]> git.ipfire.org Git - thirdparty/curl.git/log
thirdparty/curl.git
22 months agoctype: add ISUNRESERVED()
Daniel Stenberg [Tue, 12 Sep 2023 13:38:02 +0000 (15:38 +0200)] 
ctype: add ISUNRESERVED()

... and make Curl_isunreserved() use that macro instead of providing a
separate funtion for the purpose.

Closes #11840

22 months agoRELEASE-NOTES: syn ced curl-8_3_0
Daniel Stenberg [Wed, 13 Sep 2023 06:19:24 +0000 (08:19 +0200)] 
RELEASE-NOTES: syn ced

curl 8.3.0 release

22 months agoTHANKS: contributors from 8.3.0
Daniel Stenberg [Wed, 13 Sep 2023 06:19:24 +0000 (08:19 +0200)] 
THANKS: contributors from 8.3.0

22 months agocmake: set SIZEOF_LONG_LONG in curl_config.h
Thorsten Klein [Tue, 12 Sep 2023 10:37:08 +0000 (12:37 +0200)] 
cmake: set SIZEOF_LONG_LONG in curl_config.h

in order to support 32bit builds regarding wolfssl CTC_SETTINGS

Closes #11839

22 months agocurl_ngtcp2: fix error message
Jay Satiro [Tue, 12 Sep 2023 07:14:16 +0000 (03:14 -0400)] 
curl_ngtcp2: fix error message

22 months agohttp_aws_sigv4: handle no-value user header entries
Jay Satiro [Sat, 12 Aug 2023 19:06:08 +0000 (15:06 -0400)] 
http_aws_sigv4: handle no-value user header entries

- Handle user headers in format 'name:' and 'name;' with no value.

The former is used when the user wants to remove an internal libcurl
header and the latter is used when the user actually wants to send a
no-value header in the format 'name:' (note the semi-colon is converted
by libcurl to a colon).

Prior to this change the AWS header import code did not special case
either of those and the generated AWS SignedHeaders would be incorrect.

Reported-by: apparentorder@users.noreply.github.com
Ref: https://curl.se/docs/manpage.html#-H

Fixes https://github.com/curl/curl/issues/11664
Closes https://github.com/curl/curl/pull/11668

22 months agoCI: run pytest with the -v option
Dan Fandrich [Sat, 9 Sep 2023 20:35:58 +0000 (13:35 -0700)] 
CI: run pytest with the -v option

This lists of the test cases being run so it can be tracked over time.

Closes #11824

22 months agoHTTP3: the msquic backend is not functional
Daniel Stenberg [Mon, 11 Sep 2023 07:27:43 +0000 (09:27 +0200)] 
HTTP3: the msquic backend is not functional

I ask that we do not submit bugs for this backend just yet as we know it
does not fully work.

Closes #11831
Closes #11819

22 months agoaws_sigv4: the query canon code miscounted URL encoded input
Daniel Stenberg [Sun, 10 Sep 2023 21:47:38 +0000 (23:47 +0200)] 
aws_sigv4: the query canon code miscounted URL encoded input

Added some extra ampersands to test 439 to verify "blank" query parts

Follow-up to fc76a24c53b08cdf

Closes #11829

22 months agoquic: don't set SNI if hostname is an IP address
vvb2060 [Sun, 10 Sep 2023 19:50:10 +0000 (03:50 +0800)] 
quic: don't set SNI if hostname is an IP address

We already do this for TLS connections.

RFC 6066 says: Literal IPv4 and IPv6 addresses are not permitted in
"HostName".

Ref: https://www.rfc-editor.org/rfc/rfc6066#section-3

Fixes https://github.com/curl/curl/issues/11827
Closes https://github.com/curl/curl/pull/11828

22 months agoRELEASE-NOTES: synced
Daniel Stenberg [Sun, 10 Sep 2023 10:52:55 +0000 (12:52 +0200)] 
RELEASE-NOTES: synced

22 months agoconfigure: fix `HAVE_TIME_T_UNSIGNED` check
Benoit Pierre [Sun, 10 Sep 2023 04:26:14 +0000 (06:26 +0200)] 
configure: fix `HAVE_TIME_T_UNSIGNED` check

The syntax was incorrect (need a proper main body), and the test
condition was wrong (resulting in a signed `time_t` detected as
unsigned).

Closes #11825

22 months agoTHANKS-filter: pszlazak on github
Daniel Stenberg [Sat, 9 Sep 2023 21:48:12 +0000 (23:48 +0200)] 
THANKS-filter: pszlazak on github

22 months agoinclude.d: explain headers not printed with --fail before 7.75.0
pszlazak [Fri, 8 Sep 2023 15:55:11 +0000 (17:55 +0200)] 
include.d: explain headers not printed with --fail before 7.75.0

Prior to 7.75.0 response headers were not printed if -f/--fail was used
and an error was reported by server.  This was fixed in ab525c0
(precedes 7.75.0).

