|
|
@@ -6,7935 +6,7727 @@
|
|
|
|
|
|
Changelog
|
|
|
|
|
|
-Version 7.81.0 (5 Jan 2022)
|
|
|
+Version 7.82.0 (5 Mar 2022)
|
|
|
|
|
|
-Daniel Stenberg (5 Jan 2022)
|
|
|
+Daniel Stenberg (5 Mar 2022)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
- curl 7.81.0 release
|
|
|
+ The 7.82.0 release
|
|
|
|
|
|
-- THANKS: add names from 7.81.0 release
|
|
|
+- THANKS: updates from the 7.82.0 release notes
|
|
|
|
|
|
-- curl_multi_init.3: fix the copyright year range
|
|
|
+- misc: update copyright year ranges
|
|
|
|
|
|
-- test719-721: require "proxy" feature present to run
|
|
|
-
|
|
|
- Bug: https://github.com/curl/curl/pull/8223#issuecomment-1005188696
|
|
|
- Reported-by: Marc Hörsken
|
|
|
+Jay Satiro (5 Mar 2022)
|
|
|
+- unit1610: init SSL library before calling SHA256 functions
|
|
|
|
|
|
- Closes #8226
|
|
|
-
|
|
|
-- test719: require ipv6 support to run
|
|
|
+ The SSL library must be initialized (via global initialization) because
|
|
|
+ libcurl's SHA256 functions may call SHA256 functions in the SSL library.
|
|
|
|
|
|
- Follow-up to effd2bd7ba2a5fd244
|
|
|
- Reported-by: Marc Hörsken
|
|
|
- Bug: https://github.com/curl/curl/pull/8217#issuecomment-1004681145
|
|
|
+ Reported-by: Gisle Vanem
|
|
|
|
|
|
- Closes #8223
|
|
|
+ Fixes https://github.com/curl/curl/issues/8538
|
|
|
+ Closes https://github.com/curl/curl/pull/8540
|
|
|
|
|
|
-- test719-721: verify SOCKS details
|
|
|
+- examples/curlx: support building with OpenSSL 1.1.0+
|
|
|
|
|
|
- Using the new verify/socks details
|
|
|
-
|
|
|
-- runtests: add verify/socks check
|
|
|
+ - Access members of X509_STORE_CTX in OpenSSL 1.1.0+ by using API
|
|
|
+ functions.
|
|
|
|
|
|
- If used, this data is compared with the data in log/socksd-request.log
|
|
|
- which the socksd server logs.
|
|
|
+ The X509_STORE_CTX struct has been opaque since OpenSSL 1.1.0.
|
|
|
|
|
|
- Added to FILEFORMAT.md
|
|
|
+ Ref: https://curl.se/mail/lib-2022-03/0004.html
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8529
|
|
|
|
|
|
-- server/socksd: log atyp + address in a separate log
|
|
|
+- h2h3: fix typo
|
|
|
|
|
|
- To allow the test suite to verify that the right data arrived
|
|
|
+ Bug: https://github.com/curl/curl/issues/8381#issuecomment-1055440241
|
|
|
+ Reported-by: Michael Kaufmann
|
|
|
|
|
|
-- socks5: use appropriate ATYP for numerical IP address host names
|
|
|
+- [Farzin brought this change]
|
|
|
+
|
|
|
+ CURLOPT_XFERINFOFUNCTION.3: fix example struct assignment
|
|
|
|
|
|
- When not resolving the address locallly (known as socks5h).
|
|
|
+ Closes https://github.com/curl/curl/pull/8519
|
|
|
+
|
|
|
+Daniel Stenberg (26 Feb 2022)
|
|
|
+- azure-pipelines: add a build on Windows with libssh
|
|
|
|
|
|
- Add test 719 and 720 to verify.
|
|
|
+ Closes #8511
|
|
|
+
|
|
|
+- runtests: make 'oldlibssh' be before 0.9.5
|
|
|
|
|
|
- Reported-by: Peter Piekarski
|
|
|
- Fixes #8216
|
|
|
- Closes #8217
|
|
|
+ Closes #8511
|
|
|
|
|
|
-Jay Satiro (3 Jan 2022)
|
|
|
-- curl_multi_init.3: fix EXAMPLE formatting
|
|
|
+- libssh: fix include files and defines use for Windows builds
|
|
|
+
|
|
|
+ Reported-by: 梦终无痕
|
|
|
+ Bug: https://curl.se/mail/lib-2022-02/0131.html
|
|
|
+ Closes #8511
|
|
|
|
|
|
-Daniel Stenberg (3 Jan 2022)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- libtest: avoid "assignment within conditional expression"
|
|
|
-
|
|
|
- In lib530, lib540 and lib582
|
|
|
+- [illusory-dream brought this change]
|
|
|
+
|
|
|
+ winbuild: add parameter WITH_SSH
|
|
|
|
|
|
- Closes #8218
|
|
|
+ For building with libssh
|
|
|
+ Closes #8514
|
|
|
|
|
|
-- ftp: disable warning 4706 in MSVC
|
|
|
+- configure: change output for cross-compiled alt-svc support
|
|
|
|
|
|
- Follow-up to 21248e052d
|
|
|
+ It said 'no', while it actually is 'yes'
|
|
|
|
|
|
- Disabling "assignment within conditional expression" for MSVC needs to
|
|
|
- be done before the function starts, for it to take effect.
|
|
|
+ Closes #8512
|
|
|
+
|
|
|
+- gha: add a macOS CI job with libssh
|
|
|
|
|
|
- Closes #8218
|
|
|
+ Closes #8513
|
|
|
|
|
|
-- tool_operate: warn if too many output arguments were found
|
|
|
+- TODO: remove "Bring back libssh tests on Travis"
|
|
|
|
|
|
- More output instructions than URLs is likely a user error.
|
|
|
+ The job was added to Circle CI in d8ddd0e7536
|
|
|
+
|
|
|
+- TODO: remove "better persistency for HTTP/1.0"
|
|
|
|
|
|
- Add test case 371 to verify
|
|
|
+ Let's not bother.
|
|
|
+
|
|
|
+- TODO: remove "Option to ignore private IP"
|
|
|
|
|
|
- Closes #8210
|
|
|
+ ... as curl ignores the IP entirely by default these days.
|
|
|
|
|
|
-- .github/workflows/mbedtls.yml: bump to mbedtls 3.1.0
|
|
|
+- TODO: remove "hardcode the "localhost" addresses"
|
|
|
|
|
|
- Closes #8215
|
|
|
+ This is implmented since 1a0ebf6632f88
|
|
|
|
|
|
-- zuul: remove the mbedtls jobs
|
|
|
+- TODO: 1.24 was a dupe of 1.1
|
|
|
+
|
|
|
+- TODO: remove "Typesafe curl_easy_setopt()"
|
|
|
|
|
|
- Now running as github workflows
|
|
|
+ I don't consider this a serious TODO item
|
|
|
+
|
|
|
+- KNOWN_BUGS: remove "Uploading HTTP/3 files gets interrupted"
|
|
|
|
|
|
- Closes #8215
|
|
|
+ This works now
|
|
|
|
|
|
-- github/workflows: add mbedtls and mbedtls-clang
|
|
|
+- KNOWN_BUGS: remove "HTTP/3 multipart POST with quiche fails"
|
|
|
|
|
|
- Closes #8215
|
|
|
+ It works now
|
|
|
|
|
|
-- [Valentin Richter brought this change]
|
|
|
+- quiche: remove two leftover debug infof() outputs
|
|
|
|
|
|
- mbedtls: fix private member designations for v3.1.0
|
|
|
-
|
|
|
- "As a last resort, you can access the field foo of a structure bar by
|
|
|
- writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk,
|
|
|
- since such code is likely to break in a future minor version of Mbed
|
|
|
- TLS." -
|
|
|
- https://github.com/ARMmbed/mbedtls/blob/f2d1199edc5834df4297f247f213e614f7782d1d/docs/3.0-migration-guide.md
|
|
|
-
|
|
|
- That future minor version is v3.1.0. I set the >= to == for the version
|
|
|
- checks because v3.1.0 is a release, and I am not sure when the private
|
|
|
- designation was reverted after v3.0.0.
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: Reset dynbuf when it is fully drained
|
|
|
|
|
|
- Closes #8214
|
|
|
+ Reported-by: vl409 on github
|
|
|
+ Fixes #7351
|
|
|
+ Closes #8504
|
|
|
|
|
|
-- [Valentin Richter brought this change]
|
|
|
+- [Stewart Gebbie brought this change]
|
|
|
|
|
|
- cmake: prevent dev warning due to mismatched arg
|
|
|
+ hostip: avoid unused parameter error in Curl_resolv_check
|
|
|
|
|
|
- -- curl version=[7.81.0-DEV]
|
|
|
- CMake Warning (dev) at /usr/share/cmake-3.22.1/Modules/FindPackageHandleStandardArgs.cmake:438 (message):
|
|
|
- The package name passed to `find_package_handle_standard_args` (MBEDTLS)
|
|
|
- does not match the name of the calling package (MbedTLS). This can lead to
|
|
|
- problems in calling code that expects `find_package` result variables
|
|
|
- (e.g., `_FOUND`) to follow a certain pattern.
|
|
|
- Call Stack (most recent call first):
|
|
|
- deps/curl/CMake/FindMbedTLS.cmake:31 (find_package_handle_standard_args)
|
|
|
- deps/curl/CMakeLists.txt:473 (find_package)
|
|
|
- This warning is for project developers. Use -Wno-dev to suppress it.
|
|
|
+ When built without DNS-over-HTTP and without asynchronous resolvers,
|
|
|
+ neither the dns nor the data parameters are used.
|
|
|
|
|
|
- Closes #8207
|
|
|
+ That is Curl_resolv_check appears to call
|
|
|
+ Curl_resolver_is_resolved(data, dns). But,
|
|
|
+ with CURL_DISABLE_DOH without CURLRES_ASYNCH, the call is actually
|
|
|
+ elided via a macro definition.
|
|
|
+
|
|
|
+ This fix resolves the resultant: "unused parameter 'data'" error.
|
|
|
+
|
|
|
+ Closes #8505
|
|
|
|
|
|
-- urlapi: if possible, shorten given numerical IPv6 addresses
|
|
|
+- http2: move two infof calls to debug-h2-only
|
|
|
|
|
|
- Extended test 1560 to verify
|
|
|
+ and remove a superflous one
|
|
|
|
|
|
- Closes #8206
|
|
|
+ Ref: https://github.com/curl/curl/discussions/8498
|
|
|
+ Closes #8502
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- [Jean-Philippe Menil brought this change]
|
|
|
|
|
|
- url: reduce ssl backend count for CURL_DISABLE_PROXY builds
|
|
|
+ quiche: fix upload for bigger content-length
|
|
|
|
|
|
- Closes #8212
|
|
|
+ Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
|
|
|
+ Closes #8421
|
|
|
|
|
|
-- KNOWN_BUGS: "Trying local ports fails on Windows"
|
|
|
+Jay Satiro (23 Feb 2022)
|
|
|
+- [Farzin brought this change]
|
|
|
+
|
|
|
+ CURLOPT_PROGRESSFUNCTION.3: fix example struct assignment
|
|
|
|
|
|
- Reported-by: gclinch on github
|
|
|
- Closes #8112
|
|
|
+ Closes https://github.com/curl/curl/pull/8500
|
|
|
|
|
|
-- misc: update copyright year range
|
|
|
+Daniel Stenberg (22 Feb 2022)
|
|
|
+- [Rob Boeckermann brought this change]
|
|
|
|
|
|
-- zuul: remove the wolfssl even more
|
|
|
+ OS400/README: clarify compilation steps
|
|
|
|
|
|
- Follow-up to 1914465cf180d32b3d
|
|
|
+ Closes #8494
|
|
|
|
|
|
-- examples/multi-single.c: remove WAITMS()
|
|
|
+- [Rob Boeckermann brought this change]
|
|
|
+
|
|
|
+ OS400: fix typos in rpg include file
|
|
|
|
|
|
- As it isn't used.
|
|
|
+ This resolves issues compiling rpg code that includes the curl header
|
|
|
+ file.
|
|
|
|
|
|
- Reported-by: Melroy van den Berg
|
|
|
- Fixes #8200
|
|
|
- Closes #8201
|
|
|
+ Closes #8494
|
|
|
|
|
|
-- gtls: add gnutls include for the session type
|
|
|
-
|
|
|
- Follow-up to 8fbd6feddfa5 to make it build more universally
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
-- m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
|
|
|
+ vtls: fix socket check conditions
|
|
|
|
|
|
- To hush compiler warnings we don't care for: error: address of function
|
|
|
- 'X' will always evaluate to 'true'
|
|
|
+ fix condition to check the second socket during associate and
|
|
|
+ disassociate connection
|
|
|
|
|
|
- Fixes #8197
|
|
|
- Closes #8198
|
|
|
+ Closes #8493
|
|
|
|
|
|
-- http_proxy: don't close the socket (too early)
|
|
|
+- libssh2: don't typecast socket to int for libssh2_session_handshake
|
|
|
|
|
|
- ... and double-check in the OpenSSL shutdown that the socket is actually
|
|
|
- still there before it is used.
|
|
|
+ Since libssh2_socket_t uses SOCKET on windows which can be larger than
|
|
|
+ int.
|
|
|
|
|
|
- Fixes #8193
|
|
|
- Closes #8195
|
|
|
+ Closes #8492
|
|
|
+
|
|
|
+- RELEASE-NOTES: fix typo and make one desc shorter
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- CURLOPT_XFERINFOFUNCTION.3: fix typo in example
|
|
|
|
|
|
- Reported-by: Leszek Kubik
|
|
|
+ Reported-by: coralw on github
|
|
|
+ Fixes #8487
|
|
|
+ Closes #8488
|
|
|
|
|
|
-- ngtcp2: verify the server certificate for the gnutls case
|
|
|
+- README: disable linkchecks for the sponsor links
|
|
|
|
|
|
- Closes #8178
|
|
|
+ Closes #8489
|
|
|
|
|
|
-- ngtcp2: verify the server cert on connect (quictls)
|
|
|
+Jay Satiro (21 Feb 2022)
|
|
|
+- openssl: check if sessionid flag is enabled before retrieving session
|
|
|
|
|
|
- Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and
|
|
|
- `CURLOPT_SSL_VERIFYHOST`.
|
|
|
+ Ideally, Curl_ssl_getsessionid should not be called unless sessionid
|
|
|
+ caching is enabled. There is a debug assertion in the function to help
|
|
|
+ ensure that. Therefore, the pattern in all vtls is basically:
|
|
|
|
|
|
- The name check now uses a function from lib/vtls/openssl.c which will
|
|
|
- need attention for when TLS is not done by OpenSSL or is disabled while
|
|
|
- QUIC is enabled.
|
|
|
+ if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();}
|
|
|
|
|
|
- Possibly the servercert() function in openssl.c should be adjusted to be
|
|
|
- able to use for both regular TLS and QUIC.
|
|
|
+ There was one instance in openssl.c where sessionid was not checked
|
|
|
+ beforehand and this change fixes that.
|
|
|
|
|
|
- Ref: #8173
|
|
|
- Closes #8178
|
|
|
+ Prior to this change an assertion would occur in openssl debug builds
|
|
|
+ during connection stage if session caching was disabled.
|
|
|
+
|
|
|
+ Reported-by: Jim Beveridge
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/8472
|
|
|
+ Closes https://github.com/curl/curl/pull/8484
|
|
|
|
|
|
-- zuul: remove the wolfssl build
|
|
|
+- multi: allow user callbacks to call curl_multi_assign
|
|
|
+
|
|
|
+ Several years ago a change was made to block user callbacks from calling
|
|
|
+ back into the API when not supported (recursive calls). One of the calls
|
|
|
+ blocked was curl_multi_assign. Recently the blocking was extended to the
|
|
|
+ multi interface API, however curl_multi_assign may need to be called
|
|
|
+ from within those user callbacks (eg CURLMOPT_SOCKETFUNCTION).
|
|
|
+
|
|
|
+ I can't think of any callback where it would be unsafe to call
|
|
|
+ curl_multi_assign so I removed the restriction entirely.
|
|
|
+
|
|
|
+ Reported-by: Michael Wallner
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/commit/b46cfbc
|
|
|
+ Ref: https://github.com/curl/curl/commit/340bb19
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/8480
|
|
|
+ Closes https://github.com/curl/curl/pull/8483
|
|
|
|
|
|
-- github workflow: add wolfssl
|
|
|
+Daniel Stenberg (21 Feb 2022)
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ ssl: reduce allocated space for ssl backend when FTP is disabled
|
|
|
|
|
|
- Closes #8196
|
|
|
+ Add assert() for the backend pointer in many places
|
|
|
+
|
|
|
+ Closes #8471
|
|
|
|
|
|
-- [Nicolas Sterchele brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- zuul: fix quiche build pointing to wrong Cargo
|
|
|
+ checkprefix: remove strlen calls
|
|
|
|
|
|
- Fixes #8184
|
|
|
- Closes #8189
|
|
|
+ Closes #8481
|
|
|
|
|
|
-- checksrc: detect more kinds of NULL comparisons we avoid
|
|
|
+Jay Satiro (20 Feb 2022)
|
|
|
+- [1337vt brought this change]
|
|
|
+
|
|
|
+ curl.h: fix typo
|
|
|
|
|
|
- Co-authored-by: Jay Satiro
|
|
|
- Closes #8180
|
|
|
+ Closes https://github.com/curl/curl/pull/8482
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Jan Venekamp brought this change]
|
|
|
|
|
|
-- mesalink: remove the BACKEND define kludge
|
|
|
+ sectransp: mark a 3DES cipher as weak
|
|
|
|
|
|
- Closes #8183
|
|
|
+ - Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak.
|
|
|
+
|
|
|
+ All other 3DES ciphers are already marked as weak.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8479
|
|
|
|
|
|
-- schannel: remove the BACKEND define kludge
|
|
|
+- [Jan Venekamp brought this change]
|
|
|
+
|
|
|
+ bearssl: fix EXC_BAD_ACCESS on incomplete CA cert
|
|
|
|
|
|
- Closes #8182
|
|
|
+ - Do not create trust anchor object for a CA certificate until after it
|
|
|
+ is processed.
|
|
|
+
|
|
|
+ Prior to this change the object was created at state BR_PEM_BEGIN_OBJ
|
|
|
+ (certificate processing begin state). An incomplete certificate (for
|
|
|
+ example missing a newline at the end) never reaches BR_PEM_END_OBJ
|
|
|
+ (certificate processing end state) and therefore the trust anchor data
|
|
|
+ was not set in those objects, which caused EXC_BAD_ACCESS.
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/pull/8106
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8476
|
|
|
|
|
|
-- gtls: check return code for gnutls_alpn_set_protocols
|
|
|
+- [Jan Venekamp brought this change]
|
|
|
+
|
|
|
+ bearssl: fix connect error on expired cert and no verify
|
|
|
|
|
|
- Closes #8181
|
|
|
+ - When peer verification is disabled use the x509_decode engine instead
|
|
|
+ of the x509_minimal engine to parse and extract the public key from
|
|
|
+ the first cert of the chain.
|
|
|
+
|
|
|
+ Prior to this change in such a case no key was extracted and that caused
|
|
|
+ CURLE_SSL_CONNECT_ERROR. The x509_minimal engine will stop parsing if
|
|
|
+ any validity check fails but the x509_decode won't.
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/pull/8106
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8475
|
|
|
|
|
|
-- [Stefan Huber brought this change]
|
|
|
+- [Jan Venekamp brought this change]
|
|
|
|
|
|
- README: label the link to the support document
|
|
|
+ bearssl: fix session resumption (session id)
|
|
|
|
|
|
- Closes #8185
|
|
|
+ Prior to this change br_ssl_client_reset was mistakenly called with
|
|
|
+ resume_session param set to 0, which disabled session resumption.
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/pull/8106
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8474
|
|
|
|
|
|
-- docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
|
|
|
+Daniel Stenberg (18 Feb 2022)
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ openssl: fix build for version < 1.1.0
|
|
|
|
|
|
- Assisted-by: Matt Holt
|
|
|
+ Closes #8470
|
|
|
+
|
|
|
+- [Joel Depooter brought this change]
|
|
|
+
|
|
|
+ schannel: move the algIds array out of schannel.h
|
|
|
|
|
|
- Closes #8177
|
|
|
+ This array is only used by the SCHANNEL_CRED struct in the
|
|
|
+ schannel_acquire_credential_handle function. It can therefore be kept as
|
|
|
+ a local variable. This is a minor update to
|
|
|
+ bbb71507b7bab52002f9b1e0880bed6a32834511.
|
|
|
+
|
|
|
+ This change also updates the NUM_CIPHERS value to accurately count the
|
|
|
+ number of ciphers options listed in schannel.c, which is 47 instead of
|
|
|
+ 45. It is unlikely that anyone tries to set all 47 values, but if they
|
|
|
+ had tried, the last two would not have been set.
|
|
|
+
|
|
|
+ Closes #8469
|
|
|
|
|
|
-- libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
|
|
|
+- [Alejandro R. Sedeño brought this change]
|
|
|
+
|
|
|
+ configure.ac: use user-specified gssapi dir when using pkg-config
|
|
|
|
|
|
- Since 4a4b63daaa0
|
|
|
+ Using the system pkg-config path in the face of a user-specified
|
|
|
+ library path is asking to link the wrong library.
|
|
|
+
|
|
|
+ Reported-by: Michael Kaufmann
|
|
|
+ Fixes #8289
|
|
|
+ Closes #8456
|
|
|
|
|
|
-- [Vladimir Panteleev brought this change]
|
|
|
+- [Kevin Adler brought this change]
|
|
|
|
|
|
- tests: Add test for CURLOPT_HTTP200ALIASES
|
|
|
+ os400: Add link to QADRT devkit to README.OS400
|
|
|
+
|
|
|
+ Closes #8455
|
|
|
|
|
|
-- [Vladimir Panteleev brought this change]
|
|
|
+- [Kevin Adler brought this change]
|
|
|
|
|
|
- http: Fix CURLOPT_HTTP200ALIASES
|
|
|
+ os400: Add function wrapper for system command
|
|
|
|
|
|
- The httpcode < 100 check was also triggered when none of the fields were
|
|
|
- parsed, thus making the if(!nc) block unreachable.
|
|
|
+ The wrapper will exit if the system command failed instead of blindly
|
|
|
+ continuing on.
|
|
|
|
|
|
- Closes #8171
|
|
|
+ In addition, only copy docs which exist, since now the copy failure will
|
|
|
+ cause the build to stop.
|
|
|
+
|
|
|
+ Closes #8455
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Kevin Adler brought this change]
|
|
|
|
|
|
-- language: "email"
|
|
|
+ os400: Default build to target current release
|
|
|
|
|
|
- Missed three occurrences.
|
|
|
+ V6R1M0 is not available as a target release since IBM i 7.2. To keep
|
|
|
+ from having to keep this up to date in git, default to the current
|
|
|
+ release. Users can configure this to whatever release they want to
|
|
|
+ actually build for.
|
|
|
|
|
|
- Follow-up to 7a92f86
|
|
|
+ Closes #8455
|
|
|
|
|
|
-- nss:set_cipher don't clobber the cipher list
|
|
|
+- docs/INTERNALS.md: clean up, refer to the book
|
|
|
|
|
|
- The string is set by the user and needs to remain intact for proper
|
|
|
- connection reuse etc.
|
|
|
+ The explanatory parts are now in the everything curl book (which can
|
|
|
+ also use images etc). This document now refers to that resource and only
|
|
|
+ leaves listings of supported versions of libs, tools and operating
|
|
|
+ systems. See https://everything.curl.dev/internals
|
|
|
|
|
|
- Reported-by: Eric Musser
|
|
|
- Fixes #8160
|
|
|
- Closes #8161
|
|
|
+ Closes #8467
|
|
|
|
|
|
-- misc: s/e-mail/email
|
|
|
+Marcel Raad (17 Feb 2022)
|
|
|
+- des: fix compile break for OpenSSL without DES
|
|
|
|
|
|
- Consistency is king. Following the lead in everything curl.
|
|
|
+ When `USE_OPENSSL` was defined but OpenSSL had no DES support and a
|
|
|
+ different crypto library was used for that, `Curl_des_set_odd_parity`
|
|
|
+ was called but not defined. This could for example happen on Windows
|
|
|
+ and macOS when using OpenSSL v3 with deprecated features disabled.
|
|
|
|
|
|
- Closes #8159
|
|
|
+ Use the same condition for the function definition as used at the
|
|
|
+ caller side, but leaving out the OpenSSL part to avoid including
|
|
|
+ OpenSSL headers.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8459
|
|
|
|
|
|
-- [Tobias Nießen brought this change]
|
|
|
+Daniel Stenberg (17 Feb 2022)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- docs: fix typo in OpenSSL 3 build instructions
|
|
|
+- docs/DEPRECATE: remove NPN support in August 2022
|
|
|
|
|
|
- Closes #8162
|
|
|
+ Closes #8458
|
|
|
|
|
|
-- linkcheck.yml: add CI job that checks markdown links
|
|
|
+- ftp: provide error message for control bytes in path
|
|
|
|
|
|
- Closes #8158
|
|
|
-
|
|
|
-- RELEASE-PROCEDURE.md: remove ICAL link and old release dates
|
|
|
+ Closes #8460
|
|
|
|
|
|
-- BINDINGS.md: "markdown-link-check-disable"
|
|
|
+- http: fix "unused parameter ‘conn’" warning
|
|
|
|
|
|
- It feels a bit unfortunate to litter an ugly tag for this functionality,
|
|
|
- but if we get link scans of all markdown files, this might be worth the
|
|
|
- price.
|
|
|
+ Follow-up from 7d600ad1c395
|
|
|
+
|
|
|
+ Spotted on appveyor
|
|
|
+
|
|
|
+ Closes #8465
|
|
|
|
|
|
-- docs: fix dead links, remove ECH.md
|
|
|
+Jay Satiro (17 Feb 2022)
|
|
|
+- [Alejandro R. Sedeño brought this change]
|
|
|
|
|
|
-Jay Satiro (16 Dec 2021)
|
|
|
-- openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
|
|
|
+ sha256: Fix minimum OpenSSL version
|
|
|
|
|
|
- Prior to this change OpenSSL_version was only detected in configure
|
|
|
- builds. For other builds the old version parsing code was used which
|
|
|
- would result in incorrect versioning for OpenSSL 3:
|
|
|
+ - Change the minimum OpenSSL version for using their SHA256
|
|
|
+ implementation from 0.9.7 to 0.9.8.
|
|
|
|
|
|
- Before:
|
|
|
+ EVP_sha256() does not appear in the OpenSSL source before 0.9.7h, and
|
|
|
+ does not get built by default until 0.9.8, so trying to use it for all
|
|
|
+ 0.9.7 is wrong, and before 0.9.8 is unreliable.
|
|
|
|
|
|
- curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
|
|
|
- WinIDN libssh2/1.9.0
|
|
|
+ Closes https://github.com/curl/curl/pull/8464
|
|
|
+
|
|
|
+Daniel Stenberg (16 Feb 2022)
|
|
|
+- KNOWN_BUGS: remove "slow connect to localhost on Windows"
|
|
|
|
|
|
- After:
|
|
|
+ localhost is not resolved anymore since 1a0ebf6632f88
|
|
|
+
|
|
|
+- KNOWN_BUGS: remove "HTTP/3 download is 5x times slower than HTTP/2"
|
|
|
|
|
|
- curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
|
|
|
- WinIDN libssh2/1.9.0
|
|
|
+ It's not actually a bug. More like room for improvement.
|
|
|
+
|
|
|
+- KNOWN_BUGS: remove "HTTP/3 download with quiche halts after a while"
|
|
|
|
|
|
- Reported-by: lllaffer@users.noreply.github.com
|
|
|
-
|
|
|
- Fixes https://github.com/curl/curl/issues/8154
|
|
|
- Closes https://github.com/curl/curl/pull/8155
|
|
|
+ Follow-up to 96f85a0fef694
|
|
|
|
|
|
-Daniel Stenberg (16 Dec 2021)
|
|
|
-- [James Fuller brought this change]
|
|
|
-
|
|
|
- docs: add known bugs list to HTTP3.md
|
|
|
+- KNOWN_BUGS: remove "pulseUI vpn" as a problem
|
|
|
|
|
|
- Closes #8156
|
|
|
-
|
|
|
-Dan Fandrich (15 Dec 2021)
|
|
|
-- BINDINGS: add one from Everything curl and update a link
|
|
|
+ We haven't heard about this for a long time and rumours have it they
|
|
|
+ might have fixed it.
|
|
|
|
|
|
-- libcurl-security.3: mention address and URL mitigations
|
|
|
+- urldata: remove conn->bits.user_passwd
|
|
|
|
|
|
- The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
|
|
|
- addresses.
|
|
|
- Using the curl_url API is a way to mitigate against attacks relying on
|
|
|
- URL parsing differences.
|
|
|
+ The authentication status should be told by the transfer and not the
|
|
|
+ connection.
|
|
|
+
|
|
|
+ Reported-by: John H. Ayad
|
|
|
+ Fixes #8449
|
|
|
+ Closes #8451
|
|
|
|
|
|
-Daniel Stenberg (15 Dec 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Kevin Adler brought this change]
|
|
|
|
|
|
-- x509asn1: return early on errors
|
|
|
+ gskit: Convert to using Curl_poll
|
|
|
|
|
|
- Overhaul to make sure functions that detect errors bail out early with
|
|
|
- error rather than trying to continue and risk hiding the problem.
|
|
|
+ As mentioned in 32766cb, gskit was the last user of Curl_select which is
|
|
|
+ now gone. Convert to using Curl_poll to allow build to work on IBM i.
|
|
|
|
|
|
- Closes #8147
|
|
|
+ Closes #8454
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- [Kevin Adler brought this change]
|
|
|
|
|
|
- openldap: several minor improvements
|
|
|
+ gskit: Fix initialization of Curl_ssl_gskit struct
|
|
|
|
|
|
- - Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
|
|
|
- - Use dynamic memory for ldap_init_fd() URL rather than a
|
|
|
- stack-allocated buffer.
|
|
|
- - Never chase referrals: supporting it would require additional parallel
|
|
|
- connections and alternate authentication credentials.
|
|
|
- - Do not wait 1 microsecond while polling/reading query response data.
|
|
|
- - Store last received server code for retrieval with CURLINFO_RESPONSE_CODE.
|
|
|
+ In c30bf22, Curl_ssl_getsock was factored out in to a member of
|
|
|
+ struct Curl_ssl but the gskit initialization was not updated to reflect
|
|
|
+ this new member.
|
|
|
|
|
|
- Closes #8140
|
|
|
+ Closes #8454
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- [Kevin Adler brought this change]
|
|
|
|
|
|
- misc: remove unused doh flags when CURL_DISABLE_DOH is defined
|
|
|
+ gskit: Fix errors from Curl_strerror refactor
|
|
|
|
|
|
- Closes #8148
|
|
|
-
|
|
|
-- mbedtls: fix CURLOPT_SSLCERT_BLOB
|
|
|
+ 2f0bb864c1 replaced sterror with Curl_strerror, but the strerror buffer
|
|
|
+ shadows the set_buffer "buffer" parameter. To keep consistency with the
|
|
|
+ other functions that use Curl_strerror, rename the parameter.
|
|
|
|
|
|
- The memory passed to mbedTLS for this needs to be null terminated.
|
|
|
+ In addition, strerror.h is needed for the definition of STRERROR_LEN.
|
|
|
|
|
|
- Reported-by: Florian Van Heghe
|
|
|
- Closes #8146
|
|
|
+ Closes #8454
|
|
|
|
|
|
-- asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
|
|
|
+Marcel Raad (15 Feb 2022)
|
|
|
+- ntlm: remove unused feature defines
|
|
|
|
|
|
- Closes #8142
|
|
|
-
|
|
|
-- mailmap: add Yongkang Huang
|
|
|
+ They're not used anymore and always supported.
|
|
|
|
|
|
- From #8141
|
|
|
+ Closes https://github.com/curl/curl/pull/8453
|
|
|
|
|
|
-- [Yongkang Huang brought this change]
|
|
|
-
|
|
|
- check ssl_config when re-use proxy connection
|
|
|
+Daniel Stenberg (15 Feb 2022)
|
|
|
+- [Kantanat Wannapaka brought this change]
|
|
|
|
|
|
-- mbedtls: do a separate malloc for ca_info_blob
|
|
|
+ README.md: fix link and layout
|
|
|
|
|
|
- Since the mbedTLS API requires the data to the null terminated.
|
|
|
-
|
|
|
- Follow-up to 456c53730d21b1fad0c7f72c1817
|
|
|
+ replace <a></a> tags and <img></img> tags
|
|
|
|
|
|
- Fixes #8139
|
|
|
- Closes #8145
|
|
|
+ Closes #8448
|
|
|
|
|
|
-Marc Hoersken (14 Dec 2021)
|
|
|
-- CI: build examples for additional code verification
|
|
|
-
|
|
|
- Some CIs already build them, let's do it on more of them.
|
|
|
-
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
-
|
|
|
- Follow up to #7690 and 77311f420a541a0de5b3014e0e40ff8b4205d4af
|
|
|
- Replaces #7591
|
|
|
- Closes #7922
|
|
|
+- KNOWN_BUGS: fix typo "libpsl"
|
|
|
|
|
|
-- docs/examples: workaround broken -Wno-pedantic-ms-format
|
|
|
+Jay Satiro (14 Feb 2022)
|
|
|
+- h2h3: fix compiler warning due to function prototype mismatch
|
|
|
|
|
|
- Avoid CURL_FORMAT_CURL_OFF_T by using unsigned long instead.
|
|
|
- Improve size_t to long conversion in imap-append.c example.
|
|
|
+ - Add missing const qualifier in Curl_pseudo_headers declaration.
|
|
|
+
|
|
|
+Daniel Stenberg (14 Feb 2022)
|
|
|
+- [Stefan Eissing brought this change]
|
|
|
+
|
|
|
+ urlapi: handle "redirects" smarter
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/6079
|
|
|
- Ref: https://github.com/curl/curl/pull/6082
|
|
|
- Assisted-by: Jay Satiro
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ - avoid one malloc when setting a new url via curl_url_set()
|
|
|
+ and CURLUPART_URL.
|
|
|
+ - extract common pattern into a new static function.
|
|
|
|
|
|
- Preparation of #7922
|
|
|
+ Closes #8450
|
|
|
|
|
|
-- tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
|
|
|
-
|
|
|
- Ref: https://www.msys2.org/wiki/Porting/#filesystem-namespaces
|
|
|
+- cijobs: pick up circleci configure lines better
|
|
|
+
|
|
|
+- circleci: add a job using wolfSSH
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
+ Build only, no tests.
|
|
|
|
|
|
- Fixes #8084
|
|
|
- Closes #8138
|
|
|
+ Closes #8445
|
|
|
|
|
|
-Daniel Stenberg (13 Dec 2021)
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- scripts/ciconfig.pl: show used options not available
|
|
|
|
|
|
- openldap: simplify ldif generation code
|
|
|
+- circleci: add a job using libssh
|
|
|
|
|
|
- and take care of zero-length values, avoiding conversion to base64
|
|
|
- and/or trailing spaces.
|
|
|
+ Closes #8444
|
|
|
+
|
|
|
+- runtests: set 'oldlibssh' for libssh versions before 0.9.6
|
|
|
|
|
|
- Closes #8136
|
|
|
+ ... and make test 1459 check for the different return code then.
|
|
|
+
|
|
|
+ Closes #8444
|
|
|
|
|
|
-- example/progressfunc: remove code for old libcurls
|
|
|
+Jay Satiro (13 Feb 2022)
|
|
|
+- Makefile.am: Generate VS 2022 projects
|
|
|
|
|
|
- 7.61.0 is over three years old now, remove all #ifdefs for handling
|
|
|
- ancient libcurl versions so that the example gets easier to read and
|
|
|
- understand
|
|
|
+ Follow-up to f13d4d0 which added VS 2022 project support.
|
|
|
|
|
|
- Closes #8137
|
|
|
+ Ref: https://github.com/curl/curl/pull/8438
|
|
|
|
|
|
-- [x2018 brought this change]
|
|
|
+- [Daniel Stenberg brought this change]
|
|
|
|
|
|
- sha256/md5: return errors when init fails
|
|
|
+ projects: remove support for MSVC before VC10 (Visual Studio 2010)
|
|
|
|
|
|
- Closes #8133
|
|
|
+ - Remove Visual Studio project files for VC6, VC7, VC7.1, VC8 and VC9.
|
|
|
+
|
|
|
+ Those versions are too old to be maintained any longer.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8442
|
|
|
|
|
|
-- TODO: 13.3 Defeat TLS fingerprinting
|
|
|
+- [Stav Nir brought this change]
|
|
|
+
|
|
|
+ projects: add support for Visual Studio 17 (2022)
|
|
|
|
|
|
- Closes #8119
|
|
|
+ Closes https://github.com/curl/curl/pull/8438
|
|
|
|
|
|
+Daniel Stenberg (13 Feb 2022)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- connect: follow-up fix the copyright year
|
|
|
|
|
|
- openldap: process search query response messages one by one
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ misc: remove unused data when IPv6 is not supported
|
|
|
|
|
|
- Upon receiving large result sets, this reduces memory consumption and
|
|
|
- allows starting to output results while the transfer is still in
|
|
|
- progress.
|
|
|
+ Closes #8430
|
|
|
+
|
|
|
+- scripts/ciconfig: show CI job config info
|
|
|
|
|
|
- Closes #8101
|
|
|
+ Closes #8446
|
|
|
|
|
|
-- hash: lazy-alloc the table in Curl_hash_add()
|
|
|
+- quiche: handle stream reset
|
|
|
|
|
|
- This makes Curl_hash_init() infallible which saves error paths.
|
|
|
+ A stream reset now causes a CURLE_PARTIAL_FILE error. I'm not convinced
|
|
|
+ this is the right action nor the right error code.
|
|
|
|
|
|
- Closes #8132
|
|
|
+ Reported-by: Lucas Pardue
|
|
|
+ Fixes #8437
|
|
|
+ Closes #8440
|
|
|
|
|
|
-- multi: cleanup the socket hash when destroying it
|
|
|
+- mime: use a define instead of the magic number 24
|
|
|
|
|
|
- Since each socket hash entry may themselves have a hash table in them,
|
|
|
- the destroying of the socket hash needs to make sure all the subhashes
|
|
|
- are also correctly destroyed to avoid leaking memory.
|
|
|
+ MIME_BOUNDARY_DASHES is now the number of leading dashes in the
|
|
|
+ generated boundary string.
|
|
|
|
|
|
- Fixes #8129
|
|
|
- Closes #8131
|
|
|
+ Closes #8441
|
|
|
|
|
|
-- test1156: fixup the stdout check for Windows
|
|
|
-
|
|
|
- It is not text mode.
|
|
|
+- [Henrik Holst brought this change]
|
|
|
+
|
|
|
+ hostcheck: reduce strlen calls on chained certificates
|
|
|
|
|
|
- Follow-up to 6f73e68d182
|
|
|
+ Closes #8428
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ mime: some more strlen() call removals.
|
|
|
|
|
|
- Closes #8134
|
|
|
+ Closes #8423
|
|
|
|
|
|
-- test1528: enable for hyper
|
|
|
+- scripts/cijobs.pl: detect zuul cmake jobs better
|
|
|
+
|
|
|
+- url: exclude zonefrom_url when no ipv6 is available
|
|
|
|
|
|
- Closes #8128
|
|
|
+ Closes #8439
|
|
|
|
|
|
-- test1527: enable for hyper
|
|
|
+- if2ip: make Curl_ipv6_scope a blank macro when IPv6-disabled
|
|
|
|
|
|
- Closes #8128
|
|
|
+ Closes #8439
|
|
|
|
|
|
-- test1526: enable for hyper
|
|
|
+- [Henrik Holst brought this change]
|
|
|
+
|
|
|
+ mprintf: remove strlen calls on empty strings in dprintf_formatf
|
|
|
|
|
|
- Closes #8128
|
|
|
+ Turns out that in dprintf_formatf we did a strlen on empty strings, a
|
|
|
+ bit strange is how common this actually is, 24 alone when doing a simple
|
|
|
+ GET from https://curl.se
|
|
|
+
|
|
|
+ Closes #8427
|
|
|
|
|
|
-- test1525: slightly tweaked for hyper
|
|
|
+- wolfssl: return CURLE_AGAIN for the SSL_ERROR_NONE case
|
|
|
|
|
|
- Closes #8128
|
|
|
+ Closes #8431
|
|
|
|
|
|
-- test1156: enable for hyper
|
|
|
+- wolfssl: when SSL_read() returns zero, check the error
|
|
|
|
|
|
- Minor reorg of the lib1156 code and it works fine for hyper.
|
|
|
+ Returning zero indicates end of connection, so if there's no data read
|
|
|
+ but the connection is alive, it needs to return -1 with CURLE_AGAIN.
|
|
|
|
|
|
- Closes #8127
|
|
|
+ Closes #8431
|
|
|
|
|
|
-- test661: enable for hyper
|
|
|
+- quiche: after leaving h3_recving state, poll again
|
|
|
|
|
|
- Closes #8126
|
|
|
+ This could otherwise easily leave libcurl "hanging" after the entire
|
|
|
+ transfer is done but without noticing the end-of-transfer signal.
|
|
|
+
|
|
|
+ Assisted-by: Lucas Pardue
|
|
|
+ Closes #8436
|
|
|
|
|
|
-- docs: fix proselint nits
|
|
|
+- quiche: when *recv_body() returns data, drain it before polling again
|
|
|
|
|
|
- - remove a lot of exclamation marks
|
|
|
- - use consistent spaces (1, not 2)
|
|
|
- - use better words at some places
|
|
|
+ Assisted-by: Lucas Pardue
|
|
|
|
|
|
- Closes #8123
|
|
|
+ Closes #8429
|
|
|
|
|
|
-- [RekGRpth brought this change]
|
|
|
+- [gaoxingwang on github brought this change]
|
|
|
|
|
|
- BINDINGS.md: add cURL client for PostgreSQL
|
|
|
+ configure: fix '--enable-code-coverage' typo
|
|
|
|
|
|
- Closes #8125
|
|
|
-
|
|
|
-- [RekGRpth brought this change]
|
|
|
+ Fixes #8425
|
|
|
+ Closes #8426
|
|
|
|
|
|
- CURLSHOPT_USERDATA.3: fix copy-paste mistake
|
|
|
+- lib/h2h3: #ifdef on ENABLE_QUIC, not the wrong define
|
|
|
|
|
|
- Closes #8124
|
|
|
+ Otherwise the build fails when H3 is enabled but the build doesn't
|
|
|
+ include nghttp2.
|
|
|
+
|
|
|
+ Closes #8424
|
|
|
|
|
|
-- docs: fix minor nroff format nits
|
|
|
+- hostcheck: pass in pattern length too, to avoid a strlen call
|
|
|
|
|
|
- Repairs test 1140
|
|
|
+ Removes one strlen() call per SAN name in a cert-check.
|
|
|
|
|
|
- Follow-up to 436cdf82041
|
|
|
+ Closes #8418
|
|
|
|
|
|
-- docs/URL-SYNTAX.md: space is not fine in a given URL
|
|
|
+- [Henrik Holst brought this change]
|
|
|
|
|
|
-- curl_multi_perform/socket_action.3: clarify what errors mean
|
|
|
+ misc: remove strlen for Curl_checkheaders + Curl_checkProxyheaders
|
|
|
|
|
|
- An error returned from one of these funtions mean that ALL still ongoing
|
|
|
- transfers are to be considered failed.
|
|
|
-
|
|
|
- Ref: #8114
|
|
|
- Closes #8120
|
|
|
+ Closes #8409
|
|
|
|
|
|
-- libcurl-errors.3: add CURLM_ABORTED_BY_CALLBACK
|
|
|
+- configure: requires --with-nss-deprecated to build with NSS
|
|
|
|
|
|
- Follow-up to #8089 (2b3dd01)
|
|
|
+ Add deprecation plans to docs/DEPRECATE.md
|
|
|
|
|
|
- Closes #8116
|
|
|
+ Closes #8395
|
|
|
|
|
|
-- hash: add asserts to help detect bad usage
|
|
|
+- mqtt: free 'sendleftovers' in disconnect
|
|
|
|
|
|
- For example trying to add entries after the hash has been "cleaned up"
|
|
|
+ Fix a memory-leak
|
|
|
|
|
|
- Closes #8115
|
|
|
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43646
|
|
|
+ Closes #8415
|
|
|
|
|
|
-- lib530: abort on curl_multi errors
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ openldap: pass string length arguments to client_write()
|
|
|
|
|
|
- This makes torture tests run more proper.
|
|
|
+ This uses the new STRCONST() macro and saves 2 strlen() calls on short
|
|
|
+ string constants per LDIF output line.
|
|
|
|
|
|
- Also add an assert to trap situations where it would end up with no
|
|
|
- sockets to wait for.
|
|
|
+ Closes #8404
|
|
|
+
|
|
|
+- [Henrik Holst brought this change]
|
|
|
+
|
|
|
+ misc: reduce strlen() calls with Curl_dyn_add()
|
|
|
|
|
|
- Closes #8121
|
|
|
+ Use STRCONST() to switch from Curl_dyn_add() to Curl_dyn_addn() for
|
|
|
+ string literals.
|
|
|
+
|
|
|
+ Closes #8398
|
|
|
|
|
|
-- FAQ: we never pronounced it "see URL", we say "kurl"
|
|
|
+- http2: fix the array copy to nghttp2_nv
|
|
|
+
|
|
|
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44517
|
|
|
+ Follow-up to 9f985a11e794
|
|
|
+ Closes #8414
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- CURLOPT_RESOLVE.3: minor polish
|
|
|
+- scripts/cijobs.pl: output data about all currect CI jobs
|
|
|
|
|
|
- Minor rephrasing for some explanations.
|
|
|
+ This script parses the config files for all the CI services currently in
|
|
|
+ use and output the information in a uniform way. The idea is that the
|
|
|
+ output from this script should be possible to massage into informational
|
|
|
+ tables or graphs to help us visualize what they are all testing and NOT
|
|
|
+ testing.
|
|
|
|
|
|
- Put the format strings in stand-alone lines with .nf/.fi to be easier to spot.
|
|
|
+ Closes #8408
|
|
|
+
|
|
|
+- maketgz: return error if 'make dist' fails
|
|
|
|
|
|
- Move "added in" to AVAILABILITY
|
|
|
+ To better detect this problem in CI jobs
|
|
|
|
|
|
- Closed #8110
|
|
|
+ Reported-by: Marcel Raad
|
|
|
+ Bug: https://curl.se/mail/lib-2022-02/0070.html
|
|
|
+ Closes #8402
|
|
|
|
|
|
-- test1556: adjust for hyper
|
|
|
+- h2h3: pass correct argument types to infof()
|
|
|
|
|
|
- Closes #8105
|
|
|
+ Detected by Coverity. CID 1497993
|
|
|
+
|
|
|
+ Closes #8401
|
|
|
|
|
|
-- test1554: adjust for hyper
|
|
|
+- lib/Makefile: remove config-tpf.h from the dist
|
|
|
|
|
|
- Closes #8104
|
|
|
+ Follow-up from da15443dddea2bfb. Missed before because the 'distcheck'
|
|
|
+ CI job was not working as intended.
|
|
|
+
|
|
|
+ Reported-by: Marcel Raad
|
|
|
+ Bug: https://curl.se/mail/lib-2022-02/0070.html
|
|
|
+ Closes #8403
|
|
|
|
|
|
-- retry-all-errors.d: make the example complete
|
|
|
+- configure: remove support for "embedded ares"
|
|
|
|
|
|
- ... as it needs --retry too to work
|
|
|
+ In March 2010 (commit 4259d2df7dd) we removed the embedded 'ares'
|
|
|
+ directory from the curl source tree but we have since supported
|
|
|
+ especially detecting and using that build directory. The time has come
|
|
|
+ to remove that kludge and ask users to specify the c-ares dir correctly
|
|
|
+ with --enable-ares.
|
|
|
+
|
|
|
+ Closes #8397
|
|
|
|
|
|
-- TODO: 5.7 Require HTTP version X or higher
|
|
|
+- [Sebastian Sterk brought this change]
|
|
|
+
|
|
|
+ github/workflows/mbedtls: fix indent & remove unnecessary line breaks
|
|
|
|
|
|
- Closes #7980
|
|
|
+ Closes #8399
|
|
|
|
|
|
-- CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
|
|
|
+- CI: move the NSS job from zuul to GHA
|
|
|
|
|
|
- This is the exact same limitation already documented for
|
|
|
- CURLOPT_WRITEDATA but should be clarified here. It also has a different
|
|
|
- work-around.
|
|
|
+ Closes #8396
|
|
|
+
|
|
|
+- tests/unit/Makefile.am: add NSS_LIBS to build with NSS fine
|
|
|
|
|
|
- Reported-by: Stephane Pellegrino
|
|
|
- Bug: https://github.com/curl/curl/issues/8102
|
|
|
- Closes #8103
|
|
|
+ Closes #8396
|
|
|
|
|
|
-- multi: handle errors returned from socket/timer callbacks
|
|
|
+Marcel Raad (7 Feb 2022)
|
|
|
+- curl-openssl: fix SRP check for OpenSSL 3.0
|
|
|
|
|
|
- The callbacks were partially documented to support this. Now the
|
|
|
- behavior is documented and returning error from either of these
|
|
|
- callbacks will effectively kill all currently ongoing transfers.
|
|
|
+ When OpenSSL 3.0 is built with `--api=3.0` and `no-deprecated`, the SRP
|
|
|
+ functions exist in the library, but are disabled for user code. Check
|
|
|
+ if they are actually usable instead of only if they exist. Also, check
|
|
|
+ for the functions actually required for TLS-SRP.
|
|
|
|
|
|
- Added test 530 to verify
|
|
|
+ TLS-SRP support is still enabled if OpenSSL is configured with just
|
|
|
+ `--api=3.0` or with `--api=1.1.1 no-deprecated`.
|
|
|
|
|
|
- Reported-by: Marcelo Juchem
|
|
|
- Fixes #8083
|
|
|
- Closes #8089
|
|
|
+ Closes https://github.com/curl/curl/pull/8394
|
|
|
|
|
|
-- http2:set_transfer_url() return early on OOM
|
|
|
+Daniel Stenberg (7 Feb 2022)
|
|
|
+- [Henrik Holst brought this change]
|
|
|
+
|
|
|
+ http: make Curl_compareheader() take string length arguments too
|
|
|
|
|
|
- If curl_url() returns NULL this should return early to avoid mistakes -
|
|
|
- even if right now the subsequent function invokes are all OK.
|
|
|
+ Also add STRCONST, a macro that returns a string literal and it's length
|
|
|
+ for functions that take "string,len"
|
|
|
|
|
|
- Coverity (wrongly) pointed out this as a NULL deref.
|
|
|
+ Removes unnecesary calls to strlen().
|
|
|
|
|
|
- Closes #8100
|
|
|
+ Closes #8391
|
|
|
|
|
|
-- tool_parsecfg: use correct free() call to free memory
|
|
|
+- vquic/vquic.h: removed the unused H3 psuedo defines
|
|
|
+
|
|
|
+- ngtcp2: use Curl_pseudo_headers
|
|
|
+
|
|
|
+- quiche: use Curl_pseudo_headers
|
|
|
+
|
|
|
+- http2: use Curl_pseudo_headers
|
|
|
+
|
|
|
+- h2h3: added Curl_pseudo_headers()
|
|
|
|
|
|
- Detected by Coverity. CID 1494642.
|
|
|
- Follow-up from 2be1aa619bca
|
|
|
+ For use with both http2 and http3 requests.
|
|
|
+
|
|
|
+- ngtcp2/quiche: make :scheme possible to set
|
|
|
+
|
|
|
+- http2: allow CURLOPT_HTTPHEADER change ":scheme"
|
|
|
|
|
|
- Closes #8099
|
|
|
+ The only h2 psuedo header that wasn't previously possible to change by a
|
|
|
+ user. This change also makes it impossible to send a HTTP/1 header that
|
|
|
+ starts with a colon, which I don't think anyone does anyway.
|
|
|
+
|
|
|
+ The other pseudo headers are possible to change indirectly by doing the
|
|
|
+ rightly crafted request.
|
|
|
+
|
|
|
+ Reported-by: siddharthchhabrap on github
|
|
|
+ Fixes #8381
|
|
|
+ Closes #8393
|
|
|
|
|
|
-- tool_operate: fix potential memory-leak
|
|
|
+- h2/h3: provide and refer to pseudo headers as defines
|
|
|
|
|
|
- A 'CURLU *' would leak if url_proto() is called with no URL.
|
|
|
+ ... and do sizeof() on the defines to use constants better.
|
|
|
|
|
|
- Detected by Coverity. CID 1494643.
|
|
|
- Follow-up to 18270893abdb19
|
|
|
- Closes #8098
|
|
|
+ Closes #8389
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- openldap: implement STARTTLS
|
|
|
+ smb: passing a socket for writing and reading data instead of FIRSTSOCKET
|
|
|
|
|
|
- As this introduces use of CURLOPT_USE_SSL option for LDAP, also check
|
|
|
- this option in ldap.c as it is not supported by this backend.
|
|
|
+ Closes #8383
|
|
|
+
|
|
|
+- x509asn1: toggle off functions not needed for diff tls backends
|
|
|
|
|
|
- Closes #8065
|
|
|
+ ... and clean the header file from private defines/structs (move to C
|
|
|
+ file) and unused function prototypes.
|
|
|
+
|
|
|
+ Closes #8386
|
|
|
|
|
|
-- [Jun Tseng brought this change]
|
|
|
+- lib: move hostcheck and x509sn1 sources to vtls/
|
|
|
+
|
|
|
+ ... since they are used strictly by TLS code.
|
|
|
+
|
|
|
+ Closes #8386
|
|
|
|
|
|
- curl_easy_unescape.3: call curl_easy_cleanup in example
|
|
|
+Marcel Raad (4 Feb 2022)
|
|
|
+- version_win32: fix warning for `CURL_WINDOWS_APP`
|
|
|
|
|
|
- Closes #8097
|
|
|
+ The build version is not supported by the UWP code.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8385
|
|
|
|
|
|
-- [Jun Tseng brought this change]
|
|
|
+Daniel Stenberg (4 Feb 2022)
|
|
|
+- tests/disable-scan.pl: properly detect multiple symbols per line
|
|
|
+
|
|
|
+ Test 1165 would fail on some systems because it didn't detect
|
|
|
+ CURL_DISABLE_* symbols that were used to the right of another one on the
|
|
|
+ same line! The script would only detect and extract the first one.
|
|
|
+
|
|
|
+ Reported-by: Marcel Raad
|
|
|
+ Fixes #8384
|
|
|
+ Closes #8388
|
|
|
|
|
|
- curl_easy_escape.3: call curl_easy_cleanup in example
|
|
|
+Jay Satiro (4 Feb 2022)
|
|
|
+- config.d: Clarify _curlrc filename is still valid on Windows
|
|
|
|
|
|
- Closes #8097
|
|
|
+ Recent changes added support for filename .curlrc on Windows, and
|
|
|
+ when it's not found curl falls back on the original Windows filename
|
|
|
+ _curlrc. _curlrc was removed from the doc, however it is still valid.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8382
|
|
|
|
|
|
-- tool_listhelp: sync
|
|
|
+Daniel Stenberg (4 Feb 2022)
|
|
|
+- lib: remove support for CURL_DOES_CONVERSIONS
|
|
|
|
|
|
- Follow-up to 172068b76f
|
|
|
+ TPF was the only user and support for that was dropped.
|
|
|
+
|
|
|
+ Closes #8378
|
|
|
|
|
|
-- [Damien Walsh brought this change]
|
|
|
+- TPF: drop support
|
|
|
+
|
|
|
+ There has been no TPF related changes done since September 2010 (commit
|
|
|
+ 7e1a45e224e57) and since this is a platform that is relatively different
|
|
|
+ than many others (== needs attention), I draw the conclusion that this
|
|
|
+ build is broken since a long time.
|
|
|
+
|
|
|
+ Closes #8378
|
|
|
|
|
|
- request.d: refer to 'method' rather than 'command'
|
|
|
+- scripts/delta: check the file delta for current branch
|
|
|
|
|
|
- Closes #8094
|
|
|
+ ... also polish the output style a little bit
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+Jay Satiro (3 Feb 2022)
|
|
|
+- [Fabian Keil brought this change]
|
|
|
|
|
|
-- writeout: fix %{http_version} for HTTP/3
|
|
|
+ runtests.pl: tolerate test directories without Makefile.inc
|
|
|
|
|
|
- Output "3" properly when HTTP/3 was used.
|
|
|
+ Silences the following warnings when using a Makefile.inc-free
|
|
|
+ TESTDIR using the "-o" argument:
|
|
|
|
|
|
- Reported-by: Bernat Mut
|
|
|
- Fixes #8072
|
|
|
- Closes #8092
|
|
|
-
|
|
|
-- urlapi: accept port number zero
|
|
|
+ readline() on closed filehandle D at ./runtests.pl line 592.
|
|
|
+ Use of uninitialized value $disttests in pattern match (m//) at
|
|
|
+ ./runtests.pl line 3602.
|
|
|
|
|
|
- This is a regression since 7.62.0 (fb30ac5a2d).
|
|
|
+ Closes https://github.com/curl/curl/pull/8379
|
|
|
+
|
|
|
+Daniel Stenberg (3 Feb 2022)
|
|
|
+- [Henrik Holst brought this change]
|
|
|
+
|
|
|
+ setopt: do bounds-check before strdup
|
|
|
|
|
|
- Updated test 1560 accordingly
|
|
|
+ Curl_setstropt() allocated memory for the string before checking if the
|
|
|
+ string was within bounds. The bounds check should be done first.
|
|
|
|
|
|
- Reported-by: Brad Fitzpatrick
|
|
|
- Fixes #8090
|
|
|
- Closes #8091
|
|
|
+ Closes #8377
|
|
|
|
|
|
-- [Mark Dodgson brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- lift: ignore is a deprecated config option, use ignoreRules
|
|
|
+ mbedtls: enable use of mbedtls without filesystem functions support
|
|
|
|
|
|
- Closes #8082
|
|
|
+ Closes #8376
|
|
|
|
|
|
-- [Alessandro Ghedini brought this change]
|
|
|
+- [Bernhard Walle brought this change]
|
|
|
|
|
|
- HTTP3: update quiche build instructions
|
|
|
+ configure: support specification of a nghttp2 library path
|
|
|
|
|
|
- The repo repo was re-organized a bit, so the build instructions need to
|
|
|
- be updated.
|
|
|
+ This enables using --with-nghttp2=<dir> on systems without pkg-config.
|
|
|
|
|
|
- Closes #8076
|
|
|
+ Closes #8375
|
|
|
|
|
|
-- CURLMOPT_TIMERFUNCTION.3: call it expire time, not interval
|
|
|
+- scripts/release-notes.pl: remove leftover debug output
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- scripts/release-notes.pl: fix number extraction for full URLs
|
|
|
+
|
|
|
+- [Leah Neukirchen brought this change]
|
|
|
+
|
|
|
+ scripts/completion.pl: improve zsh completion
|
|
|
|
|
|
- Since we say it is a non-repating timer
|
|
|
+ - Detect all spellings of <file>, <file name> etc as well as <path>.
|
|
|
+ - Only complete directories for <dir>.
|
|
|
+ - Complete URLs for <URL>.
|
|
|
+ - Complete --request and --ftp-method.
|
|
|
+
|
|
|
+ Closes #8363
|
|
|
|
|
|
-- [Florian Van Heghe brought this change]
|
|
|
+- [Davide Cassioli brought this change]
|
|
|
|
|
|
- mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB
|
|
|
+ configure: use correct CFLAGS for threaded resolver with xlC on AIX
|
|
|
|
|
|
- Fixes #8079
|
|
|
- Closes #8081
|
|
|
+ Fixes #8276
|
|
|
+ Closes #8374
|
|
|
|
|
|
-Jay Satiro (2 Dec 2021)
|
|
|
-- [Wyatt O'Day brought this change]
|
|
|
+- mailmap: Henrik Holst
|
|
|
|
|
|
- version_win32: Check build number and platform id
|
|
|
+Jay Satiro (2 Feb 2022)
|
|
|
+- build: fix ngtcp2 crypto library detection
|
|
|
|
|
|
- Prior to this change the build number was not checked during version
|
|
|
- comparison, and the platform id was supposed to be checked but wasn't.
|
|
|
+ - Change library link check for ngtcp2_crypto_{gnutls,openssl} to
|
|
|
+ to use function ngtcp2_crypto_recv_client_initial_cb instead of
|
|
|
+ ngtcp2_crypto_ctx_initial.
|
|
|
|
|
|
- Checking the build number is required for enabling "evergreen"
|
|
|
- Windows 10/11 features (like TLS 1.3).
|
|
|
+ The latter function is no longer external since two days ago in
|
|
|
+ ngtcp2/ngtcp2@533451f. curl HTTP/3 CI builds have been failing since
|
|
|
+ then because they would not link to the ngtcp2 crypto library.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7784
|
|
|
+ Ref: https://github.com/ngtcp2/ngtcp2/pull/356
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7824
|
|
|
- Closes https://github.com/curl/curl/pull/7867
|
|
|
+ Closes https://github.com/curl/curl/pull/8372
|
|
|
|
|
|
-- libssh2: fix error message for sha256 mismatch
|
|
|
+- [Henrik Holst brought this change]
|
|
|
+
|
|
|
+ urlapi: remove an unnecessary call to strlen
|
|
|
|
|
|
- - On mismatch error show sha256 fingerprint in base64 format.
|
|
|
+ - Use strcpy instead of strlen+memcpy to copy the url path.
|
|
|
|
|
|
- Prior to this change the fingerprint was mistakenly printed in binary.
|
|
|
+ Ref: https://curl.se/mail/lib-2022-02/0006.html
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8370
|
|
|
|
|
|
-Daniel Stenberg (1 Dec 2021)
|
|
|
-- [x2018 brought this change]
|
|
|
+Daniel Stenberg (1 Feb 2022)
|
|
|
+- scripts/copyright.pl: fix for handling removed files better
|
|
|
|
|
|
- openssl: check the return value of BIO_new()
|
|
|
+- vxworks: drop support
|
|
|
|
|
|
- Closes #8078
|
|
|
+ No changes or fixes in vxworks related code since 2009 leads me to
|
|
|
+ believe that this doesn't work anymore.
|
|
|
+
|
|
|
+ Closes #8362
|
|
|
|
|
|
-Dan Fandrich (30 Nov 2021)
|
|
|
-- docs: Update the Reducing Size section
|
|
|
+- [Henrik Holst brought this change]
|
|
|
+
|
|
|
+ base64: remove an unnecessary call to strlen
|
|
|
|
|
|
- Add many more options that can reduce the size of the binary that were
|
|
|
- added since the last update. Update the sample minimal binary size for
|
|
|
- version 7.80.0.
|
|
|
+ Closes #8369
|
|
|
|
|
|
-- tests: Add some missing keywords to tests
|
|
|
+- tool_getparam: initial --json support
|
|
|
|
|
|
- These are needed to skip some tests when configure options have disabled
|
|
|
- certain features.
|
|
|
+ Adds these test cases:
|
|
|
+
|
|
|
+ 383 - simple single command line option
|
|
|
+ 384 - reading it from stdin
|
|
|
+ 385 - getting two --json options on command line
|
|
|
+ 386 - --next works after --json
|
|
|
+
|
|
|
+ Closes #8314
|
|
|
|
|
|
-Daniel Stenberg (30 Nov 2021)
|
|
|
-- [Florian Van Heghe brought this change]
|
|
|
+- [Bjarni Ingi Gislason brought this change]
|
|
|
|
|
|
- mbedTLS: add support for CURLOPT_CAINFO_BLOB
|
|
|
+ curl_getdate.3: remove pointless .PP line
|
|
|
|
|
|
- Closes #8071
|
|
|
+ mandoc: WARNING: skipping paragraph macro: PP empty
|
|
|
+
|
|
|
+ Reported-by: Samuel Henrique
|
|
|
+ Closes #8365
|
|
|
|
|
|
-- [Glenn Strauss brought this change]
|
|
|
+- [Sebastian Sterk brought this change]
|
|
|
|
|
|
- digest: compute user:realm:pass digest w/o userhash
|
|
|
+ multi: grammar fix in comment
|
|
|
|
|
|
- https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4
|
|
|
- ... the client MUST calculate a hash of the username after
|
|
|
- any other hash calculation ...
|
|
|
+ After 'must', the verb is used without 'to'. Correct: "must" or "have
|
|
|
+ to"
|
|
|
|
|
|
- Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
|
|
- Closes #8066
|
|
|
+ Closes #8368
|
|
|
|
|
|
-- config.d: update documentation to match the path search
|
|
|
+- openldap: fix compiler warning when built without SSL support
|
|
|
|
|
|
- Assisted-by: Jay Satiro
|
|
|
+ openldap.c:841:52: error: unused parameter ‘data’ [-Werror=unused-parameter]
|
|
|
+
|
|
|
+ Closes #8367
|
|
|
|
|
|
-- tool_findfile: search for a file in the homedir
|
|
|
+- [Samuel Henrique brought this change]
|
|
|
+
|
|
|
+ CURLSHOPT_LOCKFUNC.3: fix typo "relased" -> "released"
|
|
|
|
|
|
- The homedir() function is now renamed into findfile() and iterates over
|
|
|
- all the environment variables trying to access the file in question
|
|
|
- until it finds it. Last resort is then getpwuid() if
|
|
|
- available. Previously it would first try to find a home directory and if
|
|
|
- that was set, insist on checking only that directory for the file. This
|
|
|
- now returns the full file name it finds.
|
|
|
+ Found when packaging 7.81.0 for Debian.
|
|
|
|
|
|
- The Windows specific checks are now done differently too and in this
|
|
|
- order:
|
|
|
+ Closes #8364
|
|
|
+
|
|
|
+- netware: remove support
|
|
|
|
|
|
- 1 - %USERPROFILE%
|
|
|
- 2 - %APPDATA%
|
|
|
- 3 - %USERPROFILE%\\Application Data
|
|
|
+ There are no current users and no Netware related changes done in the
|
|
|
+ code for over 13 years is a clear sign this is abandoned.
|
|
|
|
|
|
- The windows order is modified to match how the Windows 10 ssh tool works
|
|
|
- when it searches for .ssh/known_hosts.
|
|
|
+ Closes #8358
|
|
|
+
|
|
|
+- CI: move two jobs from Zuul to Circle CI
|
|
|
|
|
|
- Reported-by: jeffrson on github
|
|
|
- Co-authored-by: Jay Satiro
|
|
|
- Fixes #8033
|
|
|
- Closes #8035
|
|
|
+ - openssl-no-verbose
|
|
|
+ - openssl-no-proxy
|
|
|
+
|
|
|
+ Closes #8359
|
|
|
|
|
|
-- docs: consistent manpage SYNOPSIS
|
|
|
+- cirlceci: also run a c-ares job on arm with debug enabled
|
|
|
|
|
|
- Make all libcurl related options use .nf (no fill) for the SYNOPSIS
|
|
|
- section - for consistent look. roffit then renders that section using
|
|
|
- <pre> (monospace font) in html for the website.
|
|
|
+ Closes #8357
|
|
|
+
|
|
|
+- ci: move the OpenSSL + c-ares job from Zuul to Circle CI
|
|
|
|
|
|
- Extended manpage-syntax (test 1173) with a basic check for it.
|
|
|
+ Closes #8357
|
|
|
+
|
|
|
+- mailmap: Jan-Piet Mens
|
|
|
+
|
|
|
+- [luminixinc on github brought this change]
|
|
|
+
|
|
|
+ multi: remember connection_id before returning connection to pool
|
|
|
|
|
|
- Closes #8062
|
|
|
+ Fix a bug that does not require a new CVE as discussed on hackerone.com.
|
|
|
+ Previously `connection_id` was accessed after returning connection to
|
|
|
+ the shared pool.
|
|
|
+
|
|
|
+ Bug: https://hackerone.com/reports/1463013
|
|
|
+ Closes #8355
|
|
|
+
|
|
|
+Jay Satiro (31 Jan 2022)
|
|
|
+- write-out.d: Fix num_headers formatting
|
|
|
|
|
|
+- [Jan-Piet Mens brought this change]
|
|
|
+
|
|
|
+ docs: capitalize the name 'Netscape'
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8354
|
|
|
+
|
|
|
+Daniel Stenberg (30 Jan 2022)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- [Antoine Pietri brought this change]
|
|
|
|
|
|
- openldap: handle connect phase with a state machine
|
|
|
+ docs: grammar proofread, typo fixes
|
|
|
|
|
|
- Closes #8054
|
|
|
+ (Partially automated) proofread of most of the documentation, leading to
|
|
|
+ various typo fixes.
|
|
|
+
|
|
|
+ Closes #8353
|
|
|
|
|
|
-- docs: address proselint nits
|
|
|
+- urldata: CONN_IS_PROXIED replaces bits.close when proxy can be disabled
|
|
|
|
|
|
- - avoid exclamation marks
|
|
|
- - use consistent number of spaces after periods: one
|
|
|
- - avoid clichés
|
|
|
- - avoid using 'very'
|
|
|
+ To remove run-time checks for such builds.
|
|
|
|
|
|
- Closes #8060
|
|
|
+ Closes #8350
|
|
|
|
|
|
-- [Bruno Baguette brought this change]
|
|
|
+- setopt: fix the TLSAUTH #ifdefs for proxy-disabled builds
|
|
|
+
|
|
|
+ Closes #8350
|
|
|
|
|
|
- FAQ: typo fix : "yout" ➤ "your"
|
|
|
+- conncache: make conncache_add_bundle return the pointer
|
|
|
|
|
|
- Closes #8059
|
|
|
+ Simplifies the logic a little and avoids a ternary operator.
|
|
|
+
|
|
|
+ Ref: #8346
|
|
|
+ Closes #8349
|
|
|
|
|
|
-- [Bruno Baguette brought this change]
|
|
|
+- mailmap: neutric on github
|
|
|
|
|
|
- docs/INSTALL.md: typo fix : added missing "get" verb
|
|
|
+Jay Satiro (30 Jan 2022)
|
|
|
+- [neutric on github brought this change]
|
|
|
+
|
|
|
+ docs/TheArtOfHttpScripting: fix example POST URL
|
|
|
|
|
|
- Closes #8058
|
|
|
+ Closes https://github.com/curl/curl/pull/8352
|
|
|
|
|
|
-- insecure.d: detail its use for SFTP and SCP as well
|
|
|
+Daniel Stenberg (28 Jan 2022)
|
|
|
+- nss: handshake callback during shutdown has no conn->bundle
|
|
|
|
|
|
- Closes #8056
|
|
|
+ The callback gets called because of the call to PR_Recv() done to
|
|
|
+ attempt to avoid RST on the TCP connection. The conn->bundle pointer is
|
|
|
+ already cleared at this point so avoid dereferencing it.
|
|
|
+
|
|
|
+ Reported-by: Eric Musser
|
|
|
+ Fixes #8341
|
|
|
+ Closes #8342
|
|
|
|
|
|
-Viktor Szakats (25 Nov 2021)
|
|
|
-- Makefile.m32: rename -winssl option to -schannel and tidy up
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ mbedtls: remove #include <mbedtls/certs.h>
|
|
|
|
|
|
- - accept `-schannel` as an alternative to `CFG` option `-winssl`
|
|
|
- (latter still accepted, but deprecated)
|
|
|
- - rename internal variable `WINSSL` to `SCHANNEL`
|
|
|
- - make the `CFG` option evaluation shorter, without repeating the option
|
|
|
- name
|
|
|
+ mbedtls/certs.h file contains only certificates example (all definitions
|
|
|
+ is beginning by mbedtls_test_*). None of them is used so we can avoid
|
|
|
+ include the file.
