diff options
| author | shadchin <shadchin@yandex-team.ru> | 2022-04-13 20:13:40 +0300 |
|---|---|---|
| committer | shadchin <shadchin@yandex-team.ru> | 2022-04-13 20:13:40 +0300 |
| commit | ad92d4ea3ed939dee26114e765dc7e60eb99349e (patch) | |
| tree | c9f920ed0d65fca79b89e5e1504808d7b265d49b | |
| parent | f9c8ebd5329f4efcc759fde08d0540f55d9f7acc (diff) | |
| download | ydb-ad92d4ea3ed939dee26114e765dc7e60eb99349e.tar.gz | |
CONTRIB-2513 Update contrib/libs/curl to 7.80.0
ref:9f073731f38021df100328c1b343280bf6632e23
70 files changed, 3476 insertions, 2385 deletions
diff --git a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report index d5d9226448..6fbba89316 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report +++ b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report @@ -33,7 +33,7 @@ KEEP COPYRIGHT_SERVICE_LABEL 01785bd64237dea815d6d9ed22d8812c BELONGS ya.make License text: * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL Score : 100.00 @@ -206,6 +206,7 @@ BELONGS ya.make lib/sendf.c [8:8] lib/sendf.h [10:10] lib/setopt.c [8:8] + lib/setup-win32.h [10:10] lib/share.c [8:8] lib/share.h [10:10] lib/sigpipe.h [10:10] @@ -474,7 +475,6 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: include/curl/options.h [10:10] - lib/curl_sha256.h [10:11] KEEP COPYRIGHT_SERVICE_LABEL 520dfafb050652350468b32c3d62b5cd BELONGS ya.make @@ -649,7 +649,6 @@ BELONGS ya.make lib/psl.h [10:10] lib/rand.h [10:10] lib/setopt.h [10:10] - lib/setup-win32.h [10:10] lib/slist.c [8:8] lib/slist.h [10:10] lib/sockaddr.h [10:10] @@ -705,6 +704,17 @@ BELONGS ya.make lib/socketpair.h [10:10] lib/vssh/wolfssh.c [8:8] +KEEP COPYRIGHT_SERVICE_LABEL 90cdf298ce2c585659435307b15f1c38 +BELONGS ya.make + License text: + * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>. + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/curl_des.c [8:8] + KEEP COPYRIGHT_SERVICE_LABEL 90ce0ec9551a9d561300240060256dff BELONGS ya.make License text: @@ -749,7 +759,6 @@ BELONGS ya.make Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/curl_des.c [8:8] lib/curl_des.h [10:10] KEEP COPYRIGHT_SERVICE_LABEL 9d962b7054a48ee0efeaca166b582707 @@ -774,7 +783,6 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: lib/system_win32.h [10:10] - lib/version_win32.c [8:8] lib/version_win32.h [10:10] KEEP COPYRIGHT_SERVICE_LABEL a708a3265e6d737aa48aa8db4c364178 @@ -954,6 +962,7 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: lib/system_win32.c [8:8] + lib/version_win32.c [8:8] KEEP COPYRIGHT_SERVICE_LABEL e0d1701a5a15c429dd6d54ccbadea738 BELONGS ya.make @@ -997,8 +1006,8 @@ BELONGS ya.make Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/md4.c [217:222] - lib/md5.c [205:210] + lib/md4.c [226:231] + lib/md5.c [220:225] KEEP COPYRIGHT_SERVICE_LABEL f5681c9f9526985592061799304792ee BELONGS ya.make @@ -1021,6 +1030,7 @@ BELONGS ya.make Match type : COPYRIGHT Files with this license: include/curl/urlapi.h [10:10] + lib/curl_sha256.h [10:11] lib/doh.c [8:8] lib/doh.h [10:10] lib/sha256.c [8:9] diff --git a/contrib/libs/curl/.yandex_meta/devtools.licenses.report b/contrib/libs/curl/.yandex_meta/devtools.licenses.report index d695db4a5a..97e2f94794 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.licenses.report +++ b/contrib/libs/curl/.yandex_meta/devtools.licenses.report @@ -38,14 +38,14 @@ BELONGS ya.make Match type : NOTICE Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/md5.c [200:217] + lib/md5.c [215:232] Scancode info: Original SPDX id: LicenseRef-scancode-other-permissive Score : 98.04 Match type : NOTICE Links : https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/other-permissive.LICENSE Files with this license: - lib/md5.c [200:217] + lib/md5.c [215:232] KEEP Public-Domain 18ed429b519e9abeeb3f768979574386 BELONGS ya.make @@ -56,14 +56,14 @@ BELONGS ya.make Match type : NOTICE Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/md4.c [212:229] + lib/md4.c [221:238] Scancode info: Original SPDX id: LicenseRef-scancode-other-permissive Score : 97.06 Match type : NOTICE Links : https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/other-permissive.LICENSE Files with this license: - lib/md4.c [212:229] + lib/md4.c [221:238] KEEP curl 22ab1475a8e38f13b0b81e2e769b5d69 BELONGS ya.make @@ -437,7 +437,7 @@ BELONGS ya.make Match type : TEXT Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/sha256.c [215:216] + lib/sha256.c [251:252] KEEP ISC e6a382fc7564fdd1a5e46b2d97b3221f BELONGS ya.make diff --git a/contrib/libs/curl/.yandex_meta/licenses.list.txt b/contrib/libs/curl/.yandex_meta/licenses.list.txt index 5170c6d07c..37016499ed 100644 --- a/contrib/libs/curl/.yandex_meta/licenses.list.txt +++ b/contrib/libs/curl/.yandex_meta/licenses.list.txt @@ -172,6 +172,10 @@ ====================COPYRIGHT==================== + * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>. + + +====================COPYRIGHT==================== * Copyright (C) 2016 - 2020, Steve Holme, <steve_holme@hotmail.com>. @@ -195,7 +199,7 @@ ====================COPYRIGHT==================== * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. ====================COPYRIGHT==================== diff --git a/contrib/libs/curl/CHANGES b/contrib/libs/curl/CHANGES index 7bf4a9cae1..f77f0a9e13 100644 --- a/contrib/libs/curl/CHANGES +++ b/contrib/libs/curl/CHANGES @@ -6,6 +6,1625 @@ Changelog +Version 7.80.0 (10 Nov 2021) + +Daniel Stenberg (10 Nov 2021) +- RELEASE-NOTES: synced + + for curl 7.80.0 + +- THANKS: add contributors from the 7.80.0 cycle + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: advertise h3 as well as h3-29 + + Advertise h3 as well as h3-29 since some servers out there require h3 + for QUIC v1. + + Closes #7979 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: use QUIC v1 consistently + + Since we switched to v1 quic_transport_parameters codepoint in #7960 + with quictls, lets use QUIC v1 consistently. + + Closes #7979 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: compile with the latest nghttp3 + + Closes #7978 + +Marc Hoersken (9 Nov 2021) +- tests: add Schannel-specific tests and disable unsupported ones + + Adds Schannel variants of SSLpinning tests that include the option + --ssl-revoke-best-effort to ignore certificate revocation check + failures which is required due to our custom test CA certificate. + + Disable the original variants if the Schannel backend is enabled. + + Also skip all IDN tests which are broken while using an msys shell. + + This is a step to simplify test exclusions for Windows and MinGW. + + Reviewed-by: Jay Satiro + Reviewed-by: Marcel Raad + Reviewed-by: Daniel Stenberg + Closes #7968 + +Daniel Stenberg (8 Nov 2021) +- docs: NAME fixes in easy option man pages + + Closes #7975 + +- [Roger Young brought this change] + + ftp: make the MKD retry to retry once per directory + + Reported-by: Roger Young + Fixes #7967 + Closes #7976 + +- tool_operate: reorder code to avoid compiler warning + + tool_operate.c(889) : warning C4701: potentially uninitialized local + variable 'per' use + + Follow-up to cc71d352651a0d95 + Reported-by: Marc Hörsken + Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676 + Closes #7971 + +- curl_easy_perform.3: add a para about recv and send data + + Reported-by: Godwin Stewart + Fixes #7973 + Closes #7974 + +- tool_operate: fclose stream only if fopened + + Fixes torture test failures + Follow-up to cc71d352651 + + Closes #7972 + +- libcurl-easy.3: language polish + +- limit-rate.d: this is average over several seconds + + Closes #7970 + +- docs: reduce/avoid English contractions + + You're => You are + Hasn't => Has not + Doesn't => Does not + Don't => Do not + You'll => You will + etc + + Closes #7930 + +- tool_operate: fix torture leaks with etags + + Spotted by torture testing 343 344 345 347. + + Follow-up from cc71d352651a0 + Pointed-out-by: Dan Fandrich + + Closes #7969 + +- [Amaury Denoyelle brought this change] + + ngtcp2: support latest QUIC TLS RFC9001 + + QUIC Transport Parameters Extension has been changed between draft-29 + and latest RFC9001. Most notably, its identifier has been updated from + 0xffa5 to 0x0039. The version is selected through the QUIC TLS library + via the legacy codepoint. + + Disable the usage of legacy codepoint in curl to switch to latest + RFC9001. This is required to be able to keep up with latest QUIC + implementations. + + Acked-by: Tatsuhiro Tsujikawa + Closes #7960 + +- test1173: make manpage-syntax.pl spot \n errors in examples + +- man pages: fix backslash-n in examples + + ... to be proper backslash-backslash-n sequences to render nicely in man + and on website. + + Follow-up to 24155569d8a + Reported-by: Sergey Markelov + + Fixes https://github.com/curl/curl-www/issues/163 + Closes #7962 + +- scripts/release-notes.pl: use out of repo links verbatim in refs + +- tool_operate: a failed etag save now only fails that transfer + + When failing to create the output file for saving an etag, only fail + that particular single transfer and allow others to follow. + + In a serial transfer setup, if no transfer at all is done due to them + all being skipped because of this error, curl will output an error + message and return exit code 26. + + Added test 369 and 370 to verify. + + Reported-by: Earnestly on github + Ref: #7942 + Closes #7945 + +- [Kevin Burke brought this change] + + .github: retry macos "brew install" command on failure + + Previously we saw errors attempting to run "brew install", see + https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for + an example, since this command is idempotent, it is safe to run again. + + Closes #7955 + +- CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred + + Ref: https://github.com/curl/curl/discussions/7954 + + Closes #7957 + +- RELEASE-NOTES: synced + +- zuul: pin the quiche build to use an older cmake-rs + + The latest cmake-rs assumes cmake's --parallel works. That was added in + cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only + has cmake 3.10. + + Fixes #7927 + Closes #7952 + +- [Marc Hoersken brought this change] + + Revert "src/tool_filetime: disable -Wformat on mingw for this file" + + This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f. + + Follow up to #6535 as the pragma is obsolete with warnf + + Closes #7941 + +Jay Satiro (2 Nov 2021) +- schannel: fix memory leak due to failed SSL connection + + - Call schannel_shutdown if the SSL connection fails. + + Prior to this change schannel_shutdown (which shuts down the SSL + connection as well as memory cleanup) was not called when the SSL + connection failed (eg due to failed handshake). + + Co-authored-by: Gisle Vanem + + Fixes https://github.com/curl/curl/issues/7877 + Closes https://github.com/curl/curl/pull/7878 + +Daniel Stenberg (2 Nov 2021) +- Curl_updateconninfo: store addresses for QUIC connections too + + So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP + versions. + + Reported-by: Jerome Mao + Fixes #7939 + Closes #7944 + +- [Sergio Durigan Junior brought this change] + + curl.1: fix typos in the manpage + + s/transfering/transferring/ + s/transfered/transferred/ + + Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net> + Closes #7937 + +Marc Hoersken (1 Nov 2021) +- tests/smbserver.py: fix compatibility with impacket 0.9.23+ + + impacket now performs sanity checks if the requested and to + be served file path actually is inside the real share path. + + Ref: https://github.com/SecureAuthCorp/impacket/pull/1066 + + Fixes #7924 + Closes #7935 + +Daniel Stenberg (1 Nov 2021) +- docs: reduce use of "very" + + "Very" should be avoided in most texts. If intensifiers are needed, try + find better words instead. + + Closes #7936 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: specify the missing required callback functions + + Closes #7929 + +- CURLOPT_[PROXY]_SSL_CIPHER_LIST.3: bold instead of quote + + Bold the example ciphers instead of using single quotes, which then also + avoids the problem of how to use single quotes when first in a line. + + Also rephrased the pages a little. + + Reported-by: Sergio Durigan Junior + Ref: #7928 + Closes #7934 + +- gen.pl: replace leading single quotes with \(aq + + ... and allow single quotes to be used "normally" in the .d files. + + Makes the output curl.1 use better nroff. + + Reported-by: Sergio Durigan Junior + Ref: #7928 + Closes #7933 + +Marc Hoersken (1 Nov 2021) +- tests: kill some test servers afterwards to avoid locked logfiles + + Reviewed-by: Daniel Stenberg + Closes #7925 + +Daniel Stenberg (1 Nov 2021) +- smooth-gtk-thread.c: enhance the mutex lock use + + Reported-by: ryancaicse on github + Fixes #7926 + Closes #7931 + +Marc Hoersken (31 Oct 2021) +- CI/runtests.pl: restore -u flag, but remove it from CI runs + + This makes it possible to use -u again for local testing, + but removes the flag from CI config files and make targets. + + Reviewed-by: Daniel Stenberg + + Partially reverts #7841 + Closes #7921 + +Daniel Stenberg (29 Oct 2021) +- [Jonathan Cardoso Machado brought this change] + + CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required + + Closes #7923 + +- [Axel Morawietz brought this change] + + imap: display quota information + + Show response to "GETQUOTAROOT INBOX" command. + + Closes #6973 + +- RELEASE-NOTES: synced + +- [Boris Rasin brought this change] + + cmake: fix error getting LOCATION property on non-imported target + + Closes #7885 + +- [x2018 brought this change] + + url: check the return value of curl_url() + + Closes #7917 + +- [Roy Li brought this change] + + configure.ac: replace krb5-config with pkg-config + + The rationale is that custom *-config tools don't work well when + cross-compiling or using sysroots (such as when using Yocto project) and + require custom fixing for each of them; pkg-config on the other hand + works similarly everywhere. + + Signed-off-by: Roy Li <rongqing.li@windriver.com> + Signed-off-by: Alexander Kanavin <alex@linutronix.de> + + Closes #7916 + +- test1160: edited to work with hyper + + Closes #7912 + +- data/DISABLED: enable tests that now work with hyper + + Closes #7911 + +- test559: add 'HTTP' in keywords + + Makes it run fine with hyper + + Closes #7911 + +- test552: updated to work with hyper + + Closes #7911 + +Marc Hoersken (27 Oct 2021) +- github: fix incomplete permission to label PRs for Hacktoberfest + + Unfortunately the GitHub API requires a token with write permission + for both issues and pull-requests to edit labels on even just PRs. + + Follow up to #7897 + +Daniel Stenberg (27 Oct 2021) +- opt-manpages: use 'Added in' instead of 'Since' + + Closes #7913 + +Marc Hoersken (27 Oct 2021) +- github: fix missing permission to label PRs for Hacktoberfest + + Follow up to #7897 + + Test references to see if permissions are now sufficient: + + Closes #7832 + Closes #7897 + +- CI: more use of test-ci make target and verbose output + + Replace test-nonflaky with test-ci and enable verbose output + in all remaining CIs except Zuul which is customized a lot. + + Reviewed-by: Daniel Stenberg + Reviewed-by: Jay Satiro + + Follow up to #7785 + Closes #7832 + +- github: add support for Hacktoberfest using labels + + Automatically add hacktoberfest-accepted label to PRs opened between + September 30th and November 1st once a commit with a close reference + to it is pushed onto the master branch. + + With this workflow we can participate in Hacktoberfest while not + relying on GitHub to identify PRs as merged due to our rebasing. + + Requires hacktoberfest-accepted labels to exist for PRs on the + participating repository. Also requires hacktoberfest topic on + the participating repository to avoid applying to forked repos. + + Reviewed-by: Daniel Stenberg + + Fixes #7865 + Closes #7897 + +Daniel Stenberg (27 Oct 2021) +- http: reject HTTP response codes < 100 + + ... which then also includes negative ones as test 1430 uses. + + This makes native + hyper backend act identically on this and therefore + test 1430 can now be enabled when building with hyper. Adjust test 1431 + as well. + + Closes #7909 + +- [Kerem Kat brought this change] + + docs: fix typo in CURLOPT_TRAILERFUNCTION example + + Closes #7910 + +- docs/HYPER: remove some remaining issues, add HTTP/0.9 limitation + +- configure: when hyper is selected, deselect nghttp2 + + Closes #7908 + +- [Patrick Monnerat brought this change] + + sendf: accept zero-length data in Curl_client_write() + + Historically, Curl_client_write() used a length value of 0 as a marker + for a null-terminated data string. This feature has been removed in + commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT + statement rejecting a length with value 0 was introduced, effectively + precluding use of this function with zero-length data. + + The current commit removes the DEBUGASSERT and makes the function to + return immediately if length is 0. + + A direct effect is to fix trying to output a zero-length distinguished + name in openldap. + + Another DEBUGASSERT statement is also rephrased for better readability. + + Closes #7898 + +- hyper: disable test 1294 since hyper doesn't allow such crazy headers + + Closes #7905 + +- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work + + Verified by the enabled test 1288 + + Closes #7905 + +- test1287: make work on hyper + + Closes #7905 + +- test1266/1267: disabled on hyper: no HTTP/0.9 support + + Closes #7905 + +Viktor Szakats (25 Oct 2021) +- Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options + + Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled + (and then failed with an error when not finding expected OpenSSL headers), + but this isn't necessarly true, e.g. when building both libssh2 and curl + against Schannel. This patch makes sure to only enable the OpenSSL backend + with -libssh2/-rtmp, when there was no SSL option explicitly selected. + + - Re-implement the logic as a single block of script. + - Also fix an indentation while there. + + Assisted-by: Jay Satiro + + Closes #7895 + +Daniel Stenberg (25 Oct 2021) +- docs: consistent use of "Added in" + + Make them all say "Added in [version]" without using 'curl' or 'libcurl' + in that phrase. + +- man pages: require all to use the same section header order + + This is the same order we already enforce among the options' man pages: + consistency is good. Add lots of previously missing examples. + + Adjust the manpage-syntax script for this purpose, used in test 1173. + + Closes #7904 + +- [David Hu brought this change] + + docs/HTTP3: improve build instructions + + 1. If writing to a system path if the command is not prefixed with + `sudo` it will cause a permission denied error + + 2. The patched OpenSSL branch has been updated to `openssl-3.0.0+quic` + to match upstream OpenSSL version. + + 3. We should not disable GnuTLS docs. + + Updated some commands about `make install` + + Closes #7842 + +- [Ricardo Martins brought this change] + + CMake: restore support for SecureTransport on iOS + + Restore support for building curl for iOS with SecureTransport enabled. + + Closes #7501 + +- tests: enable more tests with hyper + + Adjusted 1144, 1164 and 1176. + + Closes #7900 + +- docs: provide "RETURN VALUE" section for more func manpages + + Three were missing, one used a non-standard name for the header. + + Closes #7902 + +Jay Satiro (25 Oct 2021) +- curl_multi_socket_action.3: add a "RETURN VALUE" section + + .. because it may not be immediately clear to the user what + curl_multi_socket_action returns. + + Ref: https://curl.se/mail/lib-2021-10/0035.html + + Closes https://github.com/curl/curl/pull/7901 + +Daniel Stenberg (24 Oct 2021) +- RELEASE-NOTES: synced + +- [Samuel Henrique brought this change] + + tests: use python3 in test 1451 + + This is a continuation of commit ec91b5a69000bea0794bbb3 in which + changing this test was missed. There are no other python2 leftovers + now. + + Based on a Debian patch originally written by Alessandro Ghedini + <ghedo@debian.org> + + Closes #7899 + +- [Eddie Lumpkin brought this change] + + lib: fixing comment spelling typos in lib files + + Closes #7894 + Signed-off-by: ewlumpkin <ewlumpkin@gmail.com> + +- openssl: if verifypeer is not requested, skip the CA loading + + It was previously done mostly to show a match/non-match in the verbose + output even when verification was not asked for. This change skips the + loading of the CA certs unless verifypeer is set to save memory and CPU. + + Closes #7892 + +- curl-confopts.m4: remove --enable/disable-hidden-symbols + + These configure options have been saying "deprecated" since 9e24b9c7af + (April 2012). It was about time we remove them. + + Closes #7891 + +- c-hyper: don't abort CONNECT responses early when auth-in-progress + + ... and make sure to stop ignoring the body once the CONNECT is done. + + This should make test 206 work proper again and not be flaky. + + Closes #7889 + +- hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING + + Simply because hyper doesn't have this ability. Mentioned in docs now. + + Skip test 326 then + + Closes #7889 + +- test262: don't attempt with hyper + + This test verifies that curl works with binary zeroes in HTTP response + headers and hyper refuses such. They're not kosher http. + + Closes #7889 + +- c-hyper: make test 217 run + + Closes #7889 + +- DISABLED: enable test 209+213 for hyper + + Follow-up to 823d3ab855c + + Closes #7889 + +- test207: accept a different error code for hyper + + It returns HYPERE_UNEXPECTED_EOF for this case which we convert to the + somewhat generic CURLE_RECV_ERROR. + + Closes #7889 + +- [Érico Nogueira brought this change] + + INSTALL: update symbol hiding option + + --enable-hidden-symbols was deprecated in + 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224. + + Closes #7890 + +- http_proxy: multiple CONNECT with hyper done better + + Enabled test 206 + + Closes #7888 + +- hyper: pass the CONNECT line to the debug callback + + Closes #7887 + +- mailmap: Malik Idrees Hasan Khan + +Jay Satiro (21 Oct 2021) +- [Malik Idrees Hasan Khan brought this change] + + build: fix typos + + Closes https://github.com/curl/curl/pull/7886 + +- URL-SYNTAX: add IMAP UID SEARCH example + + - Explain the difference between IMAP search via URL (which returns + message sequence numbers) and IMAP search via custom request (which + can return UID numbers if prefixed with UID, eg "UID SEARCH ..."). + + Bug: https://github.com/curl/curl/issues/7626 + Reported-by: orycho@users.noreply.github.com + + Ref: https://github.com/curl/curl/issues/2789 + + Closes https://github.com/curl/curl/pull/7881 + +Daniel Stenberg (20 Oct 2021) +- manpage: adjust the asterisk in some SYNOPSIS sections + + Closes #7884 + +- curl_multi_perform.3: polish wording + + - simplify the example by using curl_multi_poll + + - mention curl_multi_add_handle in the text + + - cut out the description of pre-7.20.0 return code behavior - that version + is now more than eleven years old and is basically no longer out there + + - adjust the "typical usage" to mention curl_multi_poll + + Closes #7883 + +- docs/THANKS: removed on request + +- FAQ: polish the explanation of libcurl + +- curl_easy_perform.3: minor wording tweak + +- [Erik Stenlund brought this change] + + mime: mention CURL_DISABLE_MIME in comment + + CURL_DISABLE_MIME is not mentioned in the comment describing the if else + preprocessor directive. + + Closes #7882 + +- tls: remove newline from three infof() calls + + Follow-up to e7416cf + + Reported-by: billionai on github + Fixes #7879 + Closes #7880 + +- RELEASE-NOTES: synced + +- curl_gssapi: fix build warnings by removing const + + Follow-up to 20e980f85b0ea6 + + In #7875 these inits were modified but I get two warnings that these new + typecasts are necessary for. + + Closes #7876 + +- [Bo Anderson brought this change] + + curl_gssapi: fix link error on macOS Monterey + + Fixes #7657 + Closes #7875 + +- test1185: verify checksrc + + Closes #7866 + +- checksrc: improve the SPACESEMICOLON error message + + and