Closes #11822

22 months agohttp_aws_sigv4: skip the op if the query pair is zero bytes
Daniel Stenberg [Fri, 8 Sep 2023 16:13:14 +0000 (18:13 +0200)] 
http_aws_sigv4: skip the op if the query pair is zero bytes

Follow-up to fc76a24c53b08cdf

Spotted by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62175
Closes #11823

22 months agocmdline-docs: use present tense, not future
Daniel Stenberg [Fri, 8 Sep 2023 12:32:29 +0000 (14:32 +0200)] 
cmdline-docs: use present tense, not future

+ some smaller cleanups

Closes #11821

22 months agocmdline-docs: make sure to phrase it as "added in ...."
Daniel Stenberg [Fri, 8 Sep 2023 12:03:59 +0000 (14:03 +0200)] 
cmdline-docs: make sure to phrase it as "added in ...."

References to things that were added or changed in a specific version
should be specified as "(added in [version]) for two reasons:

1 - consistency

2 - to allow gen.pl to strip them out if deemed referring to too old
    versions

Closes #11821

22 months agodocs: mark --ssl-revoke-best-effort as Schannel specific
Jay Satiro [Tue, 29 Aug 2023 20:52:10 +0000 (16:52 -0400)] 
docs: mark --ssl-revoke-best-effort as Schannel specific

Closes https://github.com/curl/curl/pull/11760

22 months agoschannel: fix ordering of cert chain info
Nathan Moinvaziri [Tue, 8 Aug 2023 20:12:19 +0000 (13:12 -0700)] 
schannel: fix ordering of cert chain info

- Use CERT_CONTEXT's pbCertEncoded to determine chain order.

CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains
end-entity/server certificate in pbCertEncoded. We can use this pointer
to determine the order of certificates when enumerating hCertStore using
CertEnumCertificatesInStore.

This change is to help ensure that the ordering of the certificate chain
requested by the user via CURLINFO_CERTINFO has the same ordering on all
versions of Windows.

Prior to this change Schannel certificate order was reversed in 8986df80
but that was later reverted in f540a39b when it was discovered that
Windows 11 22H2 does the reversal on its own.

Ref: https://github.com/curl/curl/issues/9706

Closes https://github.com/curl/curl/pull/11632

22 months agodigest: Use hostname to generate spn instead of realm
Chris Talbot [Thu, 29 Jun 2023 16:27:48 +0000 (12:27 -0400)] 
digest: Use hostname to generate spn instead of realm

In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2

digest-uri-value should be serv-type "/" host , where host is:

      The DNS host name or IP address for the service requested.  The
      DNS host name must be the fully-qualified canonical name of the
      host. The DNS host name is the preferred form; see notes on server
      processing of the digest-uri.

Realm may not be the host, so we must specify the host explicitly.

Note this change only affects the non-SSPI digest code. The digest code
used by SSPI builds already uses the hostname to generate the spn.

Ref: https://github.com/curl/curl/issues/11369

Closes https://github.com/curl/curl/pull/11395

22 months agodocs: remove use of the word 'very'
Daniel Stenberg [Thu, 7 Sep 2023 17:53:49 +0000 (19:53 +0200)] 
docs: remove use of the word 'very'

It is mostly superfluous. proselint would complain.

Closes #11818

22 months agocurl_multi_remove_handle.3: clarify what happens with connection
Daniel Stenberg [Thu, 7 Sep 2023 16:08:57 +0000 (18:08 +0200)] 
curl_multi_remove_handle.3: clarify what happens with connection

Closes #11817

22 months agoRELEASE-NOTES: synced
Daniel Stenberg [Thu, 7 Sep 2023 16:24:49 +0000 (18:24 +0200)] 
RELEASE-NOTES: synced

22 months agotest439: verify query canonization for aws-sigv4
Daniel Stenberg [Thu, 7 Sep 2023 07:19:14 +0000 (09:19 +0200)] 
test439: verify query canonization for aws-sigv4

22 months agotool_operate: make aws-sigv4 not require TLS to be used
Daniel Stenberg [Thu, 7 Sep 2023 12:57:32 +0000 (14:57 +0200)] 
tool_operate: make aws-sigv4 not require TLS to be used

Maybe not used too often, but we want it for testing and it should work.

22 months agohttp_aws_sigv4: canonicalize the query
Daniel Stenberg [Wed, 6 Sep 2023 08:14:44 +0000 (10:14 +0200)] 
http_aws_sigv4: canonicalize the query

Percent encoding needs to be done using uppercase, and most
non-alphanumerical must be percent-encoded.