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #8053
|
|
|
+ Closes #8343
|
|
|
|
|
|
-Daniel Stenberg (25 Nov 2021)
|
|
|
-- KNOWN_BUGS: 5.6 make distclean loops forever
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ mbedtls: enable use of mbedtls without CRL support
|
|
|
|
|
|
- Reported-by: David Bohman
|
|
|
- Closes #7716
|
|
|
+ Closes #8344
|
|
|
|
|
|
-- KNOWN_BUGS: add one, remove one
|
|
|
+- [Bernhard Walle brought this change]
|
|
|
+
|
|
|
+ configure: set CURL_LIBRARY_PATH for nghttp2
|
|
|
|
|
|
- - 5.10 SMB tests fail with Python 2
|
|
|
+ To execute the test program, we might need the library path so that the
|
|
|
+ lib is found at runtime.
|
|
|
|
|
|
- Just use python 3.
|
|
|
+ Closes #8340
|
|
|
+
|
|
|
+Jay Satiro (28 Jan 2022)
|
|
|
+- schannel: restore debug message in schannel_connect_step2
|
|
|
|
|
|
- + 5.10 curl hangs on SMB upload over stdin
|
|
|
+ This is a follow-up to recent commit 2218c3a which removed the debug
|
|
|
+ message to avoid an unused variable warning. The message has been
|
|
|
+ reworked to avoid the warning.
|
|
|
|
|
|
- Closes #7896
|
|
|
+ Ref: https://github.com/curl/curl/pull/8320#issuecomment-1022957904
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8336
|
|
|
|
|
|
-- urlapi: provide more detailed return codes
|
|
|
+- test3021: disable all msys2 path transformation
|
|
|
|
|
|
- Previously, the return code CURLUE_MALFORMED_INPUT was used for almost
|
|
|
- 30 different URL format violations. This made it hard for users to
|
|
|
- understand why a particular URL was not acceptable. Since the API cannot
|
|
|
- point out a specific position within the URL for the problem, this now
|
|
|
- instead introduces a number of additional and more fine-grained error
|
|
|
- codes to allow the API to return more exactly in what "part" or section
|
|
|
- of the URL a problem was detected.
|
|
|
+ - Disable all MSYS2 path transformation in test3021 and test3022.
|
|
|
|
|
|
- Also bug-fixes curl_url_get() with CURLUPART_ZONEID, which previously
|
|
|
- returned CURLUE_OK even if no zoneid existed.
|
|
|
+ Prior to this change path transformation in those tests was disabled
|
|
|
+ only for arguments that start with forward slashes. However arguments
|
|
|
+ that are in base64 contain forward slashes at any position and caused
|
|
|
+ unwanted translations.
|
|
|
|
|
|
- Test cases in 1560 have been adjusted and extended. Tests 1538 and 1559
|
|
|
- have been updated.
|
|
|
+ == Info: Denied establishing ssh session: mismatch sha256 fingerprint.
|
|
|
+ Remote +/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw= is not equal to
|
|
|
+ +C:/msys64/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw
|
|
|
|
|
|
- Updated libcurl-errors.3 and curl_url_strerror() accordingly.
|
|
|
+ In the above example an argument containing a base64 sha256 fingerprint
|
|
|
+ was passed to curl after MSYS2 translated +/ into +C:/msys64/, and then
|
|
|
+ the fingerprint didn't match what was expected.
|
|
|
|
|
|
- Closes #8049
|
|
|
+ Ref: https://www.msys2.org/wiki/Porting/
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/8084
|
|
|
+ Closes https://github.com/curl/curl/pull/8325
|
|
|
|
|
|
-- urlapi: make Curl_is_absolute_url always use MAX_SCHEME_LEN
|
|
|
+Daniel Stenberg (27 Jan 2022)
|
|
|
+- CI: move scan-build job from Zuul to Azure Pipelines
|
|
|
|
|
|
- Instad of having all callers pass in the maximum length, always use
|
|
|
- it. The passed in length is instead used only as the length of the
|
|
|
- target buffer for to storing the scheme name in, if used.
|
|
|
+ Closes #8338
|
|
|
+
|
|
|
+Marcel Raad (27 Jan 2022)
|
|
|
+- openssl: fix `ctx_option_t` for OpenSSL v3+
|
|
|
|
|
|
- Added the scheme max length restriction to the curl_url_set.3 man page.
|
|
|
+ The options have been changed to `uint64_t` in
|
|
|
+ https://github.com/openssl/openssl/commit/56bd17830f2d5855b533d923d4e0649d3ed61d11.
|
|
|
|
|
|
- Follow-up to 45bcb2eaa78c79
|
|
|
+ Closes https://github.com/curl/curl/pull/8331
|
|
|
+
|
|
|
+Daniel Stenberg (27 Jan 2022)
|
|
|
+- CI: move 'distcheck' job from zuul to azure pipelines
|
|
|
|
|
|
- Closes #8047
|
|
|
+ Assisted-by: Kushal Das
|
|
|
+
|
|
|
+ Closes #8334
|
|
|
|
|
|
-- [Jay Satiro brought this change]
|
|
|
+- vtls: pass on the right SNI name
|
|
|
+
|
|
|
+ The TLS backends convert the host name to SNI name and need to use that.
|
|
|
+ This involves cutting off any trailing dot and lowercasing.
|
|
|
+
|
|
|
+ Co-authored-by: Jay Satiro
|
|
|
+ Closes #8320
|
|
|
|
|
|
- cmake: warn on use of the now deprecated symbols
|
|
|
+- url: revert the removal of trailing dot from host name
|
|
|
|
|
|
- Follow-up to 9108da2c26d
|
|
|
+ Reverts 5de8d84098db1bd24e (May 2014, shipped in 7.37.0) and the
|
|
|
+ follow-up changes done afterward.
|
|
|
|
|
|
- Closes #8052
|
|
|
+ Keep the dot in names for everything except the SNI to make curl behave
|
|
|
+ more similar to current browsers. This means 'name' and 'name.' send the
|
|
|
+ same SNI for different 'Host:' headers.
|
|
|
+
|
|
|
+ Updated test 1322 accordingly
|
|
|
+
|
|
|
+ Fixes #8290
|
|
|
+ Reported-by: Charles Cazabon
|
|
|
+ Closes #8320
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- [neutric on github brought this change]
|
|
|
|
|
|
- tests/CI.md: add more information on CI environments
|
|
|
+ docs/TheArtOfHttpScripting: fix capitalization
|
|
|
|
|
|
- Fixes #8012
|
|
|
- Closes #8022
|
|
|
+ Closes #8333
|
|
|
|
|
|
-- cmake: private identifiers use CURL_ instead of CMAKE_ prefix
|
|
|
+- tests/memanalyze.pl: also count and show "total allocations"
|
|
|
|
|
|
- Since the 'CMAKE_' prefix is reserved for cmake's own private use.
|
|
|
- Ref: https://cmake.org/cmake/help/latest/manual/cmake-variables.7.html
|
|
|
+ This is the total number of bytes allocated, increasing for new
|
|
|
+ allocations and never reduced when freed. The existing "Maximum
|
|
|
+ allocated" is the high water mark.
|
|
|
|
|
|
- Reported-by: Boris Rasin
|
|
|
- Fixes #7988
|
|
|
- Closes #8044
|
|
|
+ Closes #8330
|
|
|
|
|
|
-- urlapi: reject short file URLs
|
|
|
+- mailmap: spellfix githuh => github
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- hostcheck: fixed to not touch used input strings
|
|
|
|
|
|
- file URLs that are 6 bytes or shorter are not complete. Return
|
|
|
- CURLUE_MALFORMED_INPUT for those. Extended test 1560 to verify.
|
|
|
+ Avoids the need to clone the strings before check, thus avoiding
|
|
|
+ mallocs, which for cases where there are many SAN names in a cert could
|
|
|
+ end up numerous.
|
|
|
|
|
|
- Triggered by #8041
|
|
|
- Closes #8042
|
|
|
+ Closes #8321
|
|
|
|
|
|
-- curl: improve error message for --head with -J
|
|
|
-
|
|
|
- ... it now focuses on the "output of headers" combined with the
|
|
|
- --remote-header-name option, as that is actually the problem. Both
|
|
|
- --head and --include can output headers.
|
|
|
+- ngtcp2: adapt to changed end of headers callback proto
|
|
|
|
|
|
- Reported-by: nimaje on github
|
|
|
- Fixes #7987
|
|
|
- Closes #8045
|
|
|
+ Closes #8322
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Xiaoke Wang brought this change]
|
|
|
|
|
|
-- [Stefan Eissing brought this change]
|
|
|
+ openssl: check SSL_get_ex_data to prevent potential NULL dereference
|
|
|
+
|
|
|
+ Closes #8268
|
|
|
|
|
|
- urlapi: cleanup scheme parsing
|
|
|
+Jay Satiro (23 Jan 2022)
|
|
|
+- md5: check md5_init_func return value
|
|
|
|
|
|
- Makea Curl_is_absolute_url() always leave a defined 'buf' and avoids
|
|
|
- copying on urls that do not start with a scheme.
|
|
|
+ Prior to this change the md5_init_func (my_md5_init) return value was
|
|
|
+ ignored.
|
|
|
|
|
|
- Closes #8043
|
|
|
+ Closes https://github.com/curl/curl/pull/8319
|
|
|
|
|
|
-- tool_operate: only set SSH related libcurl options for SSH URLs
|
|
|
+- md5: refactor for standard compliance
|
|
|
|
|
|
- For example, this avoids trying to find and set the known_hosts file (or
|
|
|
- warn for its absence) if SFTP or SCP are not used.
|
|
|
+ - Wrap OpenSSL / wolfSSL MD5 functions instead of taking their function
|
|
|
+ addresses during static initialization.
|
|
|
|
|
|
- Closes #8040
|
|
|
+ Depending on how curl was built the old way may have used a dllimport
|
|
|
+ function address during static initialization, which is not standard
|
|
|
+ compliant, resulting in Visual Studio warning C4232 (nonstandard
|
|
|
+ extension). Instead the function pointers now point to the wrappers
|
|
|
+ which call the MD5 functions.
|
|
|
+
|
|
|
+ This change only affects OpenSSL and wolfSSL because calls to other SSL
|
|
|
+ libraries' md5 functions were already wrapped. Also sha256.c already
|
|
|
+ does this for all SSL libraries.
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/pull/8298
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8318
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+Daniel Stenberg (21 Jan 2022)
|
|
|
+- [Lucas Pardue brought this change]
|
|
|
|
|
|
- rustls: remove comment about checking handshaking
|
|
|
+ docs: update IETF links to use datatracker
|
|
|
|
|
|
- The comment is incorrect in two ways:
|
|
|
- - It says the check needs to be last, but the check is actually first.
|
|
|
- - is_handshaking actually starts out true.
|
|
|
+ The tools.ietf.org domain has been deprecated a while now, with the
|
|
|
+ links being redirected to datatracker.ietf.org.
|
|
|
|
|
|
- Closes #8038
|
|
|
+ Rather than make people eat that redirect time, this change switches the
|
|
|
+ URL to a more canonical source.
|
|
|
+
|
|
|
+ Closes #8317
|
|
|
|
|
|
-Marcel Raad (20 Nov 2021)
|
|
|
-- openssl: use non-deprecated API to read key parameters
|
|
|
+- [Harry Sarson brought this change]
|
|
|
+
|
|
|
+ CI: test building wolfssl with --enable-opensslextra
|
|
|
|
|
|
- With OpenSSL 3.0, the parameters are read directly from the `EVP_PKEY`
|
|
|
- using `EVP_PKEY_get_bn_param`.
|
|
|
+ Closes #8315
|
|
|
+
|
|
|
+- [Harry Sarson brought this change]
|
|
|
+
|
|
|
+ misc: allow curl to build with wolfssl --enable-opensslextra
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7893
|
|
|
+ put all #include of openssl files behind wolfssl ifdefs so that we can
|
|
|
+ use the wolfssl/ prefixed include paths. Without these curl only builds
|
|
|
+ when wolfssl is built with enable-all.
|
|
|
+
|
|
|
+ Fixes #8292
|
|
|
+ Closes #8315
|
|
|
|
|
|
-- openssl: reduce code duplication
|
|
|
+- [Lucas Pardue brought this change]
|
|
|
+
|
|
|
+ quiche: change qlog file extension to `.sqlog`
|
|
|
|
|
|
- `BN_print`'s `BIGNUM` parameter has been `const` since OpenSSL 0.9.4.
|
|
|
+ quiche has just switched it's qlog serialization format to JSON-SEQ by
|
|
|
+ default . The spec says this SHOULD use `.sqlog` extension.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7893
|
|
|
+ I believe ngtcp2 also supports JSON-SEQ by default as of
|
|
|
+ https://github.com/ngtcp2/ngtcp2/commit/9baf06fc3f352a1d062b6953ae1de22cae30639d
|
|
|
+
|
|
|
+ Let's update curl so that tools know what format we are using!
|
|
|
+
|
|
|
+ Closes #8316
|
|
|
|
|
|
-- openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
|
|
|
+Jay Satiro (21 Jan 2022)
|
|
|
+- projects: Fix Visual Studio wolfSSL configurations
|
|
|
|
|
|
- The flag has been deprecated without replacement in OpenSSL 3.0.
|
|
|
+ - Change build-wolfssl.bat to disable SSLv3, enable TLSv1.3, enable
|
|
|
+ wolfSSL_DES_ecb_encrypt (needed by NTLM) and enable alt cert chains.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7893
|
|
|
+ - Disable warning C4214 'bit field types other than int'.
|
|
|
+
|
|
|
+ - Add include directory wolfssl\wolfssl.
|
|
|
+
|
|
|
+ wolfSSL offers OpenSSL API compatibility that libcurl uses, and some
|
|
|
+ recent change in libcurl included an include file for wolfSSL like
|
|
|
+ openssl/foo.h, which has a path like wolfssl\wolfssl\openssl\foo.h.
|
|
|
+
|
|
|
+ The include directory issue was reported in #8292 but it's currently
|
|
|
+ unclear whether this type of change is needed for other build systems.
|
|
|
+
|
|
|
+ Bug: https://github.com/curl/curl/issues/8292
|
|
|
+ Reported-by: Harry Sarson
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8298
|
|
|
|
|
|
-- openssl: remove usage of deprecated `SSL_get_peer_certificate`
|
|
|
+Daniel Stenberg (21 Jan 2022)
|
|
|
+- openssl: return error if TLS 1.3 is requested when not supported
|
|
|
|
|
|
- The function name was changed to `SSL_get1_peer_certificate` in OpenSSL
|
|
|
- 3.0.
|
|
|
+ Previously curl would just silently ignore it if the necessary defines
|
|
|
+ are not present at build-time.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7893
|
|
|
+ Reported-by: Stefan Eissing
|
|
|
+ Fixes #8309
|
|
|
+ Closes #8310
|
|
|
|
|
|
-Daniel Stenberg (19 Nov 2021)
|
|
|
-- page-footer: fix typo
|
|
|
+- TODO: Passing NOTIFY option to CURLOPT_MAIL_RCPT
|
|
|
|
|
|
- Closes #8036
|
|
|
+ Closes #8232
|
|
|
|
|
|
-- http: enable haproxy support for hyper backend
|
|
|
+- [pheiduck on github brought this change]
|
|
|
+
|
|
|
+ workflows/wolfssl: install impacket
|
|
|
|
|
|
- This is done by having native code do the haproxy header output before
|
|
|
- hyper issues its request. The little downside with this approach is that
|
|
|
- we need the entire Curl_buffer_send() function built, which is otherwise
|
|
|
- not used for hyper builds.
|
|
|
+ needed Python Package for SMB tests
|
|
|
|
|
|
- If hyper ends up getting native support for the haproxy protocols we can
|
|
|
- backpedal on this.
|
|
|
+ Closes #8307
|
|
|
+
|
|
|
+- url: make Curl_disconnect return void
|
|
|
|
|
|
- Enables test 1455 and 1456
|
|
|
+ 1. The function would only ever return CURLE_OK anyway
|
|
|
+ 2. Only one caller actually used the return code
|
|
|
+ 3. Most callers did (void)Curl_disconnect()
|
|
|
|
|
|
- Closes #8034
|
|
|
+ Closes #8303
|
|
|
|
|
|
-- [Bernhard Walle brought this change]
|
|
|
+- docs: document HTTP/2 not insisting on TLS 1.2
|
|
|
+
|
|
|
+ Both for --http2 and CURLOPT_HTTP_VERSION.
|
|
|
+
|
|
|
+ Reported-by: jhoyla on github
|
|
|
+ Fixes #8235
|
|
|
+ Closes #8300
|
|
|
|
|
|
- configure: fix runtime-lib detection on macOS
|
|
|
+- cmdline-opts/gen.pl: fix option matching to improve references
|
|
|
|
|
|
- With a non-standard installation of openssl we get this error:
|
|
|
+ Previously it could mistakenly match partial names when there are
|
|
|
+ options that start with the same prefix, leading to the wrong references
|
|
|
+ used.
|
|
|
|
|
|
- checking run-time libs availability... failed
|
|
|
- configure: error: one or more libs available at link-time are not available run-time. Libs used at link-time: -lnghttp2 -lssl -lcrypto -lssl -lcrypto -lz
|
|
|
+ Closes #8299
|
|
|
+
|
|
|
+- TODO: Less memory massaging with Schannel
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ runtests.pl: disable debuginfod
|
|
|
|
|
|
- There's already code to set LD_LIBRARY_PATH on Linux, so set
|
|
|
- DYLD_LIBRARY_PATH equivalent on macOS.
|
|
|
+ Valgrind and gdb implement this feature: as this highly slows down tests,
|
|
|
+ disable it.
|
|
|
|
|
|
- Closes #8028
|
|
|
+ Closes #8291
|
|
|
|
|
|
-- [Don J Olmstead brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- cmake: don't set _USRDLL on a static Windows build
|
|
|
+- CURLMOPT_TIMERFUNCTION/DATA.3: fix the examples
|
|
|
|
|
|
- Closes #8030
|
|
|
+ ... to not call libcurl recursively back.
|
|
|
+
|
|
|
+ Closes #8286
|
|
|
|
|
|
-- page-footer: document more environment variables
|
|
|
+- multi: set in_callback for multi interface callbacks
|
|
|
|
|
|
- ... that curl might use.
|
|
|
+ This makes most libcurl functions return error if called from within a
|
|
|
+ callback using the same multi handle. For example timer or socket
|
|
|
+ callbacks calling curl_multi_socket_action.
|
|
|
|
|
|
- Closes #8027
|
|
|
+ Reported-by: updatede on github
|
|
|
+ Fixes #8282
|
|
|
+ Closes #8286
|
|
|
|
|
|
-- netrc.d: edit the .netrc example to look nicer
|
|
|
+- docs/HISTORY.md: mention alt-svc and HSTS
|
|
|
+
|
|
|
+- misc: remove the final watcom references
|
|
|
|
|
|
- Works nicely thanks to d1828b470f43d
|
|
|
+ Follow-up to bbf8cae44dedc495e6
|
|
|
|
|
|
- Closes #8025
|
|
|
+ We removed support for the watcom builds files back in September
|
|
|
+ 2020. This removes all remaining watcom references and ifdefs.
|
|
|
+
|
|
|
+ Closes #8287
|
|
|
|
|
|
-- tftp: mark protocol as not possible to do over CONNECT
|
|
|
+- misc: remove BeOS code and references
|
|
|
|
|
|
- ... and make connect_init() refusing trying to tunnel protocols marked
|
|
|
- as not working. Avoids a double-free.
|
|
|
+ There has not been a mention of this OS in any commit since December
|
|
|
+ 2004 (58f4af7973e3d2). The OS is also long gone.
|
|
|
|
|
|
- Reported-by: Even Rouault
|
|
|
- Fixes #8018
|
|
|
- Closes #8020
|
|
|
+ Closes #8288
|
|
|
|
|
|
-- docs/cmdline-opts: do not say "protocols: all"
|
|
|
+- tool_getparam: DNS options that need c-ares now fail without it
|
|
|
|
|
|
- Remove the lines saying "protocols: all". It makes the output in the
|
|
|
- manpage look funny, and the expectation is probably by default that if
|
|
|
- not anything is mentioned about protocols the option apply to them all.
|
|
|
+ Just silently accepting the options and then not having any effect is
|
|
|
+ not good.
|
|
|
|
|
|
- Closes #8021
|
|
|
+ Ref: #8283
|
|
|
+ Closes #8285
|
|
|
|
|
|
-- curl.1: require "see also" for every documented option
|
|
|
+- curl: remove "separators" (when using globbed URLs)
|
|
|
|
|
|
- gen.pl now generates a warning if the "See Also" field is not filled in for a
|
|
|
- command line option
|
|
|
+ Unless muted (with -s) When doing globbing, curl would output mime-like
|
|
|
+ separators between the separate transfers. This is not documented
|
|
|
+ anywhere, surprises users and clobbers the output. Gone now.
|
|
|
|
|
|
- All command line options now provide one or more related options. 167
|
|
|
- "See alsos" added!
|
|
|
+ Updated test 18 and 1235
|
|
|
|
|
|
- Closes #8019
|
|
|
+ Reported-by: jonny112 on github
|
|
|
+ Bug: https://github.com/curl/curl/discussions/8257
|
|
|
+ Closes #8278
|
|
|
|
|
|
-- insecure.d: expand and clarify
|
|
|
+Jay Satiro (15 Jan 2022)
|
|
|
+- [Niels Martignène brought this change]
|
|
|
+
|
|
|
+ mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
|
|
|
|
|
|
- Closes #8017
|
|
|
+ - Increase the buffer length passed to mbedtls_x509_crt_parse to account
|
|
|
+ for the null byte appended to the temporary blob.
|
|
|
+
|
|
|
+ Follow-up to 867ad1c which uses a null terminated copy of the
|
|
|
+ certificate blob, because mbedtls_x509_crt_parse requires PEM data
|
|
|
+ to be null terminated.
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/commit/867ad1c#r63439893
|
|
|
+ Ref: https://github.com/curl/curl/pull/8146
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8260
|
|
|
|
|
|
-- gen.pl: improve example output format
|
|
|
+Daniel Stenberg (15 Jan 2022)
|
|
|
+- [Alessandro Ghedini brought this change]
|
|
|
+
|
|
|
+ quiche: verify the server cert on connect
|
|
|
|
|
|
- Treat consecutive lines that start with a space to be "examples". They
|
|
|
- are output enclosed by .nf and .fi
|
|
|
+ Similarly to c148f0f551f9bea0e3d0, make quiche correctly acknowledge
|
|
|
+ `CURLOPT_SSL_VERIFYPEER` and `CURLOPT_SSL_VERIFYHOST`.
|
|
|
|
|
|
- Updated form.d to use this new fanciness
|
|
|
+ Fixes #8173
|
|
|
+ Closes #8275
|
|
|
+
|
|
|
+- [Ikko Ashimine brought this change]
|
|
|
+
|
|
|
+ checksrc: fix typo in comment
|
|
|
|
|
|
- Closes #8016
|
|
|
+ enfore -> enforce
|
|
|
+
|
|
|
+ Closes #8281
|
|
|
|
|
|
-- Revert "form-escape.d: double the back-slashes for proper man page output"
|
|
|
+- curl-openssl: remove the OpenSSL headers and library versions check
|
|
|
|
|
|
- This reverts commit a2d8eac04a4eb1d5a98cf24b4e5cec5cec565d27.
|
|
|
+ It is more work to maintain that check than the (any?) benefit it
|
|
|
+ brings.
|
|
|
|
|
|
- silly me, it was intended to be one backslash!
|
|
|
+ Fixes #8279
|
|
|
+ Reported-by: Satadru Pramanik
|
|
|
+ Closes #8280
|
|
|
|
|
|
-- form-escape.d: double the back-slashes for proper man page output
|
|
|
+- mqtt: free any leftover when done
|
|
|
+
|
|
|
+ Oss-fuzz found an issue when the "sendleftovers" pointer could leak memory.
|
|
|
+ Fix this by always freeing it (if still assigned) in the done function.
|
|
|
+
|
|
|
+ Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43515
|
|
|
+ Closes #8274
|
|
|
|
|
|
-- page-footer: add a mention of how to report bugs to the man page
|
|
|
+- formdata: avoid size_t => long typecast overflows
|
|
|
+
|
|
|
+ Typically a problem for platforms with 32 bit long and 64 bit size_t
|
|
|
+
|
|
|
+ Reported-by: Fabian Yamaguchi
|
|
|
+ Bug: https://hackerone.com/reports/1444539
|
|
|
+ Closes #8272
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
- and bump to 7.81.0-DEV
|
|
|
+ bump next release to become 7.82.0
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+Marcel Raad (13 Jan 2022)
|
|
|
+- build: enable -Warith-conversion
|
|
|
+
|
|
|
+ This makes the behavior consistent between GCC 10 and earlier versions.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8271
|
|
|
|
|
|
- mime: use percent-escaping for multipart form field and file names
|
|
|
+- build: fix -Wenum-conversion handling
|
|
|
|
|
|
- Until now, form field and file names where escaped using the
|
|
|
- backslash-escaping algorithm defined for multipart mails. This commit
|
|
|
- replaces this with the percent-escaping method for URLs.
|
|
|
+ Don't enable that warning when warnings are disabled.
|
|
|
+ Also add it to CMake.
|
|
|
|
|
|
- As this may introduce incompatibilities with server-side applications, a
|
|
|
- new libcurl option CURLOPT_MIME_OPTIONS with bitmask
|
|
|
- CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of
|
|
|
- backslash-escaping. This is controlled by new cli tool option
|
|
|
- --form-escape.
|
|
|
+ Closes https://github.com/curl/curl/pull/8271
|
|
|
+
|
|
|
+- appveyor: use VS 2017 image for the autotools builds
|
|
|
|
|
|
- New tests and documentation are provided for this feature.
|
|
|
+ The newer images don't have all required MSYS2 packages.
|
|
|
|
|
|
- Reported by: Ryan Sleevi
|
|
|
- Fixes #7789
|
|
|
- Closes #7805
|
|
|
+ Fixes https://github.com/curl/curl/issues/8248
|
|
|
+ Closes https://github.com/curl/curl/pull/8265
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- appveyor: update images from VS 2019 to 2022
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/8265
|
|
|
|
|
|
- zuul.d: update rustls-ffi to version 0.8.2
|
|
|
+Daniel Stenberg (12 Jan 2022)
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ mbedtls: return CURLcode result instead of a mbedtls error code
|
|
|
|
|
|
- This version fixes errors with ALPN negotiation in rustls, which is
|
|
|
- necessary for HTTP/2 support. For more information see the rustls-ffi
|
|
|
- changelog.
|
|
|
+ ... when a certificate fails to be loaded from a blob
|
|
|
|
|
|
- Closes #8013
|
|
|
+ Closes #8266
|
|
|
|
|
|
-- configure: better diagnostics if hyper is built wrong
|
|
|
+- curl_multi_socket.3: remove callback and typical usage descriptions
|
|
|
|
|
|
- If hyper is indeed present in the specified directory but couldn't be
|
|
|
- used to find the correct symbol, then offer a different error message to
|
|
|
- better help the user understand the issue.
|
|
|
+ 1. The callback is better described in the option for setting it. Having
|
|
|
+ it in a single place reduces the risk that one of them is wrong.
|
|
|
|
|
|
- Suggested-by: Jacob Hoffman-Andrews
|
|
|
- Fixes #8001
|
|
|
- Closes #8005
|
|
|
+ 2. The "typical usage" is wrong since the functions described in this
|
|
|
+ man page are both deprecated so they cannot be used in any "typical" way
|
|
|
+ anymore.
|
|
|
+
|
|
|
+ Closes #8262
|
|
|
|
|
|
-- test1939: require proxy support to run
|
|
|
+- curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE
|
|
|
|
|
|
- Follow-up to f0b7099a10d1a
|
|
|
+ Mostly reverts ba0657c343f, but now instead just run the plain macro on
|
|
|
+ darwin. The approach as used on other platforms is simply not necessary
|
|
|
+ on macOS.
|
|
|
|
|
|
- Closes #8011
|
|
|
+ Fixes #8229
|
|
|
+ Reported-by: Ryan Schmidt
|
|
|
+ Closes #8247
|
|
|
|
|
|
-- test302[12]: run only with the libssh2 backend
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ openldap: implement SASL authentication
|
|
|
|
|
|
- ... as the others don't support --hostpubsha256
|
|
|
+ As credentials can be quite different depending on the mechanism used,
|
|
|
+ there are no default mechanisms for LDAP and simple bind with a DN is
|
|
|
+ then used.
|
|
|
|
|
|
- Reported-by: Paul Howarth
|
|
|
- Fixes #8009
|
|
|
- Closes #8010
|
|
|
-
|
|
|
-- runtests: make the SSH library a testable feature
|
|
|
+ The caller has to provide mechanism(s) using CURLOPT_LOGIN_OPTIONS to
|
|
|
+ enable SASL authentication and disable simple bind.
|
|
|
|
|
|
- libssh2, libssh and wolfssh
|
|
|
+ Closes #8152
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+Jay Satiro (10 Jan 2022)
|
|
|
+- [Cameron Will brought this change]
|
|
|
|
|
|
- rustls: read of zero bytes might be okay
|
|
|
+ CURLOPT_RESOLVE.3: change example port to 443
|
|
|
|
|
|
- When we're reading out plaintext from rustls' internal buffers, we might
|
|
|
- get a read of zero bytes (meaning a clean TCP close, including
|
|
|
- close_notify). However, we shouldn't return immediately when that
|
|
|
- happens, since we may have already copied out some plaintext bytes.
|
|
|
- Break out of the loop when we get a read of zero bytes, and figure out
|
|
|
- which path we're dealing with.
|
|
|
+ 83cc966 changed documentation from using http to https. However,
|
|
|
+ CURLOPT_RESOLVE being set to port 80 in the documentation means that it
|
|
|
+ isn't valid for the new URL. Update to 443.
|
|
|
|
|
|
- Acked-by: Kevin Burke
|
|
|
+ Closes https://github.com/curl/curl/pull/8258
|
|
|
+
|
|
|
+Daniel Stenberg (10 Jan 2022)
|
|
|
+- [Fabian Keil brought this change]
|
|
|
+
|
|
|
+ test374: gif data without new line at the end
|
|
|
|
|
|
- Closes #8003
|
|
|
+ Closes #8239
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Fabian Keil brought this change]
|
|
|
|
|
|
- rustls: remove incorrect EOF check
|
|
|
+ runtests.pl: support the nonewline attribute for the data part
|
|
|
|
|
|
- The update to rustls-ffi 0.8.0 changed handling of EOF and close_notify.
|
|
|
- From the CHANGELOG:
|
|
|
+ Added to FILEFORMAT
|
|
|
|
|
|
- > Handling of unclean close and the close_notify TLS alert. Mirroring
|
|
|
- > upstream changes, a rustls_connection now tracks TCP closed state like
|
|
|
- > so: rustls_connection_read_tls considers a 0-length read from its
|
|
|
- > callback to mean "TCP stream was closed by peer." If that happens
|
|
|
- > before the peer sent close_notify, rustls_connection_read will return
|
|
|
- > RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are
|
|
|
- > exhausted. This is useful to protect against truncation attacks. Note:
|
|
|
- > some TLS implementations don't send close_notify. If you are already
|
|
|
- > getting length information from your protocol (e.g. Content-Length in
|
|
|
- > HTTP) you may choose to ignore UNEXPECTED_EOF so long as the number of
|
|
|
- > plaintext bytes was as expected.
|
|
|
+ Closes #8239
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ curl tool: erase some more sensitive command line arguments
|
|
|
|
|
|
- That means we don't need to check for unclean EOF in `cr_recv()`,
|
|
|
- because `process_new_packets()` will give us an error if appropriate.
|
|
|
+ As the ps command may reveal sensitive command line info, obfuscate
|
|
|
+ options --tlsuser, --tlspasswd, --proxy-tlsuser, --proxy-tlspassword and
|
|
|
+ --oauth2-bearer arguments.
|
|
|
|
|
|
- Closes #8003
|
|
|
+ Reported-by: Stephen Boost <s.booth@epcc.ed.ac.uk>
|
|
|
+
|
|
|
+ Closes #7964
|
|
|
|
|
|
-- lib1939: make it endure torture tests
|
|
|
+- mesalink: remove support
|
|
|
|
|
|
- Follow-up to f0b7099a10d1a
|
|
|
+ Mesalink has ceased development. We can no longer encourage use of it.
|
|
|
+ It seems to be continued under the name TabbySSL, but no attempts have
|
|
|
+ (yet) been to make curl support it.
|
|
|
|
|
|
- Closes #8007
|
|
|
+ Fixes #8188
|
|
|
+ Closes #8191
|
|
|
|
|
|
-- azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
|
|
|
+- ldap: return CURLE_URL_MALFORMAT for bad URL
|
|
|
|
|
|
- The configure line would previously depend on a configure mistake using
|
|
|
- --without-openssl that is fixed and now this configure line needs
|
|
|
- adjusting to use --without-ssl.
|
|
|
+ For consistency, use the same return code for URL malformats,
|
|
|
+ independently of what scheme that is used. Previously this would return
|
|
|
+ CURLE_LDAP_INVALID_URL, but starting now that error cannot be returned.
|
|
|
|
|
|
- Follow-up to b589696f0312d
|
|
|
+ Closes #8170
|
|
|
+
|
|
|
+- docs/cmdline-opts: add "mutexed" options for more http versions
|
|
|
|
|
|
- Closes #8006
|
|
|
+ Update four http version man page sections.
|
|
|
+
|
|
|
+ Closes #8254
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Stephen M. Coakley brought this change]
|
|
|
|
|
|
- configure: add -lm to configure for rustls build.
|
|
|
+ rustls: add CURLOPT_CAINFO_BLOB support
|
|
|
|
|
|
- Note: The list of libraries that rustc tells us we need to include is
|
|
|
- longer, but also includes some more platform-specific libraries that I
|
|
|
- am not sure how to effectively incorporate. Adding just -lm seems to
|
|
|
- solve an immediate problem, so I'm adding just that.
|
|
|
+ Add support for `CURLOPT_CAINFO_BLOB` `CURLOPT_PROXY_CAINFO_BLOB` to the
|
|
|
+ rustls TLS backend. Multiple certificates in a single PEM string are
|
|
|
+ supported just like OpenSSL does with this option.
|
|
|
|
|
|
- Closes #8002
|
|
|
+ This is compatible at least with rustls-ffi 0.8+ which is our new
|
|
|
+ minimum version anyway.
|
|
|
+
|
|
|
+ I was able to build and run this on Windows, pulling trusted certs from
|
|
|
+ the system and then add them to rustls by setting
|
|
|
+ `CURLOPT_CAINFO_BLOB`. Handy!
|
|
|
+
|
|
|
+ Closes #8255
|
|
|
|
|
|
-- curl_share_setopt.3: refer to CURLSHOPT_USERDATA(3) properly
|
|
|
+- scripts/copyright.pl: ignore missing files
|
|
|
|
|
|
-- curl_share_setopt.3: split out options into their own manpages
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- data/DISABLED: disable test 313 for wolfssl builds
|
|
|
|
|
|
- CURLSHOPT_LOCKFUNC.3
|
|
|
- CURLSHOPT_SHARE.3
|
|
|
- CURLSHOPT_UNLOCKFUNC.3
|
|
|
- CURLSHOPT_UNSHARE.3
|
|
|
- CURLSHOPT_USERDATA.3
|
|
|
+ It was previously disabled only in the CI jobs yaml
|
|
|
|
|
|
- Closes #7998
|
|
|
+ Closes #8252
|
|
|
|
|
|
-- http_proxy: make Curl_connect_done() work for proxy disabled builds
|
|
|
+- runtests: make 'wolfssl' a testable feature
|
|
|
|
|
|
- ... by making it an empty macro then.
|
|
|
+ Closes #8252
|
|
|
+
|
|
|
+- GHA: install stunnel in the medbtls + wolfssl CI jobs
|
|
|
|
|
|
- Follow-up to f0b7099a10d1a
|
|
|
- Reported-by: Vincent Grande
|
|
|
- Fixes #7995
|
|
|
- Closes #7996
|
|
|
+ Closes #8252
|
|
|
|
|
|
-- Curl_connect_done: handle being called twice
|
|
|
+- CI: move the rustls CI job to GHA from Zuul
|
|
|
|
|
|
- Follow-up to f0b7099a10d1a7c
|
|
|
+ Closes #8251
|
|
|
+
|
|
|
+- DISABLE: disable a dozen tests in the rustls build
|
|
|
|
|
|
- When torture testing 1021, it turns out the Curl_connect_done function
|
|
|
- might be called twice and that previously then wrongly cleared the HTTP
|
|
|
- pointer in the second invoke.
|
|
|
+ Disables tests that don't yet work with the rustls backend.
|
|
|
|
|
|
- Closes #7999
|
|
|
+ Fixes #8004
|
|
|
+ Closes #8250
|
|
|
|
|
|
-- [Stan Hu brought this change]
|
|
|
+- runtests: make 'rustls' a testable feature
|
|
|
|
|
|
- configure: don't enable TLS when --without-* flags are used
|
|
|
-
|
|
|
- Previously specifying `--without-gnutls` would unexpectedly attempt to
|
|
|
- compile with GnuTLS, effectively interpreting this as
|
|
|
- `--with-gnutls`. This caused a significant amount of confusion when
|
|
|
- `libcurl` was built with SSL disabled since GnuTLS wasn't present.
|
|
|
+- remote-header-name.d: clarify
|
|
|
|
|
|
- 68d89f24 dropped the `--without-*` options from the configure help, but
|
|
|
- `AC_ARG_WITH` still defines these flags automatically. As
|
|
|
- https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/External-Software.html
|
|
|
- describes, the `action-if-given` is called when the user specifies
|
|
|
- `--with-*` or `--without-*` options.
|
|
|
-
|
|
|
- To prevent this confusion, we make the `--without` flag do the right
|
|
|
- thing by ignoring the value if it set to "no".
|
|
|
+ - it strips off the path from the server provided name
|
|
|
+ - it saves in current directory or --output-dir
|
|
|
|
|
|
- Closes #7994
|
|
|
-
|
|
|
-- [Rikard Falkeborn brought this change]
|
|
|
+ Ref: https://curl.se/mail/archive-2022-01/0032.html
|
|
|
+ Closes #8249
|
|
|
|
|
|
- docs/checksrc: Add documentation for STRERROR
|
|
|
+- url: given a user in the URL, find pwd for that user in netrc
|
|
|
|
|
|
- Closes #7991
|
|
|
-
|
|
|
-- vtls/rustls: adapt to the updated rustls_version proto
|
|
|
+ Add test 380 and 381 to verify, edited test 133
|
|
|
|
|
|
- Closes #7956
|
|
|
+ Reported-by: Manfred Schwarb
|
|
|
+ Fixes #8241
|
|
|
+ Closes #8243
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- [Niels Martignène brought this change]
|
|
|
|
|
|
- vtls/rustls: handle RUSTLS_RESULT_PLAINTEXT_EMPTY
|
|
|
+ mbedtls: Fix ssl_init error with mbedTLS 3.1.0+
|
|
|
|
|
|
- Previously we'd return CURLE_READ_ERROR if we received this, instead
|
|
|
- of triggering the error handling logic that's present in the next if
|
|
|
- block down.
|
|
|
+ Since mbedTLS 3.1.0, mbedtls_ssl_setup() fails if the provided
|
|
|
+ config struct is not valid.
|
|
|
|
|
|
- After this change, curl requests to https://go.googlesource.com using
|
|
|
- HTTP/2 complete successfully.
|
|
|
+ mbedtls_ssl_config_defaults() needs to be called before the config
|
|
|
+ struct is passed to mbedtls_ssl_setup().
|
|
|
|
|
|
- Fixes #7949
|
|
|
- Closes #7948
|
|
|
-
|
|
|
-- [Kevin Burke brought this change]
|
|
|
-
|
|
|
- zuul: update build environment for rustls-ffi 0.8.0
|
|
|
+ Closes #8238
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- [Filip Lundgren brought this change]
|
|
|
|
|
|
- vtls/rustls: update to compile with rustls-ffi v0.8.0
|
|
|
+ cmake: fix iOS CMake project generation error
|
|
|
|
|
|
- Some method names, as well as the generated library name, were changed
|
|
|
- in a recent refactoring.
|
|
|
+ Closes #8244
|
|
|
+
|
|
|
+- ngtcp2: fix declaration of ‘result’ shadows a previous local
|
|
|
|
|
|
- Further, change the default configuration instructions to check for
|
|
|
- Hyper in either "target/debug" or "target/release" - the latter
|
|
|
- contains an optimized build configuration.
|
|
|
+ Follow-up to 8fbd6feddfa587cfd3
|
|
|
|
|
|
- Fixes #7947
|
|
|
- Closes #7948
|
|
|
+ Closes #8245
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- openssl.h: avoid including OpenSSL headers here
|
|
|
|
|
|
- and bump the version to 7.80.1
|
|
|
-
|
|
|
-- multi: shut down CONNECT in Curl_detach_connnection
|
|
|
+ ... by instead using the struct version of the typedef'ed pointer. To
|
|
|
+ fix build errors when both Schannel and OpenSSL are enabled.
|
|
|
|
|
|
- ... to prevent a lingering pointer that would lead to a double-free.
|
|
|
+ Fixes #8240
|
|
|
+ Reported-by: Jan Ehrhardt
|
|
|
+ Closes #8246
|
|
|
+
|
|
|
+- curl_url_set.3: mention when CURLU_ALLOW_SPACE was added
|
|
|
+
|
|
|
+- tool_findfile: free mem properly
|
|
|
|
|
|
- Added test 1939 to verify.
|
|
|
+ Follow-up to 764e4f066d5
|
|
|
|
|
|
- Reported-by: Stephen M. Coakley
|
|
|
- Fixes #7982
|
|
|
- Closes #7986
|
|
|
+ Closes #8242
|
|
|
|
|
|
-- curl_easy_cleanup.3: remove from multi handle first
|
|
|
+- tool_findfile: check ~/.config/curlrc too
|
|
|
|
|
|
- Easy handles that are used by the multi interface should be removed from
|
|
|
- the multi handle before they are cleaned up.
|
|
|
+ ... after the initial checks for .curlrc and if XDG_CONFIG_HOME is not
|
|
|
+ set, use $HOME and $CURL_HOME to check if ~/.config/curlrc is present.
|
|
|
|
|
|
- Reported-by: Stephen M. Coakley
|
|
|
- Ref: #7982
|
|
|
- Closes #7983
|
|
|
+ Add test 436 to verify
|
|
|
+
|
|
|
+ Reported-by: Sandro Jaeckel
|
|
|
+ Fixes #8208
|
|
|
+ Closes #8213
|
|
|
|
|
|
-- url.c: fix the SIGPIPE comment for Curl_close
|
|
|
+- runtests: allow client/file to specify multiple directories
|
|
|
|
|
|
- Closes #7984
|
|
|
+ ... and make sure to mkdir them all
|
|
|
|
|
|
-Version 7.80.0 (10 Nov 2021)
|
|
|
+- scripts/copyright.pl: support many provided file names on the cmdline
|
|
|
|
|
|
-Daniel Stenberg (10 Nov 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
- for curl 7.80.0
|
|
|
+- [Fabian Keil brought this change]
|
|
|
|
|
|
-- THANKS: add contributors from the 7.80.0 cycle
|
|
|
+ tests/FILEFORMAT.md: fix typo
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [Fabian Keil brought this change]
|
|
|
|
|
|
- ngtcp2: advertise h3 as well as h3-29
|
|
|
-
|
|
|
- Advertise h3 as well as h3-29 since some servers out there require h3
|
|
|
- for QUIC v1.
|
|
|
-
|
|
|
- Closes #7979
|
|
|
+ Add test373: multiple chunks with binary zeros
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [Fabian Keil brought this change]
|
|
|
|
|
|
- ngtcp2: use QUIC v1 consistently
|
|
|
-
|
|
|
- Since we switched to v1 quic_transport_parameters codepoint in #7960
|
|
|
- with quictls, lets use QUIC v1 consistently.
|
|
|
-
|
|
|
- Closes #7979
|
|
|
+ Add test372: binary zero in data element
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [Fabian Keil brought this change]
|
|
|
|
|
|
- ngtcp2: compile with the latest nghttp3
|
|
|
-
|
|
|
- Closes #7978
|
|
|
+ tests/server/getpart.c: properly deal with binary data containing NUL bytes
|
|
|
|
|
|
-Marc Hoersken (9 Nov 2021)
|
|
|
-- tests: add Schannel-specific tests and disable unsupported ones
|
|
|
-
|
|
|
- Adds Schannel variants of SSLpinning tests that include the option
|
|
|
- --ssl-revoke-best-effort to ignore certificate revocation check
|
|
|
- failures which is required due to our custom test CA certificate.
|
|
|
-
|
|
|
- Disable the original variants if the Schannel backend is enabled.
|
|
|
-
|
|
|
- Also skip all IDN tests which are broken while using an msys shell.
|
|
|
-
|
|
|
- This is a step to simplify test exclusions for Windows and MinGW.
|
|
|
-
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7968
|
|
|
+- [Fabian Keil brought this change]
|
|
|
|
|
|
-Daniel Stenberg (8 Nov 2021)
|
|
|
-- docs: NAME fixes in easy option man pages
|
|
|
-
|
|
|
- Closes #7975
|
|
|
+ runtests.pl: properly print the test if it contains binary zeros
|
|
|
|
|
|
-- [Roger Young brought this change]
|
|
|
+- mailmap: Xiaoke Wang
|
|
|
|
|
|
- ftp: make the MKD retry to retry once per directory
|
|
|
+- openssl: copyright year update
|
|
|
|
|
|
- Reported-by: Roger Young
|
|
|
- Fixes #7967
|
|
|
- Closes #7976
|
|
|
+ Follow-up to 30aea2b1ede
|
|
|
|
|
|
-- tool_operate: reorder code to avoid compiler warning
|
|
|
-
|
|
|
- tool_operate.c(889) : warning C4701: potentially uninitialized local
|
|
|
- variable 'per' use
|
|
|
-
|
|
|
- Follow-up to cc71d352651a0d95
|
|
|
- Reported-by: Marc Hörsken
|
|
|
- Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
|
|
|
- Closes #7971
|
|
|
+- scripts/copyright.pl: hush unless -v (for verbose) is used
|
|
|
|
|
|
-- curl_easy_perform.3: add a para about recv and send data
|
|
|
-
|
|
|
- Reported-by: Godwin Stewart
|
|
|
- Fixes #7973
|
|
|
- Closes #7974
|
|
|
+- [Xiaoke Wang brought this change]
|
|
|
|
|
|
-- tool_operate: fclose stream only if fopened
|
|
|
+ openssl: check the return value of BIO_new_mem_buf()
|
|
|
|
|
|
- Fixes torture test failures
|
|
|
- Follow-up to cc71d352651
|
|
|
+ Closes #8233
|
|
|
+
|
|
|
+- examples/multi-app.c: call curl_multi_remove_handle as well
|
|
|
|
|
|
- Closes #7972
|
|
|
+ Fixes #8234
|
|
|
+ Reported-by: Melroy van den Berg
|
|
|
+ Closes #8236
|
|
|
|
|
|
-- libcurl-easy.3: language polish
|
|
|
+- COPYING: bump copyright year range
|
|
|
|
|
|
-- limit-rate.d: this is average over several seconds
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Closes #7970
|
|
|
+ and bump curlver after release
|
|
|
|
|
|
-- docs: reduce/avoid English contractions
|
|
|
-
|
|
|
- You're => You are
|
|
|
- Hasn't => Has not
|
|
|
- Doesn't => Does not
|
|
|
- Don't => Do not
|
|
|
- You'll => You will
|
|
|
- etc
|
|
|
+- docs: fix mandoc -T lint formatting complaints
|
|
|
|
|
|
- Closes #7930
|
|
|
+ Closes #8228
|
|
|
|
|
|
-- tool_operate: fix torture leaks with etags
|
|
|
+- next.d. remove .fi/.nf as they are handled by gen.pl
|
|
|
|
|
|
- Spotted by torture testing 343 344 345 347.
|
|
|
+ Closes #8228
|
|
|
+
|
|
|
+- gen.pl: terminate "example" sections better
|
|
|
|
|
|
- Follow-up from cc71d352651a0
|
|
|
- Pointed-out-by: Dan Fandrich
|
|
|
+ If the example (section that is prefixed with spaces) ends the
|
|
|
+ description gen.pl would previously miss to output the terminating .fi
|
|
|
|
|
|
- Closes #7969
|
|
|
+ Closes #8228
|
|
|
|
|
|
-- [Amaury Denoyelle brought this change]
|
|
|
+- [Satadru Pramanik brought this change]
|
|
|
|
|
|
- ngtcp2: support latest QUIC TLS RFC9001
|
|
|
-
|
|
|
- QUIC Transport Parameters Extension has been changed between draft-29
|
|
|
- and latest RFC9001. Most notably, its identifier has been updated from
|
|
|
- 0xffa5 to 0x0039. The version is selected through the QUIC TLS library
|
|
|
- via the legacy codepoint.
|
|
|
+ curl-functions.m4: fix LIBRARY_PATH adjustment to avoid eval
|
|
|
|
|
|
- Disable the usage of legacy codepoint in curl to switch to latest
|
|
|
- RFC9001. This is required to be able to keep up with latest QUIC
|
|
|
- implementations.
|
|
|
+ $$ usage in a m4 file introduces the PID in linux.
|
|
|
+ Instead, just duplicate previous working code with a case switch.
|
|
|
|
|
|
- Acked-by: Tatsuhiro Tsujikawa
|
|
|
- Closes #7960
|
|
|
+ Fixes #8229
|
|
|
+ Closes #8230
|
|
|
|
|
|
-- test1173: make manpage-syntax.pl spot \n errors in examples
|
|
|
+Version 7.81.0 (5 Jan 2022)
|
|
|
|
|
|
-- man pages: fix backslash-n in examples
|
|
|
-
|
|
|
- ... to be proper backslash-backslash-n sequences to render nicely in man
|
|
|
- and on website.
|
|
|
-
|
|
|
- Follow-up to 24155569d8a
|
|
|
- Reported-by: Sergey Markelov
|
|
|
+Daniel Stenberg (5 Jan 2022)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Fixes https://github.com/curl/curl-www/issues/163
|
|
|
- Closes #7962
|
|
|
+ curl 7.81.0 release
|
|
|
|
|
|
-- scripts/release-notes.pl: use out of repo links verbatim in refs
|
|
|
+- THANKS: add names from 7.81.0 release
|
|
|
|
|
|
-- tool_operate: a failed etag save now only fails that transfer
|
|
|
+- curl_multi_init.3: fix the copyright year range
|
|
|
+
|
|
|
+- test719-721: require "proxy" feature present to run
|
|
|
|
|
|
- When failing to create the output file for saving an etag, only fail
|
|
|
- that particular single transfer and allow others to follow.
|
|
|
+ Bug: https://github.com/curl/curl/pull/8223#issuecomment-1005188696
|
|
|
+ Reported-by: Marc Hörsken
|
|
|
|
|
|
- In a serial transfer setup, if no transfer at all is done due to them
|
|
|
- all being skipped because of this error, curl will output an error
|
|
|
- message and return exit code 26.
|
|
|
+ Closes #8226
|
|
|
+
|
|
|
+- test719: require ipv6 support to run
|
|
|
|
|
|
- Added test 369 and 370 to verify.
|
|
|
+ Follow-up to effd2bd7ba2a5fd244
|
|
|
+ Reported-by: Marc Hörsken
|
|
|
+ Bug: https://github.com/curl/curl/pull/8217#issuecomment-1004681145
|
|
|
|
|
|
- Reported-by: Earnestly on github
|
|
|
- Ref: #7942
|
|
|
- Closes #7945
|
|
|
+ Closes #8223
|
|
|
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+- test719-721: verify SOCKS details
|
|
|
+
|
|
|
+ Using the new verify/socks details
|
|
|
|
|
|
- .github: retry macos "brew install" command on failure
|
|
|
+- runtests: add verify/socks check
|
|
|
|
|
|
- Previously we saw errors attempting to run "brew install", see
|
|
|
- https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for
|
|
|
- an example, since this command is idempotent, it is safe to run again.
|
|
|
+ If used, this data is compared with the data in log/socksd-request.log
|
|
|
+ which the socksd server logs.
|
|
|
|
|
|
- Closes #7955
|
|
|
+ Added to FILEFORMAT.md
|
|
|
|
|
|
-- CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred
|
|
|
+- server/socksd: log atyp + address in a separate log
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/discussions/7954
|
|
|
+ To allow the test suite to verify that the right data arrived
|
|
|
+
|
|
|
+- socks5: use appropriate ATYP for numerical IP address host names
|
|
|
|
|
|
- Closes #7957
|
|
|
+ When not resolving the address locallly (known as socks5h).
|
|
|
+
|
|
|
+ Add test 719 and 720 to verify.
|
|
|
+
|
|
|
+ Reported-by: Peter Piekarski
|
|
|
+ Fixes #8216
|
|
|
+ Closes #8217
|
|
|
+
|
|
|
+Jay Satiro (3 Jan 2022)
|
|
|
+- curl_multi_init.3: fix EXAMPLE formatting
|
|
|
|
|
|
+Daniel Stenberg (3 Jan 2022)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- zuul: pin the quiche build to use an older cmake-rs
|
|
|
+- libtest: avoid "assignment within conditional expression"
|
|
|
|
|
|
- The latest cmake-rs assumes cmake's --parallel works. That was added in
|
|
|
- cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
|
|
|
- has cmake 3.10.
|
|
|
+ In lib530, lib540 and lib582
|
|
|
|
|
|
- Fixes #7927
|
|
|
- Closes #7952
|
|
|
-
|
|
|
-- [Marc Hoersken brought this change]
|
|
|
+ Closes #8218
|
|
|
|
|
|
- Revert "src/tool_filetime: disable -Wformat on mingw for this file"
|
|
|
+- ftp: disable warning 4706 in MSVC
|
|
|
|
|
|
- This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f.
|
|
|
+ Follow-up to 21248e052d
|
|
|
|
|
|
- Follow up to #6535 as the pragma is obsolete with warnf
|
|
|
+ Disabling "assignment within conditional expression" for MSVC needs to
|
|
|
+ be done before the function starts, for it to take effect.
|
|
|
|
|
|
- Closes #7941
|
|
|
+ Closes #8218
|
|
|
|
|
|
-Jay Satiro (2 Nov 2021)
|
|
|
-- schannel: fix memory leak due to failed SSL connection
|
|
|
+- tool_operate: warn if too many output arguments were found
|
|
|
|
|
|
- - Call schannel_shutdown if the SSL connection fails.
|
|
|
+ More output instructions than URLs is likely a user error.
|
|
|
|
|
|
- Prior to this change schannel_shutdown (which shuts down the SSL
|
|
|
- connection as well as memory cleanup) was not called when the SSL
|
|
|
- connection failed (eg due to failed handshake).
|
|
|
+ Add test case 371 to verify
|
|
|
|
|
|
- Co-authored-by: Gisle Vanem
|
|
|
+ Closes #8210
|
|
|
+
|
|
|
+- .github/workflows/mbedtls.yml: bump to mbedtls 3.1.0
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7877
|
|
|
- Closes https://github.com/curl/curl/pull/7878
|
|
|
+ Closes #8215
|
|
|
|
|
|
-Daniel Stenberg (2 Nov 2021)
|
|
|
-- Curl_updateconninfo: store addresses for QUIC connections too
|
|
|
+- zuul: remove the mbedtls jobs
|
|
|
|
|
|
- So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP
|
|
|
- versions.
|
|
|
+ Now running as github workflows
|
|
|
|
|
|
- Reported-by: Jerome Mao
|
|
|
- Fixes #7939
|
|
|
- Closes #7944
|
|
|
+ Closes #8215
|
|
|
|
|
|
-- [Sergio Durigan Junior brought this change]
|
|
|
+- github/workflows: add mbedtls and mbedtls-clang
|
|
|
+
|
|
|
+ Closes #8215
|
|
|
|
|
|
- curl.1: fix typos in the manpage
|
|
|
+- [Valentin Richter brought this change]
|
|
|
+
|
|
|
+ mbedtls: fix private member designations for v3.1.0
|
|
|
|
|
|
- s/transfering/transferring/
|
|
|
- s/transfered/transferred/
|
|
|
+ "As a last resort, you can access the field foo of a structure bar by
|
|
|
+ writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk,
|
|
|
+ since such code is likely to break in a future minor version of Mbed
|
|
|
+ TLS." -
|
|
|
+ https://github.com/ARMmbed/mbedtls/blob/f2d1199edc5834df4297f247f213e614f7782d1d/docs/3.0-migration-guide.md
|
|
|
|
|
|
- Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
|
|
|
- Closes #7937
|
|
|
-
|
|
|
-Marc Hoersken (1 Nov 2021)
|
|
|
-- tests/smbserver.py: fix compatibility with impacket 0.9.23+
|
|
|
+ That future minor version is v3.1.0. I set the >= to == for the version
|
|
|
+ checks because v3.1.0 is a release, and I am not sure when the private
|
|
|
+ designation was reverted after v3.0.0.
|
|
|
|
|
|
- impacket now performs sanity checks if the requested and to
|
|
|
- be served file path actually is inside the real share path.
|
|
|
+ Closes #8214
|
|
|
+
|
|
|
+- [Valentin Richter brought this change]
|
|
|
+
|
|
|
+ cmake: prevent dev warning due to mismatched arg
|
|
|
|
|
|
- Ref: https://github.com/SecureAuthCorp/impacket/pull/1066
|
|
|
+ -- curl version=[7.81.0-DEV]
|
|
|
+ CMake Warning (dev) at /usr/share/cmake-3.22.1/Modules/FindPackageHandleStandardArgs.cmake:438 (message):
|
|
|
+ The package name passed to `find_package_handle_standard_args` (MBEDTLS)
|
|
|
+ does not match the name of the calling package (MbedTLS). This can lead to
|
|
|
+ problems in calling code that expects `find_package` result variables
|
|
|
+ (e.g., `_FOUND`) to follow a certain pattern.
|
|
|
+ Call Stack (most recent call first):
|
|
|
+ deps/curl/CMake/FindMbedTLS.cmake:31 (find_package_handle_standard_args)
|
|
|
+ deps/curl/CMakeLists.txt:473 (find_package)
|
|
|
+ This warning is for project developers. Use -Wno-dev to suppress it.
|
|
|
|
|
|
- Fixes #7924
|
|
|
- Closes #7935
|
|
|
+ Closes #8207
|
|
|
|
|
|
-Daniel Stenberg (1 Nov 2021)
|
|
|
-- docs: reduce use of "very"
|
|
|
+- urlapi: if possible, shorten given numerical IPv6 addresses
|
|
|
|
|
|
- "Very" should be avoided in most texts. If intensifiers are needed, try
|
|
|
- find better words instead.
|
|
|
+ Extended test 1560 to verify
|
|
|
|
|
|
- Closes #7936
|
|
|
+ Closes #8206
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- ngtcp2: specify the missing required callback functions
|
|
|
+ url: reduce ssl backend count for CURL_DISABLE_PROXY builds
|
|
|
|
|
|
- Closes #7929
|
|
|
+ Closes #8212
|
|
|
|
|
|
-- CURLOPT_[PROXY]_SSL_CIPHER_LIST.3: bold instead of quote
|
|
|
+- KNOWN_BUGS: "Trying local ports fails on Windows"
|
|
|
|
|
|
- Bold the example ciphers instead of using single quotes, which then also
|
|
|
- avoids the problem of how to use single quotes when first in a line.
|
|
|
+ Reported-by: gclinch on github
|
|
|
+ Closes #8112
|
|
|
+
|
|
|
+- misc: update copyright year range
|
|
|
+
|
|
|
+- zuul: remove the wolfssl even more
|
|
|
|
|
|
- Also rephrased the pages a little.
|
|
|
+ Follow-up to 1914465cf180d32b3d
|
|
|
+
|
|
|
+- examples/multi-single.c: remove WAITMS()
|
|
|
|
|
|
- Reported-by: Sergio Durigan Junior
|
|
|
- Ref: #7928
|
|
|
- Closes #7934
|
|
|
+ As it isn't used.
|
|
|
+
|
|
|
+ Reported-by: Melroy van den Berg
|
|
|
+ Fixes #8200
|
|
|
+ Closes #8201
|
|
|
|
|
|
-- gen.pl: replace leading single quotes with \(aq
|
|
|
+- gtls: add gnutls include for the session type
|
|
|
|
|
|
- ... and allow single quotes to be used "normally" in the .d files.
|
|
|
+ Follow-up to 8fbd6feddfa5 to make it build more universally
|
|
|
+
|
|
|
+- m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
|
|
|
|
|
|
- Makes the output curl.1 use better nroff.
|
|
|
+ To hush compiler warnings we don't care for: error: address of function
|
|
|
+ 'X' will always evaluate to 'true'
|
|
|
|
|
|
- Reported-by: Sergio Durigan Junior
|
|
|
- Ref: #7928
|
|
|
- Closes #7933
|
|
|
+ Fixes #8197
|
|
|
+ Closes #8198
|
|
|
|
|
|
-Marc Hoersken (1 Nov 2021)
|
|
|
-- tests: kill some test servers afterwards to avoid locked logfiles
|
|
|
+- http_proxy: don't close the socket (too early)
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7925
|
|
|
+ ... and double-check in the OpenSSL shutdown that the socket is actually
|
|
|
+ still there before it is used.
|
|
|
+
|
|
|
+ Fixes #8193
|
|
|
+ Closes #8195
|
|
|
+
|
|
|
+ Reported-by: Leszek Kubik
|
|
|
|
|
|
-Daniel Stenberg (1 Nov 2021)
|
|
|
-- smooth-gtk-thread.c: enhance the mutex lock use
|
|
|
+- ngtcp2: verify the server certificate for the gnutls case
|
|
|
|
|
|
- Reported-by: ryancaicse on github
|
|
|
- Fixes #7926
|
|
|
- Closes #7931
|
|
|
+ Closes #8178
|
|
|
|
|
|
-Marc Hoersken (31 Oct 2021)
|
|
|
-- CI/runtests.pl: restore -u flag, but remove it from CI runs
|
|
|
+- ngtcp2: verify the server cert on connect (quictls)
|
|
|
|
|
|
- This makes it possible to use -u again for local testing,
|
|
|
- but removes the flag from CI config files and make targets.
|
|
|
+ Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and
|
|
|
+ `CURLOPT_SSL_VERIFYHOST`.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ The name check now uses a function from lib/vtls/openssl.c which will
|
|
|
+ need attention for when TLS is not done by OpenSSL or is disabled while
|
|
|
+ QUIC is enabled.
|
|
|
|
|
|
- Partially reverts #7841
|
|
|
- Closes #7921
|
|
|
+ Possibly the servercert() function in openssl.c should be adjusted to be
|
|
|
+ able to use for both regular TLS and QUIC.
|
|
|
+
|
|
|
+ Ref: #8173
|
|
|
+ Closes #8178
|
|
|
|
|
|
-Daniel Stenberg (29 Oct 2021)
|
|
|
-- [Jonathan Cardoso Machado brought this change]
|
|
|
+- zuul: remove the wolfssl build
|
|
|
|
|
|
- CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required
|
|
|
+- github workflow: add wolfssl
|
|
|
|
|
|
- Closes #7923
|
|
|
+ Closes #8196
|
|
|
|
|
|
-- [Axel Morawietz brought this change]
|
|
|
+- [Nicolas Sterchele brought this change]
|
|
|
|
|
|
- imap: display quota information
|
|
|
+ zuul: fix quiche build pointing to wrong Cargo
|
|
|
|
|
|
- Show response to "GETQUOTAROOT INBOX" command.
|
|
|
+ Fixes #8184
|
|
|
+ Closes #8189
|
|
|
+
|
|
|
+- checksrc: detect more kinds of NULL comparisons we avoid
|
|
|
|
|
|
- Closes #6973
|
|
|
+ Co-authored-by: Jay Satiro
|
|
|
+ Closes #8180
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Boris Rasin brought this change]
|
|
|
-
|
|
|
- cmake: fix error getting LOCATION property on non-imported target
|
|
|
+- mesalink: remove the BACKEND define kludge
|
|
|
|
|
|
- Closes #7885
|
|
|
+ Closes #8183
|
|
|
|
|
|
-- [x2018 brought this change]
|
|
|
+- schannel: remove the BACKEND define kludge
|
|
|
+
|
|
|
+ Closes #8182
|
|
|
|
|
|
- url: check the return value of curl_url()
|
|
|
+- gtls: check return code for gnutls_alpn_set_protocols
|
|
|
|
|
|
- Closes #7917
|
|
|
+ Closes #8181
|
|
|
|
|
|
-- [Roy Li brought this change]
|
|
|
+- [Stefan Huber brought this change]
|
|
|
|
|
|
- configure.ac: replace krb5-config with pkg-config
|
|
|
+ README: label the link to the support document
|
|
|
|
|
|
- The rationale is that custom *-config tools don't work well when
|
|
|
- cross-compiling or using sysroots (such as when using Yocto project) and
|
|
|
- require custom fixing for each of them; pkg-config on the other hand
|
|
|
- works similarly everywhere.
|
|
|
+ Closes #8185
|
|
|
+
|
|
|
+- docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
|
|
|
|
|
|
- Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
|
|
- Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
|
|
+ Assisted-by: Matt Holt
|
|
|
|
|
|
- Closes #7916
|
|
|
+ Closes #8177
|
|
|
|
|
|
-- test1160: edited to work with hyper
|
|
|
+- libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
|
|
|
|
|
|
- Closes #7912
|
|
|
+ Since 4a4b63daaa0
|
|
|
|
|
|
-- data/DISABLED: enable tests that now work with hyper
|
|
|
-
|
|
|
- Closes #7911
|
|
|
+- [Vladimir Panteleev brought this change]
|
|
|
|
|
|
-- test559: add 'HTTP' in keywords
|
|
|
-
|
|
|
- Makes it run fine with hyper
|
|
|
-
|
|
|
- Closes #7911
|
|
|
+ tests: Add test for CURLOPT_HTTP200ALIASES
|
|
|
|
|
|
-- test552: updated to work with hyper
|
|
|
-
|
|
|
- Closes #7911
|
|
|
+- [Vladimir Panteleev brought this change]
|
|
|
|
|
|
-Marc Hoersken (27 Oct 2021)
|
|
|
-- github: fix incomplete permission to label PRs for Hacktoberfest
|
|
|
+ http: Fix CURLOPT_HTTP200ALIASES
|
|
|
|
|
|
- Unfortunately the GitHub API requires a token with write permission
|
|
|
- for both issues and pull-requests to edit labels on even just PRs.
|
|
|
+ The httpcode < 100 check was also triggered when none of the fields were
|
|
|
+ parsed, thus making the if(!nc) block unreachable.
|
|
|
|
|
|
- Follow up to #7897
|
|
|
+ Closes #8171
|
|
|
|
|
|
-Daniel Stenberg (27 Oct 2021)
|
|
|
-- opt-manpages: use 'Added in' instead of 'Since'
|
|
|
-
|
|
|
- Closes #7913
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-Marc Hoersken (27 Oct 2021)
|
|
|
-- github: fix missing permission to label PRs for Hacktoberfest
|
|
|
-
|
|
|
- Follow up to #7897
|
|
|
+- language: "email"
|
|
|
|
|
|
- Test references to see if permissions are now sufficient:
|
|
|
+ Missed three occurrences.
|
|
|
|
|
|
- Closes #7832
|
|
|
- Closes #7897
|
|
|
+ Follow-up to 7a92f86
|
|
|
|
|
|
-- CI: more use of test-ci make target and verbose output
|
|
|
+- nss:set_cipher don't clobber the cipher list
|
|
|
|
|
|
- Replace test-nonflaky with test-ci and enable verbose output
|
|
|
- in all remaining CIs except Zuul which is customized a lot.
|
|
|
+ The string is set by the user and needs to remain intact for proper
|
|
|
+ connection reuse etc.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
-
|
|
|
- Follow up to #7785
|
|
|
- Closes #7832
|
|
|
+ Reported-by: Eric Musser
|
|
|
+ Fixes #8160
|
|
|
+ Closes #8161
|
|
|
|
|
|
-- github: add support for Hacktoberfest using labels
|
|
|
+- misc: s/e-mail/email
|
|
|
|
|
|
- Automatically add hacktoberfest-accepted label to PRs opened between
|
|
|
- September 30th and November 1st once a commit with a close reference
|
|
|
- to it is pushed onto the master branch.
|
|
|
+ Consistency is king. Following the lead in everything curl.
|
|
|
|
|
|
- With this workflow we can participate in Hacktoberfest while not
|
|
|
- relying on GitHub to identify PRs as merged due to our rebasing.
|
|
|
+ Closes #8159
|
|
|
+
|
|
|
+- [Tobias Nießen brought this change]
|
|
|
+
|
|
|
+ docs: fix typo in OpenSSL 3 build instructions
|
|
|
|
|
|
- Requires hacktoberfest-accepted labels to exist for PRs on the
|
|
|
- participating repository. Also requires hacktoberfest topic on
|
|
|
- the participating repository to avoid applying to forked repos.
|
|
|
+ Closes #8162
|
|
|
+
|
|
|
+- linkcheck.yml: add CI job that checks markdown links
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #8158
|
|
|
+
|
|
|
+- RELEASE-PROCEDURE.md: remove ICAL link and old release dates
|
|
|
+
|
|
|
+- BINDINGS.md: "markdown-link-check-disable"
|
|
|
|
|
|
- Fixes #7865
|
|
|
- Closes #7897
|
|
|
+ It feels a bit unfortunate to litter an ugly tag for this functionality,
|
|
|
+ but if we get link scans of all markdown files, this might be worth the
|
|
|
+ price.
|
|
|
|
|
|
-Daniel Stenberg (27 Oct 2021)
|
|
|
-- http: reject HTTP response codes < 100
|
|
|
+- docs: fix dead links, remove ECH.md
|
|
|
+
|
|
|
+Jay Satiro (16 Dec 2021)
|
|
|
+- openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
|
|
|
|
|
|
- ... which then also includes negative ones as test 1430 uses.
|
|
|
+ Prior to this change OpenSSL_version was only detected in configure
|
|
|
+ builds. For other builds the old version parsing code was used which
|
|
|
+ would result in incorrect versioning for OpenSSL 3:
|
|
|
|
|
|
- This makes native + hyper backend act identically on this and therefore
|
|
|
- test 1430 can now be enabled when building with hyper. Adjust test 1431
|
|
|
- as well.
|
|
|
+ Before:
|
|
|
|
|
|
- Closes #7909
|
|
|
+ curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
|
|
|
+ WinIDN libssh2/1.9.0
|
|
|
+
|
|
|
+ After:
|
|
|
+
|
|
|
+ curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
|
|
|
+ WinIDN libssh2/1.9.0
|
|
|
+
|
|
|
+ Reported-by: lllaffer@users.noreply.github.com
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/8154
|
|
|
+ Closes https://github.com/curl/curl/pull/8155
|
|
|
|
|
|
-- [Kerem Kat brought this change]
|
|
|
+Daniel Stenberg (16 Dec 2021)
|
|
|
+- [James Fuller brought this change]
|
|
|
|
|
|
- docs: fix typo in CURLOPT_TRAILERFUNCTION example
|
|
|
+ docs: add known bugs list to HTTP3.md
|
|
|
|
|
|
- Closes #7910
|
|
|
+ Closes #8156
|
|
|
|
|
|
-- docs/HYPER: remove some remaining issues, add HTTP/0.9 limitation
|
|
|
+Dan Fandrich (15 Dec 2021)
|
|
|
+- BINDINGS: add one from Everything curl and update a link
|
|
|
|
|
|
-- configure: when hyper is selected, deselect nghttp2
|
|
|
+- libcurl-security.3: mention address and URL mitigations
|
|
|
|
|
|
- Closes #7908
|
|
|
+ The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
|
|
|
+ addresses.
|
|
|
+ Using the curl_url API is a way to mitigate against attacks relying on
|
|
|
+ URL parsing differences.