adjust the MULTISPACE one to use plural + + Closes #7866 + +- url: set "k->size" -1 at start of request + + The size of the transfer is unknown at that point. + + Fixes #7871 + Closes #7872 + +Daniel Gustafsson (18 Oct 2021) +- doh: remove experimental code for DoH with GET + + The code for sending DoH requests with GET was never enabled in a way + such that it could be used or tested. As there haven't been requests + for this feature, and since it at this is effectively dead, remove it + and favor reimplementing the feature in case anyone is interested. + + Closes #7870 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (18 Oct 2021) +- cirrus: remove FreeBSD 11.4 from the matrix + + It has reached End-Of-Life and causes some LDAP CI issues. + + Closes #7869 + +- cirrus: switch to openldap24-client + + ... as it seems openldap-client doesn't exist anymore. + + Reported-by: Jay Satiro + Fixes #7868 + Closes #7869 + +- checksrc: ignore preprocessor lines + + In order to check the actual code better, checksrc now ignores + everything that look like preprocessor instructions. It also means + that code in macros are now longer checked. + + Note that some rules then still don't need to be followed when code is + exactly below a cpp instruction. + + Removes two checksrc exceptions we needed previously because of + preprocessor lines being checked. + + Reported-by: Marcel Raad + Fixes #7863 + Closes #7864 + +- urlapi: skip a strlen(), pass in zero + + ... to let curl_easy_escape() itself do the strlen. This avoids a (false + positive) Coverity warning and it avoids us having to store the strlen() + return value in an int variable. + + Reviewed-by: Daniel Gustafsson + Closes #7862 + +- misc: update copyright years + +- examples/htmltidy: correct wrong printf() use + + ... and update the includes to match how current htmltidy wants them + used. + + Reported-by: Stathis Kapnidis + Fixes #7860 + Closes #7861 + +Jay Satiro (15 Oct 2021) +- http: set content length earlier + + - Make content length (ie download size) accessible to the user in the + header callback, but only after all headers have been processed (ie + only in the final call to the header callback). + + Background: + + For a long time the content length could be retrieved in the header + callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed + by curl. + + Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length + if any transfer encoding is used. A side effect of that was that + content length was not set by libcurl until after the header callback + was called the final time, because until all headers are processed it + cannot be determined if content length is valid. + + This change keeps the same intention --all headers must be processed-- + but now the content length is available before the final call to the + header function that indicates all headers have been processed (ie + a blank header). + + Bug: https://github.com/curl/curl/commit/8a16e54#r57374914 + Reported-by: sergio-nsk@users.noreply.github.com + + Co-authored-by: Daniel Stenberg + + Fixes https://github.com/curl/curl/issues/7804 + Closes https://github.com/curl/curl/pull/7803 + +Daniel Stenberg (15 Oct 2021) +- [Abhinav Singh brought this change] + + aws-sigv4: make signature work when post data is binary + + User sets the post fields size for binary data. Hence, we should not be + using strlen on it. + + Added test 1937 and 1938 to verify. + + Closes #7844 + +- [a1346054 brought this change] + + MacOSX-Framework: remove redundant ';' + + Closes #7859 + +- RELEASE-NOTES: synced + +- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway + + One reason we know it can fail is if a provider is used that doesn't do + a proper job or is wrongly configured. + + Reported-by: Michael Baentsch + Fixes #7840 + Closes #7856 + +Marcel Raad (14 Oct 2021) +- [Ryan Mast brought this change] + + cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend on it + + Closes https://github.com/curl/curl/pull/7822 + +Daniel Stenberg (14 Oct 2021) +- http: remove assert that breaks hyper + + Reported-by: Jay Satiro + Fixes #7852 + Closes #7855 + +- http_proxy: fix one more result assign for hyper + + and remove the bad assert again, since it was run even with no error! + + Closes #7854 + +Jay Satiro (14 Oct 2021) +- sws: fix memory leak on exit + + - Free the allocated http request struct on cleanup. + + Prior to this change if sws was built with leak sanitizer it would + report a memory leak error during testing. + + Closes https://github.com/curl/curl/pull/7849 + +Daniel Stenberg (14 Oct 2021) +- c-hyper: make Curl_http propagate errors better + + Pass on better return codes when errors occur within Curl_http instead + of insisting that CURLE_OUT_OF_MEMORY is the only possible one. + + Pointed-out-by: Jay Satiro + Closes #7851 + +- http_proxy: make hyper CONNECT() return the correct error code + + For every 'goto error', make sure the result variable holds the error + code for what went wrong. + + Reported-by: Rafał Mikrut + Fixes #7825 + Closes #7846 + +- docs/Makefile.am: repair 'make html' + + by removing index.html which isn't around anymore + + Closes #7853 + +- [Борис Верховский brought this change] + + curl: correct grammar in generated libcurl code + + Closes #7802 + +- tests: disable test 2043 + + It uses revoked.badssl.com which now is expired and therefor this now + permafails. We should not use external sites for tests, this test should + be converted to use our own infra. + + Closes #7845 + +- runtests: split out ignored tests + + Report ignore tests separately from the actual fails. + + Don't exit non-zero if test servers couldn't get killed. + + Assisted-by: Jay Satiro + + Fixes #7818 + Closes #7841 + +- http2: make getsock not wait for write if there's no remote window + + While uploading, check for remote window availability in the getsock + function so that we don't wait for a writable socket if no data can be + sent. + + Reported-by: Steini2000 on github + Fixes #7821 + Closes #7839 + +- test368: verify dash is appended for "-r [num]" + + Follow-up to 8758a26f8878 + +- [Борис Верховский brought this change] + + curl: actually append "-" to --range without number only + + Closes #7837 + +- RELEASE-NOTES: synced + +- urlapi: URL decode percent-encoded host names + + The host name is stored decoded and can be encoded when used to extract + the full URL. By default when extracting the URL, the host name will not + be URL encoded to work as similar as possible as before. When not URL + encoding the host name, the '%' character will however still be encoded. + + Getting the URL with the CURLU_URLENCODE flag set will percent encode + the host name part. + + As a bonus, setting the host name part with curl_url_set() no longer + accepts a name that contains space, CR or LF. + + Test 1560 has been extended to verify percent encodings. + + Reported-by: Noam Moshe + Reported-by: Sharon Brizinov + Reported-by: Raul Onitza-Klugman + Reported-by: Kirill Efimov + Fixes #7830 + Closes #7834 + +Marc Hoersken (8 Oct 2021) +- CI/makefiles: introduce dedicated test target + + Make it easy to use the same set of test flags + throughout all current and future CI builds. + + Reviewed-by: Jay Satiro + + Follow up to #7690 + Closes #7785 + +Daniel Stenberg (8 Oct 2021) +- maketgz: redirect updatemanpages.pl output to /dev/null + +- CURLOPT_HTTPHEADER.3: add descripion for specific headers + + Settting Host: or Transfer-Encoding: chunked actually have special + meanings to libcurl. This change tries to document them + + Closes #7829 + +- c-hyper: use hyper_request_set_uri_parts to make h2 better + + and make sure to not send Host: over h2. + + Fixes #7679 + Reported-by: David Cook + Closes #7827 + +- [Michael Afanasiev brought this change] + + curl-openssl.m4: modify library order for openssl linking + + lcrypto may depend on lz, and configure corrently fails with when + statically linking as the order is "-lz -lcrypto". This commit switches + the order to "-lcrypto -lz". + + Closes #7826 + +Marcel Raad (7 Oct 2021) +- sha256: use high-level EVP interface for OpenSSL + + Available since OpenSSL 0.9.7. The low-level SHA256 interface is + deprecated in OpenSSL v3, and its usage was discouraged even before. + + Closes https://github.com/curl/curl/pull/7808 + +- curl_ntlm_core: use OpenSSL only if DES is available + + This selects another SSL backend then if available, or otherwise at + least gives a meaningful error message. + + Closes https://github.com/curl/curl/pull/7808 + +- md5: fix compilation with OpenSSL 3.0 API + + Only use OpenSSL's MD5 code if it's available. + + Also fix wolfSSL build with `NO_MD5`, in which case neither the + wolfSSL/OpenSSL implementation nor the fallback implementation was + used. + + Closes https://github.com/curl/curl/pull/7808 + +Daniel Stenberg (7 Oct 2021) +- print_category: printf %*s needs an int argument + + ... not a size_t! + + Detected by Coverity: CID 1492331. + Closes #7823 + +Jay Satiro (7 Oct 2021) +- version_win32: use actual version instead of manifested version + + - Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible. + + Later versions of Windows have normal version functions that compare and + return versions based on the way the application is manifested, instead + of the actual version of Windows the application is running on. We + prefer the actual version of Windows so we'll now call the Rtl variant + of version functions (RtlVerifyVersionInfo) which does a proper + comparison of the actual version. + + Reported-by: Wyatt O'Day + + Ref: https://github.com/curl/curl/pull/7727 + + Fixes https://github.com/curl/curl/issues/7742 + Closes https://github.com/curl/curl/pull/7810 + +Daniel Stenberg (6 Oct 2021) +- RELEASE-NOTES: synced + +- http: fix Basic auth with empty name field in URL + + Add test 367 to verify. + + Reported-by: Rick Lane + Fixes #7819 + Closes #7820 + +- [Jeffrey Tolar brought this change] + + CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse + + ... and close connections that are too old instead of reusing them. + + By default, this behavior is disabled. + + Bug: https://curl.se/mail/lib-2021-09/0058.html + Closes #7751 + +Daniel Gustafsson (6 Oct 2021) +- docs/examples: add missing binaries to gitignore + + Commit f65d7889b added getreferrer, and commit ae8e11ed5 multi-legacy, + both of which missed adding .gitignore clauses for the built binaries. + + Closes #7817 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (5 Oct 2021) +- [Josip Medved brought this change] + + HTTP3: fix the HTTP/3 Explained book link + + Closes #7813 + +- [Lucas Holt brought this change] + + misc: fix a few issues on MidnightBSD + + Closes #7812 + +Daniel Gustafsson (4 Oct 2021) +- [8U61ife brought this change] + + tool_main: fix typo in comment + + Closes: #7811 + Reviewed-by: Daniel Gustafsson <daniel@yesql.se> + +Daniel Stenberg (4 Oct 2021) +- [Ryan Mast brought this change] + + BINDINGS: URL updates + + For cpr, BBHTTP, Eiffel, Harbour, Haskell, Mono, and Rust + + Closes #7809 + +- scripts/delta: hide a git error message we don't care about + + fatal: path 'src/tool_listhelp.c' exists on disk, but not in [tag] + +- [Patrick Monnerat brought this change] + + sasl: binary messages + + Capabilities of sasl module are extended to exchange messages in binary + as an alternative to base64. + + If http authentication flags have been set, those are used as sasl + default preferred mechanisms. + + Closes #6930 + +- [Hayden Roche brought this change] + + wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity + + Prior to this commit, OpenSSL could be used for all these functions, but + not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL + is defined. + + Closes #7806 + +- scripts/delta: count command line options in the new file + + ... which makes the shown delta number wrong until next release. + +- RELEASE-NOTES: synced + +- print_category: print help descriptions aligned + + Adjust the description position to make an aligned column when doing + help listings, which is more pleasing to the eye. + + Suggested-by: Gisle Vanem + Closes #7792 + +- lib/mk-ca-bundle.pl: skip certs passed Not Valid After date + + With this change applied, the now expired 'DST Root CA X3' cert will no + longer be included in the output. + + Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ + + Closes #7801 + +- tool_listhelp: easier to generate with gen.pl + + tool_listhelp.c is now a separate file with only the command line --help + output, exactly as generated by gen.pl. This makes it easier to generate + updates according to what's in the docs/cmdline-opts docs. + + cd $srcroot/docs/cmdline-opts + ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c + + With a configure build, this also works: + + make -C src listhelp + + Closes #7787 + +- [Anthony Hu brought this change] + + wolfssl: allow setting of groups/curves + + In particular, the quantum safe KEM and hybrid curves if wolfSSL is + built to support them. + + Closes #7728 + +- [Jan Mazur brought this change] + + connnect: use sysaddr_un fron sys/un.h or custom-defined for windows + + Closes #7737 + +Jay Satiro (30 Sep 2021) +- [Rikard Falkeborn brought this change] + + hostip: Move allocation to clarify there is no memleak + + By just glancing at the code, it looks like there is a memleak if the + call to Curl_inet_pton() fails. Looking closer, it is clear that the + call to Curl_inet_pton() can not fail, so the code will never leak + memory. However, we can make this obvious by moving the allocation + after the if-statement. + + Closes https://github.com/curl/curl/pull/7796 + +Daniel Stenberg (30 Sep 2021) +- gen.pl: make the output date format work better + + Follow-up to 15910dfd143dd + + The previous strftime format used didn't work correctly on Windows, so + change to %B %d %Y which today looks like "September 29 2021". + + Reported-by: Gisle Vanem + Bug: #7782 + Closes #7793 + +- typecheck-gcc.h: add CURLOPT_PREREQDATA awareness + + Follow-up to a517378de58358a + + To make test 1912 happy again + + Closes #7799 + +Marcel Raad (29 Sep 2021) +- configure: remove `HAVE_WINSOCK_H` definition + + It's not used anymore. + + Closes https://github.com/curl/curl/pull/7795 + +- CMake: remove `HAVE_WINSOCK_H` definition + + It's not used anymore. + + Closes https://github.com/curl/curl/pull/7795 + +- config: remove `HAVE_WINSOCK_H` definition + + It's not used anymore. + + Closes https://github.com/curl/curl/pull/7795 + +- lib: remove `HAVE_WINSOCK_H` usage + + WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H` + instead. + + Closes https://github.com/curl/curl/pull/7795 + +Daniel Stenberg (29 Sep 2021) +- easyoptions: add the two new PRE* options + + Follow-up to a517378de58358a + + Also fix optiontable.pl to do the correct remainder on the entry. + + Reported-by: Gisle Vanem + Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830 + Closes #7791 + +- Revert "build: remove checks for WinSock 1" + + Due to CI issues + + This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc. + + Closes #7790 + +Daniel Gustafsson (29 Sep 2021) +- lib: avoid fallthrough cases in switch statements + + Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning + on implicit fallthrough cases, since the current coding of indicating + fallthrough with comments is falling out of fashion with new compilers. + This attempts to make the issue smaller by rewriting fallthroughs to no + longer fallthrough, via either breaking the cases or turning switch + statements into if statements. + + lib/content_encoding.c: the fallthrough codepath is simply copied + into the case as it's a single line. + lib/http_ntlm.c: the fallthrough case skips a state in the state- + machine and fast-forwards to NTLMSTATE_LAST. Do this before the + switch statement instead to set up the states that we actually + want. + lib/http_proxy.c: the fallthrough is just falling into exiting the + switch statement which can be done easily enough in the case. + lib/mime.c: switch statement rewritten as if statement. + lib/pop3.c: the fallthrough case skips to the next state in the + statemachine, do this explicitly instead. + lib/urlapi.c: switch statement rewritten as if statement. + lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state + machine, do this by running another iteration of the switch + statement instead. + lib/vtls/gtls.c: switch statement rewritten as if statement. + lib/vtls/nss.c: the fallthrough codepath is simply copied into the + case as it's a single line. Also twiddle a comment to not be + inside a non-brace if statement. + + Closes: #7322 + See-also: #7295 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Marcel Raad (28 Sep 2021) +- config-win32ce: enable WinSock 2 + + WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of + support since 2013). + + Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10) + + Closes https://github.com/curl/curl/pull/7778 + +- externalsocket: use WinSock 2.2 + + That's the only version we support. + + Closes https://github.com/curl/curl/pull/7778 + +- build: remove checks for WinSock 1 + + It's not supported anymore. + + Closes https://github.com/curl/curl/pull/7778 + +Daniel Stenberg (28 Sep 2021) +- scripts/copyright: .muse is .lift now + + And update 5 files with old copyright year range + +- cmdline-opts: made the 'Added:' field mandatory + + Since "too old" versions are no longer included in the generated man + page, this field is now mandatory so that it won't be forgotten and then + not included in the documentation. + + Closes #7786 + +- curl.1: remove mentions of really old version changes + + To make the man page more readable, this change removes all references + to changes in support/versions etc that happened before 7.30.0 from the + curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular + limit is a bit arbitrary but was fairly easy to grep for. + + It is handled like this: the 'Added' keyword is only used in output if + it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in + description will be stripped out if the mentioned $VERSION is from + before 7.30.0. It is therefore important that the "Added in..." + references are always written exactly like that - and on a single line, + not split over two. + + This change removes about 80 version number references from curl.1, down + to 138 from 218. + + Closes #7786 + +- RELEASE-NOTES: synced + +- tool_cb_prg: make resumed upload progress bar show better + + This is a regression that was *probably* injected in the larger progress + bar overhaul in 2018. + + Reported-by: beslick5 on github + Fixes #7760 + Closes #7777 + +- gen.pl: insert the current date and version in generated man page + + Reported-by: Gisle Vanem + Ref: #7780 + Closes #7782 + +- NTLM: use DES_set_key_unchecked with OpenSSL + + ... as the previously used function DES_set_key() will in some cases + reject using a key that it deems "weak" which will cause curl to + continue using the unitialized buffer content as key instead. + + Assisted-by: Harry Sintonen + Fixes #7779 + Closes #7781 + +Marc Hoersken (27 Sep 2021) +- CI: align make and test flags in various config files + + 1. Use Makefile target to run tests in autotools builds on AppVeyor. + 2. Disable testing of SCP protocol on native Windows environments. + 3. Remove redundant parameters -a -p from target test-nonflaky. + 4. Don't use -vc parameter which is reserved for debugging. + + Replaces #7591 + Closes #7690 + +Daniel Stenberg (27 Sep 2021) +- mailmap: unify Max! + +- [Max Dymond brought this change] + + CURLOPT_PREREQFUNCTION: add new callback + + Triggered before a request is made but after a connection is set up + + Changes: + + - callback: Update docs and callback for pre-request callback + - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION, + - Add redirect test and callback failure test + - Note that the function may be called multiple times on a redirection + - Disable new 2086 test due to Windows weirdness + + Closes #7477 + +- KNOWN_BUGS: HTTP/2 connections through HTTPS proxy frequently stall + + Closes #6936 + +- TODO: make configure use --cache-file more and better + + Closes #7753 + +- [Sergey Markelov brought this change] + + urlapi: support UNC paths in file: URLs on Windows + + - file://host.name/path/file.txt is a valid UNC path + \\host.name\path\files.txt to a non-local file transformed into URI + (RFC 8089 Appendix E.3) + + - UNC paths on other OSs must be smb: URLs + + Closes #7366 + +- [Gleb Ivanovsky brought this change] + + urlapi: add curl_url_strerror() + + Add curl_url_strerror() to convert CURLUcode into readable string and + facilitate easier troubleshooting in programs using URL API. + Extend CURLUcode with CURLU_LAST for iteration in unit tests. + Update man pages with a mention of new function. + Update example code and tests with new functionality where it fits. + + Closes #7605 + +- RELEASE-NOTES: synced + +- [Mats Lindestam brought this change] + + libssh2: add SHA256 fingerprint support + + Added support for SHA256 fingerprint in command line curl and in + libcurl. + + Closes #7646 + +- libcurl.rc: switch out the copyright symbol for plain ASCII + + Reported-by: Vitaly Varyvdin + Assisted-by: Viktor Szakats + Fixes #7765 + Closes #7776 + +- [Jun-ya Kato brought this change] + + ngtcp2: fix QUIC transport parameter version + + fix inappropriate version setting for QUIC transport parameters. + this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29). + + Closes #7771 + +- examples/imap-append: fix end-of-data check + + Reported-by: Alexander Chuykov + Fixes #7774 + Closes #7775 + +Michael Kaufmann (24 Sep 2021) +- vtls: Fix a memory leak if an SSL session cannot be added to the cache + + On connection shutdown, a new TLS session ticket may arrive after the + SSL session cache has already been destructed. In this case, the new + SSL session cannot be added to the SSL session cache. + + The callers of Curl_ssl_addsessionid() need to know whether the SSL + session has been added to the cache. If it has not been added, the + reference counter of the SSL session must not be incremented, or memory + used by the SSL session must be freed. This is now possible with the new + output parameter "added" of Curl_ssl_addsessionid(). + + Fixes #7683 + Closes #7752 + +Daniel Stenberg (24 Sep 2021) +- [Momoka Yamamoto brought this change] + + HTTP3.md: use 'autoreconf -fi' instead of buildconf + + buildconf is not used since #5853 + + Closes #7746 + +- GIT-INFO: rephrase to adapt to s/buildconf/autoreconf + +- [h1zzz brought this change] + + llist: remove redundant code, branch will not be executed + + Closes #7770 + +- [tlahn brought this change] + + HTTP-COOKIES.md: remove duplicate 'each' + + Closes #7772 + +Jay Satiro (24 Sep 2021) +- [Joel Depooter brought this change] + + libssh2: Get the version at runtime if possible + + Previously this code used a compile time constant, meaning that libcurl + always reported the libssh2 version that libcurl was built with. This + could differ from the libssh2 version actually being used. The new code + uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The + macro calls the libssh2_version function if it is available, otherwise + it falls back to the compile time version. + + Closes https://github.com/curl/curl/pull/7768 + +- [Joel Depooter brought this change] + + schannel: fix typo + + Closes https://github.com/curl/curl/pull/7769 + +Daniel Stenberg (23 Sep 2021) +- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED + + To avoid the "... is deprecated" warnings brought by OpenSSL v3. + (We need to address the underlying code at some point of course.) + + Assisted-by: Jakub Zakrzewski + Closes #7767 + +- curl-openssl: pass argument to sed single-quoted + + ... instead of using an escaped double-quote. This is an attempt to make + this work better with ksh that otherwise would insist on a double + escape! + + Reported-by: Randall S. Becker + Fixes #7758 + Closes #7764 + +- RELEASE-NOTES: synced + + Bumped curlver to 7.80.0-dev + +- [a1346054 brought this change] + + misc: fix typos in docs and comments + + No user facing output from curl/libcurl is changed by this, just + comments. + + Closes #7747 + +- [Thomas M. DuBuisson brought this change] + + ci: update Lift config to match requirements of curl build + + Also renamed Muse -> Lift, the new tool name. + + Closes #7761 + +- [Rikard Falkeborn brought this change] + + cleanup: constify unmodified static structs + + Constify a number of static structs that are never modified. Make them + const to show this. + + Closes #7759 + Version 7.79.1 (22 Sep 2021) Daniel Stenberg (22 Sep 2021) @@ -3441,19 +5060,19 @@ Daniel Stenberg (3 Jun 2021) Add test 3017 and 3018 to verify. Closes #7166 -- [theawless brought this change] +- [Abhinav Singh brought this change] cmake: add CURL_DISABLE_NTLM option Closes #7028 -- [theawless brought this change] +- [Abhinav Singh brought this change] configure: add --disable-ntlm option Closes #7028 -- [theawless brought this change] +- [Abhinav Singh brought this change] define: re-add CURL_DISABLE_NTLM and corresponding ifdefs @@ -6679,1598 +8298,3 @@ Daniel Gustafsson (26 Feb 2021) Closes #6665 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> - -- gnutls: Fix nettle discovery - - Commit e06fa7462ac258c removed support for libgcrypt leaving only - support for nettle which has been the default crypto library in - GnuTLS for a long time. There were however a few conditionals on - USE_GNUTLS_NETTLE which cause compilation errors in the metalink - code (as it used the gcrypt fallback instead as a result). See the - below autobuild for an example of the error: - - https://curl.se/dev/log.cgi?id=20210225123226-30704#prob1 - - This removes all uses of USE_GNUTLS_NETTLE and also removes the - gcrypt support from the metalink code while at it. - - Closes #6656 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -- cookies: Support multiple -b parameters - - Previously only a single -b cookie parameter was supported with the last - one winning. This adds support for supplying multiple -b params to have - them serialized semicolon separated. Both cookiefiles and cookies can be - entered multiple times. - - Closes #6649 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Daniel Stenberg (25 Feb 2021) -- build: remove all traces of USE_BLOCKING_SOCKETS - - libcurl doesn't behave properly with the define set - - Closes #6655 - -- RELEASE-NOTES: synced - -Daniel Gustafsson (25 Feb 2021) -- docs: Fix typos - - Random typos spotted when skimming docs. - -- cookies: Use named parameters in header prototypes - - Align header with project style of using named parameters in the - function prototypes to aid readability and self-documentation. - - Closes #6653 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - -Daniel Stenberg (24 Feb 2021) -- urldata: make 'actions[]' use unsigned char instead of int - - ... as it only needs a few bits per index anyway. - - Reviewed-by: Daniel Gustafsson - Closes #6648 - -- configure: fail if --with-quiche is used and quiche isn't found - - Closes #6652 - -- [Gregor Jasny brought this change] - - cmake: use CMAKE_INSTALL_INCLUDEDIR indirection - - Reviewed-by: Sergei Nikulov - Closes #6440 - -Viktor Szakats (23 Feb 2021) -- mingw: enable using strcasecmp() - - This makes the 'Features:' list sorted case-insensitively, - bringing output in-line with *nix builds. - - Reviewed-by: Jay Satiro - Closes #6644 - -- build: delete unused feature guards - - - `HAVE_STRNCASECMP` - - `HAVE_TCGETATTR` - - `HAVE_TCSETATTR` - - Reviewed-by: Jay Satiro - Reviewed-by: Daniel Stenberg - Closes #6645 - -Jay Satiro (23 Feb 2021) -- docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions - - Closes https://github.com/curl/curl/pull/6639 - -Daniel Stenberg (23 Feb 2021) -- [Jacob Hoffman-Andrews brought this change] - - configure: make hyper opt-in, and fail if missing - - Previously, configure would look for hyper by default, and use it if - found; otherwise it would not use hyper, and not error. - - Now, configure will not look for hyper unless --with-hyper is passed. If - configure looks for hyper and fails, it will error. - - Also, add -ld -lpthread -lm to Hyper's libs. I think they are required. - - Closes #6598 - -- multi: do once-per-transfer inits in before_perform in DID state - - ... since the state machine might go to RATELIMITING and then back to - PERFORMING doing once-per-transfer inits in that function is wrong and - it caused problems with receiving chunked HTTP and it set the - PRETRANSFER time much too often... - - Regression from b68dc34af341805aeb7b3715 (shipped in 7.75.0) - - Reported-by: Amaury Denoyelle - Fixes #6640 - Closes #6641 - -- RELEASE-NOTES: synced - -- CODE_STYLE.md: fix broken link to INTERNALS - - ... the link would only work if browsed on GitHub, while this link now - takes the user to the website instead and thus should work on either. - - Reported-by: David Demelier - -- curl_url_set.3: mention CURLU_PATH_AS_IS - - ... it has been supported since the URL API was added. - - Bug: https://curl.se/mail/lib-2021-02/0046.html - - Closes #6638 - -Viktor Szakats (21 Feb 2021) -- time: enable 64-bit time_t in supported mingw environments - - (Unless 32-bit `time_t` is selected manually via the `_USE_32BIT_TIME_T` - mingw macro.) - - Previously, 64-bit `time_t` was enabled on VS2005 and newer only, and - 32-bit `time_t` was used on all other Windows builds. - - Assisted-by: Jay Satiro - Closes #6636 - -Jay Satiro (20 Feb 2021) -- test1188: Check for --fail HTTP status - - - Change the test to check for curl error on HTTP 404 Not Found. - - test1188 tests "--write-out with %{onerror} and %{urlnum} to stderr". - Prior to this change it did that by specifying a non-existent host which - would cause an error. ISPs may hijack DNS and resolve non-existent hosts - so the test would not work if that was the case. - - Ref: https://en.wikipedia.org/wiki/DNS_hijacking#Manipulation_by_ISPs - Ref: https://github.com/curl/curl/issues/6621 - Ref: https://github.com/curl/curl/pull/6623 - - Closes https://github.com/curl/curl/pull/6637 - -- memdebug: close debug logfile explicitly on exit - - - Use atexit to register a dbg cleanup function that closes the logfile. - - LeakSantizier (LSAN) calls _exit() instead of exit() when a leak is - detected on exit so the logfile must be closed explicitly or data could - be lost. Though _exit() does not call atexit handlers such as this, - LSAN's call to _exit() comes after the atexit handlers are called. - - Prior to this change the logfile was not explicitly closed so it was - possible that if LSAN detected a leak and called _exit (which does - not flush or close files like exit) then the logfile could be missing - data. That could then cause curl's memanalyze to report false leaks - (eg a malloc was recorded to the logfile but the corresponding free was - discarded from the buffer instead of written to the logfile, then - memanalyze reports that as a leak). - - Ref: https://github.com/google/sanitizers/issues/1374 - - Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541 - - Closes https://github.com/curl/curl/pull/6620 - -- curl_multibyte: always return a heap-allocated copy of string - - - Change the Windows char <-> UTF-8 conversion functions to return an - allocated copy of the passed in string instead of the original. - - Prior to this change the curlx_convert_ functions would, as what I - assume was an optimization, not make a copy of the passed in string if - no conversion was required. No conversion is required in non-UNICODE - Windows builds since our tchar strings are type char and remain in - whatever the passed in encoding is, which is assumed to be UTF-8 but may - be other encoding. - - In contrast the UNICODE Windows builds require conversion - (wchar <-> char) and do return a copy. That inconsistency could lead to - programming errors where the developer expects a copy, and does not - realize that won't happen in all cases. - - Closes https://github.com/curl/curl/pull/6602 - -Viktor Szakats (19 Feb 2021) -- http: add new files missed from referrer commit - - Ref: 44872aefc2d54f297caf2b0cc887df321bc9d791 - Ref: #6591 - -- http: add support to read and store the referrer header - - - add CURLINFO_REFERER libcurl option - - add --write-out '%{referer}' command-line option - - extend --xattr command-line option to fill user.xdg.referrer.url extended - attribute with the referrer (if there was any) - - Closes #6591 - -Daniel Stenberg (19 Feb 2021) -- urldata: remove the _ORIG suffix from string names - - It doesn't provide any useful info but only makes the names longer. - - Closes #6624 - -- url: fix memory leak if OOM in the HSTS handling - - Reported-by: Viktor Szakats - Bug: https://github.com/curl/curl/pull/6627#issuecomment-781626205 - - Closes #6628 - -- gnutls: assume nettle crypto support - - nettle has been the default crypto library with GnuTLS since 2010. By - dropping support for the previous libcrypto, we simplify code. - - Closes #6625 - -- asyn-ares: use consistent resolve error message - - ... with the help of Curl_resolver_error() which now is moved from - asyn-thead.c and is provided globally for this purpose. - - Follow-up to 35ca04ce1b77636 - - Makes test 1188 work for c-ares builds - - Closes #6626 - -Viktor Szakats (18 Feb 2021) -- ci: stop building on freebsd-12-1 - - An updated freebsd-12-2 image was added a few months ago, and this - older one is consistently failing to go past `pkginstall`: - ``` - Newer FreeBSD version for package py37-mlt: - To ignore this error set IGNORE_OSVERSION=yes - - package: 1202000 - - running kernel: 1201000 - Ignore the mismatch and continue? [Y/n]: pkg: repository FreeBSD contains packages for wrong OS version: FreeBSD:12:amd64 - ``` - - FreeBSD thread suggests that 12.1 is EOL, and best to avoid. - - Ref: https://forums.freebsd.org/threads/78856/ - - Reviewed-by: Daniel Stenberg - Closes #6622 - -Daniel Stenberg (18 Feb 2021) -- test1188: change error from connect to resolve error - - Using the %NOLISTENPORT to trigger a connection failure is somewhat - "risky" (since it isn't guaranteed to not be listened to) and caused - occasional CI problems. This fix changes the infused error to be a more - reliable one but still verifies the --write-out functionality properly - - which is the purpose of this test. - - Reported-by: Jay Satiro - Fixes #6621 - Closes #6623 - -- url.c: use consistent error message for failed resolve - -- BUGS: language polish - -- wolfssl: don't store a NULL sessionid - - This caused a memory leak as the session id cache entry was still - erroneously stored with a NULL sessionid and that would later be treated - as not needed to get freed. - - Reported-by: Gisle Vanem - Fixes #6616 - Closes #6617 - -- parse_proxy: fix a memory leak in the OOM path - - Reported-by: Jay Satiro - Reviewed-by: Jay Satiro - Reviewed-by: Emil Engler - - Closes #6614 - Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541 - -Jay Satiro (17 Feb 2021) -- url: fix possible use-after-free in default protocol - - Prior to this change if the user specified a default protocol and a - separately allocated non-absolute URL was used then it was freed - prematurely, before it was then used to make the replacement URL. - - Bug: https://github.com/curl/curl/issues/6604#issuecomment-780138219 - Reported-by: arvids-kokins-bidstack@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/6613 - -Daniel Stenberg (16 Feb 2021) -- multi: rename the multi transfer states - - While working on documenting the states it dawned on me that step one is - to use more descriptive names on the states. This also changes prefix on - the states to make them shorter in the source. - - State names NOT ending with *ing are transitional ones. - - Closes #6612 - -Viktor Szakats (16 Feb 2021) -- http: do not add a referrer header with empty value - - Previously an empty 'Referer:' header was added to the HTTP request when - passing `--referer ';auto'` or `--referer ''` on the command-line. This - patch makes `--referer` work like `--header 'Referer:'` and will only add - the header if it has a non-zero length value. - - Reviewed-by: Jay Satiro - Closes #6610 - -Daniel Stenberg (16 Feb 2021) -- lib: remove 'conn->data' completely - - The Curl_easy pointer struct entry in connectdata is now gone. Just - before commit 215db086e0 landed on January 8, 2021 there were 919 - references to conn->data. - - Closes #6608 - -- openldap: pass 'data' to the callbacks instead of 'conn' - -Jay Satiro (15 Feb 2021) -- doh: Fix sharing user's resolve list with DOH handles - - - Share the shared object from the user's easy handle with the DOH - handles. - - Prior to this change if the user had set a shared object with shared - cached DNS (CURL_LOCK_DATA_DNS) for their easy handle then that wasn't - used by any associated DOH handles, since they used the multi's default - hostcache. - - This change means all the handles now use the same hostcache, which is - either the shared hostcache from the user created shared object if it - exists or if not then the multi's default hostcache. - - Reported-by: Manuj Bhatia - - Fixes https://github.com/curl/curl/issues/6589 - Closes https://github.com/curl/curl/pull/6607 - -Daniel Stenberg (15 Feb 2021) -- http2: remove conn->data use - - ... but instead use a private alternative that points to the "driving - transfer" from the connection. We set the "user data" associated with - the connection to be the connectdata struct, but when we drive transfers - the code still needs to know the pointer to the transfer. We can change - the user data to become the Curl_easy handle, but with older nghttp2 - version we cannot dynamically update that pointer properly when - different transfers are used over the same connection. - - Closes #6520 - -- openssl: remove conn->data use - - We still make the trace callback function get the connectdata struct - passed to it, since the callback is anchored on the connection. - - Repeatedly updating the callback pointer to set 'data' with - SSL_CTX_set_msg_callback_arg() doesn't seem to work, probably because - there might already be messages in the queue with the old pointer. - - This code therefore makes sure to set the "logger" handle before using - OpenSSL calls so that the right easy handle gets used for tracing. - - Closes #6522 - -- RELEASE-NOTES: synced - -Jay Satiro (14 Feb 2021) -- doh: add options to disable ssl verification - - - New libcurl options CURLOPT_DOH_SSL_VERIFYHOST, - CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the - same as their respective counterparts. - - - New curl tool options --doh-insecure and --doh-cert-status do the same - as their respective counterparts. - - Prior to this change DOH SSL certificate verification settings for - verifyhost and verifypeer were supposed to be inherited respectively - from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug - were not. As a result DOH verification remained at the default, ie - enabled, and it was not possible to disable. This commit changes - behavior so that the DOH verification settings are independent and not - inherited. - - Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676 - - Fixes https://github.com/curl/curl/issues/4578 - Closes https://github.com/curl/curl/pull/6597 - -- hostip: fix crash in sync resolver builds that use DOH - - - Guard some Curl_async accesses with USE_CURL_ASYNC instead of - !CURLRES_SYNCH. - - This is another follow-up to 8335c64 which moved the async struct from - the connectdata struct into the Curl_easy struct. A previous follow-up - 6cd167a fixed building for sync resolver by guarding some async struct - accesses with !CURLRES_SYNCH. The problem is since DOH (DNS-over-HTTPS) - is available as an asynchronous secondary resolver the async struct may - be used even when libcurl is built for the sync resolver. That means - that CURLRES_SYNCH and USE_CURL_ASYNC may be defined at the same time. - - Closes https://github.com/curl/curl/pull/6603 - -Daniel Stenberg (13 Feb 2021) -- KNOWN_BUGS: cannot enable LDAPS on Windows with cmake - - Reported-by: Jack Boos Yu - Closes #6284 - -- KNOWN_BUGS: Excessive HTTP/2 packets with TCP_NODELAY - - Reported-by: Alex Xu - Closes #6363 - -- http: use credentials from transfer, not connection - - HTTP auth "accidentally" worked before this cleanup since the code would - always overwrite the connection credentials with the credentials from - the most recent transfer and since HTTP auth is typically done first - thing, this has not been an issue. It was still wrong and subject to - possible race conditions or future breakage if the sequence of functions - would change. - - The data.set.str[] strings MUST remain unmodified exactly as set by the - user, and the credentials to use internally are instead set/updated in - state.aptr.* - - Added test 675 to verify different credentials used in two requests done - over a reused HTTP connection, which previously behaved wrongly. - - Fixes #6542 - Closes #6545 - -- test433: clear some home dir env variables - - Follow-up to bd6b54ba1f55b5 - - ... so that XDG_CONFIG_HOME is the only home dir variable set and thus - used correctly in the test! - - Fixes #6599 - Closes #6600 - -- RELEASE-NOTES: synced - - bumped the version to 7.76.0 - -- travis: install libgsasl-dev to add that to the builds - - Closes #6588 - -- urldata: don't touch data->set.httpversion at run-time - - Rename it to 'httpwant' and make a cloned field in the state struct as - well for run-time updates. - - Also: refuse non-supported HTTP versions. Verified with test 129. - - Closes #6585 - -Viktor Szakats (11 Feb 2021) -- tests: disable .curlrc in more environments - - by also setting CURL_HOME and XDG_CONFIG_HOME envvars to the local - directory. - - Reviewed-by: Daniel Stenberg - Fixes #6595 - Closes #6596 - -- docs/Makefile.inc: format to be update-friendly - - - one source file per line - - convert tabs to spaces - - do not align line-continuation backslashes - - sort source files alphabetically - - Reviewed-by: Daniel Stenberg - Closes #6593 - -Daniel Stenberg (11 Feb 2021) -- curl: provide libgsasl version and feature info in -V output - - Closes #6592 - -- gsasl: provide CURL_VERSION_GSASL if built-in - - To let applications know the feature is available. - - Closes #6592 - -- curl: add --fail-with-body - - Prevent both --fail and --fail-with-body on the same command line. - - Verify with test 349, 360 and 361. - - Closes #6449 - -- TODO: remove HSTS - - Provided now since commit 7385610d0c74 - -Jay Satiro (10 Feb 2021) -- tests: Fix tests failing due to change in curl --help - - Follow-up to parent 3183217 which added add missing <mode> argument to - --create-file-mode <mode>. - - Ref: https://github.com/curl/curl/issues/6590 - -- tool_help: add missing argument for --create-file-mode - - Prior to this change the required argument was not shown in curl --help. - - before: - --create-file-mode File mode for created files - - after: - --create-file-mode <mode> File mode (octal) for created files - - Reported-by: ZimCodes@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/6590 - -- create-file-mode.d: add missing Arg tag - - Prior to this change the required argument was not shown. - - curl.1 before: --create-file-mode - curl.1 after: --create-file-mode <mode> - - Reported-by: ZimCodes@users.noreply.github.com - - Fixes https://github.com/curl/curl/issues/6590 - -Viktor Szakats (10 Feb 2021) -- gsasl: fix errors/warnings building against libgsasl - - - also fix an indentation - - make Curl_auth_gsasl_token() use CURLcode (by Daniel Stenberg) - - Ref: https://github.com/curl/curl/pull/6372#issuecomment-776118711 - Ref: https://github.com/curl/curl/pull/6588 - - Reviewed-by: Jay Satiro - Assisted-by: Daniel Stenberg - Reviewed-by: Simon Josefsson - Closes #6587 - -- Makefile.m32: add support for libgsasl dependency - - Reviewed-by: Marcel Raad - Closes #6586 - -Marcel Raad (10 Feb 2021) -- ngtcp2: clarify calculation precedence - - As suggested by Codacy/cppcheck. - - Closes https://github.com/curl/curl/pull/6576 - -- server: remove redundant condition - - `end` is always non-null here. - - Closes https://github.com/curl/curl/pull/6576 - -- lib: remove redundant code - - Closes https://github.com/curl/curl/pull/6576 - -- mqttd: remove unused variable - - Closes https://github.com/curl/curl/pull/6576 - -- tool_paramhlp: reduce variable scope - - Closes https://github.com/curl/curl/pull/6576 - -- tests: reduce variable scopes - - Closes https://github.com/curl/curl/pull/6576 - -- lib: reduce variable scopes - - Closes https://github.com/curl/curl/pull/6576 - -- ftp: fix Codacy/cppcheck warning about null pointer arithmetic - - Increment `bytes` only if it is non-null. - - Closes https://github.com/curl/curl/pull/6576 - -Daniel Stenberg (9 Feb 2021) -- ngtcp2: adapt to the new recv_datagram callback - -- quiche: fix build error: use 'int' for port number - - Follow-up to cb2dc1ba8 - -- ftp: add 'list_only' to the transfer state struct - - and rename it from 'ftp_list_only' since it is also used for SSH and - POP3. The state is updated internally for 'type=D' FTP URLs. - - Added test case 1570 to verify. - - Closes #6578 - -- ftp: add 'prefer_ascii' to the transfer state struct - - ... and make sure the code never updates 'set.prefer_ascii' as it breaks - handle reuse which should use the setting as the user specified it. - - Added test 1569 to verify: it first makes an FTP transfer with ';type=A' - and then another without type on the same handle and the second should - then use binary. Previously, curl failed this. - - Closes #6578 - -- RELEASE-NOTES: synced - -- [Jacob Hoffman-Andrews brought this change] - - vtls: initial implementation of rustls backend - - This adds a new TLS backend, rustls. It uses the C-to-rustls bindings - from https://github.com/abetterinternet/crustls. - - Rustls is at https://github.com/ctz/rustls/. - - There is still a fair bit to be done, like sending CloseNotify on - connection shutdown, respecting CAPATH, and properly indicating features - like "supports TLS 1.3 ciphersuites." But it works well enough to make - requests and receive responses. - - Blog post for context: - https://www.abetterinternet.org/post/memory-safe-curl/ - - Closes #6350 - -- [Simon Josefsson brought this change] - - sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl - - Closes #6372 - -Jay Satiro (9 Feb 2021) -- lib: use int type for more port variables - - This is a follow-up to 764c6bd. Prior to that change port variables - were usually type long. - - Closes https://github.com/curl/curl/pull/6553 - -- tool_writeout: refactor write-out and write-out json - - - Deduplicate the logic used by write-out and write-out json. - - Rather than have separate writeLong, writeString, etc, logic for - each of write-out and write-out json instead have respective shared - functions that can output either format and a 'use_json' parameter to - indicate whether it is json that is output. - - This will make it easier to maintain. Rather than have to go through - two sets of logic now we only have to go through one. - - - Support write-out %{errormsg} and %{exitcode} in json. - - - Clarify in the doc that %{exitcode} is the exit code of the transfer. - - Prior to this change it just said "The numerical exitcode" which - implies it's the exit code of the tool, and it's not necessarily that. - - Closes https://github.com/curl/curl/pull/6544 - -- lib: drop USE_SOCKETPAIR in favor of CURL_DISABLE_SOCKETPAIR - - .. since the former is undocumented and they both do the same thing. - - Closes https://github.com/curl/curl/pull/6517 - -- curl_multibyte: fall back to local code page stat/access on Windows - - If libcurl is built with Unicode support for Windows then it is assumed - the filename string is Unicode in UTF-8 encoding and it is converted to - UTF-16 to be passed