Fixes #11794
Reported-by: John Walker
Closes #11806

22 months agolib: add ability to disable auths individually
Wyatt O'Day [Thu, 20 Jul 2023 14:09:04 +0000 (10:09 -0400)] 
lib: add ability to disable auths individually

Both with configure and cmake

Closes #11490

22 months agongtcp2: fix handling of large requests
Stefan Eissing [Thu, 7 Sep 2023 12:51:44 +0000 (14:51 +0200)] 
ngtcp2: fix handling of large requests

- requests >64K are send in parts to the filter
- fix parsing of the request to assemble it correctly
  from several sends
- open a QUIC stream only when the complete request has
  been collected

Closes #11815

22 months agoopenssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
Stefan Eissing [Wed, 6 Sep 2023 06:35:42 +0000 (08:35 +0200)] 
openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before

- we delay loading the x509 store to shorten the handshake time.
  However an application callback installed via CURLOPT_SSL_CTX_FUNCTION
  may need to have the store loaded and try to manipulate it.
- load the x509 store before invoking the app callback

Fixes #11800
Reported-by: guoxinvmware on github
Cloes #11805

22 months agokrb5: fix "implicit conversion loses integer precision" warnings
Daniel Stenberg [Thu, 7 Sep 2023 11:52:30 +0000 (13:52 +0200)] 
krb5: fix "implicit conversion loses integer precision" warnings

conversions to/from enum and unsigned chars

Closes #11814

22 months agopytest: improvements
Stefan Eissing [Wed, 6 Sep 2023 08:03:37 +0000 (10:03 +0200)] 
pytest: improvements

- set CURL_CI for pytest runs in CI environments
- exclude timing sensitive tests from CI runs
- for failed results, list only the log and stat of
  the failed transfer

- fix type in http.c comment

Closes #11812

22 months agoCI: move on to ngtcp2 v0.19.1
Stefan Eissing [Wed, 6 Sep 2023 14:34:03 +0000 (16:34 +0200)] 
CI: move on to ngtcp2 v0.19.1

Closes #11809

22 months agoCI: run Circle macOS builds on x86 for now
Dan Fandrich [Wed, 6 Sep 2023 00:35:58 +0000 (17:35 -0700)] 
CI: run Circle macOS builds on x86 for now

The ARM machines aren't ready for us and requesting them now causes
warnings e-mails to be sent to some PR pushers.

Ref: #11771

22 months agohttp3: adjust cast for ngtcp2 v0.19.0
Viktor Szakats [Mon, 4 Sep 2023 23:36:06 +0000 (23:36 +0000)] 
http3: adjust cast for ngtcp2 v0.19.0

ngtcp2 v0.19.0 made size of `ecn` member of `ngtcp2_pkt_info`
an `uint8_t` (was: `uint32_t`). Adjust our local cast accordingly.

Fixes:
```
./curl/lib/vquic/curl_ngtcp2.c:1912:12: warning: implicit conversion loses integer precision: 'uint32_t' (aka 'unsigned int') to 'uint8_t' (aka 'unsigned char') [-Wimplicit-int-conversion]
  pi.ecn = (uint32_t)ecn;
         ~ ^~~~~~~~~~~~~
```

Also bump ngtcp2, nghttp3 and nghttp2 to their latest versions in our
docs and CI.

Ref: https://github.com/ngtcp2/ngtcp2/commit/80447281bbc94af53f8aa7a4cfc19175782894a3
Ref: https://github.com/ngtcp2/ngtcp2/pull/877
Closes #11798

22 months agohttp: fix sending of large requests
Stefan Eissing [Tue, 5 Sep 2023 11:44:13 +0000 (13:44 +0200)] 
http: fix sending of large requests

- refs #11342 where errors with git https interactions
  were observed
- problem was caused by 1st sends of size larger than 64KB
  which resulted in later retries of 64KB only
- limit sending of 1st block to 64KB
- adjust h2/h3 filters to cope with parsing the HTTP/1.1
  formatted request in chunks

- introducing Curl_nwrite() as companion to Curl_write()
  for the many cases where the sockindex is already known

Fixes #11342 (again)
Closes #11803

22 months agopytest: fix check for slow_network skips to only apply when intended
Stefan Eissing [Tue, 5 Sep 2023 07:10:00 +0000 (09:10 +0200)] 
pytest: fix check for slow_network skips to only apply when intended

Closes #11801

22 months agocurl_url_get/set.3: add missing semicolon in SYNOPSIS
Daniel Stenberg [Tue, 5 Sep 2023 09:30:53 +0000 (11:30 +0200)] 
curl_url_get/set.3: add missing semicolon in SYNOPSIS

22 months agoCURLOPT_URL.3: explain curl_url_set() uses the same parser
Daniel Stenberg [Tue, 5 Sep 2023 09:16:39 +0000 (11:16 +0200)] 
CURLOPT_URL.3: explain curl_url_set() uses the same parser

22 months agoCURLOPT_URL.3: add two URL API calls in the see-also section
Daniel Stenberg [Tue, 5 Sep 2023 08:34:19 +0000 (10:34 +0200)] 
CURLOPT_URL.3: add two URL API calls in the see-also section

22 months agoCI: add a 32-bit i686 Linux build 11799/head
Dan Fandrich [Tue, 5 Sep 2023 00:08:19 +0000 (17:08 -0700)] 
CI: add a 32-bit i686 Linux build

This is done by cross-compiling under regular x86_64 Linux.  Since the
kernel offers backwards compatibility, the binaries can be tested as
normal.