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+Daniel Stenberg (15 Dec 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- sendf: accept zero-length data in Curl_client_write()
|
|
|
-
|
|
|
- Historically, Curl_client_write() used a length value of 0 as a marker
|
|
|
- for a null-terminated data string. This feature has been removed in
|
|
|
- commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT
|
|
|
- statement rejecting a length with value 0 was introduced, effectively
|
|
|
- precluding use of this function with zero-length data.
|
|
|
+- x509asn1: return early on errors
|
|
|
|
|
|
- The current commit removes the DEBUGASSERT and makes the function to
|
|
|
- return immediately if length is 0.
|
|
|
+ Overhaul to make sure functions that detect errors bail out early with
|
|
|
+ error rather than trying to continue and risk hiding the problem.
|
|
|
|
|
|
- A direct effect is to fix trying to output a zero-length distinguished
|
|
|
- name in openldap.
|
|
|
+ Closes #8147
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ openldap: several minor improvements
|
|
|
|
|
|
- Another DEBUGASSERT statement is also rephrased for better readability.
|
|
|
+ - Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
|
|
|
+ - Use dynamic memory for ldap_init_fd() URL rather than a
|
|
|
+ stack-allocated buffer.
|
|
|
+ - Never chase referrals: supporting it would require additional parallel
|
|
|
+ connections and alternate authentication credentials.
|
|
|
+ - Do not wait 1 microsecond while polling/reading query response data.
|
|
|
+ - Store last received server code for retrieval with CURLINFO_RESPONSE_CODE.
|
|
|
|
|
|
- Closes #7898
|
|
|
+ Closes #8140
|
|
|
|
|
|
-- hyper: disable test 1294 since hyper doesn't allow such crazy headers
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ misc: remove unused doh flags when CURL_DISABLE_DOH is defined
|
|
|
|
|
|
- Closes #7905
|
|
|
+ Closes #8148
|
|
|
|
|
|
-- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
|
|
|
+- mbedtls: fix CURLOPT_SSLCERT_BLOB
|
|
|
|
|
|
- Verified by the enabled test 1288
|
|
|
+ The memory passed to mbedTLS for this needs to be null terminated.
|
|
|
|
|
|
- Closes #7905
|
|
|
+ Reported-by: Florian Van Heghe
|
|
|
+ Closes #8146
|
|
|
|
|
|
-- test1287: make work on hyper
|
|
|
+- asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
|
|
|
|
|
|
- Closes #7905
|
|
|
+ Closes #8142
|
|
|
|
|
|
-- test1266/1267: disabled on hyper: no HTTP/0.9 support
|
|
|
+- mailmap: add Yongkang Huang
|
|
|
|
|
|
- Closes #7905
|
|
|
+ From #8141
|
|
|
|
|
|
-Viktor Szakats (25 Oct 2021)
|
|
|
-- Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options
|
|
|
-
|
|
|
- Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled
|
|
|
- (and then failed with an error when not finding expected OpenSSL headers),
|
|
|
- but this isn't necessarly true, e.g. when building both libssh2 and curl
|
|
|
- against Schannel. This patch makes sure to only enable the OpenSSL backend
|
|
|
- with -libssh2/-rtmp, when there was no SSL option explicitly selected.
|
|
|
-
|
|
|
- - Re-implement the logic as a single block of script.
|
|
|
- - Also fix an indentation while there.
|
|
|
+- [Yongkang Huang brought this change]
|
|
|
+
|
|
|
+ check ssl_config when re-use proxy connection
|
|
|
+
|
|
|
+- mbedtls: do a separate malloc for ca_info_blob
|
|
|
|
|
|
- Assisted-by: Jay Satiro
|
|
|
+ Since the mbedTLS API requires the data to the null terminated.
|
|
|
|
|
|
- Closes #7895
|
|
|
-
|
|
|
-Daniel Stenberg (25 Oct 2021)
|
|
|
-- docs: consistent use of "Added in"
|
|
|
+ Follow-up to 456c53730d21b1fad0c7f72c1817
|
|
|
|
|
|
- Make them all say "Added in [version]" without using 'curl' or 'libcurl'
|
|
|
- in that phrase.
|
|
|
+ Fixes #8139
|
|
|
+ Closes #8145
|
|
|
|
|
|
-- man pages: require all to use the same section header order
|
|
|
+Marc Hoersken (14 Dec 2021)
|
|
|
+- CI: build examples for additional code verification
|
|
|
|
|
|
- This is the same order we already enforce among the options' man pages:
|
|
|
- consistency is good. Add lots of previously missing examples.
|
|
|
+ Some CIs already build them, let's do it on more of them.
|
|
|
|
|
|
- Adjust the manpage-syntax script for this purpose, used in test 1173.
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7904
|
|
|
-
|
|
|
-- [David Hu brought this change]
|
|
|
+ Follow up to #7690 and 77311f420a541a0de5b3014e0e40ff8b4205d4af
|
|
|
+ Replaces #7591
|
|
|
+ Closes #7922
|
|
|
|
|
|
- docs/HTTP3: improve build instructions
|
|
|
+- docs/examples: workaround broken -Wno-pedantic-ms-format
|
|
|
|
|
|
- 1. If writing to a system path if the command is not prefixed with
|
|
|
- `sudo` it will cause a permission denied error
|
|
|
+ Avoid CURL_FORMAT_CURL_OFF_T by using unsigned long instead.
|
|
|
+ Improve size_t to long conversion in imap-append.c example.
|
|
|
|
|
|
- 2. The patched OpenSSL branch has been updated to `openssl-3.0.0+quic`
|
|
|
- to match upstream OpenSSL version.
|
|
|
+ Ref: https://github.com/curl/curl/issues/6079
|
|
|
+ Ref: https://github.com/curl/curl/pull/6082
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- 3. We should not disable GnuTLS docs.
|
|
|
+ Preparation of #7922
|
|
|
+
|
|
|
+- tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
|
|
|
|
|
|
- Updated some commands about `make install`
|
|
|
+ Ref: https://www.msys2.org/wiki/Porting/#filesystem-namespaces
|
|
|
|
|
|
- Closes #7842
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+
|
|
|
+ Fixes #8084
|
|
|
+ Closes #8138
|
|
|
|
|
|
-- [Ricardo Martins brought this change]
|
|
|
+Daniel Stenberg (13 Dec 2021)
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- CMake: restore support for SecureTransport on iOS
|
|
|
+ openldap: simplify ldif generation code
|
|
|
|
|
|
- Restore support for building curl for iOS with SecureTransport enabled.
|
|
|
+ and take care of zero-length values, avoiding conversion to base64
|
|
|
+ and/or trailing spaces.
|
|
|
|
|
|
- Closes #7501
|
|
|
+ Closes #8136
|
|
|
|
|
|
-- tests: enable more tests with hyper
|
|
|
+- example/progressfunc: remove code for old libcurls
|
|
|
|
|
|
- Adjusted 1144, 1164 and 1176.
|
|
|
+ 7.61.0 is over three years old now, remove all #ifdefs for handling
|
|
|
+ ancient libcurl versions so that the example gets easier to read and
|
|
|
+ understand
|
|
|
|
|
|
- Closes #7900
|
|
|
+ Closes #8137
|
|
|
|
|
|
-- docs: provide "RETURN VALUE" section for more func manpages
|
|
|
-
|
|
|
- Three were missing, one used a non-standard name for the header.
|
|
|
-
|
|
|
- Closes #7902
|
|
|
+- [Xiaoke Wang brought this change]
|
|
|
|
|
|
-Jay Satiro (25 Oct 2021)
|
|
|
-- curl_multi_socket_action.3: add a "RETURN VALUE" section
|
|
|
-
|
|
|
- .. because it may not be immediately clear to the user what
|
|
|
- curl_multi_socket_action returns.
|
|
|
+ sha256/md5: return errors when init fails
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-10/0035.html
|
|
|
+ Closes #8133
|
|
|
+
|
|
|
+- TODO: 13.3 Defeat TLS fingerprinting
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7901
|
|
|
+ Closes #8119
|
|
|
|
|
|
-Daniel Stenberg (24 Oct 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Samuel Henrique brought this change]
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- tests: use python3 in test 1451
|
|
|
-
|
|
|
- This is a continuation of commit ec91b5a69000bea0794bbb3 in which
|
|
|
- changing this test was missed. There are no other python2 leftovers
|
|
|
- now.
|
|
|
+ openldap: process search query response messages one by one
|
|
|
|
|
|
- Based on a Debian patch originally written by Alessandro Ghedini
|
|
|
- <ghedo@debian.org>
|
|
|
+ Upon receiving large result sets, this reduces memory consumption and
|
|
|
+ allows starting to output results while the transfer is still in
|
|
|
+ progress.
|
|
|
|
|
|
- Closes #7899
|
|
|
-
|
|
|
-- [Eddie Lumpkin brought this change]
|
|
|
+ Closes #8101
|
|
|
|
|
|
- lib: fixing comment spelling typos in lib files
|
|
|
+- hash: lazy-alloc the table in Curl_hash_add()
|
|
|
|
|
|
- Closes #7894
|
|
|
- Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
|
|
|
-
|
|
|
-- openssl: if verifypeer is not requested, skip the CA loading
|
|
|
-
|
|
|
- It was previously done mostly to show a match/non-match in the verbose
|
|
|
- output even when verification was not asked for. This change skips the
|
|
|
- loading of the CA certs unless verifypeer is set to save memory and CPU.
|
|
|
+ This makes Curl_hash_init() infallible which saves error paths.
|
|
|
|
|
|
- Closes #7892
|
|
|
+ Closes #8132
|
|
|
|
|
|
-- curl-confopts.m4: remove --enable/disable-hidden-symbols
|
|
|
+- multi: cleanup the socket hash when destroying it
|
|
|
|
|
|
- These configure options have been saying "deprecated" since 9e24b9c7af
|
|
|
- (April 2012). It was about time we remove them.
|
|
|
+ Since each socket hash entry may themselves have a hash table in them,
|
|
|
+ the destroying of the socket hash needs to make sure all the subhashes
|
|
|
+ are also correctly destroyed to avoid leaking memory.
|
|
|
|
|
|
- Closes #7891
|
|
|
+ Fixes #8129
|
|
|
+ Closes #8131
|
|
|
|
|
|
-- c-hyper: don't abort CONNECT responses early when auth-in-progress
|
|
|
+- test1156: fixup the stdout check for Windows
|
|
|
|
|
|
- ... and make sure to stop ignoring the body once the CONNECT is done.
|
|
|
+ It is not text mode.
|
|
|
|
|
|
- This should make test 206 work proper again and not be flaky.
|
|
|
+ Follow-up to 6f73e68d182
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8134
|
|
|
|
|
|
-- hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING
|
|
|
-
|
|
|
- Simply because hyper doesn't have this ability. Mentioned in docs now.
|
|
|
-
|
|
|
- Skip test 326 then
|
|
|
+- test1528: enable for hyper
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8128
|
|
|
|
|
|
-- test262: don't attempt with hyper
|
|
|
-
|
|
|
- This test verifies that curl works with binary zeroes in HTTP response
|
|
|
- headers and hyper refuses such. They're not kosher http.
|
|
|
+- test1527: enable for hyper
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8128
|
|
|
|
|
|
-- c-hyper: make test 217 run
|
|
|
+- test1526: enable for hyper
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8128
|
|
|
|
|
|
-- DISABLED: enable test 209+213 for hyper
|
|
|
-
|
|
|
- Follow-up to 823d3ab855c
|
|
|
+- test1525: slightly tweaked for hyper
|
|
|
|
|
|
- Closes #7889
|
|
|
+ Closes #8128
|
|
|
|
|
|
-- test207: accept a different error code for hyper
|
|
|
+- test1156: enable for hyper
|
|
|
|
|
|
- It returns HYPERE_UNEXPECTED_EOF for this case which we convert to the
|
|
|
- somewhat generic CURLE_RECV_ERROR.
|
|
|
+ Minor reorg of the lib1156 code and it works fine for hyper.
|
|
|
|
|
|
- Closes #7889
|
|
|
-
|
|
|
-- [Érico Nogueira brought this change]
|
|
|
+ Closes #8127
|
|
|
|
|
|
- INSTALL: update symbol hiding option
|
|
|
-
|
|
|
- --enable-hidden-symbols was deprecated in
|
|
|
- 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224.
|
|
|
+- test661: enable for hyper
|
|
|
|
|
|
- Closes #7890
|
|
|
+ Closes #8126
|
|
|
|
|
|
-- http_proxy: multiple CONNECT with hyper done better
|
|
|
+- docs: fix proselint nits
|
|
|
|
|
|
- Enabled test 206
|
|
|
+ - remove a lot of exclamation marks
|
|
|
+ - use consistent spaces (1, not 2)
|
|
|
+ - use better words at some places
|
|
|
|
|
|
- Closes #7888
|
|
|
+ Closes #8123
|
|
|
|
|
|
-- hyper: pass the CONNECT line to the debug callback
|
|
|
-
|
|
|
- Closes #7887
|
|
|
+- [RekGRpth brought this change]
|
|
|
|
|
|
-- mailmap: Malik Idrees Hasan Khan
|
|
|
+ BINDINGS.md: add cURL client for PostgreSQL
|
|
|
+
|
|
|
+ Closes #8125
|
|
|
|
|
|
-Jay Satiro (21 Oct 2021)
|
|
|
-- [Malik Idrees Hasan Khan brought this change]
|
|
|
+- [RekGRpth brought this change]
|
|
|
|
|
|
- build: fix typos
|
|
|
+ CURLSHOPT_USERDATA.3: fix copy-paste mistake
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7886
|
|
|
+ Closes #8124
|
|
|
|
|
|
-- URL-SYNTAX: add IMAP UID SEARCH example
|
|
|
-
|
|
|
- - Explain the difference between IMAP search via URL (which returns
|
|
|
- message sequence numbers) and IMAP search via custom request (which
|
|
|
- can return UID numbers if prefixed with UID, eg "UID SEARCH ...").
|
|
|
-
|
|
|
- Bug: https://github.com/curl/curl/issues/7626
|
|
|
- Reported-by: orycho@users.noreply.github.com
|
|
|
+- docs: fix minor nroff format nits
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/2789
|
|
|
+ Repairs test 1140
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7881
|
|
|
+ Follow-up to 436cdf82041
|
|
|
|
|
|
-Daniel Stenberg (20 Oct 2021)
|
|
|
-- manpage: adjust the asterisk in some SYNOPSIS sections
|
|
|
-
|
|
|
- Closes #7884
|
|
|
+- docs/URL-SYNTAX.md: space is not fine in a given URL
|
|
|
|
|
|
-- curl_multi_perform.3: polish wording
|
|
|
-
|
|
|
- - simplify the example by using curl_multi_poll
|
|
|
+- curl_multi_perform/socket_action.3: clarify what errors mean
|
|
|
|
|
|
- - mention curl_multi_add_handle in the text
|
|
|
+ An error returned from one of these funtions mean that ALL still ongoing
|
|
|
+ transfers are to be considered failed.
|
|
|
|
|
|
- - cut out the description of pre-7.20.0 return code behavior - that version
|
|
|
- is now more than eleven years old and is basically no longer out there
|
|
|
+ Ref: #8114
|
|
|
+ Closes #8120
|
|
|
+
|
|
|
+- libcurl-errors.3: add CURLM_ABORTED_BY_CALLBACK
|
|
|
|
|
|
- - adjust the "typical usage" to mention curl_multi_poll
|
|
|
+ Follow-up to #8089 (2b3dd01)
|
|
|
|
|
|
- Closes #7883
|
|
|
-
|
|
|
-- docs/THANKS: removed on request
|
|
|
-
|
|
|
-- FAQ: polish the explanation of libcurl
|
|
|
-
|
|
|
-- curl_easy_perform.3: minor wording tweak
|
|
|
-
|
|
|
-- [Erik Stenlund brought this change]
|
|
|
+ Closes #8116
|
|
|
|
|
|
- mime: mention CURL_DISABLE_MIME in comment
|
|
|
+- hash: add asserts to help detect bad usage
|
|
|
|
|
|
- CURL_DISABLE_MIME is not mentioned in the comment describing the if else
|
|
|
- preprocessor directive.
|
|
|
+ For example trying to add entries after the hash has been "cleaned up"
|
|
|
|
|
|
- Closes #7882
|
|
|
+ Closes #8115
|
|
|
|
|
|
-- tls: remove newline from three infof() calls
|
|
|
+- lib530: abort on curl_multi errors
|
|
|
|
|
|
- Follow-up to e7416cf
|
|
|
+ This makes torture tests run more proper.
|
|
|
|
|
|
- Reported-by: billionai on github
|
|
|
- Fixes #7879
|
|
|
- Closes #7880
|
|
|
+ Also add an assert to trap situations where it would end up with no
|
|
|
+ sockets to wait for.
|
|
|
+
|
|
|
+ Closes #8121
|
|
|
+
|
|
|
+- FAQ: we never pronounced it "see URL", we say "kurl"
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- curl_gssapi: fix build warnings by removing const
|
|
|
+- CURLOPT_RESOLVE.3: minor polish
|
|
|
|
|
|
- Follow-up to 20e980f85b0ea6
|
|
|
+ Minor rephrasing for some explanations.
|
|
|
|
|
|
- In #7875 these inits were modified but I get two warnings that these new
|
|
|
- typecasts are necessary for.
|
|
|
+ Put the format strings in stand-alone lines with .nf/.fi to be easier to spot.
|
|
|
|
|
|
- Closes #7876
|
|
|
-
|
|
|
-- [Bo Anderson brought this change]
|
|
|
-
|
|
|
- curl_gssapi: fix link error on macOS Monterey
|
|
|
+ Move "added in" to AVAILABILITY
|
|
|
|
|
|
- Fixes #7657
|
|
|
- Closes #7875
|
|
|
+ Closed #8110
|
|
|
|
|
|
-- test1185: verify checksrc
|
|
|
+- test1556: adjust for hyper
|
|
|
|
|
|
- Closes #7866
|
|
|
+ Closes #8105
|
|
|
|
|
|
-- checksrc: improve the SPACESEMICOLON error message
|
|
|
-
|
|
|
- and adjust the MULTISPACE one to use plural
|
|
|
+- test1554: adjust for hyper
|
|
|
|
|
|
- Closes #7866
|
|
|
+ Closes #8104
|
|
|
|
|
|
-- url: set "k->size" -1 at start of request
|
|
|
-
|
|
|
- The size of the transfer is unknown at that point.
|
|
|
+- retry-all-errors.d: make the example complete
|
|
|
|
|
|
- Fixes #7871
|
|
|
- Closes #7872
|
|
|
+ ... as it needs --retry too to work
|
|
|
|
|
|
-Daniel Gustafsson (18 Oct 2021)
|
|
|
-- doh: remove experimental code for DoH with GET
|
|
|
-
|
|
|
- The code for sending DoH requests with GET was never enabled in a way
|
|
|
- such that it could be used or tested. As there haven't been requests
|
|
|
- for this feature, and since it at this is effectively dead, remove it
|
|
|
- and favor reimplementing the feature in case anyone is interested.
|
|
|
+- TODO: 5.7 Require HTTP version X or higher
|
|
|
|
|
|
- Closes #7870
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Closes #7980
|
|
|
|
|
|
-Daniel Stenberg (18 Oct 2021)
|
|
|
-- cirrus: remove FreeBSD 11.4 from the matrix
|
|
|
+- CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
|
|
|
|
|
|
- It has reached End-Of-Life and causes some LDAP CI issues.
|
|
|
+ This is the exact same limitation already documented for
|
|
|
+ CURLOPT_WRITEDATA but should be clarified here. It also has a different
|
|
|
+ work-around.
|
|
|
|
|
|
- Closes #7869
|
|
|
+ Reported-by: Stephane Pellegrino
|
|
|
+ Bug: https://github.com/curl/curl/issues/8102
|
|
|
+ Closes #8103
|
|
|
|
|
|
-- cirrus: switch to openldap24-client
|
|
|
+- multi: handle errors returned from socket/timer callbacks
|
|
|
|
|
|
- ... as it seems openldap-client doesn't exist anymore.
|
|
|
+ The callbacks were partially documented to support this. Now the
|
|
|
+ behavior is documented and returning error from either of these
|
|
|
+ callbacks will effectively kill all currently ongoing transfers.
|
|
|
|
|
|
- Reported-by: Jay Satiro
|
|
|
- Fixes #7868
|
|
|
- Closes #7869
|
|
|
-
|
|
|
-- checksrc: ignore preprocessor lines
|
|
|
+ Added test 530 to verify
|
|
|
|
|
|
- In order to check the actual code better, checksrc now ignores
|
|
|
- everything that look like preprocessor instructions. It also means
|
|
|
- that code in macros are now longer checked.
|
|
|
+ Reported-by: Marcelo Juchem
|
|
|
+ Fixes #8083
|
|
|
+ Closes #8089
|
|
|
+
|
|
|
+- http2:set_transfer_url() return early on OOM
|
|
|
|
|
|
- Note that some rules then still don't need to be followed when code is
|
|
|
- exactly below a cpp instruction.
|
|
|
+ If curl_url() returns NULL this should return early to avoid mistakes -
|
|
|
+ even if right now the subsequent function invokes are all OK.
|
|
|
|
|
|
- Removes two checksrc exceptions we needed previously because of
|
|
|
- preprocessor lines being checked.
|
|
|
+ Coverity (wrongly) pointed out this as a NULL deref.
|
|
|
|
|
|
- Reported-by: Marcel Raad
|
|
|
- Fixes #7863
|
|
|
- Closes #7864
|
|
|
+ Closes #8100
|
|
|
|
|
|
-- urlapi: skip a strlen(), pass in zero
|
|
|
+- tool_parsecfg: use correct free() call to free memory
|
|
|
|
|
|
- ... to let curl_easy_escape() itself do the strlen. This avoids a (false
|
|
|
- positive) Coverity warning and it avoids us having to store the strlen()
|
|
|
- return value in an int variable.
|
|
|
+ Detected by Coverity. CID 1494642.
|
|
|
+ Follow-up from 2be1aa619bca
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7862
|
|
|
-
|
|
|
-- misc: update copyright years
|
|
|
+ Closes #8099
|
|
|
|
|
|
-- examples/htmltidy: correct wrong printf() use
|
|
|
+- tool_operate: fix potential memory-leak
|
|
|
|
|
|
- ... and update the includes to match how current htmltidy wants them
|
|
|
- used.
|
|
|
+ A 'CURLU *' would leak if url_proto() is called with no URL.
|
|
|
|
|
|
- Reported-by: Stathis Kapnidis
|
|
|
- Fixes #7860
|
|
|
- Closes #7861
|
|
|
-
|
|
|
-Jay Satiro (15 Oct 2021)
|
|
|
-- http: set content length earlier
|
|
|
-
|
|
|
- - Make content length (ie download size) accessible to the user in the
|
|
|
- header callback, but only after all headers have been processed (ie
|
|
|
- only in the final call to the header callback).
|
|
|
-
|
|
|
- Background:
|
|
|
-
|
|
|
- For a long time the content length could be retrieved in the header
|
|
|
- callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
|
|
|
- by curl.
|
|
|
-
|
|
|
- Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
|
|
|
- if any transfer encoding is used. A side effect of that was that
|
|
|
- content length was not set by libcurl until after the header callback
|
|
|
- was called the final time, because until all headers are processed it
|
|
|
- cannot be determined if content length is valid.
|
|
|
-
|
|
|
- This change keeps the same intention --all headers must be processed--
|
|
|
- but now the content length is available before the final call to the
|
|
|
- header function that indicates all headers have been processed (ie
|
|
|
- a blank header).
|
|
|
-
|
|
|
- Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
|
|
|
- Reported-by: sergio-nsk@users.noreply.github.com
|
|
|
-
|
|
|
- Co-authored-by: Daniel Stenberg
|
|
|
-
|
|
|
- Fixes https://github.com/curl/curl/issues/7804
|
|
|
- Closes https://github.com/curl/curl/pull/7803
|
|
|
+ Detected by Coverity. CID 1494643.
|
|
|
+ Follow-up to 18270893abdb19
|
|
|
+ Closes #8098
|
|
|
|
|
|
-Daniel Stenberg (15 Oct 2021)
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- aws-sigv4: make signature work when post data is binary
|
|
|
-
|
|
|
- User sets the post fields size for binary data. Hence, we should not be
|
|
|
- using strlen on it.
|
|
|
+ openldap: implement STARTTLS
|
|
|
|
|
|
- Added test 1937 and 1938 to verify.
|
|
|
+ As this introduces use of CURLOPT_USE_SSL option for LDAP, also check
|
|
|
+ this option in ldap.c as it is not supported by this backend.
|
|
|
|
|
|
- Closes #7844
|
|
|
+ Closes #8065
|
|
|
|
|
|
-- [a1346054 brought this change]
|
|
|
+- [Jun Tseng brought this change]
|
|
|
|
|
|
- MacOSX-Framework: remove redundant ';'
|
|
|
+ curl_easy_unescape.3: call curl_easy_cleanup in example
|
|
|
|
|
|
- Closes #7859
|
|
|
+ Closes #8097
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Jun Tseng brought this change]
|
|
|
|
|
|
-- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
|
|
|
+ curl_easy_escape.3: call curl_easy_cleanup in example
|
|
|
|
|
|
- One reason we know it can fail is if a provider is used that doesn't do
|
|
|
- a proper job or is wrongly configured.
|
|
|
+ Closes #8097
|
|
|
+
|
|
|
+- tool_listhelp: sync
|
|
|
|
|
|
- Reported-by: Michael Baentsch
|
|
|
- Fixes #7840
|
|
|
- Closes #7856
|
|
|
+ Follow-up to 172068b76f
|
|
|
|
|
|
-Marcel Raad (14 Oct 2021)
|
|
|
-- [Ryan Mast brought this change]
|
|
|
+- [Damien Walsh brought this change]
|
|
|
|
|
|
- cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend on it
|
|
|
+ request.d: refer to 'method' rather than 'command'
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7822
|
|
|
+ Closes #8094
|
|
|
|
|
|
-Daniel Stenberg (14 Oct 2021)
|
|
|
-- http: remove assert that breaks hyper
|
|
|
-
|
|
|
- Reported-by: Jay Satiro
|
|
|
- Fixes #7852
|
|
|
- Closes #7855
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- http_proxy: fix one more result assign for hyper
|
|
|
+- writeout: fix %{http_version} for HTTP/3
|
|
|
|
|
|
- and remove the bad assert again, since it was run even with no error!
|
|
|
+ Output "3" properly when HTTP/3 was used.
|
|
|
|
|
|
- Closes #7854
|
|
|
+ Reported-by: Bernat Mut
|
|
|
+ Fixes #8072
|
|
|
+ Closes #8092
|
|
|
|
|
|
-Jay Satiro (14 Oct 2021)
|
|
|
-- sws: fix memory leak on exit
|
|
|
+- urlapi: accept port number zero
|
|
|
|
|
|
- - Free the allocated http request struct on cleanup.
|
|
|
+ This is a regression since 7.62.0 (fb30ac5a2d).
|
|
|
|
|
|
- Prior to this change if sws was built with leak sanitizer it would
|
|
|
- report a memory leak error during testing.
|
|
|
+ Updated test 1560 accordingly
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7849
|
|
|
+ Reported-by: Brad Fitzpatrick
|
|
|
+ Fixes #8090
|
|
|
+ Closes #8091
|
|
|
|
|
|
-Daniel Stenberg (14 Oct 2021)
|
|
|
-- c-hyper: make Curl_http propagate errors better
|
|
|
-
|
|
|
- Pass on better return codes when errors occur within Curl_http instead
|
|
|
- of insisting that CURLE_OUT_OF_MEMORY is the only possible one.
|
|
|
+- [Mark Dodgson brought this change]
|
|
|
+
|
|
|
+ lift: ignore is a deprecated config option, use ignoreRules
|
|
|
|
|
|
- Pointed-out-by: Jay Satiro
|
|
|
- Closes #7851
|
|
|
+ Closes #8082
|
|
|
|
|
|
-- http_proxy: make hyper CONNECT() return the correct error code
|
|
|
+- [Alessandro Ghedini brought this change]
|
|
|
+
|
|
|
+ HTTP3: update quiche build instructions
|
|
|
|
|
|
- For every 'goto error', make sure the result variable holds the error
|
|
|
- code for what went wrong.
|
|
|
+ The repo repo was re-organized a bit, so the build instructions need to
|
|
|
+ be updated.
|
|
|
|
|
|
- Reported-by: Rafał Mikrut
|
|
|
- Fixes #7825
|
|
|
- Closes #7846
|
|
|
+ Closes #8076
|
|
|
|
|
|
-- docs/Makefile.am: repair 'make html'
|
|
|
-
|
|
|
- by removing index.html which isn't around anymore
|
|
|
+- CURLMOPT_TIMERFUNCTION.3: call it expire time, not interval
|
|
|
|
|
|
- Closes #7853
|
|
|
+ Since we say it is a non-repating timer
|
|
|
|
|
|
-- [Борис Верховский brought this change]
|
|
|
+- [Florian Van Heghe brought this change]
|
|
|
|
|
|
- curl: correct grammar in generated libcurl code
|
|
|
+ mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB
|
|
|
|
|
|
- Closes #7802
|
|
|
+ Fixes #8079
|
|
|
+ Closes #8081
|
|
|
|
|
|
-- tests: disable test 2043
|
|
|
+Jay Satiro (2 Dec 2021)
|
|
|
+- [Wyatt O'Day brought this change]
|
|
|
+
|
|
|
+ version_win32: Check build number and platform id
|
|
|
|
|
|
- It uses revoked.badssl.com which now is expired and therefor this now
|
|
|
- permafails. We should not use external sites for tests, this test should
|
|
|
- be converted to use our own infra.
|
|
|
+ Prior to this change the build number was not checked during version
|
|
|
+ comparison, and the platform id was supposed to be checked but wasn't.
|
|
|
|
|
|
- Closes #7845
|
|
|
-
|
|
|
-- runtests: split out ignored tests
|
|
|
+ Checking the build number is required for enabling "evergreen"
|
|
|
+ Windows 10/11 features (like TLS 1.3).
|
|
|
|
|
|
- Report ignore tests separately from the actual fails.
|
|
|
+ Ref: https://github.com/curl/curl/pull/7784
|
|
|
|
|
|
- Don't exit non-zero if test servers couldn't get killed.
|
|
|
+ Closes https://github.com/curl/curl/pull/7824
|
|
|
+ Closes https://github.com/curl/curl/pull/7867
|
|
|
+
|
|
|
+- libssh2: fix error message for sha256 mismatch
|
|
|
|
|
|
- Assisted-by: Jay Satiro
|
|
|
+ - On mismatch error show sha256 fingerprint in base64 format.
|
|
|
|
|
|
- Fixes #7818
|
|
|
- Closes #7841
|
|
|
+ Prior to this change the fingerprint was mistakenly printed in binary.
|
|
|
|
|
|
-- http2: make getsock not wait for write if there's no remote window
|
|
|
+Daniel Stenberg (1 Dec 2021)
|
|
|
+- [Xiaoke Wang brought this change]
|
|
|
+
|
|
|
+ openssl: check the return value of BIO_new()
|
|
|
|
|
|
- While uploading, check for remote window availability in the getsock
|
|
|
- function so that we don't wait for a writable socket if no data can be
|
|
|
- sent.
|
|
|
+ Closes #8078
|
|
|
+
|
|
|
+Dan Fandrich (30 Nov 2021)
|
|
|
+- docs: Update the Reducing Size section
|
|
|
|
|
|
- Reported-by: Steini2000 on github
|
|
|
- Fixes #7821
|
|
|
- Closes #7839
|
|
|
+ Add many more options that can reduce the size of the binary that were
|
|
|
+ added since the last update. Update the sample minimal binary size for
|
|
|
+ version 7.80.0.
|
|
|
|
|
|
-- test368: verify dash is appended for "-r [num]"
|
|
|
+- tests: Add some missing keywords to tests
|
|
|
|
|
|
- Follow-up to 8758a26f8878
|
|
|
+ These are needed to skip some tests when configure options have disabled
|
|
|
+ certain features.
|
|
|
|
|
|
-- [Борис Верховский brought this change]
|
|
|
+Daniel Stenberg (30 Nov 2021)
|
|
|
+- [Florian Van Heghe brought this change]
|
|
|
|
|
|
- curl: actually append "-" to --range without number only
|
|
|
+ mbedTLS: add support for CURLOPT_CAINFO_BLOB
|
|
|
|
|
|
- Closes #7837
|
|
|
+ Closes #8071
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Glenn Strauss brought this change]
|
|
|
|
|
|
-- urlapi: URL decode percent-encoded host names
|
|
|
+ digest: compute user:realm:pass digest w/o userhash
|
|
|
|
|
|
- The host name is stored decoded and can be encoded when used to extract
|
|
|
- the full URL. By default when extracting the URL, the host name will not
|
|
|
- be URL encoded to work as similar as possible as before. When not URL
|
|
|
- encoding the host name, the '%' character will however still be encoded.
|
|
|
+ https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4
|
|
|
+ ... the client MUST calculate a hash of the username after
|
|
|
+ any other hash calculation ...
|
|
|
|
|
|
- Getting the URL with the CURLU_URLENCODE flag set will percent encode
|
|
|
- the host name part.
|
|
|
+ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
|
|
+ Closes #8066
|
|
|
+
|
|
|
+- config.d: update documentation to match the path search
|
|
|
|
|
|
- As a bonus, setting the host name part with curl_url_set() no longer
|
|
|
- accepts a name that contains space, CR or LF.
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+
|
|
|
+- tool_findfile: search for a file in the homedir
|
|
|
|
|
|
- Test 1560 has been extended to verify percent encodings.
|
|
|
+ The homedir() function is now renamed into findfile() and iterates over
|
|
|
+ all the environment variables trying to access the file in question
|
|
|
+ until it finds it. Last resort is then getpwuid() if
|
|
|
+ available. Previously it would first try to find a home directory and if
|
|
|
+ that was set, insist on checking only that directory for the file. This
|
|
|
+ now returns the full file name it finds.
|
|
|
|
|
|
- Reported-by: Noam Moshe
|
|
|
- Reported-by: Sharon Brizinov
|
|
|
- Reported-by: Raul Onitza-Klugman
|
|
|
- Reported-by: Kirill Efimov
|
|
|
- Fixes #7830
|
|
|
- Closes #7834
|
|
|
-
|
|
|
-Marc Hoersken (8 Oct 2021)
|
|
|
-- CI/makefiles: introduce dedicated test target
|
|
|
+ The Windows specific checks are now done differently too and in this
|
|
|
+ order:
|
|
|
|
|
|
- Make it easy to use the same set of test flags
|
|
|
- throughout all current and future CI builds.
|
|
|
+ 1 - %USERPROFILE%
|
|
|
+ 2 - %APPDATA%
|
|
|
+ 3 - %USERPROFILE%\\Application Data
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
+ The windows order is modified to match how the Windows 10 ssh tool works
|
|
|
+ when it searches for .ssh/known_hosts.
|
|
|
|
|
|
- Follow up to #7690
|
|
|
- Closes #7785
|
|
|
-
|
|
|
-Daniel Stenberg (8 Oct 2021)
|
|
|
-- maketgz: redirect updatemanpages.pl output to /dev/null
|
|
|
+ Reported-by: jeffrson on github
|
|
|
+ Co-authored-by: Jay Satiro
|
|
|
+ Fixes #8033
|
|
|
+ Closes #8035
|
|
|
|
|
|
-- CURLOPT_HTTPHEADER.3: add descripion for specific headers
|
|
|
+- docs: consistent manpage SYNOPSIS
|
|
|
|
|
|
- Settting Host: or Transfer-Encoding: chunked actually have special
|
|
|
- meanings to libcurl. This change tries to document them
|
|
|
-
|
|
|
- Closes #7829
|
|
|
-
|
|
|
-- c-hyper: use hyper_request_set_uri_parts to make h2 better
|
|
|
+ Make all libcurl related options use .nf (no fill) for the SYNOPSIS
|
|
|
+ section - for consistent look. roffit then renders that section using
|
|
|
+ <pre> (monospace font) in html for the website.
|
|
|
|
|
|
- and make sure to not send Host: over h2.
|
|
|
+ Extended manpage-syntax (test 1173) with a basic check for it.
|
|
|
|
|
|
- Fixes #7679
|
|
|
- Reported-by: David Cook
|
|
|
- Closes #7827
|
|
|
+ Closes #8062
|
|
|
|
|
|
-- [Michael Afanasiev brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- curl-openssl.m4: modify library order for openssl linking
|
|
|
-
|
|
|
- lcrypto may depend on lz, and configure corrently fails with when
|
|
|
- statically linking as the order is "-lz -lcrypto". This commit switches
|
|
|
- the order to "-lcrypto -lz".
|
|
|
-
|
|
|
- Closes #7826
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
-Marcel Raad (7 Oct 2021)
|
|
|
-- sha256: use high-level EVP interface for OpenSSL
|
|
|
-
|
|
|
- Available since OpenSSL 0.9.7. The low-level SHA256 interface is
|
|
|
- deprecated in OpenSSL v3, and its usage was discouraged even before.
|
|
|
+ openldap: handle connect phase with a state machine
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7808
|
|
|
+ Closes #8054
|
|
|
|
|
|
-- curl_ntlm_core: use OpenSSL only if DES is available
|
|
|
+- docs: address proselint nits
|
|
|
|
|
|
- This selects another SSL backend then if available, or otherwise at
|
|
|
- least gives a meaningful error message.
|
|
|
+ - avoid exclamation marks
|
|
|
+ - use consistent number of spaces after periods: one
|
|
|
+ - avoid clichés
|
|
|
+ - avoid using 'very'
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7808
|
|
|
+ Closes #8060
|
|
|
|
|
|
-- md5: fix compilation with OpenSSL 3.0 API
|
|
|
+- [Bruno Baguette brought this change]
|
|
|
+
|
|
|
+ FAQ: typo fix : "yout" ➤ "your"
|
|
|
|
|
|
- Only use OpenSSL's MD5 code if it's available.
|
|
|
+ Closes #8059
|
|
|
+
|
|
|
+- [Bruno Baguette brought this change]
|
|
|
+
|
|
|
+ docs/INSTALL.md: typo fix : added missing "get" verb
|
|
|
|
|
|
- Also fix wolfSSL build with `NO_MD5`, in which case neither the
|
|
|
- wolfSSL/OpenSSL implementation nor the fallback implementation was
|
|
|
- used.
|
|
|
+ Closes #8058
|
|
|
+
|
|
|
+- insecure.d: detail its use for SFTP and SCP as well
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7808
|
|
|
+ Closes #8056
|
|
|
|
|
|
-Daniel Stenberg (7 Oct 2021)
|
|
|
-- print_category: printf %*s needs an int argument
|
|
|
+Viktor Szakats (25 Nov 2021)
|
|
|
+- Makefile.m32: rename -winssl option to -schannel and tidy up
|
|
|
|
|
|
- ... not a size_t!
|
|
|
+ - accept `-schannel` as an alternative to `CFG` option `-winssl`
|
|
|
+ (latter still accepted, but deprecated)
|
|
|
+ - rename internal variable `WINSSL` to `SCHANNEL`
|
|
|
+ - make the `CFG` option evaluation shorter, without repeating the option
|
|
|
+ name
|
|
|
|
|
|
- Detected by Coverity: CID 1492331.
|
|
|
- Closes #7823
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #8053
|
|
|
|
|
|
-Jay Satiro (7 Oct 2021)
|
|
|
-- version_win32: use actual version instead of manifested version
|
|
|
+Daniel Stenberg (25 Nov 2021)
|
|
|
+- KNOWN_BUGS: 5.6 make distclean loops forever
|
|
|
|
|
|
- - Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
|
|
|
+ Reported-by: David Bohman
|
|
|
+ Closes #7716
|
|
|
+
|
|
|
+- KNOWN_BUGS: add one, remove one
|
|
|
|
|
|
- Later versions of Windows have normal version functions that compare and
|
|
|
- return versions based on the way the application is manifested, instead
|
|
|
- of the actual version of Windows the application is running on. We
|
|
|
- prefer the actual version of Windows so we'll now call the Rtl variant
|
|
|
- of version functions (RtlVerifyVersionInfo) which does a proper
|
|
|
- comparison of the actual version.
|
|
|
+ - 5.10 SMB tests fail with Python 2
|
|
|
|
|
|
- Reported-by: Wyatt O'Day
|
|
|
+ Just use python 3.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7727
|
|
|
+ + 5.10 curl hangs on SMB upload over stdin
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7742
|
|
|
- Closes https://github.com/curl/curl/pull/7810
|
|
|
-
|
|
|
-Daniel Stenberg (6 Oct 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7896
|
|
|
|
|
|
-- http: fix Basic auth with empty name field in URL
|
|
|
+- urlapi: provide more detailed return codes
|
|
|
|
|
|
- Add test 367 to verify.
|
|
|
+ Previously, the return code CURLUE_MALFORMED_INPUT was used for almost
|
|
|
+ 30 different URL format violations. This made it hard for users to
|
|
|
+ understand why a particular URL was not acceptable. Since the API cannot
|
|
|
+ point out a specific position within the URL for the problem, this now
|
|
|
+ instead introduces a number of additional and more fine-grained error
|
|
|
+ codes to allow the API to return more exactly in what "part" or section
|
|
|
+ of the URL a problem was detected.
|
|
|
|
|
|
- Reported-by: Rick Lane
|
|
|
- Fixes #7819
|
|
|
- Closes #7820
|
|
|
-
|
|
|
-- [Jeffrey Tolar brought this change]
|
|
|
-
|
|
|
- CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
|
|
|
+ Also bug-fixes curl_url_get() with CURLUPART_ZONEID, which previously
|
|
|
+ returned CURLUE_OK even if no zoneid existed.
|
|
|
|
|
|
- ... and close connections that are too old instead of reusing them.
|
|
|
+ Test cases in 1560 have been adjusted and extended. Tests 1538 and 1559
|
|
|
+ have been updated.
|
|
|
|
|
|
- By default, this behavior is disabled.
|
|
|
+ Updated libcurl-errors.3 and curl_url_strerror() accordingly.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-09/0058.html
|
|
|
- Closes #7751
|
|
|
+ Closes #8049
|
|
|
|
|
|
-Daniel Gustafsson (6 Oct 2021)
|
|
|
-- docs/examples: add missing binaries to gitignore
|
|
|
+- urlapi: make Curl_is_absolute_url always use MAX_SCHEME_LEN
|
|
|
|
|
|
- Commit f65d7889b added getreferrer, and commit ae8e11ed5 multi-legacy,
|
|
|
- both of which missed adding .gitignore clauses for the built binaries.
|
|
|
+ Instad of having all callers pass in the maximum length, always use
|
|
|
+ it. The passed in length is instead used only as the length of the
|
|
|
+ target buffer for to storing the scheme name in, if used.
|
|
|
|
|
|
- Closes #7817
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
-
|
|
|
-Daniel Stenberg (5 Oct 2021)
|
|
|
-- [Josip Medved brought this change]
|
|
|
-
|
|
|
- HTTP3: fix the HTTP/3 Explained book link
|
|
|
+ Added the scheme max length restriction to the curl_url_set.3 man page.
|
|
|
|
|
|
- Closes #7813
|
|
|
+ Follow-up to 45bcb2eaa78c79
|
|
|
+
|
|
|
+ Closes #8047
|
|
|
|
|
|
-- [Lucas Holt brought this change]
|
|
|
+- [Jay Satiro brought this change]
|
|
|
|
|
|
- misc: fix a few issues on MidnightBSD
|
|
|
+ cmake: warn on use of the now deprecated symbols
|
|
|
|
|
|
- Closes #7812
|
|
|
+ Follow-up to 9108da2c26d
|
|
|
+
|
|
|
+ Closes #8052
|
|
|
|
|
|
-Daniel Gustafsson (4 Oct 2021)
|
|
|
-- [8U61ife brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- tool_main: fix typo in comment
|
|
|
+ tests/CI.md: add more information on CI environments
|
|
|
|
|
|
- Closes: #7811
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-Daniel Stenberg (4 Oct 2021)
|
|
|
-- [Ryan Mast brought this change]
|
|
|
+ Fixes #8012
|
|
|
+ Closes #8022
|
|
|
|
|
|
- BINDINGS: URL updates
|
|
|
+- cmake: private identifiers use CURL_ instead of CMAKE_ prefix
|
|
|
|
|
|
- For cpr, BBHTTP, Eiffel, Harbour, Haskell, Mono, and Rust
|
|
|
+ Since the 'CMAKE_' prefix is reserved for cmake's own private use.
|
|
|
+ Ref: https://cmake.org/cmake/help/latest/manual/cmake-variables.7.html
|
|
|
|
|
|
- Closes #7809
|
|
|
+ Reported-by: Boris Rasin
|
|
|
+ Fixes #7988
|
|
|
+ Closes #8044
|
|
|
|
|
|
-- scripts/delta: hide a git error message we don't care about
|
|
|
+- urlapi: reject short file URLs
|
|
|
|
|
|
- fatal: path 'src/tool_listhelp.c' exists on disk, but not in [tag]
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
-
|
|
|
- sasl: binary messages
|
|
|
+ file URLs that are 6 bytes or shorter are not complete. Return
|
|
|
+ CURLUE_MALFORMED_INPUT for those. Extended test 1560 to verify.
|
|
|
|
|
|
- Capabilities of sasl module are extended to exchange messages in binary
|
|
|
- as an alternative to base64.
|
|
|
+ Triggered by #8041
|
|
|
+ Closes #8042
|
|
|
+
|
|
|
+- curl: improve error message for --head with -J
|
|
|
|
|
|
- If http authentication flags have been set, those are used as sasl
|
|
|
- default preferred mechanisms.
|
|
|
+ ... it now focuses on the "output of headers" combined with the
|
|
|
+ --remote-header-name option, as that is actually the problem. Both
|
|
|
+ --head and --include can output headers.
|
|
|
|
|
|
- Closes #6930
|
|
|
+ Reported-by: nimaje on github
|
|
|
+ Fixes #7987
|
|
|
+ Closes #8045
|
|
|
|
|
|
-- [Hayden Roche brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
|
|
|
+- [Stefan Eissing brought this change]
|
|
|
+
|
|
|
+ urlapi: cleanup scheme parsing
|
|
|
|
|
|
- Prior to this commit, OpenSSL could be used for all these functions, but
|
|
|
- not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
|
|
|
- is defined.
|
|
|
+ Makea Curl_is_absolute_url() always leave a defined 'buf' and avoids
|
|
|
+ copying on urls that do not start with a scheme.
|
|
|
|
|
|
- Closes #7806
|
|
|
+ Closes #8043
|
|
|
|
|
|
-- scripts/delta: count command line options in the new file
|
|
|
+- tool_operate: only set SSH related libcurl options for SSH URLs
|
|
|
|
|
|
- ... which makes the shown delta number wrong until next release.
|
|
|
+ For example, this avoids trying to find and set the known_hosts file (or
|
|
|
+ warn for its absence) if SFTP or SCP are not used.
|
|
|
+
|
|
|
+ Closes #8040
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-- print_category: print help descriptions aligned
|
|
|
+ rustls: remove comment about checking handshaking
|
|
|
|
|
|
- Adjust the description position to make an aligned column when doing
|
|
|
- help listings, which is more pleasing to the eye.
|
|
|
+ The comment is incorrect in two ways:
|
|
|
+ - It says the check needs to be last, but the check is actually first.
|
|
|
+ - is_handshaking actually starts out true.
|
|
|
|
|
|
- Suggested-by: Gisle Vanem
|
|
|
- Closes #7792
|
|
|
+ Closes #8038
|
|
|
|
|
|
-- lib/mk-ca-bundle.pl: skip certs passed Not Valid After date
|
|
|
-
|
|
|
- With this change applied, the now expired 'DST Root CA X3' cert will no
|
|
|
- longer be included in the output.
|
|
|
+Marcel Raad (20 Nov 2021)
|
|
|
+- openssl: use non-deprecated API to read key parameters
|
|
|
|
|
|
- Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
|
|
|
+ With OpenSSL 3.0, the parameters are read directly from the `EVP_PKEY`
|
|
|
+ using `EVP_PKEY_get_bn_param`.
|
|
|
|
|
|
- Closes #7801
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
-- tool_listhelp: easier to generate with gen.pl
|
|
|
+- openssl: reduce code duplication
|
|
|
|
|
|
- tool_listhelp.c is now a separate file with only the command line --help
|
|
|
- output, exactly as generated by gen.pl. This makes it easier to generate
|
|
|
- updates according to what's in the docs/cmdline-opts docs.
|
|
|
+ `BN_print`'s `BIGNUM` parameter has been `const` since OpenSSL 0.9.4.
|
|
|
|
|
|
- cd $srcroot/docs/cmdline-opts
|
|
|
- ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
+
|
|
|
+- openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
|
|
|
|
|
|
- With a configure build, this also works:
|
|
|
-
|
|
|
- make -C src listhelp
|
|
|
+ The flag has been deprecated without replacement in OpenSSL 3.0.
|
|
|
|
|
|
- Closes #7787
|
|
|
-
|
|
|
-- [Anthony Hu brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
- wolfssl: allow setting of groups/curves
|
|
|
+- openssl: remove usage of deprecated `SSL_get_peer_certificate`
|
|
|
|
|
|
- In particular, the quantum safe KEM and hybrid curves if wolfSSL is
|
|
|
- built to support them.
|
|
|
+ The function name was changed to `SSL_get1_peer_certificate` in OpenSSL
|
|
|
+ 3.0.
|
|
|
|
|
|
- Closes #7728
|
|
|
-
|
|
|
-- [Jan Mazur brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
- connnect: use sysaddr_un fron sys/un.h or custom-defined for windows
|
|
|
+Daniel Stenberg (19 Nov 2021)
|
|
|
+- page-footer: fix typo
|
|
|
|
|
|
- Closes #7737
|
|
|
-
|
|
|
-Jay Satiro (30 Sep 2021)
|
|
|
-- [Rikard Falkeborn brought this change]
|
|
|
+ Closes #8036
|
|
|
|
|
|
- hostip: Move allocation to clarify there is no memleak
|
|
|
-
|
|
|
- By just glancing at the code, it looks like there is a memleak if the
|
|
|
- call to Curl_inet_pton() fails. Looking closer, it is clear that the
|
|
|
- call to Curl_inet_pton() can not fail, so the code will never leak
|
|
|
- memory. However, we can make this obvious by moving the allocation
|
|
|
- after the if-statement.
|
|
|
+- http: enable haproxy support for hyper backend
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7796
|
|
|
-
|
|
|
-Daniel Stenberg (30 Sep 2021)
|
|
|
-- gen.pl: make the output date format work better
|
|
|
+ This is done by having native code do the haproxy header output before
|
|
|
+ hyper issues its request. The little downside with this approach is that
|
|
|
+ we need the entire Curl_buffer_send() function built, which is otherwise
|
|
|
+ not used for hyper builds.
|
|
|
|
|
|
- Follow-up to 15910dfd143dd
|
|
|
+ If hyper ends up getting native support for the haproxy protocols we can
|
|
|
+ backpedal on this.
|
|
|
|
|
|
- The previous strftime format used didn't work correctly on Windows, so
|
|
|
- change to %B %d %Y which today looks like "September 29 2021".
|
|
|
+ Enables test 1455 and 1456
|
|
|
|
|
|
- Reported-by: Gisle Vanem
|
|
|
- Bug: #7782
|
|
|
- Closes #7793
|
|
|
+ Closes #8034
|
|
|
|
|
|
-- typecheck-gcc.h: add CURLOPT_PREREQDATA awareness
|
|
|
+- [Bernhard Walle brought this change]
|
|
|
+
|
|
|
+ configure: fix runtime-lib detection on macOS
|
|
|
|
|
|
- Follow-up to a517378de58358a
|
|
|
+ With a non-standard installation of openssl we get this error:
|
|
|
|
|
|
- To make test 1912 happy again
|
|
|
+ checking run-time libs availability... failed
|
|
|
+ configure: error: one or more libs available at link-time are not available run-time. Libs used at link-time: -lnghttp2 -lssl -lcrypto -lssl -lcrypto -lz
|
|
|
|
|
|
- Closes #7799
|
|
|
-
|
|
|
-Marcel Raad (29 Sep 2021)
|
|
|
-- configure: remove `HAVE_WINSOCK_H` definition
|
|
|
+ There's already code to set LD_LIBRARY_PATH on Linux, so set
|
|
|
+ DYLD_LIBRARY_PATH equivalent on macOS.
|
|
|
|
|
|
- It's not used anymore.
|
|
|
+ Closes #8028
|
|
|
+
|
|
|
+- [Don J Olmstead brought this change]
|
|
|
+
|
|
|
+ cmake: don't set _USRDLL on a static Windows build
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
+ Closes #8030
|
|
|
|
|
|
-- CMake: remove `HAVE_WINSOCK_H` definition
|
|
|
+- page-footer: document more environment variables
|
|
|
|
|
|
- It's not used anymore.
|
|
|
+ ... that curl might use.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
+ Closes #8027
|
|
|
|
|
|
-- config: remove `HAVE_WINSOCK_H` definition
|
|
|
+- netrc.d: edit the .netrc example to look nicer
|
|
|
|
|
|
- It's not used anymore.
|
|
|
+ Works nicely thanks to d1828b470f43d
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
+ Closes #8025
|
|
|
|
|
|
-- lib: remove `HAVE_WINSOCK_H` usage
|
|
|
+- tftp: mark protocol as not possible to do over CONNECT
|
|
|
|
|
|
- WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H`
|
|
|
- instead.
|
|
|
+ ... and make connect_init() refusing trying to tunnel protocols marked
|
|
|
+ as not working. Avoids a double-free.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7795
|
|
|
+ Reported-by: Even Rouault
|
|
|
+ Fixes #8018
|
|
|
+ Closes #8020
|
|
|
|
|
|
-Daniel Stenberg (29 Sep 2021)
|
|
|
-- easyoptions: add the two new PRE* options
|
|
|
-
|
|
|
- Follow-up to a517378de58358a
|
|
|
+- docs/cmdline-opts: do not say "protocols: all"
|
|
|
|
|
|
- Also fix optiontable.pl to do the correct remainder on the entry.
|
|
|
+ Remove the lines saying "protocols: all". It makes the output in the
|
|
|
+ manpage look funny, and the expectation is probably by default that if
|
|
|
+ not anything is mentioned about protocols the option apply to them all.
|
|
|
|
|
|
- Reported-by: Gisle Vanem
|
|
|
- Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830
|
|
|
- Closes #7791
|
|
|
+ Closes #8021
|
|
|
|
|
|
-- Revert "build: remove checks for WinSock 1"
|
|
|
+- curl.1: require "see also" for every documented option
|
|
|
|
|
|
- Due to CI issues
|
|
|
+ gen.pl now generates a warning if the "See Also" field is not filled in for a
|
|
|
+ command line option
|
|
|
|
|
|
- This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc.
|
|
|
+ All command line options now provide one or more related options. 167
|
|
|
+ "See alsos" added!
|
|
|
|
|
|
- Closes #7790
|
|
|
+ Closes #8019
|
|
|
|
|
|
-Daniel Gustafsson (29 Sep 2021)
|
|
|
-- lib: avoid fallthrough cases in switch statements
|
|
|
-
|
|
|
- Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
|
|
|
- on implicit fallthrough cases, since the current coding of indicating
|
|
|
- fallthrough with comments is falling out of fashion with new compilers.
|
|
|
- This attempts to make the issue smaller by rewriting fallthroughs to no
|
|
|
- longer fallthrough, via either breaking the cases or turning switch
|
|
|
- statements into if statements.
|
|
|
-
|
|
|
- lib/content_encoding.c: the fallthrough codepath is simply copied
|
|
|
- into the case as it's a single line.
|
|
|
- lib/http_ntlm.c: the fallthrough case skips a state in the state-
|
|
|
- machine and fast-forwards to NTLMSTATE_LAST. Do this before the
|
|
|
- switch statement instead to set up the states that we actually
|
|
|
- want.
|
|
|
- lib/http_proxy.c: the fallthrough is just falling into exiting the
|
|
|
- switch statement which can be done easily enough in the case.
|
|
|
- lib/mime.c: switch statement rewritten as if statement.
|
|
|
- lib/pop3.c: the fallthrough case skips to the next state in the
|
|
|
- statemachine, do this explicitly instead.
|
|
|
- lib/urlapi.c: switch statement rewritten as if statement.
|
|
|
- lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
|
|
|
- machine, do this by running another iteration of the switch
|
|
|
- statement instead.
|
|
|
- lib/vtls/gtls.c: switch statement rewritten as if statement.
|
|
|
- lib/vtls/nss.c: the fallthrough codepath is simply copied into the
|
|
|
- case as it's a single line. Also twiddle a comment to not be
|
|
|
- inside a non-brace if statement.
|
|
|
+- insecure.d: expand and clarify
|
|
|
|
|
|
- Closes: #7322
|
|
|
- See-also: #7295
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Closes #8017
|
|
|
|
|
|
-Marcel Raad (28 Sep 2021)
|
|
|
-- config-win32ce: enable WinSock 2
|
|
|
+- gen.pl: improve example output format
|
|
|
|
|
|
- WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of
|
|
|
- support since 2013).
|
|
|
+ Treat consecutive lines that start with a space to be "examples". They
|
|
|
+ are output enclosed by .nf and .fi
|
|
|
|
|
|
- Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10)
|
|
|
+ Updated form.d to use this new fanciness
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7778
|
|
|
+ Closes #8016
|
|
|
|
|
|
-- externalsocket: use WinSock 2.2
|
|
|
+- Revert "form-escape.d: double the back-slashes for proper man page output"
|
|
|
|
|
|
- That's the only version we support.
|
|
|
+ This reverts commit a2d8eac04a4eb1d5a98cf24b4e5cec5cec565d27.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7778
|
|
|
+ silly me, it was intended to be one backslash!
|
|
|
|
|
|
-- build: remove checks for WinSock 1
|
|
|
-
|
|
|
- It's not supported anymore.
|
|
|
-
|
|
|
- Closes https://github.com/curl/curl/pull/7778
|
|
|
+- form-escape.d: double the back-slashes for proper man page output
|
|
|
|
|
|
-Daniel Stenberg (28 Sep 2021)
|
|
|
-- scripts/copyright: .muse is .lift now
|
|
|
-
|
|
|
- And update 5 files with old copyright year range
|
|
|
+- page-footer: add a mention of how to report bugs to the man page
|
|
|
|
|
|
-- cmdline-opts: made the 'Added:' field mandatory
|
|
|
-
|
|
|
- Since "too old" versions are no longer included in the generated man
|
|
|
- page, this field is now mandatory so that it won't be forgotten and then
|
|
|
- not included in the documentation.