to the wide character version of the respective - function (eg wstat). However the filename string may actually be in the - local encoding so, even if it successfully converted to UTF-16, if it - could not be stat/accessed then try again using the local code page - version of the function (eg wstat fails try stat). - - We already do this with fopen (ie wfopen fails try fopen), so I think it - makes sense to extend it to stat and access functions. - - Closes https://github.com/curl/curl/pull/6514 - -- [Stephan Szabo brought this change] - - file: Support unicode urls on windows - - Closes https://github.com/curl/curl/pull/6501 - -- [Vincent Torri brought this change] - - cmake: fix import library name for non-MS compiler on Windows - - - Use _imp.lib suffix only for Microsoft's compiler (MSVC). - - Prior to this change library suffix _imp.lib was used for the import - library on Windows regardless of compiler. - - With this change the other compilers should now use their default - suffix which should be .dll.a. - - This change is motivated by the usage of pkg-config on MSYS2. - Indeed, when 'pkg-config --libs libcurl' is used, -lcurl is - passed to ld. The documentation of ld on Windows : - - https://sourceware.org/binutils/docs/ld/WIN32.html - - lists, in the 'direct linking to a dll' section, the pattern - of the searched import library, and libcurl_imp.lib is not there. - - Closes https://github.com/curl/curl/pull/6225 - -Daniel Stenberg (9 Feb 2021) -- urldata: move 'followlocation' to UrlState - - As this is a state variable it does not belong in UserDefined which is - used to store values set by the user. - - Closes #6582 - -- [Ikko Ashimine brought this change] - - http_proxy: fix typo in http_proxy.c - - settting -> setting - - Closes #6583 - -- [Fabian Keil brought this change] - - tests/server: Bump MAX_TAG_LEN to 200 - - This is useful for tests containing HTML inside of <data> sections. - For <img> tags it's not uncommon to be longer than the previous - limit of 79 bytes. - - An example of a previously problem-causing tag is: - <img src="http://config.privoxy.org/send-banner?type=auto" border="0" title="Killed-http://www.privoxy.org/images/privoxy.png-by-size" width="88" height="31"> - which is needed for a Privoxy test for the banners-by-size filter. - - Previously it caused server failures like: - 12:29:05.786961 ====> Client connect - 12:29:05.787116 accept_connection 3 returned 4 - 12:29:05.787194 accept_connection 3 returned 0 - 12:29:05.787285 Read 119 bytes - 12:29:05.787345 Process 119 bytes request - 12:29:05.787407 Got request: GET /banners-by-size/9 HTTP/1.1 - 12:29:05.787464 Requested test number 9 part 0 - 12:29:05.787686 getpart() failed with error: -2 - 12:29:05.787744 - request found to be complete (9) - 12:29:05.787912 getpart() failed with error: -2 - 12:29:05.788048 Wrote request (119 bytes) input to log/server.input - 12:29:05.788157 Send response test9 section <data> - 12:29:05.788443 getpart() failed with error: -2 - 12:29:05.788498 instructed to close connection after server-reply - 12:29:05.788550 ====> Client disconnect 0 - 12:29:05.871448 exit_signal_handler: 15 - 12:29:05.871714 signalled to die - 12:29:05.872040 ========> IPv4 sws (port 21108 pid: 51758) exits with signal (15) - -- [Fabian Keil brought this change] - - tests/badsymbols.pl: when opening '$incdir' fails include it in the error message - -- [Fabian Keil brought this change] - - runtests.1: document -o, -P, -L, and -E - -- [Fabian Keil brought this change] - - runtests.pl: add %TESTNUMBER variable to make copying tests more convenient - -- [Fabian Keil brought this change] - - runtests.pl: add an -o option to change internal variables - - runtests.pl has lots of internal variables one might want to - change in certain situations, but adding a dedicated option - for every single one of them isn't practical. - - Usage: - ./runtests.pl -o TESTDIR=$privoxy_curl_test_dir -o HOSTIP=10.0.0.1 ... - -- [Fabian Keil brought this change] - - runtests.pl: cleanups - - - show the summarized test result in the last line of the report - - do not use $_ after mapping it to a named variable - Doing that makes the code harder to follow. - - log the restraints sorted by the number of their occurrences - - fix language when logging restraints that only occured once - - let runhttpserver() use $TESTDIR instead of $srcdir - ... so it works if a non-default $TESTDIR is being used. - -- [Fabian Keil brought this change] - - runtests.pl: add an -E option to specify an exclude file - - It can contain additional restraints for test numbers, - keywords and tools. - - The idea is to let third parties like the Privoxy project - distribute an exclude file with their tarballs that specifies - which curl tests are not expected to work when using Privoxy - as a proxy, without having to fork the whole curl test suite. - - The syntax could be changed to be extendable and maybe - more closely reflect the "curl test" syntax. Currently - it's a bunch of lines like these: - - test:$TESTNUMBER:Reason why this test with number $TESTNUMBER should be skipped - keyword:$KEYWORD:Reason why tests whose keywords contain the $KEYWORD should be skipped - tool:$TOOL:Reason why tests with tools that contain $TOOL should be skipped - - To specify multiple $TESTNUMBERs, $KEYWORDs and $TOOLs - on a single line, split them with commas. - -- [Fabian Keil brought this change] - - runtests.pl: add -L parameter to require additional perl libraries - - This is useful to change the behaviour of the script without - having to modify the file itself, for example to use a custom - compareparts() function that ignores header differences that - are expected to occur when an external proxy is being used. - - Such differences are proxy-specific and thus the modifications - should be maintained together with the proxy. - -- [Fabian Keil brought this change] - - runtests.pl: add a -P option to specify an external proxy - - ... that should be used when executing the tests. - - The assumption is that the proxy is an HTTP proxy. - - This option should be used together with -L to provide - a customized compareparts() version that knows which - proxy-specific header differences should be ignored. - - This option doesn't work for all test types yet. - -- [Fabian Keil brought this change] - - tests: fixup several tests - - missing CRs and modified %hostip - - lib556/test556: use a real HTTP version to make test reuse more convenient - - make sure the weekday in Date headers matches the date - - test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d) - - Gets the test working with external proxies like Privoxy again. - - Closes #6463 - -- ftp: never set data->set.ftp_append outside setopt - - Since the set value then risks getting used like that when the easy - handle is reused by the application. - - Also: renamed the struct field from 'ftp_append' to 'remote_append' - since it is also used for SSH protocols. - - Closes #6579 - -- urldata: remove the 'rtspversion' field - - from struct connectdata and the corresponding code in http.c that set - it. It was never used for anything! - - Closes #6581 - -- CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent - - ... so passed in commands may confuse libcurl's knowledge of state. - - Reported-by: Bodo Bergmann - Fixes #6577 - Closes #6580 - -- [Jacob Hoffman-Andrews brought this change] - - vtls: factor out Curl_ssl_getsock to field of Curl_ssl - - Closes #6558 - -- RELEASE-PROCEDURE: remove old release dates, add new - -- docs/SSL-PROBLEMS: enhanced - - Elaborate on the intermediate cert issue, and mention that anything - below TLS 1.2 is generally considered insecure these days. - - Closes #6572 - -- THANKS: remove a Jon Rumsey dupe - -Daniel Gustafsson (5 Feb 2021) -- [nimaje brought this change] - - docs: fix FILE example url in --metalink documentation - - In a url after <scheme>:// follows the possibly empty authority part - till the next /, so that url missed a /. - - Closes #6573 - Reviewed-by: Daniel Stenberg <daniel@haxx.se> - Reviewed-by: Daniel Gustafsson <daniel@yesql.se> - -Daniel Stenberg (5 Feb 2021) -- hostip: fix build with sync resolver - - Reported-by: David Goerger - Follow-up from 8335c6417 - Fixes #6566 - Closes #6568 - -- mailmap: Jon Rumsey - -- [Jon Rumsey brought this change] - - gskit: correct the gskit_send() prototype - - gskit_send() first paramater is a pointer to Curl_easy not connectdata - struct. - - Closes #6570 - Fixes #6569 - -- urldata: fix build without HTTP and MQTT - - Reported-by: Joseph Chen - Fixes #6562 - Closes #6563 - -- ftp: avoid SIZE when asking for a TYPE A file - - ... as we ignore it anyway because servers don't report the correct size - and proftpd even blatantly returns a 550. - - Updates a set of tests accordingly. - - Reported-by: awesomenode on github - Fixes #6564 - Closes #6565 - -- pingpong: rename the curl_pp_transfer enum to use PP prefix - - Using an FTP prefix for PP provided functionality was misleading. - -- RELEASE-NOTES: synced - - ... and bump pending version to 7.75.1 (for now) - -Jay Satiro (4 Feb 2021) -- build: fix --disable-http-auth - - Broken since 215db08 (precedes 7.75.0). - - Reported-by: Benbuck Nason - - Fixes https://github.com/curl/curl/issues/6567 - -- build: fix --disable-dateparse - - Broken since 215db08 (precedes 7.75.0). - - Bug: https://curl.se/mail/lib-2021-02/0008.html - Reported-by: Firefox OS - -Daniel Stenberg (4 Feb 2021) -- [Jon Rumsey brought this change] - - OS400: update for CURLOPT_AWS_SIGV4 - - chkstrings fails because a new string option that could require codepage - conversion has been added. - - Closes #6561 - Fixes #6560 - -- BUG-BOUNTY: removed the cooperation mention - -Version 7.75.0 (3 Feb 2021) - -Daniel Stenberg (3 Feb 2021) -- RELEASE-NOTES: synced - -- THANKS: added contributors from 7.75.0 - -- copyright: fix year ranges in need of updates - -- TODO: remove items for next SONAME bump etc - - We want to avoid that completely, so we don't plan for things after such - an event. - -- [Jay Satiro brought this change] - - ngtcp2: Fix build error due to change in ngtcp2_settings - - - Separate ngtcp2_transport_params. - - ngtcp2/ngtcp2@05d7adc made ngtcp2_transport_params separate from - ngtcp2_settings. - - ngtcp2 master is required to build curl with http3 support. - - Closes #6554 - -- vtls: remove md5sum - - As it is not used anymore. - - Reported-by: Jacob Hoffman-Andrews - Bug: https://curl.se/mail/lib-2021-02/0000.html - - Closes #6557 - -- [Alessandro Ghedini brought this change] - - quiche: don't use primary_ip / primary_port - - Closes #6555 - -Alessandro Ghedini (1 Feb 2021) -- travis: enable quiche's FFI feature - -Daniel Stenberg (30 Jan 2021) -- [Dmitry Wagin brought this change] - - http: improve AWS HTTP v4 Signature auth - - - Add support services without region and service prefixes in - the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc) - by providing region and service parameters via aws-sigv4 option. - - Add [:region[:service]] suffix to aws-sigv4 option; - - Fix memory allocation errors. - - Refactor memory management. - - Use Curl_http_method instead() STRING_CUSTOMREQUEST. - - Refactor canonical headers generating. - - Remove repeated sha256_to_hex() usage. - - Add some docs fixes. - - Add some codestyle fixes. - - Add overloaded strndup() for debug - curl_dbg_strndup(). - - Update tests. - - Closes #6524 - -- hyper: fix CONNECT to set 'data' as userdata - - Follow-up to 14e075d1a7fd - -- [Layla brought this change] - - connect: fix compile errors in `Curl_conninfo_local` - - .. for the `#else` (`!HAVE_GETSOCKNAME`) case - - Fixes https://github.com/curl/curl/issues/6548 - Closes #6549 - - Signed-off-by: Layla <layla@insightfulvr.com> - -- [Michał Antoniak brought this change] - - transfer: fix GCC 10 warning with flag '-Wint-in-bool-context' - - ... and return the error code from the Curl_mime_rewind call. - - Closes #6537 - -- [Michał Antoniak brought this change] - - avoid warning: enum constant in boolean context - -- copyright: fix missing year (range) updates - -- RELEASE-NOTES: synced - -- openssl: lowercase the hostname before using it for SNI - - ... because it turns out several servers out there don't actually behave - correctly otherwise in spite of the fact that the SNI field is - specifically said to be case insensitive in RFC 6066 section 3. - - Reported-by: David Earl - Fixes #6540 - Closes #6543 - -- KNOWN_BUGS: cmake: ExternalProject_Add does not set CURL_CA_PATH - - Closes #6313 - -- KNOWN_BUGS: Multi perform hangs waiting for threaded resolver - - Closes #4852 - -- KNOWN_BUGS: "pulseUI VPN client" is known to be buggy - - First entry in the new section "applications" for known problems in - libcurl using applications. - - Closes #6306 - -- tool_writeout: make %{errormsg} blank for no errors - - Closes #6539 - -Jay Satiro (27 Jan 2021) -- [Gisle Vanem brought this change] - - build: fix djgpp builds - - - Update build instructions in packages/DOS/README - - - Extend 'VPATH' with 'vquic' and 'vssh'. - - - Allow 'Makefile.dist' to build both 'lib' and 'src'. - - - Allow using the Windows hosted djgpp cross compiler to build for MSDOS - under Windows. - - - 'USE_SSL' -> 'USE_OPENSSL' - - - Added a 'link_EXE' macro. Etc, etc. - - - Linking 'curl.exe' needs '$(CURLX_CFILES)' too. - - - Do not pick-up '../lib/djgpp/*.o' files. Recompile locally. - - - Generate a gzipped 'tool_hugehelp.c' if 'USE_ZLIB=1'. - - - Remove 'djgpp-clean' - - - Adapt to new C-ares directory structure - - - Use conditional variable assignments - - Clarify the 'conditional variable assignment' in 'common.dj'. - - Closes https://github.com/curl/curl/pull/6382 - -Daniel Stenberg (27 Jan 2021) -- [Ikko Ashimine brought this change] - - hyper: fix typo in c-hyper.c - - settting -> setting - - Closes #6538 - -- libssh2: fix CURL_LIBSSH2_DEBUG-enabled build - - Follow-up to 2dcc940959772a - - Reported-by: Gisle Vanem - Bug: https://github.com/curl/curl/commit/2dcc940959772a652f6813fb6bd3092095a4877b#commitcomment-46420088 - -Jay Satiro (27 Jan 2021) -- asyn-thread: fix build for when getaddrinfo missing - - This is a follow-up to 8315343 which several days ago moved the resolver - pointer into the async struct but did not update the code that uses it - when getaddrinfo is not present. - - Closes https://github.com/curl/curl/pull/6536 - -Daniel Stenberg (27 Jan 2021) -- urldata: move 'ints' to the end of 'connectdata' - - To optimize storage slightly. - - Closes #6534 - -- urldata: store ip version in a single byte - - Closes #6534 - -- urldata: remove duplicate 'upkeep_interval_ms' from connectdata - - ... and rely only on the value already set in Curl_easy. - - Closes #6534 - -- urldata: remove 'local_ip' from the connectdata struct - - As the info is already stored in the transfer handle anyway, there's no - need to carry around a duplicate buffer for the life-time of the handle. - - Closes #6534 - -- urldata: remove duplicate port number storage - - ... and use 'int' for ports. We don't use 'unsigned short' since -1 is - still often used internally to signify "unknown value" and 0 - 65535 are - all valid port numbers. - - Closes #6534 - -- urldata: remove the duplicate 'ip_addr_str' field - - ... as the numerical IP address is already stored and kept in 'primary_ip'. - - Closes #6534 - -- select: convert Curl_select() to private static function - - The old function should not be used anywhere anymore (the only remaining - gskit use has to be fixed to instead use Curl_poll or none at all). - - The static function version is now called our_select() and is only built - if necessary. - - Closes #6531 - -- Curl_chunker: shrink the struct - - ... by removing a field, converting the hex index into a byte and - rearranging the order. Cuts it down from 48 bytes to 32 on x86_64. - - Closes #6527 - -- curl: include the file name in --xattr/--remote-time error msgs - -- curl: s/config->global/global/ in single_transfer() - -- curl: move fprintf outputs to warnf - - For setting and getting time of the download. To make the outputs - respect --silent etc. - - Reported-by: Viktor Szakats - Fixes #6533 - Closes #6535 - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: Fix http3 upload stall - - Closes #6521 - -- [Tatsuhiro Tsujikawa brought this change] - - ngtcp2: Fix stack buffer overflow - - Closes #6521 - -- warnless.h: remove the prototype for curlx_ultosi - - Follow-up to 217552503ff3 - -- warnless: remove curlx_ultosi - - ... not used anywhere - - Closes #6530 - -- [Patrick Monnerat brought this change] - - lib: remove conn->data uses - - Closes #6515 - -- pingpong: remove the 'conn' struct member - - ... as it's superfluous now when Curl_easy is passed in and we can - derive the connection from that instead and avoid the duplicate copy. - - Closes #6525 - -- hostip/proxy: remove conn->data use - - Closes #6513 - -- url: reduce conn->data references - - ... there are a few left but let's keep them to last - - Closes #6512 - -- scripts/singleuse: add curl_easy_option* - -Jay Satiro (25 Jan 2021) -- test410: fix for windows - - - Pass the very long request header via file instead of command line. - - Prior to this change the 49k very long request header string was passed - via command line and on Windows that is too long so it was truncated and - the test would fail (specifically msys CI). - - Closes https://github.com/curl/curl/pull/6516 - -Daniel Stenberg (25 Jan 2021) -- libssh2: move data from connection object to transfer object - - Readdir data, filenames and attributes are strictly related to the - transfer and not the connection. This also reduces the total size of the - fixed connectdata struct. - - Closes #6519 - -- RELEASE-NOTES: synced - -- [Patrick Monnerat brought this change] - - lib: remove conn->data uses - - Closes #6499 - -- hyper: remove the conn->data references - - Closes #6508 - -- travis: build ngtcp2 --with-gnutls - - ... since they disable it by default since a few days back. - - Closes #6506 - Fixes #6493 - -- hostip: remove conn->data from resolver functions - - This also moves the 'async' struct from the connectdata struct into the - Curl_easy struct, which seems like a better home for it. - - Closes #6497 - -Jay Satiro (22 Jan 2021) -- strerror: skip errnum >= 0 assertion on windows - - On Windows an error number may be greater than INT_MAX and negative once - cast to int. - - The assertion is checked only in debug builds. - - Closes https://github.com/curl/curl/pull/6504 - -Daniel Stenberg (21 Jan 2021) -- doh: make Curl_doh_is_resolved survive a NULL pointer - - ... if Curl_doh() returned a NULL, this function gets called anyway as - in a asynch procedure. Then the doh struct pointer is NULL and signifies - an OOM situation. - - Follow-up to 6246a1d8c6776 - -- wolfssh: remove conn->data references - - ... and repair recent build breakage - - Closes #6507 - -- http: empty reply connection are not left intact - - ... so mark the connection as closed in this condition to prevent that - verbose message to wrongly appear. - - Reported-by: Matt Holt - Bug: https://twitter.com/mholt6/status/1352130240265375744 - Closes #6503 - -- chunk/encoding: remove conn->data references - - ... by anchoring more functions on Curl_easy instead of connectdata - - Closes #6498 - -Jay Satiro (20 Jan 2021) -- [Erik Olsson brought this change] - - lib: save a bit of space with some structure packing - - - Reorder some internal struct members so that less padding is used. - - This is an attempt at saving a bit of space by packing some structs - (using pahole to find the holes) where it might make sense to do - so without losing readability. - - I.e., I tried to avoid separating fields that seem grouped - together (like the cwd... fields in struct ftp_conn for instance). - Also abstained from touching fields behind conditional macros as - that quickly can get complicated. - - Closes https://github.com/curl/curl/pull/6483 - -Daniel Stenberg (20 Jan 2021) -- INSTALL.md: fix typo - - Found-by: Marcel Raad - -- [Fabian Keil brought this change] - - http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy - - Added test 1613 to verify. - - Closes #6490 - -- Merge branch 'bagder/curl_range-data-conn' - -- ftp: remove conn->data leftover - -- curl_range: remove conn->data - - Closes #6496 - -- INSTALL: now at 85 operating systems - -- quiche: fix unused parameter ‘conn’ - - Follow-up to 2bdec0b3 - -- transfer: fix ‘conn’ undeclared mistake for iconv build - - Follow-up to 219d9f8620d - -- doh: allocate state struct on demand - - ... instead of having it static within the Curl_easy struct. This takes - away 1176 bytes (18%) from the Curl_easy struct that aren't used very - often and instead makes the code allocate it when needed. - - Closes #6492 - -- socks: use the download buffer instead - - The SOCKS code now uses the generic download buffer for temporary - storage during the connection procedure, instead of having its own - private 600 byte buffer that adds to the connectdata struct size. This - works fine because this point the buffer is allocated but is not use for - download yet since the connection hasn't completed. - - This reduces the connection struct size by 22% on a 64bit arch! - - The SOCKS buffer needs to be at least 600 bytes, and the download buffer - is guaranteed to never be smaller than 1000 bytes. - - Closes #6491 - -- urldata: make magic be the first struct field - - By making the `magic` identifier the same size and at the same place - within the structs (easy, multi, share), libcurl will be able to more - reliably detect and safely error out if an application passes in the - wrong handle to APIs. Easier to detect and less likely to cause crashes - if done. - - Such mixups can't be detected at compile-time due to them being - typedefed void pointers - unless `CURL_STRICTER` is defined. - - Closes #6484 - -- http_chunks: correct and clarify a comment on hexnumber length - - ... and also rename the define for max length. - - Closes #6489 - -- curl_path: remove conn->data use - - Closes #6487 - -- transfer: remove conn->data use - - Closes #6486 - -- quic: remove conn->data use - - Closes #6485 - -- [Fabian Keil brought this change] - - Add test1181: Proxy request with --proxy-header "Connection: Keep-Alive" - -- [Fabian Keil brought this change] - - Add test1180: Proxy request with -H "Proxy-Connection: Keep-Alive" - - At the moment the test fails as curl sends two Proxy-Connection - headers. - -- c-hyper: avoid duplicated Proxy-Connection headers - -- http: make providing Proxy-Connection header not cause duplicated headers - - Fixes test 1180 - - Bug: https://curl.se/mail/lib-2021-01/0095.html - Reported-by: Fabian Keil - Closes #6472 - -- runtests: preprocess DISABLED to allow conditionals - - ... with this function provided, we can disable tests for specific - environments and setups directly within this file. - - Closes #6477 - -- runtests: turn preprocessing into a separate function - - ... and remove all other variable substitutions as they're now done once - and for all in the preprocessor. - -- lib/Makefile.inc: convert to listing each file on its own line - - ... to make it diff friendlier and easier to read. - - Closes #6448 - -- ftplistparser: remove use of conn->data - - Closes #6482 - -- lib: more conn->data cleanups - - Closes #6479 - -- [Patrick Monnerat brought this change] - - vtls: reduce conn->data use - - Closes #6474 - -- hyper: deliver data to application with Curl_client_write - - ... just as the native code path does. Avoids sending too large data - chunks in the callback and more. - - Reported-by: Gisle Vanem - Fixes #6462 - Closes #6473 - -- gopher: remove accidental conn->data leftover diff --git a/contrib/libs/curl/README b/contrib/libs/curl/README index b690816e1f..9705f41988 100644 --- a/contrib/libs/curl/README +++ b/contrib/libs/curl/README @@ -40,7 +40,7 @@ GIT git clone https://github.com/curl/curl.git - (you'll