Closes #11799

22 months agotests: fix a type warning on 32-bit x86
Dan Fandrich [Tue, 5 Sep 2023 00:07:51 +0000 (17:07 -0700)] 
tests: fix a type warning on 32-bit x86

22 months agotests: delete stray `.orig` file
Viktor Szakats [Mon, 4 Sep 2023 18:53:51 +0000 (18:53 +0000)] 
tests: delete stray `.orig` file

Follow-up to 331b89a319d0067fa1e6441719307cfef9c7960f
Closes #11797

22 months agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 4 Sep 2023 20:29:06 +0000 (22:29 +0200)] 
RELEASE-NOTES: synced

22 months agolib: silence compiler warning in inet_ntop6
Viktor Szakats [Mon, 4 Sep 2023 00:29:48 +0000 (00:29 +0000)] 
lib: silence compiler warning in inet_ntop6

```
./curl/lib/inet_ntop.c:121:21: warning: possible misuse of comma operator here [-Wcomma]
        cur.base = i, cur.len = 1;
                    ^
./curl/lib/inet_ntop.c:121:9: note: cast expression to void to silence warning
        cur.base = i, cur.len = 1;
        ^~~~~~~~~~~~
        (void)(     )
```

Closes #11790

22 months agotransfer: also stop the sending on closed connection
Daniel Stenberg [Mon, 4 Sep 2023 12:14:32 +0000 (14:14 +0200)] 
transfer: also stop the sending on closed connection

Previously this cleared the receiving bit only but in some cases it is
also still sending (like a request-body) when disconnected and neither
direction can continue then.

Fixes #11769
Reported-by: Oleg Jukovec
Closes #11795

22 months agodocs: change `sub-domain` to `subdomain`
John Bampton [Mon, 4 Sep 2023 12:14:57 +0000 (22:14 +1000)] 
docs: change `sub-domain` to `subdomain`

https://en.wikipedia.org/wiki/Subdomain

Closes #11793

22 months agomulti: more efficient pollfd count for poll
Stefan Eissing [Mon, 4 Sep 2023 07:55:27 +0000 (09:55 +0200)] 
multi: more efficient pollfd count for poll

- do not use separate pollfds for sockets that have POLLIN+POLLOUT

Closes #11792

22 months agohttp2: polish things around POST
Stefan Eissing [Tue, 29 Aug 2023 11:08:35 +0000 (13:08 +0200)] 
http2: polish things around POST

- added test cases for various code paths
- fixed handling of blocked write when stream had
  been closed inbetween attempts
- re-enabled DEBUGASSERT on send with smaller data size

- in debug builds, environment variables can be set to simulate a slow
  network when sending data. cf-socket.c and vquic.c support
  * CURL_DBG_SOCK_WBLOCK: percentage of send() calls that should be
    answered with a EAGAIN. TCP/UNIX sockets.
    This is chosen randomly.
  * CURL_DBG_SOCK_WPARTIAL: percentage of data that shall be written
    to the network. TCP/UNIX sockets.
    Example: 80 means a send with 1000 bytes would only send 800
    This is applied to every send.
  * CURL_DBG_QUIC_WBLOCK: percentage of send() calls that should be
    answered with EAGAIN. QUIC only.
    This is chosen randomly.

Closes #11756

22 months agodocs: add curl_global_trace to some SEE ALSO sections
Daniel Stenberg [Mon, 4 Sep 2023 06:52:12 +0000 (08:52 +0200)] 
docs: add curl_global_trace to some SEE ALSO sections

Closes #11791

23 months agoos400: fix checksrc nits
Daniel Stenberg [Sun, 3 Sep 2023 16:07:45 +0000 (18:07 +0200)] 
os400: fix checksrc nits

Closes #11789

23 months agohyper: remove `hyptransfer->endtask`
Nicholas Nethercote [Fri, 1 Sep 2023 01:41:22 +0000 (11:41 +1000)] 
hyper: remove `hyptransfer->endtask`

`Curl_hyper_stream` needs to distinguish between two kinds of
`HYPER_TASK_EMPTY` tasks: (a) the `foreach` tasks it creates itself, and
(b) background tasks that hyper produces. It does this by recording the
address of any `foreach` task in `hyptransfer->endtask` before pushing
it into the executor, and then comparing that against the address of
tasks later polled out of the executor.

This works right now, but there is no guarantee from hyper that the
addresses are stable. `hyper_executor_push` says "The executor takes
ownership of the task, which should not be accessed again unless
returned back to the user with `hyper_executor_poll`". That wording is a
bit ambiguous but with my Rust programmer's hat on I read it as meaning
the task returned with `hyper_executor_poll` may be conceptually the
same as a task that was pushed, but that there are no other guarantees
and comparing addresses is a bad idea.

This commit instead uses `hyper_task_set_userdata` to mark the `foreach`
task with a `USERDATA_RESP_BODY` value which can then be checked for,
removing the need for `hyptransfer->endtask`. This makes the code look
more like that hyper C API examples, which use userdata for every task
and never look at task addresses.

