|
|
+ Follow up to #6535 as the pragma is obsolete with warnf
|
|
|
+
|
|
|
+ Closes #7941
|
|
|
|
|
|
-- curl.1: remove mentions of really old version changes
|
|
|
+Jay Satiro (2 Nov 2021)
|
|
|
+- schannel: fix memory leak due to failed SSL connection
|
|
|
|
|
|
- To make the man page more readable, this change removes all references
|
|
|
- to changes in support/versions etc that happened before 7.30.0 from the
|
|
|
- curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular
|
|
|
- limit is a bit arbitrary but was fairly easy to grep for.
|
|
|
+ - Call schannel_shutdown if the SSL connection fails.
|
|
|
|
|
|
- It is handled like this: the 'Added' keyword is only used in output if
|
|
|
- it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in
|
|
|
- description will be stripped out if the mentioned $VERSION is from
|
|
|
- before 7.30.0. It is therefore important that the "Added in..."
|
|
|
- references are always written exactly like that - and on a single line,
|
|
|
- not split over two.
|
|
|
+ Prior to this change schannel_shutdown (which shuts down the SSL
|
|
|
+ connection as well as memory cleanup) was not called when the SSL
|
|
|
+ connection failed (eg due to failed handshake).
|
|
|
|
|
|
- This change removes about 80 version number references from curl.1, down
|
|
|
- to 138 from 218.
|
|
|
+ Co-authored-by: Gisle Vanem
|
|
|
|
|
|
- Closes #7786
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Fixes https://github.com/curl/curl/issues/7877
|
|
|
+ Closes https://github.com/curl/curl/pull/7878
|
|
|
|
|
|
-- tool_cb_prg: make resumed upload progress bar show better
|
|
|
+Daniel Stenberg (2 Nov 2021)
|
|
|
+- Curl_updateconninfo: store addresses for QUIC connections too
|
|
|
|
|
|
- This is a regression that was *probably* injected in the larger progress
|
|
|
- bar overhaul in 2018.
|
|
|
+ So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP
|
|
|
+ versions.
|
|
|
|
|
|
- Reported-by: beslick5 on github
|
|
|
- Fixes #7760
|
|
|
- Closes #7777
|
|
|
+ Reported-by: Jerome Mao
|
|
|
+ Fixes #7939
|
|
|
+ Closes #7944
|
|
|
|
|
|
-- gen.pl: insert the current date and version in generated man page
|
|
|
-
|
|
|
- Reported-by: Gisle Vanem
|
|
|
- Ref: #7780
|
|
|
- Closes #7782
|
|
|
+- [Sergio Durigan Junior brought this change]
|
|
|
|
|
|
-- NTLM: use DES_set_key_unchecked with OpenSSL
|
|
|
+ curl.1: fix typos in the manpage
|
|
|
|
|
|
- ... as the previously used function DES_set_key() will in some cases
|
|
|
- reject using a key that it deems "weak" which will cause curl to
|
|
|
- continue using the unitialized buffer content as key instead.
|
|
|
+ s/transfering/transferring/
|
|
|
+ s/transfered/transferred/
|
|
|
|
|
|
- Assisted-by: Harry Sintonen
|
|
|
- Fixes #7779
|
|
|
- Closes #7781
|
|
|
+ Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
|
|
|
+ Closes #7937
|
|
|
|
|
|
-Marc Hoersken (27 Sep 2021)
|
|
|
-- CI: align make and test flags in various config files
|
|
|
+Marc Hoersken (1 Nov 2021)
|
|
|
+- tests/smbserver.py: fix compatibility with impacket 0.9.23+
|
|
|
|
|
|
- 1. Use Makefile target to run tests in autotools builds on AppVeyor.
|
|
|
- 2. Disable testing of SCP protocol on native Windows environments.
|
|
|
- 3. Remove redundant parameters -a -p from target test-nonflaky.
|
|
|
- 4. Don't use -vc parameter which is reserved for debugging.
|
|
|
+ impacket now performs sanity checks if the requested and to
|
|
|
+ be served file path actually is inside the real share path.
|
|
|
|
|
|
- Replaces #7591
|
|
|
- Closes #7690
|
|
|
+ Ref: https://github.com/SecureAuthCorp/impacket/pull/1066
|
|
|
+
|
|
|
+ Fixes #7924
|
|
|
+ Closes #7935
|
|
|
|
|
|
-Daniel Stenberg (27 Sep 2021)
|
|
|
-- mailmap: unify Max!
|
|
|
+Daniel Stenberg (1 Nov 2021)
|
|
|
+- docs: reduce use of "very"
|
|
|
+
|
|
|
+ "Very" should be avoided in most texts. If intensifiers are needed, try
|
|
|
+ find better words instead.
|
|
|
+
|
|
|
+ Closes #7936
|
|
|
|
|
|
-- [Max Dymond brought this change]
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
- CURLOPT_PREREQFUNCTION: add new callback
|
|
|
+ ngtcp2: specify the missing required callback functions
|
|
|
|
|
|
- Triggered before a request is made but after a connection is set up
|
|
|
+ Closes #7929
|
|
|
+
|
|
|
+- CURLOPT_[PROXY]_SSL_CIPHER_LIST.3: bold instead of quote
|
|
|
|
|
|
- Changes:
|
|
|
+ Bold the example ciphers instead of using single quotes, which then also
|
|
|
+ avoids the problem of how to use single quotes when first in a line.
|
|
|
|
|
|
- - callback: Update docs and callback for pre-request callback
|
|
|
- - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
|
|
|
- - Add redirect test and callback failure test
|
|
|
- - Note that the function may be called multiple times on a redirection
|
|
|
- - Disable new 2086 test due to Windows weirdness
|
|
|
+ Also rephrased the pages a little.
|
|
|
|
|
|
- Closes #7477
|
|
|
+ Reported-by: Sergio Durigan Junior
|
|
|
+ Ref: #7928
|
|
|
+ Closes #7934
|
|
|
|
|
|
-- KNOWN_BUGS: HTTP/2 connections through HTTPS proxy frequently stall
|
|
|
+- gen.pl: replace leading single quotes with \(aq
|
|
|
|
|
|
- Closes #6936
|
|
|
+ ... and allow single quotes to be used "normally" in the .d files.
|
|
|
+
|
|
|
+ Makes the output curl.1 use better nroff.
|
|
|
+
|
|
|
+ Reported-by: Sergio Durigan Junior
|
|
|
+ Ref: #7928
|
|
|
+ Closes #7933
|
|
|
|
|
|
-- TODO: make configure use --cache-file more and better
|
|
|
+Marc Hoersken (1 Nov 2021)
|
|
|
+- tests: kill some test servers afterwards to avoid locked logfiles
|
|
|
|
|
|
- Closes #7753
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7925
|
|
|
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
+Daniel Stenberg (1 Nov 2021)
|
|
|
+- smooth-gtk-thread.c: enhance the mutex lock use
|
|
|
+
|
|
|
+ Reported-by: ryancaicse on github
|
|
|
+ Fixes #7926
|
|
|
+ Closes #7931
|
|
|
|
|
|
- urlapi: support UNC paths in file: URLs on Windows
|
|
|
+Marc Hoersken (31 Oct 2021)
|
|
|
+- CI/runtests.pl: restore -u flag, but remove it from CI runs
|
|
|
|
|
|
- - file://host.name/path/file.txt is a valid UNC path
|
|
|
- \\host.name\path\files.txt to a non-local file transformed into URI
|
|
|
- (RFC 8089 Appendix E.3)
|
|
|
+ This makes it possible to use -u again for local testing,
|
|
|
+ but removes the flag from CI config files and make targets.
|
|
|
|
|
|
- - UNC paths on other OSs must be smb: URLs
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7366
|
|
|
+ Partially reverts #7841
|
|
|
+ Closes #7921
|
|
|
|
|
|
-- [Gleb Ivanovsky brought this change]
|
|
|
+Daniel Stenberg (29 Oct 2021)
|
|
|
+- [Jonathan Cardoso Machado brought this change]
|
|
|
|
|
|
- urlapi: add curl_url_strerror()
|
|
|
+ CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required
|
|
|
|
|
|
- Add curl_url_strerror() to convert CURLUcode into readable string and
|
|
|
- facilitate easier troubleshooting in programs using URL API.
|
|
|
- Extend CURLUcode with CURLU_LAST for iteration in unit tests.
|
|
|
- Update man pages with a mention of new function.
|
|
|
- Update example code and tests with new functionality where it fits.
|
|
|
+ Closes #7923
|
|
|
+
|
|
|
+- [Axel Morawietz brought this change]
|
|
|
+
|
|
|
+ imap: display quota information
|
|
|
|
|
|
- Closes #7605
|
|
|
+ Show response to "GETQUOTAROOT INBOX" command.
|
|
|
+
|
|
|
+ Closes #6973
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Mats Lindestam brought this change]
|
|
|
+- [Boris Rasin brought this change]
|
|
|
|
|
|
- libssh2: add SHA256 fingerprint support
|
|
|
-
|
|
|
- Added support for SHA256 fingerprint in command line curl and in
|
|
|
- libcurl.
|
|
|
+ cmake: fix error getting LOCATION property on non-imported target
|
|
|
|
|
|
- Closes #7646
|
|
|
+ Closes #7885
|
|
|
|
|
|
-- libcurl.rc: switch out the copyright symbol for plain ASCII
|
|
|
+- [x2018 brought this change]
|
|
|
+
|
|
|
+ url: check the return value of curl_url()
|
|
|
|
|
|
- Reported-by: Vitaly Varyvdin
|
|
|
- Assisted-by: Viktor Szakats
|
|
|
- Fixes #7765
|
|
|
- Closes #7776
|
|
|
+ Closes #7917
|
|
|
|
|
|
-- [Jun-ya Kato brought this change]
|
|
|
+- [Roy Li brought this change]
|
|
|
|
|
|
- ngtcp2: fix QUIC transport parameter version
|
|
|
+ configure.ac: replace krb5-config with pkg-config
|
|
|
|
|
|
- fix inappropriate version setting for QUIC transport parameters.
|
|
|
- this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29).
|
|
|
+ The rationale is that custom *-config tools don't work well when
|
|
|
+ cross-compiling or using sysroots (such as when using Yocto project) and
|
|
|
+ require custom fixing for each of them; pkg-config on the other hand
|
|
|
+ works similarly everywhere.
|
|
|
|
|
|
- Closes #7771
|
|
|
+ Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
|
|
+ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
|
|
+
|
|
|
+ Closes #7916
|
|
|
|
|
|
-- examples/imap-append: fix end-of-data check
|
|
|
+- test1160: edited to work with hyper
|
|
|
|
|
|
- Reported-by: Alexander Chuykov
|
|
|
- Fixes #7774
|
|
|
- Closes #7775
|
|
|
+ Closes #7912
|
|
|
|
|
|
-Michael Kaufmann (24 Sep 2021)
|
|
|
-- vtls: Fix a memory leak if an SSL session cannot be added to the cache
|
|
|
+- data/DISABLED: enable tests that now work with hyper
|
|
|
|
|
|
- On connection shutdown, a new TLS session ticket may arrive after the
|
|
|
- SSL session cache has already been destructed. In this case, the new
|
|
|
- SSL session cannot be added to the SSL session cache.
|
|
|
+ Closes #7911
|
|
|
+
|
|
|
+- test559: add 'HTTP' in keywords
|
|
|
|
|
|
- The callers of Curl_ssl_addsessionid() need to know whether the SSL
|
|
|
- session has been added to the cache. If it has not been added, the
|
|
|
- reference counter of the SSL session must not be incremented, or memory
|
|
|
- used by the SSL session must be freed. This is now possible with the new
|
|
|
- output parameter "added" of Curl_ssl_addsessionid().
|
|
|
+ Makes it run fine with hyper
|
|
|
|
|
|
- Fixes #7683
|
|
|
- Closes #7752
|
|
|
+ Closes #7911
|
|
|
|
|
|
-Daniel Stenberg (24 Sep 2021)
|
|
|
-- [Momoka Yamamoto brought this change]
|
|
|
+- test552: updated to work with hyper
|
|
|
+
|
|
|
+ Closes #7911
|
|
|
|
|
|
- HTTP3.md: use 'autoreconf -fi' instead of buildconf
|
|
|
+Marc Hoersken (27 Oct 2021)
|
|
|
+- github: fix incomplete permission to label PRs for Hacktoberfest
|
|
|
|
|
|
- buildconf is not used since #5853
|
|
|
+ Unfortunately the GitHub API requires a token with write permission
|
|
|
+ for both issues and pull-requests to edit labels on even just PRs.
|
|
|
|
|
|
- Closes #7746
|
|
|
-
|
|
|
-- GIT-INFO: rephrase to adapt to s/buildconf/autoreconf
|
|
|
-
|
|
|
-- [h1zzz brought this change]
|
|
|
+ Follow up to #7897
|
|
|
|
|
|
- llist: remove redundant code, branch will not be executed
|
|
|
+Daniel Stenberg (27 Oct 2021)
|
|
|
+- opt-manpages: use 'Added in' instead of 'Since'
|
|
|
|
|
|
- Closes #7770
|
|
|
-
|
|
|
-- [tlahn brought this change]
|
|
|
+ Closes #7913
|
|
|
|
|
|
- HTTP-COOKIES.md: remove duplicate 'each'
|
|
|
+Marc Hoersken (27 Oct 2021)
|
|
|
+- github: fix missing permission to label PRs for Hacktoberfest
|
|
|
|
|
|
- Closes #7772
|
|
|
-
|
|
|
-Jay Satiro (24 Sep 2021)
|
|
|
-- [Joel Depooter brought this change]
|
|
|
-
|
|
|
- libssh2: Get the version at runtime if possible
|
|
|
+ Follow up to #7897
|
|
|
|
|
|
- Previously this code used a compile time constant, meaning that libcurl
|
|
|
- always reported the libssh2 version that libcurl was built with. This
|
|
|
- could differ from the libssh2 version actually being used. The new code
|
|
|
- uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
|
|
|
- macro calls the libssh2_version function if it is available, otherwise
|
|
|
- it falls back to the compile time version.
|
|
|
+ Test references to see if permissions are now sufficient:
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7768
|
|
|
-
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+ Closes #7832
|
|
|
+ Closes #7897
|
|
|
|
|
|
- schannel: fix typo
|
|
|
+- CI: more use of test-ci make target and verbose output
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7769
|
|
|
-
|
|
|
-Daniel Stenberg (23 Sep 2021)
|
|
|
-- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
|
|
|
+ Replace test-nonflaky with test-ci and enable verbose output
|
|
|
+ in all remaining CIs except Zuul which is customized a lot.
|
|
|
|
|
|
- To avoid the "... is deprecated" warnings brought by OpenSSL v3.
|
|
|
- (We need to address the underlying code at some point of course.)
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
|
|
|
- Assisted-by: Jakub Zakrzewski
|
|
|
- Closes #7767
|
|
|
+ Follow up to #7785
|
|
|
+ Closes #7832
|
|
|
|
|
|
-- curl-openssl: pass argument to sed single-quoted
|
|
|
+- github: add support for Hacktoberfest using labels
|
|
|
|
|
|
- ... instead of using an escaped double-quote. This is an attempt to make
|
|
|
- this work better with ksh that otherwise would insist on a double
|
|
|
- escape!
|
|
|
+ Automatically add hacktoberfest-accepted label to PRs opened between
|
|
|
+ September 30th and November 1st once a commit with a close reference
|
|
|
+ to it is pushed onto the master branch.
|
|
|
|
|
|
- Reported-by: Randall S. Becker
|
|
|
- Fixes #7758
|
|
|
- Closes #7764
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ With this workflow we can participate in Hacktoberfest while not
|
|
|
+ relying on GitHub to identify PRs as merged due to our rebasing.
|
|
|
|
|
|
- Bumped curlver to 7.80.0-dev
|
|
|
-
|
|
|
-- [a1346054 brought this change]
|
|
|
-
|
|
|
- misc: fix typos in docs and comments
|
|
|
+ Requires hacktoberfest-accepted labels to exist for PRs on the
|
|
|
+ participating repository. Also requires hacktoberfest topic on
|
|
|
+ the participating repository to avoid applying to forked repos.
|
|
|
|
|
|
- No user facing output from curl/libcurl is changed by this, just
|
|
|
- comments.
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7747
|
|
|
-
|
|
|
-- [Thomas M. DuBuisson brought this change]
|
|
|
+ Fixes #7865
|
|
|
+ Closes #7897
|
|
|
|
|
|
- ci: update Lift config to match requirements of curl build
|
|
|
+Daniel Stenberg (27 Oct 2021)
|
|
|
+- http: reject HTTP response codes < 100
|
|
|
|
|
|
- Also renamed Muse -> Lift, the new tool name.
|
|
|
+ ... which then also includes negative ones as test 1430 uses.
|
|
|
|
|
|
- Closes #7761
|
|
|
+ This makes native + hyper backend act identically on this and therefore
|
|
|
+ test 1430 can now be enabled when building with hyper. Adjust test 1431
|
|
|
+ as well.
|
|
|
+
|
|
|
+ Closes #7909
|
|
|
|
|
|
-- [Rikard Falkeborn brought this change]
|
|
|
+- [Kerem Kat brought this change]
|
|
|
|
|
|
- cleanup: constify unmodified static structs
|
|
|
-
|
|
|
- Constify a number of static structs that are never modified. Make them
|
|
|
- const to show this.
|
|
|
+ docs: fix typo in CURLOPT_TRAILERFUNCTION example
|
|
|
|
|
|
- Closes #7759
|
|
|
+ Closes #7910
|
|
|
|
|
|
-Version 7.79.1 (22 Sep 2021)
|
|
|
+- docs/HYPER: remove some remaining issues, add HTTP/0.9 limitation
|
|
|
|
|
|
-Daniel Stenberg (22 Sep 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- configure: when hyper is selected, deselect nghttp2
|
|
|
|
|
|
- curl 7.79.1 release
|
|
|
+ Closes #7908
|
|
|
|
|
|
-- THANKS: added names from the 7.79.1 release
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
-- test897: verify delivery of IMAP post-body header content
|
|
|
+ sendf: accept zero-length data in Curl_client_write()
|
|
|
|
|
|
- The "content" is delivered as "body" by curl, but the envelope continues
|
|
|
- after the body and the rest of it should be delivered as header.
|
|
|
+ Historically, Curl_client_write() used a length value of 0 as a marker
|
|
|
+ for a null-terminated data string. This feature has been removed in
|
|
|
+ commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT
|
|
|
+ statement rejecting a length with value 0 was introduced, effectively
|
|
|
+ precluding use of this function with zero-length data.
|
|
|
|
|
|
- The IMAP server can now get 'POSTFETCH' set to include more data to
|
|
|
- include after the body and test 897 is done to verify that such "extra"
|
|
|
- header data is in fact delivered by curl as header.
|
|
|
+ The current commit removes the DEBUGASSERT and makes the function to
|
|
|
+ return immediately if length is 0.
|
|
|
|
|
|
- Ref: #7284 but fails to reproduce the issue
|
|
|
+ A direct effect is to fix trying to output a zero-length distinguished
|
|
|
+ name in openldap.
|
|
|
|
|
|
- Closes #7748
|
|
|
-
|
|
|
-- KNOWN_BUGS: connection migration doesn't work
|
|
|
+ Another DEBUGASSERT statement is also rephrased for better readability.
|
|
|
|
|
|
- Closes #7695
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7898
|
|
|
|
|
|
-- http: fix the broken >3 digit response code detection
|
|
|
+- hyper: disable test 1294 since hyper doesn't allow such crazy headers
|
|
|
|
|
|
- When the "reason phrase" in the HTTP status line starts with a digit,
|
|
|
- that was treated as the forth response code digit and curl would claim
|
|
|
- the response to be non-compliant.
|
|
|
+ Closes #7905
|
|
|
+
|
|
|
+- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
|
|
|
|
|
|
- Added test 1466 to verify this case.
|
|
|
+ Verified by the enabled test 1288
|
|
|
|
|
|
- Regression brought by 5dc594e44f73b17
|
|
|
- Reported-by: Glenn de boer
|
|
|
- Fixes #7738
|
|
|
- Closes #7739
|
|
|
+ Closes #7905
|
|
|
|
|
|
-Jay Satiro (17 Sep 2021)
|
|
|
-- strerror: use sys_errlist instead of strerror on Windows
|
|
|
-
|
|
|
- - Change Curl_strerror to use sys_errlist[errnum] instead of strerror to
|
|
|
- retrieve the error message on Windows.
|
|
|
+- test1287: make work on hyper
|
|
|
|
|
|
- Windows' strerror writes to a static buffer and is not thread-safe.
|
|
|
+ Closes #7905
|
|
|
+
|
|
|
+- test1266/1267: disabled on hyper: no HTTP/0.9 support
|
|
|
|
|
|
- Follow-up to 2f0bb86 which removed most instances of strerror in favor
|
|
|
- of calling Curl_strerror (which calls strerror_r for other platforms).
|
|
|
+ Closes #7905
|
|
|
+
|
|
|
+Viktor Szakats (25 Oct 2021)
|
|
|
+- Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7685
|
|
|
- Ref: https://github.com/curl/curl/commit/2f0bb86
|
|
|
+ Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled
|
|
|
+ (and then failed with an error when not finding expected OpenSSL headers),
|
|
|
+ but this isn't necessarly true, e.g. when building both libssh2 and curl
|
|
|
+ against Schannel. This patch makes sure to only enable the OpenSSL backend
|
|
|
+ with -libssh2/-rtmp, when there was no SSL option explicitly selected.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7735
|
|
|
-
|
|
|
-Daniel Stenberg (16 Sep 2021)
|
|
|
-- dist: provide lib/.checksrc in the tarball
|
|
|
+ - Re-implement the logic as a single block of script.
|
|
|
+ - Also fix an indentation while there.
|
|
|
|
|
|
- So that debug builds work (checksrc really)
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
|
|
|
- Reported-by: Marcel Raad
|
|
|
- Reported-by: tawmoto on github
|
|
|
- Fixes #7733
|
|
|
- Closes #7734
|
|
|
+ Closes #7895
|
|
|
|
|
|
-- TODO: Improve documentation about fork safety
|
|
|
+Daniel Stenberg (25 Oct 2021)
|
|
|
+- docs: consistent use of "Added in"
|
|
|
|
|
|
- Closes #6968
|
|
|
+ Make them all say "Added in [version]" without using 'curl' or 'libcurl'
|
|
|
+ in that phrase.
|
|
|
|
|
|
-- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
|
|
|
+- man pages: require all to use the same section header order
|
|
|
|
|
|
- ... and have CURLE_ABORTED_BY_CALLBACK returned.
|
|
|
+ This is the same order we already enforce among the options' man pages:
|
|
|
+ consistency is good. Add lots of previously missing examples.
|
|
|
|
|
|
- Extended test 1915 to verify.
|
|
|
+ Adjust the manpage-syntax script for this purpose, used in test 1173.
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Fixes #7726
|
|
|
- Closes #7729
|
|
|
+ Closes #7904
|
|
|
|
|
|
-- test1184: disable
|
|
|
-
|
|
|
- The test should be fine and it works for me repeated when run manually,
|
|
|
- but clearly it causes CI failures and it needs more research.
|
|
|
-
|
|
|
- Reported-by: RiderALT on github
|
|
|
- Fixes #7725
|
|
|
- Closes #7732
|
|
|
+- [David Hu brought this change]
|
|
|
|
|
|
-- Curl_http2_setup: don't change connection data on repeat invokes
|
|
|
+ docs/HTTP3: improve build instructions
|
|
|
|
|
|
- Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
|
|
|
- transfer oriented inits to before the check but also erroneously moved a
|
|
|
- few connection oriented ones, which causes problems.
|
|
|
+ 1. If writing to a system path if the command is not prefixed with
|
|
|
+ `sudo` it will cause a permission denied error
|
|
|
|
|
|
- Reported-by: Evangelos Foutras
|
|
|
- Fixes #7730
|
|
|
- Closes #7731
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ 2. The patched OpenSSL branch has been updated to `openssl-3.0.0+quic`
|
|
|
+ to match upstream OpenSSL version.
|
|
|
|
|
|
- and bump to 7.79.1
|
|
|
-
|
|
|
-Kamil Dudka (16 Sep 2021)
|
|
|
-- tests/sshserver.pl: make it work with openssh-8.7p1
|
|
|
+ 3. We should not disable GnuTLS docs.
|
|
|
|
|
|
- ... by not using options with no argument where an argument is required:
|
|
|
+ Updated some commands about `make install`
|
|
|
|
|
|
- === Start of file tests/log/ssh_server.log
|
|
|
- curl_sshd_config line 6: no argument after keyword "DenyGroups"
|
|
|
- curl_sshd_config line 7: no argument after keyword "AllowGroups"
|
|
|
- curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
|
|
|
- curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
|
|
|
- curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
|
|
|
- curl_sshd_config line 40: Deprecated option RSAAuthentication
|
|
|
- curl_sshd_config line 41: Deprecated option ServerKeyBits
|
|
|
- curl_sshd_config line 45: Deprecated option UseLogin
|
|
|
- curl_sshd_config line 56: no argument after keyword "AcceptEnv"
|
|
|
- curl_sshd_config: terminating, 3 bad configuration options
|
|
|
- === End of file tests/log/ssh_server.log
|
|
|
+ Closes #7842
|
|
|
+
|
|
|
+- [Ricardo Martins brought this change]
|
|
|
+
|
|
|
+ CMake: restore support for SecureTransport on iOS
|
|
|
|
|
|
- === Start of file log/sftp_server.log
|
|
|
- curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
|
|
|
- curl_sftp_config line 34: Unsupported option "rsaauthentication"
|
|
|
- curl_sftp_config line 52: no argument after keyword "sendenv"
|
|
|
- curl_sftp_config: terminating, 1 bad configuration options
|
|
|
- Connection closed.
|
|
|
- Connection closed
|
|
|
- === End of file log/sftp_server.log
|
|
|
+ Restore support for building curl for iOS with SecureTransport enabled.
|
|
|
|
|
|
- Closes #7724
|
|
|
+ Closes #7501
|
|
|
|
|
|
-Daniel Stenberg (15 Sep 2021)
|
|
|
-- hsts: handle unlimited expiry
|
|
|
+- tests: enable more tests with hyper
|
|
|
|
|
|
- When setting a blank expire string, meaning unlimited, curl would pass
|
|
|
- TIME_T_MAX to getime_r() when creating the output, while on 64 bit
|
|
|
- systems such a large value cannot be convetered to a tm struct making
|
|
|
- curl to exit the loop with an error instead. It can't be converted
|
|
|
- because the year it would represent doesn't fit in the 'int tm_year'
|
|
|
- field!
|
|
|
+ Adjusted 1144, 1164 and 1176.
|
|
|
|
|
|
- Starting now, unlimited expiry is instead handled differently by using a
|
|
|
- human readable expiry date spelled out as "unlimited" instead of trying
|
|
|
- to use a distant actual date.
|
|
|
+ Closes #7900
|
|
|
+
|
|
|
+- docs: provide "RETURN VALUE" section for more func manpages
|
|
|
|
|
|
- Test 1660 and 1915 have been updated to help verify this change.
|
|
|
+ Three were missing, one used a non-standard name for the header.
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Fixes #7720
|
|
|
- Closes #7721
|
|
|
+ Closes #7902
|
|
|
|
|
|
-- curl_multi_fdset: make FD_SET() not operate on sockets out of range
|
|
|
+Jay Satiro (25 Oct 2021)
|
|
|
+- curl_multi_socket_action.3: add a "RETURN VALUE" section
|
|
|
|
|
|
- The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
|
|
|
- built to use select(), even though the curl_multi_fdset() function
|
|
|
- always and unconditionally uses FD_SET and needs the check.
|
|
|
+ .. because it may not be immediately clear to the user what
|
|
|
+ curl_multi_socket_action returns.
|
|
|
|
|
|
- Reported-by: 0xee on github
|
|
|
- Fixes #7718
|
|
|
- Closes #7719
|
|
|
+ Ref: https://curl.se/mail/lib-2021-10/0035.html
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7901
|
|
|
|
|
|
-- FAQ: add GOPHERS + curl works on data, not files
|
|
|
+Daniel Stenberg (24 Oct 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-Version 7.79.0 (14 Sep 2021)
|
|
|
+- [Samuel Henrique brought this change]
|
|
|
|
|
|
-Daniel Stenberg (14 Sep 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ tests: use python3 in test 1451
|
|
|
|
|
|
- For the 7.79.0 release
|
|
|
+ This is a continuation of commit ec91b5a69000bea0794bbb3 in which
|
|
|
+ changing this test was missed. There are no other python2 leftovers
|
|
|
+ now.
|
|
|
+
|
|
|
+ Based on a Debian patch originally written by Alessandro Ghedini
|
|
|
+ <ghedo@debian.org>
|
|
|
+
|
|
|
+ Closes #7899
|
|
|
|
|
|
-- THANKS: add contributors from 7.79.0 release cycle
|
|
|
+- [Eddie Lumpkin brought this change]
|
|
|
|
|
|
-- FAQ: add two dev related questions
|
|
|
-
|
|
|
- 8.1 Why does curl use C89?
|
|
|
- 8.2 Will curl be rewritten?
|
|
|
+ lib: fixing comment spelling typos in lib files
|
|
|
|
|
|
- Spell-checked-by: Paul Johnson
|
|
|
- Closes #7715
|
|
|
+ Closes #7894
|
|
|
+ Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
|
|
|
|
|
|
-- zuul.d/jobs: disable three tests for *-openssl-disable-proxy
|
|
|
+- openssl: if verifypeer is not requested, skip the CA loading
|
|
|
|
|
|
- ... as they mysteriously seem to permfail without being related to
|
|
|
- proxy.
|
|
|
+ It was previously done mostly to show a match/non-match in the verbose
|
|
|
+ output even when verification was not asked for. This change skips the
|
|
|
+ loading of the CA certs unless verifypeer is set to save memory and CPU.
|
|
|
|
|
|
- Closes #7714
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes #7892
|
|
|
|
|
|
- ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
|
|
|
+- curl-confopts.m4: remove --enable/disable-hidden-symbols
|
|
|
|
|
|
- If a server pipelines future responses within the STARTTLS response, the
|
|
|
- former are preserved in the pingpong cache across TLS negotiation and
|
|
|
- used as responses to the encrypted commands.
|
|
|
+ These configure options have been saying "deprecated" since 9e24b9c7af
|
|
|
+ (April 2012). It was about time we remove them.
|
|
|
|
|
|
- This fix detects pipelined STARTTLS responses and rejects them with an
|
|
|
- error.
|
|
|
+ Closes #7891
|
|
|
+
|
|
|
+- c-hyper: don't abort CONNECT responses early when auth-in-progress
|
|
|
|
|
|
- CVE-2021-22947
|
|
|
+ ... and make sure to stop ignoring the body once the CONNECT is done.
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22947.html
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ This should make test 206 work proper again and not be flaky.
|
|
|
+
|
|
|
+ Closes #7889
|
|
|
|
|
|
- ftp,imap,pop3: do not ignore --ssl-reqd
|
|
|
+- hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING
|
|
|
|
|
|
- In imap and pop3, check if TLS is required even when capabilities
|
|
|
- request has failed.
|
|
|
+ Simply because hyper doesn't have this ability. Mentioned in docs now.
|
|
|
|
|
|
- In ftp, ignore preauthentication (230 status of server greeting) if TLS
|
|
|
- is required.
|
|
|
+ Skip test 326 then
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22946.html
|
|
|
+ Closes #7889
|
|
|
+
|
|
|
+- test262: don't attempt with hyper
|
|
|
|
|
|
- CVE-2021-22946
|
|
|
+ This test verifies that curl works with binary zeroes in HTTP response
|
|
|
+ headers and hyper refuses such. They're not kosher http.
|
|
|
+
|
|
|
+ Closes #7889
|
|
|
|
|
|
-- [z2_ on hackerone brought this change]
|
|
|
+- c-hyper: make test 217 run
|
|
|
+
|
|
|
+ Closes #7889
|
|
|
|
|
|
- mqtt: clear the leftovers pointer when sending succeeds
|
|
|
+- DISABLED: enable test 209+213 for hyper
|
|
|
|
|
|
- CVE-2021-22945
|
|
|
+ Follow-up to 823d3ab855c
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22945.html
|
|
|
+ Closes #7889
|
|
|
|
|
|
-- zuul: bump the rustls job to use v0.7.2
|
|
|
+- test207: accept a different error code for hyper
|
|
|
|
|
|
- ... and add -lm when using a rust library.
|
|
|
+ It returns HYPERE_UNEXPECTED_EOF for this case which we convert to the
|
|
|
+ somewhat generic CURLE_RECV_ERROR.
|
|
|
|
|
|
- Closes #7701
|
|
|
+ Closes #7889
|
|
|
|
|
|
-- RELEASE-PROCEDURE: add release dates from now to 8.0.0 in 2023
|
|
|
+- [Érico Nogueira brought this change]
|
|
|
|
|
|
-- SECURITY-PROCESS: tweak a little to match current practices
|
|
|
+ INSTALL: update symbol hiding option
|
|
|
|
|
|
- Closes #7713
|
|
|
-
|
|
|
-- http_proxy: fix the User-Agent inclusion in CONNECT
|
|
|
+ --enable-hidden-symbols was deprecated in
|
|
|
+ 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224.
|
|
|
|
|
|
- It should not refer to the uagent string that is allocated and created
|
|
|
- for the end server http request, as that pointer may be cleared on
|
|
|
- subsequent CONNECT requests.
|
|
|
+ Closes #7890
|
|
|
+
|
|
|
+- http_proxy: multiple CONNECT with hyper done better
|
|
|
|
|
|
- Added test case 1184 to verify.
|
|
|
+ Enabled test 206
|
|
|
|
|
|
- Reported-by: T200proX7 on github
|
|
|
- Fixes #7705
|
|
|
- Closes #7707
|
|
|
+ Closes #7888
|
|
|
|
|
|
-- Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
|
|
|
+- hyper: pass the CONNECT line to the debug callback
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Fixes #7710
|
|
|
- Closes #7711
|
|
|
+ Closes #7887
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- mailmap: Malik Idrees Hasan Khan
|
|
|
|
|
|
- ngtcp2: fix build with ngtcp2 and nghttp3
|
|
|
-
|
|
|
- ngtcp2_conn_client_new and nghttp3_conn_client_new are now macros.
|
|
|
- Check the wrapped functions instead.
|
|
|
-
|
|
|
- ngtcp2_stream_close callback now takes flags parameter.
|
|
|
-
|
|
|
- Closes #7709
|
|
|
+Jay Satiro (21 Oct 2021)
|
|
|
+- [Malik Idrees Hasan Khan brought this change]
|
|
|
|
|
|
-- write-out.d: clarify size_download/upload
|
|
|
+ build: fix typos
|
|
|
|
|
|
- They show the number of "body" bytes transfered.
|
|
|
- Fixes #7702
|
|
|
- Closes #7706
|
|
|
+ Closes https://github.com/curl/curl/pull/7886
|
|
|
|
|
|
-- http2: Curl_http2_setup needs to init stream data in all invokes
|
|
|
+- URL-SYNTAX: add IMAP UID SEARCH example
|
|
|
|
|
|
- Thus function was written to avoid doing multiple connection data
|
|
|
- initializations, which is fine, but since it also initiates stream
|
|
|
- related data it is crucial that it doesn't skip those even if called
|
|
|
- again for the same connection. Solved by moving the stream
|
|
|
- initializations before the "doing-it-again" check.
|
|
|
+ - Explain the difference between IMAP search via URL (which returns
|
|
|
+ message sequence numbers) and IMAP search via custom request (which
|
|
|
+ can return UID numbers if prefixed with UID, eg "UID SEARCH ...").
|
|
|
|
|
|
- Reported-by: Inho Oh
|
|
|
- Fixes #7630
|
|
|
- Closes #7692
|
|
|
-
|
|
|
-- url: fix compiler warning in no-verbose builds
|
|
|
+ Bug: https://github.com/curl/curl/issues/7626
|
|
|
+ Reported-by: orycho@users.noreply.github.com
|
|
|
|
|
|
- Follow-up from 2f0bb864c12
|
|
|
+ Ref: https://github.com/curl/curl/issues/2789
|
|
|
|
|
|
- Closes #7700
|
|
|
+ Closes https://github.com/curl/curl/pull/7881
|
|
|
|
|
|
-- non-ascii: fix build errors from strerror fix
|
|
|
-
|
|
|
- Follow-up to 2f0bb864c12
|
|
|
+Daniel Stenberg (20 Oct 2021)
|
|
|
+- manpage: adjust the asterisk in some SYNOPSIS sections
|
|
|
|
|
|
- Closes #7697
|
|
|
+ Closes #7884
|
|
|
|
|
|
-- parse_args: redo the warnings for --remote-header-name combos
|
|
|
+- curl_multi_perform.3: polish wording
|
|
|
|
|
|
- ... to avoid the memory leak risk pointed out by scan-build.
|
|
|
+ - simplify the example by using curl_multi_poll
|
|
|
|
|
|
- Follow-up from 7a3e981781d6c18a
|
|
|
+ - mention curl_multi_add_handle in the text
|
|
|
|
|
|
- Closes #7698
|
|
|
-
|
|
|
-- ngtcp2: adapt to new size defintions upstream
|
|
|
+ - cut out the description of pre-7.20.0 return code behavior - that version
|
|
|
+ is now more than eleven years old and is basically no longer out there
|
|
|
|
|
|
- Reviewed-by: Tatsuhiro Tsujikawa
|
|
|
- Closes #7699
|
|
|
-
|
|
|
-- rustls: add strerror.h include
|
|
|
+ - adjust the "typical usage" to mention curl_multi_poll
|
|
|
|
|
|
- Follow-up to 2f0bb864c12
|
|
|
+ Closes #7883
|
|
|
|
|
|
-- docs: the security list is reached at security at curl.se now
|
|
|
-
|
|
|
- Also update the FAQ section a bit to encourage users to rather submit
|
|
|
- security issues on hackerone than sending email.
|
|
|
-
|
|
|
- Closes #7689
|
|
|
+- docs/THANKS: removed on request
|
|
|
|
|
|
-Marc Hoersken (9 Sep 2021)
|
|
|
-- runtests: add option -u to error on server unexpectedly alive
|
|
|
-
|
|
|
- Let's try to actually handle the server unexpectedly alive
|
|
|
- case by first making them visible on CI builds as failures.
|
|
|
-
|
|
|
- This is needed to detect issues with killing of the test
|
|
|
- servers completely including nested process chains with
|
|
|
- multiple PIDs per test server (including bash and perl).
|
|
|
-
|
|
|
- On Windows/cygwin platforms this is especially helpful with
|
|
|
- debugging PID mixups due to cygwin using its own PID space.
|
|
|
-
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7180
|
|
|
+- FAQ: polish the explanation of libcurl
|
|
|
|
|
|
-Daniel Stenberg (9 Sep 2021)
|
|
|
-- opts docs: unify phrasing in NAME header
|
|
|
-
|
|
|
- - avoid writing "set ..." or "enable/disable ..." or "specify ..."
|
|
|
- *All* options for curl_easy_setopt() are about setting or enabling
|
|
|
- things and most of the existing options didn't use that way of
|
|
|
- description.
|
|
|
-
|
|
|
- - start with lowercase letter, unless abbreviation. For consistency.
|
|
|
-
|
|
|
- - Some additional touch-ups
|
|
|
-
|
|
|
- Closes #7688
|
|
|
+- curl_easy_perform.3: minor wording tweak
|
|
|
|
|
|
-- strerror.h: remove the #include from files not using it
|
|
|
+- [Erik Stenlund brought this change]
|
|
|
|
|
|
-- lib: don't use strerror()
|
|
|
-
|
|
|
- We have and provide Curl_strerror() internally for a reason: strerror()
|
|
|
- is not necessarily thread-safe so we should always try to avoid it.
|
|
|
+ mime: mention CURL_DISABLE_MIME in comment
|
|
|
|
|
|
- Extended checksrc to warn for this, but feature the check disabled by
|
|
|
- default and only enable it in lib/
|
|
|
+ CURL_DISABLE_MIME is not mentioned in the comment describing the if else
|
|
|
+ preprocessor directive.
|
|
|
|
|
|
- Closes #7685
|
|
|
+ Closes #7882
|
|
|
|
|
|
-Daniel Gustafsson (8 Sep 2021)
|
|
|
-- cirrus: Add FreeBSD 13.0 job and disable sanitizer build
|
|
|
-
|
|
|
- As alluded to the in the now removed comment, a 13.0 image became
|
|
|
- available and is now ready to be used.
|
|
|
+- tls: remove newline from three infof() calls
|
|
|
|
|
|
- The sanitizer builds were running on the 12.1 image which since has
|
|
|
- been removed from the config, leaving the builds not running at all.
|
|
|
- When enabled it turns out that they don't actually work due to very
|
|
|
- long timeouts in executing the tests, so keep the disabled for now
|
|
|
- but a bit more controlled.
|
|
|
+ Follow-up to e7416cf
|
|
|
|
|
|
- Closes #7592
|
|
|
-
|
|
|
-Daniel Stenberg (8 Sep 2021)
|
|
|
-- copyrights: update copyright year ranges
|
|
|
+ Reported-by: billionai on github
|
|
|
+ Fixes #7879
|
|
|
+ Closes #7880
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- INTERNALS: c-ares has a new home: c-ares.org
|
|
|
-
|
|
|
-- docs: remove experimental mentions from HSTS and MQTT
|
|
|
+- curl_gssapi: fix build warnings by removing const
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Bug: https://github.com/curl/curl/pull/6700#issuecomment-913792863
|
|
|
- Closes #7681
|
|
|
-
|
|
|
-- [Cao ZhenXiang brought this change]
|
|
|
-
|
|
|
- curl: add warning for incompatible parameters usage
|
|
|
+ Follow-up to 20e980f85b0ea6
|
|
|
|
|
|
- --continue-at - and --remote-header-name are known incompatible parameters
|
|
|
+ In #7875 these inits were modified but I get two warnings that these new
|
|
|
+ typecasts are necessary for.
|
|
|
|
|
|
- Closes #7674
|
|
|
+ Closes #7876
|
|
|
|
|
|
-- [git-bruh brought this change]
|
|
|
+- [Bo Anderson brought this change]
|
|
|
|
|
|
- examples/*hiperfifo.c: fix calloc arguments to match function proto
|
|
|
+ curl_gssapi: fix link error on macOS Monterey
|
|
|
|
|
|
- Closes #7678
|
|
|
+ Fixes #7657
|
|
|
+ Closes #7875
|
|
|
|
|
|
-- INTERNALS: bump c-ares requirement to 1.16.0
|
|
|
+- test1185: verify checksrc
|
|
|
|
|
|
- Since ba904db0705c93 we use ares_getaddrinfo, added in c-ares 1.16.0
|
|
|
+ Closes #7866
|
|
|
|
|
|
-- curl: stop retry if Retry-After: is longer than allowed
|
|
|
-
|
|
|
- If Retry-After: specifies a period that is longer than what fits within
|
|
|
- --retry-max-time, then stop retrying immediately.
|
|
|
+- checksrc: improve the SPACESEMICOLON error message
|
|
|
|
|
|
- Added test 366 to verify.
|
|
|
+ and adjust the MULTISPACE one to use plural
|
|
|
|
|
|
- Reported-by: Kari Pahula
|
|
|
- Fixes #7675
|
|
|
- Closes #7676
|
|
|
-
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+ Closes #7866
|
|
|
|
|
|
- mbedtls: avoid using a large buffer on the stack
|
|
|
+- url: set "k->size" -1 at start of request
|
|
|
|
|
|
- Use dynamic memory allocation for the buffer used in checking "pinned
|
|
|
- public key". The PUB_DER_MAX_BYTES parameter with default settings is
|
|
|
- set to a value greater than 2kB.
|
|
|
+ The size of the transfer is unknown at that point.
|
|
|
|
|
|
- Co-authored-by: Daniel Stenberg
|
|
|
- Closes #7586
|
|
|
+ Fixes #7871
|
|
|
+ Closes #7872
|
|
|
|
|
|
-- configure: make --disable-hsts work
|
|
|
+Daniel Gustafsson (18 Oct 2021)
|
|
|
+- doh: remove experimental code for DoH with GET
|
|
|
|
|
|
- The AC_ARG_ENABLE() macro itself uses a variable called
|
|
|
- 'enable_[option]', so when our script also used a variable with that
|
|
|
- name for the purpose of storing what the user wants, it also
|
|
|
- accidentally made it impossible to switch off the feature with
|
|
|
- --disable-hsts. Fix this by renaming our variable.
|
|
|
+ The code for sending DoH requests with GET was never enabled in a way
|
|
|
+ such that it could be used or tested. As there haven't been requests
|
|
|
+ for this feature, and since it at this is effectively dead, remove it
|
|
|
+ and favor reimplementing the feature in case anyone is interested.
|
|
|
|
|
|
- Reported-by: Michał Antoniak
|
|
|
- Fixes #7669
|
|
|
- Closes #7672
|
|
|
+ Closes #7870
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-Jay Satiro (5 Sep 2021)
|
|
|
-- config.d: note that curlrc is used even when --config
|
|
|
+Daniel Stenberg (18 Oct 2021)
|
|
|
+- cirrus: remove FreeBSD 11.4 from the matrix
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
|
|
|
- Reported-by: Viktor Szakats
|
|
|
+ It has reached End-Of-Life and causes some LDAP CI issues.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7667
|
|
|
-
|
|
|
-Daniel Stenberg (4 Sep 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7869
|
|
|
|
|
|
-- test1173: check references to libcurl options
|
|
|
+- cirrus: switch to openldap24-client
|
|
|
|
|
|
- ... that they refer to actual existing libcurl options.
|
|
|
+ ... as it seems openldap-client doesn't exist anymore.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7656
|
|
|
+ Reported-by: Jay Satiro
|
|
|
+ Fixes #7868
|
|
|
+ Closes #7869
|
|
|
|
|
|
-- CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
|
|
|
+- checksrc: ignore preprocessor lines
|
|
|
|
|
|
- Closes #7656
|
|
|
-
|
|
|
-- opt-docs: verify man page sections + order
|
|
|
-
|
|
|
- In every libcurl option man page there are now 8 mandatory sections that
|
|
|
- must use the right name in the correct order and test 1173 verifies
|
|
|
- this. Only 14 man pages needed adjustments.
|
|
|
+ In order to check the actual code better, checksrc now ignores
|
|
|
+ everything that look like preprocessor instructions. It also means
|
|
|
+ that code in macros are now longer checked.
|
|
|
|
|
|
- The sections and the order is as follows:
|
|
|
+ Note that some rules then still don't need to be followed when code is
|
|
|
+ exactly below a cpp instruction.
|
|
|
|
|
|
- - NAME
|
|
|
- - SYNOPSIS
|
|
|
- - DESCRIPTION
|
|
|
- - PROTOCOLS
|
|
|
- - EXAMPLE
|
|
|
- - AVAILABILITY
|
|
|
- - RETURN VALUE
|
|
|
- - SEE ALSO
|
|
|
+ Removes two checksrc exceptions we needed previously because of
|
|
|
+ preprocessor lines being checked.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7656
|
|
|
+ Reported-by: Marcel Raad
|
|
|
+ Fixes #7863
|
|
|
+ Closes #7864
|
|
|
|
|
|
-- opt-docs: make sure all man pages have examples
|
|
|
+- urlapi: skip a strlen(), pass in zero
|
|
|
|
|
|
- Extended manpage-syntax.pl (run by test 1173) to check that every man
|
|
|
- page for a libcurl option has an EXAMPLE section that is more than two
|
|
|
- lines. Then fixed all errors it found and added examples.
|
|
|
+ ... to let curl_easy_escape() itself do the strlen. This avoids a (false
|
|
|
+ positive) Coverity warning and it avoids us having to store the strlen()
|
|
|
+ return value in an int variable.
|
|
|
|
|
|
Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7656
|
|
|
-
|
|
|
-- get.d: provide more useful examples
|
|
|
-
|
|
|
- Closes #7668
|
|
|
-
|
|
|
-- page-header: add GOPHERS, simplify wording in the 1st para
|
|
|
-
|
|
|
- Closes #7665
|
|
|
+ Closes #7862
|
|
|
|
|
|
-- connect: get local port + ip also when reusing connections
|
|
|
-
|
|
|
- Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
|
|
|
- (connection + easy handle), so this info needs be extracted again even
|
|
|
- for re-used connections.
|
|
|
-
|
|
|
- Add test 435 to verify
|
|
|
-
|
|
|
- Reported-by: Max Dymond
|
|
|
- Fixes #7660
|
|
|
- Closes #7662
|
|
|
+- misc: update copyright years
|
|
|
|
|
|
-Marcel Raad (2 Sep 2021)
|
|
|
-- multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
|
|
|
+- examples/htmltidy: correct wrong printf() use
|
|
|
|
|
|
- `use_wakeup` is unused in this case.
|
|
|
+ ... and update the includes to match how current htmltidy wants them
|
|
|
+ used.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7661
|
|
|
+ Reported-by: Stathis Kapnidis
|
|
|
+ Fixes #7860
|
|
|
+ Closes #7861
|
|
|
|
|
|
-Daniel Stenberg (1 Sep 2021)
|
|
|
-- tests: adjust the tftpd output to work with hyper mode
|
|
|
+Jay Satiro (15 Oct 2021)
|
|
|
+- http: set content length earlier
|
|
|
|
|
|
- By making them look less like http headers, the hyper mode "tweak"
|
|
|
- doesn't interfere.
|
|
|
+ - Make content length (ie download size) accessible to the user in the
|
|
|
+ header callback, but only after all headers have been processed (ie
|
|
|
+ only in the final call to the header callback).
|
|
|
|
|
|
- Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated
|
|
|
- but should be enabled).
|
|
|
+ Background:
|
|
|
|
|
|
- Closes #7658
|
|
|
-
|
|
|
-Daniel Gustafsson (1 Sep 2021)
|
|
|
-- [Gisle Vanem brought this change]
|
|
|
-
|
|
|
- openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
|
|
|
+ For a long time the content length could be retrieved in the header
|
|
|
+ callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
|
|
|
+ by curl.
|
|
|
|
|
|
- This adds support for the previously unhandled supplemental data which
|
|
|
- in -v output was printed like:
|
|
|
+ Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
|
|
|
+ if any transfer encoding is used. A side effect of that was that
|
|
|
+ content length was not set by libcurl until after the header callback
|
|
|
+ was called the final time, because until all headers are processed it
|
|
|
+ cannot be determined if content length is valid.
|
|
|
|
|
|
- TLSv1.2 (IN), TLS header, Unknown (23):
|
|
|
+ This change keeps the same intention --all headers must be processed--
|
|
|
+ but now the content length is available before the final call to the
|
|
|
+ header function that indicates all headers have been processed (ie
|
|
|
+ a blank header).
|
|
|
|
|
|
- These will now be printed with proper annotation:
|
|
|
+ Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
|
|
|
+ Reported-by: sergio-nsk@users.noreply.github.com
|
|
|
|
|
|
- TLSv1.2 (OUT), TLS header, Supplemental data (23):
|
|
|
+ Co-authored-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7652
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Fixes https://github.com/curl/curl/issues/7804
|
|
|
+ Closes https://github.com/curl/curl/pull/7803
|
|
|
|
|
|
-Daniel Stenberg (1 Sep 2021)
|
|
|
-- curl.1: provide examples for each option
|
|
|
-
|
|
|
- The file format for each option now features a "Example:" header that
|
|
|
- can provide one or more examples that get rendered appropriately in the
|
|
|
- output. All options MUST have at least one example or gen.pl complains
|
|
|
- at build-time.
|
|
|
-
|
|
|
- This fix also does a few other minor format and consistency cleanups.
|
|
|
-
|
|
|
- Closes #7654
|
|
|
+Daniel Stenberg (15 Oct 2021)
|
|
|
+- [Abhinav Singh brought this change]
|
|
|
|
|
|
-- progress: make trspeed avoid floats
|
|
|
+ aws-sigv4: make signature work when post data is binary
|
|
|
|
|
|
- and compiler warnings for data conversions.
|
|
|
+ User sets the post fields size for binary data. Hence, we should not be
|
|
|
+ using strlen on it.
|
|
|
|
|
|
- Reported-by: Michał Antoniak
|
|
|
- Fixes #7645
|
|
|
- Closes #7653
|
|
|
+ Added test 1937 and 1938 to verify.
|
|
|
+
|
|
|
+ Closes #7844
|
|
|
|
|
|
-- test365: verify response with chunked AND Content-Length headers
|
|
|
+- [a1346054 brought this change]
|
|
|
|
|
|
-- http: ignore content-length if any transfer-encoding is used
|
|
|
+ MacOSX-Framework: remove redundant ';'
|
|
|
|
|
|
- Fixes #7643
|
|
|
- Closes #7649
|
|
|
+ Closes #7859
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- Revert "http2: skip immediate parsing of payload following protocol switch"
|
|
|
+- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
|
|
|
|
|
|
- This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb.
|
|
|
+ One reason we know it can fail is if a provider is used that doesn't do
|
|
|
+ a proper job or is wrongly configured.
|
|
|
|
|
|
- Reported-by: Tk Xiong
|
|
|
- Fixes #7633
|
|
|
- Closes #7648
|
|
|
+ Reported-by: Michael Baentsch
|
|
|
+ Fixes #7840
|
|
|
+ Closes #7856
|
|
|
|
|
|
-- KNOWN_BUGS: HTTP/3 doesn't support client certs
|
|
|
-
|
|
|
- Closes #7625
|
|
|
+Marcel Raad (14 Oct 2021)
|
|
|
+- [Ryan Mast brought this change]
|
|
|
|
|
|
-- mailing lists: move from cool.haxx.se to lists.haxx.se
|
|
|
+ cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend on it
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7822
|
|
|
|
|
|
-- http_proxy: only wait for writable socket while sending request
|
|
|
+Daniel Stenberg (14 Oct 2021)
|
|
|
+- http: remove assert that breaks hyper
|
|
|
|
|
|
- Otherwise it would wait socket writability even after the entire CONNECT
|
|
|
- request has sent and make curl basically busy-loop while waiting for a
|
|
|
- response to come back.
|
|
|
+ Reported-by: Jay Satiro
|
|
|
+ Fixes #7852
|
|
|
+ Closes #7855
|
|
|
+
|
|
|
+- http_proxy: fix one more result assign for hyper
|
|
|
|
|
|
- The previous fix attempt in #7484 (c27a70a591a4) was inadequate.
|
|
|
+ and remove the bad assert again, since it was run even with no error!
|
|
|
|
|
|
- Reported-by: zloi-user on github
|
|
|
- Reported-by: Oleguer Llopart
|
|
|
- Fixes #7589
|
|
|
- Closes #7647
|
|
|
+ Closes #7854
|
|
|
|
|
|
-- http: disallow >3-digit response codes
|
|
|
+Jay Satiro (14 Oct 2021)
|
|
|
+- sws: fix memory leak on exit
|
|
|
|
|
|
- Make the built-in HTTP parser behave similar to hyper and reject any
|
|
|
- HTTP response using more than 3 digits for the response code.
|
|
|
+ - Free the allocated http request struct on cleanup.
|
|
|
|
|
|
- Updated test 1432 accordingly.
|
|
|
- Enabled test 1432 in the hyper builds.
|
|
|
+ Prior to this change if sws was built with leak sanitizer it would
|
|
|
+ report a memory leak error during testing.
|
|
|
|
|
|
- Closes #7641
|
|
|
-
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7849
|
|
|
|
|
|
- ngtcp2: stop buffering crypto data
|
|
|
+Daniel Stenberg (14 Oct 2021)
|
|
|
+- c-hyper: make Curl_http propagate errors better
|
|
|
|
|
|
- Stop buffering crypto data because libngtcp2 now buffers submitted
|
|
|
- crypto data.
|
|
|
+ Pass on better return codes when errors occur within Curl_http instead
|
|
|
+ of insisting that CURLE_OUT_OF_MEMORY is the only possible one.
|
|
|
|
|
|
- Closes #7637
|
|
|
+ Pointed-out-by: Jay Satiro
|
|
|
+ Closes #7851
|
|
|
|
|
|
-- test1280: CRLFify the response to please hyper
|
|
|
+- http_proxy: make hyper CONNECT() return the correct error code
|
|
|
|
|
|
- Closes #7639
|
|
|
-
|
|
|
-- tests: enable test 1129 for hyper builds
|
|
|
+ For every 'goto error', make sure the result variable holds the error
|
|
|
+ code for what went wrong.
|
|
|
|
|
|
- Closes #7638
|
|
|
+ Reported-by: Rafał Mikrut
|
|
|
+ Fixes #7825
|
|
|
+ Closes #7846
|
|
|
|
|
|
-- curl: better error message when -O fails to get a good name
|
|
|
-
|
|
|
- Due to how this currently works internally, it needs a working initial
|
|
|
- file name to store contents in, so it may still fail even with -J is
|
|
|
- used (and thus accepting a name from content-disposition:) if the file
|
|
|
- name part of the URL isn't "good enough".
|
|
|
+- docs/Makefile.am: repair 'make html'
|
|
|
|
|
|
- Fixes #7628
|
|
|
- Closes #7635
|
|
|
-
|
|
|
-- curl_easy_setopt: tweak the string copy wording
|
|
|
+ by removing index.html which isn't around anymore
|
|
|
|
|
|
- Reported-by: Yaobin Wen
|
|
|
- Fixes #7632
|
|
|
- Closes #7634
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7853
|
|
|
|
|
|
-- [Don J Olmstead brought this change]
|
|
|
+- [Борис Верховский brought this change]
|
|
|
|
|
|
- cmake: sync CURL_DISABLE options
|
|
|
+ curl: correct grammar in generated libcurl code
|
|
|
|
|
|
- Adds the full listing of CURL_DISABLE options to the CMake build. Moves
|
|
|
- all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
|
|
|
- resides near OpenSSL configuration, to the same block of code. Also
|
|
|
- sorts the options here and in the cmake config header.
|
|
|
+ Closes #7802
|
|
|
+
|
|
|
+- tests: disable test 2043
|
|
|
|
|
|
- Additionally sorted the CURL-DISABLE listing and fixed the
|
|
|
- CURL_DISABLE_POP3 option.
|
|
|
+ It uses revoked.badssl.com which now is expired and therefor this now
|
|
|
+ permafails. We should not use external sites for tests, this test should
|
|
|
+ be converted to use our own infra.
|
|
|
|
|
|
- Closes #7624
|
|
|
+ Closes #7845
|
|
|
|
|
|
-Jay Satiro (25 Aug 2021)
|
|
|
-- KNOWN_BUGS: FTPS upload data loss with TLS 1.3
|
|
|
+- runtests: split out ignored tests
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/issues/6149
|
|
|
- Reported-by: Bylon2@users.noreply.github.com
|
|
|
+ Report ignore tests separately from the actual fails.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7623
|
|
|
-
|
|
|
-Daniel Stenberg (24 Aug 2021)
|
|
|
-- cmake: avoid poll() on macOS
|
|
|
+ Don't exit non-zero if test servers couldn't get killed.
|
|
|
|
|
|
- ... like we do in configure builds. Since poll() on macOS is not
|
|
|
- reliable enough.