get a directory named curl created, filled with the source code) + (you will get a directory named curl created, filled with the source code) SECURITY PROBLEMS diff --git a/contrib/libs/curl/RELEASE-NOTES b/contrib/libs/curl/RELEASE-NOTES index 1829b78807..2dcccb1cd7 100644 --- a/contrib/libs/curl/RELEASE-NOTES +++ b/contrib/libs/curl/RELEASE-NOTES @@ -1,23 +1,139 @@ -curl and libcurl 7.79.1 +curl and libcurl 7.80.0 - Public curl releases: 203 - Command line options: 242 - curl_easy_setopt() options: 290 - Public functions in libcurl: 85 - Contributors: 2489 + Public curl releases: 204 + Command line options: 243 + curl_easy_setopt() options: 294 + Public functions in libcurl: 86 + Contributors: 2533 + +This release includes the following changes: + + o CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse [25] + o CURLOPT_PREREQFUNCTION: add new callback [17] + o libssh2: add SHA256 fingerprint support [4] + o urlapi: add curl_url_strerror() [21] + o urlapi: support UNC paths in file: URLs on Windows [20] + o wolfssl: allow setting of groups/curves [22] This release includes the following bugfixes: - o Curl_http2_setup: don't change connection data on repeat invokes [10] - o curl_multi_fdset: make FD_SET() not operate on sockets out of range [4] - o dist: provide lib/.checksrc in the tarball [6] - o FAQ: add GOPHERS + curl works on data, not files - o hsts: CURLSTS_FAIL from hsts read callback should fail transfer [8] - o hsts: handle unlimited expiry [3] - o http: fix the broken >3 digit response code detection [1] - o strerror: use sys_errlist instead of strerror on Windows [5] - o test1184: disable [9] - o tests/sshserver.pl: make it work with openssh-8.7p1 [2] + o .github: retry macos "brew install" command on failure [125] + o aws-sigv4: make signature work when post data is binary [68] + o BINDINGS: URL updates [30] + o build: remove checks for WinSock 1 [36] + o c-hyper: don't abort CONNECT responses early when auth-in-progress [71] + o c-hyper: make Curl_http propagate errors better [50] + o c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work [97] + o c-hyper: make test 217 run [74] + o c-hyper: use hyper_request_set_uri_parts to make h2 better [39] + o checksrc: ignore preprocessor lines [64] + o CI/makefiles: introduce dedicated test target [34] + o ci: update Lift config to match requirements of curl build [1] + o cirrus: remove FreeBSD 11.4 from the matrix [62] + o cirrus: switch to openldap24-client [63] + o cleanup: constify unmodified static structs [2] + o cmake: add CURL_ENABLE_SSL option [46] + o cmake: fix error getting LOCATION property on non-imported target [59] + o CMake: restore support for SecureTransport on iOS [103] + o cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED [14] + o cmdline-opts: made the 'Added:' field mandatory [37] + o configure.ac: replace krb5-config with pkg-config [80] + o configure: when hyper is selected, deselect nghttp2 [94] + o connect: use sysaddr_un from sys/un.h or custom-defined for windows [23] + o curl-confopts.m4: remove --enable/disable-hidden-symbols [70] + o curl-openssl.m4: modify library order for openssl linking [40] + o curl-openssl: pass argument to sed single-quoted [15] + o curl.1: remove mentions of really old version changes [38] + o curl: actually append "-" to --range without number only [57] + o curl: correct grammar in generated libcurl code [53] + o curl: print help descriptions in an aligned right column [16] + o curl_gssapi: fix link error on macOS Monterey [55] + o curl_multi_socket_action.3: add a "RETURN VALUE" section [106] + o curl_ntlm_core: use OpenSSL only if DES is available [42] + o Curl_updateconninfo: store addresses for QUIC connections too [90] + o CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred [126] + o CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required [114] + o CURLOPT_HTTPHEADER.3: add descripion for specific headers [35] + o docs/HTTP3: improve build instructions [102] + o docs/Makefile.am: repair 'make html' [52] + o docs: fix typo in CURLOPT_TRAILERFUNCTION example [93] + o docs: provide "RETURN VALUE" section for more func manpages [105] + o docs: reduce use of "very" [107] + o doh: remove experimental code for DoH with GET [61] + o examples/htmltidy: correct wrong printf() use [66] + o examples/imap-append: fix end-of-data check [7] + o ftp: make the MKD retry to retry once per directory [113] + o gen.pl: insert the current date and version in generated man page [11] + o gen.pl: replace leading single quotes with \(aq [110] + o http2: make getsock not wait for write if there's no remote window [56] + o HTTP3: fix the HTTP/3 Explained book link [27] + o http: fix Basic auth with empty name field in URL [24] + o http: reject HTTP response codes < 100 [92] + o http: remove assert that breaks hyper [47] + o http: set content length earlier [67] + o http_proxy: make hyper CONNECT() return the correct error code [51] + o http_proxy: multiple CONNECT with hyper done better [78] + o hyper: disable test 1294 since hyper doesn't allow such crazy headers [96] + o hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING [72] + o hyper: pass the CONNECT line to the debug callback [79] + o imap: display quota information [115] + o INSTALL: update symbol hiding option [77] + o lib/mk-ca-bundle.pl: skip certs passed Not Valid After date [18] + o lib: avoid fallthrough cases in switch statements [33] + o libcurl.rc: switch out the copyright symbol for plain ASCII [5] + o libssh2: Get the version at runtime if possible [12] + o limit-rate.d: this is average over several seconds [119] + o llist: remove redundant code, branch will not be executed [10] + o Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options [100] + o maketgz: redirect updatemanpages.pl output to /dev/null + o man pages: require all to use the same section header order [101] + o manpage: adjust the asterisk in some SYNOPSIS sections [82] + o md5: fix compilation with OpenSSL 3.0 API [43] + o misc: fix a few issues on MidnightBSD [28] + o misc: fix typos in docs and comments [3] + o ngtcp2: advertise h3 as well as h3-29 [109] + o ngtcp2: compile with the latest nghttp3 [117] + o ngtcp2: specify the missing required callback functions [108] + o ngtcp2: use latest QUIC TLS RFC9001 [122] + o NTLM: use DES_set_key_unchecked with OpenSSL [13] + o openssl: if verifypeer is not requested, skip the CA loading [69] + o openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway [44] + o Revert "src/tool_filetime: disable -Wformat on mingw for this file" [88] + o sasl: binary messages [31] + o schannel: fix memory leak due to failed SSL connection [89] + o scripts/delta: count command line options in the new file + o sendf: accept zero-length data in Curl_client_write() [95] + o sha256: use high-level EVP interface for OpenSSL [41] + o smooth-gtk-thread.c: enhance the mutex lock use [112] + o sws: fix memory leak on exit [49] + o test1160: edited to work with hyper [83] + o test1173: make manpage-syntax.pl spot \n errors in examples + o test1185: verify checksrc [58] + o test1266/1267: disabled on hyper: no HTTP/0.9 support [99] + o test1287: make work on hyper [98] + o test207: accept a different error code for hyper [76] + o test262: don't attempt with hyper [73] + o test552: updated to work with hyper [87] + o test559: add 'HTTP' in keywords [86] + o tests/smbserver.py: fix compatibility with impacket 0.9.23+ [104] + o tests: add Schannel-specific tests and disable unsupported ones [91] + o tests: disable test 2043 [54] + o tests: kill some test servers afterwards to avoid locked logfiles [111] + o tests: use python3 in test 1451 [48] + o tls: remove newline from three infof() calls [85] + o tool_cb_prg: make resumed upload progress bar show better [9] + o tool_listhelp: easier generated with gen.pl [19] + o tool_main: fix typo in comment [29] + o tool_operate: a failed etag save now only fails that transfer [124] + o URL-SYNTAX: add IMAP UID SEARCH example [81] + o url: check the return value of curl_url() [75] + o url: set "k->size" -1 at start of request [60] + o urlapi: skip a strlen(), pass in zero [65] + o urlapi: URL decode percent-encoded host names [26] + o version_win32: use actual version instead of manifested version [45] + o vtls: Fix a memory leak if an SSL session cannot be added to the cache [8] + o wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity [32] + o zuul: pin the quiche build to use an older cmake-rs [84] This release includes the following known bugs: @@ -26,19 +142,146 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - 0xee on github, Daniel Stenberg, Evangelos Foutras, Glenn de boer, - Jonathan Cardoso Machado, Kamil Dudka, Marcel Raad, Ray Satiro, - RiderALT on github, tawmoto on github, Viktor Szakats, - (11 contributors) + 8U61ife on github, a1346054 on github, Abhinav Singh, Alexander Chuykov, + Alexander Kanavin, Amaury Denoyelle, Anthony Hu, Axel Morawietz, + beslick5 on github, billionai on github, Bo Anderson, Boris Rasin, + Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, David Cook, David Hu, + Earnestly on github, Eddie Lumpkin, Érico Nogueira, Erik Stenlund, + Gisle Vanem, Gleb Ivanovsky, Godwin Stewart, h1zzz on github, Harry Sintonen, + Hayden Roche, Jakub Zakrzewski, Jan Mazur, Jeffrey Tolar, Jerome Mao, + Joel Depooter, Jonathan Cardoso Machado, Josip Medved, Jun-ya Kato, + Kerem Kat, Kevin Burke, Kirill Efimov, Lucas Holt, Malik Idrees Hasan Khan, + Marcel Raad, Marc Hörsken, Mats Lindestam, Max Dymond, Michael Afanasiev, + Michael Baentsch, Michael Kaufmann, Momoka Yamamoto, Noam Moshe, + orycho on github, Patrick Monnerat, Rafał Mikrut, Randall S. Becker, + Raul Onitza-Klugman, Ray Satiro, Ricardo Martins, Rick Lane, + Rikard Falkeborn, Roger Young, Roy Li, ryancaicse on github, Ryan Mast, + Samuel Henrique, Sean Molenaar, Sergey Markelov, Sergio Durigan Junior, + sergio-nsk on github, Sharon Brizinov, Stathis Kapnidis, + Steini2000 on github, Tatsuhiro Tsujikawa, Thomas M. DuBuisson, + tlahn on github, Viktor Szakats, Vitaly Varyvdin, Wyatt O'Day, + x2018 on github, Борис Верховский, + (78 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=7738 - [2] = https://curl.se/bug/?i=7724 - [3] = https://curl.se/bug/?i=7720 - [4] = https://curl.se/bug/?i=7718 - [5] = https://curl.se/bug/?i=7735 - [6] = https://curl.se/bug/?i=7733 - [8] = https://curl.se/bug/?i=7726 - [9] = https://curl.se/bug/?i=7725 - [10] = https://curl.se/bug/?i=7730 + [1] = https://curl.se/bug/?i=7761 + [2] = https://curl.se/bug/?i=7759 + [3] = https://curl.se/bug/?i=7747 + [4] = https://curl.se/bug/?i=7646 + [5] = https://curl.se/bug/?i=7765 + [7] = https://curl.se/bug/?i=7774 + [8] = https://curl.se/bug/?i=7683 + [9] = https://curl.se/bug/?i=7760 + [10] = https://curl.se/bug/?i=7770 + [11] = https://curl.se/bug/?i=7782 + [12] = https://curl.se/bug/?i=7768 + [13] = https://curl.se/bug/?i=7779 + [14] = https://curl.se/bug/?i=7767 + [15] = https://curl.se/bug/?i=7758 + [16] = https://curl.se/bug/?i=7792 + [17] = https://curl.se/bug/?i=7477 + [18] = https://curl.se/bug/?i=7801 + [19] = https://curl.se/bug/?i=7787 + [20] = https://curl.se/bug/?i=7366 + [21] = https://curl.se/bug/?i=7605 + [22] = https://curl.se/bug/?i=7728 + [23] = https://curl.se/bug/?i=7737 + [24] = https://curl.se/bug/?i=7819 + [25] = https://curl.se/mail/lib-2021-09/0058.html + [26] = https://curl.se/bug/?i=7830 + [27] = https://curl.se/bug/?i=7813 + [28] = https://curl.se/bug/?i=7812 + [29] = https://curl.se/bug/?i=7811 + [30] = https://curl.se/bug/?i=7809 + [31] = https://curl.se/bug/?i=6930 + [32] = https://curl.se/bug/?i=7806 + [33] = https://curl.se/bug/?i=7322 + [34] = https://curl.se/bug/?i=7785 + [35] = https://curl.se/bug/?i=7829 + [36] = https://curl.se/bug/?i=7778 + [37] = https://curl.se/bug/?i=7786 + [38] = https://curl.se/bug/?i=7786 + [39] = https://curl.se/bug/?i=7679 + [40] = https://curl.se/bug/?i=7826 + [41] = https://curl.se/bug/?i=7808 + [42] = https://curl.se/bug/?i=7808 + [43] = https://curl.se/bug/?i=7808 + [44] = https://curl.se/bug/?i=7840 + [45] = https://curl.se/bug/?i=7742 + [46] = https://curl.se/bug/?i=7822 + [47] = https://curl.se/bug/?i=7852 + [48] = https://curl.se/bug/?i=7899 + [49] = https://curl.se/bug/?i=7849 + [50] = https://curl.se/bug/?i=7851 + [51] = https://curl.se/bug/?i=7825 + [52] = https://curl.se/bug/?i=7853 + [53] = https://curl.se/bug/?i=7802 + [54] = https://curl.se/bug/?i=7845 + [55] = https://curl.se/bug/?i=7657 + [56] = https://curl.se/bug/?i=7821 + [57] = https://curl.se/bug/?i=7837 + [58] = https://curl.se/bug/?i=7866 + [59] = https://curl.se/bug/?i=7885 + [60] = https://curl.se/bug/?i=7871 + [61] = https://curl.se/bug/?i=7870 + [62] = https://curl.se/bug/?i=7869 + [63] = https://curl.se/bug/?i=7868 + [64] = https://curl.se/bug/?i=7863 + [65] = https://curl.se/bug/?i=7862 + [66] = https://curl.se/bug/?i=7860 + [67] = https://github.com/curl/curl/commit/8a16e54#r57374914 + [68] = https://curl.se/bug/?i=7844 + [69] = https://curl.se/bug/?i=7892 + [70] = https://curl.se/bug/?i=7891 + [71] = https://curl.se/bug/?i=7889 + [72] = https://curl.se/bug/?i=7889 + [73] = https://curl.se/bug/?i=7889 + [74] = https://curl.se/bug/?i=7889 + [75] = https://curl.se/bug/?i=7917 + [76] = https://curl.se/bug/?i=7889 + [77] = https://curl.se/bug/?i=7890 + [78] = https://curl.se/bug/?i=7888 + [79] = https://curl.se/bug/?i=7887 + [80] = https://curl.se/bug/?i=7916 + [81] = https://github.com/curl/curl/issues/7626 + [82] = https://curl.se/bug/?i=7884 + [83] = https://curl.se/bug/?i=7912 + [84] = https://curl.se/bug/?i=7927 + [85] = https://curl.se/bug/?i=7879 + [86] = https://curl.se/bug/?i=7911 + [87] = https://curl.se/bug/?i=7911 + [88] = https://curl.se/bug/?i=7941 + [89] = https://curl.se/bug/?i=7877 + [90] = https://curl.se/bug/?i=7939 + [91] = https://curl.se/bug/?i=7968 + [92] = https://curl.se/bug/?i=7909 + [93] = https://curl.se/bug/?i=7910 + [94] = https://curl.se/bug/?i=7908 + [95] = https://curl.se/bug/?i=7898 + [96] = https://curl.se/bug/?i=7905 + [97] = https://curl.se/bug/?i=7905 + [98] = https://curl.se/bug/?i=7905 + [99] = https://curl.se/bug/?i=7905 + [100] = https://curl.se/bug/?i=7895 + [101] = https://curl.se/bug/?i=7904 + [102] = https://curl.se/bug/?i=7842 + [103] = https://curl.se/bug/?i=7501 + [104] = https://curl.se/bug/?i=7924 + [105] = https://curl.se/bug/?i=7902 + [106] = https://curl.se/bug/?i=7901 + [107] = https://curl.se/bug/?i=7936 + [108] = https://curl.se/bug/?i=7929 + [109] = https://curl.se/bug/?i=7979 + [110] = https://curl.se/bug/?i=7933 + [111] = https://curl.se/bug/?i=7925 + [112] = https://curl.se/bug/?i=7926 + [113] = https://curl.se/bug/?i=7967 + [114] = https://curl.se/bug/?i=7923 + [115] = https://curl.se/bug/?i=6973 + [117] = https://curl.se/bug/?i=7978 + [119] = https://curl.se/bug/?i=7970 + [122] = https://curl.se/bug/?i=7960 + [124] = https://curl.se/bug/?i=7945 + [125] = https://curl.se/bug/?i=7955 + [126] = https://curl.se/bug/?i=7957 diff --git a/contrib/libs/curl/include/curl/curl.h b/contrib/libs/curl/include/curl/curl.h index 835c3d871b..6b6ac8a05e 100644 --- a/contrib/libs/curl/include/curl/curl.h +++ b/contrib/libs/curl/include/curl/curl.h @@ -46,8 +46,8 @@ #include <stdio.h> #include <limits.h> -#if defined(__FreeBSD__) && (__FreeBSD__ >= 2) -/* Needed for __FreeBSD_version symbol definition */ +#if (defined(__FreeBSD__) && (__FreeBSD__ >= 2)) || defined(__MidnightBSD__) +/* Needed for __FreeBSD_version or __MidnightBSD_version symbol definition */ #include <osreldate.h> #endif @@ -73,6 +73,7 @@ defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ defined(__CYGWIN__) || defined(AMIGA) || defined(__NuttX__) || \ (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) || \ + (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) || \ defined(__VXWORKS__) #include <sys/select.h> #endif @@ -470,6 +471,20 @@ typedef int (*curl_debug_callback) size_t size, /* size of the data pointed to */ void *userptr); /* whatever the user please */ +/* This is the CURLOPT_PREREQFUNCTION callback prototype. */ +typedef int (*curl_prereq_callback)(void *clientp, + char *conn_primary_ip, + char *conn_local_ip, + int conn_primary_port, + int conn_local_port); + +/* Return code for when the pre-request callback has terminated without + any errors */ +#define CURL_PREREQFUNC_OK 0 +/* Return code for when the pre-request callback wants to abort the + request */ +#define CURL_PREREQFUNC_ABORT 1 + /* All possible error codes from all sorts of curl functions. Future versions may return other values, stay prepared. @@ -2043,7 +2058,8 @@ typedef enum { /* alt-svc cache file name to possibly read from/write to */ CURLOPT(CURLOPT_ALTSVC, CURLOPTTYPE_STRINGPOINT, 287), - /* maximum age of a connection to consider it for reuse (in seconds) */ + /* maximum age (idle time) of a connection to consider it for reuse + * (in seconds) */ CURLOPT(CURLOPT_MAXAGE_CONN, CURLOPTTYPE_LONG, 288), /* SASL authorisation identity */ @@ -2102,6 +2118,20 @@ typedef enum { this option is used only if PROXY_SSL_VERIFYPEER is true */ CURLOPT(CURLOPT_PROXY_CAINFO_BLOB, CURLOPTTYPE_BLOB, 310), + /* used by scp/sftp to verify the host's public key */ + CURLOPT(CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, CURLOPTTYPE_STRINGPOINT, 311), + + /* Function that will be called immediately before the initial request + is made on a connection (after any protocol negotiation step). */ + CURLOPT(CURLOPT_PREREQFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 312), + + /* Data passed to the CURLOPT_PREREQFUNCTION callback */ + CURLOPT(CURLOPT_PREREQDATA, CURLOPTTYPE_CBPOINT, 313), + + /* maximum age (since creation) of a connection to consider it for reuse + * (in seconds) */ + CURLOPT(CURLOPT_MAXLIFETIME_CONN, CURLOPTTYPE_LONG, 314), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; diff --git a/contrib/libs/curl/include/curl/curlver.h b/contrib/libs/curl/include/curl/curlver.h index 556a2290b0..6756c31bff 100644 --- a/contrib/libs/curl/include/curl/curlver.h +++ b/contrib/libs/curl/include/curl/curlver.h @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.79.1" +#define LIBCURL_VERSION "7.80.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 79 -#define LIBCURL_VERSION_PATCH 1 +#define LIBCURL_VERSION_MINOR 80 +#define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x074f01 +#define LIBCURL_VERSION_NUM 0x075000 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2021-09-22" +#define LIBCURL_TIMESTAMP "2021-11-10" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/contrib/libs/curl/include/curl/typecheck-gcc.h b/contrib/libs/curl/include/curl/typecheck-gcc.h index 34d0267ed9..9e14d8a372 100644 --- a/contrib/libs/curl/include/curl/typecheck-gcc.h +++ b/contrib/libs/curl/include/curl/typecheck-gcc.h @@ -317,6 +317,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_SERVICE_NAME || \ (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \ (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \ + (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 || \ (option) == CURLOPT_SSH_KNOWNHOSTS || \ (option) == CURLOPT_SSH_PRIVATE_KEYFILE || \ (option) == CURLOPT_SSH_PUBLIC_KEYFILE || \ @@ -363,6 +364,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_INTERLEAVEDATA || \ (option) == CURLOPT_IOCTLDATA || \ (option) == CURLOPT_OPENSOCKETDATA || \ + (option) == CURLOPT_PREREQDATA || \ (option) == CURLOPT_PROGRESSDATA || \ (option) == CURLOPT_READDATA || \ (option) == CURLOPT_SEEKDATA || \ diff --git a/contrib/libs/curl/include/curl/urlapi.h b/contrib/libs/curl/include/curl/urlapi.h index 1d70880117..3c4b4e18aa 100644 --- a/contrib/libs/curl/include/curl/urlapi.h +++ b/contrib/libs/curl/include/curl/urlapi.h @@ -47,7 +47,8 @@ typedef enum { CURLUE_NO_HOST, /* 14 */ CURLUE_NO_PORT, /* 15 */ CURLUE_NO_QUERY, /* 16 */ - CURLUE_NO_FRAGMENT /* 17 */ + CURLUE_NO_FRAGMENT, /* 17 */ + CURLUE_LAST } CURLUcode; typedef enum { @@ -118,6 +119,12 @@ CURL_EXTERN CURLUcode curl_url_get(CURLU *handle, CURLUPart what, CURL_EXTERN CURLUcode curl_url_set(CURLU *handle, CURLUPart what, const char *part, unsigned int flags); +/* + * curl_url_strerror() turns a CURLUcode value into the equivalent human + * readable error string. This is useful for printing meaningful error + * messages. + */ +CURL_EXTERN const char *curl_url_strerror(CURLUcode); #ifdef __cplusplus } /* end of extern "C" */ diff --git a/contrib/libs/curl/lib/asyn-ares.c b/contrib/libs/curl/lib/asyn-ares.c index 895a9e55dd..f8a21175ab 100644 --- a/contrib/libs/curl/lib/asyn-ares.c +++ b/contrib/libs/curl/lib/asyn-ares.c @@ -343,7 +343,7 @@ static int waitperform(struct Curl_easy *data, timediff_t timeout_ms) nfds = 0; if(!nfds) - /* Call ares_process() unconditonally here, even if we simply timed out + /* Call ares_process() unconditionally here, even if we simply timed out above, as otherwise the ares name resolve won't timeout! */ ares_process_fd((ares_channel)data->state.async.resolver, ARES_SOCKET_BAD, ARES_SOCKET_BAD); diff --git a/contrib/libs/curl/lib/c-hyper.c b/contrib/libs/curl/lib/c-hyper.c index b9180fec52..a19a556b6f 100644 --- a/contrib/libs/curl/lib/c-hyper.c +++ b/contrib/libs/curl/lib/c-hyper.c @@ -156,13 +156,15 @@ static int hyper_each_header(void *userdata, Curl_debug(data, CURLINFO_HEADER_IN, headp, len); - writetype = CLIENTWRITE_HEADER; - if(data->set.include_header) - writetype |= CLIENTWRITE_BODY; - result = Curl_client_write(data, writetype, headp, len); - if(result) { - data->state.hresult = CURLE_ABORTED_BY_CALLBACK; - return HYPER_ITER_BREAK; + if(!data->state.hconnect || !data->set.suppress_connect_headers) { + writetype = CLIENTWRITE_HEADER; + if(data->set.include_header) + writetype |= CLIENTWRITE_BODY; + result = Curl_client_write(data, writetype, headp, len); + if(result) { + data->state.hresult = CURLE_ABORTED_BY_CALLBACK; + return HYPER_ITER_BREAK; + } } data->info.header_size += (long)len; @@ -205,7 +207,8 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk) k->exp100 = EXP100_FAILED; } } - if(data->state.hconnect && (data->req.httpcode/100 != 2)) { + if(data->state.hconnect && (data->req.httpcode/100 != 2) && + data->state.authproxy.done) { done = TRUE; result = CURLE_OK; } @@ -260,6 +263,12 @@ static CURLcode status_line(struct Curl_easy *data, if(http_version == HYPER_HTTP_VERSION_1_0) data->state.httpwant = CURL_HTTP_VERSION_1_0; + if(data->state.hconnect) + /* CONNECT */ + data->info.httpproxycode = http_status; + + /* We need to set 'httpcodeq' for functions that check the response code in + a single place. */ data->req.httpcode = http_status; result = Curl_http_statusline(data, conn); @@ -277,16 +286,18 @@ static CURLcode status_line(struct Curl_easy *data, len = Curl_dyn_len(&data->state.headerb); Curl_debug(data, CURLINFO_HEADER_IN, Curl_dyn_ptr(&data->state.headerb), len); - writetype = CLIENTWRITE_HEADER; - if(data->set.include_header) - writetype |= CLIENTWRITE_BODY; - result = Curl_client_write(data, writetype, - Curl_dyn_ptr(&data->state.headerb), len); - if(result) { - data->state.hresult = CURLE_ABORTED_BY_CALLBACK; - return HYPER_ITER_BREAK; - } + if(!data->state.hconnect || !data->set.suppress_connect_headers) { + writetype = CLIENTWRITE_HEADER; + if(data->set.include_header) + writetype |= CLIENTWRITE_BODY; + result = Curl_client_write(data, writetype, + Curl_dyn_ptr(&data->state.headerb), len); + if(result) { + data->state.hresult = CURLE_ABORTED_BY_CALLBACK; + return HYPER_ITER_BREAK; + } + } data->info.header_size += (long)len; data->req.headerbytecount += (long)len; data->req.httpcode = http_status; @@ -299,8 +310,14 @@ static CURLcode status_line(struct Curl_easy *data, */ static CURLcode empty_header(struct Curl_easy *data) { - return hyper_each_header(data, NULL, 0, NULL, 0) ? - CURLE_WRITE_ERROR : CURLE_OK; + CURLcode result = Curl_http_size(data); + if(!result) { + result = hyper_each_header(data, NULL, 0, NULL, 0) ? + CURLE_WRITE_ERROR : CURLE_OK; + if(result) + failf(data, "hyperstream: couldn't pass blank