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Closes #7786
|
|
|
+ and bump to 7.81.0-DEV
|
|
|
|
|
|
-- curl.1: remove mentions of really old version changes
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ mime: use percent-escaping for multipart form field and file names
|
|
|
|
|
|
- To make the man page more readable, this change removes all references
|
|
|
- to changes in support/versions etc that happened before 7.30.0 from the
|
|
|
- curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular
|
|
|
- limit is a bit arbitrary but was fairly easy to grep for.
|
|
|
+ Until now, form field and file names where escaped using the
|
|
|
+ backslash-escaping algorithm defined for multipart mails. This commit
|
|
|
+ replaces this with the percent-escaping method for URLs.
|
|
|
|
|
|
- It is handled like this: the 'Added' keyword is only used in output if
|
|
|
- it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in
|
|
|
- description will be stripped out if the mentioned $VERSION is from
|
|
|
- before 7.30.0. It is therefore important that the "Added in..."
|
|
|
- references are always written exactly like that - and on a single line,
|
|
|
- not split over two.
|
|
|
+ As this may introduce incompatibilities with server-side applications, a
|
|
|
+ new libcurl option CURLOPT_MIME_OPTIONS with bitmask
|
|
|
+ CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of
|
|
|
+ backslash-escaping. This is controlled by new cli tool option
|
|
|
+ --form-escape.
|
|
|
|
|
|
- This change removes about 80 version number references from curl.1, down
|
|
|
- to 138 from 218.
|
|
|
+ New tests and documentation are provided for this feature.
|
|
|
|
|
|
- Closes #7786
|
|
|
+ Reported by: Ryan Sleevi
|
|
|
+ Fixes #7789
|
|
|
+ Closes #7805
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
-- tool_cb_prg: make resumed upload progress bar show better
|
|
|
+ zuul.d: update rustls-ffi to version 0.8.2
|
|
|
|
|
|
- This is a regression that was *probably* injected in the larger progress
|
|
|
- bar overhaul in 2018.
|
|
|
+ This version fixes errors with ALPN negotiation in rustls, which is
|
|
|
+ necessary for HTTP/2 support. For more information see the rustls-ffi
|
|
|
+ changelog.
|
|
|
|
|
|
- Reported-by: beslick5 on github
|
|
|
- Fixes #7760
|
|
|
- Closes #7777
|
|
|
+ Closes #8013
|
|
|
|
|
|
-- gen.pl: insert the current date and version in generated man page
|
|
|
+- configure: better diagnostics if hyper is built wrong
|
|
|
|
|
|
- Reported-by: Gisle Vanem
|
|
|
- Ref: #7780
|
|
|
- Closes #7782
|
|
|
+ If hyper is indeed present in the specified directory but couldn't be
|
|
|
+ used to find the correct symbol, then offer a different error message to
|
|
|
+ better help the user understand the issue.
|
|
|
+
|
|
|
+ Suggested-by: Jacob Hoffman-Andrews
|
|
|
+ Fixes #8001
|
|
|
+ Closes #8005
|
|
|
|
|
|
-- NTLM: use DES_set_key_unchecked with OpenSSL
|
|
|
+- test1939: require proxy support to run
|
|
|
|
|
|
- ... as the previously used function DES_set_key() will in some cases
|
|
|
- reject using a key that it deems "weak" which will cause curl to
|
|
|
- continue using the unitialized buffer content as key instead.
|
|
|
+ Follow-up to f0b7099a10d1a
|
|
|
|
|
|
- Assisted-by: Harry Sintonen
|
|
|
- Fixes #7779
|
|
|
- Closes #7781
|
|
|
+ Closes #8011
|
|
|
|
|
|
-Marc Hoersken (27 Sep 2021)
|
|
|
-- CI: align make and test flags in various config files
|
|
|
+- test302[12]: run only with the libssh2 backend
|
|
|
|
|
|
- 1. Use Makefile target to run tests in autotools builds on AppVeyor.
|
|
|
- 2. Disable testing of SCP protocol on native Windows environments.
|
|
|
- 3. Remove redundant parameters -a -p from target test-nonflaky.
|
|
|
- 4. Don't use -vc parameter which is reserved for debugging.
|
|
|
+ ... as the others don't support --hostpubsha256
|
|
|
|
|
|
- Replaces #7591
|
|
|
- Closes #7690
|
|
|
+ Reported-by: Paul Howarth
|
|
|
+ Fixes #8009
|
|
|
+ Closes #8010
|
|
|
|
|
|
-Daniel Stenberg (27 Sep 2021)
|
|
|
-- mailmap: unify Max!
|
|
|
+- runtests: make the SSH library a testable feature
|
|
|
+
|
|
|
+ libssh2, libssh and wolfssh
|
|
|
|
|
|
-- [Max Dymond brought this change]
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- CURLOPT_PREREQFUNCTION: add new callback
|
|
|
-
|
|
|
- Triggered before a request is made but after a connection is set up
|
|
|
+ rustls: read of zero bytes might be okay
|
|
|
|
|
|
- Changes:
|
|
|
+ When we're reading out plaintext from rustls' internal buffers, we might
|
|
|
+ get a read of zero bytes (meaning a clean TCP close, including
|
|
|
+ close_notify). However, we shouldn't return immediately when that
|
|
|
+ happens, since we may have already copied out some plaintext bytes.
|
|
|
+ Break out of the loop when we get a read of zero bytes, and figure out
|
|
|
+ which path we're dealing with.
|
|
|
|
|
|
- - callback: Update docs and callback for pre-request callback
|
|
|
- - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
|
|
|
- - Add redirect test and callback failure test
|
|
|
- - Note that the function may be called multiple times on a redirection
|
|
|
- - Disable new 2086 test due to Windows weirdness
|
|
|
+ Acked-by: Kevin Burke
|
|
|
|
|
|
- Closes #7477
|
|
|
+ Closes #8003
|
|
|
|
|
|
-- KNOWN_BUGS: HTTP/2 connections through HTTPS proxy frequently stall
|
|
|
-
|
|
|
- Closes #6936
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-- TODO: make configure use --cache-file more and better
|
|
|
+ rustls: remove incorrect EOF check
|
|
|
|
|
|
- Closes #7753
|
|
|
-
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
-
|
|
|
- urlapi: support UNC paths in file: URLs on Windows
|
|
|
+ The update to rustls-ffi 0.8.0 changed handling of EOF and close_notify.
|
|
|
+ From the CHANGELOG:
|
|
|
|
|
|
- - file://host.name/path/file.txt is a valid UNC path
|
|
|
- \\host.name\path\files.txt to a non-local file transformed into URI
|
|
|
- (RFC 8089 Appendix E.3)
|
|
|
+ > Handling of unclean close and the close_notify TLS alert. Mirroring
|
|
|
+ > upstream changes, a rustls_connection now tracks TCP closed state like
|
|
|
+ > so: rustls_connection_read_tls considers a 0-length read from its
|
|
|
+ > callback to mean "TCP stream was closed by peer." If that happens
|
|
|
+ > before the peer sent close_notify, rustls_connection_read will return
|
|
|
+ > RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are
|
|
|
+ > exhausted. This is useful to protect against truncation attacks. Note:
|
|
|
+ > some TLS implementations don't send close_notify. If you are already
|
|
|
+ > getting length information from your protocol (e.g. Content-Length in
|
|
|
+ > HTTP) you may choose to ignore UNEXPECTED_EOF so long as the number of
|
|
|
+ > plaintext bytes was as expected.
|
|
|
|
|
|
- - UNC paths on other OSs must be smb: URLs
|
|
|
+ That means we don't need to check for unclean EOF in `cr_recv()`,
|
|
|
+ because `process_new_packets()` will give us an error if appropriate.
|
|
|
|
|
|
- Closes #7366
|
|
|
-
|
|
|
-- [Gleb Ivanovsky brought this change]
|
|
|
+ Closes #8003
|
|
|
|
|
|
- urlapi: add curl_url_strerror()
|
|
|
+- lib1939: make it endure torture tests
|
|
|
|
|
|
- Add curl_url_strerror() to convert CURLUcode into readable string and
|
|
|
- facilitate easier troubleshooting in programs using URL API.
|
|
|
- Extend CURLUcode with CURLU_LAST for iteration in unit tests.
|
|
|
- Update man pages with a mention of new function.
|
|
|
- Update example code and tests with new functionality where it fits.
|
|
|
+ Follow-up to f0b7099a10d1a
|
|
|
|
|
|
- Closes #7605
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- [Mats Lindestam brought this change]
|
|
|
+ Closes #8007
|
|
|
|
|
|
- libssh2: add SHA256 fingerprint support
|
|
|
+- azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
|
|
|
|
|
|
- Added support for SHA256 fingerprint in command line curl and in
|
|
|
- libcurl.
|
|
|
+ The configure line would previously depend on a configure mistake using
|
|
|
+ --without-openssl that is fixed and now this configure line needs
|
|
|
+ adjusting to use --without-ssl.
|
|
|
|
|
|
- Closes #7646
|
|
|
+ Follow-up to b589696f0312d
|
|
|
+
|
|
|
+ Closes #8006
|
|
|
|
|
|
-- libcurl.rc: switch out the copyright symbol for plain ASCII
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
+
|
|
|
+ configure: add -lm to configure for rustls build.
|
|
|
|
|
|
- Reported-by: Vitaly Varyvdin
|
|
|
- Assisted-by: Viktor Szakats
|
|
|
- Fixes #7765
|
|
|
- Closes #7776
|
|
|
+ Note: The list of libraries that rustc tells us we need to include is
|
|
|
+ longer, but also includes some more platform-specific libraries that I
|
|
|
+ am not sure how to effectively incorporate. Adding just -lm seems to
|
|
|
+ solve an immediate problem, so I'm adding just that.
|
|
|
+
|
|
|
+ Closes #8002
|
|
|
|
|
|
-- [Jun-ya Kato brought this change]
|
|
|
+- curl_share_setopt.3: refer to CURLSHOPT_USERDATA(3) properly
|
|
|
|
|
|
- ngtcp2: fix QUIC transport parameter version
|
|
|
+- curl_share_setopt.3: split out options into their own manpages
|
|
|
|
|
|
- fix inappropriate version setting for QUIC transport parameters.
|
|
|
- this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29).
|
|
|
+ CURLSHOPT_LOCKFUNC.3
|
|
|
+ CURLSHOPT_SHARE.3
|
|
|
+ CURLSHOPT_UNLOCKFUNC.3
|
|
|
+ CURLSHOPT_UNSHARE.3
|
|
|
+ CURLSHOPT_USERDATA.3
|
|
|
|
|
|
- Closes #7771
|
|
|
+ Closes #7998
|
|
|
|
|
|
-- examples/imap-append: fix end-of-data check
|
|
|
+- http_proxy: make Curl_connect_done() work for proxy disabled builds
|
|
|
|
|
|
- Reported-by: Alexander Chuykov
|
|
|
- Fixes #7774
|
|
|
- Closes #7775
|
|
|
+ ... by making it an empty macro then.
|
|
|
+
|
|
|
+ Follow-up to f0b7099a10d1a
|
|
|
+ Reported-by: Vincent Grande
|
|
|
+ Fixes #7995
|
|
|
+ Closes #7996
|
|
|
|
|
|
-Michael Kaufmann (24 Sep 2021)
|
|
|
-- vtls: Fix a memory leak if an SSL session cannot be added to the cache
|
|
|
+- Curl_connect_done: handle being called twice
|
|
|
|
|
|
- On connection shutdown, a new TLS session ticket may arrive after the
|
|
|
- SSL session cache has already been destructed. In this case, the new
|
|
|
- SSL session cannot be added to the SSL session cache.
|
|
|
+ Follow-up to f0b7099a10d1a7c
|
|
|
|
|
|
- The callers of Curl_ssl_addsessionid() need to know whether the SSL
|
|
|
- session has been added to the cache. If it has not been added, the
|
|
|
- reference counter of the SSL session must not be incremented, or memory
|
|
|
- used by the SSL session must be freed. This is now possible with the new
|
|
|
- output parameter "added" of Curl_ssl_addsessionid().
|
|
|
+ When torture testing 1021, it turns out the Curl_connect_done function
|
|
|
+ might be called twice and that previously then wrongly cleared the HTTP
|
|
|
+ pointer in the second invoke.
|
|
|
|
|
|
- Fixes #7683
|
|
|
- Closes #7752
|
|
|
+ Closes #7999
|
|
|
|
|
|
-Daniel Stenberg (24 Sep 2021)
|
|
|
-- [Momoka Yamamoto brought this change]
|
|
|
+- [Stan Hu brought this change]
|
|
|
|
|
|
- HTTP3.md: use 'autoreconf -fi' instead of buildconf
|
|
|
+ configure: don't enable TLS when --without-* flags are used
|
|
|
|
|
|
- buildconf is not used since #5853
|
|
|
+ Previously specifying `--without-gnutls` would unexpectedly attempt to
|
|
|
+ compile with GnuTLS, effectively interpreting this as
|
|
|
+ `--with-gnutls`. This caused a significant amount of confusion when
|
|
|
+ `libcurl` was built with SSL disabled since GnuTLS wasn't present.
|
|
|
|
|
|
- Closes #7746
|
|
|
-
|
|
|
-- GIT-INFO: rephrase to adapt to s/buildconf/autoreconf
|
|
|
+ 68d89f24 dropped the `--without-*` options from the configure help, but
|
|
|
+ `AC_ARG_WITH` still defines these flags automatically. As
|
|
|
+ https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/External-Software.html
|
|
|
+ describes, the `action-if-given` is called when the user specifies
|
|
|
+ `--with-*` or `--without-*` options.
|
|
|
+
|
|
|
+ To prevent this confusion, we make the `--without` flag do the right
|
|
|
+ thing by ignoring the value if it set to "no".
|
|
|
+
|
|
|
+ Closes #7994
|
|
|
|
|
|
-- [h1zzz brought this change]
|
|
|
+- [Rikard Falkeborn brought this change]
|
|
|
|
|
|
- llist: remove redundant code, branch will not be executed
|
|
|
+ docs/checksrc: Add documentation for STRERROR
|
|
|
|
|
|
- Closes #7770
|
|
|
-
|
|
|
-- [tlahn brought this change]
|
|
|
+ Closes #7991
|
|
|
|
|
|
- HTTP-COOKIES.md: remove duplicate 'each'
|
|
|
+- vtls/rustls: adapt to the updated rustls_version proto
|
|
|
|
|
|
- Closes #7772
|
|
|
+ Closes #7956
|
|
|
|
|
|
-Jay Satiro (24 Sep 2021)
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- libssh2: Get the version at runtime if possible
|
|
|
+ vtls/rustls: handle RUSTLS_RESULT_PLAINTEXT_EMPTY
|
|
|
|
|
|
- Previously this code used a compile time constant, meaning that libcurl
|
|
|
- always reported the libssh2 version that libcurl was built with. This
|
|
|
- could differ from the libssh2 version actually being used. The new code
|
|
|
- uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
|
|
|
- macro calls the libssh2_version function if it is available, otherwise
|
|
|
- it falls back to the compile time version.
|
|
|
+ Previously we'd return CURLE_READ_ERROR if we received this, instead
|
|
|
+ of triggering the error handling logic that's present in the next if
|
|
|
+ block down.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7768
|
|
|
+ After this change, curl requests to https://go.googlesource.com using
|
|
|
+ HTTP/2 complete successfully.
|
|
|
+
|
|
|
+ Fixes #7949
|
|
|
+ Closes #7948
|
|
|
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- schannel: fix typo
|
|
|
-
|
|
|
- Closes https://github.com/curl/curl/pull/7769
|
|
|
+ zuul: update build environment for rustls-ffi 0.8.0
|
|
|
|
|
|
-Daniel Stenberg (23 Sep 2021)
|
|
|
-- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
|
|
|
-
|
|
|
- To avoid the "... is deprecated" warnings brought by OpenSSL v3.
|
|
|
- (We need to address the underlying code at some point of course.)
|
|
|
-
|
|
|
- Assisted-by: Jakub Zakrzewski
|
|
|
- Closes #7767
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
-- curl-openssl: pass argument to sed single-quoted
|
|
|
+ vtls/rustls: update to compile with rustls-ffi v0.8.0
|
|
|
|
|
|
- ... instead of using an escaped double-quote. This is an attempt to make
|
|
|
- this work better with ksh that otherwise would insist on a double
|
|
|
- escape!
|
|
|
+ Some method names, as well as the generated library name, were changed
|
|
|
+ in a recent refactoring.
|
|
|
|
|
|
- Reported-by: Randall S. Becker
|
|
|
- Fixes #7758
|
|
|
- Closes #7764
|
|
|
+ Further, change the default configuration instructions to check for
|
|
|
+ Hyper in either "target/debug" or "target/release" - the latter
|
|
|
+ contains an optimized build configuration.
|
|
|
+
|
|
|
+ Fixes #7947
|
|
|
+ Closes #7948
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
- Bumped curlver to 7.80.0-dev
|
|
|
-
|
|
|
-- [a1346054 brought this change]
|
|
|
+ and bump the version to 7.80.1
|
|
|
|
|
|
- misc: fix typos in docs and comments
|
|
|
+- multi: shut down CONNECT in Curl_detach_connnection
|
|
|
|
|
|
- No user facing output from curl/libcurl is changed by this, just
|
|
|
- comments.
|
|
|
+ ... to prevent a lingering pointer that would lead to a double-free.
|
|
|
|
|
|
- Closes #7747
|
|
|
-
|
|
|
-- [Thomas M. DuBuisson brought this change]
|
|
|
+ Added test 1939 to verify.
|
|
|
+
|
|
|
+ Reported-by: Stephen M. Coakley
|
|
|
+ Fixes #7982
|
|
|
+ Closes #7986
|
|
|
|
|
|
- ci: update Lift config to match requirements of curl build
|
|
|
+- curl_easy_cleanup.3: remove from multi handle first
|
|
|
|
|
|
- Also renamed Muse -> Lift, the new tool name.
|
|
|
+ Easy handles that are used by the multi interface should be removed from
|
|
|
+ the multi handle before they are cleaned up.
|
|
|
|
|
|
- Closes #7761
|
|
|
-
|
|
|
-- [Rikard Falkeborn brought this change]
|
|
|
+ Reported-by: Stephen M. Coakley
|
|
|
+ Ref: #7982
|
|
|
+ Closes #7983
|
|
|
|
|
|
- cleanup: constify unmodified static structs
|
|
|
-
|
|
|
- Constify a number of static structs that are never modified. Make them
|
|
|
- const to show this.
|
|
|
+- url.c: fix the SIGPIPE comment for Curl_close
|
|
|
|
|
|
- Closes #7759
|
|
|
+ Closes #7984
|
|
|
|
|
|
-Version 7.79.1 (22 Sep 2021)
|
|
|
+Version 7.80.0 (10 Nov 2021)
|
|
|
|
|
|
-Daniel Stenberg (22 Sep 2021)
|
|
|
+Daniel Stenberg (10 Nov 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
- curl 7.79.1 release
|
|
|
+ for curl 7.80.0
|
|
|
|
|
|
-- THANKS: added names from the 7.79.1 release
|
|
|
+- THANKS: add contributors from the 7.80.0 cycle
|
|
|
|
|
|
-- test897: verify delivery of IMAP post-body header content
|
|
|
-
|
|
|
- The "content" is delivered as "body" by curl, but the envelope continues
|
|
|
- after the body and the rest of it should be delivered as header.
|
|
|
-
|
|
|
- The IMAP server can now get 'POSTFETCH' set to include more data to
|
|
|
- include after the body and test 897 is done to verify that such "extra"
|
|
|
- header data is in fact delivered by curl as header.
|
|
|
-
|
|
|
- Ref: #7284 but fails to reproduce the issue
|
|
|
-
|
|
|
- Closes #7748
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
-- KNOWN_BUGS: connection migration doesn't work
|
|
|
+ ngtcp2: advertise h3 as well as h3-29
|
|
|
|
|
|
- Closes #7695
|
|
|
+ Advertise h3 as well as h3-29 since some servers out there require h3
|
|
|
+ for QUIC v1.
|
|
|
+
|
|
|
+ Closes #7979
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
-- http: fix the broken >3 digit response code detection
|
|
|
+ ngtcp2: use QUIC v1 consistently
|
|
|
|
|
|
- When the "reason phrase" in the HTTP status line starts with a digit,
|
|
|
- that was treated as the forth response code digit and curl would claim
|
|
|
- the response to be non-compliant.
|
|
|
+ Since we switched to v1 quic_transport_parameters codepoint in #7960
|
|
|
+ with quictls, lets use QUIC v1 consistently.
|
|
|
|
|
|
- Added test 1466 to verify this case.
|
|
|
+ Closes #7979
|
|
|
+
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: compile with the latest nghttp3
|
|
|
|
|
|
- Regression brought by 5dc594e44f73b17
|
|
|
- Reported-by: Glenn de boer
|
|
|
- Fixes #7738
|
|
|
- Closes #7739
|
|
|
+ Closes #7978
|
|
|
|
|
|
-Jay Satiro (17 Sep 2021)
|
|
|
-- strerror: use sys_errlist instead of strerror on Windows
|
|
|
+Marc Hoersken (9 Nov 2021)
|
|
|
+- tests: add Schannel-specific tests and disable unsupported ones
|
|
|
|
|
|
- - Change Curl_strerror to use sys_errlist[errnum] instead of strerror to
|
|
|
- retrieve the error message on Windows.
|
|
|
+ Adds Schannel variants of SSLpinning tests that include the option
|
|
|
+ --ssl-revoke-best-effort to ignore certificate revocation check
|
|
|
+ failures which is required due to our custom test CA certificate.
|
|
|
|
|
|
- Windows' strerror writes to a static buffer and is not thread-safe.
|
|
|
+ Disable the original variants if the Schannel backend is enabled.
|
|
|
|
|
|
- Follow-up to 2f0bb86 which removed most instances of strerror in favor
|
|
|
- of calling Curl_strerror (which calls strerror_r for other platforms).
|
|
|
+ Also skip all IDN tests which are broken while using an msys shell.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7685
|
|
|
- Ref: https://github.com/curl/curl/commit/2f0bb86
|
|
|
+ This is a step to simplify test exclusions for Windows and MinGW.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7735
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7968
|
|
|
|
|
|
-Daniel Stenberg (16 Sep 2021)
|
|
|
-- dist: provide lib/.checksrc in the tarball
|
|
|
-
|
|
|
- So that debug builds work (checksrc really)
|
|
|
+Daniel Stenberg (8 Nov 2021)
|
|
|
+- docs: NAME fixes in easy option man pages
|
|
|
|
|
|
- Reported-by: Marcel Raad
|
|
|
- Reported-by: tawmoto on github
|
|
|
- Fixes #7733
|
|
|
- Closes #7734
|
|
|
+ Closes #7975
|
|
|
|
|
|
-- TODO: Improve documentation about fork safety
|
|
|
-
|
|
|
- Closes #6968
|
|
|
+- [Roger Young brought this change]
|
|
|
|
|
|
-- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
|
|
|
+ ftp: make the MKD retry to retry once per directory
|
|
|
|
|
|
- ... and have CURLE_ABORTED_BY_CALLBACK returned.
|
|
|
+ Reported-by: Roger Young
|
|
|
+ Fixes #7967
|
|
|
+ Closes #7976
|
|
|
+
|
|
|
+- tool_operate: reorder code to avoid compiler warning
|
|
|
|
|
|
- Extended test 1915 to verify.
|
|
|
+ tool_operate.c(889) : warning C4701: potentially uninitialized local
|
|
|
+ variable 'per' use
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Fixes #7726
|
|
|
- Closes #7729
|
|
|
+ Follow-up to cc71d352651a0d95
|
|
|
+ Reported-by: Marc Hörsken
|
|
|
+ Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
|
|
|
+ Closes #7971
|
|
|
|
|
|
-- test1184: disable
|
|
|
-
|
|
|
- The test should be fine and it works for me repeated when run manually,
|
|
|
- but clearly it causes CI failures and it needs more research.
|
|
|
+- curl_easy_perform.3: add a para about recv and send data
|
|
|
|
|
|
- Reported-by: RiderALT on github
|
|
|
- Fixes #7725
|
|
|
- Closes #7732
|
|
|
+ Reported-by: Godwin Stewart
|
|
|
+ Fixes #7973
|
|
|
+ Closes #7974
|
|
|
|
|
|
-- Curl_http2_setup: don't change connection data on repeat invokes
|
|
|
+- tool_operate: fclose stream only if fopened
|
|
|
|
|
|
- Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
|
|
|
- transfer oriented inits to before the check but also erroneously moved a
|
|
|
- few connection oriented ones, which causes problems.
|
|
|
+ Fixes torture test failures
|
|
|
+ Follow-up to cc71d352651
|
|
|
|
|
|
- Reported-by: Evangelos Foutras
|
|
|
- Fixes #7730
|
|
|
- Closes #7731
|
|
|
+ Closes #7972
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
- and bump to 7.79.1
|
|
|
+- libcurl-easy.3: language polish
|
|
|
|
|
|
-Kamil Dudka (16 Sep 2021)
|
|
|
-- tests/sshserver.pl: make it work with openssh-8.7p1
|
|
|
-
|
|
|
- ... by not using options with no argument where an argument is required:
|
|
|
+- limit-rate.d: this is average over several seconds
|
|
|
|
|
|
- === Start of file tests/log/ssh_server.log
|
|
|
- curl_sshd_config line 6: no argument after keyword "DenyGroups"
|
|
|
- curl_sshd_config line 7: no argument after keyword "AllowGroups"
|
|
|
- curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
|
|
|
- curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
|
|
|
- curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
|
|
|
- curl_sshd_config line 40: Deprecated option RSAAuthentication
|
|
|
- curl_sshd_config line 41: Deprecated option ServerKeyBits
|
|
|
- curl_sshd_config line 45: Deprecated option UseLogin
|
|
|
- curl_sshd_config line 56: no argument after keyword "AcceptEnv"
|
|
|
- curl_sshd_config: terminating, 3 bad configuration options
|
|
|
- === End of file tests/log/ssh_server.log
|
|
|
+ Closes #7970
|
|
|
+
|
|
|
+- docs: reduce/avoid English contractions
|
|
|
|
|
|
- === Start of file log/sftp_server.log
|
|
|
- curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
|
|
|
- curl_sftp_config line 34: Unsupported option "rsaauthentication"
|
|
|
- curl_sftp_config line 52: no argument after keyword "sendenv"
|
|
|
- curl_sftp_config: terminating, 1 bad configuration options
|
|
|
- Connection closed.
|
|
|
- Connection closed
|
|
|
- === End of file log/sftp_server.log
|
|
|
+ You're => You are
|
|
|
+ Hasn't => Has not
|
|
|
+ Doesn't => Does not
|
|
|
+ Don't => Do not
|
|
|
+ You'll => You will
|
|
|
+ etc
|
|
|
|
|
|
- Closes #7724
|
|
|
+ Closes #7930
|
|
|
|
|
|
-Daniel Stenberg (15 Sep 2021)
|
|
|
-- hsts: handle unlimited expiry
|
|
|
-
|
|
|
- When setting a blank expire string, meaning unlimited, curl would pass
|
|
|
- TIME_T_MAX to getime_r() when creating the output, while on 64 bit
|
|
|
- systems such a large value cannot be convetered to a tm struct making
|
|
|
- curl to exit the loop with an error instead. It can't be converted
|
|
|
- because the year it would represent doesn't fit in the 'int tm_year'
|
|
|
- field!
|
|
|
+- tool_operate: fix torture leaks with etags
|
|
|
|
|
|
- Starting now, unlimited expiry is instead handled differently by using a
|
|
|
- human readable expiry date spelled out as "unlimited" instead of trying
|
|
|
- to use a distant actual date.
|
|
|
+ Spotted by torture testing 343 344 345 347.
|
|
|
|
|
|
- Test 1660 and 1915 have been updated to help verify this change.
|
|
|
+ Follow-up from cc71d352651a0
|
|
|
+ Pointed-out-by: Dan Fandrich
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Fixes #7720
|
|
|
- Closes #7721
|
|
|
+ Closes #7969
|
|
|
|
|
|
-- curl_multi_fdset: make FD_SET() not operate on sockets out of range
|
|
|
+- [Amaury Denoyelle brought this change]
|
|
|
+
|
|
|
+ ngtcp2: support latest QUIC TLS RFC9001
|
|
|
|
|
|
- The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
|
|
|
- built to use select(), even though the curl_multi_fdset() function
|
|
|
- always and unconditionally uses FD_SET and needs the check.
|
|
|
+ QUIC Transport Parameters Extension has been changed between draft-29
|
|
|
+ and latest RFC9001. Most notably, its identifier has been updated from
|
|
|
+ 0xffa5 to 0x0039. The version is selected through the QUIC TLS library
|
|
|
+ via the legacy codepoint.
|
|
|
|
|
|
- Reported-by: 0xee on github
|
|
|
- Fixes #7718
|
|
|
- Closes #7719
|
|
|
-
|
|
|
-- FAQ: add GOPHERS + curl works on data, not files
|
|
|
-
|
|
|
-Version 7.79.0 (14 Sep 2021)
|
|
|
-
|
|
|
-Daniel Stenberg (14 Sep 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Disable the usage of legacy codepoint in curl to switch to latest
|
|
|
+ RFC9001. This is required to be able to keep up with latest QUIC
|
|
|
+ implementations.
|
|
|
|
|
|
- For the 7.79.0 release
|
|
|
+ Acked-by: Tatsuhiro Tsujikawa
|
|
|
+ Closes #7960
|
|
|
|
|
|
-- THANKS: add contributors from 7.79.0 release cycle
|
|
|
+- test1173: make manpage-syntax.pl spot \n errors in examples
|
|
|
|
|
|
-- FAQ: add two dev related questions
|
|
|
-
|
|
|
- 8.1 Why does curl use C89?
|
|
|
- 8.2 Will curl be rewritten?
|
|
|
+- man pages: fix backslash-n in examples
|
|
|
|
|
|
- Spell-checked-by: Paul Johnson
|
|
|
- Closes #7715
|
|
|
-
|
|
|
-- zuul.d/jobs: disable three tests for *-openssl-disable-proxy
|
|
|
+ ... to be proper backslash-backslash-n sequences to render nicely in man
|
|
|
+ and on website.
|
|
|
|
|
|
- ... as they mysteriously seem to permfail without being related to
|
|
|
- proxy.
|
|
|
+ Follow-up to 24155569d8a
|
|
|
+ Reported-by: Sergey Markelov
|
|
|
|
|
|
- Closes #7714
|
|
|
+ Fixes https://github.com/curl/curl-www/issues/163
|
|
|
+ Closes #7962
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- scripts/release-notes.pl: use out of repo links verbatim in refs
|
|
|
|
|
|
- ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
|
|
|
+- tool_operate: a failed etag save now only fails that transfer
|
|
|
|
|
|
- If a server pipelines future responses within the STARTTLS response, the
|
|
|
- former are preserved in the pingpong cache across TLS negotiation and
|
|
|
- used as responses to the encrypted commands.
|
|
|
+ When failing to create the output file for saving an etag, only fail
|
|
|
+ that particular single transfer and allow others to follow.
|
|
|
|
|
|
- This fix detects pipelined STARTTLS responses and rejects them with an
|
|
|
- error.
|
|
|
+ In a serial transfer setup, if no transfer at all is done due to them
|
|
|
+ all being skipped because of this error, curl will output an error
|
|
|
+ message and return exit code 26.
|
|
|
|
|
|
- CVE-2021-22947
|
|
|
+ Added test 369 and 370 to verify.
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22947.html
|
|
|
+ Reported-by: Earnestly on github
|
|
|
+ Ref: #7942
|
|
|
+ Closes #7945
|
|
|
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+- [Kevin Burke brought this change]
|
|
|
|
|
|
- ftp,imap,pop3: do not ignore --ssl-reqd
|
|
|
+ .github: retry macos "brew install" command on failure
|
|
|
|
|
|
- In imap and pop3, check if TLS is required even when capabilities
|
|
|
- request has failed.
|
|
|
+ Previously we saw errors attempting to run "brew install", see
|
|
|
+ https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for
|
|
|
+ an example, since this command is idempotent, it is safe to run again.
|
|
|
|
|
|
- In ftp, ignore preauthentication (230 status of server greeting) if TLS
|
|
|
- is required.
|
|
|
+ Closes #7955
|
|
|
+
|
|
|
+- CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22946.html
|
|
|
+ Ref: https://github.com/curl/curl/discussions/7954
|
|
|
|
|
|
- CVE-2021-22946
|
|
|
+ Closes #7957
|
|
|
|
|
|
-- [z2_ on hackerone brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- mqtt: clear the leftovers pointer when sending succeeds
|
|
|
+- zuul: pin the quiche build to use an older cmake-rs
|
|
|
|
|
|
- CVE-2021-22945
|
|
|
+ The latest cmake-rs assumes cmake's --parallel works. That was added in
|
|
|
+ cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
|
|
|
+ has cmake 3.10.
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22945.html
|
|
|
+ Fixes #7927
|
|
|
+ Closes #7952
|
|
|
|
|
|
-- zuul: bump the rustls job to use v0.7.2
|
|
|
+- [Marc Hoersken brought this change]
|
|
|
+
|
|
|
+ Revert "src/tool_filetime: disable -Wformat on mingw for this file"
|
|
|
|
|
|
- ... and add -lm when using a rust library.
|
|
|
+ This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f.
|
|
|
|
|
|
- Closes #7701
|
|
|
-
|
|
|
-- RELEASE-PROCEDURE: add release dates from now to 8.0.0 in 2023
|
|
|
-
|
|
|
-- SECURITY-PROCESS: tweak a little to match current practices
|
|
|
+ Follow up to #6535 as the pragma is obsolete with warnf
|
|
|
|
|
|
- Closes #7713
|
|
|
+ Closes #7941
|
|
|
|
|
|
-- http_proxy: fix the User-Agent inclusion in CONNECT
|
|
|
+Jay Satiro (2 Nov 2021)
|
|
|
+- schannel: fix memory leak due to failed SSL connection
|
|
|
|
|
|
- It should not refer to the uagent string that is allocated and created
|
|
|
- for the end server http request, as that pointer may be cleared on
|
|
|
- subsequent CONNECT requests.
|
|
|
+ - Call schannel_shutdown if the SSL connection fails.
|
|
|
|
|
|
- Added test case 1184 to verify.
|
|
|
+ Prior to this change schannel_shutdown (which shuts down the SSL
|
|
|
+ connection as well as memory cleanup) was not called when the SSL
|
|
|
+ connection failed (eg due to failed handshake).
|
|
|
|
|
|
- Reported-by: T200proX7 on github
|
|
|
- Fixes #7705
|
|
|
- Closes #7707
|
|
|
-
|
|
|
-- Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
|
|
|
+ Co-authored-by: Gisle Vanem
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Fixes #7710
|
|
|
- Closes #7711
|
|
|
-
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+ Fixes https://github.com/curl/curl/issues/7877
|
|
|
+ Closes https://github.com/curl/curl/pull/7878
|
|
|
|
|
|
- ngtcp2: fix build with ngtcp2 and nghttp3
|
|
|
-
|
|
|
- ngtcp2_conn_client_new and nghttp3_conn_client_new are now macros.
|
|
|
- Check the wrapped functions instead.
|
|
|
+Daniel Stenberg (2 Nov 2021)
|
|
|
+- Curl_updateconninfo: store addresses for QUIC connections too
|
|
|
|
|
|
- ngtcp2_stream_close callback now takes flags parameter.
|
|
|
+ So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP
|
|
|
+ versions.
|
|
|
|
|
|
- Closes #7709
|
|
|
+ Reported-by: Jerome Mao
|
|
|
+ Fixes #7939
|
|
|
+ Closes #7944
|
|
|
|
|
|
-- write-out.d: clarify size_download/upload
|
|
|
-
|
|
|
- They show the number of "body" bytes transfered.
|
|
|
- Fixes #7702
|
|
|
- Closes #7706
|
|
|
+- [Sergio Durigan Junior brought this change]
|
|
|
|
|
|
-- http2: Curl_http2_setup needs to init stream data in all invokes
|
|
|
+ curl.1: fix typos in the manpage
|
|
|
|
|
|
- Thus function was written to avoid doing multiple connection data
|
|
|
- initializations, which is fine, but since it also initiates stream
|
|
|
- related data it is crucial that it doesn't skip those even if called
|
|
|
- again for the same connection. Solved by moving the stream
|
|
|
- initializations before the "doing-it-again" check.
|
|
|
+ s/transfering/transferring/
|
|
|
+ s/transfered/transferred/
|
|
|
|
|
|
- Reported-by: Inho Oh
|
|
|
- Fixes #7630
|
|
|
- Closes #7692
|
|
|
+ Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
|
|
|
+ Closes #7937
|
|
|
|
|
|
-- url: fix compiler warning in no-verbose builds
|
|
|
-
|
|
|
- Follow-up from 2f0bb864c12
|
|
|
+Marc Hoersken (1 Nov 2021)
|
|
|
+- tests/smbserver.py: fix compatibility with impacket 0.9.23+
|
|
|
|
|
|
- Closes #7700
|
|
|
-
|
|
|
-- non-ascii: fix build errors from strerror fix
|
|
|
+ impacket now performs sanity checks if the requested and to
|
|
|
+ be served file path actually is inside the real share path.
|
|
|
|
|
|
- Follow-up to 2f0bb864c12
|
|
|
+ Ref: https://github.com/SecureAuthCorp/impacket/pull/1066
|
|
|
|
|
|
- Closes #7697
|
|
|
+ Fixes #7924
|
|
|
+ Closes #7935
|
|
|
|
|
|
-- parse_args: redo the warnings for --remote-header-name combos
|
|
|
-
|
|
|
- ... to avoid the memory leak risk pointed out by scan-build.
|
|
|
+Daniel Stenberg (1 Nov 2021)
|
|
|
+- docs: reduce use of "very"
|
|
|
|
|
|
- Follow-up from 7a3e981781d6c18a
|
|
|
+ "Very" should be avoided in most texts. If intensifiers are needed, try
|
|
|
+ find better words instead.
|
|
|
|
|
|
- Closes #7698
|
|
|
+ Closes #7936
|
|
|
|
|
|
-- ngtcp2: adapt to new size defintions upstream
|
|
|
-
|
|
|
- Reviewed-by: Tatsuhiro Tsujikawa
|
|
|
- Closes #7699
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
-- rustls: add strerror.h include
|
|
|
+ ngtcp2: specify the missing required callback functions
|
|
|
|
|
|
- Follow-up to 2f0bb864c12
|
|
|
+ Closes #7929
|
|
|
|
|
|
-- docs: the security list is reached at security at curl.se now
|
|
|
+- CURLOPT_[PROXY]_SSL_CIPHER_LIST.3: bold instead of quote
|
|
|
|
|
|
- Also update the FAQ section a bit to encourage users to rather submit
|
|
|
- security issues on hackerone than sending email.
|
|
|
+ Bold the example ciphers instead of using single quotes, which then also
|
|
|
+ avoids the problem of how to use single quotes when first in a line.
|
|
|
|
|
|
- Closes #7689
|
|
|
+ Also rephrased the pages a little.
|
|
|
+
|
|
|
+ Reported-by: Sergio Durigan Junior
|
|
|
+ Ref: #7928
|
|
|
+ Closes #7934
|
|
|
|
|
|
-Marc Hoersken (9 Sep 2021)
|
|
|
-- runtests: add option -u to error on server unexpectedly alive
|
|
|
+- gen.pl: replace leading single quotes with \(aq
|
|
|
|
|
|
- Let's try to actually handle the server unexpectedly alive
|
|
|
- case by first making them visible on CI builds as failures.
|
|
|
+ ... and allow single quotes to be used "normally" in the .d files.
|
|
|
|
|
|
- This is needed to detect issues with killing of the test
|
|
|
- servers completely including nested process chains with
|
|
|
- multiple PIDs per test server (including bash and perl).
|
|
|
+ Makes the output curl.1 use better nroff.
|
|
|
|
|
|
- On Windows/cygwin platforms this is especially helpful with
|
|
|
- debugging PID mixups due to cygwin using its own PID space.
|
|
|
+ Reported-by: Sergio Durigan Junior
|
|
|
+ Ref: #7928
|
|
|
+ Closes #7933
|
|
|
+
|
|
|
+Marc Hoersken (1 Nov 2021)
|
|
|
+- tests: kill some test servers afterwards to avoid locked logfiles
|
|
|
|
|
|
Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7180
|
|
|
+ Closes #7925
|
|
|
|
|
|
-Daniel Stenberg (9 Sep 2021)
|
|
|
-- opts docs: unify phrasing in NAME header
|
|
|
+Daniel Stenberg (1 Nov 2021)
|
|
|
+- smooth-gtk-thread.c: enhance the mutex lock use
|
|
|
|
|
|
- - avoid writing "set ..." or "enable/disable ..." or "specify ..."
|
|
|
- *All* options for curl_easy_setopt() are about setting or enabling
|
|
|
- things and most of the existing options didn't use that way of
|
|
|
- description.
|
|
|
+ Reported-by: ryancaicse on github
|
|
|
+ Fixes #7926
|
|
|
+ Closes #7931
|
|
|
+
|
|
|
+Marc Hoersken (31 Oct 2021)
|
|
|
+- CI/runtests.pl: restore -u flag, but remove it from CI runs
|
|
|
|
|
|
- - start with lowercase letter, unless abbreviation. For consistency.
|
|
|
+ This makes it possible to use -u again for local testing,
|
|
|
+ but removes the flag from CI config files and make targets.
|
|
|
|
|
|
- - Some additional touch-ups
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7688
|
|
|
+ Partially reverts #7841
|
|
|
+ Closes #7921
|
|
|
|
|
|
-- strerror.h: remove the #include from files not using it
|
|
|
+Daniel Stenberg (29 Oct 2021)
|
|
|
+- [Jonathan Cardoso Machado brought this change]
|
|
|
|
|
|
-- lib: don't use strerror()
|
|
|
-
|
|
|
- We have and provide Curl_strerror() internally for a reason: strerror()
|
|
|
- is not necessarily thread-safe so we should always try to avoid it.
|
|
|
-
|
|
|
- Extended checksrc to warn for this, but feature the check disabled by
|
|
|
- default and only enable it in lib/
|
|
|
+ CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required
|
|
|
|
|
|
- Closes #7685
|
|
|
+ Closes #7923
|
|
|
|
|
|
-Daniel Gustafsson (8 Sep 2021)
|
|
|
-- cirrus: Add FreeBSD 13.0 job and disable sanitizer build
|
|
|
-
|
|
|
- As alluded to the in the now removed comment, a 13.0 image became
|
|
|
- available and is now ready to be used.
|
|
|
+- [Axel Morawietz brought this change]
|
|
|
+
|
|
|
+ imap: display quota information
|
|
|
|
|
|
- The sanitizer builds were running on the 12.1 image which since has
|
|
|
- been removed from the config, leaving the builds not running at all.
|
|
|
- When enabled it turns out that they don't actually work due to very
|
|
|
- long timeouts in executing the tests, so keep the disabled for now
|
|
|
- but a bit more controlled.
|
|
|
+ Show response to "GETQUOTAROOT INBOX" command.
|
|
|
|
|
|
- Closes #7592
|
|
|
-
|
|
|
-Daniel Stenberg (8 Sep 2021)
|
|
|
-- copyrights: update copyright year ranges
|
|
|
+ Closes #6973
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- INTERNALS: c-ares has a new home: c-ares.org
|
|
|
+- [Boris Rasin brought this change]
|
|
|
|
|
|
-- docs: remove experimental mentions from HSTS and MQTT
|
|
|
+ cmake: fix error getting LOCATION property on non-imported target
|
|
|
|
|
|
- Reported-by: Jonathan Cardoso
|
|
|
- Bug: https://github.com/curl/curl/pull/6700#issuecomment-913792863
|
|
|
- Closes #7681
|
|
|
+ Closes #7885
|
|
|
|
|
|
-- [Cao ZhenXiang brought this change]
|
|
|
+- [Xiaoke Wang brought this change]
|
|
|
|
|
|
- curl: add warning for incompatible parameters usage
|
|
|
-
|
|
|
- --continue-at - and --remote-header-name are known incompatible parameters
|
|
|
+ url: check the return value of curl_url()
|
|
|
|
|
|
- Closes #7674
|
|
|
-
|
|
|
-- [git-bruh brought this change]
|
|
|
+ Closes #7917
|
|
|
|
|
|
- examples/*hiperfifo.c: fix calloc arguments to match function proto
|
|
|
-
|
|
|
- Closes #7678
|
|
|
+- [Roy Li brought this change]
|
|
|
|
|
|
-- INTERNALS: bump c-ares requirement to 1.16.0
|
|
|
+ configure.ac: replace krb5-config with pkg-config
|
|
|
|
|
|
- Since ba904db0705c93 we use ares_getaddrinfo, added in c-ares 1.16.0
|
|
|
-
|
|
|
-- curl: stop retry if Retry-After: is longer than allowed
|
|
|
-
|
|
|
- If Retry-After: specifies a period that is longer than what fits within
|
|
|
- --retry-max-time, then stop retrying immediately.
|
|
|
+ The rationale is that custom *-config tools don't work well when
|
|
|
+ cross-compiling or using sysroots (such as when using Yocto project) and
|
|
|
+ require custom fixing for each of them; pkg-config on the other hand
|
|
|
+ works similarly everywhere.
|
|
|
|
|
|
- Added test 366 to verify.
|
|
|
+ Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
|
|
+ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
|
|
|
|
|
- Reported-by: Kari Pahula
|
|
|
- Fixes #7675
|
|
|
- Closes #7676
|
|
|
-
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+ Closes #7916
|
|
|
|
|
|
- mbedtls: avoid using a large buffer on the stack
|
|
|
-
|
|
|
- Use dynamic memory allocation for the buffer used in checking "pinned
|
|
|
- public key". The PUB_DER_MAX_BYTES parameter with default settings is
|
|
|
- set to a value greater than 2kB.
|
|
|
+- test1160: edited to work with hyper
|
|
|
|
|
|
- Co-authored-by: Daniel Stenberg
|
|
|
- Closes #7586
|
|
|
+ Closes #7912
|
|
|
|
|
|
-- configure: make --disable-hsts work
|
|
|
-
|
|
|
- The AC_ARG_ENABLE() macro itself uses a variable called
|
|
|
- 'enable_[option]', so when our script also used a variable with that
|
|
|
- name for the purpose of storing what the user wants, it also
|
|
|
- accidentally made it impossible to switch off the feature with
|
|
|
- --disable-hsts. Fix this by renaming our variable.
|
|
|
+- data/DISABLED: enable tests that now work with hyper
|
|
|
|
|
|
- Reported-by: Michał Antoniak
|
|
|
- Fixes #7669
|
|
|
- Closes #7672
|
|
|
+ Closes #7911
|
|
|
|
|
|
-Jay Satiro (5 Sep 2021)
|
|
|
-- config.d: note that curlrc is used even when --config
|
|
|
+- test559: add 'HTTP' in keywords
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
|
|
|
- Reported-by: Viktor Szakats
|
|
|
+ Makes it run fine with hyper
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7667
|
|
|
+ Closes #7911
|
|
|
|
|
|
-Daniel Stenberg (4 Sep 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- test552: updated to work with hyper
|
|
|
+
|
|
|
+ Closes #7911
|
|
|
|
|
|
-- test1173: check references to libcurl options
|
|
|
+Marc Hoersken (27 Oct 2021)
|
|
|
+- github: fix incomplete permission to label PRs for Hacktoberfest
|
|
|
|
|
|
- ... that they refer to actual existing libcurl options.
|
|
|
+ Unfortunately the GitHub API requires a token with write permission
|
|
|
+ for both issues and pull-requests to edit labels on even just PRs.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7656
|
|
|
+ Follow up to #7897
|
|
|
|
|
|
-- CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
|
|
|
+Daniel Stenberg (27 Oct 2021)
|
|
|
+- opt-manpages: use 'Added in' instead of 'Since'
|
|
|
|
|
|
- Closes #7656
|
|
|
+ Closes #7913
|
|
|
|
|
|
-- opt-docs: verify man page sections + order
|
|
|
-
|
|
|
- In every libcurl option man page there are now 8 mandatory sections that
|
|
|
- must use the right name in the correct order and test 1173 verifies
|
|
|
- this. Only 14 man pages needed adjustments.
|
|
|
+Marc Hoersken (27 Oct 2021)
|
|
|
+- github: fix missing permission to label PRs for Hacktoberfest
|
|
|
|
|
|
- The sections and the order is as follows:
|
|
|
+ Follow up to #7897
|
|
|
|
|
|
- - NAME
|
|
|
- - SYNOPSIS
|
|
|
- - DESCRIPTION
|
|
|
- - PROTOCOLS
|
|
|
- - EXAMPLE
|
|
|
- - AVAILABILITY
|
|
|
- - RETURN VALUE
|
|
|
- - SEE ALSO
|
|
|
+ Test references to see if permissions are now sufficient:
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7656
|
|
|
+ Closes #7832
|
|
|
+ Closes #7897
|
|
|
|
|
|
-- opt-docs: make sure all man pages have examples
|
|
|
-
|
|
|
- Extended manpage-syntax.pl (run by test 1173) to check that every man
|
|
|
- page for a libcurl option has an EXAMPLE section that is more than two
|
|
|
- lines. Then fixed all errors it found and added examples.
|
|
|
+- CI: more use of test-ci make target and verbose output
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7656
|
|
|
-
|
|
|
-- get.d: provide more useful examples
|
|
|
+ Replace test-nonflaky with test-ci and enable verbose output
|
|
|
+ in all remaining CIs except Zuul which is customized a lot.
|
|
|
|
|
|
- Closes #7668
|
|
|
-
|
|
|
-- page-header: add GOPHERS, simplify wording in the 1st para
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
|
|
|
- Closes #7665
|
|
|
+ Follow up to #7785
|
|
|
+ Closes #7832
|
|
|
|
|
|
-- connect: get local port + ip also when reusing connections
|
|
|
+- github: add support for Hacktoberfest using labels
|
|
|
|
|
|
- Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
|
|
|
- (connection + easy handle), so this info needs be extracted again even
|
|
|
- for re-used connections.
|
|
|
+ Automatically add hacktoberfest-accepted label to PRs opened between
|
|
|
+ September 30th and November 1st once a commit with a close reference
|
|
|
+ to it is pushed onto the master branch.
|
|
|
|
|
|
- Add test 435 to verify
|
|
|
+ With this workflow we can participate in Hacktoberfest while not
|
|
|
+ relying on GitHub to identify PRs as merged due to our rebasing.
|
|
|
|
|
|
- Reported-by: Max Dymond
|
|
|
- Fixes #7660
|
|
|
- Closes #7662
|
|
|
-
|
|
|
-Marcel Raad (2 Sep 2021)
|
|
|
-- multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
|
|
|
+ Requires hacktoberfest-accepted labels to exist for PRs on the
|
|
|
+ participating repository. Also requires hacktoberfest topic on
|
|
|
+ the participating repository to avoid applying to forked repos.
|
|
|
|
|
|
- `use_wakeup` is unused in this case.
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7661
|
|
|
+ Fixes #7865
|
|
|
+ Closes #7897
|
|
|
|
|
|
-Daniel Stenberg (1 Sep 2021)
|
|
|
-- tests: adjust the tftpd output to work with hyper mode
|
|
|
+Daniel Stenberg (27 Oct 2021)
|
|
|
+- http: reject HTTP response codes < 100
|
|
|
|
|
|
- By making them look less like http headers, the hyper mode "tweak"
|
|
|
- doesn't interfere.
|
|
|
+ ... which then also includes negative ones as test 1430 uses.
|
|
|
|
|
|
- Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated
|
|
|
- but should be enabled).
|
|
|
+ This makes native + hyper backend act identically on this and therefore
|
|
|
+ test 1430 can now be enabled when building with hyper. Adjust test 1431
|
|
|
+ as well.
|
|
|
|
|
|
- Closes #7658
|
|
|
+ Closes #7909
|
|
|
|
|
|
-Daniel Gustafsson (1 Sep 2021)
|
|
|
-- [Gisle Vanem brought this change]
|
|
|
+- [Kerem Kat brought this change]
|
|
|
|
|
|
- openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
|
|
|
+ docs: fix typo in CURLOPT_TRAILERFUNCTION example
|
|
|
|
|
|
- This adds support for the previously unhandled supplemental data which
|
|
|
- in -v output was printed like:
|
|
|
+ Closes #7910
|
|
|
+
|
|
|
+- docs/HYPER: remove some remaining issues, add HTTP/0.9 limitation
|
|
|
+
|
|
|
+- configure: when hyper is selected, deselect nghttp2
|
|
|
|
|
|
- TLSv1.2 (IN), TLS header, Unknown (23):
|
|
|
+ Closes #7908
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ sendf: accept zero-length data in Curl_client_write()
|
|
|
|
|
|
- These will now be printed with proper annotation:
|
|
|
+ Historically, Curl_client_write() used a length value of 0 as a marker
|
|
|
+ for a null-terminated data string. This feature has been removed in
|
|
|
+ commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT
|
|
|
+ statement rejecting a length with value 0 was introduced, effectively
|
|
|
+ precluding use of this function with zero-length data.
|
|
|
|
|
|
- TLSv1.2 (OUT), TLS header, Supplemental data (23):
|
|
|
+ The current commit removes the DEBUGASSERT and makes the function to
|
|
|
+ return immediately if length is 0.
|
|
|
|
|
|
- Closes #7652
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
-
|
|
|
-Daniel Stenberg (1 Sep 2021)
|
|
|
-- curl.1: provide examples for each option
|
|
|
+ A direct effect is to fix trying to output a zero-length distinguished
|
|
|
+ name in openldap.
|
|
|
|
|
|
- The file format for each option now features a "Example:" header that
|
|
|
- can provide one or more examples that get rendered appropriately in the
|
|
|
- output. All options MUST have at least one example or gen.pl complains
|
|
|
- at build-time.
|
|
|
+ Another DEBUGASSERT statement is also rephrased for better readability.
|
|
|
|
|
|
- This fix also does a few other minor format and consistency cleanups.
|
|
|
+ Closes #7898
|
|
|
+
|
|
|
+- hyper: disable test 1294 since hyper doesn't allow such crazy headers
|
|
|
|
|
|
- Closes #7654
|
|
|
+ Closes #7905
|
|
|
|
|
|
-- progress: make trspeed avoid floats
|
|
|
+- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
|
|
|
|
|
|
- and compiler warnings for data conversions.
|
|
|
+ Verified by the enabled test 1288
|
|
|
|
|
|
- Reported-by: Michał Antoniak
|
|
|
- Fixes #7645
|
|
|
- Closes #7653
|
|
|
-
|
|
|
-- test365: verify response with chunked AND Content-Length headers
|
|
|
+ Closes #7905
|
|
|
|
|
|
-- http: ignore content-length if any transfer-encoding is used
|
|
|
+- test1287: make work on hyper
|
|
|
|
|
|
- Fixes #7643
|
|
|
- Closes #7649
|
|
|
+ Closes #7905
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- test1266/1267: disabled on hyper: no HTTP/0.9 support
|
|
|
+
|
|
|
+ Closes #7905
|
|
|
|
|
|
-- Revert "http2: skip immediate parsing of payload following protocol switch"
|
|
|
+Viktor Szakats (25 Oct 2021)
|
|
|
+- Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options
|
|
|
|
|
|
- This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb.
|
|
|
+ Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled
|
|
|
+ (and then failed with an error when not finding expected OpenSSL headers),
|
|
|
+ but this isn't necessarly true, e.g. when building both libssh2 and curl
|
|
|
+ against Schannel. This patch makes sure to only enable the OpenSSL backend
|
|
|
+ with -libssh2/-rtmp, when there was no SSL option explicitly selected.
|
|
|
|
|
|
- Reported-by: Tk Xiong
|
|
|
- Fixes #7633
|
|
|
- Closes #7648
|
|
|
-
|
|
|
-- KNOWN_BUGS: HTTP/3 doesn't support client certs
|
|
|
+ - Re-implement the logic as a single block of script.
|
|
|
+ - Also fix an indentation while there.
|
|
|
|
|
|
- Closes #7625
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+
|
|
|
+ Closes #7895
|
|
|
|
|
|
-- mailing lists: move from cool.haxx.se to lists.haxx.se
|
|
|
+Daniel Stenberg (25 Oct 2021)
|
|
|
+- docs: consistent use of "Added in"
|
|
|
+
|
|
|
+ Make them all say "Added in [version]" without using 'curl' or 'libcurl'
|
|
|
+ in that phrase.
|
|
|
|
|
|
-- http_proxy: only wait for writable socket while sending request
|
|
|
+- man pages: require all to use the same section header order
|
|
|
|
|
|
- Otherwise it would wait socket writability even after the entire CONNECT
|
|
|
- request has sent and make curl basically busy-loop while waiting for a
|
|
|
- response to come back.
|
|
|
+ This is the same order we already enforce among the options' man pages:
|
|
|
+ consistency is good. Add lots of previously missing examples.
|
|
|
|
|
|
- The previous fix attempt in #7484 (c27a70a591a4) was inadequate.
|
|
|
+ Adjust the manpage-syntax script for this purpose, used in test 1173.
|
|
|
|
|
|
- Reported-by: zloi-user on github
|
|
|
- Reported-by: Oleguer Llopart
|
|
|
- Fixes #7589
|
|
|
- Closes #7647
|
|
|
+ Closes #7904
|
|
|
|
|
|
-- http: disallow >3-digit response codes
|
|
|
+- [David Hu brought this change]
|
|
|
+
|
|
|
+ docs/HTTP3: improve build instructions
|
|
|
|
|
|
- Make the built-in HTTP parser behave similar to hyper and reject any
|
|
|
- HTTP response using more than 3 digits for the response code.
|
|
|
+ 1. If writing to a system path if the command is not prefixed with
|
|
|
+ `sudo` it will cause a permission denied error
|
|
|
|
|
|
- Updated test 1432 accordingly.
|
|
|
- Enabled test 1432 in the hyper builds.
|
|
|
+ 2. The patched OpenSSL branch has been updated to `openssl-3.0.0+quic`
|
|
|
+ to match upstream OpenSSL version.
|
|
|
|
|
|
- Closes #7641
|
|
|
+ 3. We should not disable GnuTLS docs.
|
|
|
+
|
|
|
+ Updated some commands about `make install`
|
|
|
+
|
|
|
+ Closes #7842
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [Ricardo Martins brought this change]
|
|
|
|
|
|
- ngtcp2: stop buffering crypto data
|
|
|
+ CMake: restore support for SecureTransport on iOS
|
|
|
|
|
|
- Stop buffering crypto data because libngtcp2 now buffers submitted
|
|
|
- crypto data.
|
|
|
+ Restore support for building curl for iOS with SecureTransport enabled.
|
|
|
|
|
|
- Closes #7637
|
|
|
+ Closes #7501
|
|
|
|
|
|
-- test1280: CRLFify the response to please hyper
|
|
|
+- tests: enable more tests with hyper
|
|
|
|
|
|
- Closes #7639
|
|
|
-
|
|
|
-- tests: enable test 1129 for hyper builds
|
|
|
+ Adjusted 1144, 1164 and 1176.
|
|
|
|
|
|
- Closes #7638
|
|
|
+ Closes #7900
|
|
|
|
|
|
-- curl: better error message when -O fails to get a good name
|
|
|
+- docs: provide "RETURN VALUE" section for more func manpages
|
|
|
|
|
|
- Due to how this currently works internally, it needs a working initial
|
|
|
- file name to store contents in, so it may still fail even with -J is
|
|
|
- used (and thus accepting a name from content-disposition:) if the file
|
|
|
- name part of the URL isn't "good enough".
|
|
|
+ Three were missing, one used a non-standard name for the header.
|
|
|
|
|
|
- Fixes #7628
|
|
|
- Closes #7635
|
|
|
+ Closes #7902
|
|
|
|
|
|
-- curl_easy_setopt: tweak the string copy wording
|
|
|
+Jay Satiro (25 Oct 2021)
|
|
|
+- curl_multi_socket_action.3: add a "RETURN VALUE" section
|
|
|
|
|
|
- Reported-by: Yaobin Wen
|
|
|
- Fixes #7632
|
|
|
- Closes #7634
|
|
|
+ .. because it may not be immediately clear to the user what
|
|
|
+ curl_multi_socket_action returns.
|
|
|
+
|
|
|
+ Ref: https://curl.se/mail/lib-2021-10/0035.html
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7901
|
|
|
|
|
|
+Daniel Stenberg (24 Oct 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Don J Olmstead brought this change]
|
|
|
+- [Samuel Henrique brought this change]
|
|
|
|
|
|
- cmake: sync CURL_DISABLE options
|
|
|
+ tests: use python3 in test 1451
|
|
|
|
|
|
- Adds the full listing of CURL_DISABLE options to the CMake build. Moves
|
|
|
- all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
|
|
|
- resides near OpenSSL configuration, to the same block of code. Also
|
|
|
- sorts the options here and in the cmake config header.
|
|
|
+ This is a continuation of commit ec91b5a69000bea0794bbb3 in which
|
|
|
+ changing this test was missed. There are no other python2 leftovers
|
|
|
+ now.
|
|
|
|
|
|
- Additionally sorted the CURL-DISABLE listing and fixed the
|
|
|
- CURL_DISABLE_POP3 option.
|
|
|
+ Based on a Debian patch originally written by Alessandro Ghedini
|
|
|
+ <ghedo@debian.org>
|
|
|
|
|
|
- Closes #7624
|
|
|
+ Closes #7899
|
|
|
|
|
|
-Jay Satiro (25 Aug 2021)
|
|
|
-- KNOWN_BUGS: FTPS upload data loss with TLS 1.3
|
|
|
-
|
|
|
- Bug: https://github.com/curl/curl/issues/6149
|
|
|
- Reported-by: Bylon2@users.noreply.github.com
|
|
|
+- [Eddie Lumpkin brought this change]
|
|
|
+
|
|
|
+ lib: fixing comment spelling typos in lib files
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7623
|
|
|
+ Closes #7894
|
|
|
+ Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
|
|
|
|
|
|
-Daniel Stenberg (24 Aug 2021)
|
|
|
-- cmake: avoid poll() on macOS
|
|
|
+- openssl: if verifypeer is not requested, skip the CA loading
|
|
|
|
|
|
- ... like we do in configure builds. Since poll() on macOS is not
|
|
|
- reliable enough.
|
|
|
+ It was previously done mostly to show a match/non-match in the verbose
|
|
|
+ output even when verification was not asked for. This change skips the
|
|
|
+ loading of the CA certs unless verifypeer is set to save memory and CPU.
|
|
|
|
|
|
- Reported-by: marc-groundctl
|
|
|
- Fixes #7595
|
|
|
- Closes #7619
|
|
|
+ Closes #7892
|
|
|
|
|
|
-- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
|
|
|
+- curl-confopts.m4: remove --enable/disable-hidden-symbols
|
|
|
|
|
|
- Enable test 1074
|
|
|
+ These configure options have been saying "deprecated" since 9e24b9c7af
|
|
|
+ (April 2012). It was about time we remove them.
|
|
|
|
|
|
- Closes #7617
|
|
|
+ Closes #7891
|
|
|
|
|
|
-- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
|
|
|
+- c-hyper: don't abort CONNECT responses early when auth-in-progress
|
|
|
|
|
|
- Enable test 1130 and 1131
|
|
|
+ ... and make sure to stop ignoring the body once the CONNECT is done.
|
|
|
|
|
|
- Closes #7616
|
|
|
-
|
|
|
-- [a1346054 brought this change]
|
|
|
+ This should make test 206 work proper again and not be flaky.
|
|
|
+
|
|
|
+ Closes #7889
|
|
|
|
|
|
- tests: be explicit about using 'python3' instead of 'python'
|
|
|
+- hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING
|
|
|
|
|
|
- This fixes running tests in virtualenvs (or on distros) that no longer
|
|
|
- have a symlink from python to python2 or python3.
|
|
|
+ Simply because hyper doesn't have this ability. Mentioned in docs now.
|
|
|
|
|
|
- Closes #7602
|
|
|
-
|
|
|
-- [a1346054 brought this change]
|
|
|
-
|
|
|
- scripts: invoke interpreters through /usr/bin/env
|
|
|
+ Skip test 326 then
|
|
|
|
|
|
- Closes #7602
|
|
|
+ Closes #7889
|
|
|
|
|
|
-- DISABLED: enable 11 more tests for hyper builds
|
|
|
+- test262: don't attempt with hyper
|
|
|
|
|
|
- Closes #7612
|
|
|
+ This test verifies that curl works with binary zeroes in HTTP response
|
|
|
+ headers and hyper refuses such. They're not kosher http.
|
|
|
+
|
|
|
+ Closes #7889
|
|
|
|
|
|
-- setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
|
|
|
+- c-hyper: make test 217 run
|
|
|
|
|
|
- Since this option is also used for FTP, it needs to work to set for
|
|
|
- applications even if hyper doesn't support it for HTTP. Verified by test
|
|
|
- 1137.
|
|
|
+ Closes #7889
|
|
|
+
|
|
|
+- DISABLED: enable test 209+213 for hyper
|
|
|
|
|
|
- Updated docs to specify that the option doesn't work for HTTP when using
|
|
|
- the hyper backend.
|
|
|
+ Follow-up to 823d3ab855c
|
|
|
|
|
|
- Closes #7614
|
|
|
+ Closes #7889
|
|
|
|
|
|
-- test1138: remove trailing space to make work with hyper
|
|
|
+- test207: accept a different error code for hyper
|
|
|
|
|
|
- Closes #7613
|
|
|
-
|
|
|
-- libcurl-errors.3: clarify two CURLUcode errors
|
|
|
+ It returns HYPERE_UNEXPECTED_EOF for this case which we convert to the
|
|
|
+ somewhat generic CURLE_RECV_ERROR.
|
|
|
|
|
|
- CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or
|
|
|
- wrong pointers in a generic sense, not just for NULL pointers.
|
|
|
+ Closes #7889
|
|
|
+
|
|
|
+- [Érico Nogueira brought this change]
|
|
|
+
|
|
|
+ INSTALL: update symbol hiding option
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
+ --enable-hidden-symbols was deprecated in
|
|
|
+ 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224.
|
|
|
|
|
|
- Ref: #7605
|
|
|
- Closes #7611
|
|
|
+ Closes #7890
|
|
|
|
|
|
-Jay Satiro (23 Aug 2021)
|
|
|
-- symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
|
|
|
+- http_proxy: multiple CONNECT with hyper done better
|
|
|
|
|
|
- ... and also change the 'Removed' column name to 'Last' since that
|
|
|
- column is for the last version to contain the symbol.
|
|
|
+ Enabled test 206
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7609
|
|
|
+ Closes #7888
|
|
|
|
|
|
-Daniel Stenberg (23 Aug 2021)
|
|
|
-- urlapi.c:seturl: assert URL instead of using if-check
|
|
|
+- hyper: pass the CONNECT line to the debug callback
|
|
|
|
|
|
- There's no code flow possible where this can happen. The assert makes
|
|
|
- sure it also won't be introduced undetected in the future.
|
|
|
+ Closes #7887
|
|
|
+
|
|
|
+- mailmap: Malik Idrees Hasan Khan
|
|
|
+
|
|
|
+Jay Satiro (21 Oct 2021)
|
|
|
+- [Malik Idrees Hasan Khan brought this change]
|
|
|
+
|
|
|
+ build: fix typos
|
|
|
|
|
|
- Closes #7610
|
|
|
+ Closes https://github.com/curl/curl/pull/7886
|
|
|
|
|
|
-- curl-openssl.m4: show correct output for OpenSSL v3
|
|
|
+- URL-SYNTAX: add IMAP UID SEARCH example
|
|
|
|
|
|
- Using 3.0.0 versions configure should now show this:
|
|
|
+ - Explain the difference between IMAP search via URL (which returns
|
|
|
+ message sequence numbers) and IMAP search via custom request (which
|
|
|
+ can return UID numbers if prefixed with UID, eg "UID SEARCH ...").
|
|
|
|
|
|
- checking for OpenSSL headers version... 3.0.0 - 0x300
|
|
|
- checking for OpenSSL library version... 3.0.0
|
|
|
- checking for OpenSSL headers and library versions matching... yes
|
|
|
+ Bug: https://github.com/curl/curl/issues/7626
|
|
|
+ Reported-by: orycho@users.noreply.github.com
|
|
|
|
|
|
- This output doesn't actually change what configure generates but is only
|
|
|
- "cosmetic".
|
|
|
+ Ref: https://github.com/curl/curl/issues/2789
|
|
|
|
|
|
- Reported-by: Randall S. Becker
|
|
|
- Fixes #7606
|
|
|
- Closes #7608
|
|
|
+ Closes https://github.com/curl/curl/pull/7881
|
|
|
|
|
|
-Jay Satiro (22 Aug 2021)
|
|
|
-- mksymbolsmanpage.pl: Fix showing symbol's last used version
|
|
|
-
|
|
|
- Prior to this change the symbol's deprecated version was erroneously
|
|
|
- shown as its last used version.
|
|
|
+Daniel Stenberg (20 Oct 2021)
|
|
|
+- manpage: adjust the asterisk in some SYNOPSIS sections
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509
|
|
|
- Reported-by: i-ky@users.noreply.github.com
|
|
|
+ Closes #7884
|
|
|
|
|
|
-Daniel Stenberg (21 Aug 2021)
|
|
|
-- mksymbolsmanpage.pl: match symbols case insenitively
|
|
|
+- curl_multi_perform.3: polish wording
|
|
|
|
|
|
- Follow-up to 4e53b9430c750 which made this bug show.
|
|
|
+ - simplify the example by using curl_multi_poll
|
|
|
|
|
|
- Reported-by: i-ky
|
|
|
- Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253
|
|
|
- Closes #7607
|
|
|
-
|
|
|
-- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results
|
|
|
+ - mention curl_multi_add_handle in the text
|
|
|
|
|
|
- As this leaks memory otherwise
|
|
|
+ - cut out the description of pre-7.20.0 return code behavior - that version
|
|
|
+ is now more than eleven years old and is basically no longer out there
|
|
|
|
|
|
- Follow-up to ba904db0705c931
|
|
|
+ - adjust the "typical usage" to mention curl_multi_poll
|
|
|
|
|
|
- Closes #7599
|
|
|
+ Closes #7883
|
|
|
|
|
|
-- [Ehren Bendler brought this change]
|
|
|
+- docs/THANKS: removed on request
|
|
|
|
|
|
- wolfssl: clean up wolfcrypt error queue
|
|
|
+- FAQ: polish the explanation of libcurl
|
|
|
+
|
|
|
+- curl_easy_perform.3: minor wording tweak
|
|
|
+
|
|
|
+- [Erik Stenlund brought this change]
|
|
|
+
|
|
|
+ mime: mention CURL_DISABLE_MIME in comment
|
|
|
|
|
|
- If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
|
|
|
- queue gets added on to for each session and never freed. Fix it by
|
|
|
- calling ERR_clear_error() like in vtls/openssl when needed. This func is
|
|
|
- a no-op in wolfcrypt if the error queue is not enabled.