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
|
|
|
- Reported-by: marc-groundctl
|
|
|
- Fixes #7595
|
|
|
- Closes #7619
|
|
|
+ Fixes #7818
|
|
|
+ Closes #7841
|
|
|
|
|
|
-- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
|
|
|
+- http2: make getsock not wait for write if there's no remote window
|
|
|
|
|
|
- Enable test 1074
|
|
|
+ While uploading, check for remote window availability in the getsock
|
|
|
+ function so that we don't wait for a writable socket if no data can be
|
|
|
+ sent.
|
|
|
|
|
|
- Closes #7617
|
|
|
+ Reported-by: Steini2000 on github
|
|
|
+ Fixes #7821
|
|
|
+ Closes #7839
|
|
|
|
|
|
-- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
|
|
|
-
|
|
|
- Enable test 1130 and 1131
|
|
|
+- test368: verify dash is appended for "-r [num]"
|
|
|
|
|
|
- Closes #7616
|
|
|
+ Follow-up to 8758a26f8878
|
|
|
|
|
|
-- [a1346054 brought this change]
|
|
|
+- [Борис Верховский brought this change]
|
|
|
|
|
|
- tests: be explicit about using 'python3' instead of 'python'
|
|
|
-
|
|
|
- This fixes running tests in virtualenvs (or on distros) that no longer
|
|
|
- have a symlink from python to python2 or python3.
|
|
|
+ curl: actually append "-" to --range without number only
|
|
|
|
|
|
- Closes #7602
|
|
|
-
|
|
|
-- [a1346054 brought this change]
|
|
|
+ Closes #7837
|
|
|
|
|
|
- scripts: invoke interpreters through /usr/bin/env
|
|
|
-
|
|
|
- Closes #7602
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- DISABLED: enable 11 more tests for hyper builds
|
|
|
+- urlapi: URL decode percent-encoded host names
|
|
|
|
|
|
- Closes #7612
|
|
|
-
|
|
|
-- setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
|
|
|
+ The host name is stored decoded and can be encoded when used to extract
|
|
|
+ the full URL. By default when extracting the URL, the host name will not
|
|
|
+ be URL encoded to work as similar as possible as before. When not URL
|
|
|
+ encoding the host name, the '%' character will however still be encoded.
|
|
|
|
|
|
- Since this option is also used for FTP, it needs to work to set for
|
|
|
- applications even if hyper doesn't support it for HTTP. Verified by test
|
|
|
- 1137.
|
|
|
+ Getting the URL with the CURLU_URLENCODE flag set will percent encode
|
|
|
+ the host name part.
|
|
|
|
|
|
- Updated docs to specify that the option doesn't work for HTTP when using
|
|
|
- the hyper backend.
|
|
|
+ As a bonus, setting the host name part with curl_url_set() no longer
|
|
|
+ accepts a name that contains space, CR or LF.
|
|
|
|
|
|
- Closes #7614
|
|
|
-
|
|
|
-- test1138: remove trailing space to make work with hyper
|
|
|
+ Test 1560 has been extended to verify percent encodings.
|
|
|
|
|
|
- Closes #7613
|
|
|
+ Reported-by: Noam Moshe
|
|
|
+ Reported-by: Sharon Brizinov
|
|
|
+ Reported-by: Raul Onitza-Klugman
|
|
|
+ Reported-by: Kirill Efimov
|
|
|
+ Fixes #7830
|
|
|
+ Closes #7834
|
|
|
|
|
|
-- libcurl-errors.3: clarify two CURLUcode errors
|
|
|
+Marc Hoersken (8 Oct 2021)
|
|
|
+- CI/makefiles: introduce dedicated test target
|
|
|
|
|
|
- CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or
|
|
|
- wrong pointers in a generic sense, not just for NULL pointers.
|
|
|
+ Make it easy to use the same set of test flags
|
|
|
+ throughout all current and future CI builds.
|
|
|
|
|
|
Reviewed-by: Jay Satiro
|
|
|
|
|
|
- Ref: #7605
|
|
|
- Closes #7611
|
|
|
+ Follow up to #7690
|
|
|
+ Closes #7785
|
|
|
|
|
|
-Jay Satiro (23 Aug 2021)
|
|
|
-- symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
|
|
|
-
|
|
|
- ... and also change the 'Removed' column name to 'Last' since that
|
|
|
- column is for the last version to contain the symbol.
|
|
|
-
|
|
|
- Closes https://github.com/curl/curl/pull/7609
|
|
|
+Daniel Stenberg (8 Oct 2021)
|
|
|
+- maketgz: redirect updatemanpages.pl output to /dev/null
|
|
|
|
|
|
-Daniel Stenberg (23 Aug 2021)
|
|
|
-- urlapi.c:seturl: assert URL instead of using if-check
|
|
|
+- CURLOPT_HTTPHEADER.3: add descripion for specific headers
|
|
|
|
|
|
- There's no code flow possible where this can happen. The assert makes
|
|
|
- sure it also won't be introduced undetected in the future.
|
|
|
+ Settting Host: or Transfer-Encoding: chunked actually have special
|
|
|
+ meanings to libcurl. This change tries to document them
|
|
|
|
|
|
- Closes #7610
|
|
|
+ Closes #7829
|
|
|
|
|
|
-- curl-openssl.m4: show correct output for OpenSSL v3
|
|
|
+- c-hyper: use hyper_request_set_uri_parts to make h2 better
|
|
|
|
|
|
- Using 3.0.0 versions configure should now show this:
|
|
|
+ and make sure to not send Host: over h2.
|
|
|
|
|
|
- checking for OpenSSL headers version... 3.0.0 - 0x300
|
|
|
- checking for OpenSSL library version... 3.0.0
|
|
|
- checking for OpenSSL headers and library versions matching... yes
|
|
|
+ Fixes #7679
|
|
|
+ Reported-by: David Cook
|
|
|
+ Closes #7827
|
|
|
+
|
|
|
+- [Michael Afanasiev brought this change]
|
|
|
+
|
|
|
+ curl-openssl.m4: modify library order for openssl linking
|
|
|
|
|
|
- This output doesn't actually change what configure generates but is only
|
|
|
- "cosmetic".
|
|
|
+ lcrypto may depend on lz, and configure corrently fails with when
|
|
|
+ statically linking as the order is "-lz -lcrypto". This commit switches
|
|
|
+ the order to "-lcrypto -lz".
|
|
|
|
|
|
- Reported-by: Randall S. Becker
|
|
|
- Fixes #7606
|
|
|
- Closes #7608
|
|
|
+ Closes #7826
|
|
|
|
|
|
-Jay Satiro (22 Aug 2021)
|
|
|
-- mksymbolsmanpage.pl: Fix showing symbol's last used version
|
|
|
+Marcel Raad (7 Oct 2021)
|
|
|
+- sha256: use high-level EVP interface for OpenSSL
|
|
|
|
|
|
- Prior to this change the symbol's deprecated version was erroneously
|
|
|
- shown as its last used version.
|
|
|
+ Available since OpenSSL 0.9.7. The low-level SHA256 interface is
|
|
|
+ deprecated in OpenSSL v3, and its usage was discouraged even before.
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509
|
|
|
- Reported-by: i-ky@users.noreply.github.com
|
|
|
+ Closes https://github.com/curl/curl/pull/7808
|
|
|
|
|
|
-Daniel Stenberg (21 Aug 2021)
|
|
|
-- mksymbolsmanpage.pl: match symbols case insenitively
|
|
|
+- curl_ntlm_core: use OpenSSL only if DES is available
|
|
|
|
|
|
- Follow-up to 4e53b9430c750 which made this bug show.
|
|
|
+ This selects another SSL backend then if available, or otherwise at
|
|
|
+ least gives a meaningful error message.
|
|
|
|
|
|
- Reported-by: i-ky
|
|
|
- Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253
|
|
|
- Closes #7607
|
|
|
+ Closes https://github.com/curl/curl/pull/7808
|
|
|
|
|
|
-- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results
|
|
|
+- md5: fix compilation with OpenSSL 3.0 API
|
|
|
|
|
|
- As this leaks memory otherwise
|
|
|
+ Only use OpenSSL's MD5 code if it's available.
|
|
|
|
|
|
- Follow-up to ba904db0705c931
|
|
|
+ Also fix wolfSSL build with `NO_MD5`, in which case neither the
|
|
|
+ wolfSSL/OpenSSL implementation nor the fallback implementation was
|
|
|
+ used.
|
|
|
|
|
|
- Closes #7599
|
|
|
-
|
|
|
-- [Ehren Bendler brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7808
|
|
|
|
|
|
- wolfssl: clean up wolfcrypt error queue
|
|
|
+Daniel Stenberg (7 Oct 2021)
|
|
|
+- print_category: printf %*s needs an int argument
|
|
|
|
|
|
- If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
|
|
|
- queue gets added on to for each session and never freed. Fix it by
|
|
|
- calling ERR_clear_error() like in vtls/openssl when needed. This func is
|
|
|
- a no-op in wolfcrypt if the error queue is not enabled.
|
|
|
+ ... not a size_t!
|
|
|
|
|
|
- Closes #7594
|
|
|
+ Detected by Coverity: CID 1492331.
|
|
|
+ Closes #7823
|
|
|
|
|
|
-- man pages: remove trailing whitespaces
|
|
|
+Jay Satiro (7 Oct 2021)
|
|
|
+- version_win32: use actual version instead of manifested version
|
|
|
|
|
|
- Extended test 1173 (via the manpage-syntax.pl script) to detect and warn
|
|
|
- for them.
|
|
|
+ - Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
|
|
|
|
|
|
- Ref: #7602
|
|
|
- Reported-by: a1346054 on github
|
|
|
- Closes #7604
|
|
|
-
|
|
|
-- mailmap: add Gleb Ivanovsky
|
|
|
-
|
|
|
-- config.d: escape the backslash properly
|
|
|
+ Later versions of Windows have normal version functions that compare and
|
|
|
+ return versions based on the way the application is manifested, instead
|
|
|
+ of the actual version of Windows the application is running on. We
|
|
|
+ prefer the actual version of Windows so we'll now call the Rtl variant
|
|
|
+ of version functions (RtlVerifyVersionInfo) which does a proper
|
|
|
+ comparison of the actual version.
|
|
|
|
|
|
- Closes #7603
|
|
|
+ Reported-by: Wyatt O'Day
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/pull/7727
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/7742
|
|
|
+ Closes https://github.com/curl/curl/pull/7810
|
|
|
|
|
|
-- [Don J Olmstead brought this change]
|
|
|
+Daniel Stenberg (6 Oct 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- curl_setup.h: sync values for HTTP_ONLY
|
|
|
+- http: fix Basic auth with empty name field in URL
|
|
|
|
|
|
- The values for HTTP_ONLY differed between CMakeLists.txt and
|
|
|
- curl_setup.h. Sync them and sort the values in curl_setup.h to make it
|
|
|
- easier to spot differences.
|
|
|
+ Add test 367 to verify.
|
|
|
|
|
|
- Closes #7601
|
|
|
+ Reported-by: Rick Lane
|
|
|
+ Fixes #7819
|
|
|
+ Closes #7820
|
|
|
|
|
|
-Jay Satiro (21 Aug 2021)
|
|
|
-- configure: set classic mingw minimum OS version to XP
|
|
|
-
|
|
|
- - If the user has not specified a minimum OS version (via WINVER or
|
|
|
- _WIN32_WINNT macros) then set it to Windows XP.
|
|
|
+- [Jeffrey Tolar brought this change]
|
|
|
+
|
|
|
+ CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
|
|
|
|
|
|
- Prior to this change classic MinGW defaulted the minimum OS version
|
|
|
- to Windows NT 4.0 which is way too old. At least Windows XP is needed
|
|
|
- for getaddrinfo (which resolves hostnames to IPv6 addresses).
|
|
|
+ ... and close connections that are too old instead of reusing them.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034
|
|
|
+ By default, this behavior is disabled.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7581
|
|
|
+ Bug: https://curl.se/mail/lib-2021-09/0058.html
|
|
|
+ Closes #7751
|
|
|
|
|
|
-- schannel: Work around typo in classic mingw macro
|
|
|
-
|
|
|
- - Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH.
|
|
|
-
|
|
|
- Prior to this change there was an incomplete fix to ignore the
|
|
|
- CALG_TLS1PRF macro on those versions of MinGW where it uses the
|
|
|
- ALG_CLASS_DHASH typoed macro.
|
|
|
+Daniel Gustafsson (6 Oct 2021)
|
|
|
+- docs/examples: add missing binaries to gitignore
|
|
|
|
|
|
- Ref: 48cf45c
|
|
|
- Ref: https://osdn.net/projects/mingw/ticket/38391
|
|
|
- Ref: https://github.com/curl/curl/issues/2924
|
|
|
+ Commit f65d7889b added getreferrer, and commit ae8e11ed5 multi-legacy,
|
|
|
+ both of which missed adding .gitignore clauses for the built binaries.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7580
|
|
|
+ Closes #7817
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-Daniel Stenberg (20 Aug 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+Daniel Stenberg (5 Oct 2021)
|
|
|
+- [Josip Medved brought this change]
|
|
|
|
|
|
-- http_proxy: fix user-agent and custom headers for CONNECT with hyper
|
|
|
-
|
|
|
- Enable test 287
|
|
|
+ HTTP3: fix the HTTP/3 Explained book link
|
|
|
|
|
|
- Closes #7598
|
|
|
+ Closes #7813
|
|
|
|
|
|
-- c-hyper: initial support for "dumping" 1xx HTTP responses
|
|
|
+- [Lucas Holt brought this change]
|
|
|
+
|
|
|
+ misc: fix a few issues on MidnightBSD
|
|
|
|
|
|
- With the use hyper_request_on_informational()
|
|
|
-
|
|
|
- Enable test 155 and 158
|
|
|
-
|
|
|
- Closes #7597
|
|
|
+ Closes #7812
|
|
|
|
|
|
-Marc Hoersken (18 Aug 2021)
|
|
|
-- tests/*server.pl: flush output before executing subprocess
|
|
|
-
|
|
|
- Also avoid shell processes staying around by using exec.
|
|
|
- This is necessary to avoid output data being buffering
|
|
|
- inside the process chain of Perl, Bash/Shell and our
|
|
|
- test server binaries. On non-Windows systems the exec
|
|
|
- will also make the subprocess replace the intermediate
|
|
|
- shell, but on Windows it will at least bind the processes
|
|
|
- together since there is no real fork or exec available.
|
|
|
-
|
|
|
- See: https://cygwin.com/cygwin-ug-net/highlights.html
|
|
|
- and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions
|
|
|
- Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010
|
|
|
-
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Closes #7530
|
|
|
+Daniel Gustafsson (4 Oct 2021)
|
|
|
+- [8U61ife brought this change]
|
|
|
|
|
|
-- CI: use GitHub Container Registry instead of Docker Hub
|
|
|
-
|
|
|
- Avoid limits on Docker Hub and improve image pull/download speed.
|
|
|
+ tool_main: fix typo in comment
|
|
|
|
|
|
- Closes #7587
|
|
|
+ Closes: #7811
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-Daniel Stenberg (18 Aug 2021)
|
|
|
-- openssl: when creating a new context, there cannot be an old one
|
|
|
+Daniel Stenberg (4 Oct 2021)
|
|
|
+- [Ryan Mast brought this change]
|
|
|
+
|
|
|
+ BINDINGS: URL updates
|
|
|
|
|
|
- Remove the previous handling that would call SSL_CTX_free(), and instead
|
|
|
- add an assert that halts a debug build if there ever is a context
|
|
|
- already set at this point.
|
|
|
+ For cpr, BBHTTP, Eiffel, Harbour, Haskell, Mono, and Rust
|
|
|
|
|
|
- Closes #7585
|
|
|
+ Closes #7809
|
|
|
|
|
|
-Jay Satiro (18 Aug 2021)
|
|
|
-- KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend
|
|
|
+- scripts/delta: hide a git error message we don't care about
|
|
|
|
|
|
- Closes https://github.com/curl/curl/issues/6785
|
|
|
+ fatal: path 'src/tool_listhelp.c' exists on disk, but not in [tag]
|
|
|
|
|
|
-Viktor Szakats (17 Aug 2021)
|
|
|
-- docs/BINDINGS: URL update
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
-Marc Hoersken (17 Aug 2021)
|
|
|
-- tests/server/*.c: align handling of portfile argument and file
|
|
|
+ sasl: binary messages
|
|
|
|
|
|
- 1. Call the internal variable portname (like pidname) everywhere.
|
|
|
- 2. Have a variable wroteportfile (like wrotepidfile) everywhere.
|
|
|
- 3. Make sure the file is cleaned up on exit (like pidfile).
|
|
|
- 4. Add parameter --portfile to usage outputs everywhere.
|
|
|
+ Capabilities of sasl module are extended to exchange messages in binary
|
|
|
+ as an alternative to base64.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ If http authentication flags have been set, those are used as sasl
|
|
|
+ default preferred mechanisms.
|
|
|
|
|
|
- Replaces #7523
|
|
|
- Closes #7574
|
|
|
+ Closes #6930
|
|
|
|
|
|
-Daniel Gustafsson (17 Aug 2021)
|
|
|
-- KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS
|
|
|
-
|
|
|
- Fixes a set of typos found in section 11.3.
|
|
|
+- [Hayden Roche brought this change]
|
|
|
|
|
|
-Daniel Stenberg (17 Aug 2021)
|
|
|
-- getparameter: fix the --local-port number parser
|
|
|
+ wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
|
|
|
|
|
|
- It could previously get tricked into parsing the uninitialized stack
|
|
|
- based buffer.
|
|
|
+ Prior to this commit, OpenSSL could be used for all these functions, but
|
|
|
+ not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
|
|
|
+ is defined.
|
|
|
|
|
|
- Reported-by: Brian Carpenter
|
|
|
- Closes #7582
|
|
|
+ Closes #7806
|
|
|
|
|
|
-- KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit
|
|
|
+- scripts/delta: count command line options in the new file
|
|
|
|
|
|
- Closes #7048
|
|
|
+ ... which makes the shown delta number wrong until next release.
|
|
|
|
|
|
-- [Jan Verbeek brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- curl: add warning for ignored data after quoted form parameter
|
|
|
+- print_category: print help descriptions aligned
|
|
|
|
|
|
- In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
|
|
|
- is ignored. This adds a warning if the ignored data isn't all
|
|
|
- whitespace.
|
|
|
+ Adjust the description position to make an aligned column when doing
|
|
|
+ help listings, which is more pleasing to the eye.
|
|
|
|
|
|
- Closes #7394
|
|
|
+ Suggested-by: Gisle Vanem
|
|
|
+ Closes #7792
|
|
|
|
|
|
-Jay Satiro (17 Aug 2021)
|
|
|
-- codeql: fix error "Resource not accessible by integration"
|
|
|
-
|
|
|
- - Enable codeql writing security-events.
|
|
|
+- lib/mk-ca-bundle.pl: skip certs passed Not Valid After date
|
|
|
|
|
|
- GitHub set the default permissions to read, apparently since earlier
|
|
|
- this year.
|
|
|
+ With this change applied, the now expired 'DST Root CA X3' cert will no
|
|
|
+ longer be included in the output.
|
|
|
|
|
|
- Ref: https://github.com/github/codeql-action/issues/464
|
|
|
- Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
|
|
|
+ Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7575
|
|
|
- Closes https://github.com/curl/curl/pull/7576
|
|
|
+ Closes #7801
|
|
|
|
|
|
-- tool_operate: Fix --fail-early with parallel transfers
|
|
|
+- tool_listhelp: easier to generate with gen.pl
|
|
|
|
|
|
- - Abort via progress callback to fail early during parallel transfers.
|
|
|
+ tool_listhelp.c is now a separate file with only the command line --help
|
|
|
+ output, exactly as generated by gen.pl. This makes it easier to generate
|
|
|
+ updates according to what's in the docs/cmdline-opts docs.
|
|
|
|
|
|
- When a critical error occurs during a transfer (eg --fail-early
|
|
|
- constraint) then other running transfers will be aborted via progress
|
|
|
- callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this
|
|
|
- case, the callback error does not become the most recent error and a
|
|
|
- custom error message is used for those transfers:
|
|
|
+ cd $srcroot/docs/cmdline-opts
|
|
|
+ ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
|
|
|
|
|
|
- curld --fail --fail-early --parallel
|
|
|
- https://httpbin.org/status/404 https://httpbin.org/delay/10
|
|
|
+ With a configure build, this also works:
|
|
|
|
|
|
- curl: (22) The requested URL returned error: 404
|
|
|
- curl: (42) Transfer aborted due to critical error in another transfer
|
|
|
+ make -C src listhelp
|
|
|
|
|
|
- > echo %ERRORLEVEL%
|
|
|
- 22
|
|
|
+ Closes #7787
|
|
|
+
|
|
|
+- [Anthony Hu brought this change]
|
|
|
+
|
|
|
+ wolfssl: allow setting of groups/curves
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/6939
|
|
|
- Closes https://github.com/curl/curl/pull/6984
|
|
|
+ In particular, the quantum safe KEM and hybrid curves if wolfSSL is
|
|
|
+ built to support them.
|
|
|
+
|
|
|
+ Closes #7728
|
|
|
|
|
|
-Daniel Stenberg (17 Aug 2021)
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
+- [Jan Mazur brought this change]
|
|
|
|
|
|
- sectransp: support CURLINFO_CERTINFO
|
|
|
+ connnect: use sysaddr_un fron sys/un.h or custom-defined for windows
|
|
|
|
|
|
- Fixes #4130
|
|
|
- Closes #7372
|
|
|
+ Closes #7737
|
|
|
|
|
|
-- ngtcp2: remove the acked_crypto_offset struct field init
|
|
|
+Jay Satiro (30 Sep 2021)
|
|
|
+- [Rikard Falkeborn brought this change]
|
|
|
+
|
|
|
+ hostip: Move allocation to clarify there is no memleak
|
|
|
|
|
|
- ... as it is gone from the API upstream.
|
|
|
+ By just glancing at the code, it looks like there is a memleak if the
|
|
|
+ call to Curl_inet_pton() fails. Looking closer, it is clear that the
|
|
|
+ call to Curl_inet_pton() can not fail, so the code will never leak
|
|
|
+ memory. However, we can make this obvious by moving the allocation
|
|
|
+ after the if-statement.
|
|
|
|
|
|
- Closes #7578
|
|
|
+ Closes https://github.com/curl/curl/pull/7796
|
|
|
|
|
|
-- misc: update incorrect copyright year ranges
|
|
|
+Daniel Stenberg (30 Sep 2021)
|
|
|
+- gen.pl: make the output date format work better
|
|
|
|
|
|
- Closes #7577
|
|
|
-
|
|
|
-- KNOWN_BUGS: HTTP/3 quiche upload large file fails
|
|
|
+ Follow-up to 15910dfd143dd
|
|
|
|
|
|
- Closes #7532
|
|
|
-
|
|
|
-- KNOWN_BUGS: CMake build with MIT Kerberos does not work
|
|
|
+ The previous strftime format used didn't work correctly on Windows, so
|
|
|
+ change to %B %d %Y which today looks like "September 29 2021".
|
|
|
|
|
|
- Closes #6904
|
|
|
+ Reported-by: Gisle Vanem
|
|
|
+ Bug: #7782
|
|
|
+ Closes #7793
|
|
|
|
|
|
-- TODO: add asynch getaddrinfo support
|
|
|
+- typecheck-gcc.h: add CURLOPT_PREREQDATA awareness
|
|
|
|
|
|
- Closes #6746
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- [Artur Sinila brought this change]
|
|
|
-
|
|
|
- http2: revert call the handle-closed function correctly on closed stream
|
|
|
+ Follow-up to a517378de58358a
|
|
|
|
|
|
- Reverts 252790c5335a221
|
|
|
+ To make test 1912 happy again
|
|
|
|
|
|
- Assisted-by: Gergely Nagy
|
|
|
- Fixes #7400
|
|
|
- Closes #7525
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes #7799
|
|
|
|
|
|
- auth: do not append zero-terminator to authorisation id in kerberos
|
|
|
+Marcel Raad (29 Sep 2021)
|
|
|
+- configure: remove `HAVE_WINSOCK_H` definition
|
|
|
|
|
|
- RFC4752 Section 3.1 states "The authorization identity is not terminated
|
|
|
- with a zero-valued (%x00) octet". Although a comment in code said it may
|
|
|
- be needed anyway, nothing confirms it. In addition, servers may consider
|
|
|
- it as part of the identity, causing a failure.
|
|
|
+ It's not used anymore.
|
|
|
|
|
|
- Closes #7008
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
- auth: use sasl authzid option in kerberos
|
|
|
+- CMake: remove `HAVE_WINSOCK_H` definition
|
|
|
|
|
|
- ... instead of deriving it from active ticket.
|
|
|
- Closes #7008
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
-
|
|
|
- auth: we do not support a security layer after kerberos authentication
|
|
|
+ It's not used anymore.
|
|
|
|
|
|
- Closes #7008
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
- auth: properly handle byte order in kerberos security message
|
|
|
+- config: remove `HAVE_WINSOCK_H` definition
|
|
|
|
|
|
- Closes #7008
|
|
|
-
|
|
|
-- [z2_ brought this change]
|
|
|
-
|
|
|
- x509asn1: fix heap over-read when parsing x509 certificates
|
|
|
+ It's not used anymore.
|
|
|
|
|
|
- Assisted-by: Patrick Monnerat
|
|
|
- Closes #7536
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
-- KNOWN_BUGS: Disconnects don't do verbose
|
|
|
+- lib: remove `HAVE_WINSOCK_H` usage
|
|
|
|
|
|
- Closes #6995
|
|
|
-
|
|
|
-- mailmap: fixup Michał Antoniak
|
|
|
-
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+ WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H`
|
|
|
+ instead.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
- build: fix compiler warnings
|
|
|
+Daniel Stenberg (29 Sep 2021)
|
|
|
+- easyoptions: add the two new PRE* options
|
|
|
|
|
|
- For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both
|
|
|
- active.
|
|
|
+ Follow-up to a517378de58358a
|
|
|
|
|
|
- - socks.c : warning C4100: 'lineno': unreferenced formal parameter
|
|
|
- (co-authored by Daniel Stenberg)
|
|
|
+ Also fix optiontable.pl to do the correct remainder on the entry.
|
|
|
|
|
|
- - mbedtls.c: warning C4189: 'port': local variable is initialized but
|
|
|
- not referenced
|
|
|
+ Reported-by: Gisle Vanem
|
|
|
+ Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830
|
|
|
+ Closes #7791
|
|
|
+
|
|
|
+- Revert "build: remove checks for WinSock 1"
|
|
|
|
|
|
- - schannel.c: warning C4189: 'hostname': local variable is initialized
|
|
|
- but not referenced
|
|
|
+ Due to CI issues
|
|
|
|
|
|
- Cloes #7528
|
|
|
-
|
|
|
-- [Gleb Ivanovsky brought this change]
|
|
|
+ This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc.
|
|
|
+
|
|
|
+ Closes #7790
|
|
|
|
|
|
- CODE_STYLE-md: fix bold font style
|
|
|
+Daniel Gustafsson (29 Sep 2021)
|
|
|
+- lib: avoid fallthrough cases in switch statements
|
|
|
|
|
|
- Markdown gets confused with abundance of asterisks, so use underscores
|
|
|
- instead.
|
|
|
+ Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
|
|
|
+ on implicit fallthrough cases, since the current coding of indicating
|
|
|
+ fallthrough with comments is falling out of fashion with new compilers.
|
|
|
+ This attempts to make the issue smaller by rewriting fallthroughs to no
|
|
|
+ longer fallthrough, via either breaking the cases or turning switch
|
|
|
+ statements into if statements.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7569
|
|
|
-
|
|
|
-- [Gleb Ivanovsky brought this change]
|
|
|
-
|
|
|
- CODE_STYLE-md: add missing comma
|
|
|
+ lib/content_encoding.c: the fallthrough codepath is simply copied
|
|
|
+ into the case as it's a single line.
|
|
|
+ lib/http_ntlm.c: the fallthrough case skips a state in the state-
|
|
|
+ machine and fast-forwards to NTLMSTATE_LAST. Do this before the
|
|
|
+ switch statement instead to set up the states that we actually
|
|
|
+ want.
|
|
|
+ lib/http_proxy.c: the fallthrough is just falling into exiting the
|
|
|
+ switch statement which can be done easily enough in the case.
|
|
|
+ lib/mime.c: switch statement rewritten as if statement.
|
|
|
+ lib/pop3.c: the fallthrough case skips to the next state in the
|
|
|
+ statemachine, do this explicitly instead.
|
|
|
+ lib/urlapi.c: switch statement rewritten as if statement.
|
|
|
+ lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
|
|
|
+ machine, do this by running another iteration of the switch
|
|
|
+ statement instead.
|
|
|
+ lib/vtls/gtls.c: switch statement rewritten as if statement.
|
|
|
+ lib/vtls/nss.c: the fallthrough codepath is simply copied into the
|
|
|
+ case as it's a single line. Also twiddle a comment to not be
|
|
|
+ inside a non-brace if statement.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7570
|
|
|
-
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+ Closes: #7322
|
|
|
+ See-also: #7295
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
- examples/ephiperfifo.c: simplify signal handler
|
|
|
+Marcel Raad (28 Sep 2021)
|
|
|
+- config-win32ce: enable WinSock 2
|
|
|
|
|
|
- The signal handler registered for SIGINT is only handling SIGINT
|
|
|
- so there isn't much need for inspecting the signo. While there,
|
|
|
- rename the handler to be more specific.
|
|
|
+ WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of
|
|
|
+ support since 2013).
|
|
|
|
|
|
- g_should_exit should really be of sig_atomic_t type, but relying
|
|
|
- on autoconf in the examples seems like a bad idea so keep that
|
|
|
- for now.
|
|
|
+ Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10)
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7310
|
|
|
+ Closes https://github.com/curl/curl/pull/7778
|
|
|
|
|
|
-- c-hyper: initial step for 100-continue support
|
|
|
+- externalsocket: use WinSock 2.2
|
|
|
|
|
|
- Enabled test 154
|
|
|
+ That's the only version we support.
|
|
|
|
|
|
- Closes #7568
|
|
|
-
|
|
|
-- [Ikko Ashimine brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7778
|
|
|
|
|
|
- vtls: fix typo in schannel_verify.c
|
|
|
+- build: remove checks for WinSock 1
|
|
|
|
|
|
- occurence -> occurrence
|
|
|
+ It's not supported anymore.
|
|
|
|
|
|
- Closes #7566
|
|
|
+ Closes https://github.com/curl/curl/pull/7778
|
|
|
|
|
|
-- [Emil Engler brought this change]
|
|
|
+Daniel Stenberg (28 Sep 2021)
|
|
|
+- scripts/copyright: .muse is .lift now
|
|
|
+
|
|
|
+ And update 5 files with old copyright year range
|
|
|
|
|
|
- curl_url_get.3: clarify about path and query
|
|
|
+- cmdline-opts: made the 'Added:' field mandatory
|
|
|
|
|
|
- The current man-page lacks some details regarding the obtained path and
|
|
|
- query.
|
|
|
+ Since "too old" versions are no longer included in the generated man
|
|
|
+ page, this field is now mandatory so that it won't be forgotten and then
|
|
|
+ not included in the documentation.
|
|
|
|
|
|
- Closes #7563
|
|
|
+ Closes #7786
|
|
|
|
|
|
-- c-hyper: fix header value passed to debug callback
|
|
|
+- curl.1: remove mentions of really old version changes
|
|
|
|
|
|
- Closes #7567
|
|
|
-
|
|
|
-Viktor Szakats (12 Aug 2021)
|
|
|
-- cleanup: URL updates
|
|
|
+ To make the man page more readable, this change removes all references
|
|
|
+ to changes in support/versions etc that happened before 7.30.0 from the
|
|
|
+ curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular
|
|
|
+ limit is a bit arbitrary but was fairly easy to grep for.
|
|
|
|
|
|
- - replace broken URL with the one it was most probably pointing to
|
|
|
- when added (lib/tftp.c)
|
|
|
- - replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
|
|
|
- - delete unnecessary protocol designator from archive.org URL
|
|
|
- (docs/BINDINGS.md)
|
|
|
+ It is handled like this: the 'Added' keyword is only used in output if
|
|
|
+ it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in
|
|
|
+ description will be stripped out if the mentioned $VERSION is from
|
|
|
+ before 7.30.0. It is therefore important that the "Added in..."
|
|
|
+ references are always written exactly like that - and on a single line,
|
|
|
+ not split over two.
|
|
|
|
|
|
- Closes #7562
|
|
|
+ This change removes about 80 version number references from curl.1, down
|
|
|
+ to 138 from 218.
|
|
|
+
|
|
|
+ Closes #7786
|
|
|
|
|
|
-Daniel Stenberg (12 Aug 2021)
|
|
|
-- [April King brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- DEPRECATE.md: linkify curl-library mailing list
|
|
|
+- tool_cb_prg: make resumed upload progress bar show better
|
|
|
|
|
|
- Closes #7561
|
|
|
+ This is a regression that was *probably* injected in the larger progress
|
|
|
+ bar overhaul in 2018.
|
|
|
+
|
|
|
+ Reported-by: beslick5 on github
|
|
|
+ Fixes #7760
|
|
|
+ Closes #7777
|
|
|
|
|
|
-- [Barry Pollard brought this change]
|
|
|
+- gen.pl: insert the current date and version in generated man page
|
|
|
+
|
|
|
+ Reported-by: Gisle Vanem
|
|
|
+ Ref: #7780
|
|
|
+ Closes #7782
|
|
|
|
|
|
- output.d: add method to suppress response bodies
|
|
|
+- NTLM: use DES_set_key_unchecked with OpenSSL
|
|
|
|
|
|
- Closes #7560
|
|
|
+ ... as the previously used function DES_set_key() will in some cases
|
|
|
+ reject using a key that it deems "weak" which will cause curl to
|
|
|
+ continue using the unitialized buffer content as key instead.
|
|
|
+
|
|
|
+ Assisted-by: Harry Sintonen
|
|
|
+ Fixes #7779
|
|
|
+ Closes #7781
|
|
|
|
|
|
-- TODO: remove 'c-ares deviates on http://1346569778'
|
|
|
+Marc Hoersken (27 Sep 2021)
|
|
|
+- CI: align make and test flags in various config files
|
|
|
|
|
|
- Fixed since 56a037cc0ad1b2 (7.77.0)
|
|
|
+ 1. Use Makefile target to run tests in autotools builds on AppVeyor.
|
|
|
+ 2. Disable testing of SCP protocol on native Windows environments.
|
|
|
+ 3. Remove redundant parameters -a -p from target test-nonflaky.
|
|
|
+ 4. Don't use -vc parameter which is reserved for debugging.
|
|
|
+
|
|
|
+ Replaces #7591
|
|
|
+ Closes #7690
|
|
|
|
|
|
-- [Colin O'Dell brought this change]
|
|
|
+Daniel Stenberg (27 Sep 2021)
|
|
|
+- mailmap: unify Max!
|
|
|
|
|
|
- BINDINGS.md: update links to use https where available
|
|
|
-
|
|
|
- Closes #7558
|
|
|
+- [Max Dymond brought this change]
|
|
|
|
|
|
-- asyn-ares.c: move all version number checks to the top
|
|
|
+ CURLOPT_PREREQFUNCTION: add new callback
|
|
|
|
|
|
- ... and use #ifdef [feature] in the code as per our guidelines.
|
|
|
-
|
|
|
-- ares: use ares_getaddrinfo()
|
|
|
+ Triggered before a request is made but after a connection is set up
|
|
|
|
|
|
- ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced
|
|
|
- in version 1.16.0.
|
|
|
+ Changes:
|
|
|
|
|
|
- With older c-ares versions, curl invokes ares_gethostbyname() twice - once for
|
|
|
- IPv4 and once for IPv6 to resolve both addresses, and then combines the
|
|
|
- returned results.
|
|
|
+ - callback: Update docs and callback for pre-request callback
|
|
|
+ - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
|
|
|
+ - Add redirect test and callback failure test
|
|
|
+ - Note that the function may be called multiple times on a redirection
|
|
|
+ - Disable new 2086 test due to Windows weirdness
|
|
|
|
|
|
- Reported-by: jjandesmet
|
|
|
- Fixes #7364
|
|
|
- Closes #7552
|
|
|
+ Closes #7477
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- KNOWN_BUGS: HTTP/2 connections through HTTPS proxy frequently stall
|
|
|
+
|
|
|
+ Closes #6936
|
|
|
|
|
|
- ngtcp2: utilize crypto API functions to simplify
|
|
|
+- TODO: make configure use --cache-file more and better
|
|
|
|
|
|
- Closes #7551
|
|
|
+ Closes #7753
|
|
|
|
|
|
-- [megatronking brought this change]
|
|
|
+- [Sergey Markelov brought this change]
|
|
|
|
|
|
- ngtcp2: reset the oustanding send buffer again when drained
|
|
|
+ urlapi: support UNC paths in file: URLs on Windows
|
|
|
|
|
|
- Closes #7538
|
|
|
+ - file://host.name/path/file.txt is a valid UNC path
|
|
|
+ \\host.name\path\files.txt to a non-local file transformed into URI
|
|
|
+ (RFC 8089 Appendix E.3)
|
|
|
+
|
|
|
+ - UNC paths on other OSs must be smb: URLs
|
|
|
+
|
|
|
+ Closes #7366
|
|
|
|
|
|
-Michael Kaufmann (10 Aug 2021)
|
|
|
-- progress: fix a compile warning on some systems
|
|
|
+- [Gleb Ivanovsky brought this change]
|
|
|
+
|
|
|
+ urlapi: add curl_url_strerror()
|
|
|
|
|
|
- lib/progress.c:380:40: warning: conversion to 'long double' from
|
|
|
- 'curl_off_t {aka long long int}' may alter its value [-Wconversion]
|
|
|
+ Add curl_url_strerror() to convert CURLUcode into readable string and
|
|
|
+ facilitate easier troubleshooting in programs using URL API.
|
|
|
+ Extend CURLUcode with CURLU_LAST for iteration in unit tests.
|
|
|
+ Update man pages with a mention of new function.
|
|
|
+ Update example code and tests with new functionality where it fits.
|
|
|
|
|
|
- Closes #7549
|
|
|
+ Closes #7605
|
|
|
|
|
|
-Daniel Stenberg (10 Aug 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- http: consider cookies over localhost to be secure
|
|
|
+- [Mats Lindestam brought this change]
|
|
|
+
|
|
|
+ libssh2: add SHA256 fingerprint support
|
|
|
|
|
|
- Updated test31.
|
|
|
- Added test 392 to verify secure cookies used for http://localhost
|
|
|
+ Added support for SHA256 fingerprint in command line curl and in
|
|
|
+ libcurl.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Fixes #6733
|
|
|
- Closes #7263
|
|
|
+ Closes #7646
|
|
|
|
|
|
-- TODO: erase secrets from heap/stack after use
|
|
|
+- libcurl.rc: switch out the copyright symbol for plain ASCII
|
|
|
|
|
|
- Closes #7268
|
|
|
+ Reported-by: Vitaly Varyvdin
|
|
|
+ Assisted-by: Viktor Szakats
|
|
|
+ Fixes #7765
|
|
|
+ Closes #7776
|
|
|
|
|
|
-Jay Satiro (10 Aug 2021)
|
|
|
-- hostip: Make Curl_ipv6works function independent of getaddrinfo
|
|
|
+- [Jun-ya Kato brought this change]
|
|
|
+
|
|
|
+ ngtcp2: fix QUIC transport parameter version
|
|
|
|
|
|
- - Do not assume IPv6 is not working when getaddrinfo is not present.
|
|
|
+ fix inappropriate version setting for QUIC transport parameters.
|
|
|
+ this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29).
|
|
|
|
|
|
- The check to see if IPv6 actually works is now independent of whether
|
|
|
- there is any resolver that can potentially resolve a hostname to IPv6.
|
|
|
+ Closes #7771
|
|
|
+
|
|
|
+- examples/imap-append: fix end-of-data check
|
|
|
|
|
|
- Prior to this change if getaddrinfo() was not found at compile time then
|
|
|
- Curl_ipv6works() would be defined as a macro that returns FALSE.
|
|
|
+ Reported-by: Alexander Chuykov
|
|
|
+ Fixes #7774
|
|
|
+ Closes #7775
|
|
|
+
|
|
|
+Michael Kaufmann (24 Sep 2021)
|
|
|
+- vtls: Fix a memory leak if an SSL session cannot be added to the cache
|
|
|
|
|
|
- When getaddrinfo is not found then libcurl is built with CURLRES_IPV4
|
|
|
- defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups
|
|
|
- in the traditional way. With this commit if libcurl is built with IPv6
|
|
|
- support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the
|
|
|
- IPv6 stack is actually working, then it is possible for libcurl to
|
|
|
- resolve IPv6 addresses by using DoH.
|
|
|
+ On connection shutdown, a new TLS session ticket may arrive after the
|
|
|
+ SSL session cache has already been destructed. In this case, the new
|
|
|
+ SSL session cannot be added to the SSL session cache.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
|
|
|
+ The callers of Curl_ssl_addsessionid() need to know whether the SSL
|
|
|
+ session has been added to the cache. If it has not been added, the
|
|
|
+ reference counter of the SSL session must not be incremented, or memory
|
|
|
+ used by the SSL session must be freed. This is now possible with the new
|
|
|
+ output parameter "added" of Curl_ssl_addsessionid().
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7529
|
|
|
+ Fixes #7683
|
|
|
+ Closes #7752
|
|
|
|
|
|
-- test1565: fix windows build errors
|
|
|
-
|
|
|
- - Use our wait_ms() instead of sleep() since Windows doesn't have the
|
|
|
- latter.
|
|
|
-
|
|
|
- - Use a separate variable to keep track of whether the pthread_t thread
|
|
|
- id is valid.
|
|
|
+Daniel Stenberg (24 Sep 2021)
|
|
|
+- [Momoka Yamamoto brought this change]
|
|
|
+
|
|
|
+ HTTP3.md: use 'autoreconf -fi' instead of buildconf
|
|
|
|
|
|
- On Windows pthread_t is not an integer type. pthread offers no macro for
|
|
|
- invalid pthread_t thread id, so validity is kept track of separately.
|
|
|
+ buildconf is not used since #5853
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7527
|
|
|
+ Closes #7746
|
|
|
|
|
|
-- [Jeremy Falcon brought this change]
|
|
|
+- GIT-INFO: rephrase to adapt to s/buildconf/autoreconf
|
|
|
|
|
|
- winbuild/README.md: clarify GEN_PDB option
|
|
|
-
|
|
|
- - Document that GEN_PDB option creates an external database.
|
|
|
+- [h1zzz brought this change]
|
|
|
+
|
|
|
+ llist: remove redundant code, branch will not be executed
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7502
|
|
|
+ Closes #7770
|
|
|
|
|
|
-Daniel Stenberg (9 Aug 2021)
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [tlahn brought this change]
|
|
|
|
|
|
- ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
|
|
|
+ HTTP-COOKIES.md: remove duplicate 'each'
|
|
|
|
|
|
- Closes #7546
|
|
|
+ Closes #7772
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+Jay Satiro (24 Sep 2021)
|
|
|
+- [Joel Depooter brought this change]
|
|
|
|
|
|
- ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
|
|
|
+ libssh2: Get the version at runtime if possible
|
|
|
|
|
|
- Rework the return value handling of ngtcp2_conn_writev_stream and treat
|
|
|
- NGTCP2_ERR_STREAM_SHUT_WR separately.
|
|
|
+ Previously this code used a compile time constant, meaning that libcurl
|
|
|
+ always reported the libssh2 version that libcurl was built with. This
|
|
|
+ could differ from the libssh2 version actually being used. The new code
|
|
|
+ uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
|
|
|
+ macro calls the libssh2_version function if it is available, otherwise
|
|
|
+ it falls back to the compile time version.
|
|
|
|
|
|
- Closes #7546
|
|
|
+ Closes https://github.com/curl/curl/pull/7768
|
|
|
|
|
|
-- configure: error out if both ngtcp2 and quiche are specified
|
|
|
+- [Joel Depooter brought this change]
|
|
|
+
|
|
|
+ schannel: fix typo
|
|
|
|
|
|
- Reported-by: Vincent Grande
|
|
|
- See #7539
|
|
|
- Closes #7545
|
|
|
+ Closes https://github.com/curl/curl/pull/7769
|
|
|
|
|
|
-- [Jeff Mears brought this change]
|
|
|
+Daniel Stenberg (23 Sep 2021)
|
|
|
+- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
|
|
|
+
|
|
|
+ To avoid the "... is deprecated" warnings brought by OpenSSL v3.
|
|
|
+ (We need to address the underlying code at some point of course.)
|
|
|
+
|
|
|
+ Assisted-by: Jakub Zakrzewski
|
|
|
+ Closes #7767
|
|
|
|
|
|
- easy: use a custom implementation of wcsdup on Windows
|
|
|
+- curl-openssl: pass argument to sed single-quoted
|
|
|
|
|
|
- ... so that malloc/free overrides from curl_global_init are used for
|
|
|
- wcsdup correctly.
|
|
|
+ ... instead of using an escaped double-quote. This is an attempt to make
|
|
|
+ this work better with ksh that otherwise would insist on a double
|
|
|
+ escape!
|
|
|
|
|
|
- Closes #7540
|
|
|
+ Reported-by: Randall S. Becker
|
|
|
+ Fixes #7758
|
|
|
+ Closes #7764
|
|
|
|
|
|
-- zuul: add an mbedtls3 CI job
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Closes #7544
|
|
|
+ Bumped curlver to 7.80.0-dev
|
|
|
|
|
|
-- [Benau brought this change]
|
|
|
+- [a1346054 brought this change]
|
|
|
|
|
|
- mbedTLS: initial 3.0.0 support
|
|
|
+ misc: fix typos in docs and comments
|
|
|
|
|
|
- Closes #7428
|
|
|
+ No user facing output from curl/libcurl is changed by this, just
|
|
|
+ comments.
|
|
|
+
|
|
|
+ Closes #7747
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Thomas M. DuBuisson brought this change]
|
|
|
|
|
|
-- configure.ac: revert bad nghttp2 library detection improvements
|
|
|
-
|
|
|
- This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b.
|
|
|
+ ci: update Lift config to match requirements of curl build
|
|
|
|
|
|
- The logic is now back to assuming that the nghttp2 lib is called nghttp2 and
|
|
|
- nothing else.
|
|
|
+ Also renamed Muse -> Lift, the new tool name.
|
|
|
|
|
|
- Reported-by: Rui Pinheiro
|
|
|
- Reported-by: Alex Crichton
|
|
|
- Fixes #7514
|
|
|
- Closes #7515
|
|
|
+ Closes #7761
|
|
|
|
|
|
-- happy-eyeballs-timeout-ms.d: polish the wording
|
|
|
+- [Rikard Falkeborn brought this change]
|
|
|
+
|
|
|
+ cleanup: constify unmodified static structs
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
- Fixes #7433
|
|
|
- Closes #7542
|
|
|
+ Constify a number of static structs that are never modified. Make them
|
|
|
+ const to show this.
|
|
|
+
|
|
|
+ Closes #7759
|
|
|
|
|
|
-- [modbw brought this change]
|
|
|
+Version 7.79.1 (22 Sep 2021)
|
|
|
|
|
|
- mbedtls_threadlock: fix unused variable warning
|
|
|
+Daniel Stenberg (22 Sep 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Closes #7393
|
|
|
+ curl 7.79.1 release
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- THANKS: added names from the 7.79.1 release
|
|
|
|
|
|
- ngtcp2: compile with the latest ngtcp2 and nghttp3
|
|
|
+- test897: verify delivery of IMAP post-body header content
|
|
|
|
|
|
- Closes #7541
|
|
|
-
|
|
|
-Marc Hoersken (31 Jul 2021)
|
|
|
-- CI/cirrus: reduce compile time with increased parallism
|
|
|
+ The "content" is delivered as "body" by curl, but the envelope continues
|
|
|
+ after the body and the rest of it should be delivered as header.
|
|
|
|
|
|
- Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds.
|
|
|
+ The IMAP server can now get 'POSTFETCH' set to include more data to
|
|
|
+ include after the body and test 897 is done to verify that such "extra"
|
|
|
+ header data is in fact delivered by curl as header.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7505
|
|
|
+ Ref: #7284 but fails to reproduce the issue
|
|
|
+
|
|
|
+ Closes #7748
|
|
|
|
|
|
-Daniel Stenberg (30 Jul 2021)
|
|
|
-- [Bin Lan brought this change]
|
|
|
+- KNOWN_BUGS: connection migration doesn't work
|
|
|
+
|
|
|
+ Closes #7695
|
|
|
|
|
|
- tool/tests: fix potential year 2038 issues
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- http: fix the broken >3 digit response code detection
|
|
|
|
|
|
- The length of 'long' in a 32-bit system is 32 bits, which cannot be used
|
|
|
- to save timestamps after 2038. Most operating systems have extended
|
|
|
- time_t to 64 bits.
|
|
|
+ When the "reason phrase" in the HTTP status line starts with a digit,
|
|
|
+ that was treated as the forth response code digit and curl would claim
|
|
|
+ the response to be non-compliant.
|
|
|
|
|
|
- Remove the castings to long.
|
|
|
+ Added test 1466 to verify this case.
|
|
|
|
|
|
- Closes #7466
|
|
|
+ Regression brought by 5dc594e44f73b17
|
|
|
+ Reported-by: Glenn de boer
|
|
|
+ Fixes #7738
|
|
|
+ Closes #7739
|
|
|
|
|
|
-- compressed.d: it's a request, not an order
|
|
|
+Jay Satiro (17 Sep 2021)
|
|
|
+- strerror: use sys_errlist instead of strerror on Windows
|
|
|
|
|
|
- Clarified
|
|
|
+ - Change Curl_strerror to use sys_errlist[errnum] instead of strerror to
|
|
|
+ retrieve the error message on Windows.
|
|
|
|
|
|
- Reported-by: Dan Jacobson
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Fixes #7516
|
|
|
- Closes #7517
|
|
|
-
|
|
|
-- [Bernhard M. Wiedemann brought this change]
|
|
|
-
|
|
|
- tests: make three tests pass until 2037
|
|
|
+ Windows' strerror writes to a static buffer and is not thread-safe.
|
|
|
|
|
|
- after 2038 something in test1915 fails on 32-bit OSes
|
|
|
+ Follow-up to 2f0bb86 which removed most instances of strerror in favor
|
|
|
+ of calling Curl_strerror (which calls strerror_r for other platforms).
|
|
|
|
|
|
- Closes #7512
|
|
|
+ Ref: https://github.com/curl/curl/pull/7685
|
|
|
+ Ref: https://github.com/curl/curl/commit/2f0bb86
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7735
|
|
|
|
|
|
-Daniel Gustafsson (30 Jul 2021)
|
|
|
-- connect: remove superfluous conditional
|
|
|
+Daniel Stenberg (16 Sep 2021)
|
|
|
+- dist: provide lib/.checksrc in the tarball
|
|
|
|
|
|
- Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos,
|
|
|
- but the move left a conditional on ai which no longer is needed as
|
|
|
- the while loop reevaluation will cover it.
|
|
|
+ So that debug builds work (checksrc really)
|
|
|
|
|
|
- Closes #7511
|
|
|
- Reviewed-by: Carlo Marcelo Arenas Belón
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Reported-by: Marcel Raad
|
|
|
+ Reported-by: tawmoto on github
|
|
|
+ Fixes #7733
|
|
|
+ Closes #7734
|
|
|
|
|
|
-Daniel Stenberg (29 Jul 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- TODO: Improve documentation about fork safety
|
|
|
|
|
|
- and bump curlver to 7.79.0 for next release
|
|
|
+ Closes #6968
|
|
|
|
|
|
-Marc Hoersken (29 Jul 2021)
|
|
|
-- tests/*server.py: remove pidfile on server termination
|
|
|
+- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
|
|
|
|
|
|
- Avoid pidfile leaking/laying around after server already exited.
|
|
|
+ ... and have CURLE_ABORTED_BY_CALLBACK returned.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7506
|
|
|
-
|
|
|
-Daniel Gustafsson (27 Jul 2021)
|
|
|
-- tool_main: fix typo in comment
|
|
|
+ Extended test 1915 to verify.
|
|
|
|
|
|
- The referred to library is NSPR, so fix the switched around characters.
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Fixes #7726
|
|
|
+ Closes #7729
|
|
|
|
|
|
-Daniel Stenberg (28 Jul 2021)
|
|
|
-- [Aleksandr Krotov brought this change]
|
|
|
-
|
|
|
- bearssl: support CURLOPT_CAINFO_BLOB
|
|
|
+- test1184: disable
|
|
|
|
|
|
- Closes #7468
|
|
|
+ The test should be fine and it works for me repeated when run manually,
|
|
|
+ but clearly it causes CI failures and it needs more research.
|
|
|
+
|
|
|
+ Reported-by: RiderALT on github
|
|
|
+ Fixes #7725
|
|
|
+ Closes #7732
|
|
|
|
|
|
-- curl.1: mention "global" flags
|
|
|
+- Curl_http2_setup: don't change connection data on repeat invokes
|
|
|
|
|
|
- Mention options that are "global". A global command line option is one
|
|
|
- that doesn't get reset at --next uses and therefore don't need to be
|
|
|
- used again.
|
|
|
+ Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
|
|
|
+ transfer oriented inits to before the check but also erroneously moved a
|
|
|
+ few connection oriented ones, which causes problems.
