1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 12:05:06 -05:00
Commit Graph

27274 Commits

Author SHA1 Message Date
Daniel Stenberg
71da11a49d
test339: CRLFify better to work in hyper mode
Closes #7205
2021-06-07 23:13:47 +02:00
Daniel Stenberg
fc404d5873
travis: remove the hyper build 2021-06-07 17:31:14 +02:00
Daniel Stenberg
b28a88951d
GHA: add a linux-hyper job
Closes #7206
2021-06-07 17:31:07 +02:00
Daniel Stenberg
b26f1dc14f
test328: avoid a header-looking body to make hyper mode work
The test still works the same, just modified two bytes in the content.

Closes #7203
2021-06-07 13:26:27 +02:00
Daniel Stenberg
659ea56040
release-notes.pl: also spot common 'closes' typo 2021-06-07 11:16:58 +02:00
Daniel Stenberg
265b14d6b3
metalink: remove
Warning: this will make existing curl command lines that use metalink to
stop working.

Reasons for removal:

1. We've found several security problems and issues involving the
   metalink support in curl. The issues are not detailed here. When
   working on those, it become apparent to the team that several of the
   problems are due to the system design, metalink library API and what
   the metalink RFC says. They are very hard to fix on the curl side
   only.

2. The metalink usage with curl was only very briefly documented and was
   not following the "normal" curl usage pattern in several ways, making
   it surprising and non-intuitive which could lead to further security
   issues.

3. The metalink library was last updated 6 years ago and wasn't so
   active the years before that either. An unmaintained library means
   there's a security problem waiting to happen. This is probably reason
   enough.

4. Metalink requires an XML parsing library, which is complex code (even
   the smaller alternatives) and to this day often gets security
   updates.

5. Metalink is not a widely used curl feature. In the 2020 curl user
   survey, only 1.4% of the responders said that they'd are using it. In
   2021 that number was 1.2%. Searching the web also show very few
   traces of it being used, even with other tools.

6. The torrent format and associated technology clearly won for
   downloading large files from multiple sources in parallel.

Cloes #7176
2021-06-07 08:14:25 +02:00
Daniel Stenberg
9cf516adc6
docs/INSTALL: remove mentions of configure --with-darwin-ssl
... as it isn't supported since a while back.

Make configure fail with a warning if used.

Reported-by: Vadim Grinshpun
Bug: https://curl.se/mail/lib-2021-06/0008.html
Closes #7200
2021-06-06 23:55:32 +02:00
Daniel Stenberg
ace3d91fcd
RELEASE-NOTES: synced 2021-06-06 17:10:47 +02:00
Gregor Jasny
f777e752c6
cmake: Avoid leaking absolute paths into exported config
The `find_libarary` command resolves the library or framework
into an absolute path. In case of system frameworks which are
located within an Xcode-provided SDK this results in the Xcode
path and SDK version being part of the library path.

Because those library paths end up in the exported CMake config
importing curl will fail once the Xcode location or SDK version
changes:

```cmake
set_target_properties(CURL::libcurl PROPERTIES
  INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
  INTERFACE_LINK_LIBRARIES "lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB"
)
```

A work-around is to link against system-level frameworks with
`-framework XYZ`. In case of `SystemConfiguration` we might be able
to omit the lookup-check because we could assume the framework is
always present.

Closes #7152
2021-06-06 17:05:28 +02:00
Shikha Sharma
a0709f9951
http2_connisdead: handle trailing GOAWAY better
When checking the connection the input processing returns error
immediately, we now consider that a dead connnection.

Bug: https://curl.se/mail/lib-2021-06/0001.html
Closes #7192
2021-06-05 23:45:31 +02:00
Dmitry Karpov
4bd20889fc
ares: always store IPv6 addresses first
Trying dual-stack on some embedded platform, I noticed that quite
frequently (20%) libCurl starts from IPv4 regardless the Happy Eyeballs
timeout value.  After debugging this issue, I noticed that this happens
if c-ares resolver response for IPv6 family comes before IPv4 (which was
randomly happening in my tests).

In such cases, because libCurl puts the last resolver response on top of
the address list, when IPv4 resolver response comes after IPv6 one - the
IPv4 family starts the connection phase instead of IPv6 family.

The solution for this issue is to always put IPv6 addresses on top of
the address list, regardless the order of resolver responses.

Bug: https://curl.se/mail/lib-2021-06/0003.html

Closes #7188
2021-06-05 23:41:21 +02:00
Daniel Stenberg
0a51355556
Revert "Revert "socketpair: fix potential hangs""
This reverts commit 3e70c3430a.