|
|
|
+ CURL_DISABLE_MIME is not mentioned in the comment describing the if else
|
|
|
+ preprocessor directive.
|
|
|
|
|
|
- Closes #7594
|
|
|
+ Closes #7882
|
|
|
|
|
|
-- man pages: remove trailing whitespaces
|
|
|
+- tls: remove newline from three infof() calls
|
|
|
|
|
|
- Extended test 1173 (via the manpage-syntax.pl script) to detect and warn
|
|
|
- for them.
|
|
|
+ Follow-up to e7416cf
|
|
|
|
|
|
- Ref: #7602
|
|
|
- Reported-by: a1346054 on github
|
|
|
- Closes #7604
|
|
|
+ Reported-by: billionai on github
|
|
|
+ Fixes #7879
|
|
|
+ Closes #7880
|
|
|
|
|
|
-- mailmap: add Gleb Ivanovsky
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- config.d: escape the backslash properly
|
|
|
+- curl_gssapi: fix build warnings by removing const
|
|
|
|
|
|
- Closes #7603
|
|
|
+ Follow-up to 20e980f85b0ea6
|
|
|
+
|
|
|
+ In #7875 these inits were modified but I get two warnings that these new
|
|
|
+ typecasts are necessary for.
|
|
|
+
|
|
|
+ Closes #7876
|
|
|
|
|
|
-- [Don J Olmstead brought this change]
|
|
|
+- [Bo Anderson brought this change]
|
|
|
|
|
|
- curl_setup.h: sync values for HTTP_ONLY
|
|
|
+ curl_gssapi: fix link error on macOS Monterey
|
|
|
|
|
|
- The values for HTTP_ONLY differed between CMakeLists.txt and
|
|
|
- curl_setup.h. Sync them and sort the values in curl_setup.h to make it
|
|
|
- easier to spot differences.
|
|
|
+ Fixes #7657
|
|
|
+ Closes #7875
|
|
|
+
|
|
|
+- test1185: verify checksrc
|
|
|
|
|
|
- Closes #7601
|
|
|
+ Closes #7866
|
|
|
|
|
|
-Jay Satiro (21 Aug 2021)
|
|
|
-- configure: set classic mingw minimum OS version to XP
|
|
|
+- checksrc: improve the SPACESEMICOLON error message
|
|
|
|
|
|
- - If the user has not specified a minimum OS version (via WINVER or
|
|
|
- _WIN32_WINNT macros) then set it to Windows XP.
|
|
|
+ and adjust the MULTISPACE one to use plural
|
|
|
|
|
|
- Prior to this change classic MinGW defaulted the minimum OS version
|
|
|
- to Windows NT 4.0 which is way too old. At least Windows XP is needed
|
|
|
- for getaddrinfo (which resolves hostnames to IPv6 addresses).
|
|
|
+ Closes #7866
|
|
|
+
|
|
|
+- url: set "k->size" -1 at start of request
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034
|
|
|
+ The size of the transfer is unknown at that point.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7581
|
|
|
+ Fixes #7871
|
|
|
+ Closes #7872
|
|
|
|
|
|
-- schannel: Work around typo in classic mingw macro
|
|
|
+Daniel Gustafsson (18 Oct 2021)
|
|
|
+- doh: remove experimental code for DoH with GET
|
|
|
|
|
|
- - Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH.
|
|
|
+ The code for sending DoH requests with GET was never enabled in a way
|
|
|
+ such that it could be used or tested. As there haven't been requests
|
|
|
+ for this feature, and since it at this is effectively dead, remove it
|
|
|
+ and favor reimplementing the feature in case anyone is interested.
|
|
|
|
|
|
- Prior to this change there was an incomplete fix to ignore the
|
|
|
- CALG_TLS1PRF macro on those versions of MinGW where it uses the
|
|
|
- ALG_CLASS_DHASH typoed macro.
|
|
|
+ Closes #7870
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+
|
|
|
+Daniel Stenberg (18 Oct 2021)
|
|
|
+- cirrus: remove FreeBSD 11.4 from the matrix
|
|
|
|
|
|
- Ref: 48cf45c
|
|
|
- Ref: https://osdn.net/projects/mingw/ticket/38391
|
|
|
- Ref: https://github.com/curl/curl/issues/2924
|
|
|
+ It has reached End-Of-Life and causes some LDAP CI issues.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7580
|
|
|
-
|
|
|
-Daniel Stenberg (20 Aug 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7869
|
|
|
|
|
|
-- http_proxy: fix user-agent and custom headers for CONNECT with hyper
|
|
|
+- cirrus: switch to openldap24-client
|
|
|
|
|
|
- Enable test 287
|
|
|
+ ... as it seems openldap-client doesn't exist anymore.
|
|
|
|
|
|
- Closes #7598
|
|
|
+ Reported-by: Jay Satiro
|
|
|
+ Fixes #7868
|
|
|
+ Closes #7869
|
|
|
|
|
|
-- c-hyper: initial support for "dumping" 1xx HTTP responses
|
|
|
+- checksrc: ignore preprocessor lines
|
|
|
|
|
|
- With the use hyper_request_on_informational()
|
|
|
+ In order to check the actual code better, checksrc now ignores
|
|
|
+ everything that look like preprocessor instructions. It also means
|
|
|
+ that code in macros are now longer checked.
|
|
|
|
|
|
- Enable test 155 and 158
|
|
|
+ Note that some rules then still don't need to be followed when code is
|
|
|
+ exactly below a cpp instruction.
|
|
|
|
|
|
- Closes #7597
|
|
|
-
|
|
|
-Marc Hoersken (18 Aug 2021)
|
|
|
-- tests/*server.pl: flush output before executing subprocess
|
|
|
+ Removes two checksrc exceptions we needed previously because of
|
|
|
+ preprocessor lines being checked.
|
|
|
|
|
|
- Also avoid shell processes staying around by using exec.
|
|
|
- This is necessary to avoid output data being buffering
|
|
|
- inside the process chain of Perl, Bash/Shell and our
|
|
|
- test server binaries. On non-Windows systems the exec
|
|
|
- will also make the subprocess replace the intermediate
|
|
|
- shell, but on Windows it will at least bind the processes
|
|
|
- together since there is no real fork or exec available.
|
|
|
+ Reported-by: Marcel Raad
|
|
|
+ Fixes #7863
|
|
|
+ Closes #7864
|
|
|
+
|
|
|
+- urlapi: skip a strlen(), pass in zero
|
|
|
|
|
|
- See: https://cygwin.com/cygwin-ug-net/highlights.html
|
|
|
- and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions
|
|
|
- Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010
|
|
|
+ ... to let curl_easy_escape() itself do the strlen. This avoids a (false
|
|
|
+ positive) Coverity warning and it avoids us having to store the strlen()
|
|
|
+ return value in an int variable.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Closes #7530
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7862
|
|
|
|
|
|
-- CI: use GitHub Container Registry instead of Docker Hub
|
|
|
+- misc: update copyright years
|
|
|
+
|
|
|
+- examples/htmltidy: correct wrong printf() use
|
|
|
|
|
|
- Avoid limits on Docker Hub and improve image pull/download speed.
|
|
|
+ ... and update the includes to match how current htmltidy wants them
|
|
|
+ used.
|
|
|
|
|
|
- Closes #7587
|
|
|
+ Reported-by: Stathis Kapnidis
|
|
|
+ Fixes #7860
|
|
|
+ Closes #7861
|
|
|
|
|
|
-Daniel Stenberg (18 Aug 2021)
|
|
|
-- openssl: when creating a new context, there cannot be an old one
|
|
|
+Jay Satiro (15 Oct 2021)
|
|
|
+- http: set content length earlier
|
|
|
|
|
|
- Remove the previous handling that would call SSL_CTX_free(), and instead
|
|
|
- add an assert that halts a debug build if there ever is a context
|
|
|
- already set at this point.
|
|
|
+ - Make content length (ie download size) accessible to the user in the
|
|
|
+ header callback, but only after all headers have been processed (ie
|
|
|
+ only in the final call to the header callback).
|
|
|
|
|
|
- Closes #7585
|
|
|
-
|
|
|
-Jay Satiro (18 Aug 2021)
|
|
|
-- KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend
|
|
|
+ Background:
|
|
|
|
|
|
- Closes https://github.com/curl/curl/issues/6785
|
|
|
+ For a long time the content length could be retrieved in the header
|
|
|
+ callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
|
|
|
+ by curl.
|
|
|
+
|
|
|
+ Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
|
|
|
+ if any transfer encoding is used. A side effect of that was that
|
|
|
+ content length was not set by libcurl until after the header callback
|
|
|
+ was called the final time, because until all headers are processed it
|
|
|
+ cannot be determined if content length is valid.
|
|
|
+
|
|
|
+ This change keeps the same intention --all headers must be processed--
|
|
|
+ but now the content length is available before the final call to the
|
|
|
+ header function that indicates all headers have been processed (ie
|
|
|
+ a blank header).
|
|
|
+
|
|
|
+ Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
|
|
|
+ Reported-by: sergio-nsk@users.noreply.github.com
|
|
|
+
|
|
|
+ Co-authored-by: Daniel Stenberg
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/7804
|
|
|
+ Closes https://github.com/curl/curl/pull/7803
|
|
|
|
|
|
-Viktor Szakats (17 Aug 2021)
|
|
|
-- docs/BINDINGS: URL update
|
|
|
+Daniel Stenberg (15 Oct 2021)
|
|
|
+- [Abhinav Singh brought this change]
|
|
|
|
|
|
-Marc Hoersken (17 Aug 2021)
|
|
|
-- tests/server/*.c: align handling of portfile argument and file
|
|
|
+ aws-sigv4: make signature work when post data is binary
|
|
|
|
|
|
- 1. Call the internal variable portname (like pidname) everywhere.
|
|
|
- 2. Have a variable wroteportfile (like wrotepidfile) everywhere.
|
|
|
- 3. Make sure the file is cleaned up on exit (like pidfile).
|
|
|
- 4. Add parameter --portfile to usage outputs everywhere.
|
|
|
+ User sets the post fields size for binary data. Hence, we should not be
|
|
|
+ using strlen on it.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ Added test 1937 and 1938 to verify.
|
|
|
|
|
|
- Replaces #7523
|
|
|
- Closes #7574
|
|
|
+ Closes #7844
|
|
|
|
|
|
-Daniel Gustafsson (17 Aug 2021)
|
|
|
-- KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS
|
|
|
+- [a1346054 brought this change]
|
|
|
+
|
|
|
+ MacOSX-Framework: remove redundant ';'
|
|
|
|
|
|
- Fixes a set of typos found in section 11.3.
|
|
|
+ Closes #7859
|
|
|
|
|
|
-Daniel Stenberg (17 Aug 2021)
|
|
|
-- getparameter: fix the --local-port number parser
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
|
|
|
|
|
|
- It could previously get tricked into parsing the uninitialized stack
|
|
|
- based buffer.
|
|
|
+ One reason we know it can fail is if a provider is used that doesn't do
|
|
|
+ a proper job or is wrongly configured.
|
|
|
|
|
|
- Reported-by: Brian Carpenter
|
|
|
- Closes #7582
|
|
|
+ Reported-by: Michael Baentsch
|
|
|
+ Fixes #7840
|
|
|
+ Closes #7856
|
|
|
|
|
|
-- KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit
|
|
|
+Marcel Raad (14 Oct 2021)
|
|
|
+- [Ryan Mast brought this change]
|
|
|
+
|
|
|
+ cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend on it
|
|
|
|
|
|
- Closes #7048
|
|
|
+ Closes https://github.com/curl/curl/pull/7822
|
|
|
|
|
|
-- [Jan Verbeek brought this change]
|
|
|
+Daniel Stenberg (14 Oct 2021)
|
|
|
+- http: remove assert that breaks hyper
|
|
|
+
|
|
|
+ Reported-by: Jay Satiro
|
|
|
+ Fixes #7852
|
|
|
+ Closes #7855
|
|
|
|
|
|
- curl: add warning for ignored data after quoted form parameter
|
|
|
+- http_proxy: fix one more result assign for hyper
|
|
|
|
|
|
- In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
|
|
|
- is ignored. This adds a warning if the ignored data isn't all
|
|
|
- whitespace.
|
|
|
+ and remove the bad assert again, since it was run even with no error!
|
|
|
|
|
|
- Closes #7394
|
|
|
+ Closes #7854
|
|
|
|
|
|
-Jay Satiro (17 Aug 2021)
|
|
|
-- codeql: fix error "Resource not accessible by integration"
|
|
|
+Jay Satiro (14 Oct 2021)
|
|
|
+- sws: fix memory leak on exit
|
|
|
|
|
|
- - Enable codeql writing security-events.
|
|
|
+ - Free the allocated http request struct on cleanup.
|
|
|
|
|
|
- GitHub set the default permissions to read, apparently since earlier
|
|
|
- this year.
|
|
|
+ Prior to this change if sws was built with leak sanitizer it would
|
|
|
+ report a memory leak error during testing.
|
|
|
|
|
|
- Ref: https://github.com/github/codeql-action/issues/464
|
|
|
- Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
|
|
|
+ Closes https://github.com/curl/curl/pull/7849
|
|
|
+
|
|
|
+Daniel Stenberg (14 Oct 2021)
|
|
|
+- c-hyper: make Curl_http propagate errors better
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7575
|
|
|
- Closes https://github.com/curl/curl/pull/7576
|
|
|
+ Pass on better return codes when errors occur within Curl_http instead
|
|
|
+ of insisting that CURLE_OUT_OF_MEMORY is the only possible one.
|
|
|
+
|
|
|
+ Pointed-out-by: Jay Satiro
|
|
|
+ Closes #7851
|
|
|
|
|
|
-- tool_operate: Fix --fail-early with parallel transfers
|
|
|
+- http_proxy: make hyper CONNECT() return the correct error code
|
|
|
|
|
|
- - Abort via progress callback to fail early during parallel transfers.
|
|
|
+ For every 'goto error', make sure the result variable holds the error
|
|
|
+ code for what went wrong.
|
|
|
|
|
|
- When a critical error occurs during a transfer (eg --fail-early
|
|
|
- constraint) then other running transfers will be aborted via progress
|
|
|
- callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this
|
|
|
- case, the callback error does not become the most recent error and a
|
|
|
- custom error message is used for those transfers:
|
|
|
-
|
|
|
- curld --fail --fail-early --parallel
|
|
|
- https://httpbin.org/status/404 https://httpbin.org/delay/10
|
|
|
-
|
|
|
- curl: (22) The requested URL returned error: 404
|
|
|
- curl: (42) Transfer aborted due to critical error in another transfer
|
|
|
+ Reported-by: Rafał Mikrut
|
|
|
+ Fixes #7825
|
|
|
+ Closes #7846
|
|
|
+
|
|
|
+- docs/Makefile.am: repair 'make html'
|
|
|
|
|
|
- > echo %ERRORLEVEL%
|
|
|
- 22
|
|
|
+ by removing index.html which isn't around anymore
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/6939
|
|
|
- Closes https://github.com/curl/curl/pull/6984
|
|
|
+ Closes #7853
|
|
|
|
|
|
-Daniel Stenberg (17 Aug 2021)
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
+- [Борис Верховский brought this change]
|
|
|
|
|
|
- sectransp: support CURLINFO_CERTINFO
|
|
|
+ curl: correct grammar in generated libcurl code
|
|
|
|
|
|
- Fixes #4130
|
|
|
- Closes #7372
|
|
|
+ Closes #7802
|
|
|
|
|
|
-- ngtcp2: remove the acked_crypto_offset struct field init
|
|
|
+- tests: disable test 2043
|
|
|
|
|
|
- ... as it is gone from the API upstream.
|
|
|
+ It uses revoked.badssl.com which now is expired and therefor this now
|
|
|
+ permafails. We should not use external sites for tests, this test should
|
|
|
+ be converted to use our own infra.
|
|
|
|
|
|
- Closes #7578
|
|
|
+ Closes #7845
|
|
|
|
|
|
-- misc: update incorrect copyright year ranges
|
|
|
+- runtests: split out ignored tests
|
|
|
|
|
|
- Closes #7577
|
|
|
+ Report ignore tests separately from the actual fails.
|
|
|
+
|
|
|
+ Don't exit non-zero if test servers couldn't get killed.
|
|
|
+
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+
|
|
|
+ Fixes #7818
|
|
|
+ Closes #7841
|
|
|
|
|
|
-- KNOWN_BUGS: HTTP/3 quiche upload large file fails
|
|
|
+- http2: make getsock not wait for write if there's no remote window
|
|
|
|
|
|
- Closes #7532
|
|
|
+ While uploading, check for remote window availability in the getsock
|
|
|
+ function so that we don't wait for a writable socket if no data can be
|
|
|
+ sent.
|
|
|
+
|
|
|
+ Reported-by: Steini2000 on github
|
|
|
+ Fixes #7821
|
|
|
+ Closes #7839
|
|
|
|
|
|
-- KNOWN_BUGS: CMake build with MIT Kerberos does not work
|
|
|
+- test368: verify dash is appended for "-r [num]"
|
|
|
|
|
|
- Closes #6904
|
|
|
+ Follow-up to 8758a26f8878
|
|
|
|
|
|
-- TODO: add asynch getaddrinfo support
|
|
|
+- [Борис Верховский brought this change]
|
|
|
+
|
|
|
+ curl: actually append "-" to --range without number only
|
|
|
|
|
|
- Closes #6746
|
|
|
+ Closes #7837
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Artur Sinila brought this change]
|
|
|
-
|
|
|
- http2: revert call the handle-closed function correctly on closed stream
|
|
|
+- urlapi: URL decode percent-encoded host names
|
|
|
|
|
|
- Reverts 252790c5335a221
|
|
|
+ The host name is stored decoded and can be encoded when used to extract
|
|
|
+ the full URL. By default when extracting the URL, the host name will not
|
|
|
+ be URL encoded to work as similar as possible as before. When not URL
|
|
|
+ encoding the host name, the '%' character will however still be encoded.
|
|
|
|
|
|
- Assisted-by: Gergely Nagy
|
|
|
- Fixes #7400
|
|
|
- Closes #7525
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
-
|
|
|
- auth: do not append zero-terminator to authorisation id in kerberos
|
|
|
+ Getting the URL with the CURLU_URLENCODE flag set will percent encode
|
|
|
+ the host name part.
|
|
|
|
|
|
- RFC4752 Section 3.1 states "The authorization identity is not terminated
|
|
|
- with a zero-valued (%x00) octet". Although a comment in code said it may
|
|
|
- be needed anyway, nothing confirms it. In addition, servers may consider
|
|
|
- it as part of the identity, causing a failure.
|
|
|
+ As a bonus, setting the host name part with curl_url_set() no longer
|
|
|
+ accepts a name that contains space, CR or LF.
|
|
|
|
|
|
- Closes #7008
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
-
|
|
|
- auth: use sasl authzid option in kerberos
|
|
|
+ Test 1560 has been extended to verify percent encodings.
|
|
|
|
|
|
- ... instead of deriving it from active ticket.
|
|
|
- Closes #7008
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Reported-by: Noam Moshe
|
|
|
+ Reported-by: Sharon Brizinov
|
|
|
+ Reported-by: Raul Onitza-Klugman
|
|
|
+ Reported-by: Kirill Efimov
|
|
|
+ Fixes #7830
|
|
|
+ Closes #7834
|
|
|
|
|
|
- auth: we do not support a security layer after kerberos authentication
|
|
|
+Marc Hoersken (8 Oct 2021)
|
|
|
+- CI/makefiles: introduce dedicated test target
|
|
|
|
|
|
- Closes #7008
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
-
|
|
|
- auth: properly handle byte order in kerberos security message
|
|
|
+ Make it easy to use the same set of test flags
|
|
|
+ throughout all current and future CI builds.
|
|
|
|
|
|
- Closes #7008
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+
|
|
|
+ Follow up to #7690
|
|
|
+ Closes #7785
|
|
|
|
|
|
-- [z2_ brought this change]
|
|
|
+Daniel Stenberg (8 Oct 2021)
|
|
|
+- maketgz: redirect updatemanpages.pl output to /dev/null
|
|
|
|
|
|
- x509asn1: fix heap over-read when parsing x509 certificates
|
|
|
+- CURLOPT_HTTPHEADER.3: add descripion for specific headers
|
|
|
|
|
|
- Assisted-by: Patrick Monnerat
|
|
|
- Closes #7536
|
|
|
-
|
|
|
-- KNOWN_BUGS: Disconnects don't do verbose
|
|
|
+ Settting Host: or Transfer-Encoding: chunked actually have special
|
|
|
+ meanings to libcurl. This change tries to document them
|
|
|
|
|
|
- Closes #6995
|
|
|
+ Closes #7829
|
|
|
|
|
|
-- mailmap: fixup Michał Antoniak
|
|
|
+- c-hyper: use hyper_request_set_uri_parts to make h2 better
|
|
|
+
|
|
|
+ and make sure to not send Host: over h2.
|
|
|
+
|
|
|
+ Fixes #7679
|
|
|
+ Reported-by: David Cook
|
|
|
+ Closes #7827
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- [Michael Afanasiev brought this change]
|
|
|
|
|
|
- build: fix compiler warnings
|
|
|
-
|
|
|
- For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both
|
|
|
- active.
|
|
|
+ curl-openssl.m4: modify library order for openssl linking
|
|
|
|
|
|
- - socks.c : warning C4100: 'lineno': unreferenced formal parameter
|
|
|
- (co-authored by Daniel Stenberg)
|
|
|
+ lcrypto may depend on lz, and configure corrently fails with when
|
|
|
+ statically linking as the order is "-lz -lcrypto". This commit switches
|
|
|
+ the order to "-lcrypto -lz".
|
|
|
|
|
|
- - mbedtls.c: warning C4189: 'port': local variable is initialized but
|
|
|
- not referenced
|
|
|
+ Closes #7826
|
|
|
+
|
|
|
+Marcel Raad (7 Oct 2021)
|
|
|
+- sha256: use high-level EVP interface for OpenSSL
|
|
|
|
|
|
- - schannel.c: warning C4189: 'hostname': local variable is initialized
|
|
|
- but not referenced
|
|
|
+ Available since OpenSSL 0.9.7. The low-level SHA256 interface is
|
|
|
+ deprecated in OpenSSL v3, and its usage was discouraged even before.
|
|
|
|
|
|
- Cloes #7528
|
|
|
-
|
|
|
-- [Gleb Ivanovsky brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7808
|
|
|
|
|
|
- CODE_STYLE-md: fix bold font style
|
|
|
+- curl_ntlm_core: use OpenSSL only if DES is available
|
|
|
|
|
|
- Markdown gets confused with abundance of asterisks, so use underscores
|
|
|
- instead.
|
|
|
+ This selects another SSL backend then if available, or otherwise at
|
|
|
+ least gives a meaningful error message.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7569
|
|
|
-
|
|
|
-- [Gleb Ivanovsky brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7808
|
|
|
|
|
|
- CODE_STYLE-md: add missing comma
|
|
|
+- md5: fix compilation with OpenSSL 3.0 API
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7570
|
|
|
+ Only use OpenSSL's MD5 code if it's available.
|
|
|
+
|
|
|
+ Also fix wolfSSL build with `NO_MD5`, in which case neither the
|
|
|
+ wolfSSL/OpenSSL implementation nor the fallback implementation was
|
|
|
+ used.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7808
|
|
|
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+Daniel Stenberg (7 Oct 2021)
|
|
|
+- print_category: printf %*s needs an int argument
|
|
|
+
|
|
|
+ ... not a size_t!
|
|
|
+
|
|
|
+ Detected by Coverity: CID 1492331.
|
|
|
+ Closes #7823
|
|
|
|
|
|
- examples/ephiperfifo.c: simplify signal handler
|
|
|
+Jay Satiro (7 Oct 2021)
|
|
|
+- version_win32: use actual version instead of manifested version
|
|
|
|
|
|
- The signal handler registered for SIGINT is only handling SIGINT
|
|
|
- so there isn't much need for inspecting the signo. While there,
|
|
|
- rename the handler to be more specific.
|
|
|
+ - Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
|
|
|
|
|
|
- g_should_exit should really be of sig_atomic_t type, but relying
|
|
|
- on autoconf in the examples seems like a bad idea so keep that
|
|
|
- for now.
|
|
|
+ Later versions of Windows have normal version functions that compare and
|
|
|
+ return versions based on the way the application is manifested, instead
|
|
|
+ of the actual version of Windows the application is running on. We
|
|
|
+ prefer the actual version of Windows so we'll now call the Rtl variant
|
|
|
+ of version functions (RtlVerifyVersionInfo) which does a proper
|
|
|
+ comparison of the actual version.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7310
|
|
|
-
|
|
|
-- c-hyper: initial step for 100-continue support
|
|
|
+ Reported-by: Wyatt O'Day
|
|
|
|
|
|
- Enabled test 154
|
|
|
+ Ref: https://github.com/curl/curl/pull/7727
|
|
|
|
|
|
- Closes #7568
|
|
|
+ Fixes https://github.com/curl/curl/issues/7742
|
|
|
+ Closes https://github.com/curl/curl/pull/7810
|
|
|
|
|
|
-- [Ikko Ashimine brought this change]
|
|
|
+Daniel Stenberg (6 Oct 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- vtls: fix typo in schannel_verify.c
|
|
|
+- http: fix Basic auth with empty name field in URL
|
|
|
|
|
|
- occurence -> occurrence
|
|
|
+ Add test 367 to verify.
|
|
|
|
|
|
- Closes #7566
|
|
|
+ Reported-by: Rick Lane
|
|
|
+ Fixes #7819
|
|
|
+ Closes #7820
|
|
|
|
|
|
-- [Emil Engler brought this change]
|
|
|
+- [Jeffrey Tolar brought this change]
|
|
|
|
|
|
- curl_url_get.3: clarify about path and query
|
|
|
+ CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
|
|
|
|
|
|
- The current man-page lacks some details regarding the obtained path and
|
|
|
- query.
|
|
|
+ ... and close connections that are too old instead of reusing them.
|
|
|
|
|
|
- Closes #7563
|
|
|
-
|
|
|
-- c-hyper: fix header value passed to debug callback
|
|
|
+ By default, this behavior is disabled.
|
|
|
|
|
|
- Closes #7567
|
|
|
+ Bug: https://curl.se/mail/lib-2021-09/0058.html
|
|
|
+ Closes #7751
|
|
|
|
|
|
-Viktor Szakats (12 Aug 2021)
|
|
|
-- cleanup: URL updates
|
|
|
+Daniel Gustafsson (6 Oct 2021)
|
|
|
+- docs/examples: add missing binaries to gitignore
|
|
|
|
|
|
- - replace broken URL with the one it was most probably pointing to
|
|
|
- when added (lib/tftp.c)
|
|
|
- - replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
|
|
|
- - delete unnecessary protocol designator from archive.org URL
|
|
|
- (docs/BINDINGS.md)
|
|
|
+ Commit f65d7889b added getreferrer, and commit ae8e11ed5 multi-legacy,
|
|
|
+ both of which missed adding .gitignore clauses for the built binaries.
|
|
|
|
|
|
- Closes #7562
|
|
|
+ Closes #7817
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-Daniel Stenberg (12 Aug 2021)
|
|
|
-- [April King brought this change]
|
|
|
+Daniel Stenberg (5 Oct 2021)
|
|
|
+- [Josip Medved brought this change]
|
|
|
|
|
|
- DEPRECATE.md: linkify curl-library mailing list
|
|
|
+ HTTP3: fix the HTTP/3 Explained book link
|
|
|
|
|
|
- Closes #7561
|
|
|
-
|
|
|
-- [Barry Pollard brought this change]
|
|
|
+ Closes #7813
|
|
|
|
|
|
- output.d: add method to suppress response bodies
|
|
|
-
|
|
|
- Closes #7560
|
|
|
+- [Lucas Holt brought this change]
|
|
|
|
|
|
-- TODO: remove 'c-ares deviates on http://1346569778'
|
|
|
+ misc: fix a few issues on MidnightBSD
|
|
|
|
|
|
- Fixed since 56a037cc0ad1b2 (7.77.0)
|
|
|
+ Closes #7812
|
|
|
|
|
|
-- [Colin O'Dell brought this change]
|
|
|
+Daniel Gustafsson (4 Oct 2021)
|
|
|
+- [8U61ife brought this change]
|
|
|
|
|
|
- BINDINGS.md: update links to use https where available
|
|
|
+ tool_main: fix typo in comment
|
|
|
|
|
|
- Closes #7558
|
|
|
+ Closes: #7811
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-- asyn-ares.c: move all version number checks to the top
|
|
|
-
|
|
|
- ... and use #ifdef [feature] in the code as per our guidelines.
|
|
|
+Daniel Stenberg (4 Oct 2021)
|
|
|
+- [Ryan Mast brought this change]
|
|
|
|
|
|
-- ares: use ares_getaddrinfo()
|
|
|
-
|
|
|
- ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced
|
|
|
- in version 1.16.0.
|
|
|
+ BINDINGS: URL updates
|
|
|
|
|
|
- With older c-ares versions, curl invokes ares_gethostbyname() twice - once for
|
|
|
- IPv4 and once for IPv6 to resolve both addresses, and then combines the
|
|
|
- returned results.
|
|
|
+ For cpr, BBHTTP, Eiffel, Harbour, Haskell, Mono, and Rust
|
|
|
|
|
|
- Reported-by: jjandesmet
|
|
|
- Fixes #7364
|
|
|
- Closes #7552
|
|
|
-
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+ Closes #7809
|
|
|
|
|
|
- ngtcp2: utilize crypto API functions to simplify
|
|
|
+- scripts/delta: hide a git error message we don't care about
|
|
|
|
|
|
- Closes #7551
|
|
|
+ fatal: path 'src/tool_listhelp.c' exists on disk, but not in [tag]
|
|
|
|
|
|
-- [megatronking brought this change]
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- ngtcp2: reset the oustanding send buffer again when drained
|
|
|
+ sasl: binary messages
|
|
|
|
|
|
- Closes #7538
|
|
|
-
|
|
|
-Michael Kaufmann (10 Aug 2021)
|
|
|
-- progress: fix a compile warning on some systems
|
|
|
+ Capabilities of sasl module are extended to exchange messages in binary
|
|
|
+ as an alternative to base64.
|
|
|
|
|
|
- lib/progress.c:380:40: warning: conversion to 'long double' from
|
|
|
- 'curl_off_t {aka long long int}' may alter its value [-Wconversion]
|
|
|
+ If http authentication flags have been set, those are used as sasl
|
|
|
+ default preferred mechanisms.
|
|
|
|
|
|
- Closes #7549
|
|
|
+ Closes #6930
|
|
|
|
|
|
-Daniel Stenberg (10 Aug 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Hayden Roche brought this change]
|
|
|
|
|
|
-- http: consider cookies over localhost to be secure
|
|
|
+ wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
|
|
|
|
|
|
- Updated test31.
|
|
|
- Added test 392 to verify secure cookies used for http://localhost
|
|
|
+ Prior to this commit, OpenSSL could be used for all these functions, but
|
|
|
+ not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
|
|
|
+ is defined.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Fixes #6733
|
|
|
- Closes #7263
|
|
|
+ Closes #7806
|
|
|
|
|
|
-- TODO: erase secrets from heap/stack after use
|
|
|
+- scripts/delta: count command line options in the new file
|
|
|
|
|
|
- Closes #7268
|
|
|
+ ... which makes the shown delta number wrong until next release.
|
|
|
|
|
|
-Jay Satiro (10 Aug 2021)
|
|
|
-- hostip: Make Curl_ipv6works function independent of getaddrinfo
|
|
|
-
|
|
|
- - Do not assume IPv6 is not working when getaddrinfo is not present.
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- print_category: print help descriptions aligned
|
|
|
|
|
|
- The check to see if IPv6 actually works is now independent of whether
|
|
|
- there is any resolver that can potentially resolve a hostname to IPv6.
|
|
|
+ Adjust the description position to make an aligned column when doing
|
|
|
+ help listings, which is more pleasing to the eye.
|
|
|
|
|
|
- Prior to this change if getaddrinfo() was not found at compile time then
|
|
|
- Curl_ipv6works() would be defined as a macro that returns FALSE.
|
|
|
+ Suggested-by: Gisle Vanem
|
|
|
+ Closes #7792
|
|
|
+
|
|
|
+- lib/mk-ca-bundle.pl: skip certs passed Not Valid After date
|
|
|
|
|
|
- When getaddrinfo is not found then libcurl is built with CURLRES_IPV4
|
|
|
- defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups
|
|
|
- in the traditional way. With this commit if libcurl is built with IPv6
|
|
|
- support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the
|
|
|
- IPv6 stack is actually working, then it is possible for libcurl to
|
|
|
- resolve IPv6 addresses by using DoH.
|
|
|
+ With this change applied, the now expired 'DST Root CA X3' cert will no
|
|
|
+ longer be included in the output.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
|
|
|
+ Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7529
|
|
|
+ Closes #7801
|
|
|
|
|
|
-- test1565: fix windows build errors
|
|
|
+- tool_listhelp: easier to generate with gen.pl
|
|
|
|
|
|
- - Use our wait_ms() instead of sleep() since Windows doesn't have the
|
|
|
- latter.
|
|
|
+ tool_listhelp.c is now a separate file with only the command line --help
|
|
|
+ output, exactly as generated by gen.pl. This makes it easier to generate
|
|
|
+ updates according to what's in the docs/cmdline-opts docs.
|
|
|
|
|
|
- - Use a separate variable to keep track of whether the pthread_t thread
|
|
|
- id is valid.
|
|
|
+ cd $srcroot/docs/cmdline-opts
|
|
|
+ ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
|
|
|
|
|
|
- On Windows pthread_t is not an integer type. pthread offers no macro for
|
|
|
- invalid pthread_t thread id, so validity is kept track of separately.
|
|
|
+ With a configure build, this also works:
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7527
|
|
|
+ make -C src listhelp
|
|
|
+
|
|
|
+ Closes #7787
|
|
|
|
|
|
-- [Jeremy Falcon brought this change]
|
|
|
+- [Anthony Hu brought this change]
|
|
|
|
|
|
- winbuild/README.md: clarify GEN_PDB option
|
|
|
+ wolfssl: allow setting of groups/curves
|
|
|
|
|
|
- - Document that GEN_PDB option creates an external database.
|
|
|
+ In particular, the quantum safe KEM and hybrid curves if wolfSSL is
|
|
|
+ built to support them.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7502
|
|
|
+ Closes #7728
|
|
|
|
|
|
-Daniel Stenberg (9 Aug 2021)
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+- [Jan Mazur brought this change]
|
|
|
|
|
|
- ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
|
|
|
+ connnect: use sysaddr_un fron sys/un.h or custom-defined for windows
|
|
|
|
|
|
- Closes #7546
|
|
|
+ Closes #7737
|
|
|
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+Jay Satiro (30 Sep 2021)
|
|
|
+- [Rikard Falkeborn brought this change]
|
|
|
|
|
|
- ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
|
|
|
+ hostip: Move allocation to clarify there is no memleak
|
|
|
|
|
|
- Rework the return value handling of ngtcp2_conn_writev_stream and treat
|
|
|
- NGTCP2_ERR_STREAM_SHUT_WR separately.
|
|
|
+ By just glancing at the code, it looks like there is a memleak if the
|
|
|
+ call to Curl_inet_pton() fails. Looking closer, it is clear that the
|
|
|
+ call to Curl_inet_pton() can not fail, so the code will never leak
|
|
|
+ memory. However, we can make this obvious by moving the allocation
|
|
|
+ after the if-statement.
|
|
|
|
|
|
- Closes #7546
|
|
|
+ Closes https://github.com/curl/curl/pull/7796
|
|
|
|
|
|
-- configure: error out if both ngtcp2 and quiche are specified
|
|
|
+Daniel Stenberg (30 Sep 2021)
|
|
|
+- gen.pl: make the output date format work better
|
|
|
|
|
|
- Reported-by: Vincent Grande
|
|
|
- See #7539
|
|
|
- Closes #7545
|
|
|
-
|
|
|
-- [Jeff Mears brought this change]
|
|
|
-
|
|
|
- easy: use a custom implementation of wcsdup on Windows
|
|
|
+ Follow-up to 15910dfd143dd
|
|
|
|
|
|
- ... so that malloc/free overrides from curl_global_init are used for
|
|
|
- wcsdup correctly.
|
|
|
+ The previous strftime format used didn't work correctly on Windows, so
|
|
|
+ change to %B %d %Y which today looks like "September 29 2021".
|
|
|
|
|
|
- Closes #7540
|
|
|
+ Reported-by: Gisle Vanem
|
|
|
+ Bug: #7782
|
|
|
+ Closes #7793
|
|
|
|
|
|
-- zuul: add an mbedtls3 CI job
|
|
|
+- typecheck-gcc.h: add CURLOPT_PREREQDATA awareness
|
|
|
|
|
|
- Closes #7544
|
|
|
-
|
|
|
-- [Benau brought this change]
|
|
|
-
|
|
|
- mbedTLS: initial 3.0.0 support
|
|
|
+ Follow-up to a517378de58358a
|
|
|
|
|
|
- Closes #7428
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- configure.ac: revert bad nghttp2 library detection improvements
|
|
|
+ To make test 1912 happy again
|
|
|
|
|
|
- This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b.
|
|
|
+ Closes #7799
|
|
|
+
|
|
|
+Marcel Raad (29 Sep 2021)
|
|
|
+- configure: remove `HAVE_WINSOCK_H` definition
|
|
|
|
|
|
- The logic is now back to assuming that the nghttp2 lib is called nghttp2 and
|
|
|
- nothing else.
|
|
|
+ It's not used anymore.
|
|
|
|
|
|
- Reported-by: Rui Pinheiro
|
|
|
- Reported-by: Alex Crichton
|
|
|
- Fixes #7514
|
|
|
- Closes #7515
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
-- happy-eyeballs-timeout-ms.d: polish the wording
|
|
|
+- CMake: remove `HAVE_WINSOCK_H` definition
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
- Fixes #7433
|
|
|
- Closes #7542
|
|
|
-
|
|
|
-- [modbw brought this change]
|
|
|
-
|
|
|
- mbedtls_threadlock: fix unused variable warning
|
|
|
+ It's not used anymore.
|
|
|
|
|
|
- Closes #7393
|
|
|
-
|
|
|
-- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
- ngtcp2: compile with the latest ngtcp2 and nghttp3
|
|
|
+- config: remove `HAVE_WINSOCK_H` definition
|
|
|
|
|
|
- Closes #7541
|
|
|
+ It's not used anymore.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
-Marc Hoersken (31 Jul 2021)
|
|
|
-- CI/cirrus: reduce compile time with increased parallism
|
|
|
+- lib: remove `HAVE_WINSOCK_H` usage
|
|
|
|
|
|
- Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds.
|
|
|
+ WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H`
|
|
|
+ instead.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7505
|
|
|
-
|
|
|
-Daniel Stenberg (30 Jul 2021)
|
|
|
-- [Bin Lan brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7795
|
|
|
|
|
|
- tool/tests: fix potential year 2038 issues
|
|
|
+Daniel Stenberg (29 Sep 2021)
|
|
|
+- easyoptions: add the two new PRE* options
|
|
|
|
|
|
- The length of 'long' in a 32-bit system is 32 bits, which cannot be used
|
|
|
- to save timestamps after 2038. Most operating systems have extended
|
|
|
- time_t to 64 bits.
|
|
|
+ Follow-up to a517378de58358a
|
|
|
|
|
|
- Remove the castings to long.
|
|
|
-
|
|
|
- Closes #7466
|
|
|
-
|
|
|
-- compressed.d: it's a request, not an order
|
|
|
-
|
|
|
- Clarified
|
|
|
-
|
|
|
- Reported-by: Dan Jacobson
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Fixes #7516
|
|
|
- Closes #7517
|
|
|
-
|
|
|
-- [Bernhard M. Wiedemann brought this change]
|
|
|
-
|
|
|
- tests: make three tests pass until 2037
|
|
|
-
|
|
|
- after 2038 something in test1915 fails on 32-bit OSes
|
|
|
+ Also fix optiontable.pl to do the correct remainder on the entry.
|
|
|
|
|
|
- Closes #7512
|
|
|
+ Reported-by: Gisle Vanem
|
|
|
+ Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830
|
|
|
+ Closes #7791
|
|
|
|
|
|
-Daniel Gustafsson (30 Jul 2021)
|
|
|
-- connect: remove superfluous conditional
|
|
|
+- Revert "build: remove checks for WinSock 1"
|
|
|
|
|
|
- Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos,
|
|
|
- but the move left a conditional on ai which no longer is needed as
|
|
|
- the while loop reevaluation will cover it.
|
|
|
+ Due to CI issues
|
|
|
|
|
|
- Closes #7511
|
|
|
- Reviewed-by: Carlo Marcelo Arenas Belón
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
-
|
|
|
-Daniel Stenberg (29 Jul 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc.
|
|
|
|
|
|
- and bump curlver to 7.79.0 for next release
|
|
|
+ Closes #7790
|
|
|
|
|
|
-Marc Hoersken (29 Jul 2021)
|
|
|
-- tests/*server.py: remove pidfile on server termination
|
|
|
-
|
|
|
- Avoid pidfile leaking/laying around after server already exited.
|
|
|
+Daniel Gustafsson (29 Sep 2021)
|
|
|
+- lib: avoid fallthrough cases in switch statements
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7506
|
|
|
-
|
|
|
-Daniel Gustafsson (27 Jul 2021)
|
|
|
-- tool_main: fix typo in comment
|
|
|
+ Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
|
|
|
+ on implicit fallthrough cases, since the current coding of indicating
|
|
|
+ fallthrough with comments is falling out of fashion with new compilers.
|
|
|
+ This attempts to make the issue smaller by rewriting fallthroughs to no
|
|
|
+ longer fallthrough, via either breaking the cases or turning switch
|
|
|
+ statements into if statements.
|
|
|
|
|
|
- The referred to library is NSPR, so fix the switched around characters.
|
|
|
-
|
|
|
-Daniel Stenberg (28 Jul 2021)
|
|
|
-- [Aleksandr Krotov brought this change]
|
|
|
-
|
|
|
- bearssl: support CURLOPT_CAINFO_BLOB
|
|
|
+ lib/content_encoding.c: the fallthrough codepath is simply copied
|
|
|
+ into the case as it's a single line.
|
|
|
+ lib/http_ntlm.c: the fallthrough case skips a state in the state-
|
|
|
+ machine and fast-forwards to NTLMSTATE_LAST. Do this before the
|
|
|
+ switch statement instead to set up the states that we actually
|
|
|
+ want.
|
|
|
+ lib/http_proxy.c: the fallthrough is just falling into exiting the
|
|
|
+ switch statement which can be done easily enough in the case.
|
|
|
+ lib/mime.c: switch statement rewritten as if statement.
|
|
|
+ lib/pop3.c: the fallthrough case skips to the next state in the
|
|
|
+ statemachine, do this explicitly instead.
|
|
|
+ lib/urlapi.c: switch statement rewritten as if statement.
|
|
|
+ lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
|
|
|
+ machine, do this by running another iteration of the switch
|
|
|
+ statement instead.
|
|
|
+ lib/vtls/gtls.c: switch statement rewritten as if statement.
|
|
|
+ lib/vtls/nss.c: the fallthrough codepath is simply copied into the
|
|
|
+ case as it's a single line. Also twiddle a comment to not be
|
|
|
+ inside a non-brace if statement.
|
|
|
|
|
|
- Closes #7468
|
|
|
+ Closes: #7322
|
|
|
+ See-also: #7295
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-- curl.1: mention "global" flags
|
|
|
+Marcel Raad (28 Sep 2021)
|
|
|
+- config-win32ce: enable WinSock 2
|
|
|
|
|
|
- Mention options that are "global". A global command line option is one
|
|
|
- that doesn't get reset at --next uses and therefore don't need to be
|
|
|
- used again.
|
|
|
+ WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of
|
|
|
+ support since 2013).
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10)
|
|
|
|
|
|
- Fixes #7457
|
|
|
- Closes #7510
|
|
|
+ Closes https://github.com/curl/curl/pull/7778
|
|
|
|
|
|
-- CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
|
|
|
+- externalsocket: use WinSock 2.2
|
|
|
|
|
|
- Reported-by: Daniel Woelfel
|
|
|
- Fixes #7441
|
|
|
- Closes #7509
|
|
|
-
|
|
|
-- KNOWN_BUGS: add more HTTP/3 problems
|
|
|
+ That's the only version we support.
|
|
|
|
|
|
- Closes #7351
|
|
|
- Closes #7339
|
|
|
- Closes #7125
|
|
|
+ Closes https://github.com/curl/curl/pull/7778
|
|
|
|
|
|
-Marc Hoersken (27 Jul 2021)
|
|
|
-- CI/azure: reduce compile time with increased parallism
|
|
|
+- build: remove checks for WinSock 1
|
|
|
|
|
|
- Azure Pipelines CI VMs have 2 CPUs, let's use them.
|
|
|
+ It's not supported anymore.
|
|
|
|
|
|
- Closes #7489
|
|
|
-
|
|
|
-Jay Satiro (27 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7778
|
|
|
|
|
|
- docs: fix grammar
|
|
|
+Daniel Stenberg (28 Sep 2021)
|
|
|
+- scripts/copyright: .muse is .lift now
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7444
|
|
|
- Fixes https://github.com/curl/curl/issues/7451
|
|
|
- Fixes https://github.com/curl/curl/issues/7465
|
|
|
- Closes https://github.com/curl/curl/pull/7495
|
|
|
+ And update 5 files with old copyright year range
|
|
|
|
|
|
-- mail-rcpt.d: fix grammar
|
|
|
-
|
|
|
- Remove confusing sentence that says to specify an e-mail address for
|
|
|
- mail transfer, since that's implied.
|
|
|
+- cmdline-opts: made the 'Added:' field mandatory
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ Since "too old" versions are no longer included in the generated man
|
|
|
+ page, this field is now mandatory so that it won't be forgotten and then
|
|
|
+ not included in the documentation.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7452
|
|
|
- Closes https://github.com/curl/curl/pull/7495
|
|
|
+ Closes #7786
|
|
|
|
|
|
-Daniel Stenberg (27 Jul 2021)
|
|
|
-- c-hyper: remove the hyper_executor_poll() loop from Curl_http
|
|
|
+- curl.1: remove mentions of really old version changes
|
|
|
|
|
|
- 1. it's superfluous
|
|
|
- 2. it didn't work identically to the Curl_hyper_stream one which could
|
|
|
- cause problems like #7486
|
|
|
+ To make the man page more readable, this change removes all references
|
|
|
+ to changes in support/versions etc that happened before 7.30.0 from the
|
|
|
+ curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular
|
|
|
+ limit is a bit arbitrary but was fairly easy to grep for.
|
|
|
|
|
|
- Pointed-out-by: David Cook
|
|
|
- Closes #7499
|
|
|
-
|
|
|
-- curl-openssl.m4: check lib64 for the pkg-config file
|
|
|
+ It is handled like this: the 'Added' keyword is only used in output if
|
|
|
+ it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in
|
|
|
+ description will be stripped out if the mentioned $VERSION is from
|
|
|
+ before 7.30.0. It is therefore important that the "Added in..."
|
|
|
+ references are always written exactly like that - and on a single line,
|
|
|
+ not split over two.
|
|
|
|
|
|
- OpenSSL recently started putting the libs in $prefix/lib64 on 'make
|
|
|
- install', so we check that directory for pkg-config data if the 'lib'
|
|
|
- check fails.
|
|
|
+ This change removes about 80 version number references from curl.1, down
|
|
|
+ to 138 from 218.
|
|
|
|
|
|
- Closes #7503
|
|
|
+ Closes #7786
|
|
|
|
|
|
-- CURLOPT_SSL_CTX_*.3: tidy up the example
|
|
|
-
|
|
|
- Use the proper code style. Don't store return codes that aren't read.
|
|
|
- Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well.
|
|
|
-
|
|
|
- Closes #7500
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- example/cookie_interface: fix scan-build printf warning
|
|
|
+- tool_cb_prg: make resumed upload progress bar show better
|
|
|
|
|
|
- Follow-up to 4b79c4fb565
|
|
|
+ This is a regression that was *probably* injected in the larger progress
|
|
|
+ bar overhaul in 2018.
|
|
|
|
|
|
- Fixes #7497
|
|
|
- Closes #7498
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Reported-by: beslick5 on github
|
|
|
+ Fixes #7760
|
|
|
+ Closes #7777
|
|
|
|
|
|
- limit-rate.d: clarify base unit
|
|
|
+- gen.pl: insert the current date and version in generated man page
|
|
|
|
|
|
- Fixes #7439
|
|
|
- Closes #7494
|
|
|
-
|
|
|
-- [Carlo Marcelo Arenas Belón brought this change]
|
|
|
+ Reported-by: Gisle Vanem
|
|
|
+ Ref: #7780
|
|
|
+ Closes #7782
|
|
|
|
|
|
- examples/cookie_interface: avoid printfing time_t directly
|
|
|
-
|
|
|
- time_t representation is undefined and varies on bitsize and signedness,
|
|
|
- and as of C11 could be even non integer.
|
|
|
-
|
|
|
- instead of casting to unsigned long (which would truncate in systems
|
|
|
- with a 32bit long after 2106) use difftime to get the elapsed time as a
|
|
|
- double and print that (without decimals) instead.
|
|
|
+- NTLM: use DES_set_key_unchecked with OpenSSL
|
|
|
|
|
|
- alternatively a cast to curl_off_t and its corresponding print
|
|
|
- formatting could have been used (at least in POSIX) but portability and
|
|
|
- curl agnostic code was prioritized.
|
|
|
+ ... as the previously used function DES_set_key() will in some cases
|
|
|
+ reject using a key that it deems "weak" which will cause curl to
|
|
|
+ continue using the unitialized buffer content as key instead.
|
|
|
|
|
|
- Closes #7490
|
|
|
+ Assisted-by: Harry Sintonen
|
|
|
+ Fixes #7779
|
|
|
+ Closes #7781
|
|
|
|
|
|
-Marc Hoersken (25 Jul 2021)
|
|
|
-- tests/servers: remove obsolete pid variable
|
|
|
+Marc Hoersken (27 Sep 2021)
|
|
|
+- CI: align make and test flags in various config files
|
|
|
|
|
|
- Variable is not used since pidfile handling moved to util.[ch]
|
|
|
+ 1. Use Makefile target to run tests in autotools builds on AppVeyor.
|
|
|
+ 2. Disable testing of SCP protocol on native Windows environments.
|
|
|
+ 3. Remove redundant parameters -a -p from target test-nonflaky.
|
|
|
+ 4. Don't use -vc parameter which is reserved for debugging.
|
|
|
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Closes #7482
|
|
|
+ Replaces #7591
|
|
|
+ Closes #7690
|
|
|
|
|
|
-- tests/servers: use our platform-aware pid for server verification
|
|
|
-
|
|
|
- The pid used for server verification is later stored as pid2 in
|
|
|
- the hash of running test servers and therefore used for shutdown.
|
|
|
-
|
|
|
- The pid used for shutdown must be the platform-aware (Win32) pid
|
|
|
- to avoid leaking test servers while running them using Cygwin/msys.
|
|
|
-
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Closes #7481
|
|
|
+Daniel Stenberg (27 Sep 2021)
|
|
|
+- mailmap: unify Max!
|
|
|
|
|
|
-- tests/runtests.pl: cleanup copy&paste mistakes and unused code
|
|
|
-
|
|
|
- Reviewed-by: Jay Satiro
|
|
|
- Part of #7481
|
|
|
+- [Max Dymond brought this change]
|
|
|
|
|
|
-Daniel Stenberg (25 Jul 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ CURLOPT_PREREQFUNCTION: add new callback
|
|
|
|
|
|
- bumped to 7.78.1 for next release
|
|
|
-
|
|
|
-- http_proxy: clear 'sending' when the outgoing request is sent
|
|
|
+ Triggered before a request is made but after a connection is set up
|
|
|
|
|
|
- ... so that Curl_connect_getsock() will know how to wait for the socket
|
|
|
- to become readable and not writable after the entire CONNECT request has
|
|
|
- been issued.
|
|
|
+ Changes:
|
|
|
|
|
|
- Regression added in 7.77.0
|
|
|
+ - callback: Update docs and callback for pre-request callback
|
|
|
+ - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
|
|
|
+ - Add redirect test and callback failure test
|
|
|
+ - Note that the function may be called multiple times on a redirection
|
|
|
+ - Disable new 2086 test due to Windows weirdness
|
|
|
|
|
|
- Reported-by: zloi-user on github
|
|
|
- Assisted-by: Jay Satiro
|
|
|
- Fixes #7155
|
|
|
- Closes #7484
|
|
|
-
|
|
|
-Jay Satiro (25 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Closes #7477
|
|
|
|
|
|
- openssl: fix grammar
|
|
|
+- KNOWN_BUGS: HTTP/2 connections through HTTPS proxy frequently stall
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7480
|
|
|
+ Closes #6936
|
|
|
|
|
|
-- configure.ac: tweak nghttp2 library name fix again
|
|
|
-
|
|
|
- - Change extraction to handle multiple library names returned by
|
|
|
- pkg-config (eg a possible scenario with pkg-config --static).
|
|
|
-
|
|
|
- Ref: https://github.com/curl/curl/pull/7472
|
|
|
+- TODO: make configure use --cache-file more and better
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7485
|
|
|
+ Closes #7753
|
|
|
|
|
|
-Dan Fandrich (23 Jul 2021)
|
|
|
-- Get rid of the unused HAVE_SIG_ATOMIC_T et. al.
|
|
|
-
|
|
|
- It was added in 2006 but I see no evidence it was ever used.
|
|
|
+- [Sergey Markelov brought this change]
|
|
|
|
|
|
-Jay Satiro (23 Jul 2021)
|
|
|
-- docs: change max-filesize caveat again
|
|
|
-
|
|
|
- - Add protocols field to max-filesize.d.
|
|
|
-
|
|
|
- - Revert wording on unknown file size caveat and do not discuss specific
|
|
|
- protocols in that section.
|
|
|
+ urlapi: support UNC paths in file: URLs on Windows
|
|
|
|
|
|
- Partial revert of ecf0225. All max-filesize options now have the list of
|
|
|
- protocols and it's clearer just to have that list without discussing
|
|
|
- specific protocols in the caveat.
|
|
|
+ - file://host.name/path/file.txt is a valid UNC path
|
|
|
+ \\host.name\path\files.txt to a non-local file transformed into URI
|
|
|
+ (RFC 8089 Appendix E.3)
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ - UNC paths on other OSs must be smb: URLs
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762
|
|
|
+ Closes #7366
|
|
|
|
|
|
-Daniel Stenberg (22 Jul 2021)
|
|
|
-- [Christian Weisgerber brought this change]
|
|
|
+- [Gleb Ivanovsky brought this change]
|
|
|
|
|
|
- configure: tweak nghttp2 library name fix
|
|
|
-
|
|
|
- commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by
|
|
|
- assuming that LIB_H2 does not have any leading whitespace. At least
|
|
|
- OpenBSD's native pkg-config can produce such whitespace, though:
|
|
|
-
|
|
|
- $ pkg-config --libs-only-l libnghttp2
|
|
|
- -lnghttp2
|
|
|
+ urlapi: add curl_url_strerror()
|
|
|
|
|
|
- As a result, the configure check for libnghttp2 will erroneously fail.
|
|
|
+ Add curl_url_strerror() to convert CURLUcode into readable string and
|
|
|
+ facilitate easier troubleshooting in programs using URL API.
|
|
|
+ Extend CURLUcode with CURLU_LAST for iteration in unit tests.
|
|
|
+ Update man pages with a mention of new function.
|
|
|
+ Update example code and tests with new functionality where it fits.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-07/0050.html
|
|
|
- Closes #7472
|
|
|
+ Closes #7605
|
|
|
|
|
|
-- [Bastian Krause brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- docs/MQTT: update state of username/password support
|
|
|
+- [Mats Lindestam brought this change]
|
|
|
+
|
|
|
+ libssh2: add SHA256 fingerprint support
|
|
|
|
|
|
- PR #7243 implemented username/password support for MQTT, so let's drop
|
|
|
- these items from the caveats.
|
|
|
+ Added support for SHA256 fingerprint in command line curl and in
|
|
|
+ libcurl.
|
|
|
|
|
|
- Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
|
|
+ Closes #7646
|
|
|
+
|
|
|
+- libcurl.rc: switch out the copyright symbol for plain ASCII
|
|
|
|
|
|
- Closes #7474
|
|
|
+ Reported-by: Vitaly Varyvdin
|
|
|
+ Assisted-by: Viktor Szakats
|
|
|
+ Fixes #7765
|
|
|
+ Closes #7776
|
|
|
|
|
|
-- [Oleg Pudeyev brought this change]
|
|
|
+- [Jun-ya Kato brought this change]
|
|
|
|
|
|
- CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
|
|
|
+ ngtcp2: fix QUIC transport parameter version
|
|
|
|
|
|
- Closes #7470
|
|
|
+ fix inappropriate version setting for QUIC transport parameters.
|
|
|
+ this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29).
|
|
|
+
|
|
|
+ Closes #7771
|
|
|
|
|
|
-Version 7.78.0 (21 Jul 2021)
|
|
|
+- examples/imap-append: fix end-of-data check
|
|
|
+
|
|
|
+ Reported-by: Alexander Chuykov
|
|
|
+ Fixes #7774
|
|
|
+ Closes #7775
|
|
|
|
|
|
-Daniel Stenberg (21 Jul 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+Michael Kaufmann (24 Sep 2021)
|
|
|
+- vtls: Fix a memory leak if an SSL session cannot be added to the cache
|
|
|
|
|
|
- curl 7.78.0 release
|
|
|
+ On connection shutdown, a new TLS session ticket may arrive after the
|
|
|
+ SSL session cache has already been destructed. In this case, the new
|
|
|
+ SSL session cannot be added to the SSL session cache.
|
|
|
+
|
|
|
+ The callers of Curl_ssl_addsessionid() need to know whether the SSL
|
|
|
+ session has been added to the cache. If it has not been added, the
|
|
|
+ reference counter of the SSL session must not be incremented, or memory
|
|
|
+ used by the SSL session must be freed. This is now possible with the new
|
|
|
+ output parameter "added" of Curl_ssl_addsessionid().
|
|
|
+
|
|
|
+ Fixes #7683
|
|
|
+ Closes #7752
|
|
|
|
|
|
-- winbuild/MakefileBuild.vc: bump copyright year
|
|
|
+Daniel Stenberg (24 Sep 2021)
|
|
|
+- [Momoka Yamamoto brought this change]
|
|
|
|
|
|
-Jay Satiro (21 Jul 2021)
|
|
|
-- docs: mention max-filesize options also apply to MQTT transfers
|
|
|
-
|
|
|
- Also make it clearer that the caveat 'if the file size is unknown it
|
|
|
- the option will have no effect' may apply to protocols other than FTP
|
|
|
- and HTTP.
|
|
|
+ HTTP3.md: use 'autoreconf -fi' instead of buildconf
|
|
|
|
|
|
- Reported-by: Josh Soref
|
|
|
+ buildconf is not used since #5853
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7453
|
|
|
+ Closes #7746
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- GIT-INFO: rephrase to adapt to s/buildconf/autoreconf
|
|
|
|
|
|
- docs/cmdline: fix grammar and typos
|
|
|
+- [h1zzz brought this change]
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ llist: remove redundant code, branch will not be executed
|
|
|
+
|
|
|
+ Closes #7770
|
|
|
|
|
|
- dump-header.d: Drop suggestion to use for cookie storage
|
|
|
+- [tlahn brought this change]
|
|
|
+
|
|
|
+ HTTP-COOKIES.md: remove duplicate 'each'
|
|
|
|
|
|
- Since --cookie-jar is the preferred way to store cookies, no longer
|
|
|
- suggest using --dump-header to do so.
|
|
|
+ Closes #7772
|
|
|
+
|
|
|
+Jay Satiro (24 Sep 2021)
|
|
|
+- [Joel Depooter brought this change]
|
|
|
+
|
|
|
+ libssh2: Get the version at runtime if possible
|
|
|
|
|
|
- Co-authored-by: Daniel Stenberg
|
|
|
+ Previously this code used a compile time constant, meaning that libcurl
|
|
|
+ always reported the libssh2 version that libcurl was built with. This
|
|
|
+ could differ from the libssh2 version actually being used. The new code
|
|
|
+ uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
|
|
|
+ macro calls the libssh2_version function if it is available, otherwise
|
|
|
+ it falls back to the compile time version.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/issues/7414
|
|
|
+ Closes https://github.com/curl/curl/pull/7768
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- [Joel Depooter brought this change]
|
|
|
|
|
|
- doc/cmdline: fix grammar and typos
|
|
|
+ schannel: fix typo
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7454
|
|
|
- Closes https://github.com/curl/curl/pull/7455
|
|
|
- Closes https://github.com/curl/curl/pull/7456
|
|
|
- Closes https://github.com/curl/curl/pull/7459
|
|
|
- Closes https://github.com/curl/curl/pull/7460
|
|
|
- Closes https://github.com/curl/curl/pull/7461
|
|
|
- Closes https://github.com/curl/curl/pull/7462
|
|
|
- Closes https://github.com/curl/curl/pull/7463
|
|
|
+ Closes https://github.com/curl/curl/pull/7769
|
|
|
|
|
|
-Daniel Stenberg (20 Jul 2021)
|
|
|
-- vtls: fix connection reuse checks for issuer cert and case sensitivity
|
|
|
+Daniel Stenberg (23 Sep 2021)
|
|
|
+- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
|
|
|
|
|
|
- CVE-2021-22924
|
|
|
+ To avoid the "... is deprecated" warnings brought by OpenSSL v3.
|
|
|
+ (We need to address the underlying code at some point of course.)
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22924.html
|
|
|
+ Assisted-by: Jakub Zakrzewski
|
|
|
+ Closes #7767
|
|
|
|
|
|
-- sectransp: check for client certs by name first, then file
|
|
|
+- curl-openssl: pass argument to sed single-quoted
|
|
|
|
|
|
- CVE-2021-22926
|
|
|
+ ... instead of using an escaped double-quote. This is an attempt to make
|
|
|
+ this work better with ksh that otherwise would insist on a double
|
|
|
+ escape!
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22926.html
|
|
|
+ Reported-by: Randall S. Becker
|
|
|
+ Fixes #7758
|
|
|
+ Closes #7764
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Assisted-by: Daniel Gustafsson
|
|
|
- Reported-by: Harry Sintonen
|
|
|
+ Bumped curlver to 7.80.0-dev
|
|
|
|
|
|
-- telnet: fix option parser to not send uninitialized contents
|
|
|
+- [a1346054 brought this change]
|
|
|
+
|
|
|
+ misc: fix typos in docs and comments
|
|
|
|
|
|
- CVS-2021-22925
|
|
|
+ No user facing output from curl/libcurl is changed by this, just
|
|
|
+ comments.
|
|
|
|
|
|
- Reported-by: Red Hat Product Security
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22925.html
|
|
|
+ Closes #7747
|
|
|
|
|
|
-Jay Satiro (20 Jul 2021)
|
|
|
-- connect: fix wrong format specifier in connect error string
|
|
|
+- [Thomas M. DuBuisson brought this change]
|
|
|
+
|
|
|
+ ci: update Lift config to match requirements of curl build
|
|
|
|
|
|
- 0842175 (not in any release) used the wrong format specifier (long int)
|
|
|
- for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
|
|
|
- 64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
|
|
|
- upper 32-bits of the timediff_t were erroneously then used by the next
|
|
|
- format specifier. Usually since the timeout isn't larger than 32-bits
|
|
|
- this would result in null as a pointer to the string with the reason for
|
|
|
- the connection failing. On other OSes or maybe other compilers it could
|
|
|
- probably result in garbage values (ie crash on deref).
|
|
|
+ Also renamed Muse -> Lift, the new tool name.
|
|
|
|
|
|
- Before:
|
|
|
- Failed to connect to localhost port 12345 after 1201 ms: (nil)
|
|
|
+ Closes #7761
|
|
|
+
|
|
|
+- [Rikard Falkeborn brought this change]
|
|
|
+
|
|
|
+ cleanup: constify unmodified static structs
|
|
|
|
|
|
- After:
|
|
|
- Failed to connect to localhost port 12345 after 1203 ms: Connection refused
|
|
|
+ Constify a number of static structs that are never modified. Make them
|
|
|
+ const to show this.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7449
|
|
|
+ Closes #7759
|
|
|
|
|
|
-- winbuild: support alternate nghttp2 static lib name
|
|
|
+Version 7.79.1 (22 Sep 2021)
|
|
|
+
|
|
|
+Daniel Stenberg (22 Sep 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- - Support both nghttp2.lib and nghttp2_static.lib for static nghttp2.
|
|
|
+ curl 7.79.1 release
|
|
|
+
|
|
|
+- THANKS: added names from the 7.79.1 release
|
|
|
+
|
|
|
+- test897: verify delivery of IMAP post-body header content
|
|
|
|
|
|
- nghttp2 briefly changed its static lib name to nghttp2_static, but then
|
|
|
- made the _static suffix optional.
|
|
|
+ The "content" is delivered as "body" by curl, but the envelope continues
|
|
|
+ after the body and the rest of it should be delivered as header.
|
|
|
|
|
|
- Ref: https://github.com/nghttp2/nghttp2/pull/1394
|
|
|
- Ref: https://github.com/nghttp2/nghttp2/pull/1418
|
|
|
- Ref: https://github.com/nghttp2/nghttp2/issues/1466
|
|
|
+ The IMAP server can now get 'POSTFETCH' set to include more data to
|
|
|
+ include after the body and test 897 is done to verify that such "extra"
|
|
|
+ header data is in fact delivered by curl as header.
|
|
|
|
|
|
- Reported-by: Pierre Yager
|
|
|
+ Ref: #7284 but fails to reproduce the issue
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7446
|
|
|
- Closes https://github.com/curl/curl/pull/7447
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Closes #7748
|
|
|
|
|
|
- docs/cmdline: fix grammar and typos
|
|
|
+- KNOWN_BUGS: connection migration doesn't work
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7432
|
|
|
- Closes https://github.com/curl/curl/pull/7436
|
|
|
- Closes https://github.com/curl/curl/pull/7438
|
|
|
- Closes https://github.com/curl/curl/pull/7440
|
|
|
- Closes https://github.com/curl/curl/pull/7445
|
|
|
+ Closes #7695
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- delegation.d: mention what happens when used multiple times
|
|
|
+- http: fix the broken >3 digit response code detection
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7408
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
-
|
|
|
- create-file-mode.d: mention what happens when used multiple times
|
|
|
+ When the "reason phrase" in the HTTP status line starts with a digit,
|
|
|
+ that was treated as the forth response code digit and curl would claim
|
|
|
+ the response to be non-compliant.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7407
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
-
|
|
|
- config.d: split comments and option-per line
|
|
|
+ Added test 1466 to verify this case.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7405
|
|
|
-
|
|
|
-Daniel Stenberg (19 Jul 2021)
|
|
|
-- misc: copyright year range updates
|
|
|
-
|
|
|
-- mailmap: add Tobias and Timur
|
|
|
-
|
|
|
-Daniel Gustafsson (18 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Regression brought by 5dc594e44f73b17
|
|
|
+ Reported-by: Glenn de boer
|
|
|
+ Fixes #7738
|
|
|
+ Closes #7739
|
|
|
|
|
|
- docs: spell out directories instead of dirs in create-dirs
|
|
|
+Jay Satiro (17 Sep 2021)
|
|
|
+- strerror: use sys_errlist instead of strerror on Windows
|
|
|
|
|
|
- Write out directories rather than using the dirs abbrevation. Also
|
|
|
- use plural form consistently, even if the code in the end might just
|
|
|
- create a single directory.
|
|
|
+ - Change Curl_strerror to use sys_errlist[errnum] instead of strerror to
|
|
|
+ retrieve the error message on Windows.
|
|
|
|
|
|
- Closes #7406
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-- [Tobias Nyholm brought this change]
|
|
|
+ Windows' strerror writes to a static buffer and is not thread-safe.
|
|
|
+
|
|
|
+ Follow-up to 2f0bb86 which removed most instances of strerror in favor
|
|
|
+ of calling Curl_strerror (which calls strerror_r for other platforms).
|
|
|
+
|
|
|
+ Ref: https://github.com/curl/curl/pull/7685
|
|
|
+ Ref: https://github.com/curl/curl/commit/2f0bb86
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7735
|
|
|
|
|
|
- docs: correct spelling errors and a broken link
|
|
|
+Daniel Stenberg (16 Sep 2021)
|
|
|
+- dist: provide lib/.checksrc in the tarball
|
|
|
|
|
|
- Update grammar and spelling in docs and source code comments.
|
|
|
+ So that debug builds work (checksrc really)
|
|
|
|
|
|
- Closes: #7427
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Reported-by: Marcel Raad
|
|
|
+ Reported-by: tawmoto on github
|
|
|
+ Fixes #7733
|
|
|
+ Closes #7734
|
|
|
|
|
|
-Marc Hoersken (18 Jul 2021)
|
|
|
-- CI/cirrus: install impacket from PyPI instead of FreeBSD packages
|
|
|
+- TODO: Improve documentation about fork safety
|
|
|
|
|
|
- Availability of impacket as FreeBSD package is too flaky.
|
|
|
+ Closes #6968
|
|
|
+
|
|
|
+- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
|
|
|
|
|
|
- Stick to legacy version of cryptography which still
|
|
|
- supports OpenSSL version 1.0.2 due to FreeBSD 11.
|
|
|
+ ... and have CURLE_ABORTED_BY_CALLBACK returned.