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ Reported-by: Evangelos Foutras
|
|
|
+ Fixes #7730
|
|
|
+ Closes #7731
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Fixes #7457
|
|
|
- Closes #7510
|
|
|
+ and bump to 7.79.1
|
|
|
|
|
|
-- CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
|
|
|
+Kamil Dudka (16 Sep 2021)
|
|
|
+- tests/sshserver.pl: make it work with openssh-8.7p1
|
|
|
|
|
|
- Reported-by: Daniel Woelfel
|
|
|
- Fixes #7441
|
|
|
- Closes #7509
|
|
|
+ ... by not using options with no argument where an argument is required:
|
|
|
+
|
|
|
+ === Start of file tests/log/ssh_server.log
|
|
|
+ curl_sshd_config line 6: no argument after keyword "DenyGroups"
|
|
|
+ curl_sshd_config line 7: no argument after keyword "AllowGroups"
|
|
|
+ curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
|
|
|
+ curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
|
|
|
+ curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
|
|
|
+ curl_sshd_config line 40: Deprecated option RSAAuthentication
|
|
|
+ curl_sshd_config line 41: Deprecated option ServerKeyBits
|
|
|
+ curl_sshd_config line 45: Deprecated option UseLogin
|
|
|
+ curl_sshd_config line 56: no argument after keyword "AcceptEnv"
|
|
|
+ curl_sshd_config: terminating, 3 bad configuration options
|
|
|
+ === End of file tests/log/ssh_server.log
|
|
|
+
|
|
|
+ === Start of file log/sftp_server.log
|
|
|
+ curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
|
|
|
+ curl_sftp_config line 34: Unsupported option "rsaauthentication"
|
|
|
+ curl_sftp_config line 52: no argument after keyword "sendenv"
|
|
|
+ curl_sftp_config: terminating, 1 bad configuration options
|
|
|
+ Connection closed.
|
|
|
+ Connection closed
|
|
|
+ === End of file log/sftp_server.log
|
|
|
+
|
|
|
+ Closes #7724
|
|
|
|
|
|
-- KNOWN_BUGS: add more HTTP/3 problems
|
|
|
+Daniel Stenberg (15 Sep 2021)
|
|
|
+- hsts: handle unlimited expiry
|
|
|
|
|
|
- Closes #7351
|
|
|
- Closes #7339
|
|
|
- Closes #7125
|
|
|
+ When setting a blank expire string, meaning unlimited, curl would pass
|
|
|
+ TIME_T_MAX to getime_r() when creating the output, while on 64 bit
|
|
|
+ systems such a large value cannot be convetered to a tm struct making
|
|
|
+ curl to exit the loop with an error instead. It can't be converted
|
|
|
+ because the year it would represent doesn't fit in the 'int tm_year'
|
|
|
+ field!
|
|
|
+
|
|
|
+ Starting now, unlimited expiry is instead handled differently by using a
|
|
|
+ human readable expiry date spelled out as "unlimited" instead of trying
|
|
|
+ to use a distant actual date.
|
|
|
+
|
|
|
+ Test 1660 and 1915 have been updated to help verify this change.
|
|
|
+
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Fixes #7720
|
|
|
+ Closes #7721
|
|
|
|
|
|
-Marc Hoersken (27 Jul 2021)
|
|
|
-- CI/azure: reduce compile time with increased parallism
|
|
|
+- curl_multi_fdset: make FD_SET() not operate on sockets out of range
|
|
|
|
|
|
- Azure Pipelines CI VMs have 2 CPUs, let's use them.
|
|
|
+ The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
|
|
|
+ built to use select(), even though the curl_multi_fdset() function
|
|
|
+ always and unconditionally uses FD_SET and needs the check.
|
|
|
|
|
|
- Closes #7489
|
|
|
+ Reported-by: 0xee on github
|
|
|
+ Fixes #7718
|
|
|
+ Closes #7719
|
|
|
|
|
|
-Jay Satiro (27 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- FAQ: add GOPHERS + curl works on data, not files
|
|
|
|
|
|
- docs: fix grammar
|
|
|
+Version 7.79.0 (14 Sep 2021)
|
|
|
+
|
|
|
+Daniel Stenberg (14 Sep 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7444
|
|
|
- Fixes https://github.com/curl/curl/issues/7451
|
|
|
- Fixes https://github.com/curl/curl/issues/7465
|
|
|
- Closes https://github.com/curl/curl/pull/7495
|
|
|
+ For the 7.79.0 release
|
|
|
|
|
|
-- mail-rcpt.d: fix grammar
|
|
|
+- THANKS: add contributors from 7.79.0 release cycle
|
|
|
+
|
|
|
+- FAQ: add two dev related questions
|
|
|
|
|
|
- Remove confusing sentence that says to specify an e-mail address for
|
|
|
- mail transfer, since that's implied.
|
|
|
+ 8.1 Why does curl use C89?
|
|
|
+ 8.2 Will curl be rewritten?
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ Spell-checked-by: Paul Johnson
|
|
|
+ Closes #7715
|
|
|
+
|
|
|
+- zuul.d/jobs: disable three tests for *-openssl-disable-proxy
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7452
|
|
|
- Closes https://github.com/curl/curl/pull/7495
|
|
|
+ ... as they mysteriously seem to permfail without being related to
|
|
|
+ proxy.
|
|
|
+
|
|
|
+ Closes #7714
|
|
|
|
|
|
-Daniel Stenberg (27 Jul 2021)
|
|
|
-- c-hyper: remove the hyper_executor_poll() loop from Curl_http
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
|
|
|
|
|
|
- 1. it's superfluous
|
|
|
- 2. it didn't work identically to the Curl_hyper_stream one which could
|
|
|
- cause problems like #7486
|
|
|
+ If a server pipelines future responses within the STARTTLS response, the
|
|
|
+ former are preserved in the pingpong cache across TLS negotiation and
|
|
|
+ used as responses to the encrypted commands.
|
|
|
|
|
|
- Pointed-out-by: David Cook
|
|
|
- Closes #7499
|
|
|
+ This fix detects pipelined STARTTLS responses and rejects them with an
|
|
|
+ error.
|
|
|
+
|
|
|
+ CVE-2021-22947
|
|
|
+
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22947.html
|
|
|
|
|
|
-- curl-openssl.m4: check lib64 for the pkg-config file
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ ftp,imap,pop3: do not ignore --ssl-reqd
|
|
|
|
|
|
- OpenSSL recently started putting the libs in $prefix/lib64 on 'make
|
|
|
- install', so we check that directory for pkg-config data if the 'lib'
|
|
|
- check fails.
|
|
|
+ In imap and pop3, check if TLS is required even when capabilities
|
|
|
+ request has failed.
|
|
|
|
|
|
- Closes #7503
|
|
|
+ In ftp, ignore preauthentication (230 status of server greeting) if TLS
|
|
|
+ is required.
|
|
|
+
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22946.html
|
|
|
+
|
|
|
+ CVE-2021-22946
|
|
|
|
|
|
-- CURLOPT_SSL_CTX_*.3: tidy up the example
|
|
|
+- [z2_ on hackerone brought this change]
|
|
|
+
|
|
|
+ mqtt: clear the leftovers pointer when sending succeeds
|
|
|
|
|
|
- Use the proper code style. Don't store return codes that aren't read.
|
|
|
- Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well.
|
|
|
+ CVE-2021-22945
|
|
|
|
|
|
- Closes #7500
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22945.html
|
|
|
|
|
|
-- example/cookie_interface: fix scan-build printf warning
|
|
|
+- zuul: bump the rustls job to use v0.7.2
|
|
|
|
|
|
- Follow-up to 4b79c4fb565
|
|
|
+ ... and add -lm when using a rust library.
|
|
|
|
|
|
- Fixes #7497
|
|
|
- Closes #7498
|
|
|
+ Closes #7701
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- RELEASE-PROCEDURE: add release dates from now to 8.0.0 in 2023
|
|
|
|
|
|
- limit-rate.d: clarify base unit
|
|
|
+- SECURITY-PROCESS: tweak a little to match current practices
|
|
|
|
|
|
- Fixes #7439
|
|
|
- Closes #7494
|
|
|
-
|
|
|
-- [Carlo Marcelo Arenas Belón brought this change]
|
|
|
+ Closes #7713
|
|
|
|
|
|
- examples/cookie_interface: avoid printfing time_t directly
|
|
|
+- http_proxy: fix the User-Agent inclusion in CONNECT
|
|
|
|
|
|
- time_t representation is undefined and varies on bitsize and signedness,
|
|
|
- and as of C11 could be even non integer.
|
|
|
+ It should not refer to the uagent string that is allocated and created
|
|
|
+ for the end server http request, as that pointer may be cleared on
|
|
|
+ subsequent CONNECT requests.
|
|
|
|
|
|
- instead of casting to unsigned long (which would truncate in systems
|
|
|
- with a 32bit long after 2106) use difftime to get the elapsed time as a
|
|
|
- double and print that (without decimals) instead.
|
|
|
+ Added test case 1184 to verify.
|
|
|
|
|
|
- alternatively a cast to curl_off_t and its corresponding print
|
|
|
- formatting could have been used (at least in POSIX) but portability and
|
|
|
- curl agnostic code was prioritized.
|
|
|
+ Reported-by: T200proX7 on github
|
|
|
+ Fixes #7705
|
|
|
+ Closes #7707
|
|
|
+
|
|
|
+- Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
|
|
|
|
|
|
- Closes #7490
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Fixes #7710
|
|
|
+ Closes #7711
|
|
|
|
|
|
-Marc Hoersken (25 Jul 2021)
|
|
|
-- tests/servers: remove obsolete pid variable
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: fix build with ngtcp2 and nghttp3
|
|
|
|
|
|
- Variable is not used since pidfile handling moved to util.[ch]
|
|
|
+ ngtcp2_conn_client_new and nghttp3_conn_client_new are now macros.
|
|
|
+ Check the wrapped functions instead.
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Closes #7482
|
|
|
+ ngtcp2_stream_close callback now takes flags parameter.
|
|
|
+
|
|
|
+ Closes #7709
|
|
|
|
|
|
-- tests/servers: use our platform-aware pid for server verification
|
|
|
+- write-out.d: clarify size_download/upload
|
|
|
|
|
|
- The pid used for server verification is later stored as pid2 in
|
|
|
- the hash of running test servers and therefore used for shutdown.
|
|
|
+ They show the number of "body" bytes transfered.
|
|
|
+ Fixes #7702
|
|
|
+ Closes #7706
|
|
|
+
|
|
|
+- http2: Curl_http2_setup needs to init stream data in all invokes
|
|
|
|
|
|
- The pid used for shutdown must be the platform-aware (Win32) pid
|
|
|
- to avoid leaking test servers while running them using Cygwin/msys.
|
|
|
+ Thus function was written to avoid doing multiple connection data
|
|
|
+ initializations, which is fine, but since it also initiates stream
|
|
|
+ related data it is crucial that it doesn't skip those even if called
|
|
|
+ again for the same connection. Solved by moving the stream
|
|
|
+ initializations before the "doing-it-again" check.
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Closes #7481
|
|
|
+ Reported-by: Inho Oh
|
|
|
+ Fixes #7630
|
|
|
+ Closes #7692
|
|
|
|
|
|
-- tests/runtests.pl: cleanup copy&paste mistakes and unused code
|
|
|
+- url: fix compiler warning in no-verbose builds
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Part of #7481
|
|
|
+ Follow-up from 2f0bb864c12
|
|
|
+
|
|
|
+ Closes #7700
|
|
|
|
|
|
-Daniel Stenberg (25 Jul 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- non-ascii: fix build errors from strerror fix
|
|
|
|
|
|
- bumped to 7.78.1 for next release
|
|
|
+ Follow-up to 2f0bb864c12
|
|
|
+
|
|
|
+ Closes #7697
|
|
|
|
|
|
-- http_proxy: clear 'sending' when the outgoing request is sent
|
|
|
+- parse_args: redo the warnings for --remote-header-name combos
|
|
|
|
|
|
- ... so that Curl_connect_getsock() will know how to wait for the socket
|
|
|
- to become readable and not writable after the entire CONNECT request has
|
|
|
- been issued.
|
|
|
+ ... to avoid the memory leak risk pointed out by scan-build.
|
|
|
|
|
|
- Regression added in 7.77.0
|
|
|
+ Follow-up from 7a3e981781d6c18a
|
|
|
|
|
|
- Reported-by: zloi-user on github
|
|
|
- Assisted-by: Jay Satiro
|
|
|
- Fixes #7155
|
|
|
- Closes #7484
|
|
|
-
|
|
|
-Jay Satiro (25 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Closes #7698
|
|
|
|
|
|
- openssl: fix grammar
|
|
|
+- ngtcp2: adapt to new size defintions upstream
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7480
|
|
|
+ Reviewed-by: Tatsuhiro Tsujikawa
|
|
|
+ Closes #7699
|
|
|
|
|
|
-- configure.ac: tweak nghttp2 library name fix again
|
|
|
+- rustls: add strerror.h include
|
|
|
|
|
|
- - Change extraction to handle multiple library names returned by
|
|
|
- pkg-config (eg a possible scenario with pkg-config --static).
|
|
|
+ Follow-up to 2f0bb864c12
|
|
|
+
|
|
|
+- docs: the security list is reached at security at curl.se now
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7472
|
|
|
+ Also update the FAQ section a bit to encourage users to rather submit
|
|
|
+ security issues on hackerone than sending email.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7485
|
|
|
+ Closes #7689
|
|
|
|
|
|
-Dan Fandrich (23 Jul 2021)
|
|
|
-- Get rid of the unused HAVE_SIG_ATOMIC_T et. al.
|
|
|
+Marc Hoersken (9 Sep 2021)
|
|
|
+- runtests: add option -u to error on server unexpectedly alive
|
|
|
|
|
|
- It was added in 2006 but I see no evidence it was ever used.
|
|
|
-
|
|
|
-Jay Satiro (23 Jul 2021)
|
|
|
-- docs: change max-filesize caveat again
|
|
|
+ Let's try to actually handle the server unexpectedly alive
|
|
|
+ case by first making them visible on CI builds as failures.
|
|
|
|
|
|
- - Add protocols field to max-filesize.d.
|
|
|
+ This is needed to detect issues with killing of the test
|
|
|
+ servers completely including nested process chains with
|
|
|
+ multiple PIDs per test server (including bash and perl).
|
|
|
|
|
|
- - Revert wording on unknown file size caveat and do not discuss specific
|
|
|
- protocols in that section.
|
|
|
+ On Windows/cygwin platforms this is especially helpful with
|
|
|
+ debugging PID mixups due to cygwin using its own PID space.
|
|
|
|
|
|
- Partial revert of ecf0225. All max-filesize options now have the list of
|
|
|
- protocols and it's clearer just to have that list without discussing
|
|
|
- specific protocols in the caveat.
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7180
|
|
|
+
|
|
|
+Daniel Stenberg (9 Sep 2021)
|
|
|
+- opts docs: unify phrasing in NAME header
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ - avoid writing "set ..." or "enable/disable ..." or "specify ..."
|
|
|
+ *All* options for curl_easy_setopt() are about setting or enabling
|
|
|
+ things and most of the existing options didn't use that way of
|
|
|
+ description.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762
|
|
|
+ - start with lowercase letter, unless abbreviation. For consistency.
|
|
|
+
|
|
|
+ - Some additional touch-ups
|
|
|
+
|
|
|
+ Closes #7688
|
|
|
|
|
|
-Daniel Stenberg (22 Jul 2021)
|
|
|
-- [Christian Weisgerber brought this change]
|
|
|
+- strerror.h: remove the #include from files not using it
|
|
|
|
|
|
- configure: tweak nghttp2 library name fix
|
|
|
+- lib: don't use strerror()
|
|
|
|
|
|
- commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by
|
|
|
- assuming that LIB_H2 does not have any leading whitespace. At least
|
|
|
- OpenBSD's native pkg-config can produce such whitespace, though:
|
|
|
+ We have and provide Curl_strerror() internally for a reason: strerror()
|
|
|
+ is not necessarily thread-safe so we should always try to avoid it.
|
|
|
|
|
|
- $ pkg-config --libs-only-l libnghttp2
|
|
|
- -lnghttp2
|
|
|
+ Extended checksrc to warn for this, but feature the check disabled by
|
|
|
+ default and only enable it in lib/
|
|
|
|
|
|
- As a result, the configure check for libnghttp2 will erroneously fail.
|
|
|
+ Closes #7685
|
|
|
+
|
|
|
+Daniel Gustafsson (8 Sep 2021)
|
|
|
+- cirrus: Add FreeBSD 13.0 job and disable sanitizer build
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-07/0050.html
|
|
|
- Closes #7472
|
|
|
+ As alluded to the in the now removed comment, a 13.0 image became
|
|
|
+ available and is now ready to be used.
|
|
|
+
|
|
|
+ The sanitizer builds were running on the 12.1 image which since has
|
|
|
+ been removed from the config, leaving the builds not running at all.
|
|
|
+ When enabled it turns out that they don't actually work due to very
|
|
|
+ long timeouts in executing the tests, so keep the disabled for now
|
|
|
+ but a bit more controlled.
|
|
|
+
|
|
|
+ Closes #7592
|
|
|
|
|
|
-- [Bastian Krause brought this change]
|
|
|
+Daniel Stenberg (8 Sep 2021)
|
|
|
+- copyrights: update copyright year ranges
|
|
|
|
|
|
- docs/MQTT: update state of username/password support
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- INTERNALS: c-ares has a new home: c-ares.org
|
|
|
+
|
|
|
+- docs: remove experimental mentions from HSTS and MQTT
|
|
|
|
|
|
- PR #7243 implemented username/password support for MQTT, so let's drop
|
|
|
- these items from the caveats.
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Bug: https://github.com/curl/curl/pull/6700#issuecomment-913792863
|
|
|
+ Closes #7681
|
|
|
+
|
|
|
+- [Cao ZhenXiang brought this change]
|
|
|
+
|
|
|
+ curl: add warning for incompatible parameters usage
|
|
|
|
|
|
- Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
|
|
+ --continue-at - and --remote-header-name are known incompatible parameters
|
|
|
|
|
|
- Closes #7474
|
|
|
+ Closes #7674
|
|
|
|
|
|
-- [Oleg Pudeyev brought this change]
|
|
|
+- [git-bruh brought this change]
|
|
|
|
|
|
- CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
|
|
|
+ examples/*hiperfifo.c: fix calloc arguments to match function proto
|
|
|
|
|
|
- Closes #7470
|
|
|
+ Closes #7678
|
|
|
|
|
|
-Version 7.78.0 (21 Jul 2021)
|
|
|
+- INTERNALS: bump c-ares requirement to 1.16.0
|
|
|
+
|
|
|
+ Since ba904db0705c93 we use ares_getaddrinfo, added in c-ares 1.16.0
|
|
|
|
|
|
-Daniel Stenberg (21 Jul 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- curl: stop retry if Retry-After: is longer than allowed
|
|
|
|
|
|
- curl 7.78.0 release
|
|
|
+ If Retry-After: specifies a period that is longer than what fits within
|
|
|
+ --retry-max-time, then stop retrying immediately.
|
|
|
+
|
|
|
+ Added test 366 to verify.
|
|
|
+
|
|
|
+ Reported-by: Kari Pahula
|
|
|
+ Fixes #7675
|
|
|
+ Closes #7676
|
|
|
|
|
|
-- winbuild/MakefileBuild.vc: bump copyright year
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
-Jay Satiro (21 Jul 2021)
|
|
|
-- docs: mention max-filesize options also apply to MQTT transfers
|
|
|
+ mbedtls: avoid using a large buffer on the stack
|
|
|
|
|
|
- Also make it clearer that the caveat 'if the file size is unknown it
|
|
|
- the option will have no effect' may apply to protocols other than FTP
|
|
|
- and HTTP.
|
|
|
+ Use dynamic memory allocation for the buffer used in checking "pinned
|
|
|
+ public key". The PUB_DER_MAX_BYTES parameter with default settings is
|
|
|
+ set to a value greater than 2kB.
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ Co-authored-by: Daniel Stenberg
|
|
|
+ Closes #7586
|
|
|
+
|
|
|
+- configure: make --disable-hsts work
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7453
|
|
|
+ The AC_ARG_ENABLE() macro itself uses a variable called
|
|
|
+ 'enable_[option]', so when our script also used a variable with that
|
|
|
+ name for the purpose of storing what the user wants, it also
|
|
|
+ accidentally made it impossible to switch off the feature with
|
|
|
+ --disable-hsts. Fix this by renaming our variable.
|
|
|
+
|
|
|
+ Reported-by: Michał Antoniak
|
|
|
+ Fixes #7669
|
|
|
+ Closes #7672
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+Jay Satiro (5 Sep 2021)
|
|
|
+- config.d: note that curlrc is used even when --config
|
|
|
+
|
|
|
+ Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
|
|
|
+ Reported-by: Viktor Szakats
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7667
|
|
|
|
|
|
- docs/cmdline: fix grammar and typos
|
|
|
+Daniel Stenberg (4 Sep 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- test1173: check references to libcurl options
|
|
|
+
|
|
|
+ ... that they refer to actual existing libcurl options.
|
|
|
+
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7656
|
|
|
|
|
|
- dump-header.d: Drop suggestion to use for cookie storage
|
|
|
+- CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
|
|
|
|
|
|
- Since --cookie-jar is the preferred way to store cookies, no longer
|
|
|
- suggest using --dump-header to do so.
|
|
|
+ Closes #7656
|
|
|
+
|
|
|
+- opt-docs: verify man page sections + order
|
|
|
|
|
|
- Co-authored-by: Daniel Stenberg
|
|
|
+ In every libcurl option man page there are now 8 mandatory sections that
|
|
|
+ must use the right name in the correct order and test 1173 verifies
|
|
|
+ this. Only 14 man pages needed adjustments.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/issues/7414
|
|
|
+ The sections and the order is as follows:
|
|
|
+
|
|
|
+ - NAME
|
|
|
+ - SYNOPSIS
|
|
|
+ - DESCRIPTION
|
|
|
+ - PROTOCOLS
|
|
|
+ - EXAMPLE
|
|
|
+ - AVAILABILITY
|
|
|
+ - RETURN VALUE
|
|
|
+ - SEE ALSO
|
|
|
+
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7656
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- opt-docs: make sure all man pages have examples
|
|
|
+
|
|
|
+ Extended manpage-syntax.pl (run by test 1173) to check that every man
|
|
|
+ page for a libcurl option has an EXAMPLE section that is more than two
|
|
|
+ lines. Then fixed all errors it found and added examples.
|
|
|
+
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7656
|
|
|
|
|
|
- doc/cmdline: fix grammar and typos
|
|
|
+- get.d: provide more useful examples
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7454
|
|
|
- Closes https://github.com/curl/curl/pull/7455
|
|
|
- Closes https://github.com/curl/curl/pull/7456
|
|
|
- Closes https://github.com/curl/curl/pull/7459
|
|
|
- Closes https://github.com/curl/curl/pull/7460
|
|
|
- Closes https://github.com/curl/curl/pull/7461
|
|
|
- Closes https://github.com/curl/curl/pull/7462
|
|
|
- Closes https://github.com/curl/curl/pull/7463
|
|
|
+ Closes #7668
|
|
|
+
|
|
|
+- page-header: add GOPHERS, simplify wording in the 1st para
|
|
|
+
|
|
|
+ Closes #7665
|
|
|
+
|
|
|
+- connect: get local port + ip also when reusing connections
|
|
|
+
|
|
|
+ Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
|
|
|
+ (connection + easy handle), so this info needs be extracted again even
|
|
|
+ for re-used connections.
|
|
|
+
|
|
|
+ Add test 435 to verify
|
|
|
+
|
|
|
+ Reported-by: Max Dymond
|
|
|
+ Fixes #7660
|
|
|
+ Closes #7662
|
|
|
|
|
|
-Daniel Stenberg (20 Jul 2021)
|
|
|
-- vtls: fix connection reuse checks for issuer cert and case sensitivity
|
|
|
+Marcel Raad (2 Sep 2021)
|
|
|
+- multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
|
|
|
|
|
|
- CVE-2021-22924
|
|
|
+ `use_wakeup` is unused in this case.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22924.html
|
|
|
+ Closes https://github.com/curl/curl/pull/7661
|
|
|
|
|
|
-- sectransp: check for client certs by name first, then file
|
|
|
+Daniel Stenberg (1 Sep 2021)
|
|
|
+- tests: adjust the tftpd output to work with hyper mode
|
|
|
|
|
|
- CVE-2021-22926
|
|
|
+ By making them look less like http headers, the hyper mode "tweak"
|
|
|
+ doesn't interfere.
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22926.html
|
|
|
+ Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated
|
|
|
+ but should be enabled).
|
|
|
|
|
|
- Assisted-by: Daniel Gustafsson
|
|
|
- Reported-by: Harry Sintonen
|
|
|
+ Closes #7658
|
|
|
|
|
|
-- telnet: fix option parser to not send uninitialized contents
|
|
|
-
|
|
|
- CVS-2021-22925
|
|
|
-
|
|
|
- Reported-by: Red Hat Product Security
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22925.html
|
|
|
+Daniel Gustafsson (1 Sep 2021)
|
|
|
+- [Gisle Vanem brought this change]
|
|
|
|
|
|
-Jay Satiro (20 Jul 2021)
|
|
|
-- connect: fix wrong format specifier in connect error string
|
|
|
+ openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
|
|
|
|
|
|
- 0842175 (not in any release) used the wrong format specifier (long int)
|
|
|
- for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
|
|
|
- 64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
|
|
|
- upper 32-bits of the timediff_t were erroneously then used by the next
|
|
|
- format specifier. Usually since the timeout isn't larger than 32-bits
|
|
|
- this would result in null as a pointer to the string with the reason for
|
|
|
- the connection failing. On other OSes or maybe other compilers it could
|
|
|
- probably result in garbage values (ie crash on deref).
|
|
|
+ This adds support for the previously unhandled supplemental data which
|
|
|
+ in -v output was printed like:
|
|
|
|
|
|
- Before:
|
|
|
- Failed to connect to localhost port 12345 after 1201 ms: (nil)
|
|
|
+ TLSv1.2 (IN), TLS header, Unknown (23):
|
|
|
|
|
|
- After:
|
|
|
- Failed to connect to localhost port 12345 after 1203 ms: Connection refused
|
|
|
+ These will now be printed with proper annotation:
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7449
|
|
|
+ TLSv1.2 (OUT), TLS header, Supplemental data (23):
|
|
|
+
|
|
|
+ Closes #7652
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-- winbuild: support alternate nghttp2 static lib name
|
|
|
+Daniel Stenberg (1 Sep 2021)
|
|
|
+- curl.1: provide examples for each option
|
|
|
|
|
|
- - Support both nghttp2.lib and nghttp2_static.lib for static nghttp2.
|
|
|
+ The file format for each option now features a "Example:" header that
|
|
|
+ can provide one or more examples that get rendered appropriately in the
|
|
|
+ output. All options MUST have at least one example or gen.pl complains
|
|
|
+ at build-time.
|
|
|
|
|
|
- nghttp2 briefly changed its static lib name to nghttp2_static, but then
|
|
|
- made the _static suffix optional.
|
|
|
+ This fix also does a few other minor format and consistency cleanups.
|
|
|
|
|
|
- Ref: https://github.com/nghttp2/nghttp2/pull/1394
|
|
|
- Ref: https://github.com/nghttp2/nghttp2/pull/1418
|
|
|
- Ref: https://github.com/nghttp2/nghttp2/issues/1466
|
|
|
+ Closes #7654
|
|
|
+
|
|
|
+- progress: make trspeed avoid floats
|
|
|
|
|
|
- Reported-by: Pierre Yager
|
|
|
+ and compiler warnings for data conversions.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7446
|
|
|
- Closes https://github.com/curl/curl/pull/7447
|
|
|
+ Reported-by: Michał Antoniak
|
|
|
+ Fixes #7645
|
|
|
+ Closes #7653
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- test365: verify response with chunked AND Content-Length headers
|
|
|
|
|
|
- docs/cmdline: fix grammar and typos
|
|
|
+- http: ignore content-length if any transfer-encoding is used
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7432
|
|
|
- Closes https://github.com/curl/curl/pull/7436
|
|
|
- Closes https://github.com/curl/curl/pull/7438
|
|
|
- Closes https://github.com/curl/curl/pull/7440
|
|
|
- Closes https://github.com/curl/curl/pull/7445
|
|
|
+ Fixes #7643
|
|
|
+ Closes #7649
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- delegation.d: mention what happens when used multiple times
|
|
|
+- Revert "http2: skip immediate parsing of payload following protocol switch"
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7408
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
-
|
|
|
- create-file-mode.d: mention what happens when used multiple times
|
|
|
+ This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7407
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Reported-by: Tk Xiong
|
|
|
+ Fixes #7633
|
|
|
+ Closes #7648
|
|
|
|
|
|
- config.d: split comments and option-per line
|
|
|
+- KNOWN_BUGS: HTTP/3 doesn't support client certs
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7405
|
|
|
-
|
|
|
-Daniel Stenberg (19 Jul 2021)
|
|
|
-- misc: copyright year range updates
|
|
|
-
|
|
|
-- mailmap: add Tobias and Timur
|
|
|
+ Closes #7625
|
|
|
|
|
|
-Daniel Gustafsson (18 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- mailing lists: move from cool.haxx.se to lists.haxx.se
|
|
|
|
|
|
- docs: spell out directories instead of dirs in create-dirs
|
|
|
-
|
|
|
- Write out directories rather than using the dirs abbrevation. Also
|
|
|
- use plural form consistently, even if the code in the end might just
|
|
|
- create a single directory.
|
|
|
+- http_proxy: only wait for writable socket while sending request
|
|
|
|
|
|
- Closes #7406
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-- [Tobias Nyholm brought this change]
|
|
|
-
|
|
|
- docs: correct spelling errors and a broken link
|
|
|
+ Otherwise it would wait socket writability even after the entire CONNECT
|
|
|
+ request has sent and make curl basically busy-loop while waiting for a
|
|
|
+ response to come back.
|
|
|
|
|
|
- Update grammar and spelling in docs and source code comments.
|
|
|
+ The previous fix attempt in #7484 (c27a70a591a4) was inadequate.
|
|
|
|
|
|
- Closes: #7427
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Reported-by: zloi-user on github
|
|
|
+ Reported-by: Oleguer Llopart
|
|
|
+ Fixes #7589
|
|
|
+ Closes #7647
|
|
|
|
|
|
-Marc Hoersken (18 Jul 2021)
|
|
|
-- CI/cirrus: install impacket from PyPI instead of FreeBSD packages
|
|
|
-
|
|
|
- Availability of impacket as FreeBSD package is too flaky.
|
|
|
+- http: disallow >3-digit response codes
|
|
|
|
|
|
- Stick to legacy version of cryptography which still
|
|
|
- supports OpenSSL version 1.0.2 due to FreeBSD 11.
|
|
|
+ Make the built-in HTTP parser behave similar to hyper and reject any
|
|
|
+ HTTP response using more than 3 digits for the response code.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ Updated test 1432 accordingly.
|
|
|
+ Enabled test 1432 in the hyper builds.
|
|
|
|
|
|
- Closes #7418
|
|
|
+ Closes #7641
|
|
|
|
|
|
-Daniel Stenberg (18 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
- docs/cmdline: mention what happens when used multiple times
|
|
|
+ ngtcp2: stop buffering crypto data
|
|
|
|
|
|
- For --dns-ipv4-addr, --dns-ipv6-addr and --dns-servers
|
|
|
+ Stop buffering crypto data because libngtcp2 now buffers submitted
|
|
|
+ crypto data.
|
|
|
|
|
|
- Closes #7410
|
|
|
- Closes #7411
|
|
|
- Closes #7412
|
|
|
+ Closes #7637
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- test1280: CRLFify the response to please hyper
|
|
|
+
|
|
|
+ Closes #7639
|
|
|
|
|
|
- lib: fix compiler warnings with CURL_DISABLE_NETRC
|
|
|
+- tests: enable test 1129 for hyper builds
|
|
|
|
|
|
- warning C4189: 'netrc_user_changed': local variable is initialized but
|
|
|
- not referenced
|
|
|
+ Closes #7638
|
|
|
+
|
|
|
+- curl: better error message when -O fails to get a good name
|
|
|
|
|
|
- warning C4189: 'netrc_passwd_changed': local variable is initialized but
|
|
|
- not referenced
|
|
|
+ Due to how this currently works internally, it needs a working initial
|
|
|
+ file name to store contents in, so it may still fail even with -J is
|
|
|
+ used (and thus accepting a name from content-disposition:) if the file
|
|
|
+ name part of the URL isn't "good enough".
|
|
|
|
|
|
- Closes #7423
|
|
|
+ Fixes #7628
|
|
|
+ Closes #7635
|
|
|
|
|
|
-- disable-epsv.d: remove duplicate "(FTP)"
|
|
|
+- curl_easy_setopt: tweak the string copy wording
|
|
|
|
|
|
- ... since the tooling adds that to the output based on the "Protocols:"
|
|
|
- tag.
|
|
|
+ Reported-by: Yaobin Wen
|
|
|
+ Fixes #7632
|
|
|
+ Closes #7634
|
|
|
|
|
|
-- [Max Zettlmeißl brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- docs: make the documentation for --etag-save match the program behaviour
|
|
|
-
|
|
|
- When using curl with the option `--etag-save` I expected it to save the
|
|
|
- ETag without its surrounding quotes, as stated by the documentation in
|
|
|
- the repository and by the generated man pages.
|
|
|
+- [Don J Olmstead brought this change]
|
|
|
+
|
|
|
+ cmake: sync CURL_DISABLE options
|
|
|
|
|
|
- My first endeavour was to fix the program, but while investigating the
|
|
|
- history of the relevant parts, I discovered that curl once saved the
|
|
|
- ETag without the quotes. This was undone by Daniel Stenberg in commit
|
|
|
- `98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in
|
|
|
- this case the documentation should be adjusted to match the behaviour of
|
|
|
- curl.
|
|
|
+ Adds the full listing of CURL_DISABLE options to the CMake build. Moves
|
|
|
+ all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
|
|
|
+ resides near OpenSSL configuration, to the same block of code. Also
|
|
|
+ sorts the options here and in the cmake config header.
|
|
|
|
|
|
- The changed save behaviour also made parts of the `--etag-compare`
|
|
|
- documentation wrong or superfluous, so I adjusted those accordingly.
|
|
|
+ Additionally sorted the CURL-DISABLE listing and fixed the
|
|
|
+ CURL_DISABLE_POP3 option.
|
|
|
|
|
|
- Closes #7429
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Closes #7624
|
|
|
|
|
|
- write-out.d: add missing periods
|
|
|
+Jay Satiro (25 Aug 2021)
|
|
|
+- KNOWN_BUGS: FTPS upload data loss with TLS 1.3
|
|
|
|
|
|
- Closes #7404
|
|
|
-
|
|
|
-- [Josie Huddleston brought this change]
|
|
|
-
|
|
|
- easy: during upkeep, attach Curl_easy to connections in the cache
|
|
|
+ Bug: https://github.com/curl/curl/issues/6149
|
|
|
+ Reported-by: Bylon2@users.noreply.github.com
|
|
|
|
|
|
- During the protocol-specific parts of connection upkeep, some code
|
|
|
- assumes that the data->conn pointer already is set correctly. However,
|
|
|
- there's currently no guarantee of that in the code.
|
|
|
+ Closes https://github.com/curl/curl/pull/7623
|
|
|
+
|
|
|
+Daniel Stenberg (24 Aug 2021)
|
|
|
+- cmake: avoid poll() on macOS
|
|
|
|
|
|
- This fix temporarily attaches each connection to the Curl_easy object
|
|
|
- before performing the protocol-specific connection check on it, in a
|
|
|
- similar manner to the connection checking in extract_if_dead().
|
|
|
+ ... like we do in configure builds. Since poll() on macOS is not
|
|
|
+ reliable enough.
|
|
|
|
|
|
- Fixes #7386
|
|
|
- Closes #7387
|
|
|
- Reported-by: Josie Huddleston
|
|
|
+ Reported-by: marc-groundctl
|
|
|
+ Fixes #7595
|
|
|
+ Closes #7619
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
|
|
|
+
|
|
|
+ Enable test 1074
|
|
|
+
|
|
|
+ Closes #7617
|
|
|
|
|
|
- cleanup: spell DoH with a lowercase o
|
|
|
+- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
|
|
|
|
|
|
- Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
|
|
+ Enable test 1130 and 1131
|
|
|
|
|
|
- Closes #7413
|
|
|
+ Closes #7616
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- [a1346054 brought this change]
|
|
|
|
|
|
- TheArtOfHttpScripting: polish
|
|
|
-
|
|
|
- - add missing backticks and comma
|
|
|
-
|
|
|
- - fix proxy description:
|
|
|
+ tests: be explicit about using 'python3' instead of 'python'
|
|
|
|
|
|
- * example proxy isn't local
|
|
|
- * locally doesn't really make sense
|
|
|
+ This fixes running tests in virtualenvs (or on distros) that no longer
|
|
|
+ have a symlink from python to python2 or python3.
|
|
|
|
|
|
- Closes #7416
|
|
|
+ Closes #7602
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- [a1346054 brought this change]
|
|
|
|
|
|
- form.d: add examples of `,`/`;` for file[name]
|
|
|
+ scripts: invoke interpreters through /usr/bin/env
|
|
|
|
|
|
- Fixes #7415
|
|
|
- Closes #7417
|
|
|
+ Closes #7602
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- DISABLED: enable 11 more tests for hyper builds
|
|
|
+
|
|
|
+ Closes #7612
|
|
|
|
|
|
- mbedtls: Remove unnecessary include
|
|
|
+- setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
|
|
|
|
|
|
- - curl_setup.h: all references to mbedtls_md4* functions and structures
|
|
|
- are in the md4.c. This file already includes the <mbedtls/md4.h> file
|
|
|
- along with the file existence control (defined (MBEDTLS_MD4_C))
|
|
|
+ Since this option is also used for FTP, it needs to work to set for
|
|
|
+ applications even if hyper doesn't support it for HTTP. Verified by test
|
|
|
+ 1137.
|
|
|
|
|
|
- - curl_ntlm_core.c: unnecessary include - repeated below
|
|
|
+ Updated docs to specify that the option doesn't work for HTTP when using
|
|
|
+ the hyper backend.
|
|
|
|
|
|
- Closes #7419
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7614
|
|
|
|
|
|
-Jay Satiro (16 Jul 2021)
|
|
|
-- [User Sg brought this change]
|
|
|
+- test1138: remove trailing space to make work with hyper
|
|
|
+
|
|
|
+ Closes #7613
|
|
|
|
|
|
- multi: fix crash in curl_multi_wait / curl_multi_poll
|
|
|
+- libcurl-errors.3: clarify two CURLUcode errors
|
|
|
|
|
|
- Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a
|
|
|
- VALID_SOCK check to one of the loops through the sockets but not the
|
|
|
- other.
|
|
|
+ CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or
|
|
|
+ wrong pointers in a generic sense, not just for NULL pointers.
|
|
|
|
|
|
- Reported-by: sylgal@users.noreply.github.com
|
|
|
- Authored-by: sylgal@users.noreply.github.com
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7379
|
|
|
- Closes https://github.com/curl/curl/pull/7389
|
|
|
-
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+ Ref: #7605
|
|
|
+ Closes #7611
|
|
|
|
|
|
- tool_help: remove unused define
|
|
|
+Jay Satiro (23 Aug 2021)
|
|
|
+- symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
|
|
|
|
|
|
- The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
|
|
|
- cleaned out but one occurrence remained.
|
|
|
+ ... and also change the 'Removed' column name to 'Last' since that
|
|
|
+ column is for the last version to contain the symbol.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7380
|
|
|
-
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7609
|
|
|
|
|
|
- build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
|
|
|
+Daniel Stenberg (23 Aug 2021)
|
|
|
+- urlapi.c:seturl: assert URL instead of using if-check
|
|
|
|
|
|
- fix compiler warnings about unused variables and parameters when
|
|
|
- built with --disable-verbose.
|
|
|
+ There's no code flow possible where this can happen. The assert makes
|
|
|
+ sure it also won't be introduced undetected in the future.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7377
|
|
|
-
|
|
|
-- [Andrea Pappacoda brought this change]
|
|
|
+ Closes #7610
|
|
|
|
|
|
- build: fix IoctlSocket FIONBIO check
|
|
|
+- curl-openssl.m4: show correct output for OpenSSL v3
|
|
|
|
|
|
- Prior to this change HAVE_IOCTLSOCKET_CAMEL_FIONBIO mistakenly checked
|
|
|
- for (lowercase) ioctlsocket when it should have checked for IoctlSocket.
|
|
|
+ Using 3.0.0 versions configure should now show this:
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7375
|
|
|
-
|
|
|
-- [Timur Artikov brought this change]
|
|
|
-
|
|
|
- configure: fix nghttp2 library name for static builds
|
|
|
+ checking for OpenSSL headers version... 3.0.0 - 0x300
|
|
|
+ checking for OpenSSL library version... 3.0.0
|
|
|
+ checking for OpenSSL headers and library versions matching... yes
|
|
|
|
|
|
- Don't hardcode the nghttp2 library name,
|
|
|
- because it can vary, be "nghttp2_static" for example.
|
|
|
+ This output doesn't actually change what configure generates but is only
|
|
|
+ "cosmetic".
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7367
|
|
|
- Closes https://github.com/curl/curl/pull/7368
|
|
|
-
|
|
|
-Gisle Vanem (16 Jul 2021)
|
|
|
-- [PellesC] fix _lseeki64() macro
|
|
|
+ Reported-by: Randall S. Becker
|
|
|
+ Fixes #7606
|
|
|
+ Closes #7608
|
|
|
|
|
|
-- [SChannel] Use '_tcsncmp()' instead
|
|
|
-
|
|
|
- Revert previous change for PellesC.
|
|
|
+Jay Satiro (22 Aug 2021)
|
|
|
+- mksymbolsmanpage.pl: Fix showing symbol's last used version
|
|
|
|
|
|
- Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`.
|
|
|
-
|
|
|
-- [PellesC] missing '_tcsnccmp'
|
|
|
+ Prior to this change the symbol's deprecated version was erroneously
|
|
|
+ shown as its last used version.
|
|
|
|
|
|
- PellesC compiler does not have this macro in it's `<tchar.h>`
|
|
|
+ Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509
|
|
|
+ Reported-by: i-ky@users.noreply.github.com
|
|
|
|
|
|
-Daniel Gustafsson (14 Jul 2021)
|
|
|
-- TODO: add mention of mbedTLS 3 incompatibilities
|
|
|
+Daniel Stenberg (21 Aug 2021)
|
|
|
+- mksymbolsmanpage.pl: match symbols case insenitively
|
|
|
|
|
|
- Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible
|
|
|
- and curl no longer builds with it. Document the need to fix our support
|
|
|
- until so has been done.
|
|
|
+ Follow-up to 4e53b9430c750 which made this bug show.
|
|
|
|
|
|
- Closes #7390
|
|
|
- Fixes #7385
|
|
|
- Reported-by: Wyatt OʼDay
|
|
|
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
+ Reported-by: i-ky
|
|
|
+ Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253
|
|
|
+ Closes #7607
|
|
|
|
|
|
-- docs: fix inconsistencies in EGDSOCKET documentation
|
|
|
+- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results
|
|
|
|
|
|
- Only the OpenSSL backend actually use the EGDSOCKET, and also use
|
|
|
- TLS consistently rather than mixing SSL and TLS. While there, also
|
|
|
- fix a minor spelling nit.
|
|
|
+ As this leaks memory otherwise
|
|
|
|
|
|
- Closes: #7391
|
|
|
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
+ Follow-up to ba904db0705c931
|
|
|
+
|
|
|
+ Closes #7599
|
|
|
|
|
|
-- [Борис Верховский brought this change]
|
|
|
+- [Ehren Bendler brought this change]
|
|
|
|
|
|
- docs: document missing arguments to commands
|
|
|
+ wolfssl: clean up wolfcrypt error queue
|
|
|
|
|
|
- This is a followup to commit f410b9e538129e77607fef1 fixing a few
|
|
|
- more commands which takes arguments.
|
|
|
+ If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
|
|
|
+ queue gets added on to for each session and never freed. Fix it by
|
|
|
+ calling ERR_clear_error() like in vtls/openssl when needed. This func is
|
|
|
+ a no-op in wolfcrypt if the error queue is not enabled.
|
|
|
|
|
|
- Closes #7382
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-- [Randolf J brought this change]
|
|
|
+ Closes #7594
|
|
|
|
|
|
- docs: fix incorrect argument name reference
|
|
|
+- man pages: remove trailing whitespaces
|
|
|
|
|
|
- The documentation for the read callback was erroneously referencing
|
|
|
- the nitems argument by nmemb. The error was introduced in commit
|
|
|
- ce0881edee3c7.
|
|
|
+ Extended test 1173 (via the manpage-syntax.pl script) to detect and warn
|
|
|
+ for them.
|
|
|
|
|
|
- Closes #7383
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-- [Борис Верховский brought this change]
|
|
|
+ Ref: #7602
|
|
|
+ Reported-by: a1346054 on github
|
|
|
+ Closes #7604
|
|
|
|
|
|
- tool_help: Document that --tlspassword takes a password
|
|
|
-
|
|
|
- Closes #7378
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+- mailmap: add Gleb Ivanovsky
|
|
|
|
|
|
-- scripts: Fix typo in release-notes instructions
|
|
|
+- config.d: escape the backslash properly
|
|
|
|
|
|
- The command to run had a typo in the pathname which prevented copy
|
|
|
- pasting it to work, which has annoyed me enough to fix this now.
|
|
|
+ Closes #7603
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Don J Olmstead brought this change]
|
|
|
|
|
|
-Jay Satiro (10 Jul 2021)
|
|
|
-- write-out.d: Clarify urlnum is not unique for de-globbed URLs
|
|
|
+ curl_setup.h: sync values for HTTP_ONLY
|
|
|
|
|
|
- Reported-by: Коваленко Анатолий Викторович
|
|
|
+ The values for HTTP_ONLY differed between CMakeLists.txt and
|
|
|
+ curl_setup.h. Sync them and sort the values in curl_setup.h to make it
|
|
|
+ easier to spot differences.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7342
|
|
|
- Closes https://github.com/curl/curl/pull/7369
|
|
|
-
|
|
|
-Daniel Gustafsson (3 Jul 2021)
|
|
|
-- [William Desportes brought this change]
|
|
|
+ Closes #7601
|
|
|
|
|
|
- docs: Fix typos
|
|
|
+Jay Satiro (21 Aug 2021)
|
|
|
+- configure: set classic mingw minimum OS version to XP
|
|
|
|
|
|
- Closes: #7370
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-Daniel Stenberg (8 Jul 2021)
|
|
|
-- [Jonathan Wernberg brought this change]
|
|
|
-
|
|
|
- Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
|
|
|
+ - If the user has not specified a minimum OS version (via WINVER or
|
|
|
+ _WIN32_WINNT macros) then set it to Windows XP.
|
|
|
|
|
|
- The reverted commit introduced a logic error in code that was
|
|
|
- correct.
|
|
|
+ Prior to this change classic MinGW defaulted the minimum OS version
|
|
|
+ to Windows NT 4.0 which is way too old. At least Windows XP is needed
|
|
|
+ for getaddrinfo (which resolves hostnames to IPv6 addresses).
|
|
|
|
|
|
- The client using libcurl would notice the error since FTP file
|
|
|
- uploads in active transfer mode would somtimes complete with
|
|
|
- success despite no transfer having been performed and the
|
|
|
- "uploaded" file thus not being on the remote server afterwards.
|
|
|
+ Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034
|
|
|
|
|
|
- The FTP server would notice the error because it receives a
|
|
|
- RST on the data connection it has established with the client
|
|
|
- before any data was transferred at all.
|
|
|
+ Closes https://github.com/curl/curl/pull/7581
|
|
|
+
|
|
|
+- schannel: Work around typo in classic mingw macro
|
|
|
|
|
|
- The logic error happens if the STOR response from the server have
|
|
|
- arrived by the time ftp_multi_statemach() in the affected code path
|
|
|
- is called, but the incoming data connection have not arrived yet.
|
|
|
- In that case, the processing of the STOR response will cause
|
|
|
- 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment
|
|
|
- in the code. Since 'complete' will also be set, later logic would
|
|
|
- believe the transfer was done.
|
|
|
+ - Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH.
|
|
|
|
|
|
- In most cases, the STOR response will not have arrived yet when
|
|
|
- the affected code path is executed, or the incoming connection will
|
|
|
- also have arrived, and thus the error would not express itself.
|
|
|
- But if the speed difference of the device using libcurl and the
|
|
|
- FTP server is exactly right, the error may happen as often as in
|
|
|
- one out of hundred file transfers.
|
|
|
+ Prior to this change there was an incomplete fix to ignore the
|
|
|
+ CALG_TLS1PRF macro on those versions of MinGW where it uses the
|
|
|
+ ALG_CLASS_DHASH typoed macro.
|
|
|
+
|
|
|
+ Ref: 48cf45c
|
|
|
+ Ref: https://osdn.net/projects/mingw/ticket/38391
|
|
|
+ Ref: https://github.com/curl/curl/issues/2924
|
|
|
|
|
|
- This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab.
|
|
|
+ Closes https://github.com/curl/curl/pull/7580
|
|
|
+
|
|
|
+Daniel Stenberg (20 Aug 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- http_proxy: fix user-agent and custom headers for CONNECT with hyper
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-07/0025.html
|
|
|
- Closes #7362
|
|
|
+ Enable test 287
|
|
|
+
|
|
|
+ Closes #7598
|
|
|
|
|
|
-- msnprintf: return number of printed characters excluding null byte
|
|
|
+- c-hyper: initial support for "dumping" 1xx HTTP responses
|
|
|
|
|
|
- ... even when the output is "capped" by the maximum length argument.
|
|
|
+ With the use hyper_request_on_informational()
|
|
|
|
|
|
- Clarified in the docs.
|
|
|
+ Enable test 155 and 158
|
|
|
|
|
|
- Closes #7361
|
|
|
+ Closes #7597
|
|
|
|
|
|
-- infof: remove newline from format strings, always append it
|
|
|
-
|
|
|
- - the data needs to be "line-based" anyway since it's also passed to the
|
|
|
- debug callback/application
|
|
|
+Marc Hoersken (18 Aug 2021)
|
|
|
+- tests/*server.pl: flush output before executing subprocess
|
|
|
|
|
|
- - it makes infof() work like failf() and consistency is good
|
|
|
+ Also avoid shell processes staying around by using exec.
|
|
|
+ This is necessary to avoid output data being buffering
|
|
|
+ inside the process chain of Perl, Bash/Shell and our
|
|
|
+ test server binaries. On non-Windows systems the exec
|
|
|
+ will also make the subprocess replace the intermediate
|
|
|
+ shell, but on Windows it will at least bind the processes
|
|
|
+ together since there is no real fork or exec available.
|
|
|
|
|
|
- - there's an assert that triggers on newlines in the format string
|
|
|
+ See: https://cygwin.com/cygwin-ug-net/highlights.html
|
|
|
+ and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions
|
|
|
+ Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010
|
|
|
|
|
|
- - Also removes a few instances of "..."
