1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 06:55:02 -05:00
Commit Graph

26482 Commits

Author SHA1 Message Date
Daniel Stenberg
0611fded46
VERSIONS: refreshed
We always use the patch number these days: all releases are
"major.minor.patch"
2020-12-07 13:23:04 +01:00
Jakub Zakrzewski
cfea4f2f4d
cmake: don't use reserved target name 'test'
CMake up to 3.10 always reserves this name

Fixes #6257
Closes #6258
2020-12-07 10:33:35 +01:00
Daniel Stenberg
d9d0167278
openssl: make the OCSP verification verify the certificate id
CVE-2020-8286

Reported by anonymous

Bug: https://curl.se/docs/CVE-2020-8286.html
2020-12-07 09:27:10 +01:00
Daniel Stenberg
69a358f218
ftp: make wc_statemach loop instead of recurse
CVE-2020-8285

Fixes #6255
Bug: https://curl.se/docs/CVE-2020-8285.html
Reported-by: xnynx on github
2020-12-07 09:25:48 +01:00
Daniel Stenberg
ec9cc725d5
ftp: CURLOPT_FTP_SKIP_PASV_IP by default
The command line tool also independently sets --ftp-skip-pasv-ip by
default.

Ten test cases updated to adapt the modified --libcurl output.

Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284

Reported-by: Varnavas Papaioannou
2020-12-07 08:38:05 +01:00
Daniel Stenberg
abd846c374
urlapi: don't accept blank port number field without scheme
... as it makes the URL parser accept "very-long-hostname://" as a valid
host name and we don't want that. The parser now only accepts a blank
(no digits) after the colon if the URL starts with a scheme.

Reported-by: d4d on hackerone

Closes #6283
2020-12-07 00:50:49 +01:00
Daniel Stenberg
2260e0ebe6
Revert "multi: implement wait using winsock events"
This reverts commit d2a7d7c185.

This commit also reverts the subsequent follow-ups to that commit, which
were all done within windows #ifdefs that are removed in this
change. Marc helped me verify this.

Fixes #6146
Closes #6281
2020-12-06 22:40:38 +01:00
Klaus Crusius
2c0d721215
ftp: retry getpeername for FTP with TCP_FASTOPEN
In the case of TFO, the remote host name is not resolved at the
connetion time.

For FTP that has lead to missing hostname for the secondary connection.
Therefore the name resolution is done at the time, when FTP requires it.

Fixes #6252
Closes #6265
Closes #6282
2020-12-06 11:18:28 +01:00
Thomas Danielsson
7a6fdd503d
scripts/completion.pl: parse all opts
For tab-completion it may be preferable to include all the
available options.

Closes #6280
2020-12-05 17:41:46 +01:00
Daniel Stenberg
b2bde86bbb
RELEASE-NOTES: synced 2020-12-04 16:27:35 +01:00
Daniel Stenberg
1835cb916e
openssl: use OPENSSL_init_ssl() with >= 1.1.0
Reported-by: Kovalkov Dmitrii and Per Nilsson
Fixes #6254
Fixes #6256
Closes #6260
2020-12-03 22:30:38 +01:00
Daniel Stenberg
6703eb2f4c
SECURITY-PROCESS: disclose on hackerone
Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.

Closes #6275
2020-12-03 22:29:34 +01:00
Marc Hoersken
753a2c758a
tests/util.py: fix compatibility with Python 2
Backporting the Python 3 implementation of setStream
to ClosingFileHandler as a fallback within Python 2.

Reported-by: Jay Satiro

Fixes #6259
Closes #6270
2020-12-03 20:57:39 +01:00
Daniel Gustafsson
41b3b830f1 docs: fix typos and markup in ETag manpage sections
Reported-by: emanruse on github
Fixes #6273
2020-12-03 13:25:42 +01:00
Daniel Stenberg
26f682bcc4
quiche: close the connection
Reported-by: Junho Choi
Fixes #6213
Closes #6217
2020-12-02 22:50:39 +01:00
Jay Satiro
2d1df660bc ngtcp2: Fix build error due to symbol name change
- NGTCP2_CRYPTO_LEVEL_APP -> NGTCP2_CRYPTO_LEVEL_APPLICATION

ngtcp2/ngtcp2@76232e9 changed the name.

ngtcp2 master is required to build curl with http3 support.

Closes https://github.com/curl/curl/pull/6271
2020-12-02 16:06:57 -05:00
Klaus Crusius
d6bfbfadd3
cmake: check for linux/tcp.h
The HAVE_LINUX_TCP_H define was not set by cmake.