Closes #11779

23 months agows: fix spelling mistakes in examples and tests
Dave Cottlehuber [Fri, 1 Sep 2023 14:47:41 +0000 (14:47 +0000)] 
ws: fix spelling mistakes in examples and tests

Closes #11784

23 months agotool_filetime: make -z work with file dates before 1970
Daniel Stenberg [Fri, 1 Sep 2023 21:46:22 +0000 (23:46 +0200)] 
tool_filetime: make -z work with file dates before 1970

Fixes #11785
Reported-by: Harry Sintonen
Closes #11786

23 months agobuild: fix portability of mancheck and checksrc targets
Dan Fandrich [Fri, 1 Sep 2023 21:51:32 +0000 (14:51 -0700)] 
build: fix portability of mancheck and checksrc targets

At least FreeBSD preserves cwd across makefile lines, so rules
consisting of more than one "cd X; do_something" must be explicitly run
in a subshell to avoid this. This problem caused the Cirrus FreeBSD
build to fail when parallel make jobs were enabled.

23 months agoCI: adjust labeler match patterns for new & obsolete files
Dan Fandrich [Fri, 1 Sep 2023 21:04:54 +0000 (14:04 -0700)] 
CI: adjust labeler match patterns for new & obsolete files

23 months agoconfigure: trust pkg-config when it's used for zlib
Dan Fandrich [Thu, 31 Aug 2023 23:06:02 +0000 (16:06 -0700)] 
configure: trust pkg-config when it's used for zlib

The library flags retrieved from pkg-config were later thrown out and
harded-coded, which negates the whole reason to use pkg-config.
Also, previously, the assumption was made that --libs-only-l and
--libs-only-L are the full decomposition of --libs, which is untrue and
would not allow linking against a static zlib. The new approach is
better in that it uses --libs, although only if --libs-only-l returns
nothing.

Bug: https://curl.se/mail/lib-2023-08/0081.html
Reported-by: Randall
Closes #11778

23 months agoCI/ngtcp2: clear wolfssl for when cache is ignored
Stefan Eissing [Fri, 1 Sep 2023 12:49:39 +0000 (14:49 +0200)] 
CI/ngtcp2: clear wolfssl for when cache is ignored

Closes #11783

23 months agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 1 Sep 2023 12:59:50 +0000 (14:59 +0200)] 
RELEASE-NOTES: synced

23 months agohyper: fix a progress upload counter bug
Nicholas Nethercote [Fri, 1 Sep 2023 04:55:47 +0000 (14:55 +1000)] 
hyper: fix a progress upload counter bug

`Curl_pgrsSetUploadCounter` should be a passed a total count, not an
increment.

This changes the failing diff for test 579 with hyper from this:
```
 Progress callback called with UL 0 out of 0[LF]
-Progress callback called with UL 8 out of 0[LF]
-Progress callback called with UL 16 out of 0[LF]
-Progress callback called with UL 26 out of 0[LF]
-Progress callback called with UL 61 out of 0[LF]
-Progress callback called with UL 66 out of 0[LF]
+Progress callback called with UL 29 out of 0[LF]
```
to this:
```
 Progress callback called with UL 0 out of 0[LF]
-Progress callback called with UL 8 out of 0[LF]
-Progress callback called with UL 16 out of 0[LF]
-Progress callback called with UL 26 out of 0[LF]
-Progress callback called with UL 61 out of 0[LF]
-Progress callback called with UL 66 out of 0[LF]
+Progress callback called with UL 40 out of 0[LF]
```
Presumably a step in the right direction.

Closes #11780

23 months agoawssiv4: avoid freeing the date pointer on error
Daniel Stenberg [Fri, 1 Sep 2023 08:35:40 +0000 (10:35 +0200)] 
awssiv4: avoid freeing the date pointer on error

Since it was not allocated, don't free it even if it was wrong syntax

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61908

Follow-up to b137634ba3adb

Closes #11782

23 months agoCI: ngtcp2-linux: use separate caches for tls libraries
Stefan Eissing [Fri, 1 Sep 2023 10:36:13 +0000 (12:36 +0200)] 
CI: ngtcp2-linux: use separate caches for tls libraries

allow ever changing master for wolfssl

Closes #11766

23 months agoreplace `master` as wolfssl-version with recent commit
Stefan Eissing [Fri, 1 Sep 2023 09:42:32 +0000 (11:42 +0200)] 
replace `master` as wolfssl-version with recent commit

23 months agowolfssl, use master again in CI
Stefan Eissing [Wed, 30 Aug 2023 09:51:17 +0000 (11:51 +0200)] 
wolfssl, use master again in CI

- with the shared session update fix landed in master, it
  is time to use that in our CI again

23 months agotests: fix formatting errors in `FILEFORMAT.md`.
Nicholas Nethercote [Thu, 31 Aug 2023 23:25:26 +0000 (09:25 +1000)] 
tests: fix formatting errors in `FILEFORMAT.md`.

Without the surrounding backticks, these tags get swallowed when the
markdown is rendered.

Closes #11777

23 months agocmake: add support for `CURL_DEFAULT_SSL_BACKEND`
Viktor Szakats [Thu, 31 Aug 2023 15:27:35 +0000 (15:27 +0000)] 
cmake: add support for `CURL_DEFAULT_SSL_BACKEND`

Allow overriding the default TLS backend via a CMake setting.

E.g.:
`cmake [...] -DCURL_DEFAULT_SSL_BACKEND=mbedtls`

Accepted values: bearssl, gnutls, mbedtls, openssl, rustls,
schannel, secure-transport, wolfssl

The passed string is baked into the curl/libcurl binaries.
The value is case-insensitive.