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Closes #7530
|
|
|
+
|
|
|
+- CI: use GitHub Container Registry instead of Docker Hub
|
|
|
|
|
|
- - Removes the code that would append "..." to the end of the data *iff*
|
|
|
- it was truncated in infof()
|
|
|
+ Avoid limits on Docker Hub and improve image pull/download speed.
|
|
|
|
|
|
- Closes #7357
|
|
|
+ Closes #7587
|
|
|
|
|
|
-- examples/multi-single: fix scan-build warning
|
|
|
+Daniel Stenberg (18 Aug 2021)
|
|
|
+- openssl: when creating a new context, there cannot be an old one
|
|
|
|
|
|
- warning: Value stored to 'mc' during its initialization is never read
|
|
|
+ Remove the previous handling that would call SSL_CTX_free(), and instead
|
|
|
+ add an assert that halts a debug build if there ever is a context
|
|
|
+ already set at this point.
|
|
|
|
|
|
- Follow-up to ae8e11ed5fd2ce
|
|
|
+ Closes #7585
|
|
|
+
|
|
|
+Jay Satiro (18 Aug 2021)
|
|
|
+- KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend
|
|
|
|
|
|
- Closes #7360
|
|
|
+ Closes https://github.com/curl/curl/issues/6785
|
|
|
|
|
|
-- wolfssl: failing to set a session id is not reason to error out
|
|
|
+Viktor Szakats (17 Aug 2021)
|
|
|
+- docs/BINDINGS: URL update
|
|
|
+
|
|
|
+Marc Hoersken (17 Aug 2021)
|
|
|
+- tests/server/*.c: align handling of portfile argument and file
|
|
|
|
|
|
- ... as it is *probably* just timed out.
|
|
|
+ 1. Call the internal variable portname (like pidname) everywhere.
|
|
|
+ 2. Have a variable wroteportfile (like wrotepidfile) everywhere.
|
|
|
+ 3. Make sure the file is cleaned up on exit (like pidfile).
|
|
|
+ 4. Add parameter --portfile to usage outputs everywhere.
|
|
|
|
|
|
- Reported-by: Francisco Munoz
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7358
|
|
|
+ Replaces #7523
|
|
|
+ Closes #7574
|
|
|
|
|
|
-- docs/examples: use curl_multi_poll() in multi examples
|
|
|
-
|
|
|
- The API is soon two years old and deserves being shown as the primary
|
|
|
- way to drive multi code as it makes it much easier to write code.
|
|
|
+Daniel Gustafsson (17 Aug 2021)
|
|
|
+- KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS
|
|
|
|
|
|
- multi-poll: removed
|
|
|
+ Fixes a set of typos found in section 11.3.
|
|
|
+
|
|
|
+Daniel Stenberg (17 Aug 2021)
|
|
|
+- getparameter: fix the --local-port number parser
|
|
|
|
|
|
- multi-legacy: add to show how we did multi API use before
|
|
|
- curl_multi_wait/poll.
|
|
|
+ It could previously get tricked into parsing the uninitialized stack
|
|
|
+ based buffer.
|
|
|
|
|
|
- Closes #7352
|
|
|
+ Reported-by: Brian Carpenter
|
|
|
+ Closes #7582
|
|
|
|
|
|
-- KNOWN_BUGS: flaky Windows CI builds
|
|
|
+- KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit
|
|
|
|
|
|
- Closes #6972
|
|
|
+ Closes #7048
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Jan Verbeek brought this change]
|
|
|
|
|
|
-- test1147: hyper doesn't allow "crazy" request headers like built-in
|
|
|
+ curl: add warning for ignored data after quoted form parameter
|
|
|
|
|
|
- ... so strip that from the test.
|
|
|
+ In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
|
|
|
+ is ignored. This adds a warning if the ignored data isn't all
|
|
|
+ whitespace.
|
|
|
|
|
|
- Closes #7349
|
|
|
+ Closes #7394
|
|
|
|
|
|
-- c-hyper: bail on too long response headers
|
|
|
+Jay Satiro (17 Aug 2021)
|
|
|
+- codeql: fix error "Resource not accessible by integration"
|
|
|
|
|
|
- To match with built-in behaviors. Makes test 1154 work.
|
|
|
+ - Enable codeql writing security-events.
|
|
|
|
|
|
- Closes #7350
|
|
|
-
|
|
|
-- test1151: added missing CRLF to work with hyper
|
|
|
+ GitHub set the default permissions to read, apparently since earlier
|
|
|
+ this year.
|
|
|
|
|
|
- Closes #7350
|
|
|
-
|
|
|
-- c-hyper: add support for transfer-encoding in the request
|
|
|
+ Ref: https://github.com/github/codeql-action/issues/464
|
|
|
+ Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
|
|
|
|
|
|
- Closes #7348
|
|
|
-
|
|
|
-- [Andrea Pappacoda brought this change]
|
|
|
+ Fixes https://github.com/curl/curl/issues/7575
|
|
|
+ Closes https://github.com/curl/curl/pull/7576
|
|
|
|
|
|
- cmake: remove libssh2 feature checks
|
|
|
+- tool_operate: Fix --fail-early with parallel transfers
|
|
|
|
|
|
- libssh2 features are detected based on version since commit
|
|
|
- 9dbbba997608f7c3c5de1c627c77c8cd2aa85b73
|
|
|
+ - Abort via progress callback to fail early during parallel transfers.
|
|
|
|
|
|
- Closes #7343
|
|
|
+ When a critical error occurs during a transfer (eg --fail-early
|
|
|
+ constraint) then other running transfers will be aborted via progress
|
|
|
+ callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this
|
|
|
+ case, the callback error does not become the most recent error and a
|
|
|
+ custom error message is used for those transfers:
|
|
|
+
|
|
|
+ curld --fail --fail-early --parallel
|
|
|
+ https://httpbin.org/status/404 https://httpbin.org/delay/10
|
|
|
+
|
|
|
+ curl: (22) The requested URL returned error: 404
|
|
|
+ curl: (42) Transfer aborted due to critical error in another transfer
|
|
|
+
|
|
|
+ > echo %ERRORLEVEL%
|
|
|
+ 22
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/6939
|
|
|
+ Closes https://github.com/curl/curl/pull/6984
|
|
|
|
|
|
-- test1116: hyper doesn't pass through "surprise-trailers"
|
|
|
+Daniel Stenberg (17 Aug 2021)
|
|
|
+- [Sergey Markelov brought this change]
|
|
|
+
|
|
|
+ sectransp: support CURLINFO_CERTINFO
|
|
|
|
|
|
- Closes #7344
|
|
|
+ Fixes #4130
|
|
|
+ Closes #7372
|
|
|
|
|
|
-- socks4: scan for the IPv4 address in resolve results
|
|
|
+- ngtcp2: remove the acked_crypto_offset struct field init
|
|
|
|
|
|
- Follow-up to 84d2839740 which changed the resolving to always resolve
|
|
|
- both address families, but since SOCKS4 only supports IPv4 it should
|
|
|
- scan for and use the first available IPv4 address.
|
|
|
+ ... as it is gone from the API upstream.
|
|
|
|
|
|
- Reported-by: shithappens2016 on github
|
|
|
- Fixes #7345
|
|
|
- Closes #7346
|
|
|
+ Closes #7578
|
|
|
|
|
|
-Jay Satiro (5 Jul 2021)
|
|
|
-- proto.d: fix formatting for paragraphs after margin changes
|
|
|
+- misc: update incorrect copyright year ranges
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7341
|
|
|
+ Closes #7577
|
|
|
|
|
|
-- pinnedpubkey.d: fix formatting for version support lists
|
|
|
+- KNOWN_BUGS: HTTP/3 quiche upload large file fails
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7340
|
|
|
+ Closes #7532
|
|
|
|
|
|
-Daniel Stenberg (2 Jul 2021)
|
|
|
-- TODO: "Support in-memory certs/ca certs/keys" done
|
|
|
+- KNOWN_BUGS: CMake build with MIT Kerberos does not work
|
|
|
|
|
|
- Has been suppored for a while now with the *BLOB options.
|
|
|
+ Closes #6904
|
|
|
|
|
|
-- examples: safer and more proper read callback logic
|
|
|
+- TODO: add asynch getaddrinfo support
|
|
|
|
|
|
- The same callback code is used in:
|
|
|
+ Closes #6746
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- [Artur Sinila brought this change]
|
|
|
+
|
|
|
+ http2: revert call the handle-closed function correctly on closed stream
|
|
|
|
|
|
- imap-append.c
|
|
|
- smtp-authzid.c
|
|
|
- smtp-mail.c
|
|
|
- smtp-multi.c
|
|
|
- smtp-ssl.c
|
|
|
- smtp-tls.c
|
|
|
+ Reverts 252790c5335a221
|
|
|
|
|
|
- It should not assume that it can copy full lines into the buffer as it
|
|
|
- will encourage sloppy coding practices. Instead use byte-wise logic and
|
|
|
- check/acknowledge the buffer size appropriately.
|
|
|
+ Assisted-by: Gergely Nagy
|
|
|
+ Fixes #7400
|
|
|
+ Closes #7525
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: do not append zero-terminator to authorisation id in kerberos
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7330
|
|
|
- Closes #7331
|
|
|
+ RFC4752 Section 3.1 states "The authorization identity is not terminated
|
|
|
+ with a zero-valued (%x00) octet". Although a comment in code said it may
|
|
|
+ be needed anyway, nothing confirms it. In addition, servers may consider
|
|
|
+ it as part of the identity, causing a failure.
|
|
|
+
|
|
|
+ Closes #7008
|
|
|
|
|
|
-- test1519: adjusted to work with hyper
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: use sasl authzid option in kerberos
|
|
|
|
|
|
- Closes #7333
|
|
|
+ ... instead of deriving it from active ticket.
|
|
|
+ Closes #7008
|
|
|
|
|
|
-- test1518: adjusted to work with hyper
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: we do not support a security layer after kerberos authentication
|
|
|
|
|
|
- ... by making sure the stdout output doesn't look like HTTP headers.
|
|
|
+ Closes #7008
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: properly handle byte order in kerberos security message
|
|
|
|
|
|
- Closes #7333
|
|
|
+ Closes #7008
|
|
|
|
|
|
-- test1514: add a CRLF to the response to make it correct
|
|
|
+- [z2_ brought this change]
|
|
|
+
|
|
|
+ x509asn1: fix heap over-read when parsing x509 certificates
|
|
|
|
|
|
- Makes hyper accept it fine instead returning HYPERE_UNEXPECTED_EOF on
|
|
|
- us.
|
|
|
+ Assisted-by: Patrick Monnerat
|
|
|
+ Closes #7536
|
|
|
+
|
|
|
+- KNOWN_BUGS: Disconnects don't do verbose
|
|
|
|
|
|
- Closes #7334
|
|
|
+ Closes #6995
|
|
|
+
|
|
|
+- mailmap: fixup Michał Antoniak
|
|
|
+
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
-- formdata: avoid "Argument cannot be negative" warning
|
|
|
+ build: fix compiler warnings
|
|
|
|
|
|
- ... when converting a curl_off_t to size_t, by using
|
|
|
- CURL_ZERO_TERMINATED before passing the argument to the function.
|
|
|
+ For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both
|
|
|
+ active.
|
|
|
|
|
|
- Detected by Coverity CID 1486590.
|
|
|
+ - socks.c : warning C4100: 'lineno': unreferenced formal parameter
|
|
|
+ (co-authored by Daniel Stenberg)
|
|
|
|
|
|
- Closes #7328
|
|
|
- Assisted-by: Daniel Gustafsson
|
|
|
-
|
|
|
-- lib: more %u for port and int for %*s fixes
|
|
|
+ - mbedtls.c: warning C4189: 'port': local variable is initialized but
|
|
|
+ not referenced
|
|
|
|
|
|
- Detected by Coverity
|
|
|
+ - schannel.c: warning C4189: 'hostname': local variable is initialized
|
|
|
+ but not referenced
|
|
|
|
|
|
- Closes #7329
|
|
|
+ Cloes #7528
|
|
|
|
|
|
-- doh: (void)-prefix call to curl_easy_setopt
|
|
|
+- [Gleb Ivanovsky brought this change]
|
|
|
|
|
|
-- lib: fix type of len passed to *printf's %*s
|
|
|
+ CODE_STYLE-md: fix bold font style
|
|
|
|
|
|
- ... it needs to be 'int'. Detected by Coverity CID 1486611 (etc)
|
|
|
+ Markdown gets confused with abundance of asterisks, so use underscores
|
|
|
+ instead.
|
|
|
|
|
|
- Closes #7326
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7569
|
|
|
|
|
|
-- lib: use %u instead of %ld for port number printf
|
|
|
-
|
|
|
- Follow-up to 764c6bd3bf which changed the type of some port number
|
|
|
- fields. Detected by Coverity (CID 1486624) etc.
|
|
|
-
|
|
|
- Closes #7325
|
|
|
+- [Gleb Ivanovsky brought this change]
|
|
|
|
|
|
-- version: turn version number functions into returning void
|
|
|
-
|
|
|
- ... as we never use the return codes from them.
|
|
|
+ CODE_STYLE-md: add missing comma
|
|
|
|
|
|
Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7319
|
|
|
+ Closes #7570
|
|
|
|
|
|
-- mqtt: extend the error message for no topic
|
|
|
-
|
|
|
- ... and mention that it needs URL encoding.
|
|
|
-
|
|
|
- Reported-by: Peter Körner
|
|
|
- Fixes #7316
|
|
|
- Closes #7317
|
|
|
+- [Daniel Gustafsson brought this change]
|
|
|
|
|
|
-- formdata: correct typecast in curl_mime_data call
|
|
|
-
|
|
|
- Coverity pointed out it the mismatch. CID 1486590
|
|
|
+ examples/ephiperfifo.c: simplify signal handler
|
|
|
|
|
|
- Closes #7327
|
|
|
-
|
|
|
-- url: (void)-prefix a curl_url_get() call
|
|
|
+ The signal handler registered for SIGINT is only handling SIGINT
|
|
|
+ so there isn't much need for inspecting the signo. While there,
|
|
|
+ rename the handler to be more specific.
|
|
|
|
|
|
- Coverity (CID 1486645) pointed out a use of curl_url_get() in the
|
|
|
- parse_proxy function where the return code wasn't checked. A
|
|
|
- (void)-prefix makes the intention obvious.
|
|
|
+ g_should_exit should really be of sig_atomic_t type, but relying
|
|
|
+ on autoconf in the examples seems like a bad idea so keep that
|
|
|
+ for now.
|
|
|
|
|
|
- Closes #7320
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7310
|
|
|
|
|
|
-- glob: pass an 'int' as len when using printf's %*s
|
|
|
+- c-hyper: initial step for 100-continue support
|
|
|
|
|
|
- Detected by Coverity CID 1486629.
|
|
|
+ Enabled test 154
|
|
|
|
|
|
- Closes #7324
|
|
|
+ Closes #7568
|
|
|
|
|
|
-- vtls: use free() not curl_free()
|
|
|
-
|
|
|
- curl_free() is provided for users of the API to free returned data,
|
|
|
- there's no need to use it internally.
|
|
|
-
|
|
|
- Closes #7318
|
|
|
+- [Ikko Ashimine brought this change]
|
|
|
|
|
|
-- zuul: use the new rustls directory name
|
|
|
-
|
|
|
- Follow-up to 6d972c8b1cbb3 which missed updating this directory name.
|
|
|
+ vtls: fix typo in schannel_verify.c
|
|
|
|
|
|
- Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1
|
|
|
+ occurence -> occurrence
|
|
|
|
|
|
- Closes #7311
|
|
|
+ Closes #7566
|
|
|
|
|
|
-Jay Satiro (29 Jun 2021)
|
|
|
-- http: fix crash in rate-limited upload
|
|
|
-
|
|
|
- - Don't set the size of the piece of data to send to the rate limit if
|
|
|
- that limit is larger than the buffer size that will hold the piece.
|
|
|
-
|
|
|
- Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
|
|
|
- (curl tool: --limit-rate) was set then it was possible that a temporary
|
|
|
- buffer used for uploading could be written to out of bounds. A likely
|
|
|
- scenario for this would be a non-trivial amount of post data combined
|
|
|
- with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).
|
|
|
-
|
|
|
- The bug was introduced in 24e469f which is in releases since 7.76.0.
|
|
|
-
|
|
|
- perl -e "print '0' x 200000" > tmp
|
|
|
- curl --limit-rate 128k -d @tmp httpbin.org/post
|
|
|
+- [Emil Engler brought this change]
|
|
|
+
|
|
|
+ curl_url_get.3: clarify about path and query
|
|
|
|
|
|
- Reported-by: Richard Marion
|
|
|
+ The current man-page lacks some details regarding the obtained path and
|
|
|
+ query.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7308
|
|
|
- Closes https://github.com/curl/curl/pull/7315
|
|
|
+ Closes #7563
|
|
|
|
|
|
-Daniel Stenberg (29 Jun 2021)
|
|
|
-- copyright: add boiler-plate headers to CI config files
|
|
|
-
|
|
|
- And whitelist .zuul.ignore
|
|
|
+- c-hyper: fix header value passed to debug callback
|
|
|
|
|
|
- Closes #7314
|
|
|
+ Closes #7567
|
|
|
|
|
|
-- CI: remove travis details
|
|
|
+Viktor Szakats (12 Aug 2021)
|
|
|
+- cleanup: URL updates
|
|
|
|
|
|
- Rename still used leftovers to "zuul" as that's now the CI using them.
|
|
|
+ - replace broken URL with the one it was most probably pointing to
|
|
|
+ when added (lib/tftp.c)
|
|
|
+ - replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
|
|
|
+ - delete unnecessary protocol designator from archive.org URL
|
|
|
+ (docs/BINDINGS.md)
|
|
|
|
|
|
- Closes #7313
|
|
|
+ Closes #7562
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+Daniel Stenberg (12 Aug 2021)
|
|
|
+- [April King brought this change]
|
|
|
|
|
|
-- openssl: avoid static variable for seed flag
|
|
|
-
|
|
|
- Avoid the race condition risk by instead storing the "seeded" flag in
|
|
|
- the multi handle. Modern OpenSSL versions handle the seeding itself so
|
|
|
- doing the seeding once per multi-handle instead of once per process is
|
|
|
- less of an issue.
|
|
|
+ DEPRECATE.md: linkify curl-library mailing list
|
|
|
|
|
|
- Reported-by: Gerrit Renker
|
|
|
- Fixes #7296
|
|
|
- Closes #7306
|
|
|
+ Closes #7561
|
|
|
|
|
|
-- configure: inhibit the implicit-fallthrough warning on gcc-12
|
|
|
+- [Barry Pollard brought this change]
|
|
|
+
|
|
|
+ output.d: add method to suppress response bodies
|
|
|
|
|
|
- ... since it no longer acknowledges the comment markup we use for that
|
|
|
- purpose.
|
|
|
+ Closes #7560
|
|
|
+
|
|
|
+- TODO: remove 'c-ares deviates on http://1346569778'
|
|
|
|
|
|
- Reported-by: Younes El-karama
|
|
|
- Fixes #7295
|
|
|
- Closes #7307
|
|
|
+ Fixed since 56a037cc0ad1b2 (7.77.0)
|
|
|
|
|
|
-Daniel Gustafsson (28 Jun 2021)
|
|
|
-- [Andrei Rybak brought this change]
|
|
|
+- [Colin O'Dell brought this change]
|
|
|
|
|
|
- misc: fix typos in comments which repeat a word
|
|
|
+ BINDINGS.md: update links to use https where available
|
|
|
|
|
|
- Fix typos in code comments which repeat various words. In trivial
|
|
|
- cases, just delete the repeated word. Reword the affected sentence in
|
|
|
- "lib/url.c" for it to make sense.
|
|
|
+ Closes #7558
|
|
|
+
|
|
|
+- asyn-ares.c: move all version number checks to the top
|
|
|
|
|
|
- Closes #7303
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
+ ... and use #ifdef [feature] in the code as per our guidelines.
|
|
|
|
|
|
-Daniel Stenberg (27 Jun 2021)
|
|
|
-- lib677: make it survive torture testing
|
|
|
+- ares: use ares_getaddrinfo()
|
|
|
|
|
|
- Follow-up to a5ab72d5edd7
|
|
|
+ ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced
|
|
|
+ in version 1.16.0.
|
|
|
|
|
|
- Closes #7300
|
|
|
+ With older c-ares versions, curl invokes ares_gethostbyname() twice - once for
|
|
|
+ IPv4 and once for IPv6 to resolve both addresses, and then combines the
|
|
|
+ returned results.
|
|
|
+
|
|
|
+ Reported-by: jjandesmet
|
|
|
+ Fixes #7364
|
|
|
+ Closes #7552
|
|
|
|
|
|
-- [Tommy Chiang brought this change]
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
- docs/BINDINGS: fix outdated links
|
|
|
-
|
|
|
- * luacurl page is now not accessible, fix it with wayback machine page
|
|
|
- * Scheme one seems not providing https now, change it back to http one
|
|
|
+ ngtcp2: utilize crypto API functions to simplify
|
|
|
|
|
|
- Closes #7301
|
|
|
+ Closes #7551
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [megatronking brought this change]
|
|
|
|
|
|
- curstls: bump crustls version and use new URL
|
|
|
+ ngtcp2: reset the oustanding send buffer again when drained
|
|
|
|
|
|
- crustls moved to https://github.com/rustls/rustls-ffi. This also bumps
|
|
|
- the expected version to 0.7.0.
|
|
|
+ Closes #7538
|
|
|
+
|
|
|
+Michael Kaufmann (10 Aug 2021)
|
|
|
+- progress: fix a compile warning on some systems
|
|
|
|
|
|
- Closes #7297
|
|
|
+ lib/progress.c:380:40: warning: conversion to 'long double' from
|
|
|
+ 'curl_off_t {aka long long int}' may alter its value [-Wconversion]
|
|
|
+
|
|
|
+ Closes #7549
|
|
|
|
|
|
+Daniel Stenberg (10 Aug 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- examples: length-limit two sscanf() uses of %s
|
|
|
+- http: consider cookies over localhost to be secure
|
|
|
|
|
|
- Reported-by: Jishan Shaikh
|
|
|
- Fixes #7293
|
|
|
- Closes #7294
|
|
|
+ Updated test31.
|
|
|
+ Added test 392 to verify secure cookies used for http://localhost
|
|
|
+
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Fixes #6733
|
|
|
+ Closes #7263
|
|
|
|
|
|
-- [Richard Whitehouse brought this change]
|
|
|
+- TODO: erase secrets from heap/stack after use
|
|
|
+
|
|
|
+ Closes #7268
|
|
|
|
|
|
- multi: alter transfer timeout ordering
|
|
|
+Jay Satiro (10 Aug 2021)
|
|
|
+- hostip: Make Curl_ipv6works function independent of getaddrinfo
|
|
|
|
|
|
- - Check whether a connection has succeded before checking whether it's
|
|
|
- timed out.
|
|
|
+ - Do not assume IPv6 is not working when getaddrinfo is not present.
|
|
|
|
|
|
- This means if we've connected quickly, but subsequently been
|
|
|
- descheduled, we allow the connection to succeed. Note, if we timeout,
|
|
|
- but between checking the timeout, and connecting to the server the
|
|
|
- connection succeeds, we will allow it to go ahead. This is viewed as
|
|
|
- an acceptable trade off.
|
|
|
+ The check to see if IPv6 actually works is now independent of whether
|
|
|
+ there is any resolver that can potentially resolve a hostname to IPv6.
|
|
|
|
|
|
- - Add additional failf logging around failed connection attempts to
|
|
|
- propogate the cause up to the caller.
|
|
|
+ Prior to this change if getaddrinfo() was not found at compile time then
|
|
|
+ Curl_ipv6works() would be defined as a macro that returns FALSE.
|
|
|
+
|
|
|
+ When getaddrinfo is not found then libcurl is built with CURLRES_IPV4
|
|
|
+ defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups
|
|
|
+ in the traditional way. With this commit if libcurl is built with IPv6
|
|
|
+ support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the
|
|
|
+ IPv6 stack is actually working, then it is possible for libcurl to
|
|
|
+ resolve IPv6 addresses by using DoH.
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
|
|
|
|
|
|
- Co-Authored-by: Martin Howarth
|
|
|
- Closes #7178
|
|
|
+ Closes https://github.com/curl/curl/pull/7529
|
|
|
|
|
|
-- test677: IMAP CONNECT_ONLY, custom command and then exit
|
|
|
+- test1565: fix windows build errors
|
|
|
|
|
|
- Adjusted ftpserver.pl to add support for the IMAP IDLE command
|
|
|
+ - Use our wait_ms() instead of sleep() since Windows doesn't have the
|
|
|
+ latter.
|
|
|
|
|
|
- Adjusted test 660 to sync with the fix
|
|
|
-
|
|
|
-- multi: do not switch off connect_only flag when closing
|
|
|
+ - Use a separate variable to keep track of whether the pthread_t thread
|
|
|
+ id is valid.
|
|
|
|
|
|
- ... as it made protocol specific disconnect commands wrongly get used.
|
|
|
+ On Windows pthread_t is not an integer type. pthread offers no macro for
|
|
|
+ invalid pthread_t thread id, so validity is kept track of separately.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0024.html
|
|
|
- Reported-by: Aleksander Mazur
|
|
|
- Closes #7288
|
|
|
+ Closes https://github.com/curl/curl/pull/7527
|
|
|
|
|
|
-- http: make the haproxy support work with unix domain sockets
|
|
|
+- [Jeremy Falcon brought this change]
|
|
|
+
|
|
|
+ winbuild/README.md: clarify GEN_PDB option
|
|
|
|
|
|
- ... it should then pass on "PROXY UNKNOWN" since it doesn't know the
|
|
|
- involved IP addresses.
|
|
|
+ - Document that GEN_PDB option creates an external database.
|
|
|
|
|
|
- Reported-by: Valentín Gutiérrez
|
|
|
- Fixes #7290
|
|
|
- Closes #7291
|
|
|
+ Ref: https://github.com/curl/curl/issues/7502
|
|
|
|
|
|
-- [Xiang Xiao brought this change]
|
|
|
+Daniel Stenberg (9 Aug 2021)
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
- curl.h: include sys/select.h for NuttX RTOS
|
|
|
+ ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
|
|
|
|
|
|
- Closes #7287
|
|
|
+ Closes #7546
|
|
|
|
|
|
-- [Bin Meng brought this change]
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
- curl.h: remove the execution bit
|
|
|
-
|
|
|
- The execution bit of curl.h file was wrongly added:
|
|
|
-
|
|
|
- commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
+ ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
|
|
|
|
|
|
- and should be removed.
|
|
|
+ Rework the return value handling of ngtcp2_conn_writev_stream and treat
|
|
|
+ NGTCP2_ERR_STREAM_SHUT_WR separately.
|
|
|
|
|
|
- Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
- Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
|
|
|
- Closes #7286
|
|
|
-
|
|
|
-- [Bin Lan brought this change]
|
|
|
+ Closes #7546
|
|
|
|
|
|
- curl.h: <sys/select.h> is supported by VxWorks7
|
|
|
+- configure: error out if both ngtcp2 and quiche are specified
|
|
|
|
|
|
- Closes #7285
|
|
|
+ Reported-by: Vincent Grande
|
|
|
+ See #7539
|
|
|
+ Closes #7545
|
|
|
|
|
|
-- [Bachue Zhou brought this change]
|
|
|
+- [Jeff Mears brought this change]
|
|
|
|
|
|
- quiche: use send() instead of sendto() to avoid macOS issue
|
|
|
+ easy: use a custom implementation of wcsdup on Windows
|
|
|
|
|
|
- sendto() always returns "Socket is already connected" error on macos
|
|
|
+ ... so that malloc/free overrides from curl_global_init are used for
|
|
|
+ wcsdup correctly.
|
|
|
|
|
|
- Closes #7260
|
|
|
-
|
|
|
-- [Li Xinwei brought this change]
|
|
|
+ Closes #7540
|
|
|
|
|
|
- cmake: fix support for UnixSockets feature on Win32
|
|
|
-
|
|
|
- Move the definition of sockaddr_un struct from config-win32.h to
|
|
|
- curl_setup.h, so that it could be shared by all build systems.
|
|
|
-
|
|
|
- Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
|
|
|
- unix sockets.
|
|
|
-
|
|
|
- Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS
|
|
|
- is defined.
|
|
|
+- zuul: add an mbedtls3 CI job
|
|
|
|
|
|
- Closes #7034
|
|
|
+ Closes #7544
|
|
|
|
|
|
-- [Gregory Muchka brought this change]
|
|
|
+- [Benau brought this change]
|
|
|
|
|
|
- hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
|
|
|
-
|
|
|
- From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A
|
|
|
- dictionary of key-value pairs that represent the current internet proxy
|
|
|
- settings, or NULL if no proxy settings have been defined or if an error
|
|
|
- occurred. You must release the returned value."
|
|
|
-
|
|
|
- Failure to release the returned value of SCDynamicStoreCopyProxies can
|
|
|
- result in a memory leak.
|
|
|
-
|
|
|
- Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies
|
|
|
+ mbedTLS: initial 3.0.0 support
|
|
|
|
|
|
- Closes #7265
|
|
|
+ Closes #7428
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-Jay Satiro (21 Jun 2021)
|
|
|
-- vtls: fix warning due to function prototype mismatch
|
|
|
-
|
|
|
- b09c8ee changed the function prototype. Caught by Visual Studio.
|
|
|
-
|
|
|
-- curl_multibyte: Remove local encoding fallbacks
|
|
|
-
|
|
|
- - If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then
|
|
|
- no longer fall back to assuming the string is in a local encoding.
|
|
|
+- configure.ac: revert bad nghttp2 library detection improvements
|
|
|
|
|
|
- Background:
|
|
|
+ This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b.
|
|
|
|
|
|
- Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to
|
|
|
- pass to the Windows CRT API wide-character functions since in Windows
|
|
|
- UTF-8 is not a valid locale (or at least 99% of the time right now).
|
|
|
+ The logic is now back to assuming that the nghttp2 lib is called nghttp2 and
|
|
|
+ nothing else.
|
|
|
|
|
|
- Prior to this change if the Unicode encoding conversion failed then
|
|
|
- libcurl would assume, for backwards compatibility with applications that
|
|
|
- may have written their code for non-Unicode builds, attempt to convert
|
|
|
- the string from local encoding to UTF-16.
|
|
|
+ Reported-by: Rui Pinheiro
|
|
|
+ Reported-by: Alex Crichton
|
|
|
+ Fixes #7514
|
|
|
+ Closes #7515
|
|
|
+
|
|
|
+- happy-eyeballs-timeout-ms.d: polish the wording
|
|
|
|
|
|
- That type of "best effort" could theoretically cause some type of
|
|
|
- security or other problem if a string that was locally encoded was also
|
|
|
- valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion
|
|
|
- could occur.
|
|
|
+ Reported-by: Josh Soref
|
|
|
+ Fixes #7433
|
|
|
+ Closes #7542
|
|
|
+
|
|
|
+- [modbw brought this change]
|
|
|
+
|
|
|
+ mbedtls_threadlock: fix unused variable warning
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7246
|
|
|
+ Closes #7393
|
|
|
+
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: compile with the latest ngtcp2 and nghttp3
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7257
|
|
|
+ Closes #7541
|
|
|
|
|
|
-Daniel Stenberg (20 Jun 2021)
|
|
|
-- curl_endian: remove the unused Curl_write64_le function
|
|
|
+Marc Hoersken (31 Jul 2021)
|
|
|
+- CI/cirrus: reduce compile time with increased parallism
|
|
|
|
|
|
- The last usage was removed in cca455a36
|
|
|
+ Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds.
|
|
|
|
|
|
- Closes #7280
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7505
|
|
|
|
|
|
-- vtls: only store TIMER_APPCONNECT for non-proxy connect
|
|
|
+Daniel Stenberg (30 Jul 2021)
|
|
|
+- [Bin Lan brought this change]
|
|
|
+
|
|
|
+ tool/tests: fix potential year 2038 issues
|
|
|
|
|
|
- Introducing a 'isproxy' argument to the connect function so that it
|
|
|
- knows wether to store the time stamp or not.
|
|
|
+ The length of 'long' in a 32-bit system is 32 bits, which cannot be used
|
|
|
+ to save timestamps after 2038. Most operating systems have extended
|
|
|
+ time_t to 64 bits.
|
|
|
|
|
|
- Reported-by: Yongkang Huang
|
|
|
- Fixes #7274
|
|
|
- Closes #7274
|
|
|
+ Remove the castings to long.
|
|
|
+
|
|
|
+ Closes #7466
|
|
|
|
|
|
-- gnutls: set the preferred TLS versions in correct order
|
|
|
+- compressed.d: it's a request, not an order
|
|
|
|
|
|
- Regression since 781864bedbc57 (curl 7.77.0)
|
|
|
+ Clarified
|
|
|
|
|
|
- Reported-by: civodul on github
|
|
|
- Assisted-by: Nikos Mavrogiannopoulos
|
|
|
- Fixes #7277
|
|
|
- Closes #7278
|
|
|
+ Reported-by: Dan Jacobson
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Fixes #7516
|
|
|
+ Closes #7517
|
|
|
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+- [Bernhard M. Wiedemann brought this change]
|
|
|
|
|
|
- configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r
|
|
|
+ tests: make three tests pass until 2037
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r
|
|
|
+ after 2038 something in test1915 fails on 32-bit OSes
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Closes #7512
|
|
|
|
|
|
- configure/cmake: remove unused define HAVE_PERROR
|
|
|
+Daniel Gustafsson (30 Jul 2021)
|
|
|
+- connect: remove superfluous conditional
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure: remove unused check for gai_strerror
|
|
|
+ Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos,
|
|
|
+ but the move left a conditional on ai which no longer is needed as
|
|
|
+ the while loop reevaluation will cover it.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Closes #7511
|
|
|
+ Reviewed-by: Carlo Marcelo Arenas Belón
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
- configure/cmake: remove unused define HAVE_FREEIFADDRS
|
|
|
+Daniel Stenberg (29 Jul 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ and bump curlver to 7.79.0 for next release
|
|
|
|
|
|
- configure/cmake: remove unused define HAVE_FORK
|
|
|
+Marc Hoersken (29 Jul 2021)
|
|
|
+- tests/*server.py: remove pidfile on server termination
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove unused define HAVE_FDOPEN
|
|
|
+ Avoid pidfile leaking/laying around after server already exited.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7506
|
|
|
|
|
|
- configure/cmake: remove checks for unused sgtty.h
|
|
|
+Daniel Gustafsson (27 Jul 2021)
|
|
|
+- tool_main: fix typo in comment
|
|
|
|
|
|
- Closes #7276
|
|
|
+ The referred to library is NSPR, so fix the switched around characters.
|
|
|
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+Daniel Stenberg (28 Jul 2021)
|
|
|
+- [Aleksandr Krotov brought this change]
|
|
|
|
|
|
- configure/cmake: remove remaining checks for rsa.h
|
|
|
+ bearssl: support CURLOPT_CAINFO_BLOB
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Closes #7468
|
|
|
|
|
|
- configure/cmake: remove remaining checks for err.h
|
|
|
+- curl.1: mention "global" flags
|
|
|
+
|
|
|
+ Mention options that are "global". A global command line option is one
|
|
|
+ that doesn't get reset at --next uses and therefore don't need to be
|
|
|
+ used again.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove remaining checks for crypto.h
|
|
|
+ Reported-by: Josh Soref
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Fixes #7457
|
|
|
+ Closes #7510
|
|
|
|
|
|
- configure/cmake: remove checks for unused getservbyport_r
|
|
|
+- CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
|
|
|
|
|
|
- Closes #7276
|
|
|
+ Reported-by: Daniel Woelfel
|
|
|
+ Fixes #7441
|
|
|
+ Closes #7509
|
|
|
|
|
|
-- --socks4[a]: clarify where the host name is resolved
|
|
|
+- KNOWN_BUGS: add more HTTP/3 problems
|
|
|
|
|
|
- Closes #7273
|
|
|
+ Closes #7351
|
|
|
+ Closes #7339
|
|
|
+ Closes #7125
|
|
|
|
|
|
-- libcurl-security.3: mention file descriptors and forks
|
|
|
+Marc Hoersken (27 Jul 2021)
|
|
|
+- CI/azure: reduce compile time with increased parallism
|
|
|
|
|
|
- ... and move the security report section last.
|
|
|
+ Azure Pipelines CI VMs have 2 CPUs, let's use them.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #7270
|
|
|
+ Closes #7489
|
|
|
|
|
|
-- [Alex Xu (Hello71) brought this change]
|
|
|
+Jay Satiro (27 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- configure.ac: make non-executable
|
|
|
-
|
|
|
- it needs to be processed by autoconf or autoreconf, and doesn't have a
|
|
|
- suitable shebang to be directly executed. other projects normally set
|
|
|
- configure.ac -x.
|
|
|
+ docs: fix grammar
|
|
|
|
|
|
- Closes #7272
|
|
|
+ Fixes https://github.com/curl/curl/issues/7444
|
|
|
+ Fixes https://github.com/curl/curl/issues/7451
|
|
|
+ Fixes https://github.com/curl/curl/issues/7465
|
|
|
+ Closes https://github.com/curl/curl/pull/7495
|
|
|
|
|
|
-- configure: do not strip out debug flags
|
|
|
+- mail-rcpt.d: fix grammar
|
|
|
|
|
|
- To allow users to set them when invoking configure without using
|
|
|
- --with-debug.
|
|
|
+ Remove confusing sentence that says to specify an e-mail address for
|
|
|
+ mail transfer, since that's implied.
|
|
|
|
|
|
- Reported-by: Alex Xu
|
|
|
- Fixes #7216
|
|
|
- Closes #7267
|
|
|
-
|
|
|
-- libssh2: limit time a disconnect can take to 1 second
|
|
|
+ Reported-by: Josh Soref
|
|
|
|
|
|
- Closes #7271
|
|
|
+ Fixes https://github.com/curl/curl/issues/7452
|
|
|
+ Closes https://github.com/curl/curl/pull/7495
|
|
|
|
|
|
-- TLS: prevent shutdown loops to get stuck
|
|
|
+Daniel Stenberg (27 Jul 2021)
|
|
|
+- c-hyper: remove the hyper_executor_poll() loop from Curl_http
|
|
|
|
|
|
- ... by making sure the loops are only allowed to read the shutdown
|
|
|
- traffic a limited number of times.
|
|
|
+ 1. it's superfluous
|
|
|
+ 2. it didn't work identically to the Curl_hyper_stream one which could
|
|
|
+ cause problems like #7486
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #7271
|
|
|
+ Pointed-out-by: David Cook
|
|
|
+ Closes #7499
|
|
|
|
|
|
-- hyper: propagate errors back up from read callbacks
|
|
|
+- curl-openssl.m4: check lib64 for the pkg-config file
|
|
|
|
|
|
- Makes test 513 work with hyper
|
|
|
+ OpenSSL recently started putting the libs in $prefix/lib64 on 'make
|
|
|
+ install', so we check that directory for pkg-config data if the 'lib'
|
|
|
+ check fails.
|
|
|
|
|
|
- Closes #7266
|
|
|
+ Closes #7503
|
|
|
|
|
|
-- KNOWN_BUGS: Negotiate on Windows fails
|
|
|
+- CURLOPT_SSL_CTX_*.3: tidy up the example
|
|
|
|
|
|
- Closes #5881
|
|
|
-
|
|
|
-- KNOWN_BUGS: renames instead of locking for atomic operations
|
|
|
+ Use the proper code style. Don't store return codes that aren't read.
|
|
|
+ Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well.
|
|
|
|
|
|
- Closes #6882
|
|
|
- Closes #6884
|
|
|
+ Closes #7500
|
|
|
|
|
|
-- zuul: add two missing CI jobs
|
|
|
+- example/cookie_interface: fix scan-build printf warning
|
|
|
|
|
|
- ... that were configured, just not run
|
|
|
+ Follow-up to 4b79c4fb565
|
|
|
|
|
|
- Closes #7261
|
|
|
+ Fixes #7497
|
|
|
+ Closes #7498
|
|
|
|
|
|
-Viktor Szakats (15 Jun 2021)
|
|
|
-- idn: fix libidn2 with windows unicode builds
|
|
|
-
|
|
|
- Unicode Windows builds use UTF-8 strings internally in libcurl,
|
|
|
- so make sure to call the UTF-8 flavour of the libidn2 API. Also
|
|
|
- document that Windows builds with libidn2 and UNICODE do expect
|
|
|
- CURLOPT_URL as an UTF-8 string.
|
|
|
+- [Josh Soref brought this change]
|
|
|
+
|
|
|
+ limit-rate.d: clarify base unit
|
|
|
|
|
|
- Reported-by: dEajL3kA on github
|
|
|
- Assisted-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Closes #7246
|
|
|
- Fixes #7228
|
|
|
+ Fixes #7439
|
|
|
+ Closes #7494
|
|
|
|
|
|
-Daniel Stenberg (15 Jun 2021)
|
|
|
-- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
|
|
|
+- [Carlo Marcelo Arenas Belón brought this change]
|
|
|
+
|
|
|
+ examples/cookie_interface: avoid printfing time_t directly
|
|
|
|
|
|
- They were never officially allowed and slipped in only due to sloppy
|
|
|
- parsing. Spaces (ascii 32) should be correctly encoded (to %20) before
|
|
|
- being part of a URL.
|
|
|
+ time_t representation is undefined and varies on bitsize and signedness,
|
|
|
+ and as of C11 could be even non integer.
|
|
|
|
|
|
- The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl
|
|
|
- allow spaces.
|
|
|
+ instead of casting to unsigned long (which would truncate in systems
|
|
|
+ with a 32bit long after 2106) use difftime to get the elapsed time as a
|
|
|
+ double and print that (without decimals) instead.
|
|
|
|
|
|
- Updated test 1560 to verify.
|
|
|
+ alternatively a cast to curl_off_t and its corresponding print
|
|
|
+ formatting could have been used (at least in POSIX) but portability and
|
|
|
+ curl agnostic code was prioritized.
|
|
|
|
|
|
- Closes #7073
|
|
|
+ Closes #7490
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+Marc Hoersken (25 Jul 2021)
|
|
|
+- tests/servers: remove obsolete pid variable
|
|
|
|
|
|
- ... and bump to version 7.78.0 for the next planned release.
|
|
|
+ Variable is not used since pidfile handling moved to util.[ch]
|
|
|
+
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Closes #7482
|
|
|
|
|
|
-Jay Satiro (15 Jun 2021)
|
|
|
-- docs: Remove outdated curl tool limitation
|
|
|
+- tests/servers: use our platform-aware pid for server verification
|
|
|
|
|
|
- - Document that HTTP/2 multiplexing is supported by the curl tool when
|
|
|
- parallel transfers are used.
|
|
|
+ The pid used for server verification is later stored as pid2 in
|
|
|
+ the hash of running test servers and therefore used for shutdown.
|
|
|
|
|
|
- Supported since 7.66.0 via --parallel, but the doc wasn't updated.
|
|
|
+ The pid used for shutdown must be the platform-aware (Win32) pid
|
|
|
+ to avoid leaking test servers while running them using Cygwin/msys.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7259
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Closes #7481
|
|
|
|
|
|
-- http2: Clarify 'Using HTTP2' verbose message
|
|
|
+- tests/runtests.pl: cleanup copy&paste mistakes and unused code
|
|
|
|
|
|
- - Change phrasing from multi-use to multiplexing since the former may
|
|
|
- not be as well understood.
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Part of #7481
|
|
|
+
|
|
|
+Daniel Stenberg (25 Jul 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Before: * Using HTTP2, server supports multi-use
|
|
|
+ bumped to 7.78.1 for next release
|
|
|
+
|
|
|
+- http_proxy: clear 'sending' when the outgoing request is sent
|
|
|
|
|
|
- After: * Using HTTP2, server supports multiplexing
|
|
|
+ ... so that Curl_connect_getsock() will know how to wait for the socket
|
|
|
+ to become readable and not writable after the entire CONNECT request has
|
|
|
+ been issued.
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/discussions/7255
|
|
|
- Reported-by: David Hu
|
|
|
+ Regression added in 7.77.0
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7258
|
|
|
+ Reported-by: zloi-user on github
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+ Fixes #7155
|
|
|
+ Closes #7484
|
|
|
|
|
|
-Daniel Stenberg (14 Jun 2021)
|
|
|
-- winbuild/README: VC should be set to 6 'or larger'
|
|
|
-
|
|
|
- Previously it listed all versions up to 15 (missing 16) but this new
|
|
|
- phrasing is more open ended.
|
|
|
-
|
|
|
- Reported-by: Hugh Macdonald
|
|
|
- Fixes #7253
|
|
|
- Closes #7254
|
|
|
+Jay Satiro (25 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+ openssl: fix grammar
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7480
|
|
|
|
|
|
- rustls: remove native_roots fallback
|
|
|
+- configure.ac: tweak nghttp2 library name fix again
|
|
|
|
|
|
- For the commandline tool, we expect to be passed
|
|
|
- SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of
|
|
|
- trusted roots (like in other TLS backends).
|
|
|
+ - Change extraction to handle multiple library names returned by
|
|
|
+ pkg-config (eg a possible scenario with pkg-config --static).
|
|
|
|
|
|
- This also removes a dependency on Security.framework when building on
|
|
|
- macOS.
|
|
|
+ Ref: https://github.com/curl/curl/pull/7472
|
|
|
|
|
|
- Closes #7250
|
|
|
-
|
|
|
-- [Albin Vass brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7485
|
|
|
|
|
|
- travis: remove jobs that have migrated to zuul
|
|
|
+Dan Fandrich (23 Jul 2021)
|
|
|
+- Get rid of the unused HAVE_SIG_ATOMIC_T et. al.
|
|
|
|
|
|
- Closes #7245
|
|
|
-
|
|
|
-- [Mohammed Naser brought this change]
|
|
|
+ It was added in 2006 but I see no evidence it was ever used.
|
|
|
|
|
|
- CI: add jobs using Zuul
|
|
|
+Jay Satiro (23 Jul 2021)
|
|
|
+- docs: change max-filesize caveat again
|
|
|
|
|
|
- It also includes a few changes to get the builds going:
|
|
|
- - Added autoconf to common dependencies
|
|
|
- - Added automake to common dependencies
|
|
|
- - Added libtool to common dependencies
|
|
|
- - Added libssl-dev to common dependencies
|
|
|
+ - Add protocols field to max-filesize.d.
|
|
|
|
|
|
- Co-authored-by: Albin Vass
|
|
|
+ - Revert wording on unknown file size caveat and do not discuss specific
|
|
|
+ protocols in that section.
|
|
|
|
|
|
- Closes #7245
|
|
|
-
|
|
|
-- netrc: skip 'macdef' definitions
|
|
|
+ Partial revert of ecf0225. All max-filesize options now have the list of
|
|
|
+ protocols and it's clearer just to have that list without discussing
|
|
|
+ specific protocols in the caveat.
|
|
|
|
|
|
- Add test 494 to verify
|
|
|
+ Reported-by: Josh Soref
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7238
|
|
|
- Closes #7244
|
|
|
+ Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762
|
|
|
|
|
|
-- multi: add scan-build-6 work-around in curl_multi_fdset
|
|
|
+Daniel Stenberg (22 Jul 2021)
|
|
|
+- [Christian Weisgerber brought this change]
|
|
|
+
|
|
|
+ configure: tweak nghttp2 library name fix
|
|
|
|
|
|
- scan-build-6 otherwise warns, saying: warning: The left operand of '>='
|
|
|
- is a garbage value otherwise, which is false.
|
|
|
+ commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by
|
|
|
+ assuming that LIB_H2 does not have any leading whitespace. At least
|
|
|
+ OpenBSD's native pkg-config can produce such whitespace, though:
|
|
|
|
|
|
- Later scan-builds don't claim this on the same code.
|
|
|
+ $ pkg-config --libs-only-l libnghttp2
|
|
|
+ -lnghttp2
|
|
|
+
|
|
|
+ As a result, the configure check for libnghttp2 will erroneously fail.
|
|
|
|
|
|
- Closes #7248
|
|
|
+ Bug: https://curl.se/mail/lib-2021-07/0050.html
|
|
|
+ Closes #7472
|
|
|
|
|
|
-- asyn-ares: remove check for 'data' in Curl_resolver_cancel
|
|
|
+- [Bastian Krause brought this change]
|
|
|
+
|
|
|
+ docs/MQTT: update state of username/password support
|
|
|
|
|
|
- It implied it would survive a NULL in there which it won't. Instead do
|
|
|
- an assert.
|
|
|
+ PR #7243 implemented username/password support for MQTT, so let's drop
|
|
|
+ these items from the caveats.
|
|
|
|
|
|
- Pointed out by scan-build.
|
|
|
+ Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
|
|
|
|
|
- Closes #7248
|
|
|
+ Closes #7474
|
|
|
|
|
|
-- url.c: remove two variable assigns that are never read
|
|
|
-
|
|
|
- Pointed out by scan-build
|
|
|
+- [Oleg Pudeyev brought this change]
|
|
|
+
|
|
|
+ CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
|
|
|
|
|
|
- Closes #7248
|
|
|
+ Closes #7470
|
|
|
|
|
|
-- [Gealber Morales brought this change]
|
|
|
+Version 7.78.0 (21 Jul 2021)
|
|
|
|
|
|
- mqtt: add support for username and password
|
|
|
-
|
|
|
- Minor-edits-by: Daniel Stenberg
|
|
|
- Added test 2200 to 2205
|
|
|
+Daniel Stenberg (21 Jul 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Closes #7243
|
|
|
+ curl 7.78.0 release
|
|
|
|
|
|
-- travis: remove the arm job
|
|
|
-
|
|
|
- We do it on circle CI instead
|
|
|
+- winbuild/MakefileBuild.vc: bump copyright year
|
|
|
|
|
|
-- CI: add .circleci/config.yml
|
|
|
+Jay Satiro (21 Jul 2021)
|
|
|
+- docs: mention max-filesize options also apply to MQTT transfers
|
|
|
|
|
|
- Assisted-by: Gabriel Simmer
|
|
|
+ Also make it clearer that the caveat 'if the file size is unknown it
|
|
|
+ the option will have no effect' may apply to protocols other than FTP
|
|
|
+ and HTTP.
|
|
|
|
|
|
- Closes #7239
|
|
|
+ Reported-by: Josh Soref
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/7453
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- runtests: init $VERSION to avoid warnings when using -l
|
|
|
+ docs/cmdline: fix grammar and typos
|
|
|
|
|
|
-- openssl: don't remove session id entry in disassociate
|
|
|
+- [Josh Soref brought this change]
|
|
|
+
|
|
|
+ dump-header.d: Drop suggestion to use for cookie storage
|
|
|
|
|
|
- When a connection is disassociated from a transfer, the Session ID entry
|
|
|
- should remain.
|
|
|
+ Since --cookie-jar is the preferred way to store cookies, no longer
|
|
|
+ suggest using --dump-header to do so.
|
|
|
|
|
|
- Regression since 7f4a9a9 (shipped in libcurl 7.77.0)
|
|
|
- Reported-by: Gergely Nagy
|
|
|
- Reported-by: Paul Groke
|
|
|
+ Co-authored-by: Daniel Stenberg
|
|
|
|
|
|
- Fixes #7222
|
|
|
- Closes #7230
|
|
|
+ Closes https://github.com/curl/curl/issues/7414
|
|
|
|
|
|
-- single_transfer: ignore blank --output-dir
|
|
|
-
|
|
|
- ... as otherwise it creates a rather unexpected target directory with a
|
|
|
- leading slash.
|
|
|
-
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7218
|
|
|
- Closes #7233
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- tests: update README about servers and port numbers
|
|
|
+ doc/cmdline: fix grammar and typos
|
|
|
|
|
|
- Closes #7242
|
|
|
+ Closes https://github.com/curl/curl/pull/7454
|
|
|
+ Closes https://github.com/curl/curl/pull/7455
|
|
|
+ Closes https://github.com/curl/curl/pull/7456
|
|
|
+ Closes https://github.com/curl/curl/pull/7459
|
|
|
+ Closes https://github.com/curl/curl/pull/7460
|
|
|
+ Closes https://github.com/curl/curl/pull/7461
|
|
|
+ Closes https://github.com/curl/curl/pull/7462
|
|
|
+ Closes https://github.com/curl/curl/pull/7463
|
|
|
|
|
|
-- conn_shutdown: if closed during CONNECT cleanup properly
|
|
|
+Daniel Stenberg (20 Jul 2021)
|
|
|
+- vtls: fix connection reuse checks for issuer cert and case sensitivity
|
|
|
|
|
|
- Reported-by: Alex Xu
|
|
|
- Reported-by: Phil E. Taylor
|
|
|
+ CVE-2021-22924
|
|
|
|
|
|
- Fixes #7236
|
|
|
- Closes #7237
|
|
|
-
|
|
|
-- [Christian Weisgerber brought this change]
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22924.html
|
|
|
|
|
|
- sws: malloc request struct instead of using stack
|
|
|
-
|
|
|
- ... 2MB requests is otherwise just too big for some systems.
|
|
|
+- sectransp: check for client certs by name first, then file
|
|
|
|
|
|
- (The allocations are not freed properly.)
|
|
|
+ CVE-2021-22926
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0018.html
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22926.html
|
|
|
|
|
|
- Closes #7235
|
|
|
-
|
|
|
-- [Mark Swaanenburg brought this change]
|
|
|
+ Assisted-by: Daniel Gustafsson
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
|
|
|
- lib: don't compare fd to FD_SETSIZE when using poll
|
|
|
+- telnet: fix option parser to not send uninitialized contents
|
|
|
|
|
|
- FD_SETSIZE is irrelevant when using poll. So ensuring that the file
|
|
|
- descriptor is smaller than FD_SETSIZE in VALID_SOCK, can cause
|
|
|
- multi_wait to ignore perfectly valid file descriptors and simply wait
|
|
|
- for 1s to avoid hammering the CPU in a busy loop.
|
|
|
+ CVS-2021-22925
|
|
|
|
|
|
- Fixes #7240
|
|
|
- Closes #7241
|
|
|
-
|
|
|
-- [zhangxiuhua brought this change]
|
|
|
+ Reported-by: Red Hat Product Security
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22925.html
|
|
|
|
|
|
- doh: fix wrong DEBUGASSERT for doh private_data
|
|
|
+Jay Satiro (20 Jul 2021)
|
|
|
+- connect: fix wrong format specifier in connect error string
|
|
|
|
|
|
- Closes #7227
|
|
|
-
|
|
|
-- [yb999 brought this change]
|
|
|
-
|
|
|
- tests: update README.md with a missing single quote
|
|
|
+ 0842175 (not in any release) used the wrong format specifier (long int)
|
|
|
+ for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
|
|
|
+ 64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
|
|
|
+ upper 32-bits of the timediff_t were erroneously then used by the next
|
|
|
+ format specifier. Usually since the timeout isn't larger than 32-bits
|
|
|
+ this would result in null as a pointer to the string with the reason for
|
|
|
+ the connection failing. On other OSes or maybe other compilers it could
|
|
|
+ probably result in garbage values (ie crash on deref).
|
|
|
|
|
|
- Closes #7231
|
|
|
-
|
|
|
-- GHA: run all tests for hyper too
|
|
|
+ Before:
|
|
|
+ Failed to connect to localhost port 12345 after 1201 ms: (nil)
|
|
|
|
|
|
- As it lists disabled ones in DISABLED now
|
|
|
+ After:
|
|
|
+ Failed to connect to localhost port 12345 after 1203 ms: Connection refused
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes https://github.com/curl/curl/pull/7449
|
|
|
|
|
|
-- tests/data/DISABLED: add tests not working with hyper
|
|
|
-
|
|
|
- The goal is to remove them all from here over time.
|
|
|
+- winbuild: support alternate nghttp2 static lib name
|
|
|
|
|
|
- Closes #7209
|
|
|
-
|
|
|
-- runtests: also find the last test in Makefile.inc
|
|
|
+ - Support both nghttp2.lib and nghttp2_static.lib for static nghttp2.
|
|
|
|
|
|
- Closes #7209
|
|
|
-
|
|
|
-- test3010: work with hyper mode
|
|
|
+ nghttp2 briefly changed its static lib name to nghttp2_static, but then
|
|
|
+ made the _static suffix optional.
|
|
|
|
|
|
- Closes #7209
|
|
|
-
|
|
|
-- configure: disable RTSP when hyper is selected
|
|
|
+ Ref: https://github.com/nghttp2/nghttp2/pull/1394
|
|
|
+ Ref: https://github.com/nghttp2/nghttp2/pull/1418
|
|
|
+ Ref: https://github.com/nghttp2/nghttp2/issues/1466
|
|
|
|
|
|
- Makes test 1013 work
|
|
|
+ Reported-by: Pierre Yager
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Fixes https://github.com/curl/curl/issues/7446
|
|
|
+ Closes https://github.com/curl/curl/pull/7447
|
|
|
|
|
|
-- test1594/1595/1596: fix to work in hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- test1438/1457: add HTTP keyword to make hyper mode work
|
|
|
+ docs/cmdline: fix grammar and typos
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes https://github.com/curl/curl/pull/7432
|
|
|
+ Closes https://github.com/curl/curl/pull/7436
|
|
|
+ Closes https://github.com/curl/curl/pull/7438
|
|
|
+ Closes https://github.com/curl/curl/pull/7440
|
|
|
+ Closes https://github.com/curl/curl/pull/7445
|
|
|
|
|
|
-- test1340/1341: adjusted for hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- test1218: adjusted for hyper mode
|
|
|
+ delegation.d: mention what happens when used multiple times
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes https://github.com/curl/curl/pull/7408
|
|
|
|
|
|
-- test1216: adjusted for hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- test1230: adjust to work in hyper mode
|
|
|
+ create-file-mode.d: mention what happens when used multiple times
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes https://github.com/curl/curl/pull/7407
|
|
|
|
|
|
-- c-hyper: abort CONNECT response reading early on non 2xx responses
|
|
|
-
|
|
|
- Fixes test 493
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- test434: add HTTP keyword
|
|
|
+ config.d: split comments and option-per line
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes https://github.com/curl/curl/pull/7405
|
|
|
|
|
|
-- test599: adjusted to work in hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+Daniel Stenberg (19 Jul 2021)
|
|
|
+- misc: copyright year range updates
|
|
|
|
|
|
-- c-hyper: fix the uploaded field in progress callbacks
|
|
|
-
|
|
|
- Makes test 578 work
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- mailmap: add Tobias and Timur
|
|
|
|
|
|
-- test566: adjust to work with hyper mode
|
|
|
+Daniel Gustafsson (18 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
+
|
|
|
+ docs: spell out directories instead of dirs in create-dirs
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Write out directories rather than using the dirs abbrevation. Also
|
|
|
+ use plural form consistently, even if the code in the end might just
|
|
|
+ create a single directory.
|
|
|
+
|
|
|
+ Closes #7406
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-- [Fawad Mirza brought this change]
|
|
|
+- [Tobias Nyholm brought this change]
|
|
|
|
|
|
- CURLOPT_WRITEFUNCTION.3: minor update of the example
|
|
|
+ docs: correct spelling errors and a broken link
|
|
|
|
|
|
- Safely avoid chunk.size garbage value if declared non globally.
|
|
|
+ Update grammar and spelling in docs and source code comments.
|
|
|
|
|
|
- Closes #7219
|
|
|
-
|
|
|
-- [Bastian Krause brought this change]
|
|
|
+ Closes: #7427
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
- configure: rename get-easy-option configure option to get-easy-options
|
|
|
+Marc Hoersken (18 Jul 2021)
|
|
|
+- CI/cirrus: install impacket from PyPI instead of FreeBSD packages
|
|
|
|
|
|
- "get-easy-options" is the configure option advertised by the help text
|
|
|
- anyway, so use that.
|
|
|
+ Availability of impacket as FreeBSD package is too flaky.
|
|
|
+
|
|
|
+ Stick to legacy version of cryptography which still
|
|
|
+ supports OpenSSL version 1.0.2 due to FreeBSD 11.
|
|
|
|
|
|
- Fixes #7211
|
|
|
- Closes #7213
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Follow-up to ad691b191 ("configure: added --disable-get-easy-options")
|
|
|
- Suggested-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
- Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
|
|
+ Closes #7418
|
|
|
|
|
|
-- runtests: skip disabled tests unless -f is used
|
|
|
-
|
|
|
- To make it easier to write ranges like '115 to 229' without that
|
|
|
- explicitly enabling tests that are listed in DISABLED, this makes
|
|
|
- runtests always skip disabled tests unless the -f command line option is
|
|
|
- used.
|
|
|
+Daniel Stenberg (18 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
+
|
|
|
+ docs/cmdline: mention what happens when used multiple times
|
|
|
|
|
|
- Previously the code attempted to not run such tests, but didn't do it
|
|
|
- correctly.
|
|
|
+ For --dns-ipv4-addr, --dns-ipv6-addr and --dns-servers
|
|
|
|
|
|
- Closes #7212
|
|
|
+ Closes #7410
|
|
|
+ Closes #7411
|
|
|
+ Closes #7412
|
|
|
|
|
|
-- [Jun-ya Kato brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
|
|
|
+ lib: fix compiler warnings with CURL_DISABLE_NETRC
|
|
|
|
|
|
- The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible
|
|
|
- mode for middle box but it is enabled by default, which is unnecessary
|
|
|
- for QUIC.
|
|
|
+ warning C4189: 'netrc_user_changed': local variable is initialized but
|
|
|
+ not referenced
|
|
|
|
|
|
- Fixes #6896
|
|
|
- Closes #7202
|
|
|
+ warning C4189: 'netrc_passwd_changed': local variable is initialized but
|
|
|
+ not referenced
|
|
|
+
|
|
|
+ Closes #7423
|
|
|
|
|
|
-- test644: remove as duplicate of test 587
|
|
|
+- disable-epsv.d: remove duplicate "(FTP)"
|
|
|
|
|
|
- Closes #7208
|
|
|
+ ... since the tooling adds that to the output based on the "Protocols:"
|
|
|
+ tag.
|
|
|
|
|
|
-Daniel Gustafsson (8 Jun 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Max Zettlmeißl brought this change]
|
|
|
|
|
|
-- cookies: track expiration in jar to optimize removals
|
|
|
+ docs: make the documentation for --etag-save match the program behaviour
|
|
|
|
|
|
- Removing expired cookies needs to be a fast operation since we want to
|
|
|
- be able to perform it often and speculatively. By tracking the timestamp
|
|
|
- of the next known expiration we can exit early in case the timestamp is
|
|
|
- in the future.
|
|
|
+ When using curl with the option `--etag-save` I expected it to save the
|
|
|
+ ETag without its surrounding quotes, as stated by the documentation in
|
|
|
+ the repository and by the generated man pages.
|
|
|
|
|
|
- Closes: #7172
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
-
|
|
|
-Daniel Stenberg (7 Jun 2021)
|
|
|
-- GHA: add several libcurl tests to the hyper job
|
|
|
+ My first endeavour was to fix the program, but while investigating the
|
|
|
+ history of the relevant parts, I discovered that curl once saved the
|
|
|
+ ETag without the quotes. This was undone by Daniel Stenberg in commit
|
|
|
+ `98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in
|
|
|
+ this case the documentation should be adjusted to match the behaviour of
|
|
|
+ curl.
|
|
|
|
|
|
- 500 to 512
|
|
|
+ The changed save behaviour also made parts of the `--etag-compare`
|
|
|
+ documentation wrong or superfluous, so I adjusted those accordingly.
|
|
|
+
|
|
|
+ Closes #7429
|
|
|
|
|
|
-- test500: adjust to work with hyper mode
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- c-hyper: support CURLINFO_STARTTRANSFER_TIME
|
|
|
+ write-out.d: add missing periods
|
|
|
|
|
|
- Closes #7204
|
|
|
+ Closes #7404
|
|
|
|
|
|
-- c-hyper: support CURLOPT_HEADER
|
|
|
+- [Josie Huddleston brought this change]
|
|
|
+
|
|
|
+ easy: during upkeep, attach Curl_easy to connections in the cache
|
|
|
|
|
|
- When enabled, the headers are passed to the body write callback as well.
|
|
|
+ During the protocol-specific parts of connection upkeep, some code
|
|
|
+ assumes that the data->conn pointer already is set correctly. However,
|
|
|
+ there's currently no guarantee of that in the code.
|
|
|
|
|
|
- Like in test 500
|
|
|
+ This fix temporarily attaches each connection to the Curl_easy object
|
|
|
+ before performing the protocol-specific connection check on it, in a
|
|
|
+ similar manner to the connection checking in extract_if_dead().