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
+ Extended test 1915 to verify.
|
|
|
|
|
|
- Closes #7418
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Fixes #7726
|
|
|
+ Closes #7729
|
|
|
|
|
|
-Daniel Stenberg (18 Jul 2021)
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- test1184: disable
|
|
|
+
|
|
|
+ The test should be fine and it works for me repeated when run manually,
|
|
|
+ but clearly it causes CI failures and it needs more research.
|
|
|
+
|
|
|
+ Reported-by: RiderALT on github
|
|
|
+ Fixes #7725
|
|
|
+ Closes #7732
|
|
|
|
|
|
- docs/cmdline: mention what happens when used multiple times
|
|
|
+- Curl_http2_setup: don't change connection data on repeat invokes
|
|
|
|
|
|
- For --dns-ipv4-addr, --dns-ipv6-addr and --dns-servers
|
|
|
+ Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
|
|
|
+ transfer oriented inits to before the check but also erroneously moved a
|
|
|
+ few connection oriented ones, which causes problems.
|
|
|
|
|
|
- Closes #7410
|
|
|
- Closes #7411
|
|
|
- Closes #7412
|
|
|
+ Reported-by: Evangelos Foutras
|
|
|
+ Fixes #7730
|
|
|
+ Closes #7731
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+ and bump to 7.79.1
|
|
|
|
|
|
- lib: fix compiler warnings with CURL_DISABLE_NETRC
|
|
|
+Kamil Dudka (16 Sep 2021)
|
|
|
+- tests/sshserver.pl: make it work with openssh-8.7p1
|
|
|
|
|
|
- warning C4189: 'netrc_user_changed': local variable is initialized but
|
|
|
- not referenced
|
|
|
+ ... by not using options with no argument where an argument is required:
|
|
|
|
|
|
- warning C4189: 'netrc_passwd_changed': local variable is initialized but
|
|
|
- not referenced
|
|
|
+ === Start of file tests/log/ssh_server.log
|
|
|
+ curl_sshd_config line 6: no argument after keyword "DenyGroups"
|
|
|
+ curl_sshd_config line 7: no argument after keyword "AllowGroups"
|
|
|
+ curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
|
|
|
+ curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
|
|
|
+ curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
|
|
|
+ curl_sshd_config line 40: Deprecated option RSAAuthentication
|
|
|
+ curl_sshd_config line 41: Deprecated option ServerKeyBits
|
|
|
+ curl_sshd_config line 45: Deprecated option UseLogin
|
|
|
+ curl_sshd_config line 56: no argument after keyword "AcceptEnv"
|
|
|
+ curl_sshd_config: terminating, 3 bad configuration options
|
|
|
+ === End of file tests/log/ssh_server.log
|
|
|
|
|
|
- Closes #7423
|
|
|
-
|
|
|
-- disable-epsv.d: remove duplicate "(FTP)"
|
|
|
+ === Start of file log/sftp_server.log
|
|
|
+ curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
|
|
|
+ curl_sftp_config line 34: Unsupported option "rsaauthentication"
|
|
|
+ curl_sftp_config line 52: no argument after keyword "sendenv"
|
|
|
+ curl_sftp_config: terminating, 1 bad configuration options
|
|
|
+ Connection closed.
|
|
|
+ Connection closed
|
|
|
+ === End of file log/sftp_server.log
|
|
|
|
|
|
- ... since the tooling adds that to the output based on the "Protocols:"
|
|
|
- tag.
|
|
|
-
|
|
|
-- [Max Zettlmeißl brought this change]
|
|
|
+ Closes #7724
|
|
|
|
|
|
- docs: make the documentation for --etag-save match the program behaviour
|
|
|
+Daniel Stenberg (15 Sep 2021)
|
|
|
+- hsts: handle unlimited expiry
|
|
|
|
|
|
- When using curl with the option `--etag-save` I expected it to save the
|
|
|
- ETag without its surrounding quotes, as stated by the documentation in
|
|
|
- the repository and by the generated man pages.
|
|
|
+ When setting a blank expire string, meaning unlimited, curl would pass
|
|
|
+ TIME_T_MAX to getime_r() when creating the output, while on 64 bit
|
|
|
+ systems such a large value cannot be convetered to a tm struct making
|
|
|
+ curl to exit the loop with an error instead. It can't be converted
|
|
|
+ because the year it would represent doesn't fit in the 'int tm_year'
|
|
|
+ field!
|
|
|
|
|
|
- My first endeavour was to fix the program, but while investigating the
|
|
|
- history of the relevant parts, I discovered that curl once saved the
|
|
|
- ETag without the quotes. This was undone by Daniel Stenberg in commit
|
|
|
- `98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in
|
|
|
- this case the documentation should be adjusted to match the behaviour of
|
|
|
- curl.
|
|
|
+ Starting now, unlimited expiry is instead handled differently by using a
|
|
|
+ human readable expiry date spelled out as "unlimited" instead of trying
|
|
|
+ to use a distant actual date.
|
|
|
|
|
|
- The changed save behaviour also made parts of the `--etag-compare`
|
|
|
- documentation wrong or superfluous, so I adjusted those accordingly.
|
|
|
+ Test 1660 and 1915 have been updated to help verify this change.
|
|
|
|
|
|
- Closes #7429
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Fixes #7720
|
|
|
+ Closes #7721
|
|
|
|
|
|
- write-out.d: add missing periods
|
|
|
+- curl_multi_fdset: make FD_SET() not operate on sockets out of range
|
|
|
|
|
|
- Closes #7404
|
|
|
+ The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
|
|
|
+ built to use select(), even though the curl_multi_fdset() function
|
|
|
+ always and unconditionally uses FD_SET and needs the check.
|
|
|
+
|
|
|
+ Reported-by: 0xee on github
|
|
|
+ Fixes #7718
|
|
|
+ Closes #7719
|
|
|
|
|
|
-- [Josie Huddleston brought this change]
|
|
|
+- FAQ: add GOPHERS + curl works on data, not files
|
|
|
|
|
|
- easy: during upkeep, attach Curl_easy to connections in the cache
|
|
|
+Version 7.79.0 (14 Sep 2021)
|
|
|
+
|
|
|
+Daniel Stenberg (14 Sep 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- During the protocol-specific parts of connection upkeep, some code
|
|
|
- assumes that the data->conn pointer already is set correctly. However,
|
|
|
- there's currently no guarantee of that in the code.
|
|
|
+ For the 7.79.0 release
|
|
|
+
|
|
|
+- THANKS: add contributors from 7.79.0 release cycle
|
|
|
+
|
|
|
+- FAQ: add two dev related questions
|
|
|
|
|
|
- This fix temporarily attaches each connection to the Curl_easy object
|
|
|
- before performing the protocol-specific connection check on it, in a
|
|
|
- similar manner to the connection checking in extract_if_dead().
|
|
|
+ 8.1 Why does curl use C89?
|
|
|
+ 8.2 Will curl be rewritten?
|
|
|
|
|
|
- Fixes #7386
|
|
|
- Closes #7387
|
|
|
- Reported-by: Josie Huddleston
|
|
|
-
|
|
|
-- [Josh Soref brought this change]
|
|
|
+ Spell-checked-by: Paul Johnson
|
|
|
+ Closes #7715
|
|
|
|
|
|
- cleanup: spell DoH with a lowercase o
|
|
|
+- zuul.d/jobs: disable three tests for *-openssl-disable-proxy
|
|
|
|
|
|
- Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
|
|
+ ... as they mysteriously seem to permfail without being related to
|
|
|
+ proxy.
|
|
|
|
|
|
- Closes #7413
|
|
|
+ Closes #7714
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- TheArtOfHttpScripting: polish
|
|
|
+ ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
|
|
|
|
|
|
- - add missing backticks and comma
|
|
|
+ If a server pipelines future responses within the STARTTLS response, the
|
|
|
+ former are preserved in the pingpong cache across TLS negotiation and
|
|
|
+ used as responses to the encrypted commands.
|
|
|
|
|
|
- - fix proxy description:
|
|
|
+ This fix detects pipelined STARTTLS responses and rejects them with an
|
|
|
+ error.
|
|
|
|
|
|
- * example proxy isn't local
|
|
|
- * locally doesn't really make sense
|
|
|
+ CVE-2021-22947
|
|
|
|
|
|
- Closes #7416
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22947.html
|
|
|
|
|
|
-- [Josh Soref brought this change]
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
|
|
|
- form.d: add examples of `,`/`;` for file[name]
|
|
|
+ ftp,imap,pop3: do not ignore --ssl-reqd
|
|
|
|
|
|
- Fixes #7415
|
|
|
- Closes #7417
|
|
|
-
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
-
|
|
|
- mbedtls: Remove unnecessary include
|
|
|
+ In imap and pop3, check if TLS is required even when capabilities
|
|
|
+ request has failed.
|
|
|
|
|
|
- - curl_setup.h: all references to mbedtls_md4* functions and structures
|
|
|
- are in the md4.c. This file already includes the <mbedtls/md4.h> file
|
|
|
- along with the file existence control (defined (MBEDTLS_MD4_C))
|
|
|
+ In ftp, ignore preauthentication (230 status of server greeting) if TLS
|
|
|
+ is required.
|
|
|
|
|
|
- - curl_ntlm_core.c: unnecessary include - repeated below
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22946.html
|
|
|
|
|
|
- Closes #7419
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ CVE-2021-22946
|
|
|
|
|
|
-Jay Satiro (16 Jul 2021)
|
|
|
-- [User Sg brought this change]
|
|
|
+- [z2_ on hackerone brought this change]
|
|
|
|
|
|
- multi: fix crash in curl_multi_wait / curl_multi_poll
|
|
|
-
|
|
|
- Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a
|
|
|
- VALID_SOCK check to one of the loops through the sockets but not the
|
|
|
- other.
|
|
|
+ mqtt: clear the leftovers pointer when sending succeeds
|
|
|
|
|
|
- Reported-by: sylgal@users.noreply.github.com
|
|
|
- Authored-by: sylgal@users.noreply.github.com
|
|
|
+ CVE-2021-22945
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7379
|
|
|
- Closes https://github.com/curl/curl/pull/7389
|
|
|
-
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22945.html
|
|
|
|
|
|
- tool_help: remove unused define
|
|
|
+- zuul: bump the rustls job to use v0.7.2
|
|
|
|
|
|
- The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
|
|
|
- cleaned out but one occurrence remained.
|
|
|
+ ... and add -lm when using a rust library.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7380
|
|
|
+ Closes #7701
|
|
|
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
+- RELEASE-PROCEDURE: add release dates from now to 8.0.0 in 2023
|
|
|
|
|
|
- build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
|
|
|
-
|
|
|
- fix compiler warnings about unused variables and parameters when
|
|
|
- built with --disable-verbose.
|
|
|
+- SECURITY-PROCESS: tweak a little to match current practices
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7377
|
|
|
-
|
|
|
-- [Andrea Pappacoda brought this change]
|
|
|
+ Closes #7713
|
|
|
|
|
|
- build: fix IoctlSocket FIONBIO check
|
|
|
+- http_proxy: fix the User-Agent inclusion in CONNECT
|
|
|
|
|
|
- Prior to this change HAVE_IOCTLSOCKET_CAMEL_FIONBIO mistakenly checked
|
|
|
- for (lowercase) ioctlsocket when it should have checked for IoctlSocket.
|
|
|
+ It should not refer to the uagent string that is allocated and created
|
|
|
+ for the end server http request, as that pointer may be cleared on
|
|
|
+ subsequent CONNECT requests.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7375
|
|
|
-
|
|
|
-- [Timur Artikov brought this change]
|
|
|
+ Added test case 1184 to verify.
|
|
|
+
|
|
|
+ Reported-by: T200proX7 on github
|
|
|
+ Fixes #7705
|
|
|
+ Closes #7707
|
|
|
|
|
|
- configure: fix nghttp2 library name for static builds
|
|
|
-
|
|
|
- Don't hardcode the nghttp2 library name,
|
|
|
- because it can vary, be "nghttp2_static" for example.
|
|
|
+- Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7367
|
|
|
- Closes https://github.com/curl/curl/pull/7368
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Fixes #7710
|
|
|
+ Closes #7711
|
|
|
|
|
|
-Gisle Vanem (16 Jul 2021)
|
|
|
-- [PellesC] fix _lseeki64() macro
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
-- [SChannel] Use '_tcsncmp()' instead
|
|
|
+ ngtcp2: fix build with ngtcp2 and nghttp3
|
|
|
|
|
|
- Revert previous change for PellesC.
|
|
|
+ ngtcp2_conn_client_new and nghttp3_conn_client_new are now macros.
|
|
|
+ Check the wrapped functions instead.
|
|
|
|
|
|
- Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`.
|
|
|
+ ngtcp2_stream_close callback now takes flags parameter.
|
|
|
+
|
|
|
+ Closes #7709
|
|
|
|
|
|
-- [PellesC] missing '_tcsnccmp'
|
|
|
+- write-out.d: clarify size_download/upload
|
|
|
|
|
|
- PellesC compiler does not have this macro in it's `<tchar.h>`
|
|
|
+ They show the number of "body" bytes transfered.
|
|
|
+ Fixes #7702
|
|
|
+ Closes #7706
|
|
|
|
|
|
-Daniel Gustafsson (14 Jul 2021)
|
|
|
-- TODO: add mention of mbedTLS 3 incompatibilities
|
|
|
+- http2: Curl_http2_setup needs to init stream data in all invokes
|
|
|
|
|
|
- Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible
|
|
|
- and curl no longer builds with it. Document the need to fix our support
|
|
|
- until so has been done.
|
|
|
+ Thus function was written to avoid doing multiple connection data
|
|
|
+ initializations, which is fine, but since it also initiates stream
|
|
|
+ related data it is crucial that it doesn't skip those even if called
|
|
|
+ again for the same connection. Solved by moving the stream
|
|
|
+ initializations before the "doing-it-again" check.
|
|
|
|
|
|
- Closes #7390
|
|
|
- Fixes #7385
|
|
|
- Reported-by: Wyatt OʼDay
|
|
|
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
+ Reported-by: Inho Oh
|
|
|
+ Fixes #7630
|
|
|
+ Closes #7692
|
|
|
|
|
|
-- docs: fix inconsistencies in EGDSOCKET documentation
|
|
|
+- url: fix compiler warning in no-verbose builds
|
|
|
|
|
|
- Only the OpenSSL backend actually use the EGDSOCKET, and also use
|
|
|
- TLS consistently rather than mixing SSL and TLS. While there, also
|
|
|
- fix a minor spelling nit.
|
|
|
+ Follow-up from 2f0bb864c12
|
|
|
|
|
|
- Closes: #7391
|
|
|
- Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
-
|
|
|
-- [Борис Верховский brought this change]
|
|
|
+ Closes #7700
|
|
|
|
|
|
- docs: document missing arguments to commands
|
|
|
+- non-ascii: fix build errors from strerror fix
|
|
|
|
|
|
- This is a followup to commit f410b9e538129e77607fef1 fixing a few
|
|
|
- more commands which takes arguments.
|
|
|
+ Follow-up to 2f0bb864c12
|
|
|
|
|
|
- Closes #7382
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-- [Randolf J brought this change]
|
|
|
+ Closes #7697
|
|
|
|
|
|
- docs: fix incorrect argument name reference
|
|
|
+- parse_args: redo the warnings for --remote-header-name combos
|
|
|
|
|
|
- The documentation for the read callback was erroneously referencing
|
|
|
- the nitems argument by nmemb. The error was introduced in commit
|
|
|
- ce0881edee3c7.
|
|
|
+ ... to avoid the memory leak risk pointed out by scan-build.
|
|
|
|
|
|
- Closes #7383
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-- [Борис Верховский brought this change]
|
|
|
-
|
|
|
- tool_help: Document that --tlspassword takes a password
|
|
|
+ Follow-up from 7a3e981781d6c18a
|
|
|
|
|
|
- Closes #7378
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Closes #7698
|
|
|
|
|
|
-- scripts: Fix typo in release-notes instructions
|
|
|
+- ngtcp2: adapt to new size defintions upstream
|
|
|
|
|
|
- The command to run had a typo in the pathname which prevented copy
|
|
|
- pasting it to work, which has annoyed me enough to fix this now.
|
|
|
+ Reviewed-by: Tatsuhiro Tsujikawa
|
|
|
+ Closes #7699
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- rustls: add strerror.h include
|
|
|
+
|
|
|
+ Follow-up to 2f0bb864c12
|
|
|
|
|
|
-Jay Satiro (10 Jul 2021)
|
|
|
-- write-out.d: Clarify urlnum is not unique for de-globbed URLs
|
|
|
+- docs: the security list is reached at security at curl.se now
|
|
|
|
|
|
- Reported-by: Коваленко Анатолий Викторович
|
|
|
+ Also update the FAQ section a bit to encourage users to rather submit
|
|
|
+ security issues on hackerone than sending email.
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7342
|
|
|
- Closes https://github.com/curl/curl/pull/7369
|
|
|
-
|
|
|
-Daniel Gustafsson (3 Jul 2021)
|
|
|
-- [William Desportes brought this change]
|
|
|
+ Closes #7689
|
|
|
|
|
|
- docs: Fix typos
|
|
|
+Marc Hoersken (9 Sep 2021)
|
|
|
+- runtests: add option -u to error on server unexpectedly alive
|
|
|
|
|
|
- Closes: #7370
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
-
|
|
|
-Daniel Stenberg (8 Jul 2021)
|
|
|
-- [Jonathan Wernberg brought this change]
|
|
|
-
|
|
|
- Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
|
|
|
+ Let's try to actually handle the server unexpectedly alive
|
|
|
+ case by first making them visible on CI builds as failures.
|
|
|
|
|
|
- The reverted commit introduced a logic error in code that was
|
|
|
- correct.
|
|
|
+ This is needed to detect issues with killing of the test
|
|
|
+ servers completely including nested process chains with
|
|
|
+ multiple PIDs per test server (including bash and perl).
|
|
|
|
|
|
- The client using libcurl would notice the error since FTP file
|
|
|
- uploads in active transfer mode would somtimes complete with
|
|
|
- success despite no transfer having been performed and the
|
|
|
- "uploaded" file thus not being on the remote server afterwards.
|
|
|
+ On Windows/cygwin platforms this is especially helpful with
|
|
|
+ debugging PID mixups due to cygwin using its own PID space.
|
|
|
|
|
|
- The FTP server would notice the error because it receives a
|
|
|
- RST on the data connection it has established with the client
|
|
|
- before any data was transferred at all.
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7180
|
|
|
+
|
|
|
+Daniel Stenberg (9 Sep 2021)
|
|
|
+- opts docs: unify phrasing in NAME header
|
|
|
|
|
|
- The logic error happens if the STOR response from the server have
|
|
|
- arrived by the time ftp_multi_statemach() in the affected code path
|
|
|
- is called, but the incoming data connection have not arrived yet.
|
|
|
- In that case, the processing of the STOR response will cause
|
|
|
- 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment
|
|
|
- in the code. Since 'complete' will also be set, later logic would
|
|
|
- believe the transfer was done.
|
|
|
+ - avoid writing "set ..." or "enable/disable ..." or "specify ..."
|
|
|
+ *All* options for curl_easy_setopt() are about setting or enabling
|
|
|
+ things and most of the existing options didn't use that way of
|
|
|
+ description.
|
|
|
|
|
|
- In most cases, the STOR response will not have arrived yet when
|
|
|
- the affected code path is executed, or the incoming connection will
|
|
|
- also have arrived, and thus the error would not express itself.
|
|
|
- But if the speed difference of the device using libcurl and the
|
|
|
- FTP server is exactly right, the error may happen as often as in
|
|
|
- one out of hundred file transfers.
|
|
|
+ - start with lowercase letter, unless abbreviation. For consistency.
|
|
|
|
|
|
- This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab.
|
|
|
+ - Some additional touch-ups
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-07/0025.html
|
|
|
- Closes #7362
|
|
|
+ Closes #7688
|
|
|
|
|
|
-- msnprintf: return number of printed characters excluding null byte
|
|
|
+- strerror.h: remove the #include from files not using it
|
|
|
+
|
|
|
+- lib: don't use strerror()
|
|
|
|
|
|
- ... even when the output is "capped" by the maximum length argument.
|
|
|
+ We have and provide Curl_strerror() internally for a reason: strerror()
|
|
|
+ is not necessarily thread-safe so we should always try to avoid it.
|
|
|
|
|
|
- Clarified in the docs.
|
|
|
+ Extended checksrc to warn for this, but feature the check disabled by
|
|
|
+ default and only enable it in lib/
|
|
|
|
|
|
- Closes #7361
|
|
|
+ Closes #7685
|
|
|
|
|
|
-- infof: remove newline from format strings, always append it
|
|
|
+Daniel Gustafsson (8 Sep 2021)
|
|
|
+- cirrus: Add FreeBSD 13.0 job and disable sanitizer build
|
|
|
|
|
|
- - the data needs to be "line-based" anyway since it's also passed to the
|
|
|
- debug callback/application
|
|
|
+ As alluded to the in the now removed comment, a 13.0 image became
|
|
|
+ available and is now ready to be used.
|
|
|
|
|
|
- - it makes infof() work like failf() and consistency is good
|
|
|
+ The sanitizer builds were running on the 12.1 image which since has
|
|
|
+ been removed from the config, leaving the builds not running at all.
|
|
|
+ When enabled it turns out that they don't actually work due to very
|
|
|
+ long timeouts in executing the tests, so keep the disabled for now
|
|
|
+ but a bit more controlled.
|
|
|
|
|
|
- - there's an assert that triggers on newlines in the format string
|
|
|
+ Closes #7592
|
|
|
+
|
|
|
+Daniel Stenberg (8 Sep 2021)
|
|
|
+- copyrights: update copyright year ranges
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- INTERNALS: c-ares has a new home: c-ares.org
|
|
|
+
|
|
|
+- docs: remove experimental mentions from HSTS and MQTT
|
|
|
|
|
|
- - Also removes a few instances of "..."
|
|
|
+ Reported-by: Jonathan Cardoso
|
|
|
+ Bug: https://github.com/curl/curl/pull/6700#issuecomment-913792863
|
|
|
+ Closes #7681
|
|
|
+
|
|
|
+- [Cao ZhenXiang brought this change]
|
|
|
+
|
|
|
+ curl: add warning for incompatible parameters usage
|
|
|
|
|
|
- - Removes the code that would append "..." to the end of the data *iff*
|
|
|
- it was truncated in infof()
|
|
|
+ --continue-at - and --remote-header-name are known incompatible parameters
|
|
|
|
|
|
- Closes #7357
|
|
|
+ Closes #7674
|
|
|
|
|
|
-- examples/multi-single: fix scan-build warning
|
|
|
-
|
|
|
- warning: Value stored to 'mc' during its initialization is never read
|
|
|
+- [git-bruh brought this change]
|
|
|
+
|
|
|
+ examples/*hiperfifo.c: fix calloc arguments to match function proto
|
|
|
|
|
|
- Follow-up to ae8e11ed5fd2ce
|
|
|
+ Closes #7678
|
|
|
+
|
|
|
+- INTERNALS: bump c-ares requirement to 1.16.0
|
|
|
|
|
|
- Closes #7360
|
|
|
+ Since ba904db0705c93 we use ares_getaddrinfo, added in c-ares 1.16.0
|
|
|
|
|
|
-- wolfssl: failing to set a session id is not reason to error out
|
|
|
+- curl: stop retry if Retry-After: is longer than allowed
|
|
|
|
|
|
- ... as it is *probably* just timed out.
|
|
|
+ If Retry-After: specifies a period that is longer than what fits within
|
|
|
+ --retry-max-time, then stop retrying immediately.
|
|
|
|
|
|
- Reported-by: Francisco Munoz
|
|
|
+ Added test 366 to verify.
|
|
|
|
|
|
- Closes #7358
|
|
|
+ Reported-by: Kari Pahula
|
|
|
+ Fixes #7675
|
|
|
+ Closes #7676
|
|
|
|
|
|
-- docs/examples: use curl_multi_poll() in multi examples
|
|
|
-
|
|
|
- The API is soon two years old and deserves being shown as the primary
|
|
|
- way to drive multi code as it makes it much easier to write code.
|
|
|
-
|
|
|
- multi-poll: removed
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ mbedtls: avoid using a large buffer on the stack
|
|
|
|
|
|
- multi-legacy: add to show how we did multi API use before
|
|
|
- curl_multi_wait/poll.
|
|
|
+ Use dynamic memory allocation for the buffer used in checking "pinned
|
|
|
+ public key". The PUB_DER_MAX_BYTES parameter with default settings is
|
|
|
+ set to a value greater than 2kB.
|
|
|
|
|
|
- Closes #7352
|
|
|
+ Co-authored-by: Daniel Stenberg
|
|
|
+ Closes #7586
|
|
|
|
|
|
-- KNOWN_BUGS: flaky Windows CI builds
|
|
|
+- configure: make --disable-hsts work
|
|
|
+
|
|
|
+ The AC_ARG_ENABLE() macro itself uses a variable called
|
|
|
+ 'enable_[option]', so when our script also used a variable with that
|
|
|
+ name for the purpose of storing what the user wants, it also
|
|
|
+ accidentally made it impossible to switch off the feature with
|
|
|
+ --disable-hsts. Fix this by renaming our variable.
|
|
|
|
|
|
- Closes #6972
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Reported-by: Michał Antoniak
|
|
|
+ Fixes #7669
|
|
|
+ Closes #7672
|
|
|
|
|
|
-- test1147: hyper doesn't allow "crazy" request headers like built-in
|
|
|
+Jay Satiro (5 Sep 2021)
|
|
|
+- config.d: note that curlrc is used even when --config
|
|
|
|
|
|
- ... so strip that from the test.
|
|
|
+ Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
|
|
|
+ Reported-by: Viktor Szakats
|
|
|
|
|
|
- Closes #7349
|
|
|
+ Closes https://github.com/curl/curl/pull/7667
|
|
|
|
|
|
-- c-hyper: bail on too long response headers
|
|
|
+Daniel Stenberg (4 Sep 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- test1173: check references to libcurl options
|
|
|
|
|
|
- To match with built-in behaviors. Makes test 1154 work.
|
|
|
+ ... that they refer to actual existing libcurl options.
|
|
|
|
|
|
- Closes #7350
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7656
|
|
|
|
|
|
-- test1151: added missing CRLF to work with hyper
|
|
|
+- CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also
|
|
|
|
|
|
- Closes #7350
|
|
|
+ Closes #7656
|
|
|
|
|
|
-- c-hyper: add support for transfer-encoding in the request
|
|
|
+- opt-docs: verify man page sections + order
|
|
|
|
|
|
- Closes #7348
|
|
|
-
|
|
|
-- [Andrea Pappacoda brought this change]
|
|
|
-
|
|
|
- cmake: remove libssh2 feature checks
|
|
|
+ In every libcurl option man page there are now 8 mandatory sections that
|
|
|
+ must use the right name in the correct order and test 1173 verifies
|
|
|
+ this. Only 14 man pages needed adjustments.
|
|
|
|
|
|
- libssh2 features are detected based on version since commit
|
|
|
- 9dbbba997608f7c3c5de1c627c77c8cd2aa85b73
|
|
|
+ The sections and the order is as follows:
|
|
|
|
|
|
- Closes #7343
|
|
|
-
|
|
|
-- test1116: hyper doesn't pass through "surprise-trailers"
|
|
|
+ - NAME
|
|
|
+ - SYNOPSIS
|
|
|
+ - DESCRIPTION
|
|
|
+ - PROTOCOLS
|
|
|
+ - EXAMPLE
|
|
|
+ - AVAILABILITY
|
|
|
+ - RETURN VALUE
|
|
|
+ - SEE ALSO
|
|
|
|
|
|
- Closes #7344
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7656
|
|
|
|
|
|
-- socks4: scan for the IPv4 address in resolve results
|
|
|
+- opt-docs: make sure all man pages have examples
|
|
|
|
|
|
- Follow-up to 84d2839740 which changed the resolving to always resolve
|
|
|
- both address families, but since SOCKS4 only supports IPv4 it should
|
|
|
- scan for and use the first available IPv4 address.
|
|
|
+ Extended manpage-syntax.pl (run by test 1173) to check that every man
|
|
|
+ page for a libcurl option has an EXAMPLE section that is more than two
|
|
|
+ lines. Then fixed all errors it found and added examples.
|
|
|
|
|
|
- Reported-by: shithappens2016 on github
|
|
|
- Fixes #7345
|
|
|
- Closes #7346
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7656
|
|
|
|
|
|
-Jay Satiro (5 Jul 2021)
|
|
|
-- proto.d: fix formatting for paragraphs after margin changes
|
|
|
+- get.d: provide more useful examples
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7341
|
|
|
+ Closes #7668
|
|
|
|
|
|
-- pinnedpubkey.d: fix formatting for version support lists
|
|
|
+- page-header: add GOPHERS, simplify wording in the 1st para
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7340
|
|
|
+ Closes #7665
|
|
|
|
|
|
-Daniel Stenberg (2 Jul 2021)
|
|
|
-- TODO: "Support in-memory certs/ca certs/keys" done
|
|
|
+- connect: get local port + ip also when reusing connections
|
|
|
|
|
|
- Has been suppored for a while now with the *BLOB options.
|
|
|
-
|
|
|
-- examples: safer and more proper read callback logic
|
|
|
+ Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
|
|
|
+ (connection + easy handle), so this info needs be extracted again even
|
|
|
+ for re-used connections.
|
|
|
|
|
|
- The same callback code is used in:
|
|
|
+ Add test 435 to verify
|
|
|
|
|
|
- imap-append.c
|
|
|
- smtp-authzid.c
|
|
|
- smtp-mail.c
|
|
|
- smtp-multi.c
|
|
|
- smtp-ssl.c
|
|
|
- smtp-tls.c
|
|
|
+ Reported-by: Max Dymond
|
|
|
+ Fixes #7660
|
|
|
+ Closes #7662
|
|
|
+
|
|
|
+Marcel Raad (2 Sep 2021)
|
|
|
+- multi: fix compiler warning with `CURL_DISABLE_WAKEUP`
|
|
|
|
|
|
- It should not assume that it can copy full lines into the buffer as it
|
|
|
- will encourage sloppy coding practices. Instead use byte-wise logic and
|
|
|
- check/acknowledge the buffer size appropriately.
|
|
|
+ `use_wakeup` is unused in this case.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7330
|
|
|
- Closes #7331
|
|
|
+ Closes https://github.com/curl/curl/pull/7661
|
|
|
|
|
|
-- test1519: adjusted to work with hyper
|
|
|
+Daniel Stenberg (1 Sep 2021)
|
|
|
+- tests: adjust the tftpd output to work with hyper mode
|
|
|
|
|
|
- Closes #7333
|
|
|
-
|
|
|
-- test1518: adjusted to work with hyper
|
|
|
+ By making them look less like http headers, the hyper mode "tweak"
|
|
|
+ doesn't interfere.
|
|
|
|
|
|
- ... by making sure the stdout output doesn't look like HTTP headers.
|
|
|
+ Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated
|
|
|
+ but should be enabled).
|
|
|
|
|
|
- Closes #7333
|
|
|
+ Closes #7658
|
|
|
|
|
|
-- test1514: add a CRLF to the response to make it correct
|
|
|
-
|
|
|
- Makes hyper accept it fine instead returning HYPERE_UNEXPECTED_EOF on
|
|
|
- us.
|
|
|
-
|
|
|
- Closes #7334
|
|
|
+Daniel Gustafsson (1 Sep 2021)
|
|
|
+- [Gisle Vanem brought this change]
|
|
|
|
|
|
-- formdata: avoid "Argument cannot be negative" warning
|
|
|
+ openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA
|
|
|
|
|
|
- ... when converting a curl_off_t to size_t, by using
|
|
|
- CURL_ZERO_TERMINATED before passing the argument to the function.
|
|
|
+ This adds support for the previously unhandled supplemental data which
|
|
|
+ in -v output was printed like:
|
|
|
|
|
|
- Detected by Coverity CID 1486590.
|
|
|
+ TLSv1.2 (IN), TLS header, Unknown (23):
|
|
|
|
|
|
- Closes #7328
|
|
|
- Assisted-by: Daniel Gustafsson
|
|
|
-
|
|
|
-- lib: more %u for port and int for %*s fixes
|
|
|
+ These will now be printed with proper annotation:
|
|
|
|
|
|
- Detected by Coverity
|
|
|
+ TLSv1.2 (OUT), TLS header, Supplemental data (23):
|
|
|
|
|
|
- Closes #7329
|
|
|
-
|
|
|
-- doh: (void)-prefix call to curl_easy_setopt
|
|
|
+ Closes #7652
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-- lib: fix type of len passed to *printf's %*s
|
|
|
-
|
|
|
- ... it needs to be 'int'. Detected by Coverity CID 1486611 (etc)
|
|
|
+Daniel Stenberg (1 Sep 2021)
|
|
|
+- curl.1: provide examples for each option
|
|
|
|
|
|
- Closes #7326
|
|
|
-
|
|
|
-- lib: use %u instead of %ld for port number printf
|
|
|
+ The file format for each option now features a "Example:" header that
|
|
|
+ can provide one or more examples that get rendered appropriately in the
|
|
|
+ output. All options MUST have at least one example or gen.pl complains
|
|
|
+ at build-time.
|
|
|
|
|
|
- Follow-up to 764c6bd3bf which changed the type of some port number
|
|
|
- fields. Detected by Coverity (CID 1486624) etc.
|
|
|
+ This fix also does a few other minor format and consistency cleanups.
|
|
|
|
|
|
- Closes #7325
|
|
|
+ Closes #7654
|
|
|
|
|
|
-- version: turn version number functions into returning void
|
|
|
+- progress: make trspeed avoid floats
|
|
|
|
|
|
- ... as we never use the return codes from them.
|
|
|
+ and compiler warnings for data conversions.
|
|
|
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Closes #7319
|
|
|
+ Reported-by: Michał Antoniak
|
|
|
+ Fixes #7645
|
|
|
+ Closes #7653
|
|
|
|
|
|
-- mqtt: extend the error message for no topic
|
|
|
-
|
|
|
- ... and mention that it needs URL encoding.
|
|
|
-
|
|
|
- Reported-by: Peter Körner
|
|
|
- Fixes #7316
|
|
|
- Closes #7317
|
|
|
+- test365: verify response with chunked AND Content-Length headers
|
|
|
|
|
|
-- formdata: correct typecast in curl_mime_data call
|
|
|
-
|
|
|
- Coverity pointed out it the mismatch. CID 1486590
|
|
|
+- http: ignore content-length if any transfer-encoding is used
|
|
|
|
|
|
- Closes #7327
|
|
|
+ Fixes #7643
|
|
|
+ Closes #7649
|
|
|
|
|
|
-- url: (void)-prefix a curl_url_get() call
|
|
|
-
|
|
|
- Coverity (CID 1486645) pointed out a use of curl_url_get() in the
|
|
|
- parse_proxy function where the return code wasn't checked. A
|
|
|
- (void)-prefix makes the intention obvious.
|
|
|
-
|
|
|
- Closes #7320
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- glob: pass an 'int' as len when using printf's %*s
|
|
|
+- Revert "http2: skip immediate parsing of payload following protocol switch"
|
|
|
|
|
|
- Detected by Coverity CID 1486629.
|
|
|
+ This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb.
|
|
|
|
|
|
- Closes #7324
|
|
|
+ Reported-by: Tk Xiong
|
|
|
+ Fixes #7633
|
|
|
+ Closes #7648
|
|
|
|
|
|
-- vtls: use free() not curl_free()
|
|
|
-
|
|
|
- curl_free() is provided for users of the API to free returned data,
|
|
|
- there's no need to use it internally.
|
|
|
+- KNOWN_BUGS: HTTP/3 doesn't support client certs
|
|
|
|
|
|
- Closes #7318
|
|
|
+ Closes #7625
|
|
|
|
|
|
-- zuul: use the new rustls directory name
|
|
|
+- mailing lists: move from cool.haxx.se to lists.haxx.se
|
|
|
+
|
|
|
+- http_proxy: only wait for writable socket while sending request
|
|
|
|
|
|
- Follow-up to 6d972c8b1cbb3 which missed updating this directory name.
|
|
|
+ Otherwise it would wait socket writability even after the entire CONNECT
|
|
|
+ request has sent and make curl basically busy-loop while waiting for a
|
|
|
+ response to come back.
|
|
|
|
|
|
- Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1
|
|
|
+ The previous fix attempt in #7484 (c27a70a591a4) was inadequate.
|
|
|
|
|
|
- Closes #7311
|
|
|
+ Reported-by: zloi-user on github
|
|
|
+ Reported-by: Oleguer Llopart
|
|
|
+ Fixes #7589
|
|
|
+ Closes #7647
|
|
|
|
|
|
-Jay Satiro (29 Jun 2021)
|
|
|
-- http: fix crash in rate-limited upload
|
|
|
+- http: disallow >3-digit response codes
|
|
|
|
|
|
- - Don't set the size of the piece of data to send to the rate limit if
|
|
|
- that limit is larger than the buffer size that will hold the piece.
|
|
|
+ Make the built-in HTTP parser behave similar to hyper and reject any
|
|
|
+ HTTP response using more than 3 digits for the response code.
|
|
|
|
|
|
- Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
|
|
|
- (curl tool: --limit-rate) was set then it was possible that a temporary
|
|
|
- buffer used for uploading could be written to out of bounds. A likely
|
|
|
- scenario for this would be a non-trivial amount of post data combined
|
|
|
- with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).
|
|
|
+ Updated test 1432 accordingly.
|
|
|
+ Enabled test 1432 in the hyper builds.
|
|
|
|
|
|
- The bug was introduced in 24e469f which is in releases since 7.76.0.
|
|
|
+ Closes #7641
|
|
|
+
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
+
|
|
|
+ ngtcp2: stop buffering crypto data
|
|
|
|
|
|
- perl -e "print '0' x 200000" > tmp
|
|
|
- curl --limit-rate 128k -d @tmp httpbin.org/post
|
|
|
+ Stop buffering crypto data because libngtcp2 now buffers submitted
|
|
|
+ crypto data.
|
|
|
+
|
|
|
+ Closes #7637
|
|
|
+
|
|
|
+- test1280: CRLFify the response to please hyper
|
|
|
|
|
|
- Reported-by: Richard Marion
|
|
|
+ Closes #7639
|
|
|
+
|
|
|
+- tests: enable test 1129 for hyper builds
|
|
|
|
|
|
- Fixes https://github.com/curl/curl/issues/7308
|
|
|
- Closes https://github.com/curl/curl/pull/7315
|
|
|
+ Closes #7638
|
|
|
|
|
|
-Daniel Stenberg (29 Jun 2021)
|
|
|
-- copyright: add boiler-plate headers to CI config files
|
|
|
+- curl: better error message when -O fails to get a good name
|
|
|
|
|
|
- And whitelist .zuul.ignore
|
|
|
+ Due to how this currently works internally, it needs a working initial
|
|
|
+ file name to store contents in, so it may still fail even with -J is
|
|
|
+ used (and thus accepting a name from content-disposition:) if the file
|
|
|
+ name part of the URL isn't "good enough".
|
|
|
|
|
|
- Closes #7314
|
|
|
+ Fixes #7628
|
|
|
+ Closes #7635
|
|
|
|
|
|
-- CI: remove travis details
|
|
|
-
|
|
|
- Rename still used leftovers to "zuul" as that's now the CI using them.
|
|
|
+- curl_easy_setopt: tweak the string copy wording
|
|
|
|
|
|
- Closes #7313
|
|
|
+ Reported-by: Yaobin Wen
|
|
|
+ Fixes #7632
|
|
|
+ Closes #7634
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- openssl: avoid static variable for seed flag
|
|
|
+- [Don J Olmstead brought this change]
|
|
|
+
|
|
|
+ cmake: sync CURL_DISABLE options
|
|
|
|
|
|
- Avoid the race condition risk by instead storing the "seeded" flag in
|
|
|
- the multi handle. Modern OpenSSL versions handle the seeding itself so
|
|
|
- doing the seeding once per multi-handle instead of once per process is
|
|
|
- less of an issue.
|
|
|
+ Adds the full listing of CURL_DISABLE options to the CMake build. Moves
|
|
|
+ all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
|
|
|
+ resides near OpenSSL configuration, to the same block of code. Also
|
|
|
+ sorts the options here and in the cmake config header.
|
|
|
|
|
|
- Reported-by: Gerrit Renker
|
|
|
- Fixes #7296
|
|
|
- Closes #7306
|
|
|
+ Additionally sorted the CURL-DISABLE listing and fixed the
|
|
|
+ CURL_DISABLE_POP3 option.
|
|
|
+
|
|
|
+ Closes #7624
|
|
|
|
|
|
-- configure: inhibit the implicit-fallthrough warning on gcc-12
|
|
|
+Jay Satiro (25 Aug 2021)
|
|
|
+- KNOWN_BUGS: FTPS upload data loss with TLS 1.3
|
|
|
|
|
|
- ... since it no longer acknowledges the comment markup we use for that
|
|
|
- purpose.
|
|
|
+ Bug: https://github.com/curl/curl/issues/6149
|
|
|
+ Reported-by: Bylon2@users.noreply.github.com
|
|
|
|
|
|
- Reported-by: Younes El-karama
|
|
|
- Fixes #7295
|
|
|
- Closes #7307
|
|
|
+ Closes https://github.com/curl/curl/pull/7623
|
|
|
|
|
|
-Daniel Gustafsson (28 Jun 2021)
|
|
|
-- [Andrei Rybak brought this change]
|
|
|
+Daniel Stenberg (24 Aug 2021)
|
|
|
+- cmake: avoid poll() on macOS
|
|
|
+
|
|
|
+ ... like we do in configure builds. Since poll() on macOS is not
|
|
|
+ reliable enough.
|
|
|
+
|
|
|
+ Reported-by: marc-groundctl
|
|
|
+ Fixes #7595
|
|
|
+ Closes #7619
|
|
|
|
|
|
- misc: fix typos in comments which repeat a word
|
|
|
+- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
|
|
|
|
|
|
- Fix typos in code comments which repeat various words. In trivial
|
|
|
- cases, just delete the repeated word. Reword the affected sentence in
|
|
|
- "lib/url.c" for it to make sense.
|
|
|
+ Enable test 1074
|
|
|
|
|
|
- Closes #7303
|
|
|
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
+ Closes #7617
|
|
|
|
|
|
-Daniel Stenberg (27 Jun 2021)
|
|
|
-- lib677: make it survive torture testing
|
|
|
+- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
|
|
|
|
|
|
- Follow-up to a5ab72d5edd7
|
|
|
+ Enable test 1130 and 1131
|
|
|
|
|
|
- Closes #7300
|
|
|
+ Closes #7616
|
|
|
|
|
|
-- [Tommy Chiang brought this change]
|
|
|
+- [a1346054 brought this change]
|
|
|
|
|
|
- docs/BINDINGS: fix outdated links
|
|
|
+ tests: be explicit about using 'python3' instead of 'python'
|
|
|
|
|
|
- * luacurl page is now not accessible, fix it with wayback machine page
|
|
|
- * Scheme one seems not providing https now, change it back to http one
|
|
|
+ This fixes running tests in virtualenvs (or on distros) that no longer
|
|
|
+ have a symlink from python to python2 or python3.
|
|
|
|
|
|
- Closes #7301
|
|
|
+ Closes #7602
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [a1346054 brought this change]
|
|
|
|
|
|
- curstls: bump crustls version and use new URL
|
|
|
-
|
|
|
- crustls moved to https://github.com/rustls/rustls-ffi. This also bumps
|
|
|
- the expected version to 0.7.0.
|
|
|
+ scripts: invoke interpreters through /usr/bin/env
|
|
|
|
|
|
- Closes #7297
|
|
|
+ Closes #7602
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- DISABLED: enable 11 more tests for hyper builds
|
|
|
+
|
|
|
+ Closes #7612
|
|
|
|
|
|
-- examples: length-limit two sscanf() uses of %s
|
|
|
+- setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper
|
|
|
|
|
|
- Reported-by: Jishan Shaikh
|
|
|
- Fixes #7293
|
|
|
- Closes #7294
|
|
|
+ Since this option is also used for FTP, it needs to work to set for
|
|
|
+ applications even if hyper doesn't support it for HTTP. Verified by test
|
|
|
+ 1137.
|
|
|
+
|
|
|
+ Updated docs to specify that the option doesn't work for HTTP when using
|
|
|
+ the hyper backend.
|
|
|
+
|
|
|
+ Closes #7614
|
|
|
|
|
|
-- [Richard Whitehouse brought this change]
|
|
|
+- test1138: remove trailing space to make work with hyper
|
|
|
+
|
|
|
+ Closes #7613
|
|
|
|
|
|
- multi: alter transfer timeout ordering
|
|
|
+- libcurl-errors.3: clarify two CURLUcode errors
|
|
|
|
|
|
- - Check whether a connection has succeded before checking whether it's
|
|
|
- timed out.
|
|
|
+ CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or
|
|
|
+ wrong pointers in a generic sense, not just for NULL pointers.
|
|
|
|
|
|
- This means if we've connected quickly, but subsequently been
|
|
|
- descheduled, we allow the connection to succeed. Note, if we timeout,
|
|
|
- but between checking the timeout, and connecting to the server the
|
|
|
- connection succeeds, we will allow it to go ahead. This is viewed as
|
|
|
- an acceptable trade off.
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
|
|
|
- - Add additional failf logging around failed connection attempts to
|
|
|
- propogate the cause up to the caller.
|
|
|
+ Ref: #7605
|
|
|
+ Closes #7611
|
|
|
+
|
|
|
+Jay Satiro (23 Aug 2021)
|
|
|
+- symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version
|
|
|
|
|
|
- Co-Authored-by: Martin Howarth
|
|
|
- Closes #7178
|
|
|
+ ... and also change the 'Removed' column name to 'Last' since that
|
|
|
+ column is for the last version to contain the symbol.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7609
|
|
|
|
|
|
-- test677: IMAP CONNECT_ONLY, custom command and then exit
|
|
|
+Daniel Stenberg (23 Aug 2021)
|
|
|
+- urlapi.c:seturl: assert URL instead of using if-check
|
|
|
|
|
|
- Adjusted ftpserver.pl to add support for the IMAP IDLE command
|
|
|
+ There's no code flow possible where this can happen. The assert makes
|
|
|
+ sure it also won't be introduced undetected in the future.
|
|
|
|
|
|
- Adjusted test 660 to sync with the fix
|
|
|
+ Closes #7610
|
|
|
|
|
|
-- multi: do not switch off connect_only flag when closing
|
|
|
+- curl-openssl.m4: show correct output for OpenSSL v3
|
|
|
|
|
|
- ... as it made protocol specific disconnect commands wrongly get used.
|
|
|
+ Using 3.0.0 versions configure should now show this:
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0024.html
|
|
|
- Reported-by: Aleksander Mazur
|
|
|
- Closes #7288
|
|
|
+ checking for OpenSSL headers version... 3.0.0 - 0x300
|
|
|
+ checking for OpenSSL library version... 3.0.0
|
|
|
+ checking for OpenSSL headers and library versions matching... yes
|
|
|
+
|
|
|
+ This output doesn't actually change what configure generates but is only
|
|
|
+ "cosmetic".
|
|
|
+
|
|
|
+ Reported-by: Randall S. Becker
|
|
|
+ Fixes #7606
|
|
|
+ Closes #7608
|
|
|
|
|
|
-- http: make the haproxy support work with unix domain sockets
|
|
|
+Jay Satiro (22 Aug 2021)
|
|
|
+- mksymbolsmanpage.pl: Fix showing symbol's last used version
|
|
|
|
|
|
- ... it should then pass on "PROXY UNKNOWN" since it doesn't know the
|
|
|
- involved IP addresses.
|
|
|
+ Prior to this change the symbol's deprecated version was erroneously
|
|
|
+ shown as its last used version.
|
|
|
|
|
|
- Reported-by: Valentín Gutiérrez
|
|
|
- Fixes #7290
|
|
|
- Closes #7291
|
|
|
+ Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509
|
|
|
+ Reported-by: i-ky@users.noreply.github.com
|
|
|
|
|
|
-- [Xiang Xiao brought this change]
|
|
|
+Daniel Stenberg (21 Aug 2021)
|
|
|
+- mksymbolsmanpage.pl: match symbols case insenitively
|
|
|
+
|
|
|
+ Follow-up to 4e53b9430c750 which made this bug show.
|
|
|
+
|
|
|
+ Reported-by: i-ky
|
|
|
+ Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253
|
|
|
+ Closes #7607
|
|
|
|
|
|
- curl.h: include sys/select.h for NuttX RTOS
|
|
|
+- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results
|
|
|
|
|
|
- Closes #7287
|
|
|
+ As this leaks memory otherwise
|
|
|
+
|
|
|
+ Follow-up to ba904db0705c931
|
|
|
+
|
|
|
+ Closes #7599
|
|
|
|
|
|
-- [Bin Meng brought this change]
|
|
|
+- [Ehren Bendler brought this change]
|
|
|
|
|
|
- curl.h: remove the execution bit
|
|
|
+ wolfssl: clean up wolfcrypt error queue
|
|
|
|
|
|
- The execution bit of curl.h file was wrongly added:
|
|
|
+ If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
|
|
|
+ queue gets added on to for each session and never freed. Fix it by
|
|
|
+ calling ERR_clear_error() like in vtls/openssl when needed. This func is
|
|
|
+ a no-op in wolfcrypt if the error queue is not enabled.
|
|
|
|
|
|
- commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
+ Closes #7594
|
|
|
+
|
|
|
+- man pages: remove trailing whitespaces
|
|
|
|
|
|
- and should be removed.
|
|
|
+ Extended test 1173 (via the manpage-syntax.pl script) to detect and warn
|
|
|
+ for them.
|
|
|
|
|
|
- Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
- Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
|
|
|
- Closes #7286
|
|
|
+ Ref: #7602
|
|
|
+ Reported-by: a1346054 on github
|
|
|
+ Closes #7604
|
|
|
|
|
|
-- [Bin Lan brought this change]
|
|
|
+- mailmap: add Gleb Ivanovsky
|
|
|
|
|
|
- curl.h: <sys/select.h> is supported by VxWorks7
|
|
|
+- config.d: escape the backslash properly
|
|
|
|
|
|
- Closes #7285
|
|
|
+ Closes #7603
|
|
|
|
|
|
-- [Bachue Zhou brought this change]
|
|
|
+- [Don J Olmstead brought this change]
|
|
|
|
|
|
- quiche: use send() instead of sendto() to avoid macOS issue
|
|
|
+ curl_setup.h: sync values for HTTP_ONLY
|
|
|
|
|
|
- sendto() always returns "Socket is already connected" error on macos
|
|
|
+ The values for HTTP_ONLY differed between CMakeLists.txt and
|
|
|
+ curl_setup.h. Sync them and sort the values in curl_setup.h to make it
|
|
|
+ easier to spot differences.
|
|
|
|
|
|
- Closes #7260
|
|
|
-
|
|
|
-- [Li Xinwei brought this change]
|
|
|
+ Closes #7601
|
|
|
|
|
|
- cmake: fix support for UnixSockets feature on Win32
|
|
|
+Jay Satiro (21 Aug 2021)
|
|
|
+- configure: set classic mingw minimum OS version to XP
|
|
|
|
|
|
- Move the definition of sockaddr_un struct from config-win32.h to
|
|
|
- curl_setup.h, so that it could be shared by all build systems.
|
|
|
+ - If the user has not specified a minimum OS version (via WINVER or
|
|
|
+ _WIN32_WINNT macros) then set it to Windows XP.
|
|
|
|
|
|
- Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
|
|
|
- unix sockets.
|
|
|
+ Prior to this change classic MinGW defaulted the minimum OS version
|
|
|
+ to Windows NT 4.0 which is way too old. At least Windows XP is needed
|
|
|
+ for getaddrinfo (which resolves hostnames to IPv6 addresses).
|
|
|
|
|
|
- Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS
|
|
|
- is defined.
|
|
|
+ Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034
|
|
|
|
|
|
- Closes #7034
|
|
|
-
|
|
|
-- [Gregory Muchka brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7581
|
|
|
|
|
|
- hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
|
|
|
+- schannel: Work around typo in classic mingw macro
|
|
|
|
|
|
- From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A
|
|
|
- dictionary of key-value pairs that represent the current internet proxy
|
|
|
- settings, or NULL if no proxy settings have been defined or if an error
|
|
|
- occurred. You must release the returned value."
|
|
|
+ - Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH.
|
|
|
|
|
|
- Failure to release the returned value of SCDynamicStoreCopyProxies can
|
|
|
- result in a memory leak.
|
|
|
+ Prior to this change there was an incomplete fix to ignore the
|
|
|
+ CALG_TLS1PRF macro on those versions of MinGW where it uses the
|
|
|
+ ALG_CLASS_DHASH typoed macro.
|
|
|
|
|
|
- Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies
|
|
|
+ Ref: 48cf45c
|
|
|
+ Ref: https://osdn.net/projects/mingw/ticket/38391
|
|
|
+ Ref: https://github.com/curl/curl/issues/2924
|
|
|
|
|
|
- Closes #7265
|
|
|
+ Closes https://github.com/curl/curl/pull/7580
|
|
|
|
|
|
+Daniel Stenberg (20 Aug 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-Jay Satiro (21 Jun 2021)
|
|
|
-- vtls: fix warning due to function prototype mismatch
|
|
|
+- http_proxy: fix user-agent and custom headers for CONNECT with hyper
|
|
|
|
|
|
- b09c8ee changed the function prototype. Caught by Visual Studio.
|
|
|
-
|
|
|
-- curl_multibyte: Remove local encoding fallbacks
|
|
|
+ Enable test 287
|
|
|
|
|
|
- - If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then
|
|
|
- no longer fall back to assuming the string is in a local encoding.
|
|
|
+ Closes #7598
|
|
|
+
|
|
|
+- c-hyper: initial support for "dumping" 1xx HTTP responses
|
|
|
|
|
|
- Background:
|
|
|
+ With the use hyper_request_on_informational()
|
|
|
|
|
|
- Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to
|
|
|
- pass to the Windows CRT API wide-character functions since in Windows
|
|
|
- UTF-8 is not a valid locale (or at least 99% of the time right now).
|
|
|
+ Enable test 155 and 158
|
|
|
|
|
|
- Prior to this change if the Unicode encoding conversion failed then
|
|
|
- libcurl would assume, for backwards compatibility with applications that
|
|
|
- may have written their code for non-Unicode builds, attempt to convert
|
|
|
- the string from local encoding to UTF-16.
|
|
|
+ Closes #7597
|
|
|
+
|
|
|
+Marc Hoersken (18 Aug 2021)
|
|
|
+- tests/*server.pl: flush output before executing subprocess
|
|
|
|
|
|
- That type of "best effort" could theoretically cause some type of
|
|
|
- security or other problem if a string that was locally encoded was also
|
|
|
- valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion
|
|
|
- could occur.
|
|
|
+ Also avoid shell processes staying around by using exec.
|
|
|
+ This is necessary to avoid output data being buffering
|
|
|
+ inside the process chain of Perl, Bash/Shell and our
|
|
|
+ test server binaries. On non-Windows systems the exec
|
|
|
+ will also make the subprocess replace the intermediate
|
|
|
+ shell, but on Windows it will at least bind the processes
|
|
|
+ together since there is no real fork or exec available.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/7246
|
|
|
+ See: https://cygwin.com/cygwin-ug-net/highlights.html
|
|
|
+ and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions
|
|
|
+ Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7257
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Closes #7530
|
|
|
|
|
|
-Daniel Stenberg (20 Jun 2021)
|
|
|
-- curl_endian: remove the unused Curl_write64_le function
|
|
|
+- CI: use GitHub Container Registry instead of Docker Hub
|
|
|
|
|
|
- The last usage was removed in cca455a36
|
|
|
+ Avoid limits on Docker Hub and improve image pull/download speed.
|
|
|
|
|
|
- Closes #7280
|
|
|
+ Closes #7587
|
|
|
|
|
|
-- vtls: only store TIMER_APPCONNECT for non-proxy connect
|
|
|
+Daniel Stenberg (18 Aug 2021)
|
|
|
+- openssl: when creating a new context, there cannot be an old one
|
|
|
|
|
|
- Introducing a 'isproxy' argument to the connect function so that it
|
|
|
- knows wether to store the time stamp or not.
|
|
|
+ Remove the previous handling that would call SSL_CTX_free(), and instead
|
|
|
+ add an assert that halts a debug build if there ever is a context
|
|
|
+ already set at this point.
|
|
|
|
|
|
- Reported-by: Yongkang Huang
|
|
|
- Fixes #7274
|
|
|
- Closes #7274
|
|
|
+ Closes #7585
|
|
|
|
|
|
-- gnutls: set the preferred TLS versions in correct order
|
|
|
-
|
|
|
- Regression since 781864bedbc57 (curl 7.77.0)
|
|
|
+Jay Satiro (18 Aug 2021)
|
|
|
+- KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend
|
|
|
|
|
|
- Reported-by: civodul on github
|
|
|
- Assisted-by: Nikos Mavrogiannopoulos
|
|
|
- Fixes #7277
|
|
|
- Closes #7278
|
|
|
+ Closes https://github.com/curl/curl/issues/6785
|
|
|
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+Viktor Szakats (17 Aug 2021)
|
|
|
+- docs/BINDINGS: URL update
|
|
|
|
|
|
- configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r
|
|
|
+Marc Hoersken (17 Aug 2021)
|
|
|
+- tests/server/*.c: align handling of portfile argument and file
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r
|
|
|
+ 1. Call the internal variable portname (like pidname) everywhere.
|
|
|
+ 2. Have a variable wroteportfile (like wrotepidfile) everywhere.
|
|
|
+ 3. Make sure the file is cleaned up on exit (like pidfile).
|
|
|
+ 4. Add parameter --portfile to usage outputs everywhere.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove unused define HAVE_PERROR
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Replaces #7523
|
|
|
+ Closes #7574
|
|
|
|
|
|
- configure: remove unused check for gai_strerror
|
|
|
+Daniel Gustafsson (17 Aug 2021)
|
|
|
+- KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Fixes a set of typos found in section 11.3.
|
|
|
|
|
|
- configure/cmake: remove unused define HAVE_FREEIFADDRS
|
|
|
+Daniel Stenberg (17 Aug 2021)
|
|
|
+- getparameter: fix the --local-port number parser
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove unused define HAVE_FORK
|
|
|
+ It could previously get tricked into parsing the uninitialized stack
|
|
|
+ based buffer.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Reported-by: Brian Carpenter
|
|
|
+ Closes #7582
|
|
|
|
|
|
- configure/cmake: remove unused define HAVE_FDOPEN
|
|
|
+- KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit
|
|
|
|
|
|
- Closes #7276
|
|
|
+ Closes #7048
|
|
|
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+- [Jan Verbeek brought this change]
|
|
|
|
|
|
- configure/cmake: remove checks for unused sgtty.h
|
|
|
+ curl: add warning for ignored data after quoted form parameter
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove remaining checks for rsa.h
|
|
|
+ In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
|
|
|
+ is ignored. This adds a warning if the ignored data isn't all
|
|
|
+ whitespace.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
+ Closes #7394
|
|
|
|
|
|
- configure/cmake: remove remaining checks for err.h
|
|
|
+Jay Satiro (17 Aug 2021)
|
|
|
+- codeql: fix error "Resource not accessible by integration"
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove remaining checks for crypto.h
|
|
|
+ - Enable codeql writing security-events.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- [Gergely Nagy brought this change]
|
|
|
-
|
|
|
- configure/cmake: remove checks for unused getservbyport_r
|
|
|
+ GitHub set the default permissions to read, apparently since earlier
|
|
|
+ this year.
|
|
|
|
|
|
- Closes #7276
|
|
|
-
|
|
|
-- --socks4[a]: clarify where the host name is resolved
|
|
|
+ Ref: https://github.com/github/codeql-action/issues/464
|
|
|
+ Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
|
|
|
|
|
|
- Closes #7273
|
|
|
+ Fixes https://github.com/curl/curl/issues/7575
|
|
|
+ Closes https://github.com/curl/curl/pull/7576
|
|
|
|
|
|
-- libcurl-security.3: mention file descriptors and forks
|
|
|
+- tool_operate: Fix --fail-early with parallel transfers
|
|
|
|
|
|
- ... and move the security report section last.
|
|
|
+ - Abort via progress callback to fail early during parallel transfers.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #7270
|
|
|
+ When a critical error occurs during a transfer (eg --fail-early
|
|
|
+ constraint) then other running transfers will be aborted via progress
|
|
|
+ callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this
|
|
|
+ case, the callback error does not become the most recent error and a
|
|
|
+ custom error message is used for those transfers:
|
|
|
+
|
|
|
+ curld --fail --fail-early --parallel
|
|
|
+ https://httpbin.org/status/404 https://httpbin.org/delay/10
|
|
|
+
|
|
|
+ curl: (22) The requested URL returned error: 404
|
|
|
+ curl: (42) Transfer aborted due to critical error in another transfer
|
|
|
+
|
|
|
+ > echo %ERRORLEVEL%
|
|
|
+ 22
|
|
|
+
|
|
|
+ Fixes https://github.com/curl/curl/issues/6939
|
|
|
+ Closes https://github.com/curl/curl/pull/6984
|
|
|
|
|
|
-- [Alex Xu (Hello71) brought this change]
|
|
|
+Daniel Stenberg (17 Aug 2021)
|
|
|
+- [Sergey Markelov brought this change]
|
|
|
|
|
|
- configure.ac: make non-executable
|
|
|
-
|
|
|
- it needs to be processed by autoconf or autoreconf, and doesn't have a
|
|
|
- suitable shebang to be directly executed. other projects normally set
|
|
|
- configure.ac -x.
|
|
|
+ sectransp: support CURLINFO_CERTINFO
|
|
|
|
|
|
- Closes #7272
|
|
|
+ Fixes #4130
|
|
|
+ Closes #7372
|
|
|
|
|
|
-- configure: do not strip out debug flags
|
|
|
+- ngtcp2: remove the acked_crypto_offset struct field init
|
|
|
|
|
|
- To allow users to set them when invoking configure without using
|
|
|
- --with-debug.
|
|
|
+ ... as it is gone from the API upstream.
|
|
|
|
|
|
- Reported-by: Alex Xu
|
|
|
- Fixes #7216
|
|
|
- Closes #7267
|
|
|
+ Closes #7578
|
|
|
|
|
|
-- libssh2: limit time a disconnect can take to 1 second
|
|
|
+- misc: update incorrect copyright year ranges
|
|
|
|
|
|
- Closes #7271
|
|
|
+ Closes #7577
|
|
|
|
|
|
-- TLS: prevent shutdown loops to get stuck
|
|
|
+- KNOWN_BUGS: HTTP/3 quiche upload large file fails
|
|
|
|
|
|
- ... by making sure the loops are only allowed to read the shutdown
|
|
|
- traffic a limited number of times.
|
|
|
+ Closes #7532
|
|
|
+
|
|
|
+- KNOWN_BUGS: CMake build with MIT Kerberos does not work
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #7271
|
|
|
+ Closes #6904
|
|
|
+
|
|
|
+- TODO: add asynch getaddrinfo support
|
|
|
+
|
|
|
+ Closes #6746
|
|
|
+
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+- [Artur Sinila brought this change]
|
|
|
|
|
|
-- hyper: propagate errors back up from read callbacks
|
|
|
+ http2: revert call the handle-closed function correctly on closed stream
|
|
|
|
|
|
- Makes test 513 work with hyper
|
|
|
+ Reverts 252790c5335a221
|
|
|
|
|
|
- Closes #7266
|
|
|
+ Assisted-by: Gergely Nagy
|
|
|
+ Fixes #7400
|
|
|
+ Closes #7525
|
|
|
|
|
|
-- KNOWN_BUGS: Negotiate on Windows fails
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: do not append zero-terminator to authorisation id in kerberos
|
|
|
|
|
|
- Closes #5881
|
|
|
+ RFC4752 Section 3.1 states "The authorization identity is not terminated
|
|
|
+ with a zero-valued (%x00) octet". Although a comment in code said it may
|
|
|
+ be needed anyway, nothing confirms it. In addition, servers may consider
|
|
|
+ it as part of the identity, causing a failure.
|
|
|
+
|
|
|
+ Closes #7008
|
|
|
|
|
|
-- KNOWN_BUGS: renames instead of locking for atomic operations
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: use sasl authzid option in kerberos
|
|
|
|
|
|
- Closes #6882
|
|
|
- Closes #6884
|
|
|
+ ... instead of deriving it from active ticket.
|
|
|
+ Closes #7008
|
|
|
|
|
|
-- zuul: add two missing CI jobs
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: we do not support a security layer after kerberos authentication
|
|
|
|
|
|
- ... that were configured, just not run
|
|
|
+ Closes #7008
|
|
|
+
|
|
|
+- [Patrick Monnerat brought this change]
|
|
|
+
|
|
|
+ auth: properly handle byte order in kerberos security message
|
|
|
|
|
|
- Closes #7261
|
|
|
+ Closes #7008
|
|
|
|
|
|
-Viktor Szakats (15 Jun 2021)
|
|
|
-- idn: fix libidn2 with windows unicode builds
|
|
|
+- [z2_ brought this change]
|
|
|
+
|
|
|
+ x509asn1: fix heap over-read when parsing x509 certificates
|
|
|
|
|
|
- Unicode Windows builds use UTF-8 strings internally in libcurl,
|
|
|
- so make sure to call the UTF-8 flavour of the libidn2 API. Also
|
|
|
- document that Windows builds with libidn2 and UNICODE do expect
|
|
|
- CURLOPT_URL as an UTF-8 string.
|
|
|
+ Assisted-by: Patrick Monnerat
|
|
|
+ Closes #7536
|
|
|
+
|
|
|
+- KNOWN_BUGS: Disconnects don't do verbose
|
|
|
|
|
|
- Reported-by: dEajL3kA on github
|
|
|
- Assisted-by: Jay Satiro
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Closes #7246
|
|
|
- Fixes #7228
|
|
|
+ Closes #6995
|
|
|
|
|
|
-Daniel Stenberg (15 Jun 2021)
|
|
|
-- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
|
|
|
+- mailmap: fixup Michał Antoniak
|
|
|
+
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
+
|
|
|
+ build: fix compiler warnings
|
|
|
|
|
|
- They were never officially allowed and slipped in only due to sloppy
|
|
|
- parsing. Spaces (ascii 32) should be correctly encoded (to %20) before
|
|
|
- being part of a URL.
|
|
|
+ For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both
|
|
|
+ active.
|
|
|
|
|
|
- The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl
|
|
|
- allow spaces.
|
|
|
+ - socks.c : warning C4100: 'lineno': unreferenced formal parameter
|
|
|
+ (co-authored by Daniel Stenberg)
|
|
|
|
|
|
- Updated test 1560 to verify.
|
|
|
+ - mbedtls.c: warning C4189: 'port': local variable is initialized but
|
|
|
+ not referenced
|
|
|
|
|
|
- Closes #7073
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ - schannel.c: warning C4189: 'hostname': local variable is initialized
|
|
|
+ but not referenced
|
|
|
|
|
|
- ... and bump to version 7.78.0 for the next planned release.
|
|
|
+ Cloes #7528
|
|
|
|
|
|
-Jay Satiro (15 Jun 2021)
|
|
|
-- docs: Remove outdated curl tool limitation
|
|
|
-
|
|
|
- - Document that HTTP/2 multiplexing is supported by the curl tool when
|
|
|
- parallel transfers are used.
|
|
|
+- [Gleb Ivanovsky brought this change]
|
|
|
+
|
|
|
+ CODE_STYLE-md: fix bold font style
|
|
|
|
|
|
- Supported since 7.66.0 via --parallel, but the doc wasn't updated.
|
|
|
+ Markdown gets confused with abundance of asterisks, so use underscores
|
|
|
+ instead.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7259
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7569
|
|
|
|
|
|
-- http2: Clarify 'Using HTTP2' verbose message
|
|
|
-
|
|
|
- - Change phrasing from multi-use to multiplexing since the former may
|
|
|
- not be as well understood.
|
|
|
+- [Gleb Ivanovsky brought this change]
|
|
|
+
|
|
|
+ CODE_STYLE-md: add missing comma
|
|
|
|
|
|
- Before: * Using HTTP2, server supports multi-use
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7570
|
|
|
+
|
|
|
+- [Daniel Gustafsson brought this change]
|
|
|
+
|
|
|
+ examples/ephiperfifo.c: simplify signal handler
|
|
|
|
|
|
- After: * Using HTTP2, server supports multiplexing
|
|
|
+ The signal handler registered for SIGINT is only handling SIGINT
|
|
|
+ so there isn't much need for inspecting the signo. While there,
|
|
|
+ rename the handler to be more specific.