Closes #6252
2020-12-01 12:32:55 +01:00
Daniel Stenberg
221c9da9af
NEW-PROTOCOL: document what needs to be done to add one
Closes #6263
2020-12-01 10:18:46 +01:00
Daniel Stenberg
b6b535994e
splay: rename Curl_splayremovebyaddr to Curl_splayremove
... and remove the old unused proto for the old Curl_splayremove
version.

Closes #6269
2020-12-01 08:09:51 +01:00
Daniel Stenberg
2d4d012a49
openssl: free mem_buf in error path
To fix a memory-leak.

Closes #6267
2020-12-01 08:03:47 +01:00
Daniel Stenberg
0d75bf9ae9
openssl: remove #if 0 leftover
Follow-up to 4c9768565e (from Sep 2008)

Closes #6268
2020-11-30 19:59:12 +01:00
Daniel Stenberg
65d2f563fd
ntlm: avoid malloc(0) on zero length user and domain
... and simplify the too-long checks somewhat.

Detected by OSS-Fuzz

Closes #6264
2020-11-29 11:24:54 +01:00
Daniel Stenberg
732398561b
RELEASE-NOTES: synced 2020-11-28 23:21:00 +01:00
Marc Hoersken
227daceabe
tests/server/tftpd.c: close upload file in case of abort
Commit c353207 removed the closing right after do_tftp
which covered the case of abort. This handles that case.

Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Follow up to #6209
Closes #6234
2020-11-28 19:19:18 +01:00
Daiki Ueno
c7b02c5d68
ngtcp2: use the minimal version of QUIC supported by ngtcp2
Closes #6250
2020-11-26 23:31:56 +01:00
Daiki Ueno
ddd3eb99f8
ngtcp2: advertise h3 ALPN unconditionally
Closes #6250
2020-11-26 23:31:53 +01:00
Daiki Ueno
0cbd5d5c4f
vquic/ngtcp2.h: define local_addr as sockaddr_storage
This field needs to be wide enough to hold sockaddr_in6 when
connecting via IPv6.  Otherwise, ngtcp2_conn_read_pkt will drop the
packets because of the address mismatch:
  I00000022 [...] con ignore packet from unknown path

We can safely assume that struct sockaddr_storage is available, as it
is used in the public interface of ngtcp2.

Closes #6250
2020-11-26 23:31:42 +01:00
Daniel Stenberg
0b60d3685e
socks: check for DNS entries with the right port number
The resolve call is done with the right port number, but the subsequent
check used the wrong one, which then could find a previous resolve which
would return and leave the fresh resolve "incomplete" and leaking
memory.

Fixes #6247
Closes #6253
2020-11-26 22:29:34 +01:00
Daniel Stenberg
d6ced230fe curl_setup: USE_RESOLVE_ON_IPS is for Apple native resolver use
... so don't define it when instructed to use c-ares!
2020-11-26 17:26:59 +01:00
Daniel Stenberg
72ae6737e0 test506: make it not run in c-ares builds
As the asynch nature of it may trigger events in another order. A c-ares
upgrade made it break.

Reported-by: Marc Hörsken
Fixes #6247
2020-11-26 17:24:55 +01:00
Daniel Stenberg
082422b189 runtests: make 'c-ares' a "feature" to depend on
... also added to the docs.
2020-11-26 17:24:24 +01:00
Daniel Stenberg
fc813f80e1
tool_writeout: use off_t getinfo-types instead of doubles
Commit 3b80d3ca46 (June 2017) introduced getinfo replacement
variables that use curl_off_t instead of doubles. Switch the --write-out
function over to use them.

Closes #6248
2020-11-26 08:13:51 +01:00
Emil Engler
12cb7a1fe0
file: avoid duplicated code sequence
file_disconnect() is identical with file_do() except the function header
but as the arguments are unused anyway so why not just return file_do()
directly!

Reviewed-by: Daniel Stenberg
Closes #6249
2020-11-25 23:39:28 +01:00
Rikard Falkeborn
920f49a20b
infof/failf calls: fix format specifiers
Update a few format specifiers to match what is being printed.

Closes #6241
2020-11-24 13:18:41 +01:00
Daniel Stenberg
020aa0131b
docs/INTERNALS: remove reference to Curl_sendf()
The function has been removed from common usage. Also removed comment in
gopher.c that still referenced it.

Reported-by: Rikard Falkeborn
Fixes #6242
Closes #6243
2020-11-24 13:17:25 +01:00
Rikard Falkeborn
77b2f702c4
examples: update .gitignore
Add files that are generated by 'make examples' and remove some that
have been renamed.