|
|
|
|
|
|
- Closes #7204
|
|
|
+ Fixes #7386
|
|
|
+ Closes #7387
|
|
|
+ Reported-by: Josie Huddleston
|
|
|
|
|
|
-- GHA: run the newly fixed tests with hyper
|
|
|
-
|
|
|
- Closes #7205
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- test433: adjust for hyper mode
|
|
|
+ cleanup: spell DoH with a lowercase o
|
|
|
|
|
|
- Closes #7205
|
|
|
-
|
|
|
-- test395: hyper cannot work around > 64 bit content-lengths like built-in
|
|
|
+ Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
|
|
|
|
|
- Closes #7205
|
|
|
+ Closes #7413
|
|
|
|
|
|
-- test394: hyper returns a different error
|
|
|
-
|
|
|
- Closes #7205
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- test393: make Content-Length fit within 64 bit for hyper
|
|
|
+ TheArtOfHttpScripting: polish
|
|
|
|
|
|
- Closes #7205
|
|
|
-
|
|
|
-- test347: CRLFify to work in hyper mode
|
|
|
+ - add missing backticks and comma
|
|
|
|
|
|
- Closes #7205
|
|
|
-
|
|
|
-- test339: CRLFify better to work in hyper mode
|
|
|
+ - fix proxy description:
|
|
|
|
|
|
- Closes #7205
|
|
|
+ * example proxy isn't local
|
|
|
+ * locally doesn't really make sense
|
|
|
+
|
|
|
+ Closes #7416
|
|
|
|
|
|
-- travis: remove the hyper build
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- GHA: add a linux-hyper job
|
|
|
+ form.d: add examples of `,`/`;` for file[name]
|
|
|
|
|
|
- Closes #7206
|
|
|
+ Fixes #7415
|
|
|
+ Closes #7417
|
|
|
|
|
|
-- test328: avoid a header-looking body to make hyper mode work
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ mbedtls: Remove unnecessary include
|
|
|
|
|
|
- The test still works the same, just modified two bytes in the content.
|
|
|
+ - curl_setup.h: all references to mbedtls_md4* functions and structures
|
|
|
+ are in the md4.c. This file already includes the <mbedtls/md4.h> file
|
|
|
+ along with the file existence control (defined (MBEDTLS_MD4_C))
|
|
|
|
|
|
- Closes #7203
|
|
|
+ - curl_ntlm_core.c: unnecessary include - repeated below
|
|
|
+
|
|
|
+ Closes #7419
|
|
|
|
|
|
-- release-notes.pl: also spot common 'closes' typo
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- metalink: remove
|
|
|
+Jay Satiro (16 Jul 2021)
|
|
|
+- [User Sg brought this change]
|
|
|
+
|
|
|
+ multi: fix crash in curl_multi_wait / curl_multi_poll
|
|
|
|
|
|
- Warning: this will make existing curl command lines that use metalink to
|
|
|
- stop working.
|
|
|
+ Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a
|
|
|
+ VALID_SOCK check to one of the loops through the sockets but not the
|
|
|
+ other.
|
|
|
|
|
|
- Reasons for removal:
|
|
|
+ Reported-by: sylgal@users.noreply.github.com
|
|
|
+ Authored-by: sylgal@users.noreply.github.com
|
|
|
|
|
|
- 1. We've found several security problems and issues involving the
|
|
|
- metalink support in curl. The issues are not detailed here. When
|
|
|
- working on those, it become apparent to the team that several of the
|
|
|
- problems are due to the system design, metalink library API and what
|
|
|
- the metalink RFC says. They are very hard to fix on the curl side
|
|
|
- only.
|
|
|
+ Fixes https://github.com/curl/curl/issues/7379
|
|
|
+ Closes https://github.com/curl/curl/pull/7389
|
|
|
+
|
|
|
+- [Daniel Gustafsson brought this change]
|
|
|
+
|
|
|
+ tool_help: remove unused define
|
|
|
|
|
|
- 2. The metalink usage with curl was only very briefly documented and was
|
|
|
- not following the "normal" curl usage pattern in several ways, making
|
|
|
- it surprising and non-intuitive which could lead to further security
|
|
|
- issues.
|
|
|
+ The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
|
|
|
+ cleaned out but one occurrence remained.
|
|
|
|
|
|
- 3. The metalink library was last updated 6 years ago and wasn't so
|
|
|
- active the years before that either. An unmaintained library means
|
|
|
- there's a security problem waiting to happen. This is probably reason
|
|
|
- enough.
|
|
|
+ Closes https://github.com/curl/curl/pull/7380
|
|
|
+
|
|
|
+- [Sergey Markelov brought this change]
|
|
|
+
|
|
|
+ build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
|
|
|
|
|
|
- 4. Metalink requires an XML parsing library, which is complex code (even
|
|
|
- the smaller alternatives) and to this day often gets security
|
|
|
- updates.
|
|
|
+ fix compiler warnings about unused variables and parameters when
|
|
|
+ built with --disable-verbose.
|
|
|
|
|
|
- 5. Metalink is not a widely used curl feature. In the 2020 curl user
|
|
|
- survey, only 1.4% of the responders said that they'd are using it. In
|
|
|
- 2021 that number was 1.2%. Searching the web also show very few
|
|
|
- traces of it being used, even with other tools.
|
|
|
+ Closes https://github.com/curl/curl/pull/7377
|
|
|
+
|
|
|
+- [Andrea Pappacoda brought this change]
|
|
|
+
|
|
|
+ build: fix IoctlSocket FIONBIO check
|
|
|
|
|
|
- 6. The torrent format and associated technology clearly won for
|
|
|
- downloading large files from multiple sources in parallel.
|
|
|
+ Prior to this change HAVE_IOCTLSOCKET_CAMEL_FIONBIO mistakenly checked
|
|
|
+ for (lowercase) ioctlsocket when it should have checked for IoctlSocket.
|
|
|
|
|
|
- Cloes #7176
|
|
|
+ Closes https://github.com/curl/curl/pull/7375
|
|
|
|
|
|
-- docs/INSTALL: remove mentions of configure --with-darwin-ssl
|
|
|
-
|
|
|
- ... as it isn't supported since a while back.
|
|
|
+- [Timur Artikov brought this change]
|
|
|
+
|
|
|
+ configure: fix nghttp2 library name for static builds
|
|
|
|
|
|
- Make configure fail with a warning if used.
|
|
|
+ Don't hardcode the nghttp2 library name,
|
|
|
+ because it can vary, be "nghttp2_static" for example.
|
|
|
|
|
|
- Reported-by: Vadim Grinshpun
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0008.html
|
|
|
- Closes #7200
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Fixes https://github.com/curl/curl/issues/7367
|
|
|
+ Closes https://github.com/curl/curl/pull/7368
|
|
|
|
|
|
-- [Gregor Jasny brought this change]
|
|
|
+Gisle Vanem (16 Jul 2021)
|
|
|
+- [PellesC] fix _lseeki64() macro
|
|
|
|
|
|
- cmake: Avoid leaking absolute paths into exported config
|
|
|
+- [SChannel] Use '_tcsncmp()' instead
|
|
|
|
|
|
- The `find_libarary` command resolves the library or framework
|
|
|
- into an absolute path. In case of system frameworks which are
|
|
|
- located within an Xcode-provided SDK this results in the Xcode
|
|
|
- path and SDK version being part of the library path.
|
|
|
+ Revert previous change for PellesC.
|
|
|
|
|
|
- Because those library paths end up in the exported CMake config
|
|
|
- importing curl will fail once the Xcode location or SDK version
|
|
|
- changes:
|
|
|
+ Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`.
|
|
|
+
|
|
|
+- [PellesC] missing '_tcsnccmp'
|
|
|
|
|
|
- ```cmake
|
|
|
- set_target_properties(CURL::libcurl PROPERTIES
|
|
|
- INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
|
|
|
- INTERFACE_LINK_LIBRARIES "lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB"
|
|
|
- )
|
|
|
- ```
|
|
|
+ PellesC compiler does not have this macro in it's `<tchar.h>`
|
|
|
+
|
|
|
+Daniel Gustafsson (14 Jul 2021)
|
|
|
+- TODO: add mention of mbedTLS 3 incompatibilities
|
|
|
|
|
|
- A work-around is to link against system-level frameworks with
|
|
|
- `-framework XYZ`. In case of `SystemConfiguration` we might be able
|
|
|
- to omit the lookup-check because we could assume the framework is
|
|
|
- always present.
|
|
|
+ Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible
|
|
|
+ and curl no longer builds with it. Document the need to fix our support
|
|
|
+ until so has been done.
|
|
|
|
|
|
- Closes #7152
|
|
|
-
|
|
|
-- [Shikha Sharma brought this change]
|
|
|
+ Closes #7390
|
|
|
+ Fixes #7385
|
|
|
+ Reported-by: Wyatt OʼDay
|
|
|
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
|
|
|
- http2_connisdead: handle trailing GOAWAY better
|
|
|
+- docs: fix inconsistencies in EGDSOCKET documentation
|
|
|
|
|
|
- When checking the connection the input processing returns error
|
|
|
- immediately, we now consider that a dead connnection.
|
|
|
+ Only the OpenSSL backend actually use the EGDSOCKET, and also use
|
|
|
+ TLS consistently rather than mixing SSL and TLS. While there, also
|
|
|
+ fix a minor spelling nit.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0001.html
|
|
|
- Closes #7192
|
|
|
+ Closes: #7391
|
|
|
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
|
|
|
-- [Dmitry Karpov brought this change]
|
|
|
+- [Борис Верховский brought this change]
|
|
|
|
|
|
- ares: always store IPv6 addresses first
|
|
|
-
|
|
|
- Trying dual-stack on some embedded platform, I noticed that quite
|
|
|
- frequently (20%) libCurl starts from IPv4 regardless the Happy Eyeballs
|
|
|
- timeout value. After debugging this issue, I noticed that this happens
|
|
|
- if c-ares resolver response for IPv6 family comes before IPv4 (which was
|
|
|
- randomly happening in my tests).
|
|
|
-
|
|
|
- In such cases, because libCurl puts the last resolver response on top of
|
|
|
- the address list, when IPv4 resolver response comes after IPv6 one - the
|
|
|
- IPv4 family starts the connection phase instead of IPv6 family.
|
|
|
-
|
|
|
- The solution for this issue is to always put IPv6 addresses on top of
|
|
|
- the address list, regardless the order of resolver responses.
|
|
|
+ docs: document missing arguments to commands
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0003.html
|
|
|
+ This is a followup to commit f410b9e538129e77607fef1 fixing a few
|
|
|
+ more commands which takes arguments.
|
|
|
|
|
|
- Closes #7188
|
|
|
+ Closes #7382
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-- Revert "Revert "socketpair: fix potential hangs""
|
|
|
-
|
|
|
- This reverts commit 3e70c3430a370a31eff2c1d8fea29edaca8f1127.
|
|
|
+- [Randolf J brought this change]
|
|
|
+
|
|
|
+ docs: fix incorrect argument name reference
|
|
|
|
|
|
- Thus brings back the change from #7144 as was originally landed in
|
|
|
- c769d1eab4de8b
|
|
|
+ The documentation for the read callback was erroneously referencing
|
|
|
+ the nitems argument by nmemb. The error was introduced in commit
|
|
|
+ ce0881edee3c7.
|
|
|
|
|
|
- Closes #7144 (again)
|
|
|
+ Closes #7383
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-- [Ebe Janchivdorj brought this change]
|
|
|
+- [Борис Верховский brought this change]
|
|
|
|
|
|
- schannel: move code out of SChannel_connect_step1
|
|
|
+ tool_help: Document that --tlspassword takes a password
|
|
|
|
|
|
- Reviewed-by: Marc Hoersken
|
|
|
- Closes #7168
|
|
|
+ Closes #7378
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-- tests/data/Makefile.inc: error: trailing backslash on last line
|
|
|
+- scripts: Fix typo in release-notes instructions
|
|
|
|
|
|
- Follow-up to d8dcb399b8009d
|
|
|
-
|
|
|
-- TODO: Support rate-limiting for MQTT
|
|
|
+ The command to run had a typo in the pathname which prevented copy
|
|
|
+ pasting it to work, which has annoyed me enough to fix this now.
|
|
|
|
|
|
-- [Dmitry Kostjuchenko brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- warnless: simplify type size handling
|
|
|
+Jay Satiro (10 Jul 2021)
|
|
|
+- write-out.d: Clarify urlnum is not unique for de-globbed URLs
|
|
|
|
|
|
- By using sizeof(T), existing defines and relying on the compiler to
|
|
|
- define the required signed/unsigned mask.
|
|
|
+ Reported-by: Коваленко Анатолий Викторович
|
|
|
|
|
|
- Closes #7181
|
|
|
+ Fixes https://github.com/curl/curl/issues/7342
|
|
|
+ Closes https://github.com/curl/curl/pull/7369
|
|
|
|
|
|
-Gisle Vanem (4 Jun 2021)
|
|
|
-- [Win32] Fix for USE_WATT32
|
|
|
+Daniel Gustafsson (3 Jul 2021)
|
|
|
+- [William Desportes brought this change]
|
|
|
+
|
|
|
+ docs: Fix typos
|
|
|
|
|
|
- My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()`
|
|
|
+ Closes: #7370
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-Daniel Stenberg (4 Jun 2021)
|
|
|
-- [Alexis Vachette brought this change]
|
|
|
+Daniel Stenberg (8 Jul 2021)
|
|
|
+- [Jonathan Wernberg brought this change]
|
|
|
|
|
|
- url: bad CURLOPT_CONNECT_TO syntax now returns error
|
|
|
+ Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
|
|
|
|
|
|
- Added test 3020 to verify
|
|
|
+ The reverted commit introduced a logic error in code that was
|
|
|
+ correct.
|
|
|
|
|
|
- Closes #7183
|
|
|
-
|
|
|
-- github: remove the cmake macOS gcc-8 jobs
|
|
|
+ The client using libcurl would notice the error since FTP file
|
|
|
+ uploads in active transfer mode would somtimes complete with
|
|
|
+ success despite no transfer having been performed and the
|
|
|
+ "uploaded" file thus not being on the remote server afterwards.
|
|
|
|
|
|
- They're too similar to the gcc-9 ones to be useful (and seems to not
|
|
|
- work anymore).
|
|
|
+ The FTP server would notice the error because it receives a
|
|
|
+ RST on the data connection it has established with the client
|
|
|
+ before any data was transferred at all.
|
|
|
|
|
|
- Closes #7187
|
|
|
-
|
|
|
-- test269: disable for hyper
|
|
|
+ The logic error happens if the STOR response from the server have
|
|
|
+ arrived by the time ftp_multi_statemach() in the affected code path
|
|
|
+ is called, but the incoming data connection have not arrived yet.
|
|
|
+ In that case, the processing of the STOR response will cause
|
|
|
+ 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment
|
|
|
+ in the code. Since 'complete' will also be set, later logic would
|
|
|
+ believe the transfer was done.
|
|
|
|
|
|
- --ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work
|
|
|
- with hyper.
|
|
|
+ In most cases, the STOR response will not have arrived yet when
|
|
|
+ the affected code path is executed, or the incoming connection will
|
|
|
+ also have arrived, and thus the error would not express itself.
|
|
|
+ But if the speed difference of the device using libcurl and the
|
|
|
+ FTP server is exactly right, the error may happen as often as in
|
|
|
+ one out of hundred file transfers.
|
|
|
|
|
|
- Closes #7184
|
|
|
+ This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab.
|
|
|
+
|
|
|
+ Bug: https://curl.se/mail/lib-2021-07/0025.html
|
|
|
+ Closes #7362
|
|
|
|
|
|
-- runtests: enable 'hyper mode' only for HTTP tests
|
|
|
+- msnprintf: return number of printed characters excluding null byte
|
|
|
|
|
|
- The 'hyper mode' makes line-ending checks work in the test suite for
|
|
|
- when hyper is used. Now it also requires that HTTP or HTTPS are
|
|
|
- mentioned as keywords to be enabled so that it doesn't wrongly adjusts
|
|
|
- tests for other protocols.
|
|
|
+ ... even when the output is "capped" by the maximum length argument.
|
|
|
|
|
|
- This makes test 271 (TFTP) work again in hyper enabled builds.
|
|
|
+ Clarified in the docs.
|
|
|
|
|
|
- Closes #7185
|
|
|
-
|
|
|
-- [Alexis Vachette brought this change]
|
|
|
+ Closes #7361
|
|
|
|
|
|
- hostip: bad CURLOPT_RESOLVE syntax now returns error
|
|
|
+- infof: remove newline from format strings, always append it
|
|
|
|
|
|
- Added test 3019
|
|
|
- Fixes #7170
|
|
|
- Closes #7174
|
|
|
-
|
|
|
-Daniel Gustafsson (3 Jun 2021)
|
|
|
-- cookies: fix typo and expand comment
|
|
|
+ - the data needs to be "line-based" anyway since it's also passed to the
|
|
|
+ debug callback/application
|
|
|
|
|
|
- Fix a typo in the sorting comment, and while in there elaborate slightly
|
|
|
- on why creationtime can be used as a tiebreaker.
|
|
|
-
|
|
|
-- cookies: remove unused header
|
|
|
+ - it makes infof() work like failf() and consistency is good
|
|
|
|
|
|
- Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use
|
|
|
- for the inet_pton.h headerfile, this removes the inclusion of the
|
|
|
- header.
|
|
|
+ - there's an assert that triggers on newlines in the format string
|
|
|
|
|
|
- Closes: #7182
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
-
|
|
|
-Daniel Stenberg (3 Jun 2021)
|
|
|
-- Revert "socketpair: fix potential hangs"
|
|
|
+ - Also removes a few instances of "..."
|
|
|
|
|
|
- This reverts commit c769d1eab4de8b9f1bd84d992c63692fdc43c5be.
|
|
|
+ - Removes the code that would append "..." to the end of the data *iff*
|
|
|
+ it was truncated in infof()
|
|
|
|
|
|
- See #7144 for details
|
|
|
-
|
|
|
-- [Paul Groke brought this change]
|
|
|
+ Closes #7357
|
|
|
|
|
|
- socketpair: fix potential hangs
|
|
|
-
|
|
|
- Fixes potential hang in accept by using select + non-blocking accept.
|
|
|
+- examples/multi-single: fix scan-build warning
|
|
|
|
|
|
- Fixes potential hang in peer check by replacing the send/recv check with
|
|
|
- a getsockname/getpeername check.
|
|
|
+ warning: Value stored to 'mc' during its initialization is never read
|
|
|
|
|
|
- Adds length check for returned sockaddr data.
|
|
|
+ Follow-up to ae8e11ed5fd2ce
|
|
|
|
|
|
- Closes #7144
|
|
|
+ Closes #7360
|
|
|
|
|
|
-- runtests: parse data/Makefile.inc instead of using make
|
|
|
+- wolfssl: failing to set a session id is not reason to error out
|
|
|
|
|
|
- The warning about missing entries in that file then doesn't require that
|
|
|
- the Makefile has been regenerated which was confusing.
|
|
|
+ ... as it is *probably* just timed out.
|
|
|
|
|
|
- The scan for the test num is a little more error prone than before
|
|
|
- (since now it doesn't actually verify that it is legitimate Makefile
|
|
|
- syntax), but I think it is good enough.
|
|
|
+ Reported-by: Francisco Munoz
|
|
|
|
|
|
- Closes #7177
|
|
|
-
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+ Closes #7358
|
|
|
|
|
|
- filecheck: quietly remove test-place/*~
|
|
|
+- docs/examples: use curl_multi_poll() in multi examples
|
|
|
|
|
|
- Closes #7179
|
|
|
-
|
|
|
-- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
|
|
|
+ The API is soon two years old and deserves being shown as the primary
|
|
|
+ way to drive multi code as it makes it much easier to write code.
|
|
|
|
|
|
- For options that pass in lists or strings that are subsequently parsed
|
|
|
- and must be correct. This broadens the scope for the option previously
|
|
|
- known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still
|
|
|
- provided as a #define for existing applications.
|
|
|
+ multi-poll: removed
|
|
|
|
|
|
- Closes #7175
|
|
|
+ multi-legacy: add to show how we did multi API use before
|
|
|
+ curl_multi_wait/poll.
|
|
|
+
|
|
|
+ Closes #7352
|
|
|
|
|
|
-- tests: fix Accept-Encoding strips to work with Hyper builds
|
|
|
+- KNOWN_BUGS: flaky Windows CI builds
|
|
|
|
|
|
- The previous strip also removed the CR which turned problematic.
|
|
|
+ Closes #6972
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- test1147: hyper doesn't allow "crazy" request headers like built-in
|
|
|
|
|
|
- valgrind.supp: add zstd suppression using hyper
|
|
|
+ ... so strip that from the test.
|
|
|
|
|
|
- Reported-and-analyzed-by: Kevin Burke
|
|
|
- Fixes #7169
|
|
|
- Closes #7171
|
|
|
+ Closes #7349
|
|
|
|
|
|
-- github: timeout jobs on macOS after 90 minutes
|
|
|
+- c-hyper: bail on too long response headers
|
|
|
|
|
|
- Assisted-by: Marc Hoersken
|
|
|
- Closes #7173
|
|
|
-
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
-
|
|
|
- mqtt: detect illegal and too large file size
|
|
|
+ To match with built-in behaviors. Makes test 1154 work.
|
|
|
|
|
|
- Add test 3017 and 3018 to verify.
|
|
|
- Closes #7166
|
|
|
+ Closes #7350
|
|
|
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- test1151: added missing CRLF to work with hyper
|
|
|
+
|
|
|
+ Closes #7350
|
|
|
|
|
|
- cmake: add CURL_DISABLE_NTLM option
|
|
|
+- c-hyper: add support for transfer-encoding in the request
|
|
|
|
|
|
- Closes #7028
|
|
|
+ Closes #7348
|
|
|
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- [Andrea Pappacoda brought this change]
|
|
|
|
|
|
- configure: add --disable-ntlm option
|
|
|
+ cmake: remove libssh2 feature checks
|
|
|
|
|
|
- Closes #7028
|
|
|
+ libssh2 features are detected based on version since commit
|
|
|
+ 9dbbba997608f7c3c5de1c627c77c8cd2aa85b73
|
|
|
+
|
|
|
+ Closes #7343
|
|
|
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- test1116: hyper doesn't pass through "surprise-trailers"
|
|
|
+
|
|
|
+ Closes #7344
|
|
|
|
|
|
- define: re-add CURL_DISABLE_NTLM and corresponding ifdefs
|
|
|
+- socks4: scan for the IPv4 address in resolve results
|
|
|
|
|
|
- This flag will be further exposed by adding build options.
|
|
|
+ Follow-up to 84d2839740 which changed the resolving to always resolve
|
|
|
+ both address families, but since SOCKS4 only supports IPv4 it should
|
|
|
+ scan for and use the first available IPv4 address.
|
|
|
|
|
|
- Reverts #6809
|
|
|
- Closes #7028
|
|
|
+ Reported-by: shithappens2016 on github
|
|
|
+ Fixes #7345
|
|
|
+ Closes #7346
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+Jay Satiro (5 Jul 2021)
|
|
|
+- proto.d: fix formatting for paragraphs after margin changes
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7341
|
|
|
|
|
|
-Viktor Szakats (1 Jun 2021)
|
|
|
-- travis: delete --enable-hsts option (it is the default now) [ci skip]
|
|
|
+- pinnedpubkey.d: fix formatting for version support lists
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7167
|
|
|
+ Closes https://github.com/curl/curl/pull/7340
|
|
|
|
|
|
-Daniel Stenberg (1 Jun 2021)
|
|
|
-- hostip: fix 3 coverity complaints
|
|
|
+Daniel Stenberg (2 Jul 2021)
|
|
|
+- TODO: "Support in-memory certs/ca certs/keys" done
|
|
|
|
|
|
- Follow-up to 1a0ebf6632f889eed
|
|
|
+ Has been suppored for a while now with the *BLOB options.
|
|
|
+
|
|
|
+- examples: safer and more proper read callback logic
|
|
|
|
|
|
- - Check the return code to Curl_inet_pton() in two instances, even
|
|
|
- though we know the input is valid so the functions won't fail.
|
|
|
+ The same callback code is used in:
|
|
|
|
|
|
- - Clear the 'struct sockaddr_in' struct before use so that the
|
|
|
- 'sin_zero' field isn't left uninitialized.
|
|
|
+ imap-append.c
|
|
|
+ smtp-authzid.c
|
|
|
+ smtp-mail.c
|
|
|
+ smtp-multi.c
|
|
|
+ smtp-ssl.c
|
|
|
+ smtp-tls.c
|
|
|
|
|
|
- Detected by Coverity.
|
|
|
- Assisted-by: Harry Sintonen
|
|
|
- Closes #7163
|
|
|
+ It should not assume that it can copy full lines into the buffer as it
|
|
|
+ will encourage sloppy coding practices. Instead use byte-wise logic and
|
|
|
+ check/acknowledge the buffer size appropriately.
|
|
|
+
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Fixes #7330
|
|
|
+ Closes #7331
|
|
|
|
|
|
-- c-hyper: fix NTLM on closed connection tested with test159
|
|
|
+- test1519: adjusted to work with hyper
|
|
|
|
|
|
- Closes #7154
|
|
|
+ Closes #7333
|
|
|
|
|
|
-- conncache: lowercase the hash key for better match
|
|
|
+- test1518: adjusted to work with hyper
|
|
|
|
|
|
- As host names are case insensitive, the use of case sensitive hashing
|
|
|
- caused unnecesary cache misses and therefore lost performance. This
|
|
|
- lowercases the hash key.
|
|
|
+ ... by making sure the stdout output doesn't look like HTTP headers.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7159
|
|
|
- Closes #7161
|
|
|
+ Closes #7333
|
|
|
|
|
|
-- mbedtls: make mbedtls_strerror always work
|
|
|
+- test1514: add a CRLF to the response to make it correct
|
|
|
|
|
|
- If the function doesn't exist, provide a macro that just clears the
|
|
|
- error message. Removes #ifdef uses from the code.
|
|
|
+ Makes hyper accept it fine instead returning HYPERE_UNEXPECTED_EOF on
|
|
|
+ us.
|
|
|
|
|
|
- Closes #7162
|
|
|
+ Closes #7334
|
|
|
|
|
|
-- vtls: exit addsessionid if no cache is inited
|
|
|
+- formdata: avoid "Argument cannot be negative" warning
|
|
|
|
|
|
- Follow-up to b249592d29ae0
|
|
|
+ ... when converting a curl_off_t to size_t, by using
|
|
|
+ CURL_ZERO_TERMINATED before passing the argument to the function.
|
|
|
|
|
|
- Avoids NULL pointer derefs.
|
|
|
+ Detected by Coverity CID 1486590.
|
|
|
|
|
|
- Closes #7165
|
|
|
-
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+ Closes #7328
|
|
|
+ Assisted-by: Daniel Gustafsson
|
|
|
|
|
|
- Curl_ntlm_core_mk_nt_hash: fix OOM in error path
|
|
|
+- lib: more %u for port and int for %*s fixes
|
|
|
|
|
|
- Closes #7164
|
|
|
+ Detected by Coverity
|
|
|
+
|
|
|
+ Closes #7329
|
|
|
|
|
|
-Michael Kaufmann (1 Jun 2021)
|
|
|
-- ssl: read pending close notify alert before closing the connection
|
|
|
+- doh: (void)-prefix call to curl_easy_setopt
|
|
|
+
|
|
|
+- lib: fix type of len passed to *printf's %*s
|
|
|
|
|
|
- This avoids a TCP reset (RST) if the server initiates a connection
|
|
|
- shutdown by sending an SSL close notify alert and then closes the TCP
|
|
|
- connection.
|
|
|
+ ... it needs to be 'int'. Detected by Coverity CID 1486611 (etc)
|
|
|
|
|
|
- For SSL connections, usually the server announces that it will close the
|
|
|
- connection with an SSL close notify alert. curl should read this alert.
|
|
|
- If curl does not read this alert and just closes the connection, some
|
|
|
- operating systems close the TCP connection with an RST flag.
|
|
|
+ Closes #7326
|
|
|
+
|
|
|
+- lib: use %u instead of %ld for port number printf
|
|
|
|
|
|
- See RFC 1122, section 4.2.2.13
|
|
|
+ Follow-up to 764c6bd3bf which changed the type of some port number
|
|
|
+ fields. Detected by Coverity (CID 1486624) etc.
|
|
|
|
|
|
- If curl reads the close notify alert, the TCP connection is closed
|
|
|
- normally with a FIN flag.
|
|
|
+ Closes #7325
|
|
|
+
|
|
|
+- version: turn version number functions into returning void
|
|
|
|
|
|
- The new code is similar to existing code in the "SSL shutdown" function:
|
|
|
- try to read an alert (non-blocking), and ignore any read errors.
|
|
|
+ ... as we never use the return codes from them.
|
|
|
|
|
|
- Closes #7095
|
|
|
-
|
|
|
-Daniel Stenberg (1 Jun 2021)
|
|
|
-- [Laurent Dufresne brought this change]
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7319
|
|
|
|
|
|
- setopt: fix incorrect comments
|
|
|
+- mqtt: extend the error message for no topic
|
|
|
|
|
|
- Closes #7157
|
|
|
+ ... and mention that it needs URL encoding.
|
|
|
+
|
|
|
+ Reported-by: Peter Körner
|
|
|
+ Fixes #7316
|
|
|
+ Closes #7317
|
|
|
|
|
|
-- [Laurent Dufresne brought this change]
|
|
|
+- formdata: correct typecast in curl_mime_data call
|
|
|
+
|
|
|
+ Coverity pointed out it the mismatch. CID 1486590
|
|
|
+
|
|
|
+ Closes #7327
|
|
|
|
|
|
- mbedtls: add support for cert and key blob options
|
|
|
+- url: (void)-prefix a curl_url_get() call
|
|
|
|
|
|
- CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with
|
|
|
- mbedtls backend, so the support was added.
|
|
|
+ Coverity (CID 1486645) pointed out a use of curl_url_get() in the
|
|
|
+ parse_proxy function where the return code wasn't checked. A
|
|
|
+ (void)-prefix makes the intention obvious.
|
|
|
|
|
|
- Closes #7157
|
|
|
+ Closes #7320
|
|
|
|
|
|
-- [Gregor Jasny brought this change]
|
|
|
+- glob: pass an 'int' as len when using printf's %*s
|
|
|
+
|
|
|
+ Detected by Coverity CID 1486629.
|
|
|
+
|
|
|
+ Closes #7324
|
|
|
|
|
|
- cmake: try well-known send/recv signature for Apple
|
|
|
+- vtls: use free() not curl_free()
|
|
|
|
|
|
- The CMake `try_compile` command is especially slow for
|
|
|
- the Xcode generator. With this patch applied it first tests
|
|
|
- for the currently used (and Open Group specified) send/recv
|
|
|
- signature. In case this fails testing falls-back to the
|
|
|
- permutations.
|
|
|
+ curl_free() is provided for users of the API to free returned data,
|
|
|
+ there's no need to use it internally.
|
|
|
|
|
|
- speed-up:
|
|
|
+ Closes #7318
|
|
|
+
|
|
|
+- zuul: use the new rustls directory name
|
|
|
|
|
|
- ```
|
|
|
- time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
|
|
|
- before: 11.64s user 11.09s system 55% cpu 40.754 total
|
|
|
- after: 7.84s user 6.57s system 51% cpu 28.074 total
|
|
|
- ```
|
|
|
+ Follow-up to 6d972c8b1cbb3 which missed updating this directory name.
|
|
|
|
|
|
- ```
|
|
|
- time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
|
|
|
- before: 217.07s user 104.15s system 60% cpu 8:51.79 total
|
|
|
- after: 108.76s user 51.80s system 58% cpu 4:32.58 total
|
|
|
- ```
|
|
|
+ Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1
|
|
|
|
|
|
- Closes #7158
|
|
|
+ Closes #7311
|
|
|
|
|
|
-- http2: init recvbuf struct for pushed streams
|
|
|
+Jay Satiro (29 Jun 2021)
|
|
|
+- http: fix crash in rate-limited upload
|
|
|
|
|
|
- Debug builds would warn that these structs were not initialized properly
|
|
|
- for pushed streams.
|
|
|
+ - Don't set the size of the piece of data to send to the rate limit if
|
|
|
+ that limit is larger than the buffer size that will hold the piece.
|
|
|
|
|
|
- Ref: #7148
|
|
|
- Closes #7153
|
|
|
+ Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
|
|
|
+ (curl tool: --limit-rate) was set then it was possible that a temporary
|
|
|
+ buffer used for uploading could be written to out of bounds. A likely
|
|
|
+ scenario for this would be a non-trivial amount of post data combined
|
|
|
+ with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).
|
|
|
+
|
|
|
+ The bug was introduced in 24e469f which is in releases since 7.76.0.
|
|
|
+
|
|
|
+ perl -e "print '0' x 200000" > tmp
|
|
|
+ curl --limit-rate 128k -d @tmp httpbin.org/post
|
|
|
+
|
|
|
+ Reported-by: Richard Marion
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/7308
|
|
|
+ Closes https://github.com/curl/curl/pull/7315
|
|
|
|
|
|
-- Curl_ssl_getsessionid: fail if no session cache exists
|
|
|
+Daniel Stenberg (29 Jun 2021)
|
|
|
+- copyright: add boiler-plate headers to CI config files
|
|
|
|
|
|
- This function might get called for an easy handle for which the session
|
|
|
- cache hasn't been setup. It now just returns a "miss" in that case.
|
|
|
+ And whitelist .zuul.ignore
|
|
|
|
|
|
- Reported-by: Christoph M. Becker
|
|
|
- Fixes #7148
|
|
|
- Closes #7153
|
|
|
+ Closes #7314
|
|
|
|
|
|
-- GOVERNANCE: add 'user', 'committer' and 'contributor'
|
|
|
+- CI: remove travis details
|
|
|
|
|
|
- As those are commonly used terms in the project.
|
|
|
+ Rename still used leftovers to "zuul" as that's now the CI using them.
|
|
|
|
|
|
- Closes #7151
|
|
|
+ Closes #7313
|
|
|
|
|
|
-- URL-SYNTAX.md: document the new 'localhost' treatment
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- hostip: make 'localhost' return fixed values
|
|
|
+- openssl: avoid static variable for seed flag
|
|
|
|
|
|
- Resolving the case insensitive host name 'localhost' now returns the
|
|
|
- addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any
|
|
|
- resolver.
|
|
|
+ Avoid the race condition risk by instead storing the "seeded" flag in
|
|
|
+ the multi handle. Modern OpenSSL versions handle the seeding itself so
|
|
|
+ doing the seeding once per multi-handle instead of once per process is
|
|
|
+ less of an issue.
|
|
|
|
|
|
- This removes the risk that users accidentally resolves 'localhost' to
|
|
|
- something else. By making sure 'localhost' is always local, we can
|
|
|
- assume a "secure context" for such transfers (for cookies etc).
|
|
|
+ Reported-by: Gerrit Renker
|
|
|
+ Fixes #7296
|
|
|
+ Closes #7306
|
|
|
+
|
|
|
+- configure: inhibit the implicit-fallthrough warning on gcc-12
|
|
|
|
|
|
- Closes #7039
|
|
|
+ ... since it no longer acknowledges the comment markup we use for that
|
|
|
+ purpose.
|
|
|
+
|
|
|
+ Reported-by: Younes El-karama
|
|
|
+ Fixes #7295
|
|
|
+ Closes #7307
|
|
|
|
|
|
-Daniel Gustafsson (31 May 2021)
|
|
|
-- docs: fix typos
|
|
|
+Daniel Gustafsson (28 Jun 2021)
|
|
|
+- [Andrei Rybak brought this change]
|
|
|
|
|
|
-Daniel Stenberg (30 May 2021)
|
|
|
-- hsts: ignore numberical IP address hosts
|
|
|
+ misc: fix typos in comments which repeat a word
|
|
|
|
|
|
- Also, use a single function library-wide for detecting if a given hostname is
|
|
|
- a numerical IP address.
|
|
|
+ Fix typos in code comments which repeat various words. In trivial
|
|
|
+ cases, just delete the repeated word. Reword the affected sentence in
|
|
|
+ "lib/url.c" for it to make sense.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7146
|
|
|
- Closes #7149
|
|
|
+ Closes #7303
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-- test178: adjust for hyper
|
|
|
+Daniel Stenberg (27 Jun 2021)
|
|
|
+- lib677: make it survive torture testing
|
|
|
|
|
|
- Hyper returns the same error for wrong HTTP version as for negative
|
|
|
- content-length. Test 178 verifies that negative content-length is
|
|
|
- rejected but the hyper backend will return a different error for it (and
|
|
|
- without any helpful message telling why the message was bad). It will
|
|
|
- also not return any headers at all for the response, not even the ones
|
|
|
- that arrived before the error.
|
|
|
+ Follow-up to a5ab72d5edd7
|
|
|
|
|
|
- Closes #7147
|
|
|
+ Closes #7300
|
|
|
|
|
|
-- HYPER: remove mentions of deprecated development branch
|
|
|
+- [Tommy Chiang brought this change]
|
|
|
|
|
|
-- c-hyper: handle NULL from hyper_buf_copy()
|
|
|
+ docs/BINDINGS: fix outdated links
|
|
|
|
|
|
- Closes #7143
|
|
|
-
|
|
|
-- HSTS: not experimental anymore
|
|
|
+ * luacurl page is now not accessible, fix it with wayback machine page
|
|
|
+ * Scheme one seems not providing https now, change it back to http one
|
|
|
+
|
|
|
+ Closes #7301
|
|
|
|
|
|
-- [Douglas R. Reno brought this change]
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- INSTALL: use correct extension for CURL-DISABLE.md
|
|
|
+ curstls: bump crustls version and use new URL
|
|
|
|
|
|
- In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of
|
|
|
- CURL-DISABLE.md. This generates a 404 on the cURL website as well as
|
|
|
- when viewing the docs through Github.
|
|
|
+ crustls moved to https://github.com/rustls/rustls-ffi. This also bumps
|
|
|
+ the expected version to 0.7.0.
|
|
|
|
|
|
- Closes #7142
|
|
|
+ Closes #7297
|
|
|
|
|
|
-- travis: run tests 1 - 153 with hyper
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
|
|
|
-
|
|
|
- Makes test 129 work (HTTP/1.2 response).
|
|
|
+- examples: length-limit two sscanf() uses of %s
|
|
|
|
|
|
- Closes #7141
|
|
|
+ Reported-by: Jishan Shaikh
|
|
|
+ Fixes #7293
|
|
|
+ Closes #7294
|
|
|
|
|
|
-- http_proxy: deal with non-200 CONNECT response with Hyper
|
|
|
-
|
|
|
- Makes test 94 and 95 work
|
|
|
-
|
|
|
- Closes #7141
|
|
|
+- [Richard Whitehouse brought this change]
|
|
|
|
|
|
-- c-hyper: clear NTLM auth buffer when request is issued
|
|
|
+ multi: alter transfer timeout ordering
|
|
|
|
|
|
- To prevent previous ones to get reused on subsequent requests. Matches
|
|
|
- how the built-in HTTP code works. Makes test 90 to 93 work.
|
|
|
+ - Check whether a connection has succeded before checking whether it's
|
|
|
+ timed out.
|
|
|
|
|
|
- Add test 90 to 93 in travis.
|
|
|
+ This means if we've connected quickly, but subsequently been
|
|
|
+ descheduled, we allow the connection to succeed. Note, if we timeout,
|
|
|
+ but between checking the timeout, and connecting to the server the
|
|
|
+ connection succeeds, we will allow it to go ahead. This is viewed as
|
|
|
+ an acceptable trade off.
|
|
|
|
|
|
- Closes #7139
|
|
|
-
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+ - Add additional failf logging around failed connection attempts to
|
|
|
+ propogate the cause up to the caller.
|
|
|
+
|
|
|
+ Co-Authored-by: Martin Howarth
|
|
|
+ Closes #7178
|
|
|
|
|
|
- schannel: set ALPN length correctly for HTTP/2
|
|
|
+- test677: IMAP CONNECT_ONLY, custom command and then exit
|
|
|
|
|
|
- In a3268eca792f1 this code was changed to use the ALPN_H2 constant
|
|
|
- instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are
|
|
|
- not the same. The nghttp2 constant included the length of the string,
|
|
|
- like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need
|
|
|
- to re-add the length of the string to the ALPN buffer.
|
|
|
+ Adjusted ftpserver.pl to add support for the IMAP IDLE command
|
|
|
|
|
|
- Closes #7138
|
|
|
+ Adjusted test 660 to sync with the fix
|
|
|
|
|
|
-- travis: run tests 1-89 in the hyper build
|
|
|
+- multi: do not switch off connect_only flag when closing
|
|
|
|
|
|
- Closes #7137
|
|
|
+ ... as it made protocol specific disconnect commands wrongly get used.
|
|
|
+
|
|
|
+ Bug: https://curl.se/mail/lib-2021-06/0024.html
|
|
|
+ Reported-by: Aleksander Mazur
|
|
|
+ Closes #7288
|
|
|
|
|
|
-- Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
|
|
|
+- http: make the haproxy support work with unix domain sockets
|
|
|
|
|
|
- This reverts commit c3eefa95c31f55657f0af422e8268d738f689066.
|
|
|
+ ... it should then pass on "PROXY UNKNOWN" since it doesn't know the
|
|
|
+ involved IP addresses.
|
|
|
|
|
|
- Reported-by: Kevin Burke
|
|
|
- Fixes #7122
|
|
|
- Closes #7136
|
|
|
+ Reported-by: Valentín Gutiérrez
|
|
|
+ Fixes #7290
|
|
|
+ Closes #7291
|
|
|
|
|
|
-- [Jon Rumsey brought this change]
|
|
|
+- [Xiang Xiao brought this change]
|
|
|
|
|
|
- ccsidcurl: fix the compile errors
|
|
|
-
|
|
|
- Looks like the declaration of cpp shoule be const char ** and return
|
|
|
- null if convert_version_info_string fails.
|
|
|
+ curl.h: include sys/select.h for NuttX RTOS
|
|
|
|
|
|
- Fixes #7134
|
|
|
- Closes #7135
|
|
|
+ Closes #7287
|
|
|
|
|
|
-- [Viktor Szakats brought this change]
|
|
|
+- [Bin Meng brought this change]
|
|
|
|
|
|
- docs: use --max-redirs instead of --max-redir
|
|
|
+ curl.h: remove the execution bit
|
|
|
|
|
|
- For consistency.
|
|
|
+ The execution bit of curl.h file was wrongly added:
|
|
|
|
|
|
- Closes #7130
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
|
|
|
- ... and bump to 7.77.1
|
|
|
+ and should be removed.
|
|
|
+
|
|
|
+ Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
+ Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
|
|
|
+ Closes #7286
|
|
|
|
|
|
-- [Michael Forney brought this change]
|
|
|
+- [Bin Lan brought this change]
|
|
|
|
|
|
- travis: add bearssl build
|
|
|
+ curl.h: <sys/select.h> is supported by VxWorks7
|
|
|
|
|
|
- Closes #7133
|
|
|
+ Closes #7285
|
|
|
|
|
|
-- [Michael Forney brought this change]
|
|
|
+- [Bachue Zhou brought this change]
|
|
|
|
|
|
- bearssl: explicitly initialize all fields of Curl_ssl
|
|
|
+ quiche: use send() instead of sendto() to avoid macOS issue
|
|
|
|
|
|
- Also, add comments like the other vtls backends.
|
|
|
+ sendto() always returns "Socket is already connected" error on macos
|
|
|
|
|
|
- Closes #7133
|
|
|
+ Closes #7260
|
|
|
|
|
|
-- [Michael Forney brought this change]
|
|
|
+- [Li Xinwei brought this change]
|
|
|
|
|
|
- bearssl: remove incorrect const on variable that is modified
|
|
|
+ cmake: fix support for UnixSockets feature on Win32
|
|
|
|
|
|
- hostname may be set to NULL later on in this function if it is an
|
|
|
- IP address.
|
|
|
+ Move the definition of sockaddr_un struct from config-win32.h to
|
|
|
+ curl_setup.h, so that it could be shared by all build systems.
|
|
|
|
|
|
- Closes #7133
|
|
|
+ Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
|
|
|
+ unix sockets.
|
|
|
+
|
|
|
+ Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS
|
|
|
+ is defined.
|
|
|
+
|
|
|
+ Closes #7034
|
|
|
|
|
|
-Version 7.77.0 (26 May 2021)
|
|
|
+- [Gregory Muchka brought this change]
|
|
|
+
|
|
|
+ hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
|
|
|
+
|
|
|
+ From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A
|
|
|
+ dictionary of key-value pairs that represent the current internet proxy
|
|
|
+ settings, or NULL if no proxy settings have been defined or if an error
|
|
|
+ occurred. You must release the returned value."
|
|
|
+
|
|
|
+ Failure to release the returned value of SCDynamicStoreCopyProxies can
|
|
|
+ result in a memory leak.
|
|
|
+
|
|
|
+ Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies
|
|
|
+
|
|
|
+ Closes #7265
|
|
|
|
|
|
-Daniel Stenberg (26 May 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- THANKS: added contributors from 7.77.0 cycle
|
|
|
+Jay Satiro (21 Jun 2021)
|
|
|
+- vtls: fix warning due to function prototype mismatch
|
|
|
+
|
|
|
+ b09c8ee changed the function prototype. Caught by Visual Studio.
|
|
|
|
|
|
-- copyright: update copyright year ranges to 2021
|
|
|
+- curl_multibyte: Remove local encoding fallbacks
|
|
|
+
|
|
|
+ - If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then
|
|
|
+ no longer fall back to assuming the string is in a local encoding.
|
|
|
+
|
|
|
+ Background:
|
|
|
+
|
|
|
+ Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to
|
|
|
+ pass to the Windows CRT API wide-character functions since in Windows
|
|
|
+ UTF-8 is not a valid locale (or at least 99% of the time right now).
|
|
|
+
|
|
|
+ Prior to this change if the Unicode encoding conversion failed then
|
|
|
+ libcurl would assume, for backwards compatibility with applications that
|
|
|
+ may have written their code for non-Unicode builds, attempt to convert
|
|
|
+ the string from local encoding to UTF-16.
|
|
|
+
|
|
|
+ That type of "best effort" could theoretically cause some type of
|
|
|
+ security or other problem if a string that was locally encoded was also
|
|
|
+ valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion
|
|
|
+ could occur.
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/pull/7246
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7257
|
|
|
|
|
|
-- [Radek Zajic brought this change]
|
|
|
+Daniel Stenberg (20 Jun 2021)
|
|
|
+- curl_endian: remove the unused Curl_write64_le function
|
|
|
+
|
|
|
+ The last usage was removed in cca455a36
|
|
|
+
|
|
|
+ Closes #7280
|
|
|
|
|
|
- hostip: fix broken macOS/CMake/GCC builds
|
|
|
+- vtls: only store TIMER_APPCONNECT for non-proxy connect
|
|
|
|
|
|
- Follow-up to 31f631a142d855f06
|
|
|
+ Introducing a 'isproxy' argument to the connect function so that it
|
|
|
+ knows wether to store the time stamp or not.
|
|
|
|
|
|
- Fixes #7128
|
|
|
- Closes #7129
|
|
|
+ Reported-by: Yongkang Huang
|
|
|
+ Fixes #7274
|
|
|
+ Closes #7274
|
|
|
|
|
|
-- TODO: netrc caching and sharing
|
|
|
+- gnutls: set the preferred TLS versions in correct order
|
|
|
|
|
|
- URL: https://curl.se/mail/archive-2021-05/0018.html
|
|
|
+ Regression since 781864bedbc57 (curl 7.77.0)
|
|
|
+
|
|
|
+ Reported-by: civodul on github
|
|
|
+ Assisted-by: Nikos Mavrogiannopoulos
|
|
|
+ Fixes #7277
|
|
|
+ Closes #7278
|
|
|
|
|
|
-- [Orgad Shaneh brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- setopt: streamline ssl option code
|
|
|
-
|
|
|
- Make it use the same style as the code next to it
|
|
|
+ configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r
|
|
|
|
|
|
- Closes #7123
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Radek Zajic brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- lib/hostip6.c: make NAT64 address synthesis on macOS work
|
|
|
+ configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r
|
|
|
|
|
|
- Closes #7121
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [ejanchivdorj brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
|
|
|
-
|
|
|
- When the SecCertificateCopyCommonName function fails, it leaves
|
|
|
- common_name in a invalid state so CFStringCompare uses the invalid
|
|
|
- result, causing EXC_BAD_ACCESS.
|
|
|
-
|
|
|
- The fix is to check the return value of the function before using the
|
|
|
- name.
|
|
|
+ configure/cmake: remove unused define HAVE_PERROR
|
|
|
|
|
|
- Closes #7126
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Paweł Wegner brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- CMake: add CURL_ENABLE_EXPORT_TARGET option
|
|
|
-
|
|
|
- install(EXPORT ...) causes trouble when embedding curl dependencies
|
|
|
- which don't provide install(EXPORT ...) targets (e.g libressl and
|
|
|
- nghttp2) with cmake's add_subdirectory.
|
|
|
+ configure: remove unused check for gai_strerror
|
|
|
|
|
|
- Reviewed-by: Jakub Zakrzewski
|
|
|
- Closes #7060
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Alessandro Ghedini brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- quiche: update for network path aware API
|
|
|
-
|
|
|
- Latest version of quiche requires the application to pass the peer
|
|
|
- address of received packets, and it provides the address for outgoing
|
|
|
- packets back.
|
|
|
+ configure/cmake: remove unused define HAVE_FREEIFADDRS
|
|
|
|
|
|
- Closes #7120
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- rustls: switch read_tls and write_tls to callbacks
|
|
|
-
|
|
|
- And update to 0.6.0, including a rename from session to connection for
|
|
|
- many fields.
|
|
|
+ configure/cmake: remove unused define HAVE_FORK
|
|
|
|
|
|
- Closes #7071
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Koichi Shiraishi brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- sectransp: fix 7f4a9a9b2a49 commit about missing comma
|
|
|
-
|
|
|
- Follow-up to 7f4a9a9b2a495
|
|
|
+ configure/cmake: remove unused define HAVE_FDOPEN
|
|
|
|
|
|
- Closes #7119
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- openssl: associate/detach the transfer from connection
|
|
|
-
|
|
|
- CVE-2021-22901
|
|
|
+ configure/cmake: remove checks for unused sgtty.h
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22901.html
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- telnet: check sscanf() for correct number of matches
|
|
|
-
|
|
|
- CVE-2021-22898
|
|
|
+ configure/cmake: remove remaining checks for rsa.h
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22898.html
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- schannel: don't use static to store selected ciphers
|
|
|
-
|
|
|
- CVE-2021-22897
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
+
|
|
|
+ configure/cmake: remove remaining checks for err.h
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22897.html
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- docs/tests: remove freenode references
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ configure/cmake: remove remaining checks for crypto.h
|
|
|
+
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- NSS: make colons, commas and spaces valid separators in cipher list
|
|
|
+ configure/cmake: remove checks for unused getservbyport_r
|
|
|
|
|
|
- Fixes #7110
|
|
|
- Closes #7115
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- curl: include libmetalink version in --version output
|
|
|
+- --socks4[a]: clarify where the host name is resolved
|
|
|
|
|
|
- Closes #7112
|
|
|
-
|
|
|
-Jay Satiro (21 May 2021)
|
|
|
-- [Matias N. Goldberg brought this change]
|
|
|
+ Closes #7273
|
|
|
|
|
|
- cmake: Use multithreaded compilation on VS 2008+
|
|
|
+- libcurl-security.3: mention file descriptors and forks
|
|
|
|
|
|
- Multithreaded compilation has been supported since at least VS 2005 and
|
|
|
- been robustly stable since at least VS 2008
|
|
|
+ ... and move the security report section last.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7109
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Closes #7270
|
|
|
|
|
|
-Daniel Stenberg (21 May 2021)
|
|
|
-- [Matias N. Goldberg brought this change]
|
|
|
+- [Alex Xu (Hello71) brought this change]
|
|
|
|
|
|
- cmake: fix two invokes result in different curl_config.h
|
|
|
+ configure.ac: make non-executable
|
|
|
|
|
|
- Fixes #7100
|
|
|
- Closes #7101
|
|
|
+ it needs to be processed by autoconf or autoreconf, and doesn't have a
|
|
|
+ suitable shebang to be directly executed. other projects normally set
|
|
|
+ configure.ac -x.
|
|
|
|
|
|
- Reviewed-by: Jakub Zakrzewski
|
|
|
- Signed-off-by: Matias N. Goldberg <dark_sylinc@yahoo.com.ar>
|
|
|
-
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+ Closes #7272
|
|
|
|
|
|
- cmake: detect CURL_SA_FAMILY_T
|
|
|
+- configure: do not strip out debug flags
|
|
|
|
|
|
- Fixes #7049
|
|
|
- Closes #7065
|
|
|
+ To allow users to set them when invoking configure without using
|
|
|
+ --with-debug.
|
|
|
+
|
|
|
+ Reported-by: Alex Xu
|
|
|
+ Fixes #7216
|
|
|
+ Closes #7267
|
|
|
|
|
|
-- [Lucas Clemente Vella brought this change]
|
|
|
+- libssh2: limit time a disconnect can take to 1 second
|
|
|
+
|
|
|
+ Closes #7271
|
|
|
|
|
|
- CURLOPT_IPRESOLVE: preventing wrong IP version from being used
|
|
|
+- TLS: prevent shutdown loops to get stuck
|
|
|
|
|
|
- In some situations, it was possible that a transfer was setup to
|
|
|
- use an specific IP version, but due do DNS caching or connection
|
|
|
- reuse, it ended up using a different IP version from requested.
|
|
|
+ ... by making sure the loops are only allowed to read the shutdown
|
|
|
+ traffic a limited number of times.
|
|
|
|
|
|
- This commit changes the effect of CURLOPT_IPRESOLVE from simply
|
|
|
- restricting address resolution to preventing the wrong connection
|
|
|
- type being used, when choosing a connection from the pool, and
|
|
|
- to restricting what addresses could be used when establishing
|
|
|
- a new connection.