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/discussions/7255
|
|
|
- Reported-by: David Hu
|
|
|
+ g_should_exit should really be of sig_atomic_t type, but relying
|
|
|
+ on autoconf in the examples seems like a bad idea so keep that
|
|
|
+ for now.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7258
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7310
|
|
|
|
|
|
-Daniel Stenberg (14 Jun 2021)
|
|
|
-- winbuild/README: VC should be set to 6 'or larger'
|
|
|
+- c-hyper: initial step for 100-continue support
|
|
|
|
|
|
- Previously it listed all versions up to 15 (missing 16) but this new
|
|
|
- phrasing is more open ended.
|
|
|
+ Enabled test 154
|
|
|
|
|
|
- Reported-by: Hugh Macdonald
|
|
|
- Fixes #7253
|
|
|
- Closes #7254
|
|
|
+ Closes #7568
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Ikko Ashimine brought this change]
|
|
|
|
|
|
- rustls: remove native_roots fallback
|
|
|
-
|
|
|
- For the commandline tool, we expect to be passed
|
|
|
- SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of
|
|
|
- trusted roots (like in other TLS backends).
|
|
|
-
|
|
|
- This also removes a dependency on Security.framework when building on
|
|
|
- macOS.
|
|
|
+ vtls: fix typo in schannel_verify.c
|
|
|
|
|
|
- Closes #7250
|
|
|
-
|
|
|
-- [Albin Vass brought this change]
|
|
|
-
|
|
|
- travis: remove jobs that have migrated to zuul
|
|
|
+ occurence -> occurrence
|
|
|
|
|
|
- Closes #7245
|
|
|
+ Closes #7566
|
|
|
|
|
|
-- [Mohammed Naser brought this change]
|
|
|
+- [Emil Engler brought this change]
|
|
|
|
|
|
- CI: add jobs using Zuul
|
|
|
+ curl_url_get.3: clarify about path and query
|
|
|
|
|
|
- It also includes a few changes to get the builds going:
|
|
|
- - Added autoconf to common dependencies
|
|
|
- - Added automake to common dependencies
|
|
|
- - Added libtool to common dependencies
|
|
|
- - Added libssl-dev to common dependencies
|
|
|
+ The current man-page lacks some details regarding the obtained path and
|
|
|
+ query.
|
|
|
|
|
|
- Co-authored-by: Albin Vass
|
|
|
+ Closes #7563
|
|
|
+
|
|
|
+- c-hyper: fix header value passed to debug callback
|
|
|
|
|
|
- Closes #7245
|
|
|
+ Closes #7567
|
|
|
|
|
|
-- netrc: skip 'macdef' definitions
|
|
|
+Viktor Szakats (12 Aug 2021)
|
|
|
+- cleanup: URL updates
|
|
|
|
|
|
- Add test 494 to verify
|
|
|
+ - replace broken URL with the one it was most probably pointing to
|
|
|
+ when added (lib/tftp.c)
|
|
|
+ - replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
|
|
|
+ - delete unnecessary protocol designator from archive.org URL
|
|
|
+ (docs/BINDINGS.md)
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7238
|
|
|
- Closes #7244
|
|
|
+ Closes #7562
|
|
|
|
|
|
-- multi: add scan-build-6 work-around in curl_multi_fdset
|
|
|
-
|
|
|
- scan-build-6 otherwise warns, saying: warning: The left operand of '>='
|
|
|
- is a garbage value otherwise, which is false.
|
|
|
+Daniel Stenberg (12 Aug 2021)
|
|
|
+- [April King brought this change]
|
|
|
+
|
|
|
+ DEPRECATE.md: linkify curl-library mailing list
|
|
|
|
|
|
- Later scan-builds don't claim this on the same code.
|
|
|
+ Closes #7561
|
|
|
+
|
|
|
+- [Barry Pollard brought this change]
|
|
|
+
|
|
|
+ output.d: add method to suppress response bodies
|
|
|
|
|
|
- Closes #7248
|
|
|
+ Closes #7560
|
|
|
|
|
|
-- asyn-ares: remove check for 'data' in Curl_resolver_cancel
|
|
|
+- TODO: remove 'c-ares deviates on http://1346569778'
|
|
|
|
|
|
- It implied it would survive a NULL in there which it won't. Instead do
|
|
|
- an assert.
|
|
|
+ Fixed since 56a037cc0ad1b2 (7.77.0)
|
|
|
+
|
|
|
+- [Colin O'Dell brought this change]
|
|
|
+
|
|
|
+ BINDINGS.md: update links to use https where available
|
|
|
|
|
|
- Pointed out by scan-build.
|
|
|
+ Closes #7558
|
|
|
+
|
|
|
+- asyn-ares.c: move all version number checks to the top
|
|
|
|
|
|
- Closes #7248
|
|
|
+ ... and use #ifdef [feature] in the code as per our guidelines.
|
|
|
|
|
|
-- url.c: remove two variable assigns that are never read
|
|
|
+- ares: use ares_getaddrinfo()
|
|
|
|
|
|
- Pointed out by scan-build
|
|
|
+ ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced
|
|
|
+ in version 1.16.0.
|
|
|
|
|
|
- Closes #7248
|
|
|
+ With older c-ares versions, curl invokes ares_gethostbyname() twice - once for
|
|
|
+ IPv4 and once for IPv6 to resolve both addresses, and then combines the
|
|
|
+ returned results.
|
|
|
+
|
|
|
+ Reported-by: jjandesmet
|
|
|
+ Fixes #7364
|
|
|
+ Closes #7552
|
|
|
|
|
|
-- [Gealber Morales brought this change]
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
- mqtt: add support for username and password
|
|
|
-
|
|
|
- Minor-edits-by: Daniel Stenberg
|
|
|
- Added test 2200 to 2205
|
|
|
+ ngtcp2: utilize crypto API functions to simplify
|
|
|
|
|
|
- Closes #7243
|
|
|
+ Closes #7551
|
|
|
+
|
|
|
+- [megatronking brought this change]
|
|
|
|
|
|
-- travis: remove the arm job
|
|
|
+ ngtcp2: reset the oustanding send buffer again when drained
|
|
|
|
|
|
- We do it on circle CI instead
|
|
|
+ Closes #7538
|
|
|
|
|
|
-- CI: add .circleci/config.yml
|
|
|
+Michael Kaufmann (10 Aug 2021)
|
|
|
+- progress: fix a compile warning on some systems
|
|
|
|
|
|
- Assisted-by: Gabriel Simmer
|
|
|
+ lib/progress.c:380:40: warning: conversion to 'long double' from
|
|
|
+ 'curl_off_t {aka long long int}' may alter its value [-Wconversion]
|
|
|
|
|
|
- Closes #7239
|
|
|
+ Closes #7549
|
|
|
|
|
|
+Daniel Stenberg (10 Aug 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- runtests: init $VERSION to avoid warnings when using -l
|
|
|
-
|
|
|
-- openssl: don't remove session id entry in disassociate
|
|
|
+- http: consider cookies over localhost to be secure
|
|
|
|
|
|
- When a connection is disassociated from a transfer, the Session ID entry
|
|
|
- should remain.
|
|
|
+ Updated test31.
|
|
|
+ Added test 392 to verify secure cookies used for http://localhost
|
|
|
|
|
|
- Regression since 7f4a9a9 (shipped in libcurl 7.77.0)
|
|
|
- Reported-by: Gergely Nagy
|
|
|
- Reported-by: Paul Groke
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Fixes #6733
|
|
|
+ Closes #7263
|
|
|
+
|
|
|
+- TODO: erase secrets from heap/stack after use
|
|
|
|
|
|
- Fixes #7222
|
|
|
- Closes #7230
|
|
|
+ Closes #7268
|
|
|
|
|
|
-- single_transfer: ignore blank --output-dir
|
|
|
+Jay Satiro (10 Aug 2021)
|
|
|
+- hostip: Make Curl_ipv6works function independent of getaddrinfo
|
|
|
+
|
|
|
+ - Do not assume IPv6 is not working when getaddrinfo is not present.
|
|
|
|
|
|
- ... as otherwise it creates a rather unexpected target directory with a
|
|
|
- leading slash.
|
|
|
+ The check to see if IPv6 actually works is now independent of whether
|
|
|
+ there is any resolver that can potentially resolve a hostname to IPv6.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7218
|
|
|
- Closes #7233
|
|
|
-
|
|
|
-- tests: update README about servers and port numbers
|
|
|
+ Prior to this change if getaddrinfo() was not found at compile time then
|
|
|
+ Curl_ipv6works() would be defined as a macro that returns FALSE.
|
|
|
|
|
|
- Closes #7242
|
|
|
-
|
|
|
-- conn_shutdown: if closed during CONNECT cleanup properly
|
|
|
+ When getaddrinfo is not found then libcurl is built with CURLRES_IPV4
|
|
|
+ defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups
|
|
|
+ in the traditional way. With this commit if libcurl is built with IPv6
|
|
|
+ support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the
|
|
|
+ IPv6 stack is actually working, then it is possible for libcurl to
|
|
|
+ resolve IPv6 addresses by using DoH.
|
|
|
|
|
|
- Reported-by: Alex Xu
|
|
|
- Reported-by: Phil E. Taylor
|
|
|
+ Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
|
|
|
|
|
|
- Fixes #7236
|
|
|
- Closes #7237
|
|
|
-
|
|
|
-- [Christian Weisgerber brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7529
|
|
|
|
|
|
- sws: malloc request struct instead of using stack
|
|
|
+- test1565: fix windows build errors
|
|
|
|
|
|
- ... 2MB requests is otherwise just too big for some systems.
|
|
|
+ - Use our wait_ms() instead of sleep() since Windows doesn't have the
|
|
|
+ latter.
|
|
|
|
|
|
- (The allocations are not freed properly.)
|
|
|
+ - Use a separate variable to keep track of whether the pthread_t thread
|
|
|
+ id is valid.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0018.html
|
|
|
+ On Windows pthread_t is not an integer type. pthread offers no macro for
|
|
|
+ invalid pthread_t thread id, so validity is kept track of separately.
|
|
|
|
|
|
- Closes #7235
|
|
|
+ Closes https://github.com/curl/curl/pull/7527
|
|
|
|
|
|
-- [Mark Swaanenburg brought this change]
|
|
|
+- [Jeremy Falcon brought this change]
|
|
|
|
|
|
- lib: don't compare fd to FD_SETSIZE when using poll
|
|
|
-
|
|
|
- FD_SETSIZE is irrelevant when using poll. So ensuring that the file
|
|
|
- descriptor is smaller than FD_SETSIZE in VALID_SOCK, can cause
|
|
|
- multi_wait to ignore perfectly valid file descriptors and simply wait
|
|
|
- for 1s to avoid hammering the CPU in a busy loop.
|
|
|
+ winbuild/README.md: clarify GEN_PDB option
|
|
|
|
|
|
- Fixes #7240
|
|
|
- Closes #7241
|
|
|
-
|
|
|
-- [zhangxiuhua brought this change]
|
|
|
-
|
|
|
- doh: fix wrong DEBUGASSERT for doh private_data
|
|
|
+ - Document that GEN_PDB option creates an external database.
|
|
|
|
|
|
- Closes #7227
|
|
|
+ Ref: https://github.com/curl/curl/issues/7502
|
|
|
|
|
|
-- [yb999 brought this change]
|
|
|
+Daniel Stenberg (9 Aug 2021)
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
- tests: update README.md with a missing single quote
|
|
|
+ ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
|
|
|
|
|
|
- Closes #7231
|
|
|
+ Closes #7546
|
|
|
|
|
|
-- GHA: run all tests for hyper too
|
|
|
-
|
|
|
- As it lists disabled ones in DISABLED now
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
-- tests/data/DISABLED: add tests not working with hyper
|
|
|
+ ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
|
|
|
|
|
|
- The goal is to remove them all from here over time.
|
|
|
+ Rework the return value handling of ngtcp2_conn_writev_stream and treat
|
|
|
+ NGTCP2_ERR_STREAM_SHUT_WR separately.
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes #7546
|
|
|
|
|
|
-- runtests: also find the last test in Makefile.inc
|
|
|
+- configure: error out if both ngtcp2 and quiche are specified
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Reported-by: Vincent Grande
|
|
|
+ See #7539
|
|
|
+ Closes #7545
|
|
|
|
|
|
-- test3010: work with hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Jeff Mears brought this change]
|
|
|
|
|
|
-- configure: disable RTSP when hyper is selected
|
|
|
-
|
|
|
- Makes test 1013 work
|
|
|
+ easy: use a custom implementation of wcsdup on Windows
|
|
|
|
|
|
- Closes #7209
|
|
|
-
|
|
|
-- test1594/1595/1596: fix to work in hyper mode
|
|
|
+ ... so that malloc/free overrides from curl_global_init are used for
|
|
|
+ wcsdup correctly.
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes #7540
|
|
|
|
|
|
-- test1438/1457: add HTTP keyword to make hyper mode work
|
|
|
+- zuul: add an mbedtls3 CI job
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes #7544
|
|
|
|
|
|
-- test1340/1341: adjusted for hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Benau brought this change]
|
|
|
|
|
|
-- test1218: adjusted for hyper mode
|
|
|
+ mbedTLS: initial 3.0.0 support
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes #7428
|
|
|
|
|
|
-- test1216: adjusted for hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
-- test1230: adjust to work in hyper mode
|
|
|
+- configure.ac: revert bad nghttp2 library detection improvements
|
|
|
|
|
|
- Closes #7209
|
|
|
-
|
|
|
-- c-hyper: abort CONNECT response reading early on non 2xx responses
|
|
|
+ This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b.
|
|
|
|
|
|
- Fixes test 493
|
|
|
+ The logic is now back to assuming that the nghttp2 lib is called nghttp2 and
|
|
|
+ nothing else.
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Reported-by: Rui Pinheiro
|
|
|
+ Reported-by: Alex Crichton
|
|
|
+ Fixes #7514
|
|
|
+ Closes #7515
|
|
|
|
|
|
-- test434: add HTTP keyword
|
|
|
+- happy-eyeballs-timeout-ms.d: polish the wording
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Reported-by: Josh Soref
|
|
|
+ Fixes #7433
|
|
|
+ Closes #7542
|
|
|
|
|
|
-- test599: adjusted to work in hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [modbw brought this change]
|
|
|
|
|
|
-- c-hyper: fix the uploaded field in progress callbacks
|
|
|
-
|
|
|
- Makes test 578 work
|
|
|
+ mbedtls_threadlock: fix unused variable warning
|
|
|
|
|
|
- Closes #7209
|
|
|
+ Closes #7393
|
|
|
|
|
|
-- test566: adjust to work with hyper mode
|
|
|
-
|
|
|
- Closes #7209
|
|
|
+- [Tatsuhiro Tsujikawa brought this change]
|
|
|
|
|
|
-- [Fawad Mirza brought this change]
|
|
|
+ ngtcp2: compile with the latest ngtcp2 and nghttp3
|
|
|
+
|
|
|
+ Closes #7541
|
|
|
|
|
|
- CURLOPT_WRITEFUNCTION.3: minor update of the example
|
|
|
+Marc Hoersken (31 Jul 2021)
|
|
|
+- CI/cirrus: reduce compile time with increased parallism
|
|
|
|
|
|
- Safely avoid chunk.size garbage value if declared non globally.
|
|
|
+ Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds.
|
|
|
|
|
|
- Closes #7219
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7505
|
|
|
|
|
|
-- [Bastian Krause brought this change]
|
|
|
+Daniel Stenberg (30 Jul 2021)
|
|
|
+- [Bin Lan brought this change]
|
|
|
|
|
|
- configure: rename get-easy-option configure option to get-easy-options
|
|
|
+ tool/tests: fix potential year 2038 issues
|
|
|
|
|
|
- "get-easy-options" is the configure option advertised by the help text
|
|
|
- anyway, so use that.
|
|
|
+ The length of 'long' in a 32-bit system is 32 bits, which cannot be used
|
|
|
+ to save timestamps after 2038. Most operating systems have extended
|
|
|
+ time_t to 64 bits.
|
|
|
|
|
|
- Fixes #7211
|
|
|
- Closes #7213
|
|
|
+ Remove the castings to long.
|
|
|
|
|
|
- Follow-up to ad691b191 ("configure: added --disable-get-easy-options")
|
|
|
- Suggested-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
- Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
|
|
+ Closes #7466
|
|
|
|
|
|
-- runtests: skip disabled tests unless -f is used
|
|
|
-
|
|
|
- To make it easier to write ranges like '115 to 229' without that
|
|
|
- explicitly enabling tests that are listed in DISABLED, this makes
|
|
|
- runtests always skip disabled tests unless the -f command line option is
|
|
|
- used.
|
|
|
+- compressed.d: it's a request, not an order
|
|
|
|
|
|
- Previously the code attempted to not run such tests, but didn't do it
|
|
|
- correctly.
|
|
|
+ Clarified
|
|
|
|
|
|
- Closes #7212
|
|
|
+ Reported-by: Dan Jacobson
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Fixes #7516
|
|
|
+ Closes #7517
|
|
|
|
|
|
-- [Jun-ya Kato brought this change]
|
|
|
+- [Bernhard M. Wiedemann brought this change]
|
|
|
|
|
|
- ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
|
|
|
-
|
|
|
- The latest GnuTLS-3.7.2 implements disable switch for TLSv1.3 compatible
|
|
|
- mode for middle box but it is enabled by default, which is unnecessary
|
|
|
- for QUIC.
|
|
|
+ tests: make three tests pass until 2037
|
|
|
|
|
|
- Fixes #6896
|
|
|
- Closes #7202
|
|
|
-
|
|
|
-- test644: remove as duplicate of test 587
|
|
|
+ after 2038 something in test1915 fails on 32-bit OSes
|
|
|
|
|
|
- Closes #7208
|
|
|
-
|
|
|
-Daniel Gustafsson (8 Jun 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes #7512
|
|
|
|
|
|
-- cookies: track expiration in jar to optimize removals
|
|
|
+Daniel Gustafsson (30 Jul 2021)
|
|
|
+- connect: remove superfluous conditional
|
|
|
|
|
|
- Removing expired cookies needs to be a fast operation since we want to
|
|
|
- be able to perform it often and speculatively. By tracking the timestamp
|
|
|
- of the next known expiration we can exit early in case the timestamp is
|
|
|
- in the future.
|
|
|
+ Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos,
|
|
|
+ but the move left a conditional on ai which no longer is needed as
|
|
|
+ the while loop reevaluation will cover it.
|
|
|
|
|
|
- Closes: #7172
|
|
|
+ Closes #7511
|
|
|
+ Reviewed-by: Carlo Marcelo Arenas Belón
|
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-Daniel Stenberg (7 Jun 2021)
|
|
|
-- GHA: add several libcurl tests to the hyper job
|
|
|
-
|
|
|
- 500 to 512
|
|
|
-
|
|
|
-- test500: adjust to work with hyper mode
|
|
|
-
|
|
|
-- c-hyper: support CURLINFO_STARTTRANSFER_TIME
|
|
|
+Daniel Stenberg (29 Jul 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Closes #7204
|
|
|
+ and bump curlver to 7.79.0 for next release
|
|
|
|
|
|
-- c-hyper: support CURLOPT_HEADER
|
|
|
-
|
|
|
- When enabled, the headers are passed to the body write callback as well.
|
|
|
+Marc Hoersken (29 Jul 2021)
|
|
|
+- tests/*server.py: remove pidfile on server termination
|
|
|
|
|
|
- Like in test 500
|
|
|
+ Avoid pidfile leaking/laying around after server already exited.
|
|
|
|
|
|
- Closes #7204
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+ Closes #7506
|
|
|
|
|
|
-- GHA: run the newly fixed tests with hyper
|
|
|
+Daniel Gustafsson (27 Jul 2021)
|
|
|
+- tool_main: fix typo in comment
|
|
|
|
|
|
- Closes #7205
|
|
|
+ The referred to library is NSPR, so fix the switched around characters.
|
|
|
|
|
|
-- test433: adjust for hyper mode
|
|
|
-
|
|
|
- Closes #7205
|
|
|
+Daniel Stenberg (28 Jul 2021)
|
|
|
+- [Aleksandr Krotov brought this change]
|
|
|
|
|
|
-- test395: hyper cannot work around > 64 bit content-lengths like built-in
|
|
|
+ bearssl: support CURLOPT_CAINFO_BLOB
|
|
|
|
|
|
- Closes #7205
|
|
|
+ Closes #7468
|
|
|
|
|
|
-- test394: hyper returns a different error
|
|
|
+- curl.1: mention "global" flags
|
|
|
|
|
|
- Closes #7205
|
|
|
-
|
|
|
-- test393: make Content-Length fit within 64 bit for hyper
|
|
|
+ Mention options that are "global". A global command line option is one
|
|
|
+ that doesn't get reset at --next uses and therefore don't need to be
|
|
|
+ used again.
|
|
|
|
|
|
- Closes #7205
|
|
|
-
|
|
|
-- test347: CRLFify to work in hyper mode
|
|
|
+ Reported-by: Josh Soref
|
|
|
|
|
|
- Closes #7205
|
|
|
+ Fixes #7457
|
|
|
+ Closes #7510
|
|
|
|
|
|
-- test339: CRLFify better to work in hyper mode
|
|
|
+- CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited
|
|
|
|
|
|
- Closes #7205
|
|
|
-
|
|
|
-- travis: remove the hyper build
|
|
|
+ Reported-by: Daniel Woelfel
|
|
|
+ Fixes #7441
|
|
|
+ Closes #7509
|
|
|
|
|
|
-- GHA: add a linux-hyper job
|
|
|
+- KNOWN_BUGS: add more HTTP/3 problems
|
|
|
|
|
|
- Closes #7206
|
|
|
+ Closes #7351
|
|
|
+ Closes #7339
|
|
|
+ Closes #7125
|
|
|
|
|
|
-- test328: avoid a header-looking body to make hyper mode work
|
|
|
+Marc Hoersken (27 Jul 2021)
|
|
|
+- CI/azure: reduce compile time with increased parallism
|
|
|
|
|
|
- The test still works the same, just modified two bytes in the content.
|
|
|
+ Azure Pipelines CI VMs have 2 CPUs, let's use them.
|
|
|
|
|
|
- Closes #7203
|
|
|
+ Closes #7489
|
|
|
|
|
|
-- release-notes.pl: also spot common 'closes' typo
|
|
|
+Jay Satiro (27 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- metalink: remove
|
|
|
-
|
|
|
- Warning: this will make existing curl command lines that use metalink to
|
|
|
- stop working.
|
|
|
-
|
|
|
- Reasons for removal:
|
|
|
-
|
|
|
- 1. We've found several security problems and issues involving the
|
|
|
- metalink support in curl. The issues are not detailed here. When
|
|
|
- working on those, it become apparent to the team that several of the
|
|
|
- problems are due to the system design, metalink library API and what
|
|
|
- the metalink RFC says. They are very hard to fix on the curl side
|
|
|
- only.
|
|
|
+ docs: fix grammar
|
|
|
|
|
|
- 2. The metalink usage with curl was only very briefly documented and was
|
|
|
- not following the "normal" curl usage pattern in several ways, making
|
|
|
- it surprising and non-intuitive which could lead to further security
|
|
|
- issues.
|
|
|
+ Fixes https://github.com/curl/curl/issues/7444
|
|
|
+ Fixes https://github.com/curl/curl/issues/7451
|
|
|
+ Fixes https://github.com/curl/curl/issues/7465
|
|
|
+ Closes https://github.com/curl/curl/pull/7495
|
|
|
+
|
|
|
+- mail-rcpt.d: fix grammar
|
|
|
|
|
|
- 3. The metalink library was last updated 6 years ago and wasn't so
|
|
|
- active the years before that either. An unmaintained library means
|
|
|
- there's a security problem waiting to happen. This is probably reason
|
|
|
- enough.
|
|
|
+ Remove confusing sentence that says to specify an e-mail address for
|
|
|
+ mail transfer, since that's implied.
|
|
|
|
|
|
- 4. Metalink requires an XML parsing library, which is complex code (even
|
|
|
- the smaller alternatives) and to this day often gets security
|
|
|
- updates.
|
|
|
+ Reported-by: Josh Soref
|
|
|
|
|
|
- 5. Metalink is not a widely used curl feature. In the 2020 curl user
|
|
|
- survey, only 1.4% of the responders said that they'd are using it. In
|
|
|
- 2021 that number was 1.2%. Searching the web also show very few
|
|
|
- traces of it being used, even with other tools.
|
|
|
+ Fixes https://github.com/curl/curl/issues/7452
|
|
|
+ Closes https://github.com/curl/curl/pull/7495
|
|
|
+
|
|
|
+Daniel Stenberg (27 Jul 2021)
|
|
|
+- c-hyper: remove the hyper_executor_poll() loop from Curl_http
|
|
|
|
|
|
- 6. The torrent format and associated technology clearly won for
|
|
|
- downloading large files from multiple sources in parallel.
|
|
|
+ 1. it's superfluous
|
|
|
+ 2. it didn't work identically to the Curl_hyper_stream one which could
|
|
|
+ cause problems like #7486
|
|
|
|
|
|
- Cloes #7176
|
|
|
+ Pointed-out-by: David Cook
|
|
|
+ Closes #7499
|
|
|
|
|
|
-- docs/INSTALL: remove mentions of configure --with-darwin-ssl
|
|
|
-
|
|
|
- ... as it isn't supported since a while back.
|
|
|
+- curl-openssl.m4: check lib64 for the pkg-config file
|
|
|
|
|
|
- Make configure fail with a warning if used.
|
|
|
+ OpenSSL recently started putting the libs in $prefix/lib64 on 'make
|
|
|
+ install', so we check that directory for pkg-config data if the 'lib'
|
|
|
+ check fails.
|
|
|
|
|
|
- Reported-by: Vadim Grinshpun
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0008.html
|
|
|
- Closes #7200
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- [Gregor Jasny brought this change]
|
|
|
+ Closes #7503
|
|
|
|
|
|
- cmake: Avoid leaking absolute paths into exported config
|
|
|
-
|
|
|
- The `find_libarary` command resolves the library or framework
|
|
|
- into an absolute path. In case of system frameworks which are
|
|
|
- located within an Xcode-provided SDK this results in the Xcode
|
|
|
- path and SDK version being part of the library path.
|
|
|
+- CURLOPT_SSL_CTX_*.3: tidy up the example
|
|
|
|
|
|
- Because those library paths end up in the exported CMake config
|
|
|
- importing curl will fail once the Xcode location or SDK version
|
|
|
- changes:
|
|
|
+ Use the proper code style. Don't store return codes that aren't read.
|
|
|
+ Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well.
|
|
|
|
|
|
- ```cmake
|
|
|
- set_target_properties(CURL::libcurl PROPERTIES
|
|
|
- INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
|
|
|
- INTERFACE_LINK_LIBRARIES "lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB"
|
|
|
- )
|
|
|
- ```
|
|
|
+ Closes #7500
|
|
|
+
|
|
|
+- example/cookie_interface: fix scan-build printf warning
|
|
|
|
|
|
- A work-around is to link against system-level frameworks with
|
|
|
- `-framework XYZ`. In case of `SystemConfiguration` we might be able
|
|
|
- to omit the lookup-check because we could assume the framework is
|
|
|
- always present.
|
|
|
+ Follow-up to 4b79c4fb565
|
|
|
|
|
|
- Closes #7152
|
|
|
+ Fixes #7497
|
|
|
+ Closes #7498
|
|
|
|
|
|
-- [Shikha Sharma brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- http2_connisdead: handle trailing GOAWAY better
|
|
|
-
|
|
|
- When checking the connection the input processing returns error
|
|
|
- immediately, we now consider that a dead connnection.
|
|
|
+ limit-rate.d: clarify base unit
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0001.html
|
|
|
- Closes #7192
|
|
|
+ Fixes #7439
|
|
|
+ Closes #7494
|
|
|
|
|
|
-- [Dmitry Karpov brought this change]
|
|
|
+- [Carlo Marcelo Arenas Belón brought this change]
|
|
|
|
|
|
- ares: always store IPv6 addresses first
|
|
|
-
|
|
|
- Trying dual-stack on some embedded platform, I noticed that quite
|
|
|
- frequently (20%) libCurl starts from IPv4 regardless the Happy Eyeballs
|
|
|
- timeout value. After debugging this issue, I noticed that this happens
|
|
|
- if c-ares resolver response for IPv6 family comes before IPv4 (which was
|
|
|
- randomly happening in my tests).
|
|
|
+ examples/cookie_interface: avoid printfing time_t directly
|
|
|
|
|
|
- In such cases, because libCurl puts the last resolver response on top of
|
|
|
- the address list, when IPv4 resolver response comes after IPv6 one - the
|
|
|
- IPv4 family starts the connection phase instead of IPv6 family.
|
|
|
+ time_t representation is undefined and varies on bitsize and signedness,
|
|
|
+ and as of C11 could be even non integer.
|
|
|
|
|
|
- The solution for this issue is to always put IPv6 addresses on top of
|
|
|
- the address list, regardless the order of resolver responses.
|
|
|
+ instead of casting to unsigned long (which would truncate in systems
|
|
|
+ with a 32bit long after 2106) use difftime to get the elapsed time as a
|
|
|
+ double and print that (without decimals) instead.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-06/0003.html
|
|
|
+ alternatively a cast to curl_off_t and its corresponding print
|
|
|
+ formatting could have been used (at least in POSIX) but portability and
|
|
|
+ curl agnostic code was prioritized.
|
|
|
|
|
|
- Closes #7188
|
|
|
+ Closes #7490
|
|
|
|
|
|
-- Revert "Revert "socketpair: fix potential hangs""
|
|
|
-
|
|
|
- This reverts commit 3e70c3430a370a31eff2c1d8fea29edaca8f1127.
|
|
|
-
|
|
|
- Thus brings back the change from #7144 as was originally landed in
|
|
|
- c769d1eab4de8b
|
|
|
+Marc Hoersken (25 Jul 2021)
|
|
|
+- tests/servers: remove obsolete pid variable
|
|
|
|
|
|
- Closes #7144 (again)
|
|
|
-
|
|
|
-- [Ebe Janchivdorj brought this change]
|
|
|
-
|
|
|
- schannel: move code out of SChannel_connect_step1
|
|
|
+ Variable is not used since pidfile handling moved to util.[ch]
|
|
|
|
|
|
- Reviewed-by: Marc Hoersken
|
|
|
- Closes #7168
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Closes #7482
|
|
|
|
|
|
-- tests/data/Makefile.inc: error: trailing backslash on last line
|
|
|
+- tests/servers: use our platform-aware pid for server verification
|
|
|
|
|
|
- Follow-up to d8dcb399b8009d
|
|
|
-
|
|
|
-- TODO: Support rate-limiting for MQTT
|
|
|
-
|
|
|
-- [Dmitry Kostjuchenko brought this change]
|
|
|
-
|
|
|
- warnless: simplify type size handling
|
|
|
+ The pid used for server verification is later stored as pid2 in
|
|
|
+ the hash of running test servers and therefore used for shutdown.
|
|
|
|
|
|
- By using sizeof(T), existing defines and relying on the compiler to
|
|
|
- define the required signed/unsigned mask.
|
|
|
+ The pid used for shutdown must be the platform-aware (Win32) pid
|
|
|
+ to avoid leaking test servers while running them using Cygwin/msys.
|
|
|
|
|
|
- Closes #7181
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Closes #7481
|
|
|
|
|
|
-Gisle Vanem (4 Jun 2021)
|
|
|
-- [Win32] Fix for USE_WATT32
|
|
|
+- tests/runtests.pl: cleanup copy&paste mistakes and unused code
|
|
|
|
|
|
- My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()`
|
|
|
+ Reviewed-by: Jay Satiro
|
|
|
+ Part of #7481
|
|
|
|
|
|
-Daniel Stenberg (4 Jun 2021)
|
|
|
-- [Alexis Vachette brought this change]
|
|
|
+Daniel Stenberg (25 Jul 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
+
|
|
|
+ bumped to 7.78.1 for next release
|
|
|
|
|
|
- url: bad CURLOPT_CONNECT_TO syntax now returns error
|
|
|
+- http_proxy: clear 'sending' when the outgoing request is sent
|
|
|
+
|
|
|
+ ... so that Curl_connect_getsock() will know how to wait for the socket
|
|
|
+ to become readable and not writable after the entire CONNECT request has
|
|
|
+ been issued.
|
|
|
|
|
|
- Added test 3020 to verify
|
|
|
+ Regression added in 7.77.0
|
|
|
|
|
|
- Closes #7183
|
|
|
+ Reported-by: zloi-user on github
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+ Fixes #7155
|
|
|
+ Closes #7484
|
|
|
|
|
|
-- github: remove the cmake macOS gcc-8 jobs
|
|
|
-
|
|
|
- They're too similar to the gcc-9 ones to be useful (and seems to not
|
|
|
- work anymore).
|
|
|
-
|
|
|
- Closes #7187
|
|
|
+Jay Satiro (25 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- test269: disable for hyper
|
|
|
-
|
|
|
- --ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work
|
|
|
- with hyper.
|
|
|
+ openssl: fix grammar
|
|
|
|
|
|
- Closes #7184
|
|
|
+ Closes https://github.com/curl/curl/pull/7480
|
|
|
|
|
|
-- runtests: enable 'hyper mode' only for HTTP tests
|
|
|
+- configure.ac: tweak nghttp2 library name fix again
|
|
|
|
|
|
- The 'hyper mode' makes line-ending checks work in the test suite for
|
|
|
- when hyper is used. Now it also requires that HTTP or HTTPS are
|
|
|
- mentioned as keywords to be enabled so that it doesn't wrongly adjusts
|
|
|
- tests for other protocols.
|
|
|
+ - Change extraction to handle multiple library names returned by
|
|
|
+ pkg-config (eg a possible scenario with pkg-config --static).
|
|
|
|
|
|
- This makes test 271 (TFTP) work again in hyper enabled builds.
|
|
|
+ Ref: https://github.com/curl/curl/pull/7472
|
|
|
|
|
|
- Closes #7185
|
|
|
-
|
|
|
-- [Alexis Vachette brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7485
|
|
|
|
|
|
- hostip: bad CURLOPT_RESOLVE syntax now returns error
|
|
|
+Dan Fandrich (23 Jul 2021)
|
|
|
+- Get rid of the unused HAVE_SIG_ATOMIC_T et. al.
|
|
|
|
|
|
- Added test 3019
|
|
|
- Fixes #7170
|
|
|
- Closes #7174
|
|
|
+ It was added in 2006 but I see no evidence it was ever used.
|
|
|
|
|
|
-Daniel Gustafsson (3 Jun 2021)
|
|
|
-- cookies: fix typo and expand comment
|
|
|
+Jay Satiro (23 Jul 2021)
|
|
|
+- docs: change max-filesize caveat again
|
|
|
|
|
|
- Fix a typo in the sorting comment, and while in there elaborate slightly
|
|
|
- on why creationtime can be used as a tiebreaker.
|
|
|
-
|
|
|
-- cookies: remove unused header
|
|
|
+ - Add protocols field to max-filesize.d.
|
|
|
|
|
|
- Commit 1c1d9f1affbd3367bcb24062e261d0ea5d185e3a removed the last use
|
|
|
- for the inet_pton.h headerfile, this removes the inclusion of the
|
|
|
- header.
|
|
|
+ - Revert wording on unknown file size caveat and do not discuss specific
|
|
|
+ protocols in that section.
|
|
|
|
|
|
- Closes: #7182
|
|
|
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
-
|
|
|
-Daniel Stenberg (3 Jun 2021)
|
|
|
-- Revert "socketpair: fix potential hangs"
|
|
|
+ Partial revert of ecf0225. All max-filesize options now have the list of
|
|
|
+ protocols and it's clearer just to have that list without discussing
|
|
|
+ specific protocols in the caveat.
|
|
|
|
|
|
- This reverts commit c769d1eab4de8b9f1bd84d992c63692fdc43c5be.
|
|
|
+ Reported-by: Josh Soref
|
|
|
|
|
|
- See #7144 for details
|
|
|
+ Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762
|
|
|
|
|
|
-- [Paul Groke brought this change]
|
|
|
+Daniel Stenberg (22 Jul 2021)
|
|
|
+- [Christian Weisgerber brought this change]
|
|
|
|
|
|
- socketpair: fix potential hangs
|
|
|
-
|
|
|
- Fixes potential hang in accept by using select + non-blocking accept.
|
|
|
-
|
|
|
- Fixes potential hang in peer check by replacing the send/recv check with
|
|
|
- a getsockname/getpeername check.
|
|
|
-
|
|
|
- Adds length check for returned sockaddr data.
|
|
|
+ configure: tweak nghttp2 library name fix
|
|
|
|
|
|
- Closes #7144
|
|
|
-
|
|
|
-- runtests: parse data/Makefile.inc instead of using make
|
|
|
+ commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by
|
|
|
+ assuming that LIB_H2 does not have any leading whitespace. At least
|
|
|
+ OpenBSD's native pkg-config can produce such whitespace, though:
|
|
|
|
|
|
- The warning about missing entries in that file then doesn't require that
|
|
|
- the Makefile has been regenerated which was confusing.
|
|
|
+ $ pkg-config --libs-only-l libnghttp2
|
|
|
+ -lnghttp2
|
|
|
|
|
|
- The scan for the test num is a little more error prone than before
|
|
|
- (since now it doesn't actually verify that it is legitimate Makefile
|
|
|
- syntax), but I think it is good enough.
|
|
|
+ As a result, the configure check for libnghttp2 will erroneously fail.
|
|
|
|
|
|
- Closes #7177
|
|
|
+ Bug: https://curl.se/mail/lib-2021-07/0050.html
|
|
|
+ Closes #7472
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Bastian Krause brought this change]
|
|
|
|
|
|
- filecheck: quietly remove test-place/*~
|
|
|
+ docs/MQTT: update state of username/password support
|
|
|
|
|
|
- Closes #7179
|
|
|
-
|
|
|
-- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
|
|
|
+ PR #7243 implemented username/password support for MQTT, so let's drop
|
|
|
+ these items from the caveats.
|
|
|
|
|
|
- For options that pass in lists or strings that are subsequently parsed
|
|
|
- and must be correct. This broadens the scope for the option previously
|
|
|
- known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still
|
|
|
- provided as a #define for existing applications.
|
|
|
+ Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
|
|
|
|
|
- Closes #7175
|
|
|
+ Closes #7474
|
|
|
|
|
|
-- tests: fix Accept-Encoding strips to work with Hyper builds
|
|
|
-
|
|
|
- The previous strip also removed the CR which turned problematic.
|
|
|
-
|
|
|
- valgrind.supp: add zstd suppression using hyper
|
|
|
-
|
|
|
- Reported-and-analyzed-by: Kevin Burke
|
|
|
- Fixes #7169
|
|
|
- Closes #7171
|
|
|
+- [Oleg Pudeyev brought this change]
|
|
|
|
|
|
-- github: timeout jobs on macOS after 90 minutes
|
|
|
+ CURLMOPT_TIMERFUNCTION.3: remove misplaced "time"
|
|
|
|
|
|
- Assisted-by: Marc Hoersken
|
|
|
- Closes #7173
|
|
|
+ Closes #7470
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+Version 7.78.0 (21 Jul 2021)
|
|
|
|
|
|
- mqtt: detect illegal and too large file size
|
|
|
+Daniel Stenberg (21 Jul 2021)
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- Add test 3017 and 3018 to verify.
|
|
|
- Closes #7166
|
|
|
+ curl 7.78.0 release
|
|
|
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- winbuild/MakefileBuild.vc: bump copyright year
|
|
|
|
|
|
- cmake: add CURL_DISABLE_NTLM option
|
|
|
+Jay Satiro (21 Jul 2021)
|
|
|
+- docs: mention max-filesize options also apply to MQTT transfers
|
|
|
+
|
|
|
+ Also make it clearer that the caveat 'if the file size is unknown it
|
|
|
+ the option will have no effect' may apply to protocols other than FTP
|
|
|
+ and HTTP.
|
|
|
+
|
|
|
+ Reported-by: Josh Soref
|
|
|
|
|
|
- Closes #7028
|
|
|
+ Fixes https://github.com/curl/curl/issues/7453
|
|
|
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- configure: add --disable-ntlm option
|
|
|
-
|
|
|
- Closes #7028
|
|
|
+ docs/cmdline: fix grammar and typos
|
|
|
|
|
|
-- [Abhinav Singh brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- define: re-add CURL_DISABLE_NTLM and corresponding ifdefs
|
|
|
+ dump-header.d: Drop suggestion to use for cookie storage
|
|
|
+
|
|
|
+ Since --cookie-jar is the preferred way to store cookies, no longer
|
|
|
+ suggest using --dump-header to do so.
|
|
|
|
|
|
- This flag will be further exposed by adding build options.
|
|
|
+ Co-authored-by: Daniel Stenberg
|
|
|
|
|
|
- Reverts #6809
|
|
|
- Closes #7028
|
|
|
+ Closes https://github.com/curl/curl/issues/7414
|
|
|
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-Viktor Szakats (1 Jun 2021)
|
|
|
-- travis: delete --enable-hsts option (it is the default now) [ci skip]
|
|
|
+ doc/cmdline: fix grammar and typos
|
|
|
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7167
|
|
|
+ Closes https://github.com/curl/curl/pull/7454
|
|
|
+ Closes https://github.com/curl/curl/pull/7455
|
|
|
+ Closes https://github.com/curl/curl/pull/7456
|
|
|
+ Closes https://github.com/curl/curl/pull/7459
|
|
|
+ Closes https://github.com/curl/curl/pull/7460
|
|
|
+ Closes https://github.com/curl/curl/pull/7461
|
|
|
+ Closes https://github.com/curl/curl/pull/7462
|
|
|
+ Closes https://github.com/curl/curl/pull/7463
|
|
|
|
|
|
-Daniel Stenberg (1 Jun 2021)
|
|
|
-- hostip: fix 3 coverity complaints
|
|
|
-
|
|
|
- Follow-up to 1a0ebf6632f889eed
|
|
|
-
|
|
|
- - Check the return code to Curl_inet_pton() in two instances, even
|
|
|
- though we know the input is valid so the functions won't fail.
|
|
|
+Daniel Stenberg (20 Jul 2021)
|
|
|
+- vtls: fix connection reuse checks for issuer cert and case sensitivity
|
|
|
|
|
|
- - Clear the 'struct sockaddr_in' struct before use so that the
|
|
|
- 'sin_zero' field isn't left uninitialized.
|
|
|
+ CVE-2021-22924
|
|
|
|
|
|
- Detected by Coverity.
|
|
|
- Assisted-by: Harry Sintonen
|
|
|
- Closes #7163
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22924.html
|
|
|
|
|
|
-- c-hyper: fix NTLM on closed connection tested with test159
|
|
|
+- sectransp: check for client certs by name first, then file
|
|
|
|
|
|
- Closes #7154
|
|
|
-
|
|
|
-- conncache: lowercase the hash key for better match
|
|
|
+ CVE-2021-22926
|
|
|
|
|
|
- As host names are case insensitive, the use of case sensitive hashing
|
|
|
- caused unnecesary cache misses and therefore lost performance. This
|
|
|
- lowercases the hash key.
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22926.html
|
|
|
|
|
|
+ Assisted-by: Daniel Gustafsson
|
|
|
Reported-by: Harry Sintonen
|
|
|
- Fixes #7159
|
|
|
- Closes #7161
|
|
|
|
|
|
-- mbedtls: make mbedtls_strerror always work
|
|
|
+- telnet: fix option parser to not send uninitialized contents
|
|
|
|
|
|
- If the function doesn't exist, provide a macro that just clears the
|
|
|
- error message. Removes #ifdef uses from the code.
|
|
|
+ CVS-2021-22925
|
|
|
|
|
|
- Closes #7162
|
|
|
+ Reported-by: Red Hat Product Security
|
|
|
+ Bug: https://curl.se/docs/CVE-2021-22925.html
|
|
|
|
|
|
-- vtls: exit addsessionid if no cache is inited
|
|
|
+Jay Satiro (20 Jul 2021)
|
|
|
+- connect: fix wrong format specifier in connect error string
|
|
|
|
|
|
- Follow-up to b249592d29ae0
|
|
|
+ 0842175 (not in any release) used the wrong format specifier (long int)
|
|
|
+ for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
|
|
|
+ 64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
|
|
|
+ upper 32-bits of the timediff_t were erroneously then used by the next
|
|
|
+ format specifier. Usually since the timeout isn't larger than 32-bits
|
|
|
+ this would result in null as a pointer to the string with the reason for
|
|
|
+ the connection failing. On other OSes or maybe other compilers it could
|
|
|
+ probably result in garbage values (ie crash on deref).
|
|
|
|
|
|
- Avoids NULL pointer derefs.
|
|
|
+ Before:
|
|
|
+ Failed to connect to localhost port 12345 after 1201 ms: (nil)
|
|
|
|
|
|
- Closes #7165
|
|
|
-
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
-
|
|
|
- Curl_ntlm_core_mk_nt_hash: fix OOM in error path
|
|
|
+ After:
|
|
|
+ Failed to connect to localhost port 12345 after 1203 ms: Connection refused
|
|
|
|
|
|
- Closes #7164
|
|
|
+ Closes https://github.com/curl/curl/pull/7449
|
|
|
|
|
|
-Michael Kaufmann (1 Jun 2021)
|
|
|
-- ssl: read pending close notify alert before closing the connection
|
|
|
-
|
|
|
- This avoids a TCP reset (RST) if the server initiates a connection
|
|
|
- shutdown by sending an SSL close notify alert and then closes the TCP
|
|
|
- connection.
|
|
|
+- winbuild: support alternate nghttp2 static lib name
|
|
|
|
|
|
- For SSL connections, usually the server announces that it will close the
|
|
|
- connection with an SSL close notify alert. curl should read this alert.
|
|
|
- If curl does not read this alert and just closes the connection, some
|
|
|
- operating systems close the TCP connection with an RST flag.
|
|
|
+ - Support both nghttp2.lib and nghttp2_static.lib for static nghttp2.
|
|
|
|
|
|
- See RFC 1122, section 4.2.2.13
|
|
|
+ nghttp2 briefly changed its static lib name to nghttp2_static, but then
|
|
|
+ made the _static suffix optional.
|
|
|
|
|
|
- If curl reads the close notify alert, the TCP connection is closed
|
|
|
- normally with a FIN flag.
|
|
|
+ Ref: https://github.com/nghttp2/nghttp2/pull/1394
|
|
|
+ Ref: https://github.com/nghttp2/nghttp2/pull/1418
|
|
|
+ Ref: https://github.com/nghttp2/nghttp2/issues/1466
|
|
|
|
|
|
- The new code is similar to existing code in the "SSL shutdown" function:
|
|
|
- try to read an alert (non-blocking), and ignore any read errors.
|
|
|
+ Reported-by: Pierre Yager
|
|
|
|
|
|
- Closes #7095
|
|
|
+ Fixes https://github.com/curl/curl/issues/7446
|
|
|
+ Closes https://github.com/curl/curl/pull/7447
|
|
|
|
|
|
-Daniel Stenberg (1 Jun 2021)
|
|
|
-- [Laurent Dufresne brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- setopt: fix incorrect comments
|
|
|
+ docs/cmdline: fix grammar and typos
|
|
|
|
|
|
- Closes #7157
|
|
|
+ Closes https://github.com/curl/curl/pull/7432
|
|
|
+ Closes https://github.com/curl/curl/pull/7436
|
|
|
+ Closes https://github.com/curl/curl/pull/7438
|
|
|
+ Closes https://github.com/curl/curl/pull/7440
|
|
|
+ Closes https://github.com/curl/curl/pull/7445
|
|
|
|
|
|
-- [Laurent Dufresne brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- mbedtls: add support for cert and key blob options
|
|
|
-
|
|
|
- CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with
|
|
|
- mbedtls backend, so the support was added.
|
|
|
+ delegation.d: mention what happens when used multiple times
|
|
|
|
|
|
- Closes #7157
|
|
|
+ Closes https://github.com/curl/curl/pull/7408
|
|
|
|
|
|
-- [Gregor Jasny brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- cmake: try well-known send/recv signature for Apple
|
|
|
-
|
|
|
- The CMake `try_compile` command is especially slow for
|
|
|
- the Xcode generator. With this patch applied it first tests
|
|
|
- for the currently used (and Open Group specified) send/recv
|
|
|
- signature. In case this fails testing falls-back to the
|
|
|
- permutations.
|
|
|
-
|
|
|
- speed-up:
|
|
|
-
|
|
|
- ```
|
|
|
- time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
|
|
|
- before: 11.64s user 11.09s system 55% cpu 40.754 total
|
|
|
- after: 7.84s user 6.57s system 51% cpu 28.074 total
|
|
|
- ```
|
|
|
-
|
|
|
- ```
|
|
|
- time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
|
|
|
- before: 217.07s user 104.15s system 60% cpu 8:51.79 total
|
|
|
- after: 108.76s user 51.80s system 58% cpu 4:32.58 total
|
|
|
- ```
|
|
|
+ create-file-mode.d: mention what happens when used multiple times
|
|
|
|
|
|
- Closes #7158
|
|
|
+ Closes https://github.com/curl/curl/pull/7407
|
|
|
|
|
|
-- http2: init recvbuf struct for pushed streams
|
|
|
-
|
|
|
- Debug builds would warn that these structs were not initialized properly
|
|
|
- for pushed streams.
|
|
|
-
|
|
|
- Ref: #7148
|
|
|
- Closes #7153
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
-- Curl_ssl_getsessionid: fail if no session cache exists
|
|
|
-
|
|
|
- This function might get called for an easy handle for which the session
|
|
|
- cache hasn't been setup. It now just returns a "miss" in that case.
|
|
|
+ config.d: split comments and option-per line
|
|
|
|
|
|
- Reported-by: Christoph M. Becker
|
|
|
- Fixes #7148
|
|
|
- Closes #7153
|
|
|
+ Closes https://github.com/curl/curl/pull/7405
|
|
|
|
|
|
-- GOVERNANCE: add 'user', 'committer' and 'contributor'
|
|
|
-
|
|
|
- As those are commonly used terms in the project.
|
|
|
-
|
|
|
- Closes #7151
|
|
|
+Daniel Stenberg (19 Jul 2021)
|
|
|
+- misc: copyright year range updates
|
|
|
|
|
|
-- URL-SYNTAX.md: document the new 'localhost' treatment
|
|
|
+- mailmap: add Tobias and Timur
|
|
|
|
|
|
-- hostip: make 'localhost' return fixed values
|
|
|
-
|
|
|
- Resolving the case insensitive host name 'localhost' now returns the
|
|
|
- addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any
|
|
|
- resolver.
|
|
|
+Daniel Gustafsson (18 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
+
|
|
|
+ docs: spell out directories instead of dirs in create-dirs
|
|
|
|
|
|
- This removes the risk that users accidentally resolves 'localhost' to
|
|
|
- something else. By making sure 'localhost' is always local, we can
|
|
|
- assume a "secure context" for such transfers (for cookies etc).
|
|
|
+ Write out directories rather than using the dirs abbrevation. Also
|
|
|
+ use plural form consistently, even if the code in the end might just
|
|
|
+ create a single directory.
|
|
|
|
|
|
- Closes #7039
|
|
|
+ Closes #7406
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-Daniel Gustafsson (31 May 2021)
|
|
|
-- docs: fix typos
|
|
|
+- [Tobias Nyholm brought this change]
|
|
|
|
|
|
-Daniel Stenberg (30 May 2021)
|
|
|
-- hsts: ignore numberical IP address hosts
|
|
|
+ docs: correct spelling errors and a broken link
|
|
|
|
|
|
- Also, use a single function library-wide for detecting if a given hostname is
|
|
|
- a numerical IP address.
|
|
|
+ Update grammar and spelling in docs and source code comments.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Fixes #7146
|
|
|
- Closes #7149
|
|
|
+ Closes: #7427
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-- test178: adjust for hyper
|
|
|
+Marc Hoersken (18 Jul 2021)
|
|
|
+- CI/cirrus: install impacket from PyPI instead of FreeBSD packages
|
|
|
|
|
|
- Hyper returns the same error for wrong HTTP version as for negative
|
|
|
- content-length. Test 178 verifies that negative content-length is
|
|
|
- rejected but the hyper backend will return a different error for it (and
|
|
|
- without any helpful message telling why the message was bad). It will
|
|
|
- also not return any headers at all for the response, not even the ones
|
|
|
- that arrived before the error.
|
|
|
+ Availability of impacket as FreeBSD package is too flaky.
|
|
|
|
|
|
- Closes #7147
|
|
|
-
|
|
|
-- HYPER: remove mentions of deprecated development branch
|
|
|
-
|
|
|
-- c-hyper: handle NULL from hyper_buf_copy()
|
|
|
+ Stick to legacy version of cryptography which still
|
|
|
+ supports OpenSSL version 1.0.2 due to FreeBSD 11.
|
|
|
|
|
|
- Closes #7143
|
|
|
-
|
|
|
-- HSTS: not experimental anymore
|
|
|
+ Reviewed-by: Daniel Stenberg
|
|
|
+
|
|
|
+ Closes #7418
|
|
|
|
|
|
-- [Douglas R. Reno brought this change]
|
|
|
+Daniel Stenberg (18 Jul 2021)
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- INSTALL: use correct extension for CURL-DISABLE.md
|
|
|
+ docs/cmdline: mention what happens when used multiple times
|
|
|
|
|
|
- In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of
|
|
|
- CURL-DISABLE.md. This generates a 404 on the cURL website as well as
|
|
|
- when viewing the docs through Github.
|
|
|
+ For --dns-ipv4-addr, --dns-ipv6-addr and --dns-servers
|
|
|
|
|
|
- Closes #7142
|
|
|
+ Closes #7410
|
|
|
+ Closes #7411
|
|
|
+ Closes #7412
|
|
|
|
|
|
-- travis: run tests 1 - 153 with hyper
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
-- c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
|
|
|
+ lib: fix compiler warnings with CURL_DISABLE_NETRC
|
|
|
|
|
|
- Makes test 129 work (HTTP/1.2 response).
|
|
|
+ warning C4189: 'netrc_user_changed': local variable is initialized but
|
|
|
+ not referenced
|
|
|
|
|
|
- Closes #7141
|
|
|
-
|
|
|
-- http_proxy: deal with non-200 CONNECT response with Hyper
|
|
|
+ warning C4189: 'netrc_passwd_changed': local variable is initialized but
|
|
|
+ not referenced
|
|
|
|
|
|
- Makes test 94 and 95 work
|
|
|
+ Closes #7423
|
|
|
+
|
|
|
+- disable-epsv.d: remove duplicate "(FTP)"
|
|
|
|
|
|
- Closes #7141
|
|
|
+ ... since the tooling adds that to the output based on the "Protocols:"
|
|
|
+ tag.
|
|
|
|
|
|
-- c-hyper: clear NTLM auth buffer when request is issued
|
|
|
+- [Max Zettlmeißl brought this change]
|
|
|
+
|
|
|
+ docs: make the documentation for --etag-save match the program behaviour
|
|
|
+
|
|
|
+ When using curl with the option `--etag-save` I expected it to save the
|
|
|
+ ETag without its surrounding quotes, as stated by the documentation in
|
|
|
+ the repository and by the generated man pages.
|
|
|
|
|
|
- To prevent previous ones to get reused on subsequent requests. Matches
|
|
|
- how the built-in HTTP code works. Makes test 90 to 93 work.
|
|
|
+ My first endeavour was to fix the program, but while investigating the
|
|
|
+ history of the relevant parts, I discovered that curl once saved the
|
|
|
+ ETag without the quotes. This was undone by Daniel Stenberg in commit
|
|
|
+ `98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in
|
|
|
+ this case the documentation should be adjusted to match the behaviour of
|
|
|
+ curl.
|
|
|
|
|
|
- Add test 90 to 93 in travis.
|
|
|
+ The changed save behaviour also made parts of the `--etag-compare`
|
|
|
+ documentation wrong or superfluous, so I adjusted those accordingly.
|
|
|
|
|
|
- Closes #7139
|
|
|
+ Closes #7429
|
|
|
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- schannel: set ALPN length correctly for HTTP/2
|
|
|
-
|
|
|
- In a3268eca792f1 this code was changed to use the ALPN_H2 constant
|
|
|
- instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are
|
|
|
- not the same. The nghttp2 constant included the length of the string,
|
|
|
- like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need
|
|
|
- to re-add the length of the string to the ALPN buffer.
|
|
|
+ write-out.d: add missing periods
|
|
|
|
|
|
- Closes #7138
|
|
|
+ Closes #7404
|
|
|
|
|
|
-- travis: run tests 1-89 in the hyper build
|
|
|
-
|
|
|
- Closes #7137
|
|
|
+- [Josie Huddleston brought this change]
|
|
|
|
|
|
-- Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
|
|
|
+ easy: during upkeep, attach Curl_easy to connections in the cache
|
|
|
+
|
|
|
+ During the protocol-specific parts of connection upkeep, some code
|
|
|
+ assumes that the data->conn pointer already is set correctly. However,
|
|
|
+ there's currently no guarantee of that in the code.
|
|
|
|
|
|
- This reverts commit c3eefa95c31f55657f0af422e8268d738f689066.
|
|
|
+ This fix temporarily attaches each connection to the Curl_easy object
|
|
|
+ before performing the protocol-specific connection check on it, in a
|
|
|
+ similar manner to the connection checking in extract_if_dead().
|
|
|
|
|
|
- Reported-by: Kevin Burke
|
|
|
- Fixes #7122
|
|
|
- Closes #7136
|
|
|
+ Fixes #7386
|
|
|
+ Closes #7387
|
|
|
+ Reported-by: Josie Huddleston
|
|
|
|
|
|
-- [Jon Rumsey brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- ccsidcurl: fix the compile errors
|
|
|
+ cleanup: spell DoH with a lowercase o
|
|
|
|
|
|
- Looks like the declaration of cpp shoule be const char ** and return
|
|
|
- null if convert_version_info_string fails.
|
|
|
+ Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
|
|
|
|
|
- Fixes #7134
|
|
|
- Closes #7135
|
|
|
+ Closes #7413
|
|
|
|
|
|
-- [Viktor Szakats brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- docs: use --max-redirs instead of --max-redir
|
|
|
+ TheArtOfHttpScripting: polish
|
|
|
|
|
|
- For consistency.
|
|
|
+ - add missing backticks and comma
|
|
|
|
|
|
- Closes #7130
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ - fix proxy description:
|
|
|
|
|
|
- ... and bump to 7.77.1
|
|
|
-
|
|
|
-- [Michael Forney brought this change]
|
|
|
-
|
|
|
- travis: add bearssl build
|
|
|
+ * example proxy isn't local
|
|
|
+ * locally doesn't really make sense
|
|
|
|
|
|
- Closes #7133
|
|
|
+ Closes #7416
|
|
|
|
|
|
-- [Michael Forney brought this change]
|
|
|
+- [Josh Soref brought this change]
|
|
|
|
|
|
- bearssl: explicitly initialize all fields of Curl_ssl
|
|
|
-
|
|
|
- Also, add comments like the other vtls backends.
|
|
|
+ form.d: add examples of `,`/`;` for file[name]
|
|
|
|
|
|
- Closes #7133
|
|
|
+ Fixes #7415
|
|
|
+ Closes #7417
|
|
|
|
|
|
-- [Michael Forney brought this change]
|
|
|
+- [Michał Antoniak brought this change]
|
|
|
|
|
|
- bearssl: remove incorrect const on variable that is modified
|
|
|
+ mbedtls: Remove unnecessary include
|
|
|
|
|
|
- hostname may be set to NULL later on in this function if it is an
|
|
|
- IP address.
|
|
|
+ - curl_setup.h: all references to mbedtls_md4* functions and structures
|
|
|
+ are in the md4.c. This file already includes the <mbedtls/md4.h> file
|
|
|
+ along with the file existence control (defined (MBEDTLS_MD4_C))
|
|
|
|
|
|
- Closes #7133
|
|
|
-
|
|
|
-Version 7.77.0 (26 May 2021)
|
|
|
+ - curl_ntlm_core.c: unnecessary include - repeated below
|
|
|
+
|
|
|
+ Closes #7419
|
|
|
|
|
|
-Daniel Stenberg (26 May 2021)
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- THANKS: added contributors from 7.77.0 cycle
|
|
|
-
|
|
|
-- copyright: update copyright year ranges to 2021
|
|
|
-
|
|
|
-- [Radek Zajic brought this change]
|
|
|
+Jay Satiro (16 Jul 2021)
|
|
|
+- [User Sg brought this change]
|
|
|
|
|
|
- hostip: fix broken macOS/CMake/GCC builds
|
|
|
+ multi: fix crash in curl_multi_wait / curl_multi_poll
|
|
|
|
|
|
- Follow-up to 31f631a142d855f06
|
|
|
+ Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a
|
|
|
+ VALID_SOCK check to one of the loops through the sockets but not the
|
|
|
+ other.
|
|
|
|
|
|
- Fixes #7128
|
|
|
- Closes #7129
|
|
|
-
|
|
|
-- TODO: netrc caching and sharing
|
|
|
+ Reported-by: sylgal@users.noreply.github.com
|
|
|
+ Authored-by: sylgal@users.noreply.github.com
|
|
|
|
|
|
- URL: https://curl.se/mail/archive-2021-05/0018.html
|
|
|
+ Fixes https://github.com/curl/curl/issues/7379
|
|
|
+ Closes https://github.com/curl/curl/pull/7389
|
|
|
|
|
|
-- [Orgad Shaneh brought this change]
|
|
|
+- [Daniel Gustafsson brought this change]
|
|
|
|
|
|
- setopt: streamline ssl option code
|
|
|
+ tool_help: remove unused define
|
|
|
|
|
|
- Make it use the same style as the code next to it
|
|
|
+ The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
|
|
|
+ cleaned out but one occurrence remained.
|
|
|
|
|
|
- Closes #7123
|
|
|
+ Closes https://github.com/curl/curl/pull/7380
|
|
|
|
|
|
-- [Radek Zajic brought this change]
|
|
|
+- [Sergey Markelov brought this change]
|
|
|
|
|
|
- lib/hostip6.c: make NAT64 address synthesis on macOS work
|
|
|
+ build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS
|
|
|
+
|
|
|
+ fix compiler warnings about unused variables and parameters when
|
|
|
+ built with --disable-verbose.
|
|
|
|
|
|
- Closes #7121
|
|
|
+ Closes https://github.com/curl/curl/pull/7377
|
|
|
|
|
|
-- [ejanchivdorj brought this change]
|
|
|
+- [Andrea Pappacoda brought this change]
|
|
|
|
|
|
- sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
|
|
|
-
|
|
|
- When the SecCertificateCopyCommonName function fails, it leaves
|
|
|
- common_name in a invalid state so CFStringCompare uses the invalid
|
|
|
- result, causing EXC_BAD_ACCESS.
|
|
|
+ build: fix IoctlSocket FIONBIO check
|
|
|
|
|
|
- The fix is to check the return value of the function before using the
|
|
|
- name.
|
|
|
+ Prior to this change HAVE_IOCTLSOCKET_CAMEL_FIONBIO mistakenly checked
|
|
|
+ for (lowercase) ioctlsocket when it should have checked for IoctlSocket.
|
|
|
|
|
|
- Closes #7126
|
|
|
+ Closes https://github.com/curl/curl/pull/7375
|
|
|
|
|
|
-- [Paweł Wegner brought this change]
|
|
|
+- [Timur Artikov brought this change]
|
|
|
|
|
|
- CMake: add CURL_ENABLE_EXPORT_TARGET option
|
|
|
+ configure: fix nghttp2 library name for static builds
|
|
|
|
|
|
- install(EXPORT ...) causes trouble when embedding curl dependencies
|
|
|
- which don't provide install(EXPORT ...) targets (e.g libressl and
|
|
|
- nghttp2) with cmake's add_subdirectory.
|
|
|
+ Don't hardcode the nghttp2 library name,
|
|
|
+ because it can vary, be "nghttp2_static" for example.
|
|
|
|
|
|
- Reviewed-by: Jakub Zakrzewski
|
|
|
- Closes #7060
|
|
|
+ Fixes https://github.com/curl/curl/issues/7367
|
|
|
+ Closes https://github.com/curl/curl/pull/7368
|
|
|
|
|
|
-- [Alessandro Ghedini brought this change]
|
|
|
+Gisle Vanem (16 Jul 2021)
|
|
|
+- [PellesC] fix _lseeki64() macro
|
|
|
|
|
|
- quiche: update for network path aware API
|
|
|
+- [SChannel] Use '_tcsncmp()' instead
|
|
|
|
|
|
- Latest version of quiche requires the application to pass the peer
|
|
|
- address of received packets, and it provides the address for outgoing
|
|
|
- packets back.
|
|
|
+ Revert previous change for PellesC.
|
|
|
|
|
|
- Closes #7120
|
|
|
+ Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`.
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [PellesC] missing '_tcsnccmp'
|
|
|
+
|
|
|
+ PellesC compiler does not have this macro in it's `<tchar.h>`
|
|
|
|
|
|
- rustls: switch read_tls and write_tls to callbacks
|
|
|
+Daniel Gustafsson (14 Jul 2021)
|
|
|
+- TODO: add mention of mbedTLS 3 incompatibilities
|
|
|
|
|
|
- And update to 0.6.0, including a rename from session to connection for
|
|
|
- many fields.
|
|
|
+ Wyatt OʼDay reported in #7385 that mbedTLS isn't backwards compatible
|
|
|
+ and curl no longer builds with it. Document the need to fix our support
|
|
|
+ until so has been done.
|
|
|
|
|
|
- Closes #7071
|
|
|
-
|
|
|
-- [Koichi Shiraishi brought this change]
|
|
|
+ Closes #7390
|
|
|
+ Fixes #7385
|
|
|
+ Reported-by: Wyatt OʼDay
|
|
|
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
|
|
|
- sectransp: fix 7f4a9a9b2a49 commit about missing comma
|
|
|
+- docs: fix inconsistencies in EGDSOCKET documentation
|
|
|
|
|
|
- Follow-up to 7f4a9a9b2a495
|
|
|
+ Only the OpenSSL backend actually use the EGDSOCKET, and also use
|
|
|
+ TLS consistently rather than mixing SSL and TLS. While there, also
|
|
|
+ fix a minor spelling nit.
|
|
|
|
|
|
- Closes #7119
|
|
|
+ Closes: #7391
|
|
|
+ Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Борис Верховский brought this change]
|
|
|
|
|
|
- openssl: associate/detach the transfer from connection
|
|
|
+ docs: document missing arguments to commands
|
|
|
|
|
|
- CVE-2021-22901
|
|
|
+ This is a followup to commit f410b9e538129e77607fef1 fixing a few
|
|
|
+ more commands which takes arguments.