Thus brings back the change from #7144 as was originally landed in
c769d1eab4

Closes #7144 (again)
2021-06-05 12:58:13 +02:00
Ebe Janchivdorj
68d388061c
schannel: move code out of SChannel_connect_step1
Reviewed-by: Marc Hoersken
Closes #7168
2021-06-04 23:16:55 +02:00
Daniel Stenberg
510e6e9a19
tests/data/Makefile.inc: error: trailing backslash on last line
Follow-up to d8dcb399b8
2021-06-04 16:52:34 +02:00
Daniel Stenberg
60e4267705
TODO: Support rate-limiting for MQTT 2021-06-04 15:57:02 +02:00
dmitrykos
e4662ad7dd
warnless: simplify type size handling
By using sizeof(T), existing defines and relying on the compiler to
define the required signed/unsigned mask.

Closes #7181
2021-06-04 15:08:10 +02:00
Gisle Vanem
1838925aac [Win32] Fix for USE_WATT32
My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()`
2021-06-04 14:31:11 +02:00
Alexis Vachette
d8dcb399b8
url: bad CURLOPT_CONNECT_TO syntax now returns error
Added test 3020 to verify

Closes #7183
2021-06-04 14:08:30 +02:00
Daniel Stenberg
4b3d8f3558
github: remove the cmake macOS gcc-8 jobs
They're too similar to the gcc-9 ones to be useful (and seems to not
work anymore).

Closes #7187
2021-06-04 08:30:26 +02:00
Daniel Stenberg
628ebd82b9
test269: disable for hyper
--ignore-content-length / CURLOPT_IGNORE_CONTENT_LENGTH doesn't work
with hyper.

Closes #7184
2021-06-03 23:11:11 +02:00
Daniel Stenberg
b193fd3bbd
runtests: enable 'hyper mode' only for HTTP tests
The 'hyper mode' makes line-ending checks work in the test suite for
when hyper is used. Now it also requires that HTTP or HTTPS are
mentioned as keywords to be enabled so that it doesn't wrongly adjusts
tests for other protocols.

This makes test 271 (TFTP) work again in hyper enabled builds.

Closes #7185
2021-06-03 23:08:47 +02:00
Alexis Vachette
cb39b4b7c4
hostip: bad CURLOPT_RESOLVE syntax now returns error
Added test 3019
Fixes #7170
Closes #7174
2021-06-03 13:53:18 +02:00
Daniel Gustafsson
002f976cdc cookies: fix typo and expand comment
Fix a typo in the sorting comment, and while in there elaborate slightly
on why creationtime can be used as a tiebreaker.
2021-06-03 13:02:09 +02:00
Daniel Gustafsson
9750bc97d8 cookies: remove unused header
Commit 1c1d9f1aff removed the last use
for the inet_pton.h headerfile, this removes the inclusion of the
header.

Closes: #7182
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-06-03 13:02:07 +02:00
Daniel Stenberg
3e70c3430a
Revert "socketpair: fix potential hangs"
This reverts commit c769d1eab4.

See #7144 for details
2021-06-03 12:12:16 +02:00
Paul Groke
c769d1eab4
socketpair: fix potential hangs
Fixes potential hang in accept by using select + non-blocking accept.

Fixes potential hang in peer check by replacing the send/recv check with
a getsockname/getpeername check.

Adds length check for returned sockaddr data.

Closes #7144
2021-06-03 10:03:31 +02:00
Daniel Stenberg
3c0f4622cd
runtests: parse data/Makefile.inc instead of using make
The warning about missing entries in that file then doesn't require that
the Makefile has been regenerated which was confusing.

The scan for the test num is a little more error prone than before
(since now it doesn't actually verify that it is legitimate Makefile
syntax), but I think it is good enough.

Closes #7177
2021-06-02 23:21:18 +02:00
Harry Sintonen
e4db6fb02c
filecheck: quietly remove test-place/*~
Closes #7179
2021-06-02 23:17:44 +02:00
Daniel Stenberg
6793332eba
CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
For options that pass in lists or strings that are subsequently parsed
and must be correct. This broadens the scope for the option previously
known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still
provided as a #define for existing applications.

Closes #7175
2021-06-02 23:03:55 +02:00
Daniel Stenberg
9dc0baf5c6
tests: fix Accept-Encoding strips to work with Hyper builds
The previous strip also removed the CR which turned problematic.

valgrind.supp: add zstd suppression using hyper

Reported-and-analyzed-by: Kevin Burke
Fixes #7169
Closes #7171
2021-06-02 22:59:33 +02:00
Daniel Stenberg
f7d1273cf9
github: timeout jobs on macOS after 90 minutes
Assisted-by: Marc Hoersken
Closes #7173
2021-06-02 16:00:42 +02:00
Harry Sintonen
8ccf75532b
mqtt: detect illegal and too large file size
Add test 3017 and 3018 to verify.
Closes #7166
2021-06-02 13:34:17 +02:00
theawless
4f209d8833
cmake: add CURL_DISABLE_NTLM option
Closes #7028
2021-06-02 08:55:00 +02:00
theawless
0e7638dbea
configure: add --disable-ntlm option
Closes #7028
2021-06-02 08:55:00 +02:00
theawless
ee8c4f766c
define: re-add CURL_DISABLE_NTLM and corresponding ifdefs
This flag will be further exposed by adding build options.