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Closes #7271
|
|
|
+
|
|
|
+- hyper: propagate errors back up from read callbacks
|
|
|
|
|
|
- It is important that all addresses versions are resolved, even if
|
|
|
- not used in that transfer in particular, because the result is
|
|
|
- cached, and could be useful for a different transfer with a
|
|
|
- different CURLOPT_IPRESOLVE setting.
|
|
|
+ Makes test 513 work with hyper
|
|
|
|
|
|
- Closes #6853
|
|
|
+ Closes #7266
|
|
|
|
|
|
-- [Oliver Urbann brought this change]
|
|
|
+- KNOWN_BUGS: Negotiate on Windows fails
|
|
|
+
|
|
|
+ Closes #5881
|
|
|
|
|
|
- AmigaOS: add functions definitions for SHA256
|
|
|
+- KNOWN_BUGS: renames instead of locking for atomic operations
|
|
|
|
|
|
- AmiSSL replaces many functions with macros. Curl requires pointer
|
|
|
- to some of these functions. Thus, we have to encapsulate these macros:
|
|
|
- SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free.
|
|
|
+ Closes #6882
|
|
|
+ Closes #6884
|
|
|
+
|
|
|
+- zuul: add two missing CI jobs
|
|
|
|
|
|
- Bug: https://github.com/jens-maus/amissl/issues/15
|
|
|
- Co-authored-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ ... that were configured, just not run
|
|
|
|
|
|
- Closes #7099
|
|
|
+ Closes #7261
|
|
|
|
|
|
-- test2100: make it run with and require IPv6
|
|
|
+Viktor Szakats (15 Jun 2021)
|
|
|
+- idn: fix libidn2 with windows unicode builds
|
|
|
|
|
|
- Closes #7083
|
|
|
-
|
|
|
-- tests/getpart: generate output URL encoded for better diffs
|
|
|
+ Unicode Windows builds use UTF-8 strings internally in libcurl,
|
|
|
+ so make sure to call the UTF-8 flavour of the libidn2 API. Also
|
|
|
+ document that Windows builds with libidn2 and UNICODE do expect
|
|
|
+ CURLOPT_URL as an UTF-8 string.
|
|
|
|
|
|
- Closes #7083
|
|
|
-
|
|
|
-- [Ryan Beck-Buysse brought this change]
|
|
|
+ Reported-by: dEajL3kA on github
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Closes #7246
|
|
|
+ Fixes #7228
|
|
|
|
|
|
- docs/TheArtOfHttpScripting: fix markdown links
|
|
|
+Daniel Stenberg (15 Jun 2021)
|
|
|
+- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
|
|
|
|
|
|
- extra parens cause the links to be incorrectly formatted
|
|
|
- and inconsistent with the rest of the document.
|
|
|
+ They were never officially allowed and slipped in only due to sloppy
|
|
|
+ parsing. Spaces (ascii 32) should be correctly encoded (to %20) before
|
|
|
+ being part of a URL.
|
|
|
|
|
|
- Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com>
|
|
|
- Closes #7097
|
|
|
+ The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl
|
|
|
+ allow spaces.
|
|
|
+
|
|
|
+ Updated test 1560 to verify.
|
|
|
+
|
|
|
+ Closes #7073
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+ ... and bump to version 7.78.0 for the next planned release.
|
|
|
|
|
|
-- [Emil Engler brought this change]
|
|
|
-
|
|
|
- docs: replace dots with dashes in markdown enums
|
|
|
+Jay Satiro (15 Jun 2021)
|
|
|
+- docs: Remove outdated curl tool limitation
|
|
|
|
|
|
- We use dashes instead of dots nearly everywhere except for those few
|
|
|
- cases. This commit addresses this issues and brings more coherency into
|
|
|
- it.
|
|
|
+ - Document that HTTP/2 multiplexing is supported by the curl tool when
|
|
|
+ parallel transfers are used.
|
|
|
|
|
|
- Closes #7093
|
|
|
-
|
|
|
-- [Emil Engler brought this change]
|
|
|
+ Supported since 7.66.0 via --parallel, but the doc wasn't updated.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7259
|
|
|
|
|
|
- docs: improve INTERNALS.md regarding getsock cb
|
|
|
+- http2: Clarify 'Using HTTP2' verbose message
|
|
|
|
|
|
- This adds the I/O prefix to indicate that those "actions" are kind-of
|
|
|
- related to those found in select(2) or poll(2) (reading/writing).
|
|
|
+ - Change phrasing from multi-use to multiplexing since the former may
|
|
|
+ not be as well understood.
|
|
|
|
|
|
- It also adds a note where the prototypes of those functions can be found
|
|
|
- in the source code.
|
|
|
+ Before: * Using HTTP2, server supports multi-use
|
|
|
|
|
|
- Closes #7092
|
|
|
+ After: * Using HTTP2, server supports multiplexing
|
|
|
+
|
|
|
+ Bug: https://github.com/curl/curl/discussions/7255
|
|
|
+ Reported-by: David Hu
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7258
|
|
|
|
|
|
-- [Emil Engler brought this change]
|
|
|
+Daniel Stenberg (14 Jun 2021)
|
|
|
+- winbuild/README: VC should be set to 6 'or larger'
|
|
|
+
|
|
|
+ Previously it listed all versions up to 15 (missing 16) but this new
|
|
|
+ phrasing is more open ended.
|
|
|
+
|
|
|
+ Reported-by: Hugh Macdonald
|
|
|
+ Fixes #7253
|
|
|
+ Closes #7254
|
|
|
+
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- docs: document attach in INTERNALS.md
|
|
|
+ rustls: remove native_roots fallback
|
|
|
|
|
|
- The new field in the Curl_handler struct still lacks documentation. This
|
|
|
- adds it it from the information extracted from lib/urldata.h:797
|
|
|
+ For the commandline tool, we expect to be passed
|
|
|
+ SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of
|
|
|
+ trusted roots (like in other TLS backends).
|
|
|
|
|
|
- Closes #7091
|
|
|
+ This also removes a dependency on Security.framework when building on
|
|
|
+ macOS.
|
|
|
+
|
|
|
+ Closes #7250
|
|
|
|
|
|
-- [Marc Aldorasi brought this change]
|
|
|
+- [Albin Vass brought this change]
|
|
|
|
|
|
- config: remove now-unused macros
|
|
|
+ travis: remove jobs that have migrated to zuul
|
|
|
|
|
|
- Closes #7094
|
|
|
+ Closes #7245
|
|
|
|
|
|
-- [Marc Aldorasi brought this change]
|
|
|
+- [Mohammed Naser brought this change]
|
|
|
|
|
|
- hostip.h: remove declaration of unimplemented function
|
|
|
+ CI: add jobs using Zuul
|
|
|
|
|
|
- Closes #7094
|
|
|
-
|
|
|
-- h3: add 'attach' callback to protocol handlers
|
|
|
+ It also includes a few changes to get the builds going:
|
|
|
+ - Added autoconf to common dependencies
|
|
|
+ - Added automake to common dependencies
|
|
|
+ - Added libtool to common dependencies
|
|
|
+ - Added libssl-dev to common dependencies
|
|
|
|
|
|
- Follow-up to 0c55fbab45be
|
|
|
+ Co-authored-by: Albin Vass
|
|
|
|
|
|
- Reviewed-by: Emil Engler
|
|
|
- Closes #7090
|
|
|
+ Closes #7245
|
|
|
|
|
|
-- wolfssl: remove SSLv3 support leftovers
|
|
|
+- netrc: skip 'macdef' definitions
|
|
|
|
|
|
- Closes #7088
|
|
|
+ Add test 494 to verify
|
|
|
+
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Fixes #7238
|
|
|
+ Closes #7244
|
|
|
|
|
|
-- curl-wolfssl.m4: without custom include path, assume /usr/include
|
|
|
+- multi: add scan-build-6 work-around in curl_multi_fdset
|
|
|
|
|
|
- ... so that we can point out the root of the OpenSSL emulation headers.
|
|
|
- Previously this used the '$includedir' variable which is wrong since
|
|
|
- that defaults to the dir where the current configure invoke will install
|
|
|
- the built libcurl headers: /usr/local by default.
|
|
|
+ scan-build-6 otherwise warns, saying: warning: The left operand of '>='
|
|
|
+ is a garbage value otherwise, which is false.
|
|
|
|
|
|
- Fixes #7085
|
|
|
- Reported-by: Joel Jakobsson
|
|
|
- Closes #7087
|
|
|
-
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+ Later scan-builds don't claim this on the same code.
|
|
|
+
|
|
|
+ Closes #7248
|
|
|
|
|
|
- data_pending: check only SECONDARY socket for FTP(S) transfers
|
|
|
+- asyn-ares: remove check for 'data' in Curl_resolver_cancel
|
|
|
|
|
|
- Check the FIRST for all other protocols.
|
|
|
+ It implied it would survive a NULL in there which it won't. Instead do
|
|
|
+ an assert.
|
|
|
|
|
|
- This fixes a timeout in an ftps download. The server sends a TLS
|
|
|
- close_notify message in the same packet as the file data. The
|
|
|
- close_notify seems to not be handled in the schannel_recv function, so
|
|
|
- libcurl is not aware that the server has closed the connection. Thus
|
|
|
- libcurl ends up waiting for action on the socket until a timeout is
|
|
|
- reached. With the secondary socket check added to the data_pending
|
|
|
- function, the close_notify is properly handled, and the ftps transfer
|
|
|
- terminates as expected.
|
|
|
+ Pointed out by scan-build.
|
|
|
|
|
|
- Fixes #7068
|
|
|
- Closes #7069
|
|
|
+ Closes #7248
|
|
|
|
|
|
-- github: inhibit deprecated declarations for clang on macOS
|
|
|
+- url.c: remove two variable assigns that are never read
|
|
|
|
|
|
- ... as they otherwise cause ldap build errors in the CI.
|
|
|
+ Pointed out by scan-build
|
|
|
|
|
|
- Fixes #7081
|
|
|
- Closes #7082
|
|
|
+ Closes #7248
|
|
|
|
|
|
-- conn: add 'attach' to protocol handler, make libssh2 use it
|
|
|
+- [Gealber Morales brought this change]
|
|
|
+
|
|
|
+ mqtt: add support for username and password
|
|
|
|
|
|
- The libssh2 backend has SSH session associated with the connection but
|
|
|
- the callback context is the easy handle, so when a connection gets
|
|
|
- attached to a transfer, the protocol handler now allows for a custom
|
|
|
- function to get used to set things up correctly.
|
|
|
+ Minor-edits-by: Daniel Stenberg
|
|
|
+ Added test 2200 to 2205
|
|
|
|
|
|
- Reported-by: Michael O'Farrell
|
|
|
- Fixes #6898
|
|
|
- Closes #7078
|
|
|
+ Closes #7243
|
|
|
|
|
|
-- http2: make sure pause is done on HTTP
|
|
|
-
|
|
|
- Since the function is called for any protocol, we can't assume that the
|
|
|
- HTTP struct is there without first making sure it is HTTP.
|
|
|
+- travis: remove the arm job
|
|
|
|
|
|
- Reported-by: Denis Goleshchikhin
|
|
|
- Fixes #7079
|
|
|
- Closes #7080
|
|
|
+ We do it on circle CI instead
|
|
|
|
|
|
-- docs: cookies from HTTP headers need domain set
|
|
|
+- CI: add .circleci/config.yml
|
|
|
|
|
|
- ... or the cookies won't get sent. Push users to using the "Netscape"
|
|
|
- format instead, which curl uses when saving a cookie "jar".
|
|
|
+ Assisted-by: Gabriel Simmer
|
|
|
|
|
|
- Reported-by: Martin Dorey
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Fixes #6723
|
|
|
- Closes #7077
|
|
|
+ Closes #7239
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- github: add a workflow with libssh2 on macOS using cmake
|
|
|
-
|
|
|
- Closes #7047
|
|
|
+- runtests: init $VERSION to avoid warnings when using -l
|
|
|
|
|
|
-- sws: allow HTTP requests up to 2MB in size
|
|
|
+- openssl: don't remove session id entry in disassociate
|
|
|
|
|
|
- To allow tests with slightly larger payloads. Like #7071 ...
|
|
|
+ When a connection is disassociated from a transfer, the Session ID entry
|
|
|
+ should remain.
|
|
|
|
|
|
- Closes #7075
|
|
|
-
|
|
|
-Marc Hoersken (16 May 2021)
|
|
|
-- CI/azure: increase verbosity and fix outdated task names
|
|
|
+ Regression since 7f4a9a9 (shipped in libcurl 7.77.0)
|
|
|
+ Reported-by: Gergely Nagy
|
|
|
+ Reported-by: Paul Groke
|
|
|
|
|
|
- Closes #7063
|
|
|
+ Fixes #7222
|
|
|
+ Closes #7230
|
|
|
|
|
|
-- CI/cirrus: add shared and static Windows release builds
|
|
|
+- single_transfer: ignore blank --output-dir
|
|
|
|
|
|
- Azure Pipelines is currently being used for debug builds,
|
|
|
- let's also run some non-debug (release) Windows builds and
|
|
|
- make use of previously underutilized Cirrus CI for that.
|
|
|
+ ... as otherwise it creates a rather unexpected target directory with a
|
|
|
+ leading slash.
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Fixes #7218
|
|
|
+ Closes #7233
|
|
|
+
|
|
|
+- tests: update README about servers and port numbers
|
|
|
|
|
|
- Closes #6991
|
|
|
+ Closes #7242
|
|
|
|
|
|
-Daniel Stenberg (16 May 2021)
|
|
|
-- CURLOPT_CAPATH.3: defaults to a path, not NULL
|
|
|
+- conn_shutdown: if closed during CONNECT cleanup properly
|
|
|
|
|
|
- Reported-by: Andrew Barnert
|
|
|
+ Reported-by: Alex Xu
|
|
|
+ Reported-by: Phil E. Taylor
|
|
|
|
|
|
- Closes #7062
|
|
|
+ Fixes #7236
|
|
|
+ Closes #7237
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Christian Weisgerber brought this change]
|
|
|
|
|
|
- c-hyper: handle body on HYPER_TASK_EMPTY
|
|
|
-
|
|
|
- Some of the time, we get a HYPER_TASK_EMPTY response before the status
|
|
|
- line, headers, and body have been read. Previously, that would cause us
|
|
|
- to poll again, leading to a 1 second timeout.
|
|
|
+ sws: malloc request struct instead of using stack
|
|
|
|
|
|
- The HYPER_TASK_EMPTY docs say:
|
|
|
+ ... 2MB requests is otherwise just too big for some systems.
|
|
|
|
|
|
- The value of this task is null (does not imply an error).
|
|
|
+ (The allocations are not freed properly.)
|
|
|
|
|
|
- So, if we receive a HYPER_TASK_EMPTY, continue on with processing the
|
|
|
- response.
|
|
|
+ Bug: https://curl.se/mail/lib-2021-06/0018.html
|
|
|
|
|
|
- Reported-by: Kevin Burke
|
|
|
- Fixes #7064
|
|
|
- Closes #7070
|
|
|
+ Closes #7235
|
|
|
|
|
|
-- [Ikko Ashimine brought this change]
|
|
|
+- [Mark Swaanenburg brought this change]
|
|
|
|
|
|
- tool_getparam: fix comment typo in tool_getparam.c
|
|
|
+ lib: don't compare fd to FD_SETSIZE when using poll
|
|
|
|
|
|
- enfore -> enforce
|
|
|
+ FD_SETSIZE is irrelevant when using poll. So ensuring that the file
|
|
|
+ descriptor is smaller than FD_SETSIZE in VALID_SOCK, can cause
|
|
|
+ multi_wait to ignore perfectly valid file descriptors and simply wait
|
|
|
+ for 1s to avoid hammering the CPU in a busy loop.
|
|
|
|
|
|
- Closes #7074
|
|
|
+ Fixes #7240
|
|
|
+ Closes #7241
|
|
|
|
|
|
-- mem-include-scan.pl: require a non-word letter before memory funcs
|
|
|
-
|
|
|
- ... so that ldap_memfree() for example doesn't match the scan for free.
|
|
|
-
|
|
|
- Closes #7061
|
|
|
+- [zhangxiuhua brought this change]
|
|
|
|
|
|
-- version: free the openldap info correctly
|
|
|
-
|
|
|
- ... to avoid memory leaks.
|
|
|
+ doh: fix wrong DEBUGASSERT for doh private_data
|
|
|
|
|
|
- Follow-up to: bf0feae7768d9
|
|
|
- Closes #7061
|
|
|
+ Closes #7227
|
|
|
|
|
|
-- dupset: remove totally off comment
|
|
|
-
|
|
|
- Closes #7067
|
|
|
+- [yb999 brought this change]
|
|
|
|
|
|
-- configure: if asked for, fail if ldap is not found
|
|
|
+ tests: update README.md with a missing single quote
|
|
|
|
|
|
- Reported-by: Jakub Zakrzewski
|
|
|
- Fixes #7053
|
|
|
- Closes #7055
|
|
|
+ Closes #7231
|
|
|
|
|
|
-- version: add OpenLDAP version in the output
|
|
|
+- GHA: run all tests for hyper too
|
|
|
|
|
|
- Assisted-by: Howard Chu
|
|
|
- Closes #7054
|
|
|
-
|
|
|
-Jay Satiro (13 May 2021)
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+ As it lists disabled ones in DISABLED now
|
|
|
+
|
|
|
+ Closes #7209
|
|
|
|
|
|
- schannel: Ensure the security context request flags are always set
|
|
|
+- tests/data/DISABLED: add tests not working with hyper
|
|
|
|
|
|
- As of commit 54e7475, these flags would only be set when using a new
|
|
|
- credential handle. When re-using an existing credential handle, the
|
|
|
- flags would not be set.
|
|
|
+ The goal is to remove them all from here over time.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7051
|
|
|
-
|
|
|
-Dan Fandrich (12 May 2021)
|
|
|
-- tests: Fix some tag matching issues in a number of tests
|
|
|
+ Closes #7209
|
|
|
|
|
|
-Daniel Stenberg (12 May 2021)
|
|
|
-- sasl: use 'unsigned short' to store mechanism
|
|
|
-
|
|
|
- ... saves a few bytes of struct size in memory and it only uses
|
|
|
- 10 bits anyway.
|
|
|
+- runtests: also find the last test in Makefile.inc
|
|
|
|
|
|
- Closes #7045
|
|
|
+ Closes #7209
|
|
|
|
|
|
-- hostip: remove the debug code for LocalHost
|
|
|
+- test3010: work with hyper mode
|
|
|
|
|
|
- The Curl_resolv() had special code (when built in debug mode) for when
|
|
|
- resolving the host name "LocalHost" (using that exact casing). It would
|
|
|
- then get the host name from the --interface option instead.
|
|
|
+ Closes #7209
|
|
|
+
|
|
|
+- configure: disable RTSP when hyper is selected
|
|
|
|
|
|
- This development-only feature was not used by anything (anymore) and we
|
|
|
- have the --resolve feature if we want to play similar tricks properly
|
|
|
- going forward.
|
|
|
+ Makes test 1013 work
|
|
|
|
|
|
- Closes #7044
|
|
|
+ Closes #7209
|
|
|
|
|
|
-- progress: reset limit_size variables at transfer start
|
|
|
+- test1594/1595/1596: fix to work in hyper mode
|
|
|
|
|
|
- Otherwise the old value would linger from a previous use and would mess
|
|
|
- up the network speed cap logic.
|
|
|
+ Closes #7209
|
|
|
+
|
|
|
+- test1438/1457: add HTTP keyword to make hyper mode work
|
|
|
|
|
|
- Reported-by: Ymir1711 on github
|
|
|
+ Closes #7209
|
|
|
+
|
|
|
+- test1340/1341: adjusted for hyper mode
|
|
|
|
|
|
- Fixes #7042
|
|
|
- Closes #7043
|
|
|
+ Closes #7209
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- test1218: adjusted for hyper mode
|
|
|
+
|
|
|
+ Closes #7209
|
|
|
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+- test1216: adjusted for hyper mode
|
|
|
+
|
|
|
+ Closes #7209
|
|
|
|
|
|
- cookies: use CURLcode for cookie_output reporting
|
|
|
+- test1230: adjust to work in hyper mode
|
|
|
|
|
|
- Writing the cookie file has multiple error conditions, and was using an
|
|
|
- int with magic numbers to report the different error (which in turn were
|
|
|
- disregarded anyways). This moves reporting to use a CURLcode value.
|
|
|
+ Closes #7209
|
|
|
+
|
|
|
+- c-hyper: abort CONNECT response reading early on non 2xx responses
|
|
|
|
|
|
- Lightly-touched-by: Daniel Stenberg
|
|
|
+ Fixes test 493
|
|
|
|
|
|
- Closes #7037
|
|
|
- Closes #6749
|
|
|
+ Closes #7209
|
|
|
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+- test434: add HTTP keyword
|
|
|
+
|
|
|
+ Closes #7209
|
|
|
|
|
|
- cookies: make use of string duplication function
|
|
|
+- test599: adjusted to work in hyper mode
|
|
|
|
|
|
- strstore() is defined as a strdup which ensures to free the target
|
|
|
- pointer before duping the source char * into it. Make use of it in
|
|
|
- two more cases where it can simplify the code.
|
|
|
+ Closes #7209
|
|
|
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+- c-hyper: fix the uploaded field in progress callbacks
|
|
|
+
|
|
|
+ Makes test 578 work
|
|
|
+
|
|
|
+ Closes #7209
|
|
|
|
|
|
- cookies: refactor comments
|
|
|
+- test566: adjust to work with hyper mode
|
|
|
|
|
|
- Comments in the cookie code were a bit all over the place in terms of
|
|
|
- style and wording. This takes a stab at cleaning them up by keeping to
|
|
|
- a single style and overall shape. Some comments are moved a little and
|
|
|
- some removed alltogether due to being redundant. No functional changes
|
|
|
- have been made,
|
|
|
+ Closes #7209
|
|
|
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+- [Fawad Mirza brought this change]
|
|
|
|
|
|
- http2: skip immediate parsing of payload following protocol switch
|
|
|
-
|
|
|
- This is considered not harmful as a following http2_recv shall be
|
|
|
- called very soon.
|
|
|
+ CURLOPT_WRITEFUNCTION.3: minor update of the example
|
|
|
|
|
|
- This is considered helpful in the specific situation where some
|
|
|
- servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately
|
|
|
- following the return of HTTP status 101, other than waiting for
|
|
|
- the client-side connection preface to arrive.
|
|
|
+ Safely avoid chunk.size garbage value if declared non globally.
|
|
|
|
|
|
- Fixes #7036
|
|
|
- Closes #7040
|
|
|
+ Closes #7219
|
|
|
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+- [Bastian Krause brought this change]
|
|
|
|
|
|
- http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade
|
|
|
+ configure: rename get-easy-option configure option to get-easy-options
|
|
|
|
|
|
- Following the upstream deprecation of nghttp2_session_upgrade.
|
|
|
+ "get-easy-options" is the configure option advertised by the help text
|
|
|
+ anyway, so use that.
|
|
|
|
|
|
- Also provides further checks for requests with the HEAD method.
|
|
|
+ Fixes #7211
|
|
|
+ Closes #7213
|
|
|
|
|
|
- Closes #7041
|
|
|
+ Follow-up to ad691b191 ("configure: added --disable-get-easy-options")
|
|
|
+ Suggested-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
|
|
|
|
|
-- progress/trspeed: use a local convenient pointer to beautify code
|
|
|
+- runtests: skip disabled tests unless -f is used
|
|
|
|
|
|
- The function becomes easier to read and understand with less repetition.
|
|
|
+ To make it easier to write ranges like '115 to 229' without that
|
|
|
+ explicitly enabling tests that are listed in DISABLED, this makes
|
|
|
+ runtests always skip disabled tests unless the -f command line option is
|
|
|
+ used.
|
|
|
+
|
|
|
+ Previously the code attempted to not run such tests, but didn't do it
|
|
|
+ correctly.
|
|
|
+
|
|
|
+ Closes #7212
|
|
|
|
|
|
-- trspeed: use long double for transfer speed calculation
|
|
|
+- [Jun-ya Kato brought this change]
|
|
|
|
|
|
-- progress: move transfer speed calc into function
|
|
|
+ ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
|
|
|
|
|
|
- This silences two scan-build-11 warnings: "The result of the '/'
|
|
|
- expression is undefined"
|
|
|
+ The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible
|
|
|
+ mode for middle box but it is enabled by default, which is unnecessary
|
|
|
+ for QUIC.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-05/0022.html
|
|
|
- Closes #7035
|
|
|
-
|
|
|
-- [Cameron Cawley brought this change]
|
|
|
+ Fixes #6896
|
|
|
+ Closes #7202
|
|
|
|
|
|
- openssl: remove unneeded cast for CertOpenSystemStore()
|
|
|
+- test644: remove as duplicate of test 587
|
|
|
|
|
|
- Closes #7025
|
|
|
+ Closes #7208
|
|
|
|
|
|
-- travis: disable the libssh build
|
|
|
+Daniel Gustafsson (8 Jun 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- cookies: track expiration in jar to optimize removals
|
|
|
|
|
|
- It can't run on focal and causes warnings on bionic. Since the focal
|
|
|
- failure started rather suddenly a while ago, we can suspect it might be
|
|
|
- temporary.
|
|
|
+ Removing expired cookies needs to be a fast operation since we want to
|
|
|
+ be able to perform it often and speculatively. By tracking the timestamp
|
|
|
+ of the next known expiration we can exit early in case the timestamp is
|
|
|
+ in the future.
|
|
|
|
|
|
- Added "bring back the build" to the TODO document.
|
|
|
+ Closes: #7172
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+
|
|
|
+Daniel Stenberg (7 Jun 2021)
|
|
|
+- GHA: add several libcurl tests to the hyper job
|
|
|
|
|
|
- Fixes #7011
|
|
|
- Closes #7012
|
|
|
+ 500 to 512
|
|
|
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+- test500: adjust to work with hyper mode
|
|
|
|
|
|
- http: use calculated offsets inst of integer literals for header parsing
|
|
|
+- c-hyper: support CURLINFO_STARTTRANSFER_TIME
|
|
|
|
|
|
- Assumed to be a minor coding style improvement with no behavior change.
|
|
|
+ Closes #7204
|
|
|
+
|
|
|
+- c-hyper: support CURLOPT_HEADER
|
|
|
|
|
|
- A modern compiler is expected to have the calculation optimized during
|
|
|
- compilation. It may be deemed okay even if that's not the case, since
|
|
|
- the added overhead is considered very low.
|
|
|
+ When enabled, the headers are passed to the body write callback as well.
|
|
|
|
|
|
- Closes #7032
|
|
|
-
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
-
|
|
|
- GIT-INFO: suggest using autoreconf instead of buildconf
|
|
|
+ Like in test 500
|
|
|
|
|
|
- Follow-up to 85868537d
|
|
|
+ Closes #7204
|
|
|
+
|
|
|
+- GHA: run the newly fixed tests with hyper
|
|
|
|
|
|
- Closes #7033
|
|
|
+ Closes #7205
|
|
|
|
|
|
-- http: deal with partial CONNECT sends
|
|
|
+- test433: adjust for hyper mode
|
|
|
|
|
|
- Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets,
|
|
|
- which helped verifying this even more.
|
|
|
+ Closes #7205
|
|
|
+
|
|
|
+- test395: hyper cannot work around > 64 bit content-lengths like built-in
|
|
|
|
|
|
- Add test 363 to verify.
|
|
|
+ Closes #7205
|
|
|
+
|
|
|
+- test394: hyper returns a different error
|
|
|
|
|
|
- Reported-by: ustcqidi on github
|
|
|
- Fixes #6950
|
|
|
- Closes #7024
|
|
|
+ Closes #7205
|
|
|
|
|
|
-- HTTP3: make the ngtcp2 build use the quictls fork
|
|
|
+- test393: make Content-Length fit within 64 bit for hyper
|
|
|
|
|
|
- ... as ngtcp2 itself documents the build this way.
|
|
|
+ Closes #7205
|
|
|
+
|
|
|
+- test347: CRLFify to work in hyper mode
|
|
|
|
|
|
- Closes #7031
|
|
|
+ Closes #7205
|
|
|
|
|
|
-- http: limit the initial send amount to used upload buffer size
|
|
|
+- test339: CRLFify better to work in hyper mode
|
|
|
|
|
|
- Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
|
|
|
- but for the situations where a larger upload buffer has been set, this
|
|
|
- function can benefit from sending more bytes. With default size used,
|
|
|
- this does the same as before.
|
|
|
+ Closes #7205
|
|
|
+
|
|
|
+- travis: remove the hyper build
|
|
|
+
|
|
|
+- GHA: add a linux-hyper job
|
|
|
|
|
|
- Also changed the storage of the size to an 'unsigned int' as it is not
|
|
|
- allowed to be set larger than 2M.
|
|
|
+ Closes #7206
|
|
|
+
|
|
|
+- test328: avoid a header-looking body to make hyper mode work
|
|
|
|
|
|
- Also added cautions to the man pages about changing buffer sizes in
|
|
|
- run-time.
|
|
|
+ The test still works the same, just modified two bytes in the content.
|
|
|
|
|
|
- Closes #7022
|
|
|
+ Closes #7203
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- release-notes.pl: also spot common 'closes' typo
|
|
|
|
|
|
-- ngtcp2: fix the cb_acked_stream_data_offset proto
|
|
|
+- metalink: remove
|
|
|
|
|
|
- The 'datalen' value should be 64 bit, not size_t!
|
|
|
+ Warning: this will make existing curl command lines that use metalink to
|
|
|
+ stop working.
|
|
|
|
|
|
- Reported-by: Dmitry Karpov
|
|
|
- Bug: https://curl.se/mail/lib-2021-05/0019.html
|
|
|
- Closes #7027
|
|
|
-
|
|
|
-- progress: when possible, calculate transfer speeds with microseconds
|
|
|
+ Reasons for removal:
|
|
|
|
|
|
- ... this improves precision, especially for transfers in the few or even
|
|
|
- sub millisecond range.
|
|
|
+ 1. We've found several security problems and issues involving the
|
|
|
+ metalink support in curl. The issues are not detailed here. When
|
|
|
+ working on those, it become apparent to the team that several of the
|
|
|
+ problems are due to the system design, metalink library API and what
|
|
|
+ the metalink RFC says. They are very hard to fix on the curl side
|
|
|
+ only.
|
|
|
|
|
|
- Reported-by: J. Bromley
|
|
|
- Fixes #7017
|
|
|
- Closes #7020
|
|
|
-
|
|
|
-- http: reset the header buffer when sending the request
|
|
|
+ 2. The metalink usage with curl was only very briefly documented and was
|
|
|
+ not following the "normal" curl usage pattern in several ways, making
|
|
|
+ it surprising and non-intuitive which could lead to further security
|
|
|
+ issues.
|
|
|
|
|
|
- A reused transfer handle could otherwise reuse the previous leftover
|
|
|
- buffer and havoc would ensue.
|
|
|
+ 3. The metalink library was last updated 6 years ago and wasn't so
|
|
|
+ active the years before that either. An unmaintained library means
|
|
|
+ there's a security problem waiting to happen. This is probably reason
|
|
|
+ enough.
|
|
|
+
|
|
|
+ 4. Metalink requires an XML parsing library, which is complex code (even
|
|
|
+ the smaller alternatives) and to this day often gets security
|
|
|
+ updates.
|
|
|
+
|
|
|
+ 5. Metalink is not a widely used curl feature. In the 2020 curl user
|
|
|
+ survey, only 1.4% of the responders said that they'd are using it. In
|
|
|
+ 2021 that number was 1.2%. Searching the web also show very few
|
|
|
+ traces of it being used, even with other tools.
|
|
|
+
|
|
|
+ 6. The torrent format and associated technology clearly won for
|
|
|
+ downloading large files from multiple sources in parallel.
|
|
|
|
|
|
- Reported-by: sergio-nsk on github
|
|
|
- Fixes #7018
|
|
|
- Closes #7021
|
|
|
+ Cloes #7176
|
|
|
|
|
|
-- curl_mprintf.3: add description
|
|
|
+- docs/INSTALL: remove mentions of configure --with-darwin-ssl
|
|
|
|
|
|
- These functions have existed in the API since the dawn of time. It is
|
|
|
- about time we describe how they work, even if we discourage users from
|
|
|
- using them.
|
|
|
+ ... as it isn't supported since a while back.
|
|
|
|
|
|
- Closes #7010
|
|
|
+ Make configure fail with a warning if used.
|
|
|
+
|
|
|
+ Reported-by: Vadim Grinshpun
|
|
|
+ Bug: https://curl.se/mail/lib-2021-06/0008.html
|
|
|
+ Closes #7200
|
|
|
|
|
|
-- [Timothy Gu brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- URL-SYNTAX: update IDNA section for WHATWG spec changes
|
|
|
+- [Gregor Jasny brought this change]
|
|
|
+
|
|
|
+ cmake: Avoid leaking absolute paths into exported config
|
|
|
|
|
|
- WHATWG URL has dictated the use of Nontransitional Processing (IDNA
|
|
|
- 2008) for several years now. Chrome (and derivatives) still use
|
|
|
- Transitional Processing, but Firefox and Safari have both switched.
|
|
|
+ The `find_libarary` command resolves the library or framework
|
|
|
+ into an absolute path. In case of system frameworks which are
|
|
|
+ located within an Xcode-provided SDK this results in the Xcode
|
|
|
+ path and SDK version being part of the library path.
|
|
|
|
|
|
- Also document the fact that winidn functions differently from libidn2
|
|
|
- here.
|
|
|
+ Because those library paths end up in the exported CMake config
|
|
|
+ importing curl will fail once the Xcode location or SDK version
|
|
|
+ changes:
|
|
|
|
|
|
- Closes #7026
|
|
|
+ ```cmake
|
|
|
+ set_target_properties(CURL::libcurl PROPERTIES
|
|
|
+ INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
|
|
|
+ INTERFACE_LINK_LIBRARIES "lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB"
|
|
|
+ )
|
|
|
+ ```
|
|
|
+
|
|
|
+ A work-around is to link against system-level frameworks with
|
|
|
+ `-framework XYZ`. In case of `SystemConfiguration` we might be able
|
|
|
+ to omit the lookup-check because we could assume the framework is
|
|
|
+ always present.
|
|
|
+
|
|
|
+ Closes #7152
|
|
|
|
|
|
-- [Calvin Buckley brought this change]
|
|
|
+- [Shikha Sharma brought this change]
|
|
|
|
|
|
- INSTALL: add IBM i specific quirks
|
|
|
+ http2_connisdead: handle trailing GOAWAY better
|
|
|
|
|
|
- Fixes #6830
|
|
|
- Closes #7013
|
|
|
+ When checking the connection the input processing returns error
|
|
|
+ immediately, we now consider that a dead connnection.
|
|
|
+
|
|
|
+ Bug: https://curl.se/mail/lib-2021-06/0001.html
|
|
|
+ Closes #7192
|
|
|
|
|
|
-- libcurl.3: mention the URL API
|
|
|
+- [Dmitry Karpov brought this change]
|
|
|
+
|
|
|
+ ares: always store IPv6 addresses first
|
|
|
|
|
|
- To make it easier to find. Also a minor polish of libcurl-url.3
|
|
|
+ Trying dual-stack on some embedded platform, I noticed that quite
|
|
|
+ frequently (20%) libCurl starts from IPv4 regardless the Happy Eyeballs
|
|
|
+ timeout value. After debugging this issue, I noticed that this happens
|
|
|
+ if c-ares resolver response for IPv6 family comes before IPv4 (which was
|
|
|
+ randomly happening in my tests).
|
|
|
|
|
|
- Closes #7009
|
|
|
-
|
|
|
-- GnuTLS: don't allow TLS 1.3 for versions that don't support it
|
|
|
+ In such cases, because libCurl puts the last resolver response on top of
|
|
|
+ the address list, when IPv4 resolver response comes after IPv6 one - the
|
|
|
+ IPv4 family starts the connection phase instead of IPv6 family.
|
|
|
|
|
|
- Follow-up to 781864bedbc5
|
|
|
+ The solution for this issue is to always put IPv6 addresses on top of
|
|
|
+ the address list, regardless the order of resolver responses.
|
|
|
|
|
|
- ... as they don't understand it and will return error at us!
|
|
|
+ Bug: https://curl.se/mail/lib-2021-06/0003.html
|
|
|
|
|
|
- Closes #7014
|
|
|
+ Closes #7188
|
|
|
|
|
|
-Kamil Dudka (6 May 2021)
|
|
|
-- tool_getparam: handle failure of curlx_convert_tchar_to_UTF8()
|
|
|
+- Revert "Revert "socketpair: fix potential hangs""
|
|
|
|
|
|
- Reported by GCC analyzer:
|
|
|
+ This reverts commit 3e70c3430a370a31eff2c1d8fea29edaca8f1127.
|
|
|
|
|
|
- Error: GCC_ANALYZER_WARNING (CWE-476):
|
|
|
- src/tool_getparam.c: scope_hint: In function 'parse_args'
|
|
|
- src/tool_getparam.c:2318:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'orig_opt'
|
|
|
- lib/curlx.h:56: included_from: Included from here.
|
|
|
- src/tool_getparam.c:28: included_from: Included from here.
|
|
|
- lib/curl_multibyte.h:70:51: note: in definition of macro 'curlx_convert_tchar_to_UTF8'
|
|
|
- src/tool_getparam.c:2316:16: note: in expansion of macro 'curlx_convert_tchar_to_UTF8'
|
|
|
+ Thus brings back the change from #7144 as was originally landed in
|
|
|
+ c769d1eab4de8b
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7023
|
|
|
+ Closes #7144 (again)
|
|
|
|
|
|
-Daniel Stenberg (6 May 2021)
|
|
|
-- scripts/delta: also show total number of days
|
|
|
+- [Ebe Janchivdorj brought this change]
|
|
|
|
|
|
-Marc Hoersken (5 May 2021)
|
|
|
-- sockfilt: fix invalid increment of handles index variable nfd
|
|
|
-
|
|
|
- Only increment the array index if we actually stored a handle.
|
|
|
+ schannel: move code out of SChannel_connect_step1
|
|
|
|
|
|
- Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b
|
|
|
- Closes #6992
|
|
|
+ Reviewed-by: Marc Hoersken
|
|
|
+ Closes #7168
|
|
|
|
|
|
-- sockfilt: avoid getting stuck waiting for writable socket
|
|
|
-
|
|
|
- Reset FD_WRITE event using the same approach as in multi.c
|
|
|
+- tests/data/Makefile.inc: error: trailing backslash on last line
|
|
|
|
|
|
- Follow up to b36442b24305f3cda7c13cc64b46838995a4985b
|
|
|
- Closes #6992
|
|
|
+ Follow-up to d8dcb399b8009d
|
|
|
|
|
|
-Jay Satiro (5 May 2021)
|
|
|
-- test678: Fix for Windows multibyte builds
|
|
|
-
|
|
|
- Follow-up to 77fc385 from yesterday.
|
|
|
-
|
|
|
- Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557
|
|
|
- Reported-by: Marc Hörsken
|
|
|
+- TODO: Support rate-limiting for MQTT
|
|
|
|
|
|
- [Dmitry Kostjuchenko brought this change]
|
|
|
|
|
|
- build: fix compilation for Windows UWP platform
|
|
|
+ warnless: simplify type size handling
|
|
|
|
|
|
- - Include afunix.h which is necessary for sockaddr_un when
|
|
|
- USE_UNIX_SOCKETS is defined on Windows.
|
|
|
+ By using sizeof(T), existing defines and relying on the compiler to
|
|
|
+ define the required signed/unsigned mask.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7006
|
|
|
+ Closes #7181
|
|
|
|
|
|
-Daniel Stenberg (5 May 2021)
|
|
|
-- gnutls: make setting only the MAX TLS allowed version work
|
|
|
-
|
|
|
- Previously, settting only the max allowed TLS version, leaving the
|
|
|
- minimum one at default, didn't actually set it and left it to default
|
|
|
- (TLS 1.3) too!
|
|
|
-
|
|
|
- As a bonus, this change also removes the dead code handling of SSLv3
|
|
|
- since that version can't be set anymore (since eff614fb0242cb).
|
|
|
+Gisle Vanem (4 Jun 2021)
|
|
|
+- [Win32] Fix for USE_WATT32
|
|
|
|
|
|
- Reported-by: Daniel Carpenter
|
|
|
- Fixes #6998
|
|
|
- Closes #7000
|
|
|
+ My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()`
|
|
|
|
|
|
-- openldap: replace ldap_ prefix on private functions
|
|
|
-
|
|
|
- Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
|
|
|
- least) there's a symbol collision because of that.
|
|
|
+Daniel Stenberg (4 Jun 2021)
|
|
|
+- [Alexis Vachette brought this change]
|
|
|
+
|
|
|
+ url: bad CURLOPT_CONNECT_TO syntax now returns error
|
|
|
|
|
|
- The private functions now use the 'oldap_' prefix where it previously
|
|
|
- used 'ldap_'.
|
|
|
+ Added test 3020 to verify
|
|
|
|
|
|
- Reported-by: 3eka on github
|
|
|
- Fixes #7004
|
|
|
- Closes #7005
|
|
|
+ Closes #7183
|
|
|
|
|
|
-Jay Satiro (5 May 2021)
|
|
|
-- http2: fix potentially uninitialized variable
|
|
|
+- github: remove the cmake macOS gcc-8 jobs
|
|
|
|
|
|
- introduced several days ago in 3193170. caught by visual studio linker.
|
|
|
-
|
|
|
-- [Gilles Vollant brought this change]
|
|
|
+ They're too similar to the gcc-9 ones to be useful (and seems to not
|
|
|
+ work anymore).
|
|
|
+
|
|
|
+ Closes #7187
|
|
|
|
|
|
- SSL: support in-memory CA certs for some backends
|
|
|
+- test269: disable for hyper
|
|
|
|
|
|
- - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
|
|
|
- specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
|
|
|
- and Secure Transport (Apple) SSL backends.
|
|
|
+ --ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work
|
|
|
+ with hyper.
|
|
|
|
|
|
- Prior to this change PEM certificates could only be imported from a file
|
|
|
- and not from memory.
|
|
|
+ Closes #7184
|
|
|
+
|
|
|
+- runtests: enable 'hyper mode' only for HTTP tests
|
|
|
|
|
|
- Co-authored-by: moparisthebest@users.noreply.github.com
|
|
|
+ The 'hyper mode' makes line-ending checks work in the test suite for
|
|
|
+ when hyper is used. Now it also requires that HTTP or HTTPS are
|
|
|
+ mentioned as keywords to be enabled so that it doesn't wrongly adjusts
|
|
|
+ tests for other protocols.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/4679
|
|
|
- Ref: https://github.com/curl/curl/pull/5677
|
|
|
- Ref: https://github.com/curl/curl/pull/6109
|
|
|
+ This makes test 271 (TFTP) work again in hyper enabled builds.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6662
|
|
|
+ Closes #7185
|
|
|
|
|
|
-Daniel Stenberg (4 May 2021)
|
|
|
-- [David Cook brought this change]
|
|
|
+- [Alexis Vachette brought this change]
|
|
|
|
|
|
- tests: ignore case of chunked hex numbers in tests
|
|
|
+ hostip: bad CURLOPT_RESOLVE syntax now returns error
|
|
|
|
|
|
- When hyper is used, it emits uppercase hexadecimal numbers for chunked
|
|
|
- encoding lengths. Without hyper, lowercase hexadecimal numbers are used.
|
|
|
- This change adds preprocessor statements to tests where this is an
|
|
|
- issue, and adapts the fixtures to match.
|
|
|
+ Added test 3019
|
|
|
+ Fixes #7170
|
|
|
+ Closes #7174
|
|
|
+
|
|
|
+Daniel Gustafsson (3 Jun 2021)
|
|
|
+- cookies: fix typo and expand comment
|
|
|
|
|
|
- Closes #6987
|
|
|
+ Fix a typo in the sorting comment, and while in there elaborate slightly
|
|
|
+ on why creationtime can be used as a tiebreaker.
|
|
|
|
|
|
-- cmake: check for getppid and utimes
|
|
|
+- cookies: remove unused header
|
|
|
|
|
|
- ... as they're checked for in the configure script and are used by
|
|
|
- source code.
|
|
|
+ Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use
|
|
|
+ for the inet_pton.h headerfile, this removes the inclusion of the
|
|
|
+ header.
|
|
|
|
|
|
- Removed checks for perror, setvbuf and strlcat since those defines are
|
|
|
- not checked for in source code.
|
|
|
+ Closes: #7182
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+
|
|
|
+Daniel Stenberg (3 Jun 2021)
|
|
|
+- Revert "socketpair: fix potential hangs"
|
|
|
|
|
|
- Bonus: removed HAVE_STRLCPY from a few config-*.h files since that
|
|
|
- symbol is not used in source code.
|
|
|
+ This reverts commit c769d1eab4de8b9f1bd84d992c63692fdc43c5be.
|
|
|
|
|
|
- Closes #6997
|
|
|
+ See #7144 for details
|
|
|
|
|
|
-- libtest: remove lib530.c
|
|
|
+- [Paul Groke brought this change]
|
|
|
+
|
|
|
+ socketpair: fix potential hangs
|
|
|
|
|
|
- Follow up from e50a877df when test 530 was removed. Since then this
|
|
|
- source file has not been used/needed.
|
|
|
+ Fixes potential hang in accept by using select + non-blocking accept.
|
|
|
|
|
|
- Closes #6999
|
|
|
-
|
|
|
-- FILEFORMAT: mention sectransp as a feature
|
|
|
+ Fixes potential hang in peer check by replacing the send/recv check with
|
|
|
+ a getsockname/getpeername check.
|
|
|
|
|
|
- Been supported since at least 40259ca65
|
|
|
+ Adds length check for returned sockaddr data.
|
|
|
|
|
|
- Closes #7001
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7144
|
|
|
|
|
|
-- libssh2: ignore timeout during disconnect
|
|
|
+- runtests: parse data/Makefile.inc instead of using make
|
|
|
|
|
|
- ... to avoid memory leaks!
|
|
|
+ The warning about missing entries in that file then doesn't require that
|
|
|
+ the Makefile has been regenerated which was confusing.
|
|
|
|
|
|
- libssh2 is tricky as we have to deal with the non-blockiness even in
|
|
|
- close and shutdown cases. In the cases when we shutdown after a timeout
|
|
|
- already expired, it is crucial that curl doen't let the timeout abort
|
|
|
- the shutdown process as that then leaks memory!
|
|
|
+ The scan for the test num is a little more error prone than before
|
|
|
+ (since now it doesn't actually verify that it is legitimate Makefile
|
|
|
+ syntax), but I think it is good enough.
|
|
|
|
|
|
- Reported-by: Benjamin Riefenstahl
|
|
|
- Fixes #6990
|
|
|
+ Closes #7177
|
|
|
|
|
|
-- KNOWN_BUGS: add two HTTP/2 bugs
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
-- KNOWN_BUGS: add three HTTP/3 issues
|
|
|
-
|
|
|
- ... and moved the HTTP/2 issues to its own section
|
|
|
+ filecheck: quietly remove test-place/*~
|
|
|
|
|
|
- Closes #6606
|
|
|
- Closes #6510
|
|
|
- Closes #6494
|
|
|
+ Closes #7179
|
|
|
|
|
|
-- [ejanchivdorj brought this change]
|
|
|
+- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
|
|
|
+
|
|
|
+ For options that pass in lists or strings that are subsequently parsed
|
|
|
+ and must be correct. This broadens the scope for the option previously
|
|
|
+ known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still
|
|
|
+ provided as a #define for existing applications.
|
|
|
+
|
|
|
+ Closes #7175
|
|
|
|
|
|
- CURLcode: add CURLE_SSL_CLIENTCERT
|
|
|
+- tests: fix Accept-Encoding strips to work with Hyper builds
|
|
|
|
|
|
- When a TLS server requests a client certificate during handshake and
|
|
|
- none can be provided, libcurl now returns this new error code
|
|
|
- CURLE_SSL_CLIENTCERT
|
|
|
+ The previous strip also removed the CR which turned problematic.
|
|
|
|
|
|
- Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.
|
|
|
+ valgrind.supp: add zstd suppression using hyper
|
|
|
|
|
|
- Closes #6721
|
|
|
-
|
|
|
-- [Tobias Gabriel brought this change]
|
|
|
+ Reported-and-analyzed-by: Kevin Burke
|
|
|
+ Fixes #7169
|
|
|
+ Closes #7171
|
|
|
|
|
|
- .github/FUNDING: add link to GitHub sponsors
|
|
|
+- github: timeout jobs on macOS after 90 minutes
|
|
|
|
|
|
- Closes #6985
|
|
|
+ Assisted-by: Marc Hoersken
|
|
|
+ Closes #7173
|
|
|
|
|
|
- [Harry Sintonen brought this change]
|
|
|
|
|
|
- krb5/name_to_level: replace checkprefix with curl_strequal
|
|
|
+ mqtt: detect illegal and too large file size
|
|
|
|
|
|
- Closes #6993
|
|
|
+ Add test 3017 and 3018 to verify.
|
|
|
+ Closes #7166
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Abhinav Singh brought this change]
|
|
|
|
|
|
- Curl_input_digest: require space after Digest
|
|
|
+ cmake: add CURL_DISABLE_NTLM option
|
|
|
|
|
|
- Closes #6993
|
|
|
+ Closes #7028
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Abhinav Singh brought this change]
|
|
|
|
|
|
- Curl_http_header: check for colon when matching Persistent-Auth
|
|
|
+ configure: add --disable-ntlm option
|
|
|
|
|
|
- Closes #6993
|
|
|
-
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+ Closes #7028
|
|
|
|
|
|
- Curl_http_input_auth: require valid separator after negotiation type
|
|
|
-
|
|
|
- Closes #6993
|
|
|
+- [Abhinav Singh brought this change]
|
|
|
|
|
|
-- http: fix the check for 'Authorization' with Bearer
|
|
|
+ define: re-add CURL_DISABLE_NTLM and corresponding ifdefs
|
|
|
|
|
|
- The code would wrongly check for it using an additional colon.
|
|
|
+ This flag will be further exposed by adding build options.
|
|
|
|
|
|
- Reported-by: Blake Burkhart
|
|
|
- Closes #6988
|
|
|
+ Reverts #6809
|
|
|
+ Closes #7028
|
|
|
|
|
|
-- [Kamil Dudka brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- http2: fix a resource leak in push_promise()
|
|
|
-
|
|
|
- ... detected by Coverity:
|
|
|
-
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle".
|
|
|
- lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)".
|
|
|
- lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url".
|
|
|
- lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to.
|
|
|
+Viktor Szakats (1 Jun 2021)
|
|
|
+- travis: delete --enable-hsts option (it is the default now) [ci skip]
|
|
|
|
|
|
- Closes #6986
|
|
|
-
|
|
|
-- [Kamil Dudka brought this change]
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7167
|
|
|
|
|
|
- http2: fix resource leaks in set_transfer_url()
|
|
|
-
|
|
|
- ... detected by Coverity:
|
|
|
-
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
+Daniel Stenberg (1 Jun 2021)
|
|
|
+- hostip: fix 3 coverity complaints
|
|
|
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
+ Follow-up to 1a0ebf6632f889eed
|
|
|
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
+ - Check the return code to Curl_inet_pton() in two instances, even
|
|
|
+ though we know the input is valid so the functions won't fail.
|
|
|
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
+ - Clear the 'struct sockaddr_in' struct before use so that the
|
|
|
+ 'sin_zero' field isn't left uninitialized.
|
|
|
|
|
|
- Closes #6986
|
|
|
+ Detected by Coverity.
|
|
|
+ Assisted-by: Harry Sintonen
|
|
|
+ Closes #7163
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- c-hyper: fix NTLM on closed connection tested with test159
|
|
|
+
|
|
|
+ Closes #7154
|
|
|
|
|
|
- rustls: use ALPN
|
|
|
+- conncache: lowercase the hash key for better match
|
|
|
|
|
|
- Update required rustls to 0.5.0
|
|
|
+ As host names are case insensitive, the use of case sensitive hashing
|
|
|
+ caused unnecesary cache misses and therefore lost performance. This
|
|
|
+ lowercases the hash key.
|
|
|
|
|
|
- Closes #6960
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Fixes #7159
|
|
|
+ Closes #7161
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- mbedtls: make mbedtls_strerror always work
|
|
|
+
|
|
|
+ If the function doesn't exist, provide a macro that just clears the
|
|
|
+ error message. Removes #ifdef uses from the code.
|
|
|
+
|
|
|
+ Closes #7162
|
|
|
|
|
|
- gskit: fix CURL_DISABLE_PROXY build
|
|
|
+- vtls: exit addsessionid if no cache is inited
|
|
|
|
|
|
- Removed localfd and remotefd from ssl_backend_data (ued only with proxy
|
|
|
- connection). Function pipe_ssloverssl return always 0, when proxy is not
|
|
|
- used.
|
|
|
+ Follow-up to b249592d29ae0
|
|
|
|
|
|
- Closes #6981
|
|
|
+ Avoids NULL pointer derefs.
|
|
|
+
|
|
|
+ Closes #7165
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
- gskit: fix undefined reference to 'conn'
|
|
|
+ Curl_ntlm_core_mk_nt_hash: fix OOM in error path
|
|
|
|
|
|
- Closes #6980
|
|
|
-
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+ Closes #7164
|
|
|
|
|
|
- tls: add USE_HTTP2 define
|
|
|
+Michael Kaufmann (1 Jun 2021)
|
|
|
+- ssl: read pending close notify alert before closing the connection
|
|
|
|
|
|
- This abstracts across the two HTTP/2 backends: nghttp2 and Hyper.
|
|
|
+ This avoids a TCP reset (RST) if the server initiates a connection
|
|
|
+ shutdown by sending an SSL close notify alert and then closes the TCP
|
|
|
+ connection.
|
|
|
|
|
|
- Add our own define for the "h2" ALPN protocol, so TLS backends can use
|
|
|
- it without depending on a specific HTTP backend.
|
|
|
+ For SSL connections, usually the server announces that it will close the
|
|
|
+ connection with an SSL close notify alert. curl should read this alert.
|
|
|
+ If curl does not read this alert and just closes the connection, some
|
|
|
+ operating systems close the TCP connection with an RST flag.
|
|
|
|
|
|
- Closes #6959
|
|
|
+ See RFC 1122, section 4.2.2.13
|
|
|
+
|
|
|
+ If curl reads the close notify alert, the TCP connection is closed
|
|
|
+ normally with a FIN flag.
|
|
|
+
|
|
|
+ The new code is similar to existing code in the "SSL shutdown" function:
|
|
|
+ try to read an alert (non-blocking), and ignore any read errors.
|
|
|
+
|
|
|
+ Closes #7095
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+Daniel Stenberg (1 Jun 2021)
|
|
|
+- [Laurent Dufresne brought this change]
|
|
|
|
|
|
- lib: fix 0-length Curl_client_write calls
|
|
|
+ setopt: fix incorrect comments
|
|
|
|
|
|
- Closes #6954
|
|
|
+ Closes #7157
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Laurent Dufresne brought this change]
|
|
|
|
|
|
- lib: remove strlen call from Curl_client_write
|
|
|
+ mbedtls: add support for cert and key blob options
|
|
|
|
|
|
- At all call sites with an explicit 0 len, pass an appropriate nonzero
|
|
|
- len.
|
|
|
+ CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with
|
|
|
+ mbedtls backend, so the support was added.
|
|
|
|
|
|
- Closes #6954
|
|
|
+ Closes #7157
|
|
|
|
|
|
-- [Ayushman Singh Chauhan brought this change]
|
|
|
+- [Gregor Jasny brought this change]
|
|
|
|
|
|
- docs: camelcase it like GitHub everywhere
|
|
|
+ cmake: try well-known send/recv signature for Apple
|
|
|
|
|
|
- Closes #6979
|
|
|
-
|
|
|
-Jay Satiro (27 Apr 2021)
|
|
|
-- [Lucas Servén Marín brought this change]
|
|
|
-
|
|
|
- docs: fix typo in fail-with-body doc
|
|
|
+ The CMake `try_compile` command is especially slow for
|
|
|
+ the Xcode generator. With this patch applied it first tests
|
|
|
+ for the currently used (and Open Group specified) send/recv
|
|
|
+ signature. In case this fails testing falls-back to the
|
|
|
+ permutations.
|
|
|
|
|
|
- This commit fixes a small typo in the documentation for the
|
|
|
- --fail-with-body flag.
|
|
|
+ speed-up:
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6977
|
|
|
-
|
|
|
-- lib: fix some misuse of curlx_convert_UTF8_to_tchar
|
|
|
+ ```
|
|
|
+ time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
|
|
|
+ before: 11.64s user 11.09s system 55% cpu 40.754 total
|
|
|
+ after: 7.84s user 6.57s system 51% cpu 28.074 total
|
|
|
+ ```
|
|
|
|
|
|
- curlx_convert_UTF8_to_tchar must be freed by curlx_unicodefree, but
|
|
|
- prior to this change some uses mistakenly called free.
|
|
|
+ ```
|
|
|
+ time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
|
|
|
+ before: 217.07s user 104.15s system 60% cpu 8:51.79 total
|
|
|
+ after: 108.76s user 51.80s system 58% cpu 4:32.58 total
|
|
|
+ ```
|
|
|
|
|
|
- I've reviewed all other uses of curlx_convert_UTF8_to_tchar and
|
|
|
- curlx_convert_tchar_to_UTF8.
|
|
|
+ Closes #7158
|
|
|
+
|
|
|
+- http2: init recvbuf struct for pushed streams
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763
|
|
|
- Reported-by: sergio-nsk@users.noreply.github.com
|
|
|
+ Debug builds would warn that these structs were not initialized properly
|
|
|
+ for pushed streams.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6938
|
|
|
+ Ref: #7148
|
|
|
+ Closes #7153
|
|
|
|
|
|
-Daniel Stenberg (27 Apr 2021)
|
|
|
-- ntlm: precaution against super huge type2 offsets
|
|
|
+- Curl_ssl_getsessionid: fail if no session cache exists
|
|
|
|
|
|
- ... which otherwise caused an integer overflow and circumvented the if()
|
|
|
- conditional size check.
|
|
|
+ This function might get called for an easy handle for which the session
|
|
|
+ cache hasn't been setup. It now just returns a "miss" in that case.
|
|
|
|
|
|
- Detected by OSS-Fuzz
|
|
|
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
|
|
|
- Assisted-by: Max Dymond
|
|
|
- Closes #6975
|
|
|
-
|
|
|
-- c-hyper: fix unused variable ‘wrote’
|
|
|
+ Reported-by: Christoph M. Becker
|
|
|
+ Fixes #7148
|
|
|
+ Closes #7153
|
|
|
|
|
|
-- libcurl-security.3: be careful of setuid
|
|
|
+- GOVERNANCE: add 'user', 'committer' and 'contributor'
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #6970
|
|
|
+ As those are commonly used terms in the project.
|
|
|
+
|
|
|
+ Closes #7151
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- URL-SYNTAX.md: document the new 'localhost' treatment
|
|
|
|
|
|
- c-hyper: don't write to set.writeheader if null
|
|
|
+- hostip: make 'localhost' return fixed values
|
|
|
|
|
|
- Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a
|
|
|
- CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to
|
|
|
- the data->set.writeheader header buffer, even though it is null. This
|
|
|
- led to NPE segfaults attempting to use libcurl+Hyper with Git, for
|
|
|
- example.
|
|
|
+ Resolving the case insensitive host name 'localhost' now returns the
|
|
|
+ addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any
|
|
|
+ resolver.
|
|
|
|
|
|
- Instead, process the client write for the status line using the same
|
|
|
- logic we use to process the client write for the later HTTP headers,
|
|
|
- which contains the appropriate guard logic. As a side benefit,
|
|
|
- data->set.writeheader is now only read in one file instead of two.
|
|
|
+ This removes the risk that users accidentally resolves 'localhost' to
|
|
|
+ something else. By making sure 'localhost' is always local, we can
|
|
|
+ assume a "secure context" for such transfers (for cookies etc).
|
|
|
|
|
|
- Fixes #6619
|
|
|
- Fixes abetterinternet/crustls#49
|
|
|
- Fixes hyperium/hyper#2438
|
|
|
- Closes #6971
|
|
|
+ Closes #7039
|
|
|
|
|
|
-- wolfssl: handle SSL_write() returns 0 for error
|
|
|
-
|
|
|
- Reported-by: Timo Lange
|
|
|
-
|
|
|
- Closes #6967
|
|
|
+Daniel Gustafsson (31 May 2021)
|
|
|
+- docs: fix typos
|
|
|
|
|
|
-- easy: ignore sigpipe in curl_easy_send
|
|
|
+Daniel Stenberg (30 May 2021)
|
|
|
+- hsts: ignore numberical IP address hosts
|
|
|
|
|
|
- Closes #6965
|
|
|
-
|
|
|
-- sigpipe: ignore SIGPIPE when using wolfSSL as well
|
|
|
+ Also, use a single function library-wide for detecting if a given hostname is
|
|
|
+ a numerical IP address.
|
|
|
|
|
|
- Closes #6966
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Fixes #7146
|
|
|
+ Closes #7149
|
|
|
|
|
|
-- libcurl-security.3: don't try to filter IPv4 hosts based on the URL
|
|
|
+- test178: adjust for hyper
|
|
|
|
|
|
- Closes #6942
|
|
|
+ Hyper returns the same error for wrong HTTP version as for negative
|
|
|
+ content-length. Test 178 verifies that negative content-length is
|
|
|
+ rejected but the hyper backend will return a different error for it (and
|
|
|
+ without any helpful message telling why the message was bad). It will
|
|
|
+ also not return any headers at all for the response, not even the ones
|
|
|
+ that arrived before the error.
|
|
|
+
|
|
|
+ Closes #7147
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- HYPER: remove mentions of deprecated development branch
|
|
|
|
|
|
- nss_set_blocking: avoid static for sock_opt
|
|
|
+- c-hyper: handle NULL from hyper_buf_copy()
|
|
|
|
|
|
- Reviewed-by: Kamil Dudka
|
|
|
- Closes #6945
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7143
|
|
|
|
|
|
-- [Yusuke Nakamura brought this change]
|
|
|
+- HSTS: not experimental anymore
|
|
|
|
|
|
- docs/HTTP3.md: fix nghttp2's HTTP/3 server port
|
|
|
-
|
|
|
- Port 8443 does not work now.
|
|
|
- Correct origin is in the quicwg's wiki.
|
|
|
- https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2
|
|
|
-
|
|
|
- Closes #6964
|
|
|
+- [Douglas R. Reno brought this change]
|
|
|
|
|
|
-- krb5: don't use 'static' to store PBSZ size response
|
|
|
+ INSTALL: use correct extension for CURL-DISABLE.md
|
|
|
|
|
|
- ... because it makes the knowledge and usage cross-transfer in funny and
|
|
|
- unexpected ways.
|
|
|
+ In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of
|
|
|
+ CURL-DISABLE.md. This generates a 404 on the cURL website as well as
|
|
|
+ when viewing the docs through Github.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #6963
|
|
|
+ Closes #7142
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- travis: run tests 1 - 153 with hyper
|
|
|
|
|
|
- m4: add security frameworks on Mac when compiling rustls
|
|
|
-
|
|
|
- Previously compiling rustls on Mac would only complete if you also
|
|
|
- compiled the SecureTransport TLS backend, which curl would prefer to
|
|
|
- the Rust backend.
|
|
|
-
|
|
|
- Appending these flags to LDFLAGS makes it possible to compile the
|
|
|
- Rustls backend on Mac without the SecureTransport backend, which means
|
|
|
- this patch will make it possible for Mac users to use the Rustls
|
|
|
- backend for TLS.
|
|
|
+- c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
|
|
|
|
|
|
- Reviewed-by: Jacob Hoffman-Andrews
|
|
|
+ Makes test 129 work (HTTP/1.2 response).
|
|
|
|
|
|
- Fixes #6955
|
|
|
- Cloes #6956
|
|
|
+ Closes #7141
|
|
|
|
|
|
-- krb5: remove the unused 'overhead' function
|
|
|
+- http_proxy: deal with non-200 CONNECT response with Hyper
|
|
|
|
|
|
- Closes #6947
|
|
|
-
|
|
|
-- [Johann150 brought this change]
|
|
|
+ Makes test 94 and 95 work
|
|
|
+
|
|
|
+ Closes #7141
|
|
|
|
|
|
- curl_url_set.3: add memory management information
|
|
|
+- c-hyper: clear NTLM auth buffer when request is issued
|
|
|
|
|
|
- wording taken from man page for CURLOPT_URL.3
|
|
|
+ To prevent previous ones to get reused on subsequent requests. Matches
|
|
|
+ how the built-in HTTP code works. Makes test 90 to 93 work.
|
|
|
|
|
|
- As far as I can see, the URL part is either malloc'ed before due to
|
|
|
- encoding or it is strdup'ed.
|
|
|
+ Add test 90 to 93 in travis.
|
|
|
|
|
|
- Closes #6953
|
|
|
+ Closes #7139
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Joel Depooter brought this change]
|
|
|
|
|
|
- c-hpyer: fix handling of zero-byte chunk from hyper
|
|
|
+ schannel: set ALPN length correctly for HTTP/2
|
|
|
|
|
|
- Closes #6951
|
|
|
-
|
|
|
-- CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
|
|
|
+ In a3268eca792f1 this code was changed to use the ALPN_H2 constant
|
|
|
+ instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are
|
|
|
+ not the same. The nghttp2 constant included the length of the string,
|
|
|
+ like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need
|
|
|
+ to re-add the length of the string to the ALPN buffer.