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22901.html
|
|
|
+ Closes #7382
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Randolf J brought this change]
|
|
|
|
|
|
- telnet: check sscanf() for correct number of matches
|
|
|
+ docs: fix incorrect argument name reference
|
|
|
|
|
|
- CVE-2021-22898
|
|
|
+ The documentation for the read callback was erroneously referencing
|
|
|
+ the nitems argument by nmemb. The error was introduced in commit
|
|
|
+ ce0881edee3c7.
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22898.html
|
|
|
+ Closes #7383
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-- schannel: don't use static to store selected ciphers
|
|
|
-
|
|
|
- CVE-2021-22897
|
|
|
+- [Борис Верховский brought this change]
|
|
|
+
|
|
|
+ tool_help: Document that --tlspassword takes a password
|
|
|
|
|
|
- Bug: https://curl.se/docs/CVE-2021-22897.html
|
|
|
+ Closes #7378
|
|
|
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
-- docs/tests: remove freenode references
|
|
|
+- scripts: Fix typo in release-notes instructions
|
|
|
+
|
|
|
+ The command to run had a typo in the pathname which prevented copy
|
|
|
+ pasting it to work, which has annoyed me enough to fix this now.
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- [Sergey Markelov brought this change]
|
|
|
-
|
|
|
- NSS: make colons, commas and spaces valid separators in cipher list
|
|
|
+Jay Satiro (10 Jul 2021)
|
|
|
+- write-out.d: Clarify urlnum is not unique for de-globbed URLs
|
|
|
|
|
|
- Fixes #7110
|
|
|
- Closes #7115
|
|
|
-
|
|
|
-- curl: include libmetalink version in --version output
|
|
|
+ Reported-by: Коваленко Анатолий Викторович
|
|
|
|
|
|
- Closes #7112
|
|
|
+ Fixes https://github.com/curl/curl/issues/7342
|
|
|
+ Closes https://github.com/curl/curl/pull/7369
|
|
|
|
|
|
-Jay Satiro (21 May 2021)
|
|
|
-- [Matias N. Goldberg brought this change]
|
|
|
+Daniel Gustafsson (3 Jul 2021)
|
|
|
+- [William Desportes brought this change]
|
|
|
|
|
|
- cmake: Use multithreaded compilation on VS 2008+
|
|
|
-
|
|
|
- Multithreaded compilation has been supported since at least VS 2005 and
|
|
|
- been robustly stable since at least VS 2008
|
|
|
+ docs: Fix typos
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7109
|
|
|
+ Closes: #7370
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
-Daniel Stenberg (21 May 2021)
|
|
|
-- [Matias N. Goldberg brought this change]
|
|
|
+Daniel Stenberg (8 Jul 2021)
|
|
|
+- [Jonathan Wernberg brought this change]
|
|
|
|
|
|
- cmake: fix two invokes result in different curl_config.h
|
|
|
+ Revert "ftp: Expression 'ftpc->wait_data_conn' is always false"
|
|
|
|
|
|
- Fixes #7100
|
|
|
- Closes #7101
|
|
|
+ The reverted commit introduced a logic error in code that was
|
|
|
+ correct.
|
|
|
|
|
|
- Reviewed-by: Jakub Zakrzewski
|
|
|
- Signed-off-by: Matias N. Goldberg <dark_sylinc@yahoo.com.ar>
|
|
|
-
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
-
|
|
|
- cmake: detect CURL_SA_FAMILY_T
|
|
|
+ The client using libcurl would notice the error since FTP file
|
|
|
+ uploads in active transfer mode would somtimes complete with
|
|
|
+ success despite no transfer having been performed and the
|
|
|
+ "uploaded" file thus not being on the remote server afterwards.
|
|
|
|
|
|
- Fixes #7049
|
|
|
- Closes #7065
|
|
|
-
|
|
|
-- [Lucas Clemente Vella brought this change]
|
|
|
-
|
|
|
- CURLOPT_IPRESOLVE: preventing wrong IP version from being used
|
|
|
+ The FTP server would notice the error because it receives a
|
|
|
+ RST on the data connection it has established with the client
|
|
|
+ before any data was transferred at all.
|
|
|
|
|
|
- In some situations, it was possible that a transfer was setup to
|
|
|
- use an specific IP version, but due do DNS caching or connection
|
|
|
- reuse, it ended up using a different IP version from requested.
|
|
|
+ The logic error happens if the STOR response from the server have
|
|
|
+ arrived by the time ftp_multi_statemach() in the affected code path
|
|
|
+ is called, but the incoming data connection have not arrived yet.
|
|
|
+ In that case, the processing of the STOR response will cause
|
|
|
+ 'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment
|
|
|
+ in the code. Since 'complete' will also be set, later logic would
|
|
|
+ believe the transfer was done.
|
|
|
|
|
|
- This commit changes the effect of CURLOPT_IPRESOLVE from simply
|
|
|
- restricting address resolution to preventing the wrong connection
|
|
|
- type being used, when choosing a connection from the pool, and
|
|
|
- to restricting what addresses could be used when establishing
|
|
|
- a new connection.
|
|
|
+ In most cases, the STOR response will not have arrived yet when
|
|
|
+ the affected code path is executed, or the incoming connection will
|
|
|
+ also have arrived, and thus the error would not express itself.
|
|
|
+ But if the speed difference of the device using libcurl and the
|
|
|
+ FTP server is exactly right, the error may happen as often as in
|
|
|
+ one out of hundred file transfers.
|
|
|
|
|
|
- It is important that all addresses versions are resolved, even if
|
|
|
- not used in that transfer in particular, because the result is
|
|
|
- cached, and could be useful for a different transfer with a
|
|
|
- different CURLOPT_IPRESOLVE setting.
|
|
|
+ This reverts commit 49f3117a238b6eac0e22a32f50699a9eddcb66ab.
|
|
|
|
|
|
- Closes #6853
|
|
|
-
|
|
|
-- [Oliver Urbann brought this change]
|
|
|
+ Bug: https://curl.se/mail/lib-2021-07/0025.html
|
|
|
+ Closes #7362
|
|
|
|
|
|
- AmigaOS: add functions definitions for SHA256
|
|
|
+- msnprintf: return number of printed characters excluding null byte
|
|
|
|
|
|
- AmiSSL replaces many functions with macros. Curl requires pointer
|
|
|
- to some of these functions. Thus, we have to encapsulate these macros:
|
|
|
- SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free.
|
|
|
+ ... even when the output is "capped" by the maximum length argument.
|
|
|
|
|
|
- Bug: https://github.com/jens-maus/amissl/issues/15
|
|
|
- Co-authored-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
+ Clarified in the docs.
|
|
|
|
|
|
- Closes #7099
|
|
|
+ Closes #7361
|
|
|
|
|
|
-- test2100: make it run with and require IPv6
|
|
|
+- infof: remove newline from format strings, always append it
|
|
|
|
|
|
- Closes #7083
|
|
|
-
|
|
|
-- tests/getpart: generate output URL encoded for better diffs
|
|
|
+ - the data needs to be "line-based" anyway since it's also passed to the
|
|
|
+ debug callback/application
|
|
|
|
|
|
- Closes #7083
|
|
|
-
|
|
|
-- [Ryan Beck-Buysse brought this change]
|
|
|
-
|
|
|
- docs/TheArtOfHttpScripting: fix markdown links
|
|
|
+ - it makes infof() work like failf() and consistency is good
|
|
|
|
|
|
- extra parens cause the links to be incorrectly formatted
|
|
|
- and inconsistent with the rest of the document.
|
|
|
+ - there's an assert that triggers on newlines in the format string
|
|
|
|
|
|
- Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com>
|
|
|
- Closes #7097
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- [Emil Engler brought this change]
|
|
|
-
|
|
|
- docs: replace dots with dashes in markdown enums
|
|
|
+ - Also removes a few instances of "..."
|
|
|
|
|
|
- We use dashes instead of dots nearly everywhere except for those few
|
|
|
- cases. This commit addresses this issues and brings more coherency into
|
|
|
- it.
|
|
|
+ - Removes the code that would append "..." to the end of the data *iff*
|
|
|
+ it was truncated in infof()
|
|
|
|
|
|
- Closes #7093
|
|
|
-
|
|
|
-- [Emil Engler brought this change]
|
|
|
+ Closes #7357
|
|
|
|
|
|
- docs: improve INTERNALS.md regarding getsock cb
|
|
|
+- examples/multi-single: fix scan-build warning
|
|
|
|
|
|
- This adds the I/O prefix to indicate that those "actions" are kind-of
|
|
|
- related to those found in select(2) or poll(2) (reading/writing).
|
|
|
+ warning: Value stored to 'mc' during its initialization is never read
|
|
|
|
|
|
- It also adds a note where the prototypes of those functions can be found
|
|
|
- in the source code.
|
|
|
+ Follow-up to ae8e11ed5fd2ce
|
|
|
|
|
|
- Closes #7092
|
|
|
-
|
|
|
-- [Emil Engler brought this change]
|
|
|
+ Closes #7360
|
|
|
|
|
|
- docs: document attach in INTERNALS.md
|
|
|
+- wolfssl: failing to set a session id is not reason to error out
|
|
|
+
|
|
|
+ ... as it is *probably* just timed out.
|
|
|
|
|
|
- The new field in the Curl_handler struct still lacks documentation. This
|
|
|
- adds it it from the information extracted from lib/urldata.h:797
|
|
|
+ Reported-by: Francisco Munoz
|
|
|
|
|
|
- Closes #7091
|
|
|
+ Closes #7358
|
|
|
|
|
|
-- [Marc Aldorasi brought this change]
|
|
|
+- docs/examples: use curl_multi_poll() in multi examples
|
|
|
+
|
|
|
+ The API is soon two years old and deserves being shown as the primary
|
|
|
+ way to drive multi code as it makes it much easier to write code.
|
|
|
+
|
|
|
+ multi-poll: removed
|
|
|
+
|
|
|
+ multi-legacy: add to show how we did multi API use before
|
|
|
+ curl_multi_wait/poll.
|
|
|
+
|
|
|
+ Closes #7352
|
|
|
|
|
|
- config: remove now-unused macros
|
|
|
+- KNOWN_BUGS: flaky Windows CI builds
|
|
|
|
|
|
- Closes #7094
|
|
|
+ Closes #6972
|
|
|
|
|
|
-- [Marc Aldorasi brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- hostip.h: remove declaration of unimplemented function
|
|
|
+- test1147: hyper doesn't allow "crazy" request headers like built-in
|
|
|
|
|
|
- Closes #7094
|
|
|
+ ... so strip that from the test.
|
|
|
+
|
|
|
+ Closes #7349
|
|
|
|
|
|
-- h3: add 'attach' callback to protocol handlers
|
|
|
+- c-hyper: bail on too long response headers
|
|
|
|
|
|
- Follow-up to 0c55fbab45be
|
|
|
+ To match with built-in behaviors. Makes test 1154 work.
|
|
|
+
|
|
|
+ Closes #7350
|
|
|
+
|
|
|
+- test1151: added missing CRLF to work with hyper
|
|
|
|
|
|
- Reviewed-by: Emil Engler
|
|
|
- Closes #7090
|
|
|
+ Closes #7350
|
|
|
|
|
|
-- wolfssl: remove SSLv3 support leftovers
|
|
|
+- c-hyper: add support for transfer-encoding in the request
|
|
|
|
|
|
- Closes #7088
|
|
|
+ Closes #7348
|
|
|
|
|
|
-- curl-wolfssl.m4: without custom include path, assume /usr/include
|
|
|
+- [Andrea Pappacoda brought this change]
|
|
|
+
|
|
|
+ cmake: remove libssh2 feature checks
|
|
|
|
|
|
- ... so that we can point out the root of the OpenSSL emulation headers.
|
|
|
- Previously this used the '$includedir' variable which is wrong since
|
|
|
- that defaults to the dir where the current configure invoke will install
|
|
|
- the built libcurl headers: /usr/local by default.
|
|
|
+ libssh2 features are detected based on version since commit
|
|
|
+ 9dbbba997608f7c3c5de1c627c77c8cd2aa85b73
|
|
|
|
|
|
- Fixes #7085
|
|
|
- Reported-by: Joel Jakobsson
|
|
|
- Closes #7087
|
|
|
+ Closes #7343
|
|
|
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+- test1116: hyper doesn't pass through "surprise-trailers"
|
|
|
+
|
|
|
+ Closes #7344
|
|
|
|
|
|
- data_pending: check only SECONDARY socket for FTP(S) transfers
|
|
|
+- socks4: scan for the IPv4 address in resolve results
|
|
|
|
|
|
- Check the FIRST for all other protocols.
|
|
|
+ Follow-up to 84d2839740 which changed the resolving to always resolve
|
|
|
+ both address families, but since SOCKS4 only supports IPv4 it should
|
|
|
+ scan for and use the first available IPv4 address.
|
|
|
|
|
|
- This fixes a timeout in an ftps download. The server sends a TLS
|
|
|
- close_notify message in the same packet as the file data. The
|
|
|
- close_notify seems to not be handled in the schannel_recv function, so
|
|
|
- libcurl is not aware that the server has closed the connection. Thus
|
|
|
- libcurl ends up waiting for action on the socket until a timeout is
|
|
|
- reached. With the secondary socket check added to the data_pending
|
|
|
- function, the close_notify is properly handled, and the ftps transfer
|
|
|
- terminates as expected.
|
|
|
+ Reported-by: shithappens2016 on github
|
|
|
+ Fixes #7345
|
|
|
+ Closes #7346
|
|
|
+
|
|
|
+Jay Satiro (5 Jul 2021)
|
|
|
+- proto.d: fix formatting for paragraphs after margin changes
|
|
|
|
|
|
- Fixes #7068
|
|
|
- Closes #7069
|
|
|
+ Closes https://github.com/curl/curl/pull/7341
|
|
|
|
|
|
-- github: inhibit deprecated declarations for clang on macOS
|
|
|
+- pinnedpubkey.d: fix formatting for version support lists
|
|
|
|
|
|
- ... as they otherwise cause ldap build errors in the CI.
|
|
|
+ Closes https://github.com/curl/curl/pull/7340
|
|
|
+
|
|
|
+Daniel Stenberg (2 Jul 2021)
|
|
|
+- TODO: "Support in-memory certs/ca certs/keys" done
|
|
|
|
|
|
- Fixes #7081
|
|
|
- Closes #7082
|
|
|
+ Has been suppored for a while now with the *BLOB options.
|
|
|
|
|
|
-- conn: add 'attach' to protocol handler, make libssh2 use it
|
|
|
+- examples: safer and more proper read callback logic
|
|
|
+
|
|
|
+ The same callback code is used in:
|
|
|
+
|
|
|
+ imap-append.c
|
|
|
+ smtp-authzid.c
|
|
|
+ smtp-mail.c
|
|
|
+ smtp-multi.c
|
|
|
+ smtp-ssl.c
|
|
|
+ smtp-tls.c
|
|
|
|
|
|
- The libssh2 backend has SSH session associated with the connection but
|
|
|
- the callback context is the easy handle, so when a connection gets
|
|
|
- attached to a transfer, the protocol handler now allows for a custom
|
|
|
- function to get used to set things up correctly.
|
|
|
+ It should not assume that it can copy full lines into the buffer as it
|
|
|
+ will encourage sloppy coding practices. Instead use byte-wise logic and
|
|
|
+ check/acknowledge the buffer size appropriately.
|
|
|
|
|
|
- Reported-by: Michael O'Farrell
|
|
|
- Fixes #6898
|
|
|
- Closes #7078
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Fixes #7330
|
|
|
+ Closes #7331
|
|
|
|
|
|
-- http2: make sure pause is done on HTTP
|
|
|
-
|
|
|
- Since the function is called for any protocol, we can't assume that the
|
|
|
- HTTP struct is there without first making sure it is HTTP.
|
|
|
+- test1519: adjusted to work with hyper
|
|
|
|
|
|
- Reported-by: Denis Goleshchikhin
|
|
|
- Fixes #7079
|
|
|
- Closes #7080
|
|
|
+ Closes #7333
|
|
|
|
|
|
-- docs: cookies from HTTP headers need domain set
|
|
|
-
|
|
|
- ... or the cookies won't get sent. Push users to using the "Netscape"
|
|
|
- format instead, which curl uses when saving a cookie "jar".
|
|
|
+- test1518: adjusted to work with hyper
|
|
|
|
|
|
- Reported-by: Martin Dorey
|
|
|
- Reviewed-by: Daniel Gustafsson
|
|
|
- Fixes #6723
|
|
|
- Closes #7077
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- github: add a workflow with libssh2 on macOS using cmake
|
|
|
+ ... by making sure the stdout output doesn't look like HTTP headers.
|
|
|
|
|
|
- Closes #7047
|
|
|
+ Closes #7333
|
|
|
|
|
|
-- sws: allow HTTP requests up to 2MB in size
|
|
|
-
|
|
|
- To allow tests with slightly larger payloads. Like #7071 ...
|
|
|
+- test1514: add a CRLF to the response to make it correct
|
|
|
|
|
|
- Closes #7075
|
|
|
-
|
|
|
-Marc Hoersken (16 May 2021)
|
|
|
-- CI/azure: increase verbosity and fix outdated task names
|
|
|
+ Makes hyper accept it fine instead returning HYPERE_UNEXPECTED_EOF on
|
|
|
+ us.
|
|
|
|
|
|
- Closes #7063
|
|
|
+ Closes #7334
|
|
|
|
|
|
-- CI/cirrus: add shared and static Windows release builds
|
|
|
+- formdata: avoid "Argument cannot be negative" warning
|
|
|
|
|
|
- Azure Pipelines is currently being used for debug builds,
|
|
|
- let's also run some non-debug (release) Windows builds and
|
|
|
- make use of previously underutilized Cirrus CI for that.
|
|
|
+ ... when converting a curl_off_t to size_t, by using
|
|
|
+ CURL_ZERO_TERMINATED before passing the argument to the function.
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
+ Detected by Coverity CID 1486590.
|
|
|
|
|
|
- Closes #6991
|
|
|
+ Closes #7328
|
|
|
+ Assisted-by: Daniel Gustafsson
|
|
|
|
|
|
-Daniel Stenberg (16 May 2021)
|
|
|
-- CURLOPT_CAPATH.3: defaults to a path, not NULL
|
|
|
+- lib: more %u for port and int for %*s fixes
|
|
|
|
|
|
- Reported-by: Andrew Barnert
|
|
|
+ Detected by Coverity
|
|
|
|
|
|
- Closes #7062
|
|
|
+ Closes #7329
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- doh: (void)-prefix call to curl_easy_setopt
|
|
|
|
|
|
- c-hyper: handle body on HYPER_TASK_EMPTY
|
|
|
-
|
|
|
- Some of the time, we get a HYPER_TASK_EMPTY response before the status
|
|
|
- line, headers, and body have been read. Previously, that would cause us
|
|
|
- to poll again, leading to a 1 second timeout.
|
|
|
-
|
|
|
- The HYPER_TASK_EMPTY docs say:
|
|
|
-
|
|
|
- The value of this task is null (does not imply an error).
|
|
|
+- lib: fix type of len passed to *printf's %*s
|
|
|
|
|
|
- So, if we receive a HYPER_TASK_EMPTY, continue on with processing the
|
|
|
- response.
|
|
|
+ ... it needs to be 'int'. Detected by Coverity CID 1486611 (etc)
|
|
|
|
|
|
- Reported-by: Kevin Burke
|
|
|
- Fixes #7064
|
|
|
- Closes #7070
|
|
|
-
|
|
|
-- [Ikko Ashimine brought this change]
|
|
|
+ Closes #7326
|
|
|
|
|
|
- tool_getparam: fix comment typo in tool_getparam.c
|
|
|
+- lib: use %u instead of %ld for port number printf
|
|
|
|
|
|
- enfore -> enforce
|
|
|
+ Follow-up to 764c6bd3bf which changed the type of some port number
|
|
|
+ fields. Detected by Coverity (CID 1486624) etc.
|
|
|
|
|
|
- Closes #7074
|
|
|
+ Closes #7325
|
|
|
|
|
|
-- mem-include-scan.pl: require a non-word letter before memory funcs
|
|
|
+- version: turn version number functions into returning void
|
|
|
|
|
|
- ... so that ldap_memfree() for example doesn't match the scan for free.
|
|
|
+ ... as we never use the return codes from them.
|
|
|
|
|
|
- Closes #7061
|
|
|
+ Reviewed-by: Daniel Gustafsson
|
|
|
+ Closes #7319
|
|
|
|
|
|
-- version: free the openldap info correctly
|
|
|
+- mqtt: extend the error message for no topic
|
|
|
|
|
|
- ... to avoid memory leaks.
|
|
|
+ ... and mention that it needs URL encoding.
|
|
|
|
|
|
- Follow-up to: bf0feae7768d9
|
|
|
- Closes #7061
|
|
|
+ Reported-by: Peter Körner
|
|
|
+ Fixes #7316
|
|
|
+ Closes #7317
|
|
|
|
|
|
-- dupset: remove totally off comment
|
|
|
+- formdata: correct typecast in curl_mime_data call
|
|
|
|
|
|
- Closes #7067
|
|
|
-
|
|
|
-- configure: if asked for, fail if ldap is not found
|
|
|
+ Coverity pointed out it the mismatch. CID 1486590
|
|
|
|
|
|
- Reported-by: Jakub Zakrzewski
|
|
|
- Fixes #7053
|
|
|
- Closes #7055
|
|
|
+ Closes #7327
|
|
|
|
|
|
-- version: add OpenLDAP version in the output
|
|
|
+- url: (void)-prefix a curl_url_get() call
|
|
|
|
|
|
- Assisted-by: Howard Chu
|
|
|
- Closes #7054
|
|
|
-
|
|
|
-Jay Satiro (13 May 2021)
|
|
|
-- [Joel Depooter brought this change]
|
|
|
+ Coverity (CID 1486645) pointed out a use of curl_url_get() in the
|
|
|
+ parse_proxy function where the return code wasn't checked. A
|
|
|
+ (void)-prefix makes the intention obvious.
|
|
|
+
|
|
|
+ Closes #7320
|
|
|
|
|
|
- schannel: Ensure the security context request flags are always set
|
|
|
+- glob: pass an 'int' as len when using printf's %*s
|
|
|
|
|
|
- As of commit 54e7475, these flags would only be set when using a new
|
|
|
- credential handle. When re-using an existing credential handle, the
|
|
|
- flags would not be set.
|
|
|
+ Detected by Coverity CID 1486629.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7051
|
|
|
-
|
|
|
-Dan Fandrich (12 May 2021)
|
|
|
-- tests: Fix some tag matching issues in a number of tests
|
|
|
+ Closes #7324
|
|
|
|
|
|
-Daniel Stenberg (12 May 2021)
|
|
|
-- sasl: use 'unsigned short' to store mechanism
|
|
|
+- vtls: use free() not curl_free()
|
|
|
|
|
|
- ... saves a few bytes of struct size in memory and it only uses
|
|
|
- 10 bits anyway.
|
|
|
+ curl_free() is provided for users of the API to free returned data,
|
|
|
+ there's no need to use it internally.
|
|
|
|
|
|
- Closes #7045
|
|
|
+ Closes #7318
|
|
|
|
|
|
-- hostip: remove the debug code for LocalHost
|
|
|
+- zuul: use the new rustls directory name
|
|
|
|
|
|
- The Curl_resolv() had special code (when built in debug mode) for when
|
|
|
- resolving the host name "LocalHost" (using that exact casing). It would
|
|
|
- then get the host name from the --interface option instead.
|
|
|
+ Follow-up to 6d972c8b1cbb3 which missed updating this directory name.
|
|
|
|
|
|
- This development-only feature was not used by anything (anymore) and we
|
|
|
- have the --resolve feature if we want to play similar tricks properly
|
|
|
- going forward.
|
|
|
+ Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1
|
|
|
|
|
|
- Closes #7044
|
|
|
+ Closes #7311
|
|
|
|
|
|
-- progress: reset limit_size variables at transfer start
|
|
|
+Jay Satiro (29 Jun 2021)
|
|
|
+- http: fix crash in rate-limited upload
|
|
|
|
|
|
- Otherwise the old value would linger from a previous use and would mess
|
|
|
- up the network speed cap logic.
|
|
|
+ - Don't set the size of the piece of data to send to the rate limit if
|
|
|
+ that limit is larger than the buffer size that will hold the piece.
|
|
|
|
|
|
- Reported-by: Ymir1711 on github
|
|
|
+ Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
|
|
|
+ (curl tool: --limit-rate) was set then it was possible that a temporary
|
|
|
+ buffer used for uploading could be written to out of bounds. A likely
|
|
|
+ scenario for this would be a non-trivial amount of post data combined
|
|
|
+ with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).
|
|
|
|
|
|
- Fixes #7042
|
|
|
- Closes #7043
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
-
|
|
|
- cookies: use CURLcode for cookie_output reporting
|
|
|
+ The bug was introduced in 24e469f which is in releases since 7.76.0.
|
|
|
|
|
|
- Writing the cookie file has multiple error conditions, and was using an
|
|
|
- int with magic numbers to report the different error (which in turn were
|
|
|
- disregarded anyways). This moves reporting to use a CURLcode value.
|
|
|
+ perl -e "print '0' x 200000" > tmp
|
|
|
+ curl --limit-rate 128k -d @tmp httpbin.org/post
|
|
|
|
|
|
- Lightly-touched-by: Daniel Stenberg
|
|
|
+ Reported-by: Richard Marion
|
|
|
|
|
|
- Closes #7037
|
|
|
- Closes #6749
|
|
|
-
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
+ Fixes https://github.com/curl/curl/issues/7308
|
|
|
+ Closes https://github.com/curl/curl/pull/7315
|
|
|
|
|
|
- cookies: make use of string duplication function
|
|
|
+Daniel Stenberg (29 Jun 2021)
|
|
|
+- copyright: add boiler-plate headers to CI config files
|
|
|
|
|
|
- strstore() is defined as a strdup which ensures to free the target
|
|
|
- pointer before duping the source char * into it. Make use of it in
|
|
|
- two more cases where it can simplify the code.
|
|
|
-
|
|
|
-- [Daniel Gustafsson brought this change]
|
|
|
-
|
|
|
- cookies: refactor comments
|
|
|
+ And whitelist .zuul.ignore
|
|
|
|
|
|
- Comments in the cookie code were a bit all over the place in terms of
|
|
|
- style and wording. This takes a stab at cleaning them up by keeping to
|
|
|
- a single style and overall shape. Some comments are moved a little and
|
|
|
- some removed alltogether due to being redundant. No functional changes
|
|
|
- have been made,
|
|
|
-
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+ Closes #7314
|
|
|
|
|
|
- http2: skip immediate parsing of payload following protocol switch
|
|
|
-
|
|
|
- This is considered not harmful as a following http2_recv shall be
|
|
|
- called very soon.
|
|
|
+- CI: remove travis details
|
|
|
|
|
|
- This is considered helpful in the specific situation where some
|
|
|
- servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately
|
|
|
- following the return of HTTP status 101, other than waiting for
|
|
|
- the client-side connection preface to arrive.
|
|
|
+ Rename still used leftovers to "zuul" as that's now the CI using them.
|
|
|
|
|
|
- Fixes #7036
|
|
|
- Closes #7040
|
|
|
+ Closes #7313
|
|
|
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade
|
|
|
-
|
|
|
- Following the upstream deprecation of nghttp2_session_upgrade.
|
|
|
-
|
|
|
- Also provides further checks for requests with the HEAD method.
|
|
|
+- openssl: avoid static variable for seed flag
|
|
|
|
|
|
- Closes #7041
|
|
|
-
|
|
|
-- progress/trspeed: use a local convenient pointer to beautify code
|
|
|
+ Avoid the race condition risk by instead storing the "seeded" flag in
|
|
|
+ the multi handle. Modern OpenSSL versions handle the seeding itself so
|
|
|
+ doing the seeding once per multi-handle instead of once per process is
|
|
|
+ less of an issue.
|
|
|
|
|
|
- The function becomes easier to read and understand with less repetition.
|
|
|
-
|
|
|
-- trspeed: use long double for transfer speed calculation
|
|
|
+ Reported-by: Gerrit Renker
|
|
|
+ Fixes #7296
|
|
|
+ Closes #7306
|
|
|
|
|
|
-- progress: move transfer speed calc into function
|
|
|
+- configure: inhibit the implicit-fallthrough warning on gcc-12
|
|
|
|
|
|
- This silences two scan-build-11 warnings: "The result of the '/'
|
|
|
- expression is undefined"
|
|
|
+ ... since it no longer acknowledges the comment markup we use for that
|
|
|
+ purpose.
|
|
|
|
|
|
- Bug: https://curl.se/mail/lib-2021-05/0022.html
|
|
|
- Closes #7035
|
|
|
-
|
|
|
-- [Cameron Cawley brought this change]
|
|
|
+ Reported-by: Younes El-karama
|
|
|
+ Fixes #7295
|
|
|
+ Closes #7307
|
|
|
|
|
|
- openssl: remove unneeded cast for CertOpenSystemStore()
|
|
|
-
|
|
|
- Closes #7025
|
|
|
+Daniel Gustafsson (28 Jun 2021)
|
|
|
+- [Andrei Rybak brought this change]
|
|
|
|
|
|
-- travis: disable the libssh build
|
|
|
-
|
|
|
- It can't run on focal and causes warnings on bionic. Since the focal
|
|
|
- failure started rather suddenly a while ago, we can suspect it might be
|
|
|
- temporary.
|
|
|
+ misc: fix typos in comments which repeat a word
|
|
|
|
|
|
- Added "bring back the build" to the TODO document.
|
|
|
+ Fix typos in code comments which repeat various words. In trivial
|
|
|
+ cases, just delete the repeated word. Reword the affected sentence in
|
|
|
+ "lib/url.c" for it to make sense.
|
|
|
|
|
|
- Fixes #7011
|
|
|
- Closes #7012
|
|
|
-
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+ Closes #7303
|
|
|
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
- http: use calculated offsets inst of integer literals for header parsing
|
|
|
-
|
|
|
- Assumed to be a minor coding style improvement with no behavior change.
|
|
|
+Daniel Stenberg (27 Jun 2021)
|
|
|
+- lib677: make it survive torture testing
|
|
|
|
|
|
- A modern compiler is expected to have the calculation optimized during
|
|
|
- compilation. It may be deemed okay even if that's not the case, since
|
|
|
- the added overhead is considered very low.
|
|
|
+ Follow-up to a5ab72d5edd7
|
|
|
|
|
|
- Closes #7032
|
|
|
-
|
|
|
-- [Peng-Yu Chen brought this change]
|
|
|
+ Closes #7300
|
|
|
|
|
|
- GIT-INFO: suggest using autoreconf instead of buildconf
|
|
|
-
|
|
|
- Follow-up to 85868537d
|
|
|
-
|
|
|
- Closes #7033
|
|
|
+- [Tommy Chiang brought this change]
|
|
|
|
|
|
-- http: deal with partial CONNECT sends
|
|
|
-
|
|
|
- Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets,
|
|
|
- which helped verifying this even more.
|
|
|
+ docs/BINDINGS: fix outdated links
|
|
|
|
|
|
- Add test 363 to verify.
|
|
|
+ * luacurl page is now not accessible, fix it with wayback machine page
|
|
|
+ * Scheme one seems not providing https now, change it back to http one
|
|
|
|
|
|
- Reported-by: ustcqidi on github
|
|
|
- Fixes #6950
|
|
|
- Closes #7024
|
|
|
+ Closes #7301
|
|
|
|
|
|
-- HTTP3: make the ngtcp2 build use the quictls fork
|
|
|
-
|
|
|
- ... as ngtcp2 itself documents the build this way.
|
|
|
-
|
|
|
- Closes #7031
|
|
|
+- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
-- http: limit the initial send amount to used upload buffer size
|
|
|
-
|
|
|
- Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes,
|
|
|
- but for the situations where a larger upload buffer has been set, this
|
|
|
- function can benefit from sending more bytes. With default size used,
|
|
|
- this does the same as before.
|
|
|
-
|
|
|
- Also changed the storage of the size to an 'unsigned int' as it is not
|
|
|
- allowed to be set larger than 2M.
|
|
|
+ curstls: bump crustls version and use new URL
|
|
|
|
|
|
- Also added cautions to the man pages about changing buffer sizes in
|
|
|
- run-time.
|
|
|
+ crustls moved to https://github.com/rustls/rustls-ffi. This also bumps
|
|
|
+ the expected version to 0.7.0.
|
|
|
|
|
|
- Closes #7022
|
|
|
+ Closes #7297
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
|
|
|
-- ngtcp2: fix the cb_acked_stream_data_offset proto
|
|
|
-
|
|
|
- The 'datalen' value should be 64 bit, not size_t!
|
|
|
+- examples: length-limit two sscanf() uses of %s
|
|
|
|
|
|
- Reported-by: Dmitry Karpov
|
|
|
- Bug: https://curl.se/mail/lib-2021-05/0019.html
|
|
|
- Closes #7027
|
|
|
+ Reported-by: Jishan Shaikh
|
|
|
+ Fixes #7293
|
|
|
+ Closes #7294
|
|
|
|
|
|
-- progress: when possible, calculate transfer speeds with microseconds
|
|
|
-
|
|
|
- ... this improves precision, especially for transfers in the few or even
|
|
|
- sub millisecond range.
|
|
|
-
|
|
|
- Reported-by: J. Bromley
|
|
|
- Fixes #7017
|
|
|
- Closes #7020
|
|
|
+- [Richard Whitehouse brought this change]
|
|
|
|
|
|
-- http: reset the header buffer when sending the request
|
|
|
+ multi: alter transfer timeout ordering
|
|
|
|
|
|
- A reused transfer handle could otherwise reuse the previous leftover
|
|
|
- buffer and havoc would ensue.
|
|
|
+ - Check whether a connection has succeded before checking whether it's
|
|
|
+ timed out.
|
|
|
|
|
|
- Reported-by: sergio-nsk on github
|
|
|
- Fixes #7018
|
|
|
- Closes #7021
|
|
|
-
|
|
|
-- curl_mprintf.3: add description
|
|
|
+ This means if we've connected quickly, but subsequently been
|
|
|
+ descheduled, we allow the connection to succeed. Note, if we timeout,
|
|
|
+ but between checking the timeout, and connecting to the server the
|
|
|
+ connection succeeds, we will allow it to go ahead. This is viewed as
|
|
|
+ an acceptable trade off.
|
|
|
|
|
|
- These functions have existed in the API since the dawn of time. It is
|
|
|
- about time we describe how they work, even if we discourage users from
|
|
|
- using them.
|
|
|
+ - Add additional failf logging around failed connection attempts to
|
|
|
+ propogate the cause up to the caller.
|
|
|
|
|
|
- Closes #7010
|
|
|
-
|
|
|
-- [Timothy Gu brought this change]
|
|
|
+ Co-Authored-by: Martin Howarth
|
|
|
+ Closes #7178
|
|
|
|
|
|
- URL-SYNTAX: update IDNA section for WHATWG spec changes
|
|
|
-
|
|
|
- WHATWG URL has dictated the use of Nontransitional Processing (IDNA
|
|
|
- 2008) for several years now. Chrome (and derivatives) still use
|
|
|
- Transitional Processing, but Firefox and Safari have both switched.
|
|
|
-
|
|
|
- Also document the fact that winidn functions differently from libidn2
|
|
|
- here.
|
|
|
+- test677: IMAP CONNECT_ONLY, custom command and then exit
|
|
|
|
|
|
- Closes #7026
|
|
|
-
|
|
|
-- [Calvin Buckley brought this change]
|
|
|
-
|
|
|
- INSTALL: add IBM i specific quirks
|
|
|
+ Adjusted ftpserver.pl to add support for the IMAP IDLE command
|
|
|
|
|
|
- Fixes #6830
|
|
|
- Closes #7013
|
|
|
+ Adjusted test 660 to sync with the fix
|
|
|
|
|
|
-- libcurl.3: mention the URL API
|
|
|
+- multi: do not switch off connect_only flag when closing
|
|
|
|
|
|
- To make it easier to find. Also a minor polish of libcurl-url.3
|
|
|
+ ... as it made protocol specific disconnect commands wrongly get used.
|
|
|
|
|
|
- Closes #7009
|
|
|
+ Bug: https://curl.se/mail/lib-2021-06/0024.html
|
|
|
+ Reported-by: Aleksander Mazur
|
|
|
+ Closes #7288
|
|
|
|
|
|
-- GnuTLS: don't allow TLS 1.3 for versions that don't support it
|
|
|
-
|
|
|
- Follow-up to 781864bedbc5
|
|
|
+- http: make the haproxy support work with unix domain sockets
|
|
|
|
|
|
- ... as they don't understand it and will return error at us!
|
|
|
+ ... it should then pass on "PROXY UNKNOWN" since it doesn't know the
|
|
|
+ involved IP addresses.
|
|
|
|
|
|
- Closes #7014
|
|
|
+ Reported-by: Valentín Gutiérrez
|
|
|
+ Fixes #7290
|
|
|
+ Closes #7291
|
|
|
|
|
|
-Kamil Dudka (6 May 2021)
|
|
|
-- tool_getparam: handle failure of curlx_convert_tchar_to_UTF8()
|
|
|
-
|
|
|
- Reported by GCC analyzer:
|
|
|
-
|
|
|
- Error: GCC_ANALYZER_WARNING (CWE-476):
|
|
|
- src/tool_getparam.c: scope_hint: In function 'parse_args'
|
|
|
- src/tool_getparam.c:2318:38: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'orig_opt'
|
|
|
- lib/curlx.h:56: included_from: Included from here.
|
|
|
- src/tool_getparam.c:28: included_from: Included from here.
|
|
|
- lib/curl_multibyte.h:70:51: note: in definition of macro 'curlx_convert_tchar_to_UTF8'
|
|
|
- src/tool_getparam.c:2316:16: note: in expansion of macro 'curlx_convert_tchar_to_UTF8'
|
|
|
+- [Xiang Xiao brought this change]
|
|
|
+
|
|
|
+ curl.h: include sys/select.h for NuttX RTOS
|
|
|
|
|
|
- Reviewed-by: Marcel Raad
|
|
|
- Reviewed-by: Daniel Stenberg
|
|
|
- Closes #7023
|
|
|
+ Closes #7287
|
|
|
|
|
|
-Daniel Stenberg (6 May 2021)
|
|
|
-- scripts/delta: also show total number of days
|
|
|
+- [Bin Meng brought this change]
|
|
|
|
|
|
-Marc Hoersken (5 May 2021)
|
|
|
-- sockfilt: fix invalid increment of handles index variable nfd
|
|
|
+ curl.h: remove the execution bit
|
|
|
|
|
|
- Only increment the array index if we actually stored a handle.
|
|
|
+ The execution bit of curl.h file was wrongly added:
|
|
|
|
|
|
- Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b
|
|
|
- Closes #6992
|
|
|
-
|
|
|
-- sockfilt: avoid getting stuck waiting for writable socket
|
|
|
+ commit 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
|
|
|
- Reset FD_WRITE event using the same approach as in multi.c
|
|
|
+ and should be removed.
|
|
|
|
|
|
- Follow up to b36442b24305f3cda7c13cc64b46838995a4985b
|
|
|
- Closes #6992
|
|
|
+ Follow-up to 2621025d6f96 ("curl.h: <sys/select.h> is supported by VxWorks7")
|
|
|
+ Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
|
|
|
+ Closes #7286
|
|
|
|
|
|
-Jay Satiro (5 May 2021)
|
|
|
-- test678: Fix for Windows multibyte builds
|
|
|
-
|
|
|
- Follow-up to 77fc385 from yesterday.
|
|
|
+- [Bin Lan brought this change]
|
|
|
+
|
|
|
+ curl.h: <sys/select.h> is supported by VxWorks7
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557
|
|
|
- Reported-by: Marc Hörsken
|
|
|
+ Closes #7285
|
|
|
|
|
|
-- [Dmitry Kostjuchenko brought this change]
|
|
|
+- [Bachue Zhou brought this change]
|
|
|
|
|
|
- build: fix compilation for Windows UWP platform
|
|
|
+ quiche: use send() instead of sendto() to avoid macOS issue
|
|
|
|
|
|
- - Include afunix.h which is necessary for sockaddr_un when
|
|
|
- USE_UNIX_SOCKETS is defined on Windows.
|
|
|
+ sendto() always returns "Socket is already connected" error on macos
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/7006
|
|
|
+ Closes #7260
|
|
|
|
|
|
-Daniel Stenberg (5 May 2021)
|
|
|
-- gnutls: make setting only the MAX TLS allowed version work
|
|
|
-
|
|
|
- Previously, settting only the max allowed TLS version, leaving the
|
|
|
- minimum one at default, didn't actually set it and left it to default
|
|
|
- (TLS 1.3) too!
|
|
|
-
|
|
|
- As a bonus, this change also removes the dead code handling of SSLv3
|
|
|
- since that version can't be set anymore (since eff614fb0242cb).
|
|
|
-
|
|
|
- Reported-by: Daniel Carpenter
|
|
|
- Fixes #6998
|
|
|
- Closes #7000
|
|
|
+- [Li Xinwei brought this change]
|
|
|
|
|
|
-- openldap: replace ldap_ prefix on private functions
|
|
|
+ cmake: fix support for UnixSockets feature on Win32
|
|
|
|
|
|
- Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
|
|
|
- least) there's a symbol collision because of that.
|
|
|
+ Move the definition of sockaddr_un struct from config-win32.h to
|
|
|
+ curl_setup.h, so that it could be shared by all build systems.
|
|
|
|
|
|
- The private functions now use the 'oldap_' prefix where it previously
|
|
|
- used 'ldap_'.
|
|
|
+ Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
|
|
|
+ unix sockets.
|
|
|
|
|
|
- Reported-by: 3eka on github
|
|
|
- Fixes #7004
|
|
|
- Closes #7005
|
|
|
-
|
|
|
-Jay Satiro (5 May 2021)
|
|
|
-- http2: fix potentially uninitialized variable
|
|
|
+ Also fix the build of tests/server/sws.c on Win32 when USE_UNIX_SOCKETS
|
|
|
+ is defined.
|
|
|
|
|
|
- introduced several days ago in 3193170. caught by visual studio linker.
|
|
|
+ Closes #7034
|
|
|
|
|
|
-- [Gilles Vollant brought this change]
|
|
|
+- [Gregory Muchka brought this change]
|
|
|
|
|
|
- SSL: support in-memory CA certs for some backends
|
|
|
-
|
|
|
- - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to
|
|
|
- specify in-memory PEM certificates for OpenSSL, Schannel (Windows)
|
|
|
- and Secure Transport (Apple) SSL backends.
|
|
|
+ hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies
|
|
|
|
|
|
- Prior to this change PEM certificates could only be imported from a file
|
|
|
- and not from memory.
|
|
|
+ From Apples documentation on SCDynamicStoreCopyProxies, "Return Value: A
|
|
|
+ dictionary of key-value pairs that represent the current internet proxy
|
|
|
+ settings, or NULL if no proxy settings have been defined or if an error
|
|
|
+ occurred. You must release the returned value."
|
|
|
|
|
|
- Co-authored-by: moparisthebest@users.noreply.github.com
|
|
|
+ Failure to release the returned value of SCDynamicStoreCopyProxies can
|
|
|
+ result in a memory leak.
|
|
|
|
|
|
- Ref: https://github.com/curl/curl/pull/4679
|
|
|
- Ref: https://github.com/curl/curl/pull/5677
|
|
|
- Ref: https://github.com/curl/curl/pull/6109
|
|
|
+ Source: https://developer.apple.com/documentation/systemconfiguration/1517088-scdynamicstorecopyproxies
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6662
|
|
|
+ Closes #7265
|
|
|
|
|
|
-Daniel Stenberg (4 May 2021)
|
|
|
-- [David Cook brought this change]
|
|
|
+- RELEASE-NOTES: synced
|
|
|
|
|
|
- tests: ignore case of chunked hex numbers in tests
|
|
|
-
|
|
|
- When hyper is used, it emits uppercase hexadecimal numbers for chunked
|
|
|
- encoding lengths. Without hyper, lowercase hexadecimal numbers are used.
|
|
|
- This change adds preprocessor statements to tests where this is an
|
|
|
- issue, and adapts the fixtures to match.
|
|
|
+Jay Satiro (21 Jun 2021)
|
|
|
+- vtls: fix warning due to function prototype mismatch
|
|
|
|
|
|
- Closes #6987
|
|
|
+ b09c8ee changed the function prototype. Caught by Visual Studio.
|
|
|
|
|
|
-- cmake: check for getppid and utimes
|
|
|
-
|
|
|
- ... as they're checked for in the configure script and are used by
|
|
|
- source code.
|
|
|
+- curl_multibyte: Remove local encoding fallbacks
|
|
|
|
|
|
- Removed checks for perror, setvbuf and strlcat since those defines are
|
|
|
- not checked for in source code.
|
|
|
+ - If the UTF-8 to UTF-16 conversion fails in Windows Unicode builds then
|
|
|
+ no longer fall back to assuming the string is in a local encoding.
|
|
|
|
|
|
- Bonus: removed HAVE_STRLCPY from a few config-*.h files since that
|
|
|
- symbol is not used in source code.
|
|
|
+ Background:
|
|
|
|
|
|
- Closes #6997
|
|
|
-
|
|
|
-- libtest: remove lib530.c
|
|
|
+ Some functions in Windows Unicode builds must convert UTF-8 to UTF-16 to
|
|
|
+ pass to the Windows CRT API wide-character functions since in Windows
|
|
|
+ UTF-8 is not a valid locale (or at least 99% of the time right now).
|
|
|
|
|
|
- Follow up from e50a877df when test 530 was removed. Since then this
|
|
|
- source file has not been used/needed.
|
|
|
+ Prior to this change if the Unicode encoding conversion failed then
|
|
|
+ libcurl would assume, for backwards compatibility with applications that
|
|
|
+ may have written their code for non-Unicode builds, attempt to convert
|
|
|
+ the string from local encoding to UTF-16.
|
|
|
|
|
|
- Closes #6999
|
|
|
-
|
|
|
-- FILEFORMAT: mention sectransp as a feature
|
|
|
+ That type of "best effort" could theoretically cause some type of
|
|
|
+ security or other problem if a string that was locally encoded was also
|
|
|
+ valid UTF-8, and therefore an unexpected UTF-8 to UTF-16 conversion
|
|
|
+ could occur.
|
|
|
|
|
|
- Been supported since at least 40259ca65
|
|
|
+ Ref: https://github.com/curl/curl/pull/7246
|
|
|
|
|
|
- Closes #7001
|
|
|
-
|
|
|
-- RELEASE-NOTES: synced
|
|
|
+ Closes https://github.com/curl/curl/pull/7257
|
|
|
|
|
|
-- libssh2: ignore timeout during disconnect
|
|
|
-
|
|
|
- ... to avoid memory leaks!
|
|
|
+Daniel Stenberg (20 Jun 2021)
|
|
|
+- curl_endian: remove the unused Curl_write64_le function
|
|
|
|
|
|
- libssh2 is tricky as we have to deal with the non-blockiness even in
|
|
|
- close and shutdown cases. In the cases when we shutdown after a timeout
|
|
|
- already expired, it is crucial that curl doen't let the timeout abort
|
|
|
- the shutdown process as that then leaks memory!
|
|
|
+ The last usage was removed in cca455a36
|
|
|
|
|
|
- Reported-by: Benjamin Riefenstahl
|
|
|
- Fixes #6990
|
|
|
-
|
|
|
-- KNOWN_BUGS: add two HTTP/2 bugs
|
|
|
+ Closes #7280
|
|
|
|
|
|
-- KNOWN_BUGS: add three HTTP/3 issues
|
|
|
+- vtls: only store TIMER_APPCONNECT for non-proxy connect
|
|
|
|
|
|
- ... and moved the HTTP/2 issues to its own section
|
|
|
+ Introducing a 'isproxy' argument to the connect function so that it
|
|
|
+ knows wether to store the time stamp or not.
|
|
|
|
|
|
- Closes #6606
|
|
|
- Closes #6510
|
|
|
- Closes #6494
|
|
|
-
|
|
|
-- [ejanchivdorj brought this change]
|
|
|
+ Reported-by: Yongkang Huang
|
|
|
+ Fixes #7274
|
|
|
+ Closes #7274
|
|
|
|
|
|
- CURLcode: add CURLE_SSL_CLIENTCERT
|
|
|
-
|
|
|
- When a TLS server requests a client certificate during handshake and
|
|
|
- none can be provided, libcurl now returns this new error code
|
|
|
- CURLE_SSL_CLIENTCERT
|
|
|
+- gnutls: set the preferred TLS versions in correct order
|
|
|
|
|
|
- Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.
|
|
|
+ Regression since 781864bedbc57 (curl 7.77.0)
|
|
|
|
|
|
- Closes #6721
|
|
|
+ Reported-by: civodul on github
|
|
|
+ Assisted-by: Nikos Mavrogiannopoulos
|
|
|
+ Fixes #7277
|
|
|
+ Closes #7278
|
|
|
|
|
|
-- [Tobias Gabriel brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- .github/FUNDING: add link to GitHub sponsors
|
|
|
+ configure/cmake: remove checks for unused gethostbyaddr and gethostbyaddr_r
|
|
|
|
|
|
- Closes #6985
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- krb5/name_to_level: replace checkprefix with curl_strequal
|
|
|
+ configure/cmake: remove checks for unused inet_ntoa and inet_ntoa_r
|
|
|
|
|
|
- Closes #6993
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- Curl_input_digest: require space after Digest
|
|
|
+ configure/cmake: remove unused define HAVE_PERROR
|
|
|
|
|
|
- Closes #6993
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- Curl_http_header: check for colon when matching Persistent-Auth
|
|
|
+ configure: remove unused check for gai_strerror
|
|
|
|
|
|
- Closes #6993
|
|
|
-
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
+ Closes #7276
|
|
|
|
|
|
- Curl_http_input_auth: require valid separator after negotiation type
|
|
|
-
|
|
|
- Closes #6993
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
-- http: fix the check for 'Authorization' with Bearer
|
|
|
-
|
|
|
- The code would wrongly check for it using an additional colon.
|
|
|
+ configure/cmake: remove unused define HAVE_FREEIFADDRS
|
|
|
|
|
|
- Reported-by: Blake Burkhart
|
|
|
- Closes #6988
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Kamil Dudka brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- http2: fix a resource leak in push_promise()
|
|
|
-
|
|
|
- ... detected by Coverity:
|
|
|
-
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:532: alloc_fn: Storage is returned from allocation function "duphandle".
|
|
|
- lib/http2.c:532: var_assign: Assigning: "newhandle" = storage returned from "duphandle(data)".
|
|
|
- lib/http2.c:552: noescape: Resource "newhandle" is not freed or pointed-to in "set_transfer_url".
|
|
|
- lib/http2.c:555: leaked_storage: Variable "newhandle" going out of scope leaks the storage it points to.
|
|
|
+ configure/cmake: remove unused define HAVE_FORK
|
|
|
|
|
|
- Closes #6986
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Kamil Dudka brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- http2: fix resource leaks in set_transfer_url()
|
|
|
-
|
|
|
- ... detected by Coverity:
|
|
|
-
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:486: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:488: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
-
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:493: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:495: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
-
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:500: noescape: Resource "u" is not freed or pointed-to in "curl_url_set". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:502: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
-
|
|
|
- Error: RESOURCE_LEAK (CWE-772):
|
|
|
- lib/http2.c:480: alloc_fn: Storage is returned from allocation function "curl_url". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:480: var_assign: Assigning: "u" = storage returned from "curl_url()".
|
|
|
- lib/http2.c:505: noescape: Resource "u" is not freed or pointed-to in "curl_url_get". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
|
- lib/http2.c:507: leaked_storage: Variable "u" going out of scope leaks the storage it points to.
|
|
|
+ configure/cmake: remove unused define HAVE_FDOPEN
|
|
|
|
|
|
- Closes #6986
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- rustls: use ALPN
|
|
|
-
|
|
|
- Update required rustls to 0.5.0
|
|
|
+ configure/cmake: remove checks for unused sgtty.h
|
|
|
|
|
|
- Closes #6960
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- gskit: fix CURL_DISABLE_PROXY build
|
|
|
-
|
|
|
- Removed localfd and remotefd from ssl_backend_data (ued only with proxy
|
|
|
- connection). Function pipe_ssloverssl return always 0, when proxy is not
|
|
|
- used.
|
|
|
+ configure/cmake: remove remaining checks for rsa.h
|
|
|
|
|
|
- Closes #6981
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Michał Antoniak brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- gskit: fix undefined reference to 'conn'
|
|
|
+ configure/cmake: remove remaining checks for err.h
|
|
|
|
|
|
- Closes #6980
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- tls: add USE_HTTP2 define
|
|
|
-
|
|
|
- This abstracts across the two HTTP/2 backends: nghttp2 and Hyper.
|
|
|
-
|
|
|
- Add our own define for the "h2" ALPN protocol, so TLS backends can use
|
|
|
- it without depending on a specific HTTP backend.
|
|
|
+ configure/cmake: remove remaining checks for crypto.h
|
|
|
|
|
|
- Closes #6959
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- [Gergely Nagy brought this change]
|
|
|
|
|
|
- lib: fix 0-length Curl_client_write calls
|
|
|
+ configure/cmake: remove checks for unused getservbyport_r
|
|
|
|
|
|
- Closes #6954
|
|
|
+ Closes #7276
|
|
|
|
|
|
-- [Jacob Hoffman-Andrews brought this change]
|
|
|
+- --socks4[a]: clarify where the host name is resolved
|
|
|
+
|
|
|
+ Closes #7273
|
|
|
|
|
|
- lib: remove strlen call from Curl_client_write
|
|
|
+- libcurl-security.3: mention file descriptors and forks
|
|
|
|
|
|
- At all call sites with an explicit 0 len, pass an appropriate nonzero
|
|
|
- len.
|
|
|
+ ... and move the security report section last.
|
|
|
|
|
|
- Closes #6954
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Closes #7270
|
|
|
|
|
|
-- [Ayushman Singh Chauhan brought this change]
|
|
|
+- [Alex Xu (Hello71) brought this change]
|
|
|
|
|
|
- docs: camelcase it like GitHub everywhere
|
|
|
+ configure.ac: make non-executable
|
|
|
|
|
|
- Closes #6979
|
|
|
-
|
|
|
-Jay Satiro (27 Apr 2021)
|
|
|
-- [Lucas Servén Marín brought this change]
|
|
|
+ it needs to be processed by autoconf or autoreconf, and doesn't have a
|
|
|
+ suitable shebang to be directly executed. other projects normally set
|
|
|
+ configure.ac -x.
|
|
|
+
|
|
|
+ Closes #7272
|
|
|
|
|
|
- docs: fix typo in fail-with-body doc
|
|
|
+- configure: do not strip out debug flags
|
|
|
|
|
|
- This commit fixes a small typo in the documentation for the
|
|
|
- --fail-with-body flag.
|
|
|
+ To allow users to set them when invoking configure without using
|
|
|
+ --with-debug.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6977
|
|
|
+ Reported-by: Alex Xu
|
|
|
+ Fixes #7216
|
|
|
+ Closes #7267
|
|
|
|
|
|
-- lib: fix some misuse of curlx_convert_UTF8_to_tchar
|
|
|
-
|
|
|
- curlx_convert_UTF8_to_tchar must be freed by curlx_unicodefree, but
|
|
|
- prior to this change some uses mistakenly called free.
|
|
|
+- libssh2: limit time a disconnect can take to 1 second
|
|
|
|
|
|
- I've reviewed all other uses of curlx_convert_UTF8_to_tchar and
|
|
|
- curlx_convert_tchar_to_UTF8.
|
|
|
+ Closes #7271
|
|
|
+
|
|
|
+- TLS: prevent shutdown loops to get stuck
|
|
|
|
|
|
- Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763
|
|
|
- Reported-by: sergio-nsk@users.noreply.github.com
|
|
|
+ ... by making sure the loops are only allowed to read the shutdown
|
|
|
+ traffic a limited number of times.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6938
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Closes #7271
|
|
|
|
|
|
-Daniel Stenberg (27 Apr 2021)
|
|
|
-- ntlm: precaution against super huge type2 offsets
|
|
|
+- hyper: propagate errors back up from read callbacks
|
|
|
|
|
|
- ... which otherwise caused an integer overflow and circumvented the if()
|
|
|
- conditional size check.
|
|
|
+ Makes test 513 work with hyper
|
|
|
|
|
|
- Detected by OSS-Fuzz
|
|
|
- Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
|
|
|
- Assisted-by: Max Dymond
|
|
|
- Closes #6975
|
|
|
-
|
|
|
-- c-hyper: fix unused variable ‘wrote’
|
|
|
+ Closes #7266
|
|
|
|
|
|
-- libcurl-security.3: be careful of setuid
|
|
|
+- KNOWN_BUGS: Negotiate on Windows fails
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #6970
|
|
|
-
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+ Closes #5881
|
|
|
|
|
|
- c-hyper: don't write to set.writeheader if null
|
|
|
+- KNOWN_BUGS: renames instead of locking for atomic operations
|
|
|
|
|
|
- Previously if a caller set CURLOPT_WRITEFUNCTION but did not set a
|
|
|
- CURLOPT_HEADERDATA buffer, Hyper would still attempt to write headers to
|
|
|
- the data->set.writeheader header buffer, even though it is null. This
|
|
|
- led to NPE segfaults attempting to use libcurl+Hyper with Git, for
|
|
|
- example.
|
|
|
+ Closes #6882
|
|
|
+ Closes #6884
|
|
|
+
|
|
|
+- zuul: add two missing CI jobs
|
|
|
|
|
|
- Instead, process the client write for the status line using the same
|
|
|
- logic we use to process the client write for the later HTTP headers,
|
|
|
- which contains the appropriate guard logic. As a side benefit,
|
|
|
- data->set.writeheader is now only read in one file instead of two.
|
|
|
+ ... that were configured, just not run
|
|
|
|
|
|
- Fixes #6619
|
|
|
- Fixes abetterinternet/crustls#49
|
|
|
- Fixes hyperium/hyper#2438
|
|
|
- Closes #6971
|
|
|
+ Closes #7261
|
|
|
|
|
|
-- wolfssl: handle SSL_write() returns 0 for error
|
|
|
+Viktor Szakats (15 Jun 2021)
|
|
|
+- idn: fix libidn2 with windows unicode builds
|
|
|
|
|
|
- Reported-by: Timo Lange
|
|
|
+ Unicode Windows builds use UTF-8 strings internally in libcurl,
|
|
|
+ so make sure to call the UTF-8 flavour of the libidn2 API. Also
|
|
|
+ document that Windows builds with libidn2 and UNICODE do expect
|
|
|
+ CURLOPT_URL as an UTF-8 string.
|
|
|
|
|
|
- Closes #6967
|
|
|
+ Reported-by: dEajL3kA on github
|
|
|
+ Assisted-by: Jay Satiro
|
|
|
+ Reviewed-by: Marcel Raad
|
|
|
+ Closes #7246
|
|
|
+ Fixes #7228
|
|
|
|
|
|
-- easy: ignore sigpipe in curl_easy_send
|
|
|
+Daniel Stenberg (15 Jun 2021)
|
|
|
+- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
|
|
|
|
|
|
- Closes #6965
|
|
|
-
|
|
|
-- sigpipe: ignore SIGPIPE when using wolfSSL as well
|
|
|
+ They were never officially allowed and slipped in only due to sloppy
|
|
|
+ parsing. Spaces (ascii 32) should be correctly encoded (to %20) before
|
|
|
+ being part of a URL.
|
|
|
|
|
|
- Closes #6966
|
|
|
-
|
|
|
-- libcurl-security.3: don't try to filter IPv4 hosts based on the URL
|
|
|
+ The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl
|
|
|
+ allow spaces.
|
|
|
|
|
|
- Closes #6942
|
|
|
-
|
|
|
-- [Harry Sintonen brought this change]
|
|
|
-
|
|
|
- nss_set_blocking: avoid static for sock_opt
|
|
|
+ Updated test 1560 to verify.
|
|
|
|
|
|
- Reviewed-by: Kamil Dudka
|
|
|
- Closes #6945
|
|
|
+ Closes #7073
|
|
|
|
|
|
- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- [Yusuke Nakamura brought this change]
|
|
|
-
|
|
|
- docs/HTTP3.md: fix nghttp2's HTTP/3 server port
|
|
|
-
|
|
|
- Port 8443 does not work now.
|
|
|
- Correct origin is in the quicwg's wiki.
|
|
|
- https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2
|
|
|
|
|
|
- Closes #6964
|
|
|
+ ... and bump to version 7.78.0 for the next planned release.
|
|
|
|
|
|
-- krb5: don't use 'static' to store PBSZ size response
|
|
|
+Jay Satiro (15 Jun 2021)
|
|
|
+- docs: Remove outdated curl tool limitation
|
|
|
|
|
|
- ... because it makes the knowledge and usage cross-transfer in funny and
|
|
|
- unexpected ways.
|
|
|
+ - Document that HTTP/2 multiplexing is supported by the curl tool when
|
|
|
+ parallel transfers are used.
|
|
|
|
|
|
- Reported-by: Harry Sintonen
|
|
|
- Closes #6963
|
|
|
-
|
|
|
-- [Kevin Burke brought this change]
|
|
|
+ Supported since 7.66.0 via --parallel, but the doc wasn't updated.
|
|
|
+
|
|
|
+ Closes https://github.com/curl/curl/pull/7259
|
|
|
|
|
|
- m4: add security frameworks on Mac when compiling rustls
|
|
|
+- http2: Clarify 'Using HTTP2' verbose message
|
|
|
|
|
|
- Previously compiling rustls on Mac would only complete if you also
|
|
|
- compiled the SecureTransport TLS backend, which curl would prefer to
|
|
|
- the Rust backend.
|
|
|
+ - Change phrasing from multi-use to multiplexing since the former may
|
|
|
+ not be as well understood.
|
|
|
|
|
|
- Appending these flags to LDFLAGS makes it possible to compile the
|
|
|
- Rustls backend on Mac without the SecureTransport backend, which means
|
|
|
- this patch will make it possible for Mac users to use the Rustls
|
|
|
- backend for TLS.
|
|
|
+ Before: * Using HTTP2, server supports multi-use
|
|
|
|
|
|
- Reviewed-by: Jacob Hoffman-Andrews
|
|
|
+ After: * Using HTTP2, server supports multiplexing
|
|
|
|
|
|
- Fixes #6955
|
|
|
- Cloes #6956
|
|
|
-
|
|
|
-- krb5: remove the unused 'overhead' function
|
|
|
+ Bug: https://github.com/curl/curl/discussions/7255
|
|
|
+ Reported-by: David Hu
|
|
|
|
|
|
- Closes #6947
|
|
|
-
|
|
|
-- [Johann150 brought this change]
|
|
|
+ Closes https://github.com/curl/curl/pull/7258
|
|
|
|
|
|
- curl_url_set.3: add memory management information
|
|
|
-
|
|
|
- wording taken from man page for CURLOPT_URL.3
|
|
|
+Daniel Stenberg (14 Jun 2021)
|
|
|
+- winbuild/README: VC should be set to 6 'or larger'
|
|
|
|
|
|
- As far as I can see, the URL part is either malloc'ed before due to
|
|
|
- encoding or it is strdup'ed.
|
|
|
+ Previously it listed all versions up to 15 (missing 16) but this new
|
|
|
+ phrasing is more open ended.
|
|
|
|
|
|
- Closes #6953
|
|
|
+ Reported-by: Hugh Macdonald
|
|
|
+ Fixes #7253
|
|
|
+ Closes #7254
|
|
|
|
|
|
- [Jacob Hoffman-Andrews brought this change]
|
|
|
|
|
|
- c-hpyer: fix handling of zero-byte chunk from hyper
|
|
|
+ rustls: remove native_roots fallback
|
|
|
|
|
|
- Closes #6951
|
|
|
-
|
|
|
-- CURLOPT_POSTFIELDS.3: clarify how it gets the size of the data
|
|
|
+ For the commandline tool, we expect to be passed
|
|
|
+ SSL_CONN_CONFIG(CAfile); for library use, the use should pass a set of
|
|
|
+ trusted roots (like in other TLS backends).
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-04/0085.html
|
|
|
- Closes #6943
|
|
|
-
|
|
|
-- [Ralph Langendam brought this change]
|
|
|
-
|
|
|
- cmake: make libcurl output filename configurable
|
|
|
+ This also removes a dependency on Security.framework when building on
|
|
|
+ macOS.
|
|
|
|
|
|
- Reviewed-by: Jakub Zakrzewski
|
|
|
- Closes #6933
|
|
|
-
|
|
|
-- [Patrick Monnerat brought this change]
|
|
|
+ Closes #7250
|
|
|
|
|
|
- vtls: reset ssl use flag upon negotiation failure
|
|
|
-
|
|
|
- Fixes the segfault in ldaps disconnect.
|
|
|
-
|
|
|
- Reported-by: Illarion Taev
|
|
|
- Fixes #6934
|
|
|
- Closes #6937
|
|
|
+- [Albin Vass brought this change]
|
|
|
|
|
|
-- configure: fix typo in TLS error message
|
|
|
+ travis: remove jobs that have migrated to zuul
|
|
|
|
|
|
- Reported-by: Pontus Lundkvist
|
|
|
-
|
|
|
-- README: link to the commercial support option
|
|
|
+ Closes #7245
|
|
|
|
|
|
-Jay Satiro (22 Apr 2021)
|
|
|
-- [Martin Halle brought this change]
|
|
|
+- [Mohammed Naser brought this change]
|
|
|
|
|
|
- version: add gsasl_version to curl_version_info_data
|
|
|
+ CI: add jobs using Zuul
|
|
|
|
|
|
- - Add gsasl_version string and bump to CURLVERSION_TENTH.
|
|
|
+ It also includes a few changes to get the builds going:
|
|
|
+ - Added autoconf to common dependencies
|
|
|
+ - Added automake to common dependencies
|
|
|
+ - Added libtool to common dependencies
|
|
|
+ - Added libssl-dev to common dependencies
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-04/0003.html
|
|
|
+ Co-authored-by: Albin Vass
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6843
|
|
|
-
|
|
|
-- [Morten Minde Neergaard brought this change]
|
|
|
+ Closes #7245
|
|
|
|
|
|
- schannel: Support strong crypto option
|
|
|
+- netrc: skip 'macdef' definitions
|
|
|
|
|
|
- - Support enabling strong crypto via optional user cipher list when
|
|
|
- USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
|
|
|
+ Add test 494 to verify
|
|
|
|
|
|
- MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
|
|
|
- weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
|
|
|
- versions that may be otherwise enabled for better interoperability."
|
|
|
+ Reported-by: Harry Sintonen
|
|
|
+ Fixes #7238
|
|
|
+ Closes #7244
|
|
|
+
|
|
|
+- multi: add scan-build-6 work-around in curl_multi_fdset
|
|
|
|
|
|
- Ref: https://curl.se/mail/lib-2021-02/0066.html
|
|
|
- Ref: https://curl.se/docs/manpage.html#--ciphers
|
|
|
- Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
|
|
|
- Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred
|
|
|
+ scan-build-6 otherwise warns, saying: warning: The left operand of '>='
|
|
|
+ is a garbage value otherwise, which is false.
|
|
|
|
|
|
- Closes https://github.com/curl/curl/pull/6734
|
|
|
-
|
|
|
-Daniel Stenberg (22 Apr 2021)
|
|
|
-- RELEASE-NOTES: synced
|
|
|
-
|
|
|
-- ci: adapt to configure requiring an explicit TLS choice
|
|
|
-
|
|
|
-- configure: split out each TLS library detector into its own function
|
|
|
+ Later scan-builds don't claim this on the same code.
|
|
|
|
|
|
- ... and put those functions in separate m4 files per TLS library.
|
|
|
+ Closes #7248
|
robot-contrib