We added a similar option to autotools in 2017 via
c7170e20d0a18ec8a514b4daa53bcdbb4dcb3a05.

TODO: Convert to lowercase to improve reproducibility.

Closes #11774

23 months agosectransp: fix compiler warnings
Viktor Szakats [Thu, 31 Aug 2023 13:42:49 +0000 (13:42 +0000)] 
sectransp: fix compiler warnings

https://github.com/curl/curl-for-win/actions/runs/6037489221/job/16381860220#step:3:11046
```
/Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:2435:14: warning: unused variable 'success' [-Wunused-variable]
    OSStatus success;
             ^
/Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:3300:44: warning: unused parameter 'sha256len' [-Wunused-parameter]
                                    size_t sha256len)
                                           ^
```

Closes #11773

23 months agotidy-up: mostly whitespace nits
Viktor Szakats [Thu, 31 Aug 2023 13:28:49 +0000 (13:28 +0000)] 
tidy-up: mostly whitespace nits

- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add missing EOL at EOF.
- delete whitespace at EOL (except from expected test results).
- convert tabs to spaces.
- convert CRLF EOLs to LF in GHA yaml.
- text casing fixes in `./CMakeLists.txt`.
- fix a codespell typo in `packages/OS400/initscript.sh`.

Closes #11772

23 months agoCI: remove Windows builds from Cirrus, without replacement
Dan Fandrich [Thu, 31 Aug 2023 06:47:30 +0000 (23:47 -0700)] 
CI: remove Windows builds from Cirrus, without replacement

If we don't do this, all coverage on Cirrus will cease in a few days. By
removing the Windows builds, the FreeBSD one should still continue
as before. The Windows builds will need be moved to another service to
maintain test coverage.

Closes #11771

23 months agoCI: switch macOS ARM build from Cirrus to Circle CI
Dan Fandrich [Thu, 31 Aug 2023 00:58:27 +0000 (17:58 -0700)] 
CI: switch macOS ARM build from Cirrus to Circle CI

Cirrus is drastically reducing their free tier on Sept. 1, so they will
no longer perform all these builds for us. All but one build has been
moved, with the LibreSSL one being dropped because of linking problems
on Circle.

One important note about this change is that Circle CI is currently
directing all these builds to x86_64 hardware, despite them requesting
ARM. This is because ARM nodes are scheduled to be available on the
free tier only in December. This reduces our architectural diversity
until then but it should automatically come back once those machines are
enabled.

23 months agoCI: use the right variable for BSD make
Dan Fandrich [Thu, 31 Aug 2023 22:07:31 +0000 (15:07 -0700)] 
CI: use the right variable for BSD make

BSD uses MAKEFLAGS instead of MAKE_FLAGS so it wasn't doing parallel
builds before.

23 months agoCI: drop the FreeBSD 12.X build
Dan Fandrich [Wed, 30 Aug 2023 20:47:11 +0000 (13:47 -0700)] 
CI: drop the FreeBSD 12.X build

Cirrus' new free tier won't let us have many builds, so drop the
nonessential ones. The FreeBSD 13.X build will still give us the most
relevant FreeBSD coverage.

23 months agoCI: move the Alpine build from Cirrus to GHA
Dan Fandrich [Wed, 30 Aug 2023 20:45:40 +0000 (13:45 -0700)] 
CI: move the Alpine build from Cirrus to GHA

Cirrus is reducing their free tier to next to nothing, so we must move
builds elsewhere.

23 months agotest_07_upload.py: fix test_07_34 curl args
Stefan Eissing [Wed, 30 Aug 2023 09:18:17 +0000 (11:18 +0200)] 
test_07_upload.py: fix test_07_34 curl args

- Pass correct filename to --data-binary.

Prior to this change --data-binary was passed an incorrect filename due
to a missing separator in the arguments list. Since aacbeae7 curl will
error on incorrect filenames for POST.

Fixes https://github.com/curl/curl/issues/11761
Closes https://github.com/curl/curl/pull/11763

23 months agotests: document which tests fail due to hyper's lack of trailer support.
Nicholas Nethercote [Wed, 30 Aug 2023 08:50:41 +0000 (18:50 +1000)] 
tests: document which tests fail due to hyper's lack of trailer support.

Closes #11762

23 months agodocs: removing "pausing transfers" from HYPER.md.
Nicholas Nethercote [Wed, 30 Aug 2023 09:24:01 +0000 (19:24 +1000)] 
docs: removing "pausing transfers" from HYPER.md.

It's a reference to #8600, which was fixed by #9070.

Closes #11764

23 months agoos400: handle CURL_TEMP_PRINTF() while building bind source
Patrick Monnerat [Fri, 18 Aug 2023 23:45:00 +0000 (01:45 +0200)] 
os400: handle CURL_TEMP_PRINTF() while building bind source

Closes #11547

23 months agoos400: build test servers
Patrick Monnerat [Sat, 19 Aug 2023 06:28:39 +0000 (08:28 +0200)] 
os400: build test servers

Also fix a non-compliant main prototype in disabled.c.