The commits that renamed the programs are e9625c5bc6 (imap.c and
simplesmtp.c were renamed to imap-fetch.c and smtp-send.c) and
ad39e7ec01 (pop3slist.c and pop3s.c were renamed to pop3-list.c and
pop3-ssl.c).

Closes #6240
2020-11-23 23:09:33 +01:00
Daniel Stenberg
37cdc2a05c
asyn: use 'struct thread_data *' instead of 'void *'
To reduce use of types that can't be checked at compile time. Also
removes several typecasts.

... and rename the struct field from 'os_specific' to 'tdata'.

Closes #6239
Reviewed-by: Jay Satiro
2020-11-23 22:54:18 +01:00
Viktor Szakats
3e092adf67
Makefile.m32: add support for UNICODE builds
It requires the linker to support the `-municode` option.
This is available in more recent mingw-w64 releases.

Ref: https://gcc.gnu.org/onlinedocs/gcc/x86-Windows-Options.html
Ref: https://stackoverflow.com/questions/3571250/wwinmain-unicode-and-mingw/11706847#11706847

Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad

Closes #6228
2020-11-23 16:56:27 +00:00
Daniel Stenberg
a95a6ce6b8
urldata: remove 'void *protop' and create the union 'p'
... to avoid the use of 'void *' for the protocol specific structs done
per transfer.

Closes #6238
2020-11-23 16:16:16 +01:00
Daniel Stenberg
5c8849cede
winbuild: remove docs from Makefiles and refer to README.md
Reduce risk for conflicting docs and makes it to a single place to fix
and polish.

add these missing options to the readme:

ENABLE_OPENSSL_AUTO_LOAD_CONFIG and ENABLE_UNICODE

clarify ENABLE_SCHANNEL default varies

Fixes #6216
Closes #6227
Co-Authored-by: Jay Satiro
2020-11-22 23:02:25 +01:00
Daiki Ueno
898fca27cd
http3: use the master branch of GnuTLS for testing
Closes #6235
2020-11-22 16:40:05 +01:00
Daniel Stenberg
7fa6d5e383
KNOWN_BUGS: curl with wolfSSL lacks support for renegotiation
Closes #5839
2020-11-22 00:06:24 +01:00
Daniel Stenberg
10818dc7cb
KNOWN_BUGS: wakeup socket disconnect causes havoc
Closes #6132
Closes #6133
2020-11-22 00:01:29 +01:00
Daniel Stenberg
ca7fa376c1
RELEASE-NOTES: synced 2020-11-21 23:25:38 +01:00
Oliver Urbann
0d16a49c16
curl: add compatibility for Amiga and GCC 6.5
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.

Closes #6220
2020-11-20 23:36:51 +01:00
Marc Hoersken
c353207057
tests/server/tftpd.c: close upload file right after transfer
Make sure uploaded file is no longer locked after the
transfer while waiting for the final ACK to be handled.

Assisted-by: Daniel Stenberg

Bug: #6058
Closes #6209
2020-11-20 12:50:57 +01:00
Marc Hoersken
d18e9c580f
CI/cirrus: simplify logic for disabled tests
The OpenSSH server instance for the testsuite cannot
be started on FreeBSD, therefore the SFTP and SCP
tests are disabled right away from the beginning.

The previous OS version specific logic for SKIP_TESTS
is no longer needed/used and can therefore be removed.

Reviewed-by: Daniel Stenberg

Follow up to #6211
Closes #6229
2020-11-20 12:45:11 +01:00
Daniel Gustafsson
3ba04d5d88 mailmap: Daniel Hwang
Add Daniel Hwang to the mailmap to cover the alternative spelling
Daniel Lee Hwang which was used in one commit.

Closes #6230
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2020-11-20 11:05:46 +01:00
Daniel Gustafsson
3a8cdc82dc openssl: guard against OOM on context creation
EVP_MD_CTX_create will allocate memory for the context and returns
NULL in case the allocation fails. Make sure to catch any allocation
failures and exit early if so.

In passing, also move to EVP_DigestInit rather than EVP_DigestInit_ex
as the latter is intended for ENGINE selection which we don't do.

Closes #6224
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
2020-11-19 01:40:24 +01:00
Vincent Torri
ee38a725b9
cmake: use libcurl.rc in all Windows builds
Reviewed-by: Marcel Raad
Closes #6215
2020-11-19 14:43:31 +01:00