Reverts #6809
Closes #7028
2021-06-02 08:55:00 +02:00
Daniel Stenberg
68c71126f8
RELEASE-NOTES: synced 2021-06-02 08:18:08 +02:00
Viktor Szakats
f48aee35ad
travis: delete --enable-hsts option (it is the default now) [ci skip]
Reviewed-by: Daniel Stenberg
Closes #7167
2021-06-01 22:30:11 +00:00
Daniel Stenberg
e1fcaf571f
hostip: fix 3 coverity complaints
Follow-up to 1a0ebf6632

- Check the return code to Curl_inet_pton() in two instances, even
  though we know the input is valid so the functions won't fail.

- Clear the 'struct sockaddr_in' struct before use so that the
  'sin_zero' field isn't left uninitialized.

Detected by Coverity.
Assisted-by: Harry Sintonen
Closes #7163
2021-06-01 23:24:07 +02:00
Daniel Stenberg
83036d86af
c-hyper: fix NTLM on closed connection tested with test159
Closes #7154
2021-06-01 18:03:37 +02:00
Daniel Stenberg
dddad339e8
conncache: lowercase the hash key for better match
As host names are case insensitive, the use of case sensitive hashing
caused unnecesary cache misses and therefore lost performance. This
lowercases the hash key.

Reported-by: Harry Sintonen
Fixes #7159
Closes #7161
2021-06-01 17:55:35 +02:00
Daniel Stenberg
a2b1bbeef0
mbedtls: make mbedtls_strerror always work
If the function doesn't exist, provide a macro that just clears the
error message. Removes #ifdef uses from the code.

Closes #7162
2021-06-01 17:53:44 +02:00
Daniel Stenberg
c7b93a76ea
vtls: exit addsessionid if no cache is inited
Follow-up to b249592d29

Avoids NULL pointer derefs.

Closes #7165
2021-06-01 13:40:30 +02:00
Harry Sintonen
f1cd5004b0
Curl_ntlm_core_mk_nt_hash: fix OOM in error path
Closes #7164
2021-06-01 13:38:01 +02:00
Michael Kaufmann
b249592d29 ssl: read pending close notify alert before closing the connection
This avoids a TCP reset (RST) if the server initiates a connection
shutdown by sending an SSL close notify alert and then closes the TCP
connection.

For SSL connections, usually the server announces that it will close the
connection with an SSL close notify alert. curl should read this alert.
If curl does not read this alert and just closes the connection, some
operating systems close the TCP connection with an RST flag.

See RFC 1122, section 4.2.2.13

If curl reads the close notify alert, the TCP connection is closed
normally with a FIN flag.

The new code is similar to existing code in the "SSL shutdown" function:
try to read an alert (non-blocking), and ignore any read errors.

Closes #7095
2021-06-01 09:40:40 +02:00
Laurent Dufresne
8cc1fee5b9
setopt: fix incorrect comments
Closes #7157
2021-06-01 09:35:34 +02:00
Laurent Dufresne
05e0453050
mbedtls: add support for cert and key blob options
CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with
mbedtls backend, so the support was added.

Closes #7157
2021-06-01 09:35:17 +02:00
Gregor Jasny
e5dfc88eb8
cmake: try well-known send/recv signature for Apple
The CMake `try_compile` command is especially slow for
the Xcode generator. With this patch applied it first tests
for the currently used (and Open Group specified) send/recv
signature. In case this fails testing falls-back to the
permutations.

speed-up:

```
time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
before: 11.64s user 11.09s system 55% cpu 40.754 total
after:   7.84s user 6.57s  system 51% cpu 28.074 total
```

```
time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
before: 217.07s user 104.15s system 60% cpu 8:51.79 total
after:  108.76s user  51.80s system 58% cpu 4:32.58 total
```

Closes #7158
2021-06-01 08:44:07 +02:00
Daniel Stenberg
ef1a917a11
http2: init recvbuf struct for pushed streams
Debug builds would warn that these structs were not initialized properly
for pushed streams.

Ref: #7148
Closes #7153
2021-05-31 20:41:51 +02:00
Daniel Stenberg
894c74738f
Curl_ssl_getsessionid: fail if no session cache exists
This function might get called for an easy handle for which the session
cache hasn't been setup. It now just returns a "miss" in that case.

Reported-by: Christoph M. Becker
Fixes #7148
Closes #7153
2021-05-31 20:41:40 +02:00
Daniel Stenberg
5e1e4dbf1e
GOVERNANCE: add 'user', 'committer' and 'contributor'
As those are commonly used terms in the project.

Closes #7151
2021-05-31 15:42:39 +02:00