header"); + } + return result; } CURLcode Curl_hyper_stream(struct Curl_easy *data, @@ -443,11 +460,9 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, break; } - if(empty_header(data)) { - failf(data, "hyperstream: couldn't pass blank header"); - result = CURLE_OUT_OF_MEMORY; + result = empty_header(data); + if(result) break; - } /* Curl_http_auth_act() checks what authentication methods that are * available and decides which one (if any) to use. It will set 'newurl' @@ -584,9 +599,22 @@ static CURLcode request_target(struct Curl_easy *data, if(result) return result; - if(hyper_request_set_uri(req, (uint8_t *)Curl_dyn_uptr(&r), - Curl_dyn_len(&r))) { - failf(data, "error setting path"); + if(h2 && hyper_request_set_uri_parts(req, + /* scheme */ + (uint8_t *)data->state.up.scheme, + strlen(data->state.up.scheme), + /* authority */ + (uint8_t *)conn->host.name, + strlen(conn->host.name), + /* path_and_query */ + (uint8_t *)Curl_dyn_uptr(&r), + Curl_dyn_len(&r))) { + failf(data, "error setting uri parts to hyper"); + result = CURLE_OUT_OF_MEMORY; + } + else if(!h2 && hyper_request_set_uri(req, (uint8_t *)Curl_dyn_uptr(&r), + Curl_dyn_len(&r))) { + failf(data, "error setting uri to hyper"); result = CURLE_OUT_OF_MEMORY; } else @@ -850,6 +878,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) io = hyper_io_new(); if(!io) { failf(data, "Couldn't create hyper IO"); + result = CURLE_OUT_OF_MEMORY; goto error; } /* tell Hyper how to read/write network data */ @@ -862,6 +891,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) h->exec = hyper_executor_new(); if(!h->exec) { failf(data, "Couldn't create hyper executor"); + result = CURLE_OUT_OF_MEMORY; goto error; } } @@ -869,6 +899,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) options = hyper_clientconn_options_new(); if(!options) { failf(data, "Couldn't create hyper client options"); + result = CURLE_OUT_OF_MEMORY; goto error; } if(conn->negnpn == CURL_HTTP_VERSION_2) { @@ -882,6 +913,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) handshake = hyper_clientconn_handshake(io, options); if(!handshake) { failf(data, "Couldn't create hyper client handshake"); + result = CURLE_OUT_OF_MEMORY; goto error; } io = NULL; @@ -889,6 +921,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(HYPERE_OK != hyper_executor_push(h->exec, handshake)) { failf(data, "Couldn't hyper_executor_push the handshake"); + result = CURLE_OUT_OF_MEMORY; goto error; } handshake = NULL; /* ownership passed on */ @@ -896,6 +929,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) task = hyper_executor_poll(h->exec); if(!task) { failf(data, "Couldn't hyper_executor_poll the handshake"); + result = CURLE_OUT_OF_MEMORY; goto error; } @@ -905,6 +939,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) req = hyper_request_new(); if(!req) { failf(data, "Couldn't hyper_request_new"); + result = CURLE_OUT_OF_MEMORY; goto error; } @@ -912,12 +947,14 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(HYPERE_OK != hyper_request_set_version(req, HYPER_HTTP_VERSION_1_0)) { failf(data, "error setting HTTP version"); + result = CURLE_OUT_OF_MEMORY; goto error; } } if(hyper_request_set_method(req, (uint8_t *)method, strlen(method))) { failf(data, "error setting method"); + result = CURLE_OUT_OF_MEMORY; goto error; } @@ -928,51 +965,81 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) headers = hyper_request_headers(req); if(!headers) { failf(data, "hyper_request_headers"); + result = CURLE_OUT_OF_MEMORY; goto error; } rc = hyper_request_on_informational(req, http1xx_cb, data); - if(rc) - return CURLE_OUT_OF_MEMORY; + if(rc) { + result = CURLE_OUT_OF_MEMORY; + goto error; + } result = Curl_http_body(data, conn, httpreq, &te); if(result) - return result; - - if(data->state.aptr.host && - Curl_hyper_header(data, headers, data->state.aptr.host)) goto error; - if(data->state.aptr.proxyuserpwd && - Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd)) - goto error; + if(!h2) { + if(data->state.aptr.host) { + result = Curl_hyper_header(data, headers, data->state.aptr.host); + if(result) + goto error; + } + } + else { + /* For HTTP/2, we show the Host: header as if we sent it, to make it look + like for HTTP/1 but it isn't actually sent since :authority is then + used. */ + result = Curl_debug(data, CURLINFO_HEADER_OUT, data->state.aptr.host, + strlen(data->state.aptr.host)); + if(result) + goto error; + } - if(data->state.aptr.userpwd && - Curl_hyper_header(data, headers, data->state.aptr.userpwd)) - goto error; + if(data->state.aptr.proxyuserpwd) { + result = Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd); + if(result) + goto error; + } - if((data->state.use_range && data->state.aptr.rangeline) && - Curl_hyper_header(data, headers, data->state.aptr.rangeline)) - goto error; + if(data->state.aptr.userpwd) { + result = Curl_hyper_header(data, headers, data->state.aptr.userpwd); + if(result) + goto error; + } + + if((data->state.use_range && data->state.aptr.rangeline)) { + result = Curl_hyper_header(data, headers, data->state.aptr.rangeline); + if(result) + goto error; + } if(data->set.str[STRING_USERAGENT] && *data->set.str[STRING_USERAGENT] && - data->state.aptr.uagent && - Curl_hyper_header(data, headers, data->state.aptr.uagent)) - goto error; + data->state.aptr.uagent) { + result = Curl_hyper_header(data, headers, data->state.aptr.uagent); + if(result) + goto error; + } p_accept = Curl_checkheaders(data, "Accept")?NULL:"Accept: */*\r\n"; - if(p_accept && Curl_hyper_header(data, headers, p_accept)) - goto error; - - if(te && Curl_hyper_header(data, headers, te)) - goto error; + if(p_accept) { + result = Curl_hyper_header(data, headers, p_accept); + if(result) + goto error; + } + if(te) { + result = Curl_hyper_header(data, headers, te); + if(result) + goto error; + } #ifndef CURL_DISABLE_PROXY if(conn->bits.httpproxy && !conn->bits.tunnel_proxy && !Curl_checkheaders(data, "Proxy-Connection") && !Curl_checkProxyheaders(data, conn, "Proxy-Connection")) { - if(Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive")) + result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"); + if(result) goto error; } #endif @@ -981,8 +1048,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(data->state.referer && !Curl_checkheaders(data, "Referer")) { data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer); if(!data->state.aptr.ref) - return CURLE_OUT_OF_MEMORY; - if(Curl_hyper_header(data, headers, data->state.aptr.ref)) + result = CURLE_OUT_OF_MEMORY; + else + result = Curl_hyper_header(data, headers, data->state.aptr.ref); + if(result) goto error; } @@ -992,8 +1061,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) data->state.aptr.accept_encoding = aprintf("Accept-Encoding: %s\r\n", data->set.str[STRING_ENCODING]); if(!data->state.aptr.accept_encoding) - return CURLE_OUT_OF_MEMORY; - if(Curl_hyper_header(data, headers, data->state.aptr.accept_encoding)) + result = CURLE_OUT_OF_MEMORY; + else + result = Curl_hyper_header(data, headers, + data->state.aptr.accept_encoding); + if(result) goto error; } else @@ -1003,38 +1075,43 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) /* we only consider transfer-encoding magic if libz support is built-in */ result = Curl_transferencode(data); if(result) - return result; - if(Curl_hyper_header(data, headers, data->state.aptr.te)) + goto error; + result = Curl_hyper_header(data, headers, data->state.aptr.te); + if(result) goto error; #endif result = cookies(data, conn, headers); if(result) - return result; + goto error; result = Curl_add_timecondition(data, headers); if(result) - return result; + goto error; result = Curl_add_custom_headers(data, FALSE, headers); if(result) - return result; + goto error; result = bodysend(data, conn, headers, req, httpreq); if(result) - return result; + goto error; - Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2); + result = Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2); + if(result) + goto error; data->req.upload_chunky = FALSE; sendtask = hyper_clientconn_send(client, req); if(!sendtask) { failf(data, "hyper_clientconn_send"); + result = CURLE_OUT_OF_MEMORY; goto error; } if(HYPERE_OK != hyper_executor_push(h->exec, sendtask)) { failf(data, "Couldn't hyper_executor_push the send"); + result = CURLE_OUT_OF_MEMORY; goto error; } @@ -1057,7 +1134,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) Curl_safefree(data->state.aptr.proxyuserpwd); return CURLE_OK; error: - + DEBUGASSERT(result); if(io) hyper_io_free(io); @@ -1067,7 +1144,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(handshake) hyper_task_free(handshake); - return CURLE_OUT_OF_MEMORY; + return result; } void Curl_hyper_done(struct Curl_easy *data) diff --git a/contrib/libs/curl/lib/connect.c b/contrib/libs/curl/lib/connect.c index d61b0374e3..af60947314 100644 --- a/contrib/libs/curl/lib/connect.c +++ b/contrib/libs/curl/lib/connect.c @@ -85,7 +85,7 @@ static bool verifyconnect(curl_socket_t sockfd, int *error); -#if defined(__DragonFly__) || defined(HAVE_WINSOCK_H) +#if defined(__DragonFly__) || defined(HAVE_WINSOCK2_H) /* DragonFlyBSD and Windows use millisecond units */ #define KEEPALIVE_FACTOR(x) (x *= 1000) #else @@ -629,7 +629,7 @@ bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen, #ifdef ENABLE_IPV6 struct sockaddr_in6 *si6 = NULL; #endif -#if defined(HAVE_SYS_UN_H) && defined(AF_UNIX) +#if (defined(HAVE_SYS_UN_H) || defined(WIN32_SOCKADDR_UN)) && defined(AF_UNIX) struct sockaddr_un *su = NULL; #else (void)salen; @@ -656,7 +656,7 @@ bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen, } break; #endif -#if defined(HAVE_SYS_UN_H) && defined(AF_UNIX) +#if (defined(HAVE_SYS_UN_H) || defined(WIN32_SOCKADDR_UN)) && defined(AF_UNIX) case AF_UNIX: if(salen > (curl_socklen_t)sizeof(CURL_SA_FAMILY_T)) { su = (struct sockaddr_un*)sa; @@ -744,17 +744,15 @@ void Curl_conninfo_local(struct Curl_easy *data, curl_socket_t sockfd, void Curl_updateconninfo(struct Curl_easy *data, struct connectdata *conn, curl_socket_t sockfd) { - /* 'local_ip' and 'local_port' get filled with local's numerical - ip address and port number whenever an outgoing connection is - **established** from the primary socket to a remote address. */ + /* 'local_ip' and 'local_port' get filled with local's numerical ip address + and port number whenever an outgoing connection is **established** from + the primary socket to a remote address. */ char local_ip[MAX_IPADR_LEN] = ""; int local_port = -1; - if(conn->transport == TRNSPRT_TCP) { - if(!conn->bits.reuse && !conn->bits.tcp_fastopen) - Curl_conninfo_remote(data, conn, sockfd); - Curl_conninfo_local(data, sockfd, local_ip, &local_port); - } /* end of TCP-only section */ + if(!conn->bits.reuse && !conn->bits.tcp_fastopen) + Curl_conninfo_remote(data, conn, sockfd); + Curl_conninfo_local(data, sockfd, local_ip, &local_port); /* persist connection info in session handle */ Curl_persistconninfo(data, conn, local_ip, local_port); diff --git a/contrib/libs/curl/lib/content_encoding.c b/contrib/libs/curl/lib/content_encoding.c index dad0a6dc73..0b8bae926b 100644 --- a/contrib/libs/curl/lib/content_encoding.c +++ b/contrib/libs/curl/lib/content_encoding.c @@ -240,7 +240,8 @@ static CURLcode inflate_stream(struct Curl_easy *data, } zp->zlib_init = ZLIB_UNINIT; /* inflateEnd() already called. */ } - /* FALLTHROUGH */ + result = exit_zlib(data, z, &zp->zlib_init, process_zlib_error(data, z)); + break; default: result = exit_zlib(data, z, &zp->zlib_init, process_zlib_error(data, z)); break; diff --git a/contrib/libs/curl/lib/curl_config-linux.h b/contrib/libs/curl/lib/curl_config-linux.h index 244d372f8d..984a078525 100644 --- a/contrib/libs/curl/lib/curl_config-linux.h +++ b/contrib/libs/curl/lib/curl_config-linux.h @@ -763,9 +763,6 @@ /* Define to 1 if you have the winsock2.h header file. */ /* #undef HAVE_WINSOCK2_H */ -/* Define to 1 if you have the winsock.h header file. */ -/* #undef HAVE_WINSOCK_H */ - /* Define to 1 if you have the <wolfssh/ssh.h> header file. */ /* #undef HAVE_WOLFSSH_SSH_H */ diff --git a/contrib/libs/curl/lib/curl_des.c b/contrib/libs/curl/lib/curl_des.c index 8c5af19cd2..76185cbf21 100644 --- a/contrib/libs/curl/lib/curl_des.c +++ b/contrib/libs/curl/lib/curl_des.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2015 - 2020, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,7 +22,7 @@ #include "curl_setup.h" -#if defined(USE_NTLM) && !defined(USE_OPENSSL) +#if defined(USE_NTLM) && !defined(USE_OPENSSL) && !defined(USE_WOLFSSL) #include "curl_des.h" diff --git a/contrib/libs/curl/lib/curl_gssapi.c b/contrib/libs/curl/lib/curl_gssapi.c index e80a07609f..70a607f3ab 100644 --- a/contrib/libs/curl/lib/curl_gssapi.c +++ b/contrib/libs/curl/lib/curl_gssapi.c @@ -32,10 +32,12 @@ #include "curl_memory.h" #include "memdebug.h" -static char spnego_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02"; -gss_OID_desc Curl_spnego_mech_oid = { 6, &spnego_oid_bytes }; -static char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"; -gss_OID_desc Curl_krb5_mech_oid = { 9, &krb5_oid_bytes }; +gss_OID_desc Curl_spnego_mech_oid = { + 6, (char *)"\x2b\x06\x01\x05\x05\x02" +}; +gss_OID_desc Curl_krb5_mech_oid = { + 9, (char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" +}; OM_uint32 Curl_gss_init_sec_context( struct Curl_easy *data, diff --git a/contrib/libs/curl/lib/curl_ntlm_core.c b/contrib/libs/curl/lib/curl_ntlm_core.c index 1c3013c83f..daefaae7c0 100644 --- a/contrib/libs/curl/lib/curl_ntlm_core.c +++ b/contrib/libs/curl/lib/curl_ntlm_core.c @@ -49,7 +49,14 @@ in NTLM type-3 messages. */ -#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL) + #include <openssl/opensslconf.h> + #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) + #define USE_OPENSSL_DES + #endif +#endif + +#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) #ifdef USE_WOLFSSL #error #include <wolfssl/options.h> @@ -97,7 +104,7 @@ #elif defined(USE_WIN32_CRYPTO) # include <wincrypt.h> #else -# error "Can't compile NTLM support without a crypto library." +# error "Can't compile NTLM support without a crypto library with DES." #endif #include "urldata.h" @@ -133,7 +140,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key) key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); } -#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) /* * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The * key schedule ks is also set. @@ -150,7 +157,7 @@ static void setup_des_key(const unsigned char *key_56, DES_set_odd_parity(&key); /* Set the key */ - DES_set_key(&key, ks); + DES_set_key_unchecked(&key, ks); } #elif defined(USE_GNUTLS) @@ -362,7 +369,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, const unsigned char *plaintext, unsigned char *results) { -#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) DES_key_schedule ks; setup_des_key(keys, DESKEY(ks)); @@ -420,7 +427,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, { /* Create LanManager hashed password. */ -#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) +#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) DES_key_schedule ks; setup_des_key(pw, DESKEY(ks)); diff --git a/contrib/libs/curl/lib/curl_sasl.c b/contrib/libs/curl/lib/curl_sasl.c index 4a2488720e..8d39e4f81b 100644 --- a/contrib/libs/curl/lib/curl_sasl.c +++ b/contrib/libs/curl/lib/curl_sasl.c @@ -56,8 +56,8 @@ /* Supported mechanisms */ static const struct { - const char *name; /* Name */ - size_t len; /* Name length */ + const char *name; /* Name */ + size_t len; /* Name length */ unsigned short bit; /* Flag bit */ } mechtable[] = { { "LOGIN", 5, SASL_MECH_LOGIN }, @@ -85,8 +85,11 @@ static const struct { * conn [in] - The connection data. * authused [in] - The authentication mechanism used. */ -void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused) +void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused) { + (void)conn; + (void)authused; + #if defined(USE_KERBEROS5) /* Cleanup the gssapi structure */ if(authused == SASL_MECH_GSSAPI) { @@ -107,12 +110,6 @@ void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused) Curl_auth_cleanup_ntlm(&conn->ntlm); } #endif - -#if !defined(USE_KERBEROS5) && !defined(USE_NTLM) - /* Reserved for future use */ - (void)conn; - (void)authused; -#endif } /* @@ -189,16 +186,35 @@ CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, * * Initializes the SASL structure. */ -void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params) +void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, + const struct SASLproto *params) { + unsigned long auth = data->set.httpauth; + sasl->params = params; /* Set protocol dependent parameters */ sasl->state = SASL_STOP; /* Not yet running */ + sasl->curmech = NULL; /* No mechanism yet. */ sasl->authmechs = SASL_AUTH_NONE; /* No known authentication mechanism yet */ - sasl->prefmech = SASL_AUTH_DEFAULT; /* Prefer all mechanisms */ - sasl->authused = SASL_AUTH_NONE; /* No the authentication mechanism used */ + sasl->prefmech = params->defmechs; /* Default preferred mechanisms */ + sasl->authused = SASL_AUTH_NONE; /* The authentication mechanism used */ sasl->resetprefs = TRUE; /* Reset prefmech upon AUTH parsing. */ sasl->mutual_auth = FALSE; /* No mutual authentication (GSSAPI only) */ sasl->force_ir = FALSE; /* Respect external option */ + + if(auth != CURLAUTH_BASIC) { + sasl->resetprefs = FALSE; + sasl->prefmech = SASL_AUTH_NONE; + if(auth & CURLAUTH_BASIC) + sasl->prefmech |= SASL_MECH_PLAIN | SASL_MECH_LOGIN; + if(auth & CURLAUTH_DIGEST) + sasl->prefmech |= SASL_MECH_DIGEST_MD5; + if(auth & CURLAUTH_NTLM) + sasl->prefmech |= SASL_MECH_NTLM; + if(auth & CURLAUTH_BEARER) + sasl->prefmech |= SASL_MECH_OAUTHBEARER | SASL_MECH_XOAUTH2; + if(auth & CURLAUTH_GSSAPI) + sasl->prefmech |= SASL_MECH_GSSAPI; + } } /* @@ -247,40 +263,45 @@ static void state(struct SASL *sasl, struct Curl_easy *data, static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data, struct bufref *out) { - unsigned char *msg; - size_t msglen; - char *serverdata = NULL; CURLcode result = CURLE_OK; - sasl->params->getmessage(data->state.buffer, &serverdata); - if(!serverdata) - result = CURLE_BAD_CONTENT_ENCODING; - else if(!*serverdata || *serverdata == '=') - Curl_bufref_set(out, NULL, 0, NULL); - else { - result = Curl_base64_decode(serverdata, &msg, &msglen); - if(!result) - Curl_bufref_set(out, msg, msglen, curl_free); + result = sasl->params->getmessage(data, out); + if(!result && (sasl->params->flags & SASL_FLAG_BASE64)) { + unsigned char *msg; + size_t msglen; + const char *serverdata = (const char *) Curl_bufref_ptr(out); + + if(!*serverdata || *serverdata == '=') + Curl_bufref_set(out, NULL, 0, NULL); + else { + result = Curl_base64_decode(serverdata, &msg, &msglen); + if(!result) + Curl_bufref_set(out, msg, msglen, curl_free); + } } return result; } /* Encode the outgoing SASL message. */ -static CURLcode build_message(struct Curl_easy *data, struct bufref *msg) +static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data, + struct bufref *msg) { CURLcode result = CURLE_OK; - char *base64; - size_t base64len; - if(!Curl_bufref_ptr(msg)) /* Empty mesage. */ - Curl_bufref_set(msg, "", 0, NULL); - else if(!Curl_bufref_len(msg)) /* Explicit empty response. */ - Curl_bufref_set(msg, "=", 1, NULL); - else { - result = Curl_base64_encode(data, (const char *) Curl_bufref_ptr(msg), - Curl_bufref_len(msg), &base64, &base64len); - if(!result) - Curl_bufref_set(msg, base64, base64len, curl_free); + if(sasl->params->flags & SASL_FLAG_BASE64) { + if(!Curl_bufref_ptr(msg)) /* Empty message. */ + Curl_bufref_set(msg, "", 0, NULL); + else if(!Curl_bufref_len(msg)) /* Explicit empty response. */ + Curl_bufref_set(msg, "=", 1, NULL); + else { + char *base64; + size_t base64len; + + result = Curl_base64_encode(data, (const char *) Curl_bufref_ptr(msg), + Curl_bufref_len(msg), &base64, &base64len); + if(!result) + Curl_bufref_set(msg, base64, base64len, curl_free); + } } return result; @@ -310,11 +331,11 @@ bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn) * Calculate the required login details for SASL authentication. */ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, - struct connectdata *conn, bool force_ir, saslprogress *progress) { CURLcode result = CURLE_OK; - unsigned int enabledmechs; + struct connectdata *conn = data->conn; + unsigned short enabledmechs; const char *mech = NULL; struct bufref resp; saslstate state1 = SASL_STOP; @@ -471,16 +492,16 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, } if(!result && mech) { + sasl->curmech = mech; if(Curl_bufref_ptr(&resp)) - result = build_message(data, &resp); + result = build_message(sasl, data, &resp); if(sasl->params->maxirlen && strlen(mech) + Curl_bufref_len(&resp) > sasl->params->maxirlen) Curl_bufref_free(&resp); if(!result) - result = sasl->params->sendauth(data, conn, mech, - (const char *) Curl_bufref_ptr(&resp)); + result = sasl->params->sendauth(data, mech, &resp); if(!result) { *progress = SASL_INPROGRESS; @@ -498,10 +519,10 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, * Continue the authentication. */ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, - struct connectdata *conn, int code, saslprogress *progress) { CURLcode result = CURLE_OK; + struct connectdata *conn = data->conn; saslstate newstate = SASL_FINAL; struct bufref resp; const char * const hostname = SSL_HOST_NAME(); @@ -574,7 +595,8 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, result = Curl_auth_create_digest_md5_message(data, &serverdata, conn->user, conn->passwd, service, &resp); - newstate = SASL_DIGESTMD5_RESP; + if(!result && (sasl->params->flags & SASL_FLAG_BASE64)) + newstate = SASL_DIGESTMD5_RESP; break; case SASL_DIGESTMD5_RESP: /* Keep response NULL to output an empty line. */ @@ -691,7 +713,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, sasl->authmechs ^= sasl->authused; /* Start an alternative SASL authentication */ - return Curl_sasl_start(sasl, data, conn, sasl->force_ir, progress); + return Curl_sasl_start(sasl, data, sasl->force_ir, progress); default: failf(data, "Unsupported SASL authentication mechanism"); result = CURLE_UNSUPPORTED_PROTOCOL; /* Should not happen */ @@ -703,14 +725,13 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, switch(result) { case CURLE_BAD_CONTENT_ENCODING: /* Cancel dialog */ - result = sasl->params->sendcont(data, conn, "*"); + result = sasl->params->cancelauth(data, sasl->curmech); newstate = SASL_CANCEL; break; case CURLE_OK: - result = build_message(data, &resp); + result = build_message(sasl, data, &resp); if(!result) - result = sasl->params->sendcont(data, conn, - (const char *) Curl_bufref_ptr(&resp)); + result = sasl->params->contauth(data, sasl->curmech, &resp); break; default: newstate = SASL_STOP; /* Stop on error */ diff --git a/contrib/libs/curl/lib/curl_sasl.h b/contrib/libs/curl/lib/curl_sasl.h index e17d323eba..91458c74a0 100644 --- a/contrib/libs/curl/lib/curl_sasl.h +++ b/contrib/libs/curl/lib/curl_sasl.h @@ -24,6 +24,8 @@ #include <curl/curl.h> +#include "bufref.h" + struct Curl_easy; struct connectdata; @@ -46,17 +48,20 @@ struct connectdata; #define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL) /* Authentication mechanism strings */ -#define SASL_MECH_STRING_LOGIN "LOGIN" -#define SASL_MECH_STRING_PLAIN "PLAIN" -#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" -#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" -#define SASL_MECH_STRING_GSSAPI "GSSAPI" -#define SASL_MECH_STRING_EXTERNAL "EXTERNAL" -#define SASL_MECH_STRING_NTLM "NTLM" -#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" -#define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER" -#define SASL_MECH_STRING_SCRAM_SHA_1 "SCRAM-SHA-1" -#define SASL_MECH_STRING_SCRAM_SHA_256 "SCRAM-SHA-256" +#define SASL_MECH_STRING_LOGIN "LOGIN" +#define SASL_MECH_STRING_PLAIN "PLAIN" +#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5" +#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5" +#define SASL_MECH_STRING_GSSAPI "GSSAPI" +#define SASL_MECH_STRING_EXTERNAL "EXTERNAL" +#define SASL_MECH_STRING_NTLM "NTLM" +#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2" +#define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER" +#define SASL_MECH_STRING_SCRAM_SHA_1 "SCRAM-SHA-1" +#define SASL_MECH_STRING_SCRAM_SHA_256 "SCRAM-SHA-256" + +/* SASL flags */ +#define SASL_FLAG_BASE64 0x0001 /* Messages are base64-encoded */ /* SASL machine states */ typedef enum { @@ -90,30 +95,37 @@ typedef enum { /* Protocol dependent SASL parameters */ struct SASLproto { const char *service; /* The service name */ - int contcode; /* Code to receive when continuation is expected */ - int finalcode; /* Code to receive upon authentication success */ - size_t maxirlen; /* Maximum initial response length */ - CURLcode (*sendauth)(struct Curl_easy *data, - struct connectdata *conn, - const char *mech, const char *ir); + CURLcode (*sendauth)(struct Curl_easy *data, const char *mech, + const struct bufref *ir); /* Send authentication command */ - CURLcode (*sendcont)(struct Curl_easy *data, - struct connectdata *conn, const char *contauth); + CURLcode (*contauth)(struct Curl_easy *data, const char *mech, + const struct bufref *contauth); /* Send authentication continuation */ - void (*getmessage)(char *buffer, char **outptr); + CURLcode (*cancelauth)(struct Curl_easy *data, const char *mech); + /* Cancel authentication. */ + CURLcode (*getmessage)(struct Curl_easy *data, struct bufref *out); /* Get SASL response message */ + size_t maxirlen; /* Maximum initial response + mechanism length, + or zero if no max. This is normally the max + command length - other characters count. + This has to be zero for non-base64 protocols. */ + int contcode; /* Code to receive when continuation is expected */ + int finalcode; /* Code to receive upon authentication success */ + unsigned short defmechs; /* Mechanisms enabled by default */ + unsigned short flags; /* Configuration flags. */ }; /* Per-connection parameters */ struct SASL { const struct SASLproto *params; /* Protocol dependent parameters */ - saslstate state; /* Current machine state */ + saslstate state; /* Current machine state */ + const char *curmech; /* Current mechanism id. */ unsigned short authmechs; /* Accepted authentication mechanisms */ unsigned short prefmech; /* Preferred authentication mechanism */ unsigned short authused; /* Auth mechanism used for the connection */ - bool resetprefs; /* For URL auth option parsing. */ - bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ - bool force_ir; /* Protocol always supports initial response */ + bool resetprefs; /* For URL auth option parsing. */ + bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */ + bool force_ir; /* Protocol always supports initial response */ }; /* This is used to test whether the line starts with the given mechanism */ @@ -123,7 +135,7 @@ struct SASL { /* This is used to cleanup any libraries or curl modules used by the sasl functions */ -void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused); +void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused); /* Convert a mechanism name to a token */ unsigned short Curl_sasl_decode_mech(const char *ptr, @@ -134,19 +146,18 @@ CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl, const char *value, size_t len); /* Initializes an SASL structure */ -void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params); +void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, + const struct SASLproto *params); /* Check if we have enough auth data and capabilities to authenticate */ bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn); /* Calculate the required login details for SASL authentication */ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data, - struct connectdata *conn, bool force_ir, saslprogress *progress); /* Continue an SASL authentication */ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, - struct connectdata *conn, int code, saslprogress *progress); #endif /* HEADER_CURL_SASL_H */ diff --git a/contrib/libs/curl/lib/curl_setup.h b/contrib/libs/curl/lib/curl_setup.h index 27d68ba8c7..6b61f93d94 100644 --- a/contrib/libs/curl/lib/curl_setup.h +++ b/contrib/libs/curl/lib/curl_setup.h @@ -717,7 +717,6 @@ int netware_init(void); #if defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H) # if defined(SOCKET) || \ defined(USE_WINSOCK) || \ - defined(HAVE_WINSOCK_H) || \ defined(HAVE_WINSOCK2_H) || \ defined(HAVE_WS2TCPIP_H) # error "WinSock and lwIP TCP/IP stack definitions shall not coexist!" @@ -839,6 +838,7 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, ADDRESS_FAMILY sun_family; char sun_path[UNIX_PATH_MAX]; } SOCKADDR_UN, *PSOCKADDR_UN; +# define WIN32_SOCKADDR_UN # endif #endif diff --git a/contrib/libs/curl/lib/curl_sha256.h b/contrib/libs/curl/lib/curl_sha256.h index b4579d7692..3cafe8ee7b 100644 --- a/contrib/libs/curl/lib/curl_sha256.h +++ b/contrib/libs/curl/lib/curl_sha256.h @@ -8,7 +8,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com> - * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -28,7 +28,14 @@ extern const struct HMAC_params Curl_HMAC_SHA256[1]; +#ifdef USE_WOLFSSL +/* SHA256_DIGEST_LENGTH is an enum value in wolfSSL. Need to import it from + * sha.h*/ +#error #include <wolfssl/options.h> +#include <openssl/sha.h> +#else #define SHA256_DIGEST_LENGTH 32 +#endif void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input, const size_t len); diff --git a/contrib/libs/curl/lib/doh.c b/contrib/libs/curl/lib/doh.c index de0c902b86..d6a2167701 100644 --- a/contrib/libs/curl/lib/doh.c +++ b/contrib/libs/curl/lib/doh.c @@ -235,25 +235,6 @@ static CURLcode dohprobe(struct Curl_easy *data, p->dnstype = dnstype; Curl_dyn_init(&p->serverdoh, DYN_DOH_RESPONSE); - /* Note: this is code for sending the DoH request with GET but there's still - no logic that actually enables this. We should either add that ability or - yank out the GET code. Discuss! */ - if(data->set.doh_get) { - char *b64; - size_t b64len; - result = Curl_base64url_encode(data, (char *)p->dohbuffer, p->dohlen, - &b64, &b64len); - if(result) - goto error; - nurl = aprintf("%s?dns=%s", url, b64); - free(b64); - if(!nurl) { - result = CURLE_OUT_OF_MEMORY; - goto error; - } - url = nurl; - } - timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms <= 0) { result = CURLE_OPERATION_TIMEDOUT; @@ -268,10 +249,8 @@ static CURLcode dohprobe(struct Curl_easy *data, ERROR_CHECK_SETOPT(CURLOPT_URL, url); ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb); ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, resp); - if(!data->set.doh_get) { - ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); - ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen); - } + ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer); + ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen); ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); #ifdef USE_NGHTTP2 ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); diff --git a/contrib/libs/curl/lib/easyoptions.c b/contrib/libs/curl/lib/easyoptions.c index 4e65e3525b..b6131d4321 100644 --- a/contrib/libs/curl/lib/easyoptions.c +++ b/contrib/libs/curl/lib/easyoptions.c @@ -165,6 +165,7 @@ struct curl_easyoption Curl_easyopts[] = { {"MAXCONNECTS", CURLOPT_MAXCONNECTS, CURLOT_LONG, 0}, {"MAXFILESIZE", CURLOPT_MAXFILESIZE, CURLOT_LONG, 0}, {"MAXFILESIZE_LARGE", CURLOPT_MAXFILESIZE_LARGE, CURLOT_OFF_T, 0}, + {"MAXLIFETIME_CONN", CURLOPT_MAXLIFETIME_CONN, CURLOT_LONG, 0}, {"MAXREDIRS", CURLOPT_MAXREDIRS, CURLOT_LONG, 0}, {"MAX_RECV_SPEED_LARGE", CURLOPT_MAX_RECV_SPEED_LARGE, CURLOT_OFF_T, 0}, {"MAX_SEND_SPEED_LARGE", CURLOPT_MAX_SEND_SPEED_LARGE, CURLOT_OFF_T, 0}, @@ -192,6 +193,8 @@ struct curl_easyoption Curl_easyopts[] = { {"POSTQUOTE", CURLOPT_POSTQUOTE, CURLOT_SLIST, 0}, {"POSTREDIR", CURLOPT_POSTREDIR, CURLOT_VALUES, 0}, {"PREQUOTE", CURLOPT_PREQUOTE, CURLOT_SLIST, 0}, + {"PREREQDATA", CURLOPT_PREREQDATA, CURLOT_CBPTR, 0}, + {"PREREQFUNCTION", CURLOPT_PREREQFUNCTION, CURLOT_FUNCTION, 0}, {"PRE_PROXY", CURLOPT_PRE_PROXY, CURLOT_STRING, 0}, {"PRIVATE", CURLOPT_PRIVATE, CURLOT_OBJECT, 0}, {"PROGRESSDATA", CURLOPT_XFERINFODATA, CURLOT_CBPTR, CURLOT_FLAG_ALIAS}, @@ -271,6 +274,8 @@ struct curl_easyoption Curl_easyopts[] = { {"SSH_COMPRESSION", CURLOPT_SSH_COMPRESSION, CURLOT_LONG, 0}, {"SSH_HOST_PUBLIC_KEY_MD5", CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, CURLOT_STRING, 0}, + {"SSH_HOST_PUBLIC_KEY_SHA256", CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, + CURLOT_STRING, 0}, {"SSH_KEYDATA", CURLOPT_SSH_KEYDATA, CURLOT_CBPTR, 0}, {"SSH_KEYFUNCTION", CURLOPT_SSH_KEYFUNCTION, CURLOT_FUNCTION, 0}, {"SSH_KNOWNHOSTS", CURLOPT_SSH_KNOWNHOSTS, CURLOT_STRING, 0}, @@ -354,6 +359,6 @@ struct curl_easyoption Curl_easyopts[] = { */ int Curl_easyopts_check(void) { - return ((CURLOPT_LASTENTRY%10000) != (310 + 1)); + return ((CURLOPT_LASTENTRY%10000) != (314 + 1)); } #endif diff --git a/contrib/libs/curl/lib/ftp.c b/contrib/libs/curl/lib/ftp.c index 0b9c9b7322..a8d209e3fb 100644 --- a/contrib/libs/curl/lib/ftp.c +++ b/contrib/libs/curl/lib/ftp.c @@ -876,11 +876,6 @@ static CURLcode ftp_state_cwd(struct Curl_easy *data, ftpc->count2 = 0; /* count2 counts failed CWDs */ - /* count3 is set to allow a MKD to fail once. In the case when first CWD - fails and then MKD fails (due to another session raced it to create the - dir) this then allows for a second try to CWD to it */ - ftpc->count3 = (data->set.ftp_create_missing_dirs == 2)?1:0; - if(conn->bits.reuse && ftpc->entrypath && /* no need to go to entrypath when we have an absolute path */ !(ftpc->dirdepth && ftpc->dirs[0][0] == '/')) { @@ -3002,6 +2997,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, ftpc->cwdcount && !ftpc->count2) { /* try making it */ ftpc->count2++; /* counter to prevent CWD-MKD loops */ + + /* count3 is set to allow MKD to fail once per dir. In the case when + CWD fails and then MKD fails (due to another session raced it to + create the dir) this then allows for a second try to CWD to it. */ + ftpc->count3 = (data->set.ftp_create_missing_dirs == 2) ? 1 : 0; + result = Curl_pp_sendf(data, &ftpc->pp, "MKD %s", ftpc->dirs[ftpc->cwdcount - 1]); if(!result) diff --git a/contrib/libs/curl/lib/hostip.c b/contrib/libs/curl/lib/hostip.c index 633c48e800..62537f8237 100644 --- a/contrib/libs/curl/lib/hostip.c +++ b/contrib/libs/curl/lib/hostip.c @@ -507,9 +507,6 @@ static struct Curl_addrinfo *get_localhost(int port) struct sockaddr_in sa; unsigned int ipv4; unsigned short port16 = (unsigned short)(port & 0xffff); - ca = calloc(sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1, 1); - if(!ca) - return NULL; /* memset to clear the sa.sin_zero field */ memset(&sa, 0, sizeof(sa)); @@ -519,6 +516,9 @@ static struct Curl_addrinfo *get_localhost(int port) return NULL; memcpy(&sa.sin_addr, &ipv4, sizeof(ipv4)); + ca = calloc(sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1, 1); + if(!ca) + return NULL; ca->ai_flags = 0; ca->ai_family = AF_INET; ca->ai_socktype = SOCK_STREAM; diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c index 777bc3401a..838c5bf401 100644 --- a/contrib/libs/curl/lib/http.c +++ b/contrib/libs/curl/lib/http.c @@ -323,7 +323,7 @@ static CURLcode http_output_basic(struct Curl_easy *data, bool proxy) pwd = data->state.aptr.passwd; } - out = aprintf("%s:%s", user, pwd ? pwd : ""); + out = aprintf("%s:%s", user ? user : "", pwd ? pwd : ""); if(!out) return CURLE_OUT_OF_MEMORY; @@ -2902,20 +2902,6 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, bool *done) { struct SingleRequest *k = &data->req; - DEBUGASSERT(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)); - if(data->req.ignore_cl) { - k->size = k->maxdownload = -1; - } - else if(k->size != -1) { - /* We wait until after all headers have been received to set this so that - we know for sure Content-Length is valid. */ - if(data->set.max_filesize && - k->size > data->set.max_filesize) { - failf(data, "Maximum file size exceeded"); - return CURLE_FILESIZE_EXCEEDED; - } - Curl_pgrsSetDownloadSize(data, k->size); - } if(data->req.newurl) { if(conn->bits.close) { @@ -3787,6 +3773,29 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, return CURLE_OK; } +/* Content-Length must be ignored if any Transfer-Encoding is present in the + response. Refer to RFC 7230 section 3.3.3 and RFC2616 section 4.4. This is + figured out here after all headers have been received but before the final + call to the user's header callback, so that a valid content length can be + retrieved by the user in the final call. */ +CURLcode Curl_http_size(struct Curl_easy *data) +{ + struct SingleRequest *k = &data->req; + if(data->req.ignore_cl || k->chunk) { + k->size = k->maxdownload = -1; + } + else if(k->size != -1) { + if(data->set.max_filesize && + k->size > data->set.max_filesize) { + failf(data, "Maximum file size exceeded"); + return CURLE_FILESIZE_EXCEEDED; + } + Curl_pgrsSetDownloadSize(data, k->size); + k->maxdownload = k->size; + } + return CURLE_OK; +} + /* * Read any HTTP header lines from the server and pass them to the client app. */ @@ -3981,6 +3990,12 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, } } + if(!k->header) { + result = Curl_http_size(data); + if(result) + return result; + } + /* At this point we have some idea about the fate of the connection. If we are closing the connection it may result auth failure. */ #if defined(USE_NTLM) @@ -4137,31 +4152,6 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, reason */ *stop_reading = TRUE; #endif - else { - /* If we know the expected size of this document, we set the - maximum download size to the size of the expected - document or else, we won't know when to stop reading! - - Note that we set the download maximum even if we read a - "Connection: close" header, to make sure that - "Content-Length: 0" still prevents us from attempting to - read the (missing) response-body. - */ - /* According to RFC2616 section 4.4, we MUST ignore - Content-Length: headers if we are now receiving data - using chunked Transfer-Encoding. - */ - if(k->chunk) - k->maxdownload = k->size = -1; - } - if(-1 != k->size) { - /* We do this operation even if no_body is true, since this - data might be retrieved later with curl_easy_getinfo() - and its CURLINFO_CONTENT_LENGTH_DOWNLOAD option. */ - - Curl_pgrsSetDownloadSize(data, k->size); - k->maxdownload = k->size; - } /* If max download size is *zero* (nothing) we already have nothing and can safely return ok now! But for HTTP/2, we'd @@ -4250,8 +4240,12 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, /* There can only be a 4th response code digit stored in 'digit4' if all the other fields were parsed and stored first, so nc is 5 when - digit4 a digit */ - else if(ISDIGIT(digit4)) { + digit4 a digit. + + The sscanf() line above will also allow zero-prefixed and negative + numbers, so we check for that too here. + */ + else if(ISDIGIT(digit4) || (k->httpcode < 100)) { failf(data, "Unsupported response code in HTTP response"); return CURLE_UNSUPPORTED_PROTOCOL; } diff --git a/contrib/libs/curl/lib/http.h b/contrib/libs/curl/lib/http.h index e4ab466c00..cb5b56faf3 100644 --- a/contrib/libs/curl/lib/http.h +++ b/contrib/libs/curl/lib/http.h @@ -289,6 +289,8 @@ struct http_conn { #endif }; +CURLcode Curl_http_size(struct Curl_easy *data); + CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, struct connectdata *conn, ssize_t *nread, diff --git a/contrib/libs/curl/lib/http2.c b/contrib/libs/curl/lib/http2.c index 6d63f43636..992fbbb26d 100644 --- a/contrib/libs/curl/lib/http2.c +++ b/contrib/libs/curl/lib/http2.c @@ -100,6 +100,7 @@ static int http2_getsock(struct Curl_easy *data, const struct http_conn *c = &conn->proto.httpc; struct SingleRequest *k = &data->req; int bitmap = GETSOCK_BLANK; + struct HTTP *stream = data->req.p.http; sock[0] = conn->sock[FIRSTSOCKET]; @@ -108,9 +109,13 @@ static int http2_getsock(struct Curl_easy *data, frame so we should always be ready for one */ bitmap |= GETSOCK_READSOCK(FIRSTSOCKET); - /* we're still uploading or the HTTP/2 layer wants to send data */ - if(((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) || - nghttp2_session_want_write(c->h2)) + /* we're (still uploading OR the HTTP/2 layer wants to send data) AND + there's a window to send data in */ + if((((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) || + nghttp2_session_want_write(c->h2)) && + (nghttp2_session_get_remote_window_size(c->h2) && + nghttp2_session_get_stream_remote_window_size(c->h2, + stream->stream_id))) bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET); return bitmap; @@ -1953,8 +1958,19 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex, nghttp2_session_resume_data(h2, stream->stream_id); } - H2BUGF(infof(data, "http2_send returns %zu for stream %u", len, - stream->stream_id)); +#ifdef DEBUG_HTTP2 + if(!len) { + infof(data, "http2_send: easy %p (stream %u) win %u/%u", + data, stream->stream_id, + nghttp2_session_get_remote_window_size(httpc->h2), + nghttp2_session_get_stream_remote_window_size(httpc->h2, + stream->stream_id) + ); + + } + infof(data, "http2_send returns %zu for stream %u", len, + stream->stream_id); +#endif return len; } diff --git a/contrib/libs/curl/lib/http_aws_sigv4.c b/contrib/libs/curl/lib/http_aws_sigv4.c index 02663abd63..cbbecb7129 100644 --- a/contrib/libs/curl/lib/http_aws_sigv4.c +++ b/contrib/libs/curl/lib/http_aws_sigv4.c @@ -92,6 +92,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) char *signed_headers = NULL; Curl_HttpReq httpreq; const char *method; + size_t post_data_len; const char *post_data = data->set.postfields ? data->set.postfields : ""; unsigned char sha_hash[32]; char sha_hex[65]; @@ -281,8 +282,12 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) goto fail; } + if(data->set.postfieldsize < 0) + post_data_len = strlen(post_data); + else + post_data_len = (size_t)data->set.postfieldsize; Curl_sha256it(sha_hash, - (const unsigned char *) post_data, strlen(post_data)); + (const unsigned char *) post_data, post_data_len); sha256_to_hex(sha_hex, sha_hash, sizeof(sha_hex)); Curl_http_method(data, conn, &method, &httpreq); @@ -321,7 +326,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) /* * Google allow to use rsa key instead of HMAC, so this code might change - * In the furure, but for now we support only HMAC version + * In the future, but for now we support only HMAC version */ str_to_sign = curl_maprintf("%s4-HMAC-SHA256\n" /* Algorithm */ "%s\n" /* RequestDateTime */ diff --git a/contrib/libs/curl/lib/http_ntlm.c b/contrib/libs/curl/lib/http_ntlm.c index 627a11c5af..a6526db9f7 100644 --- a/contrib/libs/curl/lib/http_ntlm.c +++ b/contrib/libs/curl/lib/http_ntlm.c @@ -198,6 +198,12 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) #endif Curl_bufref_init(&ntlmmsg); + + /* connection is already authenticated, don't send a header in future + * requests so go directly to NTLMSTATE_LAST */ + if(*state == NTLMSTATE_TYPE3) + *state = NTLMSTATE_LAST; + switch(*state) { case NTLMSTATE_TYPE1: default: /* for the weird cases we (re)start here */ @@ -246,11 +252,6 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy) } break; - case NTLMSTATE_TYPE3: - /* connection is already authenticated, - * don't send a header in future requests */ - *state = NTLMSTATE_LAST; - /* FALLTHROUGH */ case NTLMSTATE_LAST: Curl_safefree(*allocuserpwd); authp->done = TRUE; diff --git a/contrib/libs/curl/lib/http_proxy.c b/contrib/libs/curl/lib/http_proxy.c index 20631927f0..bc0d0bfcc3 100644 --- a/contrib/libs/curl/lib/http_proxy.c +++ b/contrib/libs/curl/lib/http_proxy.c @@ -207,9 +207,15 @@ static void connect_done(struct Curl_easy *data) Curl_dyn_free(&s->rcvbuf); Curl_dyn_free(&s->req); - /* retore the protocol pointer */ + /* restore the protocol pointer */ data->req.p.http = s->prot_save; s->prot_save = NULL; + data->info.httpcode = 0; /* clear it as it might've been used for the + proxy */ + data->req.ignorebody = FALSE; +#ifdef USE_HYPER + data->state.hconnect = FALSE; +#endif infof(data, "CONNECT phase completed!"); } } @@ -284,8 +290,7 @@ static CURLcode CONNECT(struct Curl_easy *data, /* This only happens if we've looped here due to authentication reasons, and we don't really use the newly cloned URL here then. Just free() it. */ - free(data->req.newurl); - data->req.newurl = NULL; + Curl_safefree(data->req.newurl); /* initialize send-buffer */ Curl_dyn_init(req, DYN_HTTP_REQUEST); @@ -735,6 +740,7 @@ static CURLcode CONNECT(struct Curl_easy *data, io = hyper_io_new(); if(!io) { failf(data, "Couldn't create hyper IO"); + result = CURLE_OUT_OF_MEMORY; goto error; } /* tell Hyper how to read/write network data */ @@ -750,6 +756,7 @@ static CURLcode CONNECT(struct Curl_easy *data, h->exec = hyper_executor_new(); if(!h->exec) { failf(data, "Couldn't create hyper executor"); + result = CURLE_OUT_OF_MEMORY; goto error; } } @@ -757,6 +764,7 @@ static CURLcode CONNECT(struct Curl_easy *data, options = hyper_clientconn_options_new(); if(!options) { failf(data, "Couldn't create hyper client options"); + result = CURLE_OUT_OF_MEMORY; goto error; } @@ -767,6 +775,7 @@ static CURLcode CONNECT(struct Curl_easy *data, handshake = hyper_clientconn_handshake(io, options); if(!handshake) { failf(data, "Couldn't create hyper client handshake"); + result = CURLE_OUT_OF_MEMORY; goto error; } io = NULL; @@ -774,6 +783,7 @@ static CURLcode CONNECT(struct Curl_easy *data, if(HYPERE_OK != hyper_executor_push(h->exec, handshake)) { failf(data, "Couldn't hyper_executor_push the handshake"); + result = CURLE_OUT_OF_MEMORY; goto error; } handshake = NULL; /* ownership passed on */ @@ -781,6 +791,7 @@ static CURLcode CONNECT(struct Curl_easy *data, task = hyper_executor_poll(h->exec); if(!task) { failf(data, "Couldn't hyper_executor_poll the handshake"); + result = CURLE_OUT_OF_MEMORY; goto error; } @@ -789,14 +800,24 @@ static CURLcode CONNECT(struct Curl_easy *data, req = hyper_request_new(); if(!req) { failf(data, "Couldn't hyper_request_new"); + result = CURLE_OUT_OF_MEMORY; goto error; } if(hyper_request_set_method(req, (uint8_t *)"CONNECT", strlen("CONNECT"))) { failf(data, "error setting method"); + result = CURLE_OUT_OF_MEMORY; goto error; } + infof(data, "Establish HTTP proxy tunnel to %s:%d", + hostname, remote_port); + + /* This only happens if we've looped here due to authentication + reasons, and we don't really use the newly cloned URL here + then. Just free() it. */ + Curl_safefree(data->req.newurl); + result = CONNECT_host(data, conn, hostname, remote_port, &hostheader, &host); if(result) @@ -806,6 +827,16 @@ static CURLcode CONNECT(struct Curl_easy *data, strlen(hostheader))) { failf(data, "error setting path"); result = CURLE_OUT_OF_MEMORY; + goto error; + } + if(data->set.verbose) { + char *se = aprintf("CONNECT %s HTTP/1.1\r\n", hostheader); + if(!se) { + result = CURLE_OUT_OF_MEMORY; + goto error; + } + Curl_debug(data, CURLINFO_HEADER_OUT, se, strlen(se)); + free(se); } /* Setup the proxy-authorization header, if any */ result = Curl_http_output_auth(data, conn, "CONNECT", HTTPREQ_GET, @@ -819,21 +850,29 @@ static CURLcode CONNECT(struct Curl_easy *data, (HYPERE_OK != hyper_request_set_version(req, HYPER_HTTP_VERSION_1_0))) { failf(data, "error setting HTTP version"); + result = CURLE_OUT_OF_MEMORY; goto error; } headers = hyper_request_headers(req); if(!headers) { failf(data, "hyper_request_headers"); + result = CURLE_OUT_OF_MEMORY; goto error; } - if(host && Curl_hyper_header(data, headers, host)) - goto error; - Curl_safefree(host); + if(host) { + result = Curl_hyper_header(data, headers, host); + if(result) + goto error; + Curl_safefree(host); + } - if(data->state.aptr.proxyuserpwd && - Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd)) - goto error; + if(data->state.aptr.proxyuserpwd) { + result = Curl_hyper_header(data, headers, + data->state.aptr.proxyuserpwd); + if(result) + goto