Closes #11547

23 months agotests: fix compilation error for os400
Patrick Monnerat [Sun, 30 Jul 2023 17:10:31 +0000 (19:10 +0200)] 
tests: fix compilation error for os400

OS400 uses BSD 4.3 setsockopt() prototype by default: this does not
define parameter as const, resulting in an error if actual parameter is
const. Remove the const keyword from the actual parameter cast: this
works in all conditions, even if the formal parameter uses it.

Closes #11547

23 months agoos400: make programs and command name configurable
Patrick Monnerat [Sun, 30 Jul 2023 18:04:25 +0000 (20:04 +0200)] 
os400: make programs and command name configurable

Closes #11547

23 months agoos400: move build configuration parameters to a separate script
Patrick Monnerat [Sun, 30 Jul 2023 16:04:09 +0000 (18:04 +0200)] 
os400: move build configuration parameters to a separate script

They can then easily be overriden in a script named "config400.override"
that is not part of the distribution.

Closes #11547

23 months agoos400: implement CLI tool
Patrick Monnerat [Tue, 29 Aug 2023 11:32:39 +0000 (13:32 +0200)] 
os400: implement CLI tool

This is provided as a QADRT (ascii) program, a link to it in the IFS and
a minimal CL command.

Closes #11547

23 months agolib: fix aws-sigv4 having date header twice in some cases
Matthias Gatto [Mon, 28 Aug 2023 11:38:20 +0000 (13:38 +0200)] 
lib: fix aws-sigv4 having date header twice in some cases

When the user was providing the header X-XXX-Date, the header was
re-added during signature computation, and we had it twice in the
request.

Reported-by: apparentorder@users.noreply.github.com
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Fixes: https://github.com/curl/curl/issues/11738
Closes: https://github.com/curl/curl/pull/11754
23 months agomulti: remove 'processing: <url>' debug message
Jay Satiro [Wed, 30 Aug 2023 06:01:09 +0000 (02:01 -0400)] 
multi: remove 'processing: <url>' debug message

- Remove debug message added by e024d566.

Closes https://github.com/curl/curl/pull/11759

23 months agoftp: fix temp write of ipv6 address
Jay Satiro [Mon, 28 Aug 2023 07:09:18 +0000 (03:09 -0400)] 
ftp: fix temp write of ipv6 address

- During the check to differentiate between a port and IPv6 address
  without brackets, write the binary IPv6 address to an in6_addr.

Prior to this change the binary IPv6 address was erroneously written to
a sockaddr_in6 'sa6' when it should have been written to its in6_addr
member 'sin6_addr'. There's no fallout because no members of 'sa6' are
accessed before it is later overwritten.

Closes https://github.com/curl/curl/pull/11747

23 months agotool: change some fopen failures from warnings to errors
Jay Satiro [Sun, 20 Aug 2023 07:08:15 +0000 (03:08 -0400)] 
tool: change some fopen failures from warnings to errors

- Error on missing input file for --data, --data-binary,
  --data-urlencode, --header, --variable, --write-out.

Prior to this change if a user of the curl tool specified an input file
for one of the above options and that file could not be opened then it
would be treated as zero length data instead of an error. For example, a
POST using `--data @filenametypo` would cause a zero length POST which
is probably not what the user intended.

Closes https://github.com/curl/curl/pull/11677

23 months agohostip: fix typo
Jay Satiro [Tue, 29 Aug 2023 21:08:23 +0000 (17:08 -0400)] 
hostip: fix typo

23 months agotool: avoid including leading spaces in the Location hyperlink
Davide Masserut [Fri, 25 Aug 2023 16:41:10 +0000 (18:41 +0200)] 
tool: avoid including leading spaces in the Location hyperlink

Co-authored-by: Dan Fandrich <dan@coneharvesters.com>
Closes #11735

23 months agoSECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline
Daniel Stenberg [Tue, 29 Aug 2023 11:24:06 +0000 (13:24 +0200)] 
SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline

Closes #11757

23 months agoconnect: stop halving the remaining timeout when less than 600 ms left
Daniel Stenberg [Fri, 18 Aug 2023 11:41:16 +0000 (13:41 +0200)] 
connect: stop halving the remaining timeout when less than 600 ms left

When curl wants to connect to a host, it always has a TIMEOUT. The
maximum time it is allowed to spend until a connect is confirmed.

curl will try to connect to each of the IP adresses returned for the
host. Two loops, one for each IP family.

During the connect loop, while curl has more than one IP address left to
try within a single address family, curl has traditionally allowed (time
left/2) for *this* connect attempt. This, to not get stuck on the
initial addresses in case the timeout but still allow later addresses to
get attempted.

This has the downside that when users set a very short timeout and the
host has a large number of IP addresses, the effective result might be
that every attempt gets a little too short time.

This change stop doing the divided-by-two if the total time left is
below a threshold. This threshold is 600 milliseconds.