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-04/0085.html
|
|
|
- Closes #6943
|
|
|
-
|
|
|
-- [Ralph Langendam brought this change]
|
|
|
+ Closes #7138
|
|
|
|
|
|
- cmake: make libcurl output filename configurable
|
|
|
+- travis: run tests 1-89 in the hyper build
|
|
|
|
|
|
- Reviewed-by: Jakub Zakrzewski
|
|
|
- Closes #6933
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes #7137
|
|
|
|
|
|
- vtls: reset ssl use flag upon negotiation failure
|
|
|
-
|
|
|
- Fixes the segfault in ldaps disconnect.
|
|
|
+- Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
|
|
|
|
|
|
- Reported-by: Illarion Taev
|
|
|
- Fixes #6934
|
|
|
- Closes #6937
|
|
|
-
|
|
|
-- configure: fix typo in TLS error message
|
|
|
+ This reverts commit c3eefa95c31f55657f0af422e8268d738f689066.
|
|
|
|
|
|
- Reported-by: Pontus Lundkvist
|
|
|
-
|
|
|
-- README: link to the commercial support option
|
|
|
+ Reported-by: Kevin Burke
|
|
|
+ Fixes #7122
|
|
|
+ Closes #7136
|
|
|
|
|
|
-Jay Satiro (22 Apr 2021)
|
|
|
-- [Martin Halle brought this change]
|
|
|
+- [Jon Rumsey brought this change]
|
|
|
|
|
|
- version: add gsasl_version to curl_version_info_data
|
|
|
-
|
|
|
- - Add gsasl_version string and bump to CURLVERSION_TENTH.
|
|
|
+ ccsidcurl: fix the compile errors
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-04/0003.html
|
|
|
+ Looks like the declaration of cpp shoule be const char ** and return
|
|
|
+ null if convert_version_info_string fails.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6843
|
|
|
+ Fixes #7134
|
|
|
+ Closes #7135
|
|
|
|
|
|
-- [Morten Minde Neergaard brought this change]
|
|
|
+- [Viktor Szakats brought this change]
|
|
|
|
|
|
- schannel: Support strong crypto option
|
|
|
-
|
|
|
- - Support enabling strong crypto via optional user cipher list when
|
|
|
- USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
|
|
|
-
|
|
|
- MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
|
|
|
- weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
|
|
|
- versions that may be otherwise enabled for better interoperability."
|
|
|
+ docs: use --max-redirs instead of --max-redir
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-02/0066.html
|
|
|
- Ref: https://curl.se/docs/manpage.html#--ciphers
|
|
|
- Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
|
|
|
- Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred
|
|
|
+ For consistency.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6734
|
|
|
+ Closes #7130
|
|
|
|
|
|
-Daniel Stenberg (22 Apr 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+ ... and bump to 7.77.1
|
|
|
|
|
|
-- ci: adapt to configure requiring an explicit TLS choice
|
|
|
+- [Michael Forney brought this change]
|
|
|
|
|
|
-- configure: split out each TLS library detector into its own function
|
|
|
+ travis: add bearssl build
|
|
|
|
|
|
- ... and put those functions in separate m4 files per TLS library.
|
|
|
+ Closes #7133
|
|
|
|
|
|
-- configure: make the TLS library choice(s) explicit
|
|
|
-
|
|
|
- configure no longer tries to find a TLS library by default, but all
|
|
|
- libraries are now equal: the user needs to explicitly ask what TLS
|
|
|
- library or libraries to use.
|
|
|
-
|
|
|
- If no TLS library is selected, configure will error out unless
|
|
|
- --without-ssl is explicitly used to request a built without TLS (as that
|
|
|
- is very rare these days).
|
|
|
+- [Michael Forney brought this change]
|
|
|
+
|
|
|
+ bearssl: explicitly initialize all fields of Curl_ssl
|
|
|
|
|
|
- Removes: --with-winssl, --with-darwinssl and all --without-* options for
|
|
|
- TLS libraries.
|
|
|
+ Also, add comments like the other vtls backends.
|
|
|
|
|
|
- Closes #6897
|
|
|
+ Closes #7133
|
|
|
|
|
|
-- tests/disable-scan.pl: also scan all m4 files
|
|
|
-
|
|
|
- Fixes test 1165 when functions are moved from configure.ac to files in
|
|
|
- m4/
|
|
|
+- [Michael Forney brought this change]
|
|
|
|
|
|
-Jay Satiro (22 Apr 2021)
|
|
|
-- schannel: Disable auto credentials; add an option to enable it
|
|
|
-
|
|
|
- - Disable auto credentials by default. This is a breaking change
|
|
|
- for clients that are using it, wittingly or not.
|
|
|
-
|
|
|
- - New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
|
|
|
- to automatically locate and use a client certificate for
|
|
|
- authentication, when requested by the server.
|
|
|
-
|
|
|
- - New curl tool options --ssl-auto-client-cert and
|
|
|
- --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
|
|
|
-
|
|
|
- This option is only supported for Schannel (the native Windows SSL
|
|
|
- library). Prior to this change Schannel would, with no notification to
|
|
|
- the client, attempt to locate a client certificate and send it to the
|
|
|
- server, when requested by the server. Since the server can request any
|
|
|
- certificate that supports client authentication in the OS certificate
|
|
|
- store it could be a privacy violation and unexpected.
|
|
|
-
|
|
|
- Fixes https://github.com/curl/curl/issues/2262
|
|
|
- Reported-by: Jeroen Ooms
|
|
|
- Assisted-by: Wes Hinsley
|
|
|
- Assisted-by: Rich FitzJohn
|
|
|
+ bearssl: remove incorrect const on variable that is modified
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-02/0066.html
|
|
|
- Reported-by: Morten Minde Neergaard
|
|
|
+ hostname may be set to NULL later on in this function if it is an
|
|
|
+ IP address.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6673
|
|
|
+ Closes #7133
|
|
|
|
|
|
-Daniel Stenberg (22 Apr 2021)
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+Version 7.77.0 (26 May 2021)
|
|
|
+
|
|
|
+Daniel Stenberg (26 May 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- THANKS: added contributors from 7.77.0 cycle
|
|
|
+
|
|
|
+- copyright: update copyright year ranges to 2021
|
|
|
+
|
|
|
+- [Radek Zajic brought this change]
|
|
|
|
|
|
- vtls: deduplicate some DISABLE_PROXY ifdefs
|
|
|
-
|
|
|
- continue from #5735
|
|
|
-
|
|
|
- - using SSL_HOST_NAME, SSL_HOST_DISPNAME, SSL_PINNED_PUB_KEY for other
|
|
|
- tls backend
|
|
|
+ hostip: fix broken macOS/CMake/GCC builds
|
|
|
|
|
|
- - create SSL_HOST_PORT
|
|
|
+ Follow-up to 31f631a142d855f06
|
|
|
|
|
|
- Closes #6660
|
|
|
+ Fixes #7128
|
|
|
+ Closes #7129
|
|
|
|
|
|
-Jay Satiro (22 Apr 2021)
|
|
|
-- OS400: fix typo
|
|
|
+- TODO: netrc caching and sharing
|
|
|
|
|
|
- CURLVERSION_HEIGHTH -> CURLVERSION_EIGHTH
|
|
|
+ URL: https://curl.se/mail/archive-2021-05/0018.html
|
|
|
|
|
|
-Daniel Stenberg (22 Apr 2021)
|
|
|
-- checksrc: complain on == NULL or != 0 checks in conditions
|
|
|
-
|
|
|
- ... to make them all consistenly use if(!var) and if(var)
|
|
|
-
|
|
|
- Also added a few missing warnings to the documentation.
|
|
|
-
|
|
|
- Closes #6912
|
|
|
+- [Orgad Shaneh brought this change]
|
|
|
|
|
|
-- tidy-up: make conditional checks more consistent
|
|
|
+ setopt: streamline ssl option code
|
|
|
|
|
|
- ... remove '== NULL' and '!= 0'
|
|
|
+ Make it use the same style as the code next to it
|
|
|
|
|
|
- Closes #6912
|
|
|
+ Closes #7123
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- [Radek Zajic brought this change]
|
|
|
|
|
|
- vauth: factor base64 conversions out of authentication procedures
|
|
|
-
|
|
|
- Input challenges and returned messages are now in binary.
|
|
|
- Conversions from/to base64 are performed by callers (currently curl_sasl.c
|
|
|
- and http_ntlm.c).
|
|
|
+ lib/hostip6.c: make NAT64 address synthesis on macOS work
|
|
|
|
|
|
- Closes #6654
|
|
|
+ Closes #7121
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- [ejanchivdorj brought this change]
|
|
|
|
|
|
- bufref: buffer reference support
|
|
|
+ sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
|
|
|
|
|
|
- A struct bufref holds a buffer pointer, a data size and a destructor.
|
|
|
- When freed or its contents are changed, the previous buffer is implicitly
|
|
|
- released by the associated destructor. The data size, although not used
|
|
|
- internally, allows binary data support.
|
|
|
+ When the SecCertificateCopyCommonName function fails, it leaves
|
|
|
+ common_name in a invalid state so CFStringCompare uses the invalid
|
|
|
+ result, causing EXC_BAD_ACCESS.
|
|
|
|
|
|
- A unit test checks its handling methods: test 1661
|
|
|
+ The fix is to check the return value of the function before using the
|
|
|
+ name.
|
|
|
|
|
|
- Closes #6654
|
|
|
+ Closes #7126
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- [Paweł Wegner brought this change]
|
|
|
|
|
|
- os400: additional support for options metadata
|
|
|
-
|
|
|
- New functions curl_easy_option_by_name_ccsid() and
|
|
|
- curl_easy_option_get_name_ccsid() allows accessing metadata in alternate
|
|
|
- character encoding.
|
|
|
-
|
|
|
- This commit also updates curl_version_info_ccsid() to handle info version 9
|
|
|
- and adds recent definitions to the ILE/RPG include file.
|
|
|
+ CMake: add CURL_ENABLE_EXPORT_TARGET option
|
|
|
|
|
|
- Documentation updated accordingly.
|
|
|
+ install(EXPORT ...) causes trouble when embedding curl dependencies
|
|
|
+ which don't provide install(EXPORT ...) targets (e.g libressl and
|
|
|
+ nghttp2) with cmake's add_subdirectory.
|
|
|
|
|
|
- Reviewed-by: Jon Rumsey
|
|
|
- Closes #6574
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Reviewed-by: Jakub Zakrzewski
|
|
|
+ Closes #7060
|
|
|
|
|
|
- test server: take care of siginterrupt() deprecation
|
|
|
-
|
|
|
- Closes #6529
|
|
|
+- [Alessandro Ghedini brought this change]
|
|
|
|
|
|
-Marc Hoersken (21 Apr 2021)
|
|
|
-- lib1564.c: enable last wakeup test part on Windows
|
|
|
+ quiche: update for network path aware API
|
|
|
|
|
|
- Suggested-by: Gergely Nagy
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
+ Latest version of quiche requires the application to pass the peer
|
|
|
+ address of received packets, and it provides the address for outgoing
|
|
|
+ packets back.
|
|
|
|
|
|
- Closes #6245
|
|
|
+ Closes #7120
|
|
|
|
|
|
-- multi: fix slow write/upload performance on Windows
|
|
|
-
|
|
|
- Reset FD_WRITE by sending zero bytes which is permissible
|
|
|
- and will be treated by implementations as successful send.
|
|
|
-
|
|
|
- Without this we won't be notified in case a socket is still
|
|
|
- writable if we already received such a notification and did
|
|
|
- not send any data afterwards on the socket. This would lead
|
|
|
- to waiting forever on a writable socket being writable again.
|
|
|
-
|
|
|
- Assisted-by: Tommy Odom
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Tested-by: tmkk on github
|
|
|
-
|
|
|
- Bug: #6146
|
|
|
- Closes #6245
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-- multi: reduce Win32 API calls to improve performance
|
|
|
-
|
|
|
- 1. Consolidate pre-checks into a single Curl_poll call:
|
|
|
-
|
|
|
- This is an attempt to restructure the code in Curl_multi_wait
|
|
|
- in such a way that less syscalls are made by removing individual
|
|
|
- calls to Curl_socket_check via SOCKET_READABLE/SOCKET_WRITABLE.
|
|
|
-
|
|
|
- 2. Avoid resetting the WinSock event multiple times:
|
|
|
-
|
|
|
- We finally call WSAResetEvent anyway, so specifying it as
|
|
|
- an optional parameter to WSAEnumNetworkEvents is redundant.
|
|
|
-
|
|
|
- 3. Wakeup directly in case no sockets are being monitoring:
|
|
|
-
|
|
|
- Fix the WinSock based implementation to skip extra waiting by
|
|
|
- not sleeping in case no sockets are to be waited on and just
|
|
|
- the WinSock event is being monitored for wakeup functionality.
|
|
|
+ rustls: switch read_tls and write_tls to callbacks
|
|
|
|
|
|
- Assisted-by: Tommy Odom
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
+ And update to 0.6.0, including a rename from session to connection for
|
|
|
+ many fields.
|
|
|
|
|
|
- Bug: #6146
|
|
|
- Closes #6245
|
|
|
+ Closes #7071
|
|
|
|
|
|
-- Revert "Revert 'multi: implement wait using winsock events'"
|
|
|
-
|
|
|
- This reverts commit 2260e0ebe6d45529495231b3e37a0c58fb92a6a2,
|
|
|
- also restoring previous follow up changes which were reverted.
|
|
|
-
|
|
|
- Authored-by: rcombs on github
|
|
|
- Authored-by: Marc Hörsken
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
-
|
|
|
- Restores #5634
|
|
|
- Reverts #6281
|
|
|
- Part of #6245
|
|
|
+- [Koichi Shiraishi brought this change]
|
|
|
|
|
|
-Daniel Stenberg (21 Apr 2021)
|
|
|
-- Revert "cmake: make libcurl library output name configurable"
|
|
|
-
|
|
|
- This reverts commit 1cba36d2166c396f987eea587cf92671b27acb92.
|
|
|
+ sectransp: fix 7f4a9a9b2a49 commit about missing comma
|
|
|
|
|
|
- CMake provides properties that can be set on a target to rename the
|
|
|
- output artifact without changing the name of a target.
|
|
|
+ Follow-up to 7f4a9a9b2a495
|
|
|
|
|
|
- Ref: #6899
|
|
|
+ Closes #7119
|
|
|
|
|
|
-- [Michael Kolechkin brought this change]
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
- sectransp: allow cipher name to be specified
|
|
|
-
|
|
|
- Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
|
|
|
- back-end. Similar to NSS and GSKit back-ends, new code parses string
|
|
|
- value and configures ST library to use those ciphers for communication.
|
|
|
- Create cipher spec data structure and initialize the array of specs with
|
|
|
- cipher number, name, alias, and 'weak' flag.
|
|
|
+ openssl: associate/detach the transfer from connection
|
|
|
|
|
|
- Mark triple-DES ciphers as 'weak', and exclude them from the default
|
|
|
- ciphers list.
|
|
|
+ CVE-2021-22901
|
|
|
|
|
|
- Closes #6464
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22901.html
|
|
|
|
|
|
-- [Michael Kolechkin brought this change]
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
- NSS: add ciphers to map
|
|
|
+ telnet: check sscanf() for correct number of matches
|
|
|
|
|
|
- Add cipher names to the `cipherlist` map, based on the list of ciphers
|
|
|
- implemented by the NSS in the source code file
|
|
|
- https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c
|
|
|
+ CVE-2021-22898
|
|
|
|
|
|
- Closes #6670
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22898.html
|
|
|
|
|
|
-- http2: remove DEBUG_HTTP2
|
|
|
+- schannel: don't use static to store selected ciphers
|
|
|
|
|
|
- Accidentally committed in 605e84235
|
|
|
+ CVE-2021-22897
|
|
|
+
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22897.html
|
|
|
|
|
|
-- [Ralph Langendam brought this change]
|
|
|
+- docs/tests: remove freenode references
|
|
|
|
|
|
- cmake: make libcurl library output name configurable
|
|
|
-
|
|
|
- Closes #6899
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- sws: #ifdef S_IFSOCK use
|
|
|
-
|
|
|
- SCO OpenServer 5.0.7 does not define S_IFSOCK.
|
|
|
-
|
|
|
- Reported-by: Kevin R. Bulgrien
|
|
|
- Bug: https://curl.se/mail/lib-2021-04/0074.html
|
|
|
- Closes #6926
|
|
|
+- [Sergey Markelov brought this change]
|
|
|
|
|
|
-- curl_setup: provide the shutdown flags wider
|
|
|
-
|
|
|
- By using #ifdef on the symbol names to work on anything that don't
|
|
|
- provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either
|
|
|
- SHUT_RDWR, SHUT_RD, and SHUT_WR.
|
|
|
+ NSS: make colons, commas and spaces valid separators in cipher list
|
|
|
|
|
|
- Reported-by: Kevin R. Bulgrien
|
|
|
- Bug: https://curl.se/mail/lib-2021-04/0073.html
|
|
|
- Closes #6925
|
|
|
+ Fixes #7110
|
|
|
+ Closes #7115
|
|
|
|
|
|
-- connect: use CURL_SA_FAMILY_T for portability
|
|
|
-
|
|
|
- Reported-by: Kevin R. Bulgrien
|
|
|
- Bug: https://curl.se/mail/lib-2021-04/0071.html
|
|
|
+- curl: include libmetalink version in --version output
|
|
|
|
|
|
- Closes #6918
|
|
|
+ Closes #7112
|
|
|
|
|
|
-- urlapi: make sure no +/- signs are accepted in IPv4 numericals
|
|
|
-
|
|
|
- Follow-up to 56a037cc0ad1b2. Extends test 1560 to verify.
|
|
|
-
|
|
|
- Reported-by: Tuomas Siipola
|
|
|
- Fixes #6916
|
|
|
- Closes #6917
|
|
|
+Jay Satiro (21 May 2021)
|
|
|
+- [Matias N. Goldberg brought this change]
|
|
|
|
|
|
-- ConnectionExists: respect requests for h1 connections better
|
|
|
+ cmake: Use multithreaded compilation on VS 2008+
|
|
|
|
|
|
- ... for situations when multiplexing isn't enabled on the h2 connection
|
|
|
- and h1 is explicitly requested for the transfer.
|
|
|
+ Multithreaded compilation has been supported since at least VS 2005 and
|
|
|
+ been robustly stable since at least VS 2008
|
|
|
|
|
|
- Assisted-by: Gergely Nagy
|
|
|
+ Closes https://github.com/curl/curl/pull/7109
|
|
|
|
|
|
-- multi: don't close connection HTTP_1_1_REQUIRED
|
|
|
-
|
|
|
- The ConnectionExists() function will note that the new transfer wants
|
|
|
- less then h2 and that it can't multiplex it and therefor opt to open a
|
|
|
- new connection instead.
|
|
|
+Daniel Stenberg (21 May 2021)
|
|
|
+- [Matias N. Goldberg brought this change]
|
|
|
|
|
|
-- http2: move the stream error field to the per-transfer storage
|
|
|
+ cmake: fix two invokes result in different curl_config.h
|
|
|
|
|
|
- Storing a stream error in the per-connection struct was an error that lead to
|
|
|
- race conditions as subsequent stream handling could overwrite the error code
|
|
|
- before it was used for the stream with the actual problem.
|
|
|
+ Fixes #7100
|
|
|
+ Closes #7101
|
|
|
|
|
|
- Closes #6910
|
|
|
+ Reviewed-by: Jakub Zakrzewski
|
|
|
+ Signed-off-by: Matias N. Goldberg <dark_sylinc@yahoo.com.ar>
|
|
|
|
|
|
-- http2: call the handle-closed function correctly on closed stream
|
|
|
-
|
|
|
- This was this one condition where the stream could be closed due to an
|
|
|
- error and the function would still wrongly just return 0 for it.
|
|
|
-
|
|
|
- Reported-by: Gergely Nagy
|
|
|
- Fixes #6862
|
|
|
- Closes #6910
|
|
|
+- [Peng-Yu Chen brought this change]
|
|
|
|
|
|
-- test1660: check the created HSTS file as text mode
|
|
|
+ cmake: detect CURL_SA_FAMILY_T
|
|
|
|
|
|
- Closes #6922
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Fixes #7049
|
|
|
+ Closes #7065
|
|
|
|
|
|
-- test 493: require https in curl to run
|
|
|
-
|
|
|
- Closes #6927
|
|
|
+- [Lucas Clemente Vella brought this change]
|
|
|
|
|
|
-Jay Satiro (20 Apr 2021)
|
|
|
-- tool_operate: don't discard failed parallel transfer result
|
|
|
+ CURLOPT_IPRESOLVE: preventing wrong IP version from being used
|
|
|
|
|
|
- - Save a parallel transfer's result code only when it fails and the
|
|
|
- transfer is not being retried.
|
|
|
+ In some situations, it was possible that a transfer was setup to
|
|
|
+ use an specific IP version, but due do DNS caching or connection
|
|
|
+ reuse, it ended up using a different IP version from requested.
|
|
|
|
|
|
- Prior to this change the result code was always set which meant that a
|
|
|
- failed result could be erroneously discarded if a different transfer
|
|
|
- later had a successful result (CURLE_OK).
|
|
|
+ This commit changes the effect of CURLOPT_IPRESOLVE from simply
|
|
|
+ restricting address resolution to preventing the wrong connection
|
|
|
+ type being used, when choosing a connection from the pool, and
|
|
|
+ to restricting what addresses could be used when establishing
|
|
|
+ a new connection.
|
|
|
|
|
|
- Before:
|
|
|
+ It is important that all addresses versions are resolved, even if
|
|
|
+ not used in that transfer in particular, because the result is
|
|
|
+ cached, and could be useful for a different transfer with a
|
|
|
+ different CURLOPT_IPRESOLVE setting.
|
|
|
|
|
|
- > curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
|
|
|
- > echo %ERRORLEVEL%
|
|
|
- 0
|
|
|
+ Closes #6853
|
|
|
+
|
|
|
+- [Oliver Urbann brought this change]
|
|
|
+
|
|
|
+ AmigaOS: add functions definitions for SHA256
|
|
|
|
|
|
- After:
|
|
|
+ AmiSSL replaces many functions with macros. Curl requires pointer
|
|
|
+ to some of these functions. Thus, we have to encapsulate these macros:
|
|
|
+ SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free.
|
|
|
|
|
|
- > curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
|
|
|
- > echo %ERRORLEVEL%
|
|
|
- 22
|
|
|
+ Bug: https://github.com/jens-maus/amissl/issues/15
|
|
|
+ Co-authored-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
- Closes #xxxx
|
|
|
-
|
|
|
-- [Georeth Zhou brought this change]
|
|
|
+ Closes #7099
|
|
|
|
|
|
- openssl: fix build error with OpenSSL < 1.0.2
|
|
|
+- test2100: make it run with and require IPv6
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6920
|
|
|
+ Closes #7083
|
|
|
|
|
|
-Viktor Szakats (19 Apr 2021)
|
|
|
-- README.md: delete Codacy UTM parameters & follow permanent redirect [ci skip]
|
|
|
-
|
|
|
- UTM parameters leak referrer and various marketing/tracking information
|
|
|
- even if these would normally be stripped by website or client policy.
|
|
|
- This link also works fine without them. Also took the opportunity to
|
|
|
- update the URL to the one pointed to by the previous one via permanent
|
|
|
- redirect.
|
|
|
+- tests/getpart: generate output URL encoded for better diffs
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #6919
|
|
|
+ Closes #7083
|
|
|
+
|
|
|
+- [Ryan Beck-Buysse brought this change]
|
|
|
|
|
|
-Daniel Stenberg (19 Apr 2021)
|
|
|
-- urlapi: "normalize" numerical IPv4 host names
|
|
|
+ docs/TheArtOfHttpScripting: fix markdown links
|
|
|
|
|
|
- When the host name in a URL is given as an IPv4 numerical address, the
|
|
|
- address can be specified with dotted numericals in four different ways:
|
|
|
- a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in
|
|
|
- decimal, octal (0-prefixed) or hexadecimal (0x-prefixed).
|
|
|
+ extra parens cause the links to be incorrectly formatted
|
|
|
+ and inconsistent with the rest of the document.
|
|
|
|
|
|
- Instead of passing on the name as-is and leaving the handling to the
|
|
|
- underlying name functions, which made them not work with c-ares but work
|
|
|
- with getaddrinfo, this change now makes the curl URL API itself detect
|
|
|
- and "normalize" host names specified as IPv4 numericals.
|
|
|
+ Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com>
|
|
|
+ Closes #7097
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- [Emil Engler brought this change]
|
|
|
+
|
|
|
+ docs: replace dots with dashes in markdown enums
|
|
|
|
|
|
- The WHATWG URL Spec says this is an okay way to specify a host name in a
|
|
|
- URL. RFC 3896 does not allow them, but curl didn't prevent them before
|
|
|
- and it seems other RFC 3896-using tools have not either. Host names used
|
|
|
- like this are widely supported by other tools as well due to the
|
|
|
- handling being done by getaddrinfo and friends.
|
|
|
+ We use dashes instead of dots nearly everywhere except for those few
|
|
|
+ cases. This commit addresses this issues and brings more coherency into
|
|
|
+ it.
|
|
|
|
|
|
- I decided to add the functionality into the URL API itself so that all
|
|
|
- users of these functions get the benefits, when for example wanting to
|
|
|
- compare two URLs. Also, it makes curl built to use c-ares now support
|
|
|
- them as well and make curl builds more consistent.
|
|
|
+ Closes #7093
|
|
|
+
|
|
|
+- [Emil Engler brought this change]
|
|
|
+
|
|
|
+ docs: improve INTERNALS.md regarding getsock cb
|
|
|
|
|
|
- The normalization makes HTTPS and virtual hosted HTTP work fine even
|
|
|
- when curl gets the address specified using one of the "obscure" formats.
|
|
|
+ This adds the I/O prefix to indicate that those "actions" are kind-of
|
|
|
+ related to those found in select(2) or poll(2) (reading/writing).
|
|
|
|
|
|
- Test 1560 is extended to verify.
|
|
|
+ It also adds a note where the prototypes of those functions can be found
|
|
|
+ in the source code.
|
|
|
|
|
|
- Fixes #6863
|
|
|
- Closes #6871
|
|
|
+ Closes #7092
|
|
|
|
|
|
-- libssh: fix "empty expression statement has no effect" warnings
|
|
|
-
|
|
|
- ... by fixing macros to do-while constructs and moving out the calls to
|
|
|
- "break" outside of the actual macro. It also fixes the problem where the
|
|
|
- macro was used witin a loop and the break didn't do right.
|
|
|
-
|
|
|
- Reported-by: Emil Engler
|
|
|
- Fixes #6847
|
|
|
- Closes #6909
|
|
|
+- [Emil Engler brought this change]
|
|
|
|
|
|
-- hsts: enable by default
|
|
|
+ docs: document attach in INTERNALS.md
|
|
|
|
|
|
- No longer considered experimental.
|
|
|
+ The new field in the Curl_handler struct still lacks documentation. This
|
|
|
+ adds it it from the information extracted from lib/urldata.h:797
|
|
|
|
|
|
- Closes #6700
|
|
|
+ Closes #7091
|
|
|
|
|
|
-- vtls: refuse setting any SSL version
|
|
|
-
|
|
|
- ... previously they were supported if a TLS library would (unexpectedly)
|
|
|
- still support them, but from this change they will be refused already in
|
|
|
- curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
|
|
|
- many years now.
|
|
|
+- [Marc Aldorasi brought this change]
|
|
|
+
|
|
|
+ config: remove now-unused macros
|
|
|
|
|
|
- Closes #6773
|
|
|
+ Closes #7094
|
|
|
+
|
|
|
+- [Marc Aldorasi brought this change]
|
|
|
|
|
|
-- curl: ignore options asking for SSLv2 or SSLv3
|
|
|
+ hostip.h: remove declaration of unimplemented function
|
|
|
|
|
|
- Instead output a warning about it and continue with the defaults.
|
|
|
+ Closes #7094
|
|
|
+
|
|
|
+- h3: add 'attach' callback to protocol handlers
|
|
|
|
|
|
- These SSL versions are typically not supported by the TLS libraries since a
|
|
|
- long time back already since they are inherently insecure and broken. Asking
|
|
|
- for them to be used will just cause an error to be returned slightly later.
|
|
|
+ Follow-up to 0c55fbab45be
|
|
|
|
|
|
- In the unlikely event that a user's TLS library actually still supports these
|
|
|
- protocol versions, this change might make the request a little less insecure.
|
|
|
+ Reviewed-by: Emil Engler
|
|
|
+ Closes #7090
|
|
|
+
|
|
|
+- wolfssl: remove SSLv3 support leftovers
|
|
|
|
|
|
- Closes #6772
|
|
|
+ Closes #7088
|
|
|
|
|
|
-- test972: verify the json output with jsonlint
|
|
|
+- curl-wolfssl.m4: without custom include path, assume /usr/include
|
|
|
|
|
|
- Make sure one of the azure jobs has jsonlint installed so that the test
|
|
|
- runs there.
|
|
|
+ ... so that we can point out the root of the OpenSSL emulation headers.
|
|
|
+ Previously this used the '$includedir' variable which is wrong since
|
|
|
+ that defaults to the dir where the current configure invoke will install
|
|
|
+ the built libcurl headers: /usr/local by default.
|
|
|
|
|
|
- Ref: #6905
|
|
|
+ Fixes #7085
|
|
|
+ Reported-by: Joel Jakobsson
|
|
|
+ Closes #7087
|
|
|
|
|
|
-- [Jay Satiro brought this change]
|
|
|
+- [Joel Depooter brought this change]
|
|
|
|
|
|
- tool_writeout: fix the HTTP_CODE json output
|
|
|
+ data_pending: check only SECONDARY socket for FTP(S) transfers
|
|
|
+
|
|
|
+ Check the FIRST for all other protocols.
|
|
|
|
|
|
- Update test 970 accordingly.
|
|
|
+ This fixes a timeout in an ftps download. The server sends a TLS
|
|
|
+ close_notify message in the same packet as the file data. The
|
|
|
+ close_notify seems to not be handled in the schannel_recv function, so
|
|
|
+ libcurl is not aware that the server has closed the connection. Thus
|
|
|
+ libcurl ends up waiting for action on the socket until a timeout is
|
|
|
+ reached. With the secondary socket check added to the data_pending
|
|
|
+ function, the close_notify is properly handled, and the ftps transfer
|
|
|
+ terminates as expected.
|
|
|
|
|
|
- Reported-by: Michal Rus
|
|
|
- Fixes #6905
|
|
|
- Closes #6906
|
|
|
+ Fixes #7068
|
|
|
+ Closes #7069
|
|
|
|
|
|
-- openldap: protect SSL-specific code with proper #ifdef
|
|
|
+- github: inhibit deprecated declarations for clang on macOS
|
|
|
+
|
|
|
+ ... as they otherwise cause ldap build errors in the CI.
|
|
|
|
|
|
- Closes #6901
|
|
|
+ Fixes #7081
|
|
|
+ Closes #7082
|
|
|
|
|
|
-- libssh2: fix Value stored to 'sshp' is never read
|
|
|
+- conn: add 'attach' to protocol handler, make libssh2 use it
|
|
|
|
|
|
- Pointed out by scan-build
|
|
|
+ The libssh2 backend has SSH session associated with the connection but
|
|
|
+ the callback context is the easy handle, so when a connection gets
|
|
|
+ attached to a transfer, the protocol handler now allows for a custom
|
|
|
+ function to get used to set things up correctly.
|
|
|
|
|
|
- Closes #6900
|
|
|
-
|
|
|
-- [Victor Vieux brought this change]
|
|
|
+ Reported-by: Michael O'Farrell
|
|
|
+ Fixes #6898
|
|
|
+ Closes #7078
|
|
|
|
|
|
- tool_getparam: replace (in-place) '%20' by '+' according to RFC1866
|
|
|
+- http2: make sure pause is done on HTTP
|
|
|
|
|
|
- Signed-off-by: Victor Vieux <victorvieux@gmail.com>
|
|
|
+ Since the function is called for any protocol, we can't assume that the
|
|
|
+ HTTP struct is there without first making sure it is HTTP.
|
|
|
|
|
|
- Closes #6895
|
|
|
+ Reported-by: Denis Goleshchikhin
|
|
|
+ Fixes #7079
|
|
|
+ Closes #7080
|
|
|
|
|
|
-- configure: provide --with-openssl, deprecate --with-ssl
|
|
|
+- docs: cookies from HTTP headers need domain set
|
|
|
|
|
|
- Makes the option more explicit.
|
|
|
+ ... or the cookies won't get sent. Push users to using the "Netscape"
|
|
|
+ format instead, which curl uses when saving a cookie "jar".
|
|
|
|
|
|
- Closes #6887
|
|
|
+ Reported-by: Martin Dorey
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Fixes #6723
|
|
|
+ Closes #7077
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
-
|
|
|
- and bumped curlver to 7.77.0
|
|
|
|
|
|
-- [Javier Blazquez brought this change]
|
|
|
+- github: add a workflow with libssh2 on macOS using cmake
|
|
|
+
|
|
|
+ Closes #7047
|
|
|
|
|
|
- rustls: only return CURLE_AGAIN when TLS session is fully drained
|
|
|
+- sws: allow HTTP requests up to 2MB in size
|
|
|
|
|
|
- The code in cr_recv was returning prematurely as soon as the socket
|
|
|
- reported no more data to read. However, this could be leaving some
|
|
|
- unread plaintext data in the rustls session from a previous call,
|
|
|
- causing causing the transfer to hang if the socket never receives
|
|
|
- further data.
|
|
|
+ To allow tests with slightly larger payloads. Like #7071 ...
|
|
|
|
|
|
- We need to ensure that the session is fully drained of plaintext data
|
|
|
- before returning CURLE_AGAIN to the caller.
|
|
|
+ Closes #7075
|
|
|
+
|
|
|
+Marc Hoersken (16 May 2021)
|
|
|
+- CI/azure: increase verbosity and fix outdated task names
|
|
|
|
|
|
- Reviewed-by: Jacob Hoffman-Andrews
|
|
|
- Closes #6894
|
|
|
+ Closes #7063
|
|
|
|
|
|
-- cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
|
|
|
+- CI/cirrus: add shared and static Windows release builds
|
|
|
|
|
|
- Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
|
|
|
- the cookiejar from memory.
|
|
|
+ Azure Pipelines is currently being used for debug builds,
|
|
|
+ let's also run some non-debug (release) Windows builds and
|
|
|
+ make use of previously underutilized Cirrus CI for that.
|
|
|
|
|
|
- Reported-by: Stefan Karpinski
|
|
|
- Fixes #6889
|
|
|
- Closes #6891
|
|
|
-
|
|
|
-Version 7.76.1 (14 Apr 2021)
|
|
|
-
|
|
|
-Daniel Stenberg (14 Apr 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
|
|
|
- curl 7.76.1 release
|
|
|
-
|
|
|
-- THANKS: add names from 7.76.1
|
|
|
-
|
|
|
-- misc: update copyright year ranges to match latest updates
|
|
|
-
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+ Closes #6991
|
|
|
|
|
|
- ngtcp2: Use ALPN h3-29 for now
|
|
|
+Daniel Stenberg (16 May 2021)
|
|
|
+- CURLOPT_CAPATH.3: defaults to a path, not NULL
|
|
|
|
|
|
- Fixes #6864
|
|
|
- Cloes #6886
|
|
|
-
|
|
|
-Jay Satiro (11 Apr 2021)
|
|
|
-- TODO: remove 18.22 --fail-with-body
|
|
|
+ Reported-by: Andrew Barnert
|
|
|
|
|
|
- --fail-with-body was added in 8a964cb (precedes curl-7_76_0).
|
|
|
+ Closes #7062
|
|
|
|
|
|
-Daniel Stenberg (10 Apr 2021)
|
|
|
-- [Jürgen Gmach brought this change]
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- src/tool_vms.c: remove duplicated word in comment
|
|
|
+ c-hyper: handle body on HYPER_TASK_EMPTY
|
|
|
|
|
|
- Closes #6881
|
|
|
-
|
|
|
-- configure: fix CURL_DARWIN_CFLAGS use
|
|
|
+ Some of the time, we get a HYPER_TASK_EMPTY response before the status
|
|
|
+ line, headers, and body have been read. Previously, that would cause us
|
|
|
+ to poll again, leading to a 1 second timeout.
|
|
|
|
|
|
- The macro name change was not completely done.
|
|
|
+ The HYPER_TASK_EMPTY docs say:
|
|
|
|
|
|
- Follow-up to 5d2c384452543c
|
|
|
- Bug: https://github.com/curl/curl/commit/5d2c384452543c7b6c9fb02eaa0afc84fd5ab941#commitcomment-49315187
|
|
|
- Reported-by: Marcel Raad
|
|
|
- Closes #6878
|
|
|
-
|
|
|
-- [Anthony Shaw brought this change]
|
|
|
-
|
|
|
- github/workflow: add "security-extended" to codeql-analysis.yml
|
|
|
+ The value of this task is null (does not imply an error).
|
|
|
|
|
|
- Extends the CodeQL code scan.
|
|
|
+ So, if we receive a HYPER_TASK_EMPTY, continue on with processing the
|
|
|
+ response.
|
|
|
|
|
|
- Closes #6815
|
|
|
+ Reported-by: Kevin Burke
|
|
|
+ Fixes #7064
|
|
|
+ Closes #7070
|
|
|
|
|
|
-- [Jochem Broekhoff brought this change]
|
|
|
+- [Ikko Ashimine brought this change]
|
|
|
|
|
|
- examples/hiperfifo.c: check event_initialized before delete
|
|
|
+ tool_getparam: fix comment typo in tool_getparam.c
|
|
|
|
|
|
- If event_del is called with the event struct (still) zeroed out, a
|
|
|
- segmentation fault may occur. event_initialized checks whether the
|
|
|
- event struct is nonzero.
|
|
|
+ enfore -> enforce
|
|
|
|
|
|
- Closes #6876
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes #7074
|
|
|
|
|
|
- ntlm: fix negotiated flags usage
|
|
|
+- mem-include-scan.pl: require a non-word letter before memory funcs
|
|
|
|
|
|
- According to Microsoft document MS-NLMP, current flags usage is not
|
|
|
- accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
|
|
|
- extended security in an NTLM authentication message and NTLM version 2
|
|
|
- cannot be negotiated within the protocol.
|
|
|
+ ... so that ldap_memfree() for example doesn't match the scan for free.
|
|
|
|
|
|
- The solution implemented here is: if the extended security flag is set,
|
|
|
- prefer using NTLM version 2 (as a server featuring extended security
|
|
|
- should also support version 2). If version 2 has been disabled at
|
|
|
- compile time, use extended security.
|
|
|
+ Closes #7061
|
|
|
+
|
|
|
+- version: free the openldap info correctly
|
|
|
|
|
|
- Tests involving NTLM are adjusted to this new behavior.
|
|
|
+ ... to avoid memory leaks.
|
|
|
|
|
|
- Fixes #6813
|
|
|
- Closes #6849
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Follow-up to: bf0feae7768d9
|
|
|
+ Closes #7061
|
|
|
|
|
|
- ntlm: support version 2 on 32-bit platforms
|
|
|
+- dupset: remove totally off comment
|
|
|
|
|
|
- Closes #6849
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes #7067
|
|
|
|
|
|
- curl_ntlm_core.h: simplify conditionals for USE_NTLM2SESSION
|
|
|
-
|
|
|
- ... as !defined(CURL_DISABLE_CRYPTO_AUTH) is a prerequisite for the
|
|
|
- whole NTLM.
|
|
|
+- configure: if asked for, fail if ldap is not found
|
|
|
|
|
|
- Closes #6849
|
|
|
+ Reported-by: Jakub Zakrzewski
|
|
|
+ Fixes #7053
|
|
|
+ Closes #7055
|
|
|
|
|
|
-- lib: remove unused HAVE_INET_NTOA_R* defines
|
|
|
+- version: add OpenLDAP version in the output
|
|
|
|
|
|
- Closes #6867
|
|
|
+ Assisted-by: Howard Chu
|
|
|
+ Closes #7054
|
|
|
|
|
|
-- [Michael Forney brought this change]
|
|
|
+Jay Satiro (13 May 2021)
|
|
|
+- [Joel Depooter brought this change]
|
|
|
|
|
|
- configure: include <time.h> unconditionally
|
|
|
-
|
|
|
- In 2682e5f5, several instances of AC_HEADER_TIME were removed since
|
|
|
- it is a deprecated autoconf macro. However, this was the macro that
|
|
|
- defined TIME_WITH_SYS_TIME, which was used to indicate that <time.h>
|
|
|
- can be included alongside <sys/time.h>. TIME_WITH_SYS_TIME is still
|
|
|
- used in the configure test body and since it is no longer defined,
|
|
|
- <time.h> is *not* included on systems that have <sys/time.h>.
|
|
|
-
|
|
|
- In particular, at least on musl libc and glibc, <sys/time.h> does
|
|
|
- not implicitly include <time.h> and does not declare clock_gettime,
|
|
|
- gmtime_r, or localtime_r. This causes configure to fail to detect
|
|
|
- those functions.
|
|
|
-
|
|
|
- The AC_HEADER_TIME macro deprecation text says
|
|
|
-
|
|
|
- > All current systems provide time.h; it need not be checked for.
|
|
|
- > Not all systems provide sys/time.h, but those that do, all allow
|
|
|
- > you to include it and time.h simultaneously.
|
|
|
+ schannel: Ensure the security context request flags are always set
|
|
|
|
|
|
- So, to fix this issue, simply include <time.h> unconditionally when
|
|
|
- testing for time-related functions and in libcurl, and don't bother
|
|
|
- checking for it.
|
|
|
+ As of commit 54e7475, these flags would only be set when using a new
|
|
|
+ credential handle. When re-using an existing credential handle, the
|
|
|
+ flags would not be set.
|
|
|
|
|
|
- Closes #6859
|
|
|
+ Closes https://github.com/curl/curl/pull/7051
|
|
|
|
|
|
-- [Michael Forney brought this change]
|
|
|
+Dan Fandrich (12 May 2021)
|
|
|
+- tests: Fix some tag matching issues in a number of tests
|
|
|
|
|
|
- configure: remove use of RETSIGTYPE
|
|
|
+Daniel Stenberg (12 May 2021)
|
|
|
+- sasl: use 'unsigned short' to store mechanism
|
|
|
|
|
|
- This was previously defined by the obsolete AC_TYPE_SIGNAL macro,
|
|
|
- which was removed in 2682e5f5. The deprecation text says
|
|
|
+ ... saves a few bytes of struct size in memory and it only uses
|
|
|
+ 10 bits anyway.
|
|
|
|
|
|
- > Your code may safely assume C89 semantics that RETSIGTYPE is void.
|
|
|
+ Closes #7045
|
|
|
+
|
|
|
+- hostip: remove the debug code for LocalHost
|
|
|
|
|
|
- So, remove it and just use void instead.
|
|
|
+ The Curl_resolv() had special code (when built in debug mode) for when
|
|
|
+ resolving the host name "LocalHost" (using that exact casing). It would
|
|
|
+ then get the host name from the --interface option instead.
|
|
|
|
|
|
- Closes #6861
|
|
|
-
|
|
|
-- [Muhammed Yavuz Nuzumlalı brought this change]
|
|
|
-
|
|
|
- install: add instructions for Apple Darwin platforms
|
|
|
+ This development-only feature was not used by anything (anymore) and we
|
|
|
+ have the --resolve feature if we want to play similar tricks properly
|
|
|
+ going forward.
|
|
|
|
|
|
- Closes #6860
|
|
|
-
|
|
|
-- [Muhammed Yavuz Nuzumlalı brought this change]
|
|
|
+ Closes #7044
|
|
|
|
|
|
- configure: disable min version set for Darwin
|
|
|
+- progress: reset limit_size variables at transfer start
|
|
|
|
|
|
- Fixes #6838
|
|
|
- Closes #6860
|
|
|
-
|
|
|
-- [David Hu brought this change]
|
|
|
-
|
|
|
- docs/HTTP3.md: update the build instruction using gnutls
|
|
|
+ Otherwise the old value would linger from a previous use and would mess
|
|
|
+ up the network speed cap logic.
|
|
|
|
|
|
- In ngtcp2 the `with-gnutls` option is disabled by default, which will
|
|
|
- cause `curl` unable to be `make` because of lacking the libraries
|
|
|
- needed.
|
|
|
+ Reported-by: Ymir1711 on github
|
|
|
|
|
|
- Closes #6857
|
|
|
+ Fixes #7042
|
|
|
+ Closes #7043
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- typecheck-gcc: make the ssl-ctx-cb check use SSL_CTX pointers
|
|
|
-
|
|
|
- ... and not values.
|
|
|
-
|
|
|
- Reported-by: locpyl-tidnyd on github
|
|
|
- Fixes #6818
|
|
|
- Closes #6819
|
|
|
-
|
|
|
-- ngtcp2+gnutls: clear credentials when freed
|
|
|
-
|
|
|
- ... to avoid double-free.
|
|
|
-
|
|
|
- Reported-by: Kenneth Davidson
|
|
|
- Fixes #6824
|
|
|
- Closes #6856
|
|
|
-
|
|
|
-Jay Satiro (5 Apr 2021)
|
|
|
-- [Cherish98 brought this change]
|
|
|
+- [Daniel Gustafsson brought this change]
|
|
|
|
|
|
- tool_progress: Fix progress meter in parallel mode
|
|
|
-
|
|
|
- Make sure the total amount of DL/UL bytes are counted before the
|
|
|
- transfer finalizes. Otherwise if a transfer finishes too quick, its
|
|
|
- total numbers are not added, and results in a DL%/UL% that goes above
|
|
|
- 100%.
|
|
|
+ cookies: use CURLcode for cookie_output reporting
|
|
|
|
|
|
- Detail:
|
|
|
+ Writing the cookie file has multiple error conditions, and was using an
|
|
|
+ int with magic numbers to report the different error (which in turn were
|
|
|
+ disregarded anyways). This moves reporting to use a CURLcode value.
|
|
|
|
|
|
- progress_meter() is called periodically, and it may not catch a
|
|
|
- transfer's total bytes if the value was unknown during the last call,
|
|
|
- and the transfer is finished and deleted (i.e., lost) during the next
|
|
|
- call.
|
|
|
+ Lightly-touched-by: Daniel Stenberg
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6840
|
|
|
+ Closes #7037
|
|
|
+ Closes #6749
|
|
|
|
|
|
-- [Emil Engler brought this change]
|
|
|
+- [Daniel Gustafsson brought this change]
|
|
|
|
|
|
- libssh: get rid of PATH_MAX
|
|
|
-
|
|
|
- This removes the last occurrence of PATH_MAX inside our libssh
|
|
|
- implementation by calculating the path length from the string length of
|
|
|
- the two components.
|
|
|
+ cookies: make use of string duplication function
|
|
|
|
|
|
- Closes #6829
|
|
|
+ strstore() is defined as a strdup which ensures to free the target
|
|
|
+ pointer before duping the source char * into it. Make use of it in
|
|
|
+ two more cases where it can simplify the code.
|
|
|
|
|
|
-Daniel Stenberg (5 Apr 2021)
|
|
|
-- http_proxy: only loop on 407 + close if we have credentials
|
|
|
-
|
|
|
- ... to fix the retry-loop.
|
|
|
-
|
|
|
- Add test 718 to verify.
|
|
|
-
|
|
|
- Reported-by: Daniel Kurečka
|
|
|
- Fixes #6828
|
|
|
- Closes #6850
|
|
|
+- [Daniel Gustafsson brought this change]
|
|
|
|
|
|
-- h2: allow 100 streams by default
|
|
|
-
|
|
|
- instead of 13, before the server has told how many streams it
|
|
|
- accepts. The server can always reject new streams anyway if we go above
|
|
|
- what it accepts.
|
|
|
+ cookies: refactor comments
|
|
|
|
|
|
- Ref: #6826
|
|
|
- Closes #6852
|
|
|
+ Comments in the cookie code were a bit all over the place in terms of
|
|
|
+ style and wording. This takes a stab at cleaning them up by keeping to
|
|
|
+ a single style and overall shape. Some comments are moved a little and
|
|
|
+ some removed alltogether due to being redundant. No functional changes
|
|
|
+ have been made,
|
|
|
|
|
|
-- [Luke Granger-Brown brought this change]
|
|
|
+- [Peng-Yu Chen brought this change]
|
|
|
|
|
|
- file: support GETing directories again
|
|
|
-
|
|
|
- After 957bc1881e686f9714c4e6a01bf33535091f0e21, we no longer compute an
|
|
|
- expected_size for directories. This has the upshot that when we compare
|
|
|
- even an empty Range with the available size, we fail.
|
|
|
+ http2: skip immediate parsing of payload following protocol switch
|
|
|
|
|
|
- This brings back the previous behaviour, which was to succeed, but with
|
|
|
- empty content. This also removes the "Accept-ranges: bytes" header,
|
|
|
- which is nonsensical on directories.
|
|
|
+ This is considered not harmful as a following http2_recv shall be
|
|
|
+ called very soon.
|
|
|
|
|
|
- Adds test 3016
|
|
|
- Fixes #6845
|
|
|
- Closes #6846
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ This is considered helpful in the specific situation where some
|
|
|
+ servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately
|
|
|
+ following the return of HTTP status 101, other than waiting for
|
|
|
+ the client-side connection preface to arrive.
|
|
|
|
|
|
- and bumped to 7.76.1
|
|
|
+ Fixes #7036
|
|
|
+ Closes #7040
|
|
|
|
|
|
-- TLS: fix HTTP/2 selection
|
|
|
-
|
|
|
- for GnuTLS, BearSSL, mbedTLS, NSS, SChannnel, Secure Transport and
|
|
|
- wolfSSL...
|
|
|
-
|
|
|
- Regression since 88dd1a8a115b1f5ece (shipped in 7.76.0)
|
|
|
- Reported-by: Kenneth Davidson
|
|
|
- Reported-by: romamik om github
|
|
|
- Fixes #6825
|
|
|
- Closes #6827
|
|
|
+- [Peng-Yu Chen brought this change]
|
|
|
|
|
|
-Jay Satiro (2 Apr 2021)
|
|
|
-- hostip: Fix for builds that disable all asynchronous DNS
|
|
|
-
|
|
|
- - Define Curl_resolver_error function only when USE_CURL_ASYNC.
|
|
|
+ http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade
|
|
|
|
|
|
- Prior to this change building curl without an asynchronous resolver
|
|
|
- backend (c-ares or threaded) and without DoH (DNS-over-HTTPS, which is
|
|
|
- also asynchronous but independent of resolver backend) would cause a
|
|
|
- build error since Curl_resolver_error is called by and evaluates
|
|
|
- variables only available in asynchronous builds.
|
|
|
+ Following the upstream deprecation of nghttp2_session_upgrade.
|
|
|
|
|
|
- Reported-by: Benbuck Nason
|
|
|
+ Also provides further checks for requests with the HEAD method.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/6831
|
|
|
- Closes https://github.com/curl/curl/pull/6832
|
|
|
-
|
|
|
-Daniel Stenberg (31 Mar 2021)
|
|
|
-- [Gilles Vollant brought this change]
|
|
|
+ Closes #7041
|
|
|
|
|
|
- openssl: Fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEY
|
|
|
+- progress/trspeed: use a local convenient pointer to beautify code
|
|
|
|
|
|
- Reported-by: Christian Schmitz
|
|
|
- Fixes #6816
|
|
|
- Closes #6820
|
|
|
+ The function becomes easier to read and understand with less repetition.
|
|
|
|
|
|
-Version 7.76.0 (31 Mar 2021)
|
|
|
+- trspeed: use long double for transfer speed calculation
|
|
|
|
|
|
-Daniel Stenberg (31 Mar 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- progress: move transfer speed calc into function
|
|
|
+
|
|
|
+ This silences two scan-build-11 warnings: "The result of the '/'
|
|
|
+ expression is undefined"
|
|
|
|
|
|
- curl 7.76.0 release
|
|
|
+ Bug: https://curl.se/mail/lib-2021-05/0022.html
|
|
|
+ Closes #7035
|
|
|
|
|
|
-- THANKS: added names from 7.76.0
|
|
|
+- [Cameron Cawley brought this change]
|
|
|
|
|
|
-- CURLOPT_AUTOREFERER.3: clarify that it sets the full URL
|
|
|
+ openssl: remove unneeded cast for CertOpenSystemStore()
|
|
|
|
|
|
- ... some users may not want that!
|
|
|
+ Closes #7025
|
|
|
|
|
|
-- define: remove CURL_DISABLE_NTLM ifdefs
|
|
|
+- travis: disable the libssh build
|
|
|
|
|
|
- It was never defined anywhere. Fixed disable-scan (test 1165) to also
|
|
|
- scan headers, which found this issue.
|
|
|
+ It can't run on focal and causes warnings on bionic. Since the focal
|
|
|
+ failure started rather suddenly a while ago, we can suspect it might be
|
|
|
+ temporary.
|
|
|
|
|
|
- Closes #6809
|
|
|
-
|
|
|
-- vtls: fix addsessionid for non-proxy builds
|
|
|
+ Added "bring back the build" to the TODO document.
|
|
|
|
|
|
- Follow-up to b09c8ee15771c61
|
|
|
- Fixes #6812
|
|
|
- Closes #6811
|
|
|
-
|
|
|
-- [Li Xinwei brought this change]
|
|
|
+ Fixes #7011
|
|
|
+ Closes #7012
|
|
|
|
|
|
- cmake: support WinIDN
|
|
|
-
|
|
|
- Closes #6807
|
|
|
+- [Peng-Yu Chen brought this change]
|
|
|
|
|
|
-- transfer: clear 'referer' in declaration
|
|
|
+ http: use calculated offsets inst of integer literals for header parsing
|
|
|
|
|
|
- To silence (false positive) compiler warnings about it.
|
|
|
+ Assumed to be a minor coding style improvement with no behavior change.
|
|
|
|
|
|
- Follow-up to 7214288898f5625
|
|
|
+ A modern compiler is expected to have the calculation optimized during
|
|
|
+ compilation. It may be deemed okay even if that's not the case, since
|
|
|
+ the added overhead is considered very low.