Closes #11693

23 months agoasyn-ares: reduce timeout to 2000ms
Daniel Stenberg [Mon, 28 Aug 2023 14:07:34 +0000 (16:07 +0200)] 
asyn-ares: reduce timeout to 2000ms

When UDP packets get lost this makes for slightly faster retries. This
lower timeout is used by @c-ares itself by default starting next
release.

Closes #11753

23 months agomisc: remove duplicate words
John Bampton [Sat, 26 Aug 2023 12:08:10 +0000 (22:08 +1000)] 
misc: remove duplicate words

Closes #11740

23 months agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 29 Aug 2023 08:27:05 +0000 (10:27 +0200)] 
RELEASE-NOTES: synced

23 months agowolfSSL: avoid the OpenSSL compat API when not needed
Daniel Stenberg [Mon, 28 Aug 2023 13:47:29 +0000 (15:47 +0200)] 
wolfSSL: avoid the OpenSSL compat API when not needed

... and instead call wolfSSL functions directly.

Closes #11752

23 months agolib: fix null ptr derefs and uninitialized vars (h2/h3)
Viktor Szakats [Fri, 25 Aug 2023 22:28:35 +0000 (22:28 +0000)] 
lib: fix null ptr derefs and uninitialized vars (h2/h3)

Fixing compiler warnings with gcc 13.2.0 in unity builds.

Assisted-by: Jay Satiro
Assisted-by: Stefan Eissing
Closes #11739

23 months agosecureserver.pl: fix stunnel version parsing
Jay Satiro [Wed, 23 Aug 2023 06:49:47 +0000 (02:49 -0400)] 
secureserver.pl: fix stunnel version parsing

- Allow the stunnel minor-version version part to be zero.

Prior to this change with the stunnel version scheme of <major>.<minor>
if either part was 0 then version parsing would fail, causing
secureserver.pl to fail with error "No stunnel", causing tests that use
the SSL protocol to be skipped. As a practical matter this bug can only
be caused by a minor-version part of 0, since the major-version part is
always greater than 0.

Closes https://github.com/curl/curl/pull/11722

23 months agosecureserver.pl: fix stunnel path quoting
Jay Satiro [Wed, 23 Aug 2023 07:37:43 +0000 (03:37 -0400)] 
secureserver.pl: fix stunnel path quoting

- Store the stunnel path in the private variable $stunnel unquoted and
  instead quote it in the command strings.

Prior to this change the quoted stunnel path was passed to perl's file
operators which cannot handle quoted paths. For example:

$stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\"";
if(-x $stunnel or -x "$stunnel")
# false even if path exists and is executable

Our other test scripts written in perl, unlike this one, use servers.pm
which has a global $stunnel variable with the path stored unquoted and
therefore those scripts don't have this problem.

Closes https://github.com/curl/curl/pull/11721

23 months agoaltsvc: accept and parse IPv6 addresses in response headers
Daniel Stenberg [Sat, 26 Aug 2023 22:06:02 +0000 (00:06 +0200)] 
altsvc: accept and parse IPv6 addresses in response headers

Store numerical IPv6 addresses in the alt-svc file with the brackets
present.

Verify with test 437 and 438

Fixes #11737
Reported-by: oliverpool on github
Closes #11743

23 months agolibtest: use curl_free() to free libcurl allocated data
Daniel Stenberg [Mon, 28 Aug 2023 06:29:15 +0000 (08:29 +0200)] 
libtest: use curl_free() to free libcurl allocated data

In several test programs. These mistakes are not detected or a problem
as long as memdebug.h is included, as that provides the debug wrappers
for all memory functions in the same style libcurl internals do it,
which makes curl_free and free effectively the same call.

Reported-by: Nicholas Nethercote
Closes #11746

23 months agodisable.d: explain --disable not implemented prior to 7.50.0
Jay Satiro [Tue, 22 Aug 2023 18:48:45 +0000 (14:48 -0400)] 
disable.d: explain --disable not implemented prior to 7.50.0

Option -q/--disable was added in 5.0 but only -q was actually
implemented. Later --disable was implemented in e200034 (precedes
7.49.0), but incorrectly, and fixed in 6dbc23c (precedes 7.50.0).

Reported-by: pszlazak@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/11710
Closes #11712

23 months agohyper: fix ownership problems
Nicholas Nethercote [Mon, 28 Aug 2023 04:35:08 +0000 (14:35 +1000)] 
hyper: fix ownership problems

Some of these changes come from comparing `Curl_http` and
`start_CONNECT`, which are similar, and adding things to them that are
present in one and missing in another.

The most important changes:
- In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the
  happy path.
- In `start_CONNECT`, add a missing `hyper_request_free` on the error
  path.
- In `bodysend`, add a missing `hyper_body_free` on an early-exit path.
- In `bodysend`, remove an unnecessary `hyper_body_free` on a different
  error path that would cause a double-free.
  https://docs.rs/hyper/latest/hyper/ffi/fn.hyper_request_set_body.html
  says of `hyper_request_set_body`: "This takes ownership of the
  hyper_body *, you must not use it or free it after setting it on the
  request." This is true even if `hyper_request_set_body` returns an
  error; I confirmed this by looking at the hyper source code.

Other changes are minor but make things slightly nicer.

Closes #11745