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Closes #6810
|
|
|
+ Closes #7032
|
|
|
|
|
|
-- [Marc Hoersken brought this change]
|
|
|
+- [Peng-Yu Chen brought this change]
|
|
|
|
|
|
- config: fix SSPI enabling NTLM if crypto auth is disabled
|
|
|
-
|
|
|
- Avoid enabling NTLM feature based upon Windows SSPI
|
|
|
- being enabled in case that crypto auth is disabled.
|
|
|
+ GIT-INFO: suggest using autoreconf instead of buildconf
|
|
|
|
|
|
- Reported-by: Marcel Raad
|
|
|
+ Follow-up to 85868537d
|
|
|
|
|
|
- Follow-up to #6277
|
|
|
- Fixes #6803
|
|
|
- Closes #6808
|
|
|
-
|
|
|
-- HISTORY: add two 2021 events
|
|
|
+ Closes #7033
|
|
|
|
|
|
-- vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
|
|
|
+- http: deal with partial CONNECT sends
|
|
|
|
|
|
- To make sure we set and extract the correct session.
|
|
|
+ Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets,
|
|
|
+ which helped verifying this even more.
|
|
|
|
|
|
- Reported-by: Mingtao Yang
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22890.html
|
|
|
+ Add test 363 to verify.
|
|
|
|
|
|
- CVE-2021-22890
|
|
|
-
|
|
|
-- [Viktor Szakats brought this change]
|
|
|
+ Reported-by: ustcqidi on github
|
|
|
+ Fixes #6950
|
|
|
+ Closes #7024
|
|
|
|
|
|
- transfer: strip credentials from the auto-referer header field
|
|
|
-
|
|
|
- Added test 2081 to verify.
|
|
|
+- HTTP3: make the ngtcp2 build use the quictls fork
|
|
|
|
|
|
- CVE-2021-22876
|
|
|
+ ... as ngtcp2 itself documents the build this way.
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22876.html
|
|
|
+ Closes #7031
|
|
|
|
|
|
-- curl_sasl: fix compiler error with --disable-crypto-auth
|
|
|
+- http: limit the initial send amount to used upload buffer size
|
|
|
|
|
|
- ... if libgsasl was found.
|
|
|
+ Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
|
|
|
+ but for the situations where a larger upload buffer has been set, this
|
|
|
+ function can benefit from sending more bytes. With default size used,
|
|
|
+ this does the same as before.
|
|
|
|
|
|
- Closes #6806
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
-
|
|
|
- ldap: only set the callback ptr for TLS context when TLS is used
|
|
|
+ Also changed the storage of the size to an 'unsigned int' as it is not
|
|
|
+ allowed to be set larger than 2M.
|
|
|
|
|
|
- Follow-up to a5eee22e594c2460f
|
|
|
- Fixes #6804
|
|
|
- Closes #6805
|
|
|
-
|
|
|
-- copyright: update copyright year ranges to 2021
|
|
|
+ Also added cautions to the man pages about changing buffer sizes in
|
|
|
+ run-time.
|
|
|
|
|
|
- Reviewed-by: Emil Engler
|
|
|
- Closes #6802
|
|
|
+ Closes #7022
|
|
|
|
|
|
-- send_speed: simplify the checks for if a speed limit is set
|
|
|
-
|
|
|
- ... as we know the value cannot be set to negative: enforced by
|
|
|
- setopt()
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- http: cap body data amount during send speed limiting
|
|
|
+- ngtcp2: fix the cb_acked_stream_data_offset proto
|
|
|
|
|
|
- By making sure never to send off more than the allowed number of bytes
|
|
|
- per second the speed limit logic is given more room to actually work.
|
|
|
+ The 'datalen' value should be 64 bit, not size_t!
|
|
|
|
|
|
- Reported-by: Fabian Keil
|
|
|
- Bug: https://curl.se/mail/lib-2021-03/0042.html
|
|
|
- Closes #6797
|
|
|
+ Reported-by: Dmitry Karpov
|
|
|
+ Bug: https://curl.se/mail/lib-2021-05/0019.html
|
|
|
+ Closes #7027
|
|
|
|
|
|
-- urldata: merge "struct DynamicStatic" into "struct UrlState"
|
|
|
+- progress: when possible, calculate transfer speeds with microseconds
|
|
|
|
|
|
- Both were used for the same purposes and there was no logical separation
|
|
|
- between them. Combined, this also saves 16 bytes in less holes in my
|
|
|
- test build.
|
|
|
+ ... this improves precision, especially for transfers in the few or even
|
|
|
+ sub millisecond range.
|
|
|
|
|
|
- Closes #6798
|
|
|
+ Reported-by: J. Bromley
|
|
|
+ Fixes #7017
|
|
|
+ Closes #7020
|
|
|
|
|
|
-- tests/README.md: mentioned that en_US.UTF-8 is required
|
|
|
+- http: reset the header buffer when sending the request
|
|
|
|
|
|
- Reported-by: Oumph on github
|
|
|
- Fixes #6768
|
|
|
-
|
|
|
-- HISTORY: fixed the Mac OS X 10.1 release date
|
|
|
+ A reused transfer handle could otherwise reuse the previous leftover
|
|
|
+ buffer and havoc would ensue.
|
|
|
|
|
|
- Based on what Wikipedia says
|
|
|
+ Reported-by: sergio-nsk on github
|
|
|
+ Fixes #7018
|
|
|
+ Closes #7021
|
|
|
|
|
|
-Jay Satiro (26 Mar 2021)
|
|
|
-- examples: Remove threaded-shared-conn.c due to bug
|
|
|
-
|
|
|
- Known bug 11.11 is the shared object's connection cache is not thread
|
|
|
- safe, so we should not have an example for it.
|
|
|
+- curl_mprintf.3: add description
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/4915
|
|
|
- Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not
|
|
|
+ These functions have existed in the API since the dawn of time. It is
|
|
|
+ about time we describe how they work, even if we discourage users from
|
|
|
+ using them.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6795
|
|
|
+ Closes #7010
|
|
|
|
|
|
-- KNOWN_BUGS: Update 11.9 - DoH option inheritance
|
|
|
-
|
|
|
- - Add description: Explain that some options aren't inherited because
|
|
|
- they are not relevant for the DoH SSL connections or may result in
|
|
|
- unexpected behavior.
|
|
|
-
|
|
|
- - Remove the reference to #4578 (SSL verify options not inherited) since
|
|
|
- that was fixed by #6597 (separate DoH-specific options for verify).
|
|
|
+- [Timothy Gu brought this change]
|
|
|
+
|
|
|
+ URL-SYNTAX: update IDNA section for WHATWG spec changes
|
|
|
|
|
|
- - Explain that DoH-specific options (those created by #6597) are
|
|
|
- available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and
|
|
|
- CURLOPT_DOH_SSL_VERIFYSTATUS.
|
|
|
+ WHATWG URL has dictated the use of Nontransitional Processing (IDNA
|
|
|
+ 2008) for several years now. Chrome (and derivatives) still use
|
|
|
+ Transitional Processing, but Firefox and Safari have both switched.
|
|
|
|
|
|
- - Add a reference to #6605 and explain that the user's debug function is
|
|
|
- not inherited because it would be unexpected to pass internal handles
|
|
|
- (ie DoH handles) to the user's callback.
|
|
|
+ Also document the fact that winidn functions differently from libidn2
|
|
|
+ here.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/issues/6605
|
|
|
-
|
|
|
-Daniel Stenberg (26 Mar 2021)
|
|
|
-- curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO
|
|
|
+ Closes #7026
|
|
|
|
|
|
-- [Jean-Philippe Menil brought this change]
|
|
|
+- [Calvin Buckley brought this change]
|
|
|
|
|
|
- openssl: ensure to check SSL_CTX_set_alpn_protos return values
|
|
|
-
|
|
|
- SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure
|
|
|
-
|
|
|
- Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
|
|
|
+ INSTALL: add IBM i specific quirks
|
|
|
|
|
|
- Closes #6794
|
|
|
+ Fixes #6830
|
|
|
+ Closes #7013
|
|
|
|
|
|
-- multi: close the connection when h2=>h1 downgrading
|
|
|
+- libcurl.3: mention the URL API
|
|
|
|
|
|
- Otherwise libcurl is likely to reuse the connection again in the next
|
|
|
- attempt since the connection reuse logic doesn't take downgrades into
|
|
|
- account.
|
|
|
+ To make it easier to find. Also a minor polish of libcurl-url.3
|
|
|
|
|
|
- Reported-by: Anthony Ramine
|
|
|
- Fixes #6788
|
|
|
- Closes #6793
|
|
|
+ Closes #7009
|
|
|
|
|
|
-- openssl: set the transfer pointer for logging early
|
|
|
+- GnuTLS: don't allow TLS 1.3 for versions that don't support it
|
|
|
|
|
|
- Otherwise, the transfer will be NULL in the trace function when the
|
|
|
- early handshake details arrive and then curl won't show them.
|
|
|
+ Follow-up to 781864bedbc5
|
|
|
|
|
|
- Regresssion in 7.75.0
|
|
|
+ ... as they don't understand it and will return error at us!
|
|
|
|
|
|
- Reported-by: David Hu
|
|
|
- Fixes #6783
|
|
|
- Closes #6792
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7014
|
|
|
|
|
|
-- TODO: Custom progress meter update interval
|
|
|
+Kamil Dudka (6 May 2021)
|
|
|
+- tool_getparam: handle failure of curlx_convert_tchar_to_UTF8()
|
|
|
|
|
|
- Ref: https://stackoverflow.com/q/66789977/93747
|
|
|
-
|
|
|
-- docs/ABI: tighten up the language
|
|
|
+ Reported by GCC analyzer:
|
|
|
|
|
|
- Make the promises more firm
|
|
|
+ Error: GCC_ANALYZER_WARNING (CWE-476):
|
|
|
+ src/tool_getparam.c: scope_hint: In function 'parse_args'
|
|
|
+ src/tool_getparam.c:2318:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'orig_opt'
|
|
|
+ lib/curlx.h:56: included_from: Included from here.
|
|
|
+ src/tool_getparam.c:28: included_from: Included from here.
|
|
|
+ lib/curl_multibyte.h:70:51: note: in definition of macro 'curlx_convert_tchar_to_UTF8'
|
|
|
+ src/tool_getparam.c:2316:16: note: in expansion of macro 'curlx_convert_tchar_to_UTF8'
|
|
|
|
|
|
- Closes #6786
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7023
|
|
|
+
|
|
|
+Daniel Stenberg (6 May 2021)
|
|
|
+- scripts/delta: also show total number of days
|
|
|
|
|
|
-- openldap: disconnect better
|
|
|
+Marc Hoersken (5 May 2021)
|
|
|
+- sockfilt: fix invalid increment of handles index variable nfd
|
|
|
|
|
|
- Instead of clearing the callback argument in disconnect, set it to the
|
|
|
- (new) transfer to make sure the correct data is passed to the callbacks.
|
|
|
+ Only increment the array index if we actually stored a handle.
|
|
|
|
|
|
- Follow-up to e467ea3bd937f38
|
|
|
- Assisted-by: Patrick Monnerat
|
|
|
- Closes #6787
|
|
|
+ Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b
|
|
|
+ Closes #6992
|
|
|
|
|
|
-- libssh2: kdb_callback: get the right struct pointer
|
|
|
-
|
|
|
- After the recent conn/data refactor in this source file, this function
|
|
|
- was mistakenly still getting the old struct pointer which would lead to
|
|
|
- crash on servers with keyboard-interactive auth enabled.
|
|
|
+- sockfilt: avoid getting stuck waiting for writable socket
|
|
|
|
|
|
- Follow-up to a304051620b92e12b (shipped in 7.75.0)
|
|
|
+ Reset FD_WRITE event using the same approach as in multi.c
|
|
|
|
|
|
- Reported-by: Christian Schmitz
|
|
|
- Fixes #6691
|
|
|
- Closes #6782
|
|
|
+ Follow up to b36442b24305f3cda7c13cc64b46838995a4985b
|
|
|
+ Closes #6992
|
|
|
|
|
|
-- tftp: remove unused struct fields
|
|
|
+Jay Satiro (5 May 2021)
|
|
|
+- test678: Fix for Windows multibyte builds
|
|
|
|
|
|
- Follow-up to d3d90ad9c00530d
|
|
|
+ Follow-up to 77fc385 from yesterday.
|
|
|
|
|
|
- Closes #6781
|
|
|
+ Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557
|
|
|
+ Reported-by: Marc Hörsken
|
|
|
|
|
|
-- openldap: avoid NULL pointer dereferences
|
|
|
-
|
|
|
- Follow-up to a59c33ceffb8f78
|
|
|
- Reported-by: Patrick Monnerat
|
|
|
- Fixes #6676
|
|
|
- Closes #6780
|
|
|
+- [Dmitry Kostjuchenko brought this change]
|
|
|
|
|
|
-- http: strip default port from URL sent to proxy
|
|
|
+ build: fix compilation for Windows UWP platform
|
|
|
|
|
|
- To make sure the Host: header and the URL provide the same authority
|
|
|
- portion when sent to the proxy, strip the default port number from the
|
|
|
- URL if one was provided.
|
|
|
+ - Include afunix.h which is necessary for sockaddr_un when
|
|
|
+ USE_UNIX_SOCKETS is defined on Windows.
|
|
|
|
|
|
- Reported-by: Michael Brown
|
|
|
- Fixes #6769
|
|
|
- Closes #6778
|
|
|
+ Closes https://github.com/curl/curl/pull/7006
|
|
|
|
|
|
-- azure: disable test 433 on azure-ubuntu
|
|
|
-
|
|
|
- Something in that environment sets XDG_CONFIG_HOME for us in a way that
|
|
|
- breaks the test.
|
|
|
+Daniel Stenberg (5 May 2021)
|
|
|
+- gnutls: make setting only the MAX TLS allowed version work
|
|
|
|
|
|
- Reported-by: Marc Hörsken
|
|
|
- Fixes #6739
|
|
|
- Closes #6777
|
|
|
-
|
|
|
-- tftp: remove the 3600 second default timeout
|
|
|
+ Previously, settting only the max allowed TLS version, leaving the
|
|
|
+ minimum one at default, didn't actually set it and left it to default
|
|
|
+ (TLS 1.3) too!
|
|
|
|
|
|
- ... it was never meant to be there.
|
|
|
+ As a bonus, this change also removes the dead code handling of SSLv3
|
|
|
+ since that version can't be set anymore (since eff614fb0242cb).
|
|
|
|
|
|
- Reported-by: Tomas Berger
|
|
|
- Fixes #6774
|
|
|
- Closes #6776
|
|
|
+ Reported-by: Daniel Carpenter
|
|
|
+ Fixes #6998
|
|
|
+ Closes #7000
|
|
|
|
|
|
-- docs: make gen.pl support *italic* and **bold**
|
|
|
+- openldap: replace ldap_ prefix on private functions
|
|
|
|
|
|
- Remove some nroffisms from the cmdline doc files to simplify editing,
|
|
|
- and instead support this markdown style.
|
|
|
+ Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
|
|
|
+ least) there's a symbol collision because of that.
|
|
|
|
|
|
- Closes #6771
|
|
|
-
|
|
|
-- ngtcp2: sync with recent API updates
|
|
|
+ The private functions now use the 'oldap_' prefix where it previously
|
|
|
+ used 'ldap_'.
|
|
|
|
|
|
- Closes #6770
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Reported-by: 3eka on github
|
|
|
+ Fixes #7004
|
|
|
+ Closes #7005
|
|
|
|
|
|
-- libssh2:ssh_connect: clear session pointer after free
|
|
|
-
|
|
|
- If libssh2_knownhost_init() returns NULL, like in an OOM situation, the
|
|
|
- ssh session was freed but the pointer wasn't cleared which made libcurl
|
|
|
- later call libssh2 to cleanup using the stale pointer.
|
|
|
+Jay Satiro (5 May 2021)
|
|
|
+- http2: fix potentially uninitialized variable
|
|
|
|
|
|
- Fixes #6764
|
|
|
- Closes #6766
|
|
|
+ introduced several days ago in 3193170. caught by visual studio linker.
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Gilles Vollant brought this change]
|
|
|
|
|
|
- docs: document version of crustls dependency
|
|
|
-
|
|
|
- This also pins a specific release in the Travis test so future
|
|
|
- API-breaking changins in crustls won't break curl builds.
|
|
|
+ SSL: support in-memory CA certs for some backends
|
|
|
|
|
|
- Add RUSTLS documentation to release tarball.
|
|
|
+ - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
|
|
|
+ specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
|
|
|
+ and Secure Transport (Apple) SSL backends.
|
|
|
|
|
|
- Enable running tests for rustls, minus FTP tests (require
|
|
|
- connect_blocking, which rustls doesn't implement) and 313 (requires CRL
|
|
|
- handling).
|
|
|
+ Prior to this change PEM certificates could only be imported from a file
|
|
|
+ and not from memory.
|
|
|
|
|
|
- Closes #6763
|
|
|
-
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
-
|
|
|
- rustls: Handle close_notify.
|
|
|
+ Co-authored-by: moparisthebest@users.noreply.github.com
|
|
|
|
|
|
- If we get a close_notify, treat that as EOF. If we get an EOF from the
|
|
|
- TCP stream, treat that as an error (because we should have ended the
|
|
|
- connection earlier, when we got a close_notify).
|
|
|
+ Ref: https://github.com/curl/curl/pull/4679
|
|
|
+ Ref: https://github.com/curl/curl/pull/5677
|
|
|
+ Ref: https://github.com/curl/curl/pull/6109
|
|
|
|
|
|
- Closes #6763
|
|
|
+ Closes https://github.com/curl/curl/pull/6662
|
|
|
|
|
|
-- docs: clarify timeouts for queued transfers in multi API
|
|
|
-
|
|
|
- Closes #6758
|
|
|
+Daniel Stenberg (4 May 2021)
|
|
|
+- [David Cook brought this change]
|
|
|
|
|
|
-- ftpserver: only load the preprocessed test file
|
|
|
+ tests: ignore case of chunked hex numbers in tests
|
|
|
|
|
|
- We always preprocess and tests are no longer sensible to load "raw"
|
|
|
+ When hyper is used, it emits uppercase hexadecimal numbers for chunked
|
|
|
+ encoding lengths. Without hyper, lowercase hexadecimal numbers are used.
|
|
|
+ This change adds preprocessor statements to tests where this is an
|
|
|
+ issue, and adapts the fixtures to match.
|
|
|
|
|
|
- Closes #6738
|
|
|
+ Closes #6987
|
|
|
|
|
|
-- tests: use %TESTNUMBER instead of fixed number
|
|
|
+- cmake: check for getppid and utimes
|
|
|
|
|
|
- This makes the tests easier to copy and relocate to other test numbers
|
|
|
- without having to update content.
|
|
|
+ ... as they're checked for in the configure script and are used by
|
|
|
+ source code.
|
|
|
|
|
|
- Closes #6738
|
|
|
-
|
|
|
-- KNOWN_BUGS: CURLOPT_OPENSOCKETPAIRFUNCTION is missing
|
|
|
+ Removed checks for perror, setvbuf and strlcat since those defines are
|
|
|
+ not checked for in source code.
|
|
|
|
|
|
- Closes #5747
|
|
|
-
|
|
|
-- TODO: provide timing info for each redirect
|
|
|
+ Bonus: removed HAVE_STRLCPY from a few config-*.h files since that
|
|
|
+ symbol is not used in source code.
|
|
|
|
|
|
- Closes #6743
|
|
|
+ Closes #6997
|
|
|
|
|
|
-Jay Satiro (17 Mar 2021)
|
|
|
-- docs: Add SSL backend names to CURL_SSL_BACKEND
|
|
|
-
|
|
|
- - Document the names that can be used with CURL_SSL_BACKEND:
|
|
|
- bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls,
|
|
|
- schannel, secure-transport, wolfssl
|
|
|
+- libtest: remove lib530.c
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286
|
|
|
- Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201
|
|
|
+ Follow up from e50a877df when test 530 was removed. Since then this
|
|
|
+ source file has not been used/needed.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6755
|
|
|
+ Closes #6999
|
|
|
|
|
|
-- docs: Explain DOH transfers inherit some SSL settings
|
|
|
-
|
|
|
- - Document in DOH that some SSL settings are inherited but DOH hostname
|
|
|
- and peer verification are not and are controlled separately.
|
|
|
+- FILEFORMAT: mention sectransp as a feature
|
|
|
|
|
|
- - Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
|
|
|
- we're considering changing behavior to no longer inherit it. Request
|
|
|
- feedback.
|
|
|
+ Been supported since at least 40259ca65
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6688
|
|
|
+ Closes #7001
|
|
|
|
|
|
-Daniel Stenberg (17 Mar 2021)
|
|
|
-- http: make 416 not fail with resume + CURLOPT_FAILONERRROR
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- libssh2: ignore timeout during disconnect
|
|
|
|
|
|
- When asked to resume a download, libcurl will convert that to HTTP logic
|
|
|
- and if then the entire file is already transferred it will result in a
|
|
|
- 416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
|
|
|
- scenario, it should *not* lead to an error return.
|
|
|
+ ... to avoid memory leaks!
|
|
|
|
|
|
- Updated test 1156, added test 1273
|
|
|
+ libssh2 is tricky as we have to deal with the non-blockiness even in
|
|
|
+ close and shutdown cases. In the cases when we shutdown after a timeout
|
|
|
+ already expired, it is crucial that curl doen't let the timeout abort
|
|
|
+ the shutdown process as that then leaks memory!
|
|
|
|
|
|
- Reported-by: Jonathan Watt
|
|
|
- Fixes #6740
|
|
|
- Closes #6753
|
|
|
+ Reported-by: Benjamin Riefenstahl
|
|
|
+ Fixes #6990
|
|
|
|
|
|
-- Curl_timeleft: check both timeouts during connect
|
|
|
-
|
|
|
- The duration of a connect and the total transfer are calculated from two
|
|
|
- different time-stamps. It can end up with the total timeout triggering
|
|
|
- before the connect timeout expires and we should make sure to
|
|
|
- acknowledge whichever timeout that is reached first.
|
|
|
-
|
|
|
- This is especially notable when a transfer first sits in PENDING, as
|
|
|
- that time is counted in the total time but the connect timeout is based
|
|
|
- on the time since the handle changed to the CONNECT state.
|
|
|
+- KNOWN_BUGS: add two HTTP/2 bugs
|
|
|
+
|
|
|
+- KNOWN_BUGS: add three HTTP/3 issues
|
|
|
|
|
|
- The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire
|
|
|
- operation.
|
|
|
+ ... and moved the HTTP/2 issues to its own section
|
|
|
|
|
|
- Fixes #6744
|
|
|
- Closes #6745
|
|
|
- Reported-by: Andrei Bica
|
|
|
- Assisted-by: Jay Satiro
|
|
|
+ Closes #6606
|
|
|
+ Closes #6510
|
|
|
+ Closes #6494
|
|
|
|
|
|
-- configure: remove use of deprecated macros
|
|
|
-
|
|
|
- AC_HEADER_TIME, AC_HEADER_STDC and AC_TYPE_SIGNAL
|
|
|
+- [ejanchivdorj brought this change]
|
|
|
|
|
|
-- configure: make AC_TRY_* into AC_*_IFELSE
|
|
|
+ CURLcode: add CURLE_SSL_CLIENTCERT
|
|
|
|
|
|
- ... as the former versions are deprecated.
|
|
|
-
|
|
|
-- configure: s/AC_HELP_STRING/AS_HELP_STRING
|
|
|
+ When a TLS server requests a client certificate during handshake and
|
|
|
+ none can be provided, libcurl now returns this new error code
|
|
|
+ CURLE_SSL_CLIENTCERT
|
|
|
|
|
|
- AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
|
|
|
- already since 2.59 so bump the minimum required version to that.
|
|
|
+ Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.
|
|
|
|
|
|
- Reported-by: Emil Engler
|
|
|
- Fixes #6647
|
|
|
- Closes #6748
|
|
|
+ Closes #6721
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Tobias Gabriel brought this change]
|
|
|
|
|
|
-- travis: use ubuntu nghttp2 package instead of build our own
|
|
|
+ .github/FUNDING: add link to GitHub sponsors
|
|
|
|
|
|
- Closes #6751
|
|
|
+ Closes #6985
|
|
|
|
|
|
-- travis: bump wolfssl to 4.7.0
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
-- travis: only build wolfssl when needed
|
|
|
+ krb5/name_to_level: replace checkprefix with curl_strequal
|
|
|
|
|
|
- Closes #6751
|
|
|
+ Closes #6993
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
- rustls: allocate a buffer for TLS data.
|
|
|
-
|
|
|
- Previously, rustls was using an on-stack array for TLS data. However,
|
|
|
- crustls has an (unusual) requirement that buffers it deals with are
|
|
|
- initialized before writing to them. By using calloc, we can ensure the
|
|
|
- buffer is initialized once and then reuse it across calls.
|
|
|
+ Curl_input_digest: require space after Digest
|
|
|
|
|
|
- Closes #6742
|
|
|
+ Closes #6993
|
|
|
|
|
|
-- travis: add a rustls build
|
|
|
-
|
|
|
- ... that doesn't run any tests (yet)
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
+
|
|
|
+ Curl_http_header: check for colon when matching Persistent-Auth
|
|
|
|
|
|
- Closes #6750
|
|
|
+ Closes #6993
|
|
|
|
|
|
-- HTTP2: remove the outdated remark about multiplexing for the tool
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
-- [Robert Ronto brought this change]
|
|
|
+ Curl_http_input_auth: require valid separator after negotiation type
|
|
|
+
|
|
|
+ Closes #6993
|
|
|
|
|
|
- http2: don't set KEEP_SEND when there's no more data to be sent
|
|
|
+- http: fix the check for 'Authorization' with Bearer
|
|
|
|
|
|
- this should fix an issue where curl sometimes doesn't send out a request
|
|
|
- with authorization info after a 401 is received over http2
|
|
|
+ The code would wrongly check for it using an additional colon.
|
|
|
|
|
|
- Closes #6747
|
|
|
+ Reported-by: Blake Burkhart
|
|
|
+ Closes #6988
|
|
|
|
|
|
-Marc Hoersken (15 Mar 2021)
|
|
|
-- config: fix building SMB with configure using Win32 Crypto
|
|
|
-
|
|
|
- Align conditions for NTLM features between CMake and configure
|
|
|
- builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
|
|
|
- just like curl_setup.h does internally to detect support of:
|
|
|
+- [Kamil Dudka brought this change]
|
|
|
+
|
|
|
+ http2: fix a resource leak in push_promise()
|
|
|
|
|
|
- - USE_NTLM: required for NTLM crypto authentication feature
|
|
|
- - USE_CURL_NTLM_CORE: required for SMB protocol
|
|
|
+ ... detected by Coverity:
|
|
|
|
|
|
- Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
|
|
|
- in wincrypt.h which are not available in the Windows App environment.
|
|
|
+ Error: RESOURCE_LEAK (CWE-772):
|
|
|
+ lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle".
|
|
|
+ lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)".
|
|
|
+ lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url".
|
|
|
+ lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to.
|
|
|
|
|
|
- Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
|
|
|
- Fix condition of Schannel SSL backend in CMake build accordingly.
|
|
|
+ Closes #6986
|
|
|
+
|
|
|
+- [Kamil Dudka brought this change]
|
|
|
+
|
|
|
+ http2: fix resource leaks in set_transfer_url()
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
+ ... detected by Coverity:
|
|
|
|
|
|
- Closes #6277
|
|
|
-
|
|
|
-- config: fix detection of restricted Windows App environment
|
|
|
+ Error: RESOURCE_LEAK (CWE-772):
|
|
|
+ lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
+ lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
|
|
|
- Move the detection of the restricted Windows App environment
|
|
|
- in curl_setup.h before the definition of USE_WIN32_CRYPTO
|
|
|
- via included config-win32.h in case no build system is used.
|
|
|
+ Error: RESOURCE_LEAK (CWE-772):
|
|
|
+ lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
+ lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
+ Error: RESOURCE_LEAK (CWE-772):
|
|
|
+ lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
+ lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
|
|
|
- Part of #6277
|
|
|
-
|
|
|
-Daniel Stenberg (15 Mar 2021)
|
|
|
-- HISTORY: curl 7.7.2 was the first version used in Mac OS X 10.1
|
|
|
-
|
|
|
-- gen.pl: quote "bare" minuses in the nroff curl.1
|
|
|
+ Error: RESOURCE_LEAK (CWE-772):
|
|
|
+ lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
+ lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
+ lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
|
|
|
- Reported-by: Alejandro Colomar
|
|
|
- Fixes #6698
|
|
|
- Closes #6722
|
|
|
+ Closes #6986
|
|
|
|
|
|
-Daniel Gustafsson (14 Mar 2021)
|
|
|
-- hsts: remove unused defines
|
|
|
-
|
|
|
- MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
|
|
|
- and mostly likely leftovers from early development. Remove as they're not
|
|
|
- used for anything.
|
|
|
-
|
|
|
- Closes #6741
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-Daniel Stenberg (12 Mar 2021)
|
|
|
-- github: add torture-ftp for FTP-only torture testing
|
|
|
+ rustls: use ALPN
|
|
|
|
|
|
- and at 20% to try to keep the run-time reasonable
|
|
|
+ Update required rustls to 0.5.0
|
|
|
|
|
|
- Closes #6728
|
|
|
+ Closes #6960
|
|
|
|
|
|
-- travis: split "torture" into a separate "events" build as well
|
|
|
-
|
|
|
- Run torture without FTP and reducing coverage to 20%
|
|
|
-
|
|
|
- For some reason the torture tests now run a lot slower on travis and run
|
|
|
- into the 50 minute limit all the time.
|
|
|
-
|
|
|
- Closes #6728
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
-- ftp: fix memory leak in ftp_done
|
|
|
-
|
|
|
- If after a transfer is complete Curl_GetFTPResponse() returns an error,
|
|
|
- curl would not free the ftp->pathalloc block.
|
|
|
+ gskit: fix CURL_DISABLE_PROXY build
|
|
|
|
|
|
- Found by torture-testing test 576
|
|
|
+ Removed localfd and remotefd from ssl_backend_data (ued only with proxy
|
|
|
+ connection). Function pipe_ssloverssl return always 0, when proxy is not
|
|
|
+ used.
|
|
|
|
|
|
- Closes #6737
|
|
|
+ Closes #6981
|
|
|
|
|
|
-- [oxalica brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- http2: fail if connection terminated without END_STREAM
|
|
|
+ gskit: fix undefined reference to 'conn'
|
|
|
|
|
|
- Closes #6736
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #6980
|
|
|
|
|
|
- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- rustls: support CURLOPT_SSL_VERIFYPEER
|
|
|
-
|
|
|
- This requires the latest main branch of crustls, which provides
|
|
|
- rustls_client_config_builder_dangerous_set_certificate_verifier and
|
|
|
- rustls_client_config_builder_set_enable_sni.
|
|
|
-
|
|
|
- This refactors the session setup into its own function, and adds a new
|
|
|
- function cr_hostname_is_ip. Because crustls doesn't support verification
|
|
|
- of IP addresses, special handling is needed: We disable SNI and set a
|
|
|
- placeholder hostname (which never actually gets sent on the wire).
|
|
|
-
|
|
|
- Closes #6719
|
|
|
-
|
|
|
-Daniel Gustafsson (12 Mar 2021)
|
|
|
-- cookies: Fix potential NULL pointer deref with PSL
|
|
|
+ tls: add USE_HTTP2 define
|
|
|
|
|
|
- Curl_cookie_init can be called with data being NULL, and this can in turn
|
|
|
- be passed to Curl_cookie_add, meaning that both functions must be careful
|
|
|
- to only use data where it's checked for being a NULL pointer. The libpsl
|
|
|
- support code does however dereference data without checking, so if we are
|
|
|
- indeed having an unset data pointer we cannot PSL check the cookiedomain.
|
|
|
+ This abstracts across the two HTTP/2 backends: nghttp2 and Hyper.
|
|
|
|
|
|
- This is currently not a reachable dereference, as the only caller with a
|
|
|
- NULL data isn't passing a file to initialize cookies from, but since the
|
|
|
- API has this contract let's ensure we hold it.
|
|
|
+ Add our own define for the "h2" ALPN protocol, so TLS backends can use
|
|
|
+ it without depending on a specific HTTP backend.
|
|
|
|
|
|
- Closes #6731
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Closes #6959
|
|
|
|
|
|
-Daniel Stenberg (12 Mar 2021)
|
|
|
-- [Michael Hordijk brought this change]
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- configure: only add OpenSSL paths if they are defined
|
|
|
-
|
|
|
- Add paths for OpenSSL compiling and linking only if they have been
|
|
|
- defined. If they haven't been defined, we'll assume that the paths are
|
|
|
- already available to the toolchain.
|
|
|
+ lib: fix 0-length Curl_client_write calls
|
|
|
|
|
|
- Closes #6730
|
|
|
+ Closes #6954
|
|
|
|
|
|
-Jay Satiro (12 Mar 2021)
|
|
|
-- retry.d: Clarify transient 5xx HTTP response codes
|
|
|
-
|
|
|
- - Clarify the only 5xx response codes that are treated as transient are
|
|
|
- 500, 502, 503 and 504.
|
|
|
-
|
|
|
- Prior to this change it said it treated all 5xx as transient, but the
|
|
|
- code says otherwise.
|
|
|
-
|
|
|
- Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495
|
|
|
-
|
|
|
- Closes https://github.com/curl/curl/pull/6724
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-- retry-all-errors.d: Explain curl errors versus HTTP response errors
|
|
|
-
|
|
|
- - Add a paragraph explaining that curl does not consider HTTP response
|
|
|
- errors as curl errors, and how that behavior can be modified by using
|
|
|
- --retry and --fail.
|
|
|
-
|
|
|
- The --retry-all-errors doc says "Retry on any error" which some users
|
|
|
- may find misleading without the added explanation.
|
|
|
-
|
|
|
- Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve
|
|
|
- Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT
|
|
|
+ lib: remove strlen call from Curl_client_write
|
|
|
|
|
|
- Reported-by: Lawrence Gripper
|
|
|
+ At all call sites with an explicit 0 len, pass an appropriate nonzero
|
|
|
+ len.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/6712
|
|
|
- Closes https://github.com/curl/curl/pull/6720
|
|
|
+ Closes #6954
|
|
|
|
|
|
-Daniel Stenberg (11 Mar 2021)
|
|
|
-- travis: switch ngtcp2 build over to quictls
|
|
|
-
|
|
|
- The ngtcp2 project switched over to using the quictls OpenSSL fork
|
|
|
- instead of their own patched OpenSSL. We follow suit.
|
|
|
+- [Ayushman Singh Chauhan brought this change]
|
|
|
+
|
|
|
+ docs: camelcase it like GitHub everywhere
|
|
|
|
|
|
- Closes #6729
|
|
|
+ Closes #6979
|
|
|
|
|
|
-- test220/314: adjust to run with Hyper
|
|
|
+Jay Satiro (27 Apr 2021)
|
|
|
+- [Lucas Servén Marín brought this change]
|
|
|
|
|
|
-- c-hyper: support automatic content-encoding
|
|
|
+ docs: fix typo in fail-with-body doc
|
|
|
|
|
|
- Closes #6727
|
|
|
-
|
|
|
-- http: remove superfluous NULL assign
|
|
|
+ This commit fixes a small typo in the documentation for the
|
|
|
+ --fail-with-body flag.
|
|
|
|
|
|
- Closes #6727
|
|
|
+ Closes https://github.com/curl/curl/pull/6977
|
|
|
|
|
|
-- tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
|
|
|
+- lib: fix some misuse of curlx_convert_UTF8_to_tchar
|
|
|
|
|
|
- Closes #6727
|
|
|
-
|
|
|
-- setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
|
|
|
+ curlx_convert_UTF8_to_tchar must be freed by curlx_unicodefree, but
|
|
|
+ prior to this change some uses mistakenly called free.
|
|
|
|
|
|
- Not supported.
|
|
|
+ I've reviewed all other uses of curlx_convert_UTF8_to_tchar and
|
|
|
+ curlx_convert_tchar_to_UTF8.
|
|
|
|
|
|
- Closes #6727
|
|
|
-
|
|
|
-- test306: make it not run with Hyper
|
|
|
+ Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763
|
|
|
+ Reported-by: sergio-nsk@users.noreply.github.com
|
|
|
|
|
|
- ... as it tests HTTP/0.9 which Hyper doesn't support.
|
|
|
-
|
|
|
-- test304: header CRLF cleanup to work with Hyper
|
|
|
+ Closes https://github.com/curl/curl/pull/6938
|
|
|
|
|
|
-- FTP: allow SIZE to fail when doing (resumed) upload
|
|
|
+Daniel Stenberg (27 Apr 2021)
|
|
|
+- ntlm: precaution against super huge type2 offsets
|
|
|
|
|
|
- Added test 362 to verify.
|
|
|
+ ... which otherwise caused an integer overflow and circumvented the if()
|
|
|
+ conditional size check.
|
|
|
|
|
|
- Reported-by: Jordan Brown
|
|
|
- Regression since 7ea2e1d0c5a7f (7.73.0)
|
|
|
- Fixes #6715
|
|
|
- Closes #6725
|
|
|
+ Detected by OSS-Fuzz
|
|
|
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
|
|
|
+ Assisted-by: Max Dymond
|
|
|
+ Closes #6975
|
|
|
|
|
|
-- configure: provide Largefile feature for curl-config
|
|
|
-
|
|
|
- ... as cmake now does it correctly, and make test1014 check for it
|
|
|
-
|
|
|
- Closes #6702
|
|
|
+- c-hyper: fix unused variable ‘wrote’
|
|
|
|
|
|
-- config: remove CURL_SIZEOF_CURL_OFF_T use only SIZEOF_CURL_OFF_T
|
|
|
-
|
|
|
- Make the code consistently use a single name for the size of the
|
|
|
- "curl_off_t" type.
|
|
|
+- libcurl-security.3: be careful of setuid
|
|
|
|
|
|
- Closes #6702
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Closes #6970
|
|
|
|
|
|
-Jay Satiro (10 Mar 2021)
|
|
|
-- [Jun-ya Kato brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- ngtcp2: Fix build error due to change in ngtcp2_addr_init
|
|
|
+ c-hyper: don't write to set.writeheader if null
|
|
|
|
|
|
- ngtcp2/ngtcp2@b8d90a9 changed the function prototype.
|
|
|
+ Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a
|
|
|
+ CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to
|
|
|
+ the data->set.writeheader header buffer, even though it is null. This
|
|
|
+ led to NPE segfaults attempting to use libcurl+Hyper with Git, for
|
|
|
+ example.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6716
|
|
|
-
|
|
|
-Daniel Stenberg (10 Mar 2021)
|
|
|
-- [ejanchivdorj brought this change]
|
|
|
+ Instead, process the client write for the status line using the same
|
|
|
+ logic we use to process the client write for the later HTTP headers,
|
|
|
+ which contains the appropriate guard logic. As a side benefit,
|
|
|
+ data->set.writeheader is now only read in one file instead of two.
|
|
|
+
|
|
|
+ Fixes #6619
|
|
|
+ Fixes abetterinternet/crustls#49
|
|
|
+ Fixes hyperium/hyper#2438
|
|
|
+ Closes #6971
|
|
|
|
|
|
- multi: update pending list when removing handle
|
|
|
+- wolfssl: handle SSL_write() returns 0 for error
|
|
|
|
|
|
- when removing a handle, most of the lists are updated but pending list
|
|
|
- is not updated. Updating now.
|
|
|
+ Reported-by: Timo Lange
|
|
|
|
|
|
- Closes #6713
|
|
|
-
|
|
|
-- [kokke brought this change]
|
|
|
+ Closes #6967
|
|
|
|
|
|
- lib1536: check ptr against NULL before dereferencing it
|
|
|
+- easy: ignore sigpipe in curl_easy_send
|
|
|
|
|
|
- Closes #6710
|
|
|
-
|
|
|
-- [kokke brought this change]
|
|
|
+ Closes #6965
|
|
|
|
|
|
- lib1537: check ptr against NULL before dereferencing it
|
|
|
+- sigpipe: ignore SIGPIPE when using wolfSSL as well
|
|
|
|
|
|
- Fixes #6707
|
|
|
- Closes #6708
|
|
|
+ Closes #6966
|
|
|
|
|
|
-- travis: make torture tests skip TLS-SRP tests
|
|
|
-
|
|
|
- ... as it seems to often hang.
|
|
|
-
|
|
|
- Also: skip the "normal" tests as they're already run by many other
|
|
|
- builds.
|
|
|
+- libcurl-security.3: don't try to filter IPv4 hosts based on the URL
|
|
|
|
|
|
- Closes #6705
|
|
|
+ Closes #6942
|
|
|
|
|
|
-- openssl: adapt to v3's new const for a few API calls
|
|
|
-
|
|
|
- Closes #6703
|
|
|
+- [Harry Sintonen brought this change]
|
|
|
|
|
|
-- quiche: fix crash when failing to connect
|
|
|
+ nss_set_blocking: avoid static for sock_opt
|
|
|
|
|
|
- Reported-by: ウさん
|
|
|
- Fixes #6664
|
|
|
- Closes #6701
|
|
|
+ Reviewed-by: Kamil Dudka
|
|
|
+ Closes #6945
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
-
|
|
|
- Fixed the release counter and added a missing contributor
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Yusuke Nakamura brought this change]
|
|
|
|
|
|
-- dynbuf: bump the max HTTP request to 1MB
|
|
|
+ docs/HTTP3.md: fix nghttp2's HTTP/3 server port
|
|
|
|
|
|
- Raised from 128KB to allow longer request headers.
|
|
|
+ Port 8443 does not work now.
|
|
|
+ Correct origin is in the quicwg's wiki.
|
|
|
+ https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2
|
|
|
|
|
|
- Reported-by: Carl Zogheib
|
|
|
- Fixes #6681
|
|
|
- Closes #6685
|
|
|
+ Closes #6964
|
|
|
|
|
|
-Jay Satiro (6 Mar 2021)
|
|
|
-- schannel: Evaluate CURLOPT_SSL_OPTIONS via SSL_SET_OPTION macro
|
|
|
-
|
|
|
- - Change use of those options from CURLOPT_SSL_OPTIONS that are not
|
|
|
- already evaluated via SSL_SET_OPTION in schannel and secure transport
|
|
|
- to use that instead of data->set.ssl.optname.
|
|
|
-
|
|
|
- Example:
|
|
|
-
|
|
|
- Evaluate SSL_SET_OPTION(no_revoke) instead of data->set.ssl.no_revoke.
|
|
|
-
|
|
|
- This change is because options set via CURLOPT_SSL_OPTIONS
|
|
|
- (data->set.ssl.optname) are separate from those set for HTTPS proxy via
|
|
|
- CURLOPT_PROXY_SSL_OPTIONS (data->set.proxy_ssl.optname). The
|
|
|
- SSL_SET_OPTION macro determines whether the connection is for HTTPS
|
|
|
- proxy and based on that which option to evaluate.
|
|
|
+- krb5: don't use 'static' to store PBSZ size response
|
|
|
|
|
|
- Since neither Schannel nor Secure Transport backends currently support
|
|
|
- HTTPS proxy in libcurl, this change is for posterity and has no other
|
|
|
- effect.
|
|
|
+ ... because it makes the knowledge and usage cross-transfer in funny and
|
|
|
+ unexpected ways.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6690
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Closes #6963
|
|
|
|
|
|
-- [kokke brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- c-hyper: Remove superfluous pointer check
|
|
|
-
|
|
|
- `n` pointer is never NULL once set. Found by static analysis.
|
|
|
-
|
|
|
- Ref: https://github.com/curl/curl/issues/6696
|
|
|
+ m4: add security frameworks on Mac when compiling rustls
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6697
|
|
|
-
|
|
|
-- version.d: Add missing features to the features list
|
|
|
+ Previously compiling rustls on Mac would only complete if you also
|
|
|
+ compiled the SecureTransport TLS backend, which curl would prefer to
|
|
|
+ the Rust backend.
|
|
|
|
|
|
- - Add missing entries for gsasl, Kerberos, NTLM_WB, TrackMemory,
|
|
|
- Unicode and zstd.
|
|
|
+ Appending these flags to LDFLAGS makes it possible to compile the
|
|
|
+ Rustls backend on Mac without the SecureTransport backend, which means
|
|
|
+ this patch will make it possible for Mac users to use the Rustls
|
|
|
+ backend for TLS.
|
|
|
|
|
|
- - Remove krb4 since it's no longer a feature.
|
|
|
+ Reviewed-by: Jacob Hoffman-Andrews
|
|
|
|
|
|
- Reported-by: Ádler Jonas Gross
|
|
|
+ Fixes #6955
|
|
|
+ Cloes #6956
|
|
|
+
|
|
|
+- krb5: remove the unused 'overhead' function
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/6677
|
|
|
- Closes https://github.com/curl/curl/pull/6687
|
|
|
+ Closes #6947
|
|
|
|
|
|
-- [Vladimir Varlamov brought this change]
|
|
|
+- [Johann150 brought this change]
|
|
|
|
|
|
- docs: add missing Arg tag to --stderr
|
|
|
-
|
|
|
- Prior to this change the required argument was not shown.
|
|
|
-
|
|
|
- curl.1 before: --stderr
|
|
|
- curl.1 after: --stderr <file>
|
|
|
+ curl_url_set.3: add memory management information
|
|
|
|
|
|
- curl --help before:
|
|
|
- --stderr Where to redirect stderr
|
|
|
+ wording taken from man page for CURLOPT_URL.3
|
|
|
|
|
|
- curl --help after:
|
|
|
- --stderr <file> Where to redirect stderr
|
|
|
+ As far as I can see, the URL part is either malloc'ed before due to
|
|
|
+ encoding or it is strdup'ed.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6692
|
|
|
+ Closes #6953
|
|
|
|
|
|
-- projects: Update VS projects for OpenSSL 1.1.x
|
|
|
-
|
|
|
- - Update VS project templates to use the OpenSSL lib names and include
|
|
|
- directories for OpenSSL 1.1.x.
|
|
|
-
|
|
|
- This change means the VS project files will now build only with OpenSSL
|
|
|
- 1.1.x when an OpenSSL configuration is chosen. Prior to this change the
|
|
|
- project files built only with OpenSSL 1.0.x (end-of-life) when an
|
|
|
- OpenSSL configuration was chosen.
|
|
|
-
|
|
|
- The template changes in this commit were made by script:
|
|
|
-
|
|
|
- libeay32.lib => libcrypto.lib
|
|
|
- ssleay32.lib => libssl.lib
|
|
|
- ..\..\..\..\..\openssl\inc32 => ..\..\..\..\..\openssl\include
|
|
|
-
|
|
|
- And since the output directory now contains the includes it's prepended:
|
|
|
- ..\..\..\..\..\openssl\build\Win{32,64}\VC{6..15}\{DLL,LIB}
|
|
|
- {Debug,Release}\include
|
|
|
-
|
|
|
- - Change build-openssl.bat to copy the build's include directory to the
|
|
|
- output directory (as seen above).
|
|
|
-
|
|
|
- Each build has its own opensslconf.h which is different so we can't just
|
|
|
- include the source include directory any longer.
|
|
|
-
|
|
|
- Note the include directory in the output directory is a full copy from
|
|
|
- the build so technically we don't need to include the OpenSSL source
|
|
|
- include directory in the template. However, I left it last in case the
|
|
|
- user made a custom OpenSSL build using the old method which would put
|
|
|
- opensslconf in the OpenSSL source include directory.
|
|
|
-
|
|
|
- - Change build-openssl.bat to use a temporary install directory that is
|
|
|
- different from the temporary build directory.
|
|
|
-
|
|
|
- For OpenSSL 1.1.x the temporary paths must be separate not a descendant
|
|
|
- of the other, otherwise pdb files will be lost between builds.
|
|
|
-
|
|
|
- Ref: https://curl.se/mail/lib-2018-10/0049.html
|
|
|
- Ref: https://gist.github.com/jay/125191c35bbeb894444eff827651f755
|
|
|
- Ref; https://github.com/openssl/openssl/issues/10005
|
|
|
-
|
|
|
- Fixes https://github.com/curl/curl/issues/984
|
|
|
- Closes https://github.com/curl/curl/pull/6675
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-- doh: Inherit CURLOPT_STDERR from user's easy handle
|
|
|
-
|
|
|
- Prior to this change if the user set their easy handle's error stream
|
|
|
- to something other than stderr it was not inherited by the doh handles,
|
|
|
- which meant that they would still write to the default standard error
|
|
|
- stream (stderr) for verbose output.
|
|
|
-
|
|
|
- Bug: https://github.com/curl/curl/issues/6605
|
|
|
- Reported-by: arvids-kokins-bidstack@users.noreply.github.com
|
|
|
+ c-hpyer: fix handling of zero-byte chunk from hyper
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6661
|
|
|
+ Closes #6951
|
|
|
|
|
|
-Marc Hoersken (1 Mar 2021)
|
|
|
-- CI/azure: replace python-impacket with python3-impacket
|
|
|
-
|
|
|
- As of this month Azure DevOps uses Ubuntu 20.04 LTS which
|
|
|
- no longer supports Python 2 and instead ships Python 3.
|
|
|
+- CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
|
|
|
|
|
|
- Closes #6678
|
|
|
+ Ref: https://curl.se/mail/lib-2021-04/0085.html
|
|
|
+ Closes #6943
|
|
|
|
|
|
-- runtests.pl: kill processes locking test log files
|
|
|
-
|
|
|
- Introduce a new runtests.pl command option: -rm
|
|
|
-
|
|
|
- For now only required and implemented for Windows.
|
|
|
- Ignore stunnel logs due to long running processes.
|
|
|
-
|
|
|
- Requires Sysinternals handle[64].exe to be on PATH.
|
|
|
-
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
-
|
|
|
- Ref: #6058
|
|
|
- Closes #6179
|
|
|
+- [Ralph Langendam brought this change]
|
|
|
|
|
|
-- pathhelp.pm: fix use of pwd -L in Msys environment
|
|
|
-
|
|
|
- While Msys2 has a pwd binary which supports -L,
|
|
|
- Msys1 only has a shell built-in with that feature.
|
|
|
-
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
+ cmake: make libcurl output filename configurable
|
|
|
|
|
|
- Part of #6179
|
|
|
+ Reviewed-by: Jakub Zakrzewski
|
|
|
+ Closes #6933
|
|
|
|
|
|
-Daniel Gustafsson (1 Mar 2021)
|
|
|
-- ldap: use correct memory free function
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ vtls: reset ssl use flag upon negotiation failure
|
|
|
|
|
|
- unescaped is coming from Curl_urldecode and not a unicode conversion
|
|
|
- function, so reclaiming its memory should be performed with a normal
|
|
|
- call to free rather than curlx_unicodefree. In reality, this is the
|
|
|
- same thing as curlx_unicodefree is implemented as a call to free but
|
|
|
- that's not guaranteed to always hold. Using the curlx macro present
|
|
|
- issues with memory debugging as well.
|
|
|
+ Fixes the segfault in ldaps disconnect.
|
|
|
|
|
|
- Closes #6671
|
|
|
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Reported-by: Illarion Taev
|
|
|
+ Fixes #6934
|
|
|
+ Closes #6937
|
|
|
|
|
|
-- url: fix typo in comment
|
|
|
+- configure: fix typo in TLS error message
|
|
|
|
|
|
- Correct a small typo which snuck in with a304051620.
|
|
|
+ Reported-by: Pontus Lundkvist
|
|
|
|
|
|
-Jay Satiro (28 Feb 2021)
|
|
|
-- tool_help: Increase space between option and description
|
|
|
-
|
|
|
- - Increase the minimum number of spaces between the option and the
|
|
|
- description from 1 to 2.
|
|
|
+- README: link to the commercial support option
|
|
|
+
|
|
|
+Jay Satiro (22 Apr 2021)
|
|
|
+- [Martin Halle brought this change]
|
|
|
+
|
|
|
+ version: add gsasl_version to curl_version_info_data
|
|
|
|
|
|
- Before:
|
|
|
- ~~~
|
|
|
- -u, --user <user:password> Server user and password
|
|
|
- -A, --user-agent <name> Send User-Agent <name> to server
|
|
|
- -v, --verbose Make the operation more talkative
|
|
|
- -V, --version Show version number and quit
|
|
|
- -w, --write-out <format> Use output FORMAT after completion
|
|
|
- --xattr Store metadata in extended file attributes
|
|
|
- ~~~
|
|
|
+ - Add gsasl_version string and bump to CURLVERSION_TENTH.
|
|
|
|
|
|
- After:
|
|
|
- ~~~
|
|
|
- -u, --user <user:password> Server user and password
|
|
|
- -A, --user-agent <name> Send User-Agent <name> to server
|
|
|
- -v, --verbose Make the operation more talkative
|
|
|
- -V, --version Show version number and quit
|
|
|
- -w, --write-out <format> Use output FORMAT after completion
|
|
|
- --xattr Store metadata in extended file attributes
|
|
|
- ~~~
|
|
|
+ Ref: https://curl.se/mail/lib-2021-04/0003.html
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6674
|
|
|
+ Closes https://github.com/curl/curl/pull/6843
|
|
|
+
|
|
|
+- [Morten Minde Neergaard brought this change]
|
|
|
|
|
|
-Daniel Stenberg (27 Feb 2021)
|
|
|
-- curl: set CURLOPT_NEW_FILE_PERMS if requested
|
|
|
+ schannel: Support strong crypto option
|
|
|
|
|
|
- The --create-file-mode code logic accepted the value but never actually
|
|
|
- passed it on to libcurl!
|
|
|
+ - Support enabling strong crypto via optional user cipher list when
|
|
|
+ USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
|
|
|
|
|
|
- Follow-up to a7696c73436f (shipped in 7.75.0)
|
|
|
- Reported-by: Johannes Lesr
|
|
|
- Fixes #6657
|
|
|
- Closes #6666
|
|
|
-
|
|
|
-- tool_operate: check argc before accessing argv[1]
|
|
|
+ MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
|
|
|
+ weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
|
|
|
+ versions that may be otherwise enabled for better interoperability."
|
|
|
|
|
|
- Follow-up to 09363500b
|
|
|
- Reported-by: Emil Engler
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #6668
|
|
|
+ Ref: https://curl.se/mail/lib-2021-02/0066.html
|
|
|
+ Ref: https://curl.se/docs/manpage.html#--ciphers
|
|
|
+ Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
|
|
|
+ Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/6734
|
|
|
+
|
|
|
+Daniel Stenberg (22 Apr 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-Daniel Gustafsson (26 Feb 2021)
|
|
|
-- [Jean-Philippe Menil brought this change]
|
|
|
+- ci: adapt to configure requiring an explicit TLS choice
|
|
|
|
|
|
- openssl: remove get_ssl_version_txt in favor of SSL_get_version
|
|
|
-
|
|
|
- openssl: use SSL_get_version to get connection protocol
|
|
|
-
|
|
|
- Replace our bespoke get_ssl_version_txt in favor of SSL_get_version.
|
|
|
- We can get rid of few lines of code, since SSL_get_version achieve
|
|
|
- the exact same thing
|
|
|
+- configure: split out each TLS library detector into its own function
|
|
|
|
|
|
- Closes #6665
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
- Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
|
|
|
+ ... and put those functions in separate m4 files per TLS library.
|
thegeorg