error; + } if(!Curl_checkProxyheaders(data, conn, "User-Agent") && data->set.str[STRING_USERAGENT]) { @@ -843,26 +882,33 @@ static CURLcode CONNECT(struct Curl_easy *data, data->set.str[STRING_USERAGENT]); if(result) goto error; - if(Curl_hyper_header(data, headers, Curl_dyn_ptr(&ua))) + result = Curl_hyper_header(data, headers, Curl_dyn_ptr(&ua)); + if(result) goto error; Curl_dyn_free(&ua); } - if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection") && - Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive")) - goto error; + if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection")) { + result = Curl_hyper_header(data, headers, + "Proxy-Connection: Keep-Alive"); + if(result) + goto error; + } - if(Curl_add_custom_headers(data, TRUE, headers)) + result = Curl_add_custom_headers(data, TRUE, headers); + if(result) goto error; sendtask = hyper_clientconn_send(client, req); if(!sendtask) { failf(data, "hyper_clientconn_send"); + result = CURLE_OUT_OF_MEMORY; goto error; } if(HYPERE_OK != hyper_executor_push(h->exec, sendtask)) { failf(data, "Couldn't hyper_executor_push the send"); + result = CURLE_OUT_OF_MEMORY; goto error; } @@ -875,8 +921,11 @@ static CURLcode CONNECT(struct Curl_easy *data, if(error) hypererr = hyper_task_value(task); hyper_task_free(task); - if(error) + if(error) { + /* this could probably use a better error code? */ + result = CURLE_OUT_OF_MEMORY; goto error; + } } } while(task); s->tunnel_state = TUNNEL_CONNECT; @@ -904,15 +953,23 @@ static CURLcode CONNECT(struct Curl_easy *data, h->write_waker = NULL; } } - /* FALLTHROUGH */ + break; + default: break; } + + /* If we are supposed to continue and request a new URL, which basically + * means the HTTP authentication is still going on so if the tunnel + * is complete we start over in INIT state */ + if(data->req.newurl && (TUNNEL_COMPLETE == s->tunnel_state)) { + infof(data, "CONNECT request done, loop to make another"); + connect_init(data, TRUE); /* reinit */ + } } while(data->req.newurl); result = CURLE_OK; if(s->tunnel_state == TUNNEL_COMPLETE) { - data->info.httpproxycode = data->req.httpcode; if(data->info.httpproxycode/100 != 2) { if(conn->bits.close && data->req.newurl) { conn->bits.proxy_connect_closed = TRUE; diff --git a/contrib/libs/curl/lib/imap.c b/contrib/libs/curl/lib/imap.c index 6163899bbe..bea964f79a 100644 --- a/contrib/libs/curl/lib/imap.c +++ b/contrib/libs/curl/lib/imap.c @@ -78,6 +78,7 @@ #include "multiif.h" #include "url.h" #include "strcase.h" +#include "bufref.h" #include "curl_sasl.h" #include "warnless.h" @@ -101,19 +102,19 @@ static CURLcode imap_doing(struct Curl_easy *data, bool *dophase_done); static CURLcode imap_setup_connection(struct Curl_easy *data, struct connectdata *conn); static char *imap_atom(const char *str, bool escape_only); -static CURLcode imap_sendf(struct Curl_easy *data, - struct connectdata *conn, const char *fmt, ...); +static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...); static CURLcode imap_parse_url_options(struct connectdata *conn); static CURLcode imap_parse_url_path(struct Curl_easy *data); static CURLcode imap_parse_custom_request(struct Curl_easy *data); static CURLcode imap_perform_authenticate(struct Curl_easy *data, - struct connectdata *conn, const char *mech, - const char *initresp); + const struct bufref *initresp); static CURLcode imap_continue_authenticate(struct Curl_easy *data, - struct connectdata *conn, - const char *resp); -static void imap_get_message(char *buffer, char **outptr); + const char *mech, + const struct bufref *resp); +static CURLcode imap_cancel_authenticate(struct Curl_easy *data, + const char *mech); +static CURLcode imap_get_message(struct Curl_easy *data, struct bufref *out); /* * IMAP protocol handler. @@ -180,12 +181,15 @@ const struct Curl_handler Curl_handler_imaps = { /* SASL parameters for the imap protocol */ static const struct SASLproto saslimap = { "imap", /* The service name */ - '+', /* Code received when continuation is expected */ - IMAP_RESP_OK, /* Code to receive upon authentication success */ - 0, /* Maximum initial response length (no max) */ imap_perform_authenticate, /* Send authentication command */ imap_continue_authenticate, /* Send authentication continuation */ - imap_get_message /* Get SASL response message */ + imap_cancel_authenticate, /* Send authentication cancellation */ + imap_get_message, /* Get SASL response message */ + 0, /* No maximum initial response length */ + '+', /* Code received when continuation is expected */ + IMAP_RESP_OK, /* Code to receive upon authentication success */ + SASL_AUTH_DEFAULT, /* Default mechanisms */ + SASL_FLAG_BASE64 /* Configuration flags */ }; @@ -293,6 +297,7 @@ static bool imap_endofresp(struct Curl_easy *data, struct connectdata *conn, !strcasecompare(imap->custom, "EXPUNGE") && !strcasecompare(imap->custom, "LSUB") && !strcasecompare(imap->custom, "UID") && + !strcasecompare(imap->custom, "GETQUOTAROOT") && !strcasecompare(imap->custom, "NOOP"))) return FALSE; break; @@ -352,34 +357,32 @@ static bool imap_endofresp(struct Curl_easy *data, struct connectdata *conn, * * Gets the authentication message from the response buffer. */ -static void imap_get_message(char *buffer, char **outptr) +static CURLcode imap_get_message(struct Curl_easy *data, struct bufref *out) { - size_t len = strlen(buffer); - char *message = NULL; + char *message = data->state.buffer; + size_t len = strlen(message); if(len > 2) { /* Find the start of the message */ len -= 2; - for(message = buffer + 2; *message == ' ' || *message == '\t'; - message++, len--) + for(message += 2; *message == ' ' || *message == '\t'; message++, len--) ; /* Find the end of the message */ - for(; len--;) + while(len--) if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && message[len] != '\t') break; /* Terminate the message */ - if(++len) { - message[len] = '\0'; - } + message[++len] = '\0'; + Curl_bufref_set(out, message, len, NULL); } else /* junk input => zero length output */ - message = &buffer[len]; + Curl_bufref_set(out, "", 0, NULL); - *outptr = message; + return CURLE_OK; } /*********************************************************************** @@ -437,7 +440,7 @@ static CURLcode imap_perform_capability(struct Curl_easy *data, imapc->tls_supported = FALSE; /* Clear the TLS capability */ /* Send the CAPABILITY command */ - result = imap_sendf(data, conn, "CAPABILITY"); + result = imap_sendf(data, "CAPABILITY"); if(!result) state(data, IMAP_CAPABILITY); @@ -451,11 +454,10 @@ static CURLcode imap_perform_capability(struct Curl_easy *data, * * Sends the STARTTLS command to start the upgrade to TLS. */ -static CURLcode imap_perform_starttls(struct Curl_easy *data, - struct connectdata *conn) +static CURLcode imap_perform_starttls(struct Curl_easy *data) { /* Send the STARTTLS command */ - CURLcode result = imap_sendf(data, conn, "STARTTLS"); + CURLcode result = imap_sendf(data, "STARTTLS"); if(!result) state(data, IMAP_STARTTLS); @@ -516,7 +518,7 @@ static CURLcode imap_perform_login(struct Curl_easy *data, passwd = imap_atom(conn->passwd, false); /* Send the LOGIN command */ - result = imap_sendf(data, conn, "LOGIN %s %s", user ? user : "", + result = imap_sendf(data, "LOGIN %s %s", user ? user : "", passwd ? passwd : ""); free(user); @@ -536,20 +538,19 @@ static CURLcode imap_perform_login(struct Curl_easy *data, * SASL authentication mechanism. */ static CURLcode imap_perform_authenticate(struct Curl_easy *data, - struct connectdata *conn, const char *mech, - const char *initresp) + const struct bufref *initresp) { CURLcode result = CURLE_OK; - (void)data; + const char *ir = (const char *) Curl_bufref_ptr(initresp); - if(initresp) { + if(ir) { /* Send the AUTHENTICATE command with the initial response */ - result = imap_sendf(data, conn, "AUTHENTICATE %s %s", mech, initresp); + result = imap_sendf(data, "AUTHENTICATE %s %s", mech, ir); } else { /* Send the AUTHENTICATE command */ - result = imap_sendf(data, conn, "AUTHENTICATE %s", mech); + result = imap_sendf(data, "AUTHENTICATE %s", mech); } return result; @@ -559,15 +560,34 @@ static CURLcode imap_perform_authenticate(struct Curl_easy *data, * * imap_continue_authenticate() * - * Sends SASL continuation data or cancellation. + * Sends SASL continuation data. */ static CURLcode imap_continue_authenticate(struct Curl_easy *data, - struct connectdata *conn, - const char *resp) + const char *mech, + const struct bufref *resp) { - struct imap_conn *imapc = &conn->proto.imapc; + struct imap_conn *imapc = &data->conn->proto.imapc; + + (void)mech; - return Curl_pp_sendf(data, &imapc->pp, "%s", resp); + return Curl_pp_sendf(data, &imapc->pp, + "%s", (const char *) Curl_bufref_ptr(resp)); +} + +/*********************************************************************** + * + * imap_cancel_authenticate() + * + * Sends SASL cancellation. + */ +static CURLcode imap_cancel_authenticate(struct Curl_easy *data, + const char *mech) +{ + struct imap_conn *imapc = &data->conn->proto.imapc; + + (void)mech; + + return Curl_pp_sendf(data, &imapc->pp, "*"); } /*********************************************************************** @@ -594,8 +614,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data, } /* Calculate the SASL login details */ - result = Curl_sasl_start(&imapc->sasl, data, conn, - imapc->ir_supported, &progress); + result = Curl_sasl_start(&imapc->sasl, data, imapc->ir_supported, &progress); if(!result) { if(progress == SASL_INPROGRESS) @@ -622,12 +641,11 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data, static CURLcode imap_perform_list(struct Curl_easy *data) { CURLcode result = CURLE_OK; - struct connectdata *conn = data->conn; struct IMAP *imap = data->req.p.imap; if(imap->custom) /* Send the custom request */ - result = imap_sendf(data, conn, "%s%s", imap->custom, + result = imap_sendf(data, "%s%s", imap->custom, imap->custom_params ? imap->custom_params : ""); else { /* Make sure the mailbox is in the correct atom format if necessary */ @@ -637,7 +655,7 @@ static CURLcode imap_perform_list(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; /* Send the LIST command */ - result = imap_sendf(data, conn, "LIST \"%s\" *", mailbox); + result = imap_sendf(data, "LIST \"%s\" *", mailbox); free(mailbox); } @@ -678,7 +696,7 @@ static CURLcode imap_perform_select(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; /* Send the SELECT command */ - result = imap_sendf(data, conn, "SELECT %s", mailbox); + result = imap_sendf(data, "SELECT %s", mailbox); free(mailbox); @@ -694,8 +712,7 @@ static CURLcode imap_perform_select(struct Curl_easy *data) * * Sends a FETCH command to initiate the download of a message. */ -static CURLcode imap_perform_fetch(struct Curl_easy *data, - struct connectdata *conn) +static CURLcode imap_perform_fetch(struct Curl_easy *data) { CURLcode result = CURLE_OK; struct IMAP *imap = data->req.p.imap; @@ -704,21 +721,21 @@ static CURLcode imap_perform_fetch(struct Curl_easy *data, /* Send the FETCH command */ if(imap->partial) - result = imap_sendf(data, conn, "UID FETCH %s BODY[%s]<%s>", + result = imap_sendf(data, "UID FETCH %s BODY[%s]<%s>", imap->uid, imap->section ? imap->section : "", imap->partial); else - result = imap_sendf(data, conn, "UID FETCH %s BODY[%s]", + result = imap_sendf(data, "UID FETCH %s BODY[%s]", imap->uid, imap->section ? imap->section : ""); } else if(imap->mindex) { /* Send the FETCH command */ if(imap->partial) - result = imap_sendf(data, conn, "FETCH %s BODY[%s]<%s>", + result = imap_sendf(data, "FETCH %s BODY[%s]<%s>", imap->mindex, imap->section ? imap->section : "", imap->partial); else - result = imap_sendf(data, conn, "FETCH %s BODY[%s]", + result = imap_sendf(data, "FETCH %s BODY[%s]", imap->mindex, imap->section ? imap->section : ""); } else { @@ -740,7 +757,6 @@ static CURLcode imap_perform_fetch(struct Curl_easy *data, static CURLcode imap_perform_append(struct Curl_easy *data) { CURLcode result = CURLE_OK; - struct connectdata *conn = data->conn; struct IMAP *imap = data->req.p.imap; char *mailbox; @@ -791,7 +807,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; /* Send the APPEND command */ - result = imap_sendf(data, conn, + result = imap_sendf(data, "APPEND %s (\\Seen) {%" CURL_FORMAT_CURL_OFF_T "}", mailbox, data->state.infilesize); @@ -809,8 +825,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data) * * Sends a SEARCH command. */ -static CURLcode imap_perform_search(struct Curl_easy *data, - struct connectdata *conn) +static CURLcode imap_perform_search(struct Curl_easy *data) { CURLcode result = CURLE_OK; struct IMAP *imap = data->req.p.imap; @@ -822,7 +837,7 @@ static CURLcode imap_perform_search(struct Curl_easy *data, } /* Send the SEARCH command */ - result = imap_sendf(data, conn, "SEARCH %s", imap->query); + result = imap_sendf(data, "SEARCH %s", imap->query); if(!result) state(data, IMAP_SEARCH); @@ -836,11 +851,10 @@ static CURLcode imap_perform_search(struct Curl_easy *data, * * Performs the logout action prior to sclose() being called. */ -static CURLcode imap_perform_logout(struct Curl_easy *data, - struct connectdata *conn) +static CURLcode imap_perform_logout(struct Curl_easy *data) { /* Send the LOGOUT command */ - CURLcode result = imap_sendf(data, conn, "LOGOUT"); + CURLcode result = imap_sendf(data, "LOGOUT"); if(!result) state(data, IMAP_LOGOUT); @@ -938,7 +952,7 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, /* PREAUTH is not compatible with STARTTLS. */ if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { /* Switch to TLS connection now */ - result = imap_perform_starttls(data, conn); + result = imap_perform_starttls(data); } else if(data->set.use_ssl <= CURLUSESSL_TRY) result = imap_perform_authentication(data, conn); @@ -993,7 +1007,7 @@ static CURLcode imap_state_auth_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ - result = Curl_sasl_continue(&imapc->sasl, data, conn, imapcode, &progress); + result = Curl_sasl_continue(&imapc->sasl, data, imapcode, &progress); if(!result) switch(progress) { case SASL_DONE: @@ -1094,9 +1108,9 @@ static CURLcode imap_state_select_resp(struct Curl_easy *data, int imapcode, if(imap->custom) result = imap_perform_list(data); else if(imap->query) - result = imap_perform_search(data, conn); + result = imap_perform_search(data); else - result = imap_perform_fetch(data, conn); + result = imap_perform_fetch(data); } } else { @@ -1441,7 +1455,7 @@ static CURLcode imap_connect(struct Curl_easy *data, bool *done) /* Set the default preferred authentication type and mechanism */ imapc->preftype = IMAP_TYPE_ANY; - Curl_sasl_init(&imapc->sasl, &saslimap); + Curl_sasl_init(&imapc->sasl, data, &saslimap); Curl_dyn_init(&imapc->dyn, DYN_IMAP_CMD); /* Initialise the pingpong layer */ @@ -1568,10 +1582,10 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected, result = imap_perform_list(data); else if(!imap->custom && selected && (imap->uid || imap->mindex)) /* FETCH from the same mailbox */ - result = imap_perform_fetch(data, conn); + result = imap_perform_fetch(data); else if(!imap->custom && selected && imap->query) /* SEARCH the current mailbox */ - result = imap_perform_search(data, conn); + result = imap_perform_search(data); else if(imap->mailbox && !selected && (imap->custom || imap->uid || imap->mindex || imap->query)) /* SELECT the mailbox */ @@ -1643,7 +1657,7 @@ static CURLcode imap_disconnect(struct Curl_easy *data, /* The IMAP session may or may not have been allocated/setup at this point! */ if(!dead_connection && conn->bits.protoconnstart) { - if(!imap_perform_logout(data, conn)) + if(!imap_perform_logout(data)) (void)imap_block_statemach(data, conn, TRUE); /* ignore errors */ } @@ -1747,17 +1761,16 @@ static CURLcode imap_setup_connection(struct Curl_easy *data, * * Designed to never block. */ -static CURLcode imap_sendf(struct Curl_easy *data, - struct connectdata *conn, const char *fmt, ...) +static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...) { CURLcode result = CURLE_OK; - struct imap_conn *imapc = &conn->proto.imapc; + struct imap_conn *imapc = &data->conn->proto.imapc; DEBUGASSERT(fmt); /* Calculate the tag based on the connection ID and command ID */ msnprintf(imapc->resptag, sizeof(imapc->resptag), "%c%03d", - 'A' + curlx_sltosi(conn->connection_id % 26), + 'A' + curlx_sltosi(data->conn->connection_id % 26), (++imapc->cmdid)%1000); /* start with a blank buffer */ @@ -1911,8 +1924,6 @@ static CURLcode imap_parse_url_options(struct connectdata *conn) struct imap_conn *imapc = &conn->proto.imapc; const char *ptr = conn->options; - imapc->sasl.resetprefs = TRUE; - while(!result && ptr && *ptr) { const char *key = ptr; const char *value; diff --git a/contrib/libs/curl/lib/krb5.c b/contrib/libs/curl/lib/krb5.c index b888521990..57cfbf4282 100644 --- a/contrib/libs/curl/lib/krb5.c +++ b/contrib/libs/curl/lib/krb5.c @@ -374,7 +374,7 @@ static void krb5_end(void *app_data) } } -static struct Curl_sec_client_mech Curl_krb5_client_mech = { +static const struct Curl_sec_client_mech Curl_krb5_client_mech = { "GSSAPI", sizeof(gss_ctx_id_t), krb5_init, @@ -684,7 +684,7 @@ int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn, (void) data; if(!conn->mech) - /* not inititalized, return error */ + /* not initialized, return error */ return -1; DEBUGASSERT(level > PROT_NONE && level < PROT_LAST); @@ -768,7 +768,7 @@ static int sec_set_protection_level(struct Curl_easy *data) } } - /* Now try to negiociate the protection level. */ + /* Now try to negotiate the protection level. */ code = ftp_send_command(data, "PROT %c", level_to_char(level)); if(code < 0) diff --git a/contrib/libs/curl/lib/llist.c b/contrib/libs/curl/lib/llist.c index e0ec7393d2..e78da7da82 100644 --- a/contrib/libs/curl/lib/llist.c +++ b/contrib/libs/curl/lib/llist.c @@ -106,9 +106,7 @@ Curl_llist_remove(struct Curl_llist *list, struct Curl_llist_element *e, e->next->prev = NULL; } else { - if(!e->prev) - list->head = e->next; - else + if(e->prev) e->prev->next = e->next; if(!e->next) diff --git a/contrib/libs/curl/lib/md4.c b/contrib/libs/curl/lib/md4.c index 3cfc393bc2..87b5621363 100644 --- a/contrib/libs/curl/lib/md4.c +++ b/contrib/libs/curl/lib/md4.c @@ -27,6 +27,7 @@ #include "curl_md4.h" #include "warnless.h" + #ifdef USE_OPENSSL #include <openssl/opensslconf.h> #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) @@ -35,6 +36,13 @@ #endif #endif /* USE_OPENSSL */ +#ifdef USE_WOLFSSL +#error #include <wolfssl/options.h> +#ifdef NO_MD4 +#define OPENSSL_NO_MD4 +#endif +#endif + #ifdef USE_MBEDTLS #error #include <mbedtls/version.h> #if MBEDTLS_VERSION_NUMBER >= 0x03000000 @@ -74,8 +82,9 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx) md4_digest(ctx, MD4_DIGEST_SIZE, result); } -#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4) -/* When OpenSSL is available we use the MD4-functions from OpenSSL */ +#elif (defined(USE_OPENSSL) || defined(USE_WOLFSSL)) && \ + !defined(OPENSSL_NO_MD4) +/* When OpenSSL or wolfSSL is available, we use their MD4 functions. */ #include <openssl/md4.h> #elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ diff --git a/contrib/libs/curl/lib/md5.c b/contrib/libs/curl/lib/md5.c index 62b602ffbb..63371511b7 100644 --- a/contrib/libs/curl/lib/md5.c +++ b/contrib/libs/curl/lib/md5.c @@ -39,6 +39,20 @@ #endif #endif /* USE_MBEDTLS */ +#if defined(USE_OPENSSL) && !defined(USE_AMISSL) + #include <openssl/opensslconf.h> + #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) + #define USE_OPENSSL_MD5 + #endif +#endif + +#ifdef USE_WOLFSSL + #error #include <wolfssl/options.h> + #ifndef NO_MD5 + #define USE_WOLFSSL_MD5 + #endif +#endif + #if defined(USE_GNUTLS) #include <nettle/md5.h> @@ -65,8 +79,9 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) md5_digest(ctx, 16, digest); } -#elif defined(USE_OPENSSL) && !defined(USE_AMISSL) -/* When OpenSSL is available we use the MD5-function from OpenSSL */ +#elif defined(USE_OPENSSL_MD5) || defined(USE_WOLFSSL_MD5) + +/* When OpenSSL or wolfSSL is available, we use their MD5 functions. */ #include <openssl/md5.h> #include "curl_memory.h" /* The last #include file should be: */ diff --git a/contrib/libs/curl/lib/mime.c b/contrib/libs/curl/lib/mime.c index 0bf1b46a4c..f40cc1a618 100644 --- a/contrib/libs/curl/lib/mime.c +++ b/contrib/libs/curl/lib/mime.c @@ -462,11 +462,13 @@ static size_t encoder_base64_read(char *buffer, size_t size, bool ateof, /* Buffered data size can only be 0, 1 or 2. */ ptr[2] = ptr[3] = '='; i = 0; - switch(st->bufend - st->bufbeg) { - case 2: - i = (st->buf[st->bufbeg + 1] & 0xFF) << 8; - /* FALLTHROUGH */ - case 1: + + /* If there is buffered data */ + if(st->bufend != st->bufbeg) { + + if(st->bufend - st->bufbeg == 2) + i = (st->buf[st->bufbeg + 1] & 0xFF) << 8; + i |= (st->buf[st->bufbeg] & 0xFF) << 16; ptr[0] = base64[(i >> 18) & 0x3F]; ptr[1] = base64[(i >> 12) & 0x3F]; @@ -476,7 +478,6 @@ static size_t encoder_base64_read(char *buffer, size_t size, bool ateof, } cursize += 4; st->pos += 4; - break; } } } @@ -1954,7 +1955,8 @@ void Curl_mime_unpause(curl_mimepart *part) } -#else /* !CURL_DISABLE_HTTP || !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */ +#else /* !CURL_DISABLE_HTTP && !CURL_DISABLE_MIME || + !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */ /* Mime not compiled in: define stubs for externally-referenced functions. */ curl_mime *curl_mime_init(CURL *easy) diff --git a/contrib/libs/curl/lib/multi.c b/contrib/libs/curl/lib/multi.c index 73015ed4d7..9dfa844d7d 100644 --- a/contrib/libs/curl/lib/multi.c +++ b/contrib/libs/curl/lib/multi.c @@ -2030,6 +2030,28 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, break; case MSTATE_DO: + if(data->set.fprereq) { + int prereq_rc; + + /* call the prerequest callback function */ + Curl_set_in_callback(data, true); + prereq_rc = data->set.fprereq(data->set.prereq_userp, + data->info.conn_primary_ip, + data->info.conn_local_ip, + data->info.conn_primary_port, + data->info.conn_local_port); + Curl_set_in_callback(data, false); + if(prereq_rc != CURL_PREREQFUNC_OK) { + failf(data, "operation aborted by pre-request callback"); + /* failure in pre-request callback - don't do any other processing */ + result = CURLE_ABORTED_BY_CALLBACK; + Curl_posttransfer(data); + multi_done(data, result, FALSE); + stream_error = TRUE; + break; + } + } + if(data->set.connect_only) { /* keep connection open for application to use the socket */ connkeep(data->conn, "CONNECT_ONLY"); @@ -2613,7 +2635,7 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi) multi->magic = 0; /* not good anymore */ - /* Firsrt remove all remaining easy handles */ + /* First remove all remaining easy handles */ data = multi->easyp; while(data) { nextdata = data->next; @@ -3182,7 +3204,7 @@ CURLMcode curl_multi_socket_all(struct Curl_multi *multi, int *running_handles) static CURLMcode multi_timeout(struct Curl_multi *multi, long *timeout_ms) { - static struct curltime tv_zero = {0, 0}; + static const struct curltime tv_zero = {0, 0}; if(multi->timetree) { /* we have a tree of expire times */ diff --git a/contrib/libs/curl/lib/pop3.c b/contrib/libs/curl/lib/pop3.c index d3f3de6d49..d4ca67877d 100644 --- a/contrib/libs/curl/lib/pop3.c +++ b/contrib/libs/curl/lib/pop3.c @@ -78,6 +78,7 @@ #include "select.h" #include "multiif.h" #include "url.h" +#include "bufref.h" #include "curl_sasl.h" #include "curl_md5.h" #include "warnless.h" @@ -103,12 +104,12 @@ static CURLcode pop3_setup_connection(struct Curl_easy *data, static CURLcode pop3_parse_url_options(struct connectdata *conn); static CURLcode pop3_parse_url_path(struct Curl_easy *data); static CURLcode pop3_parse_custom_request(struct Curl_easy *data); -static CURLcode pop3_perform_auth(struct Curl_easy *data, - struct connectdata *conn, const char *mech, - const char *initresp); -static CURLcode pop3_continue_auth(struct Curl_easy *data, - struct connectdata *conn, const char *resp); -static void pop3_get_message(char *buffer, char **outptr); +static CURLcode pop3_perform_auth(struct Curl_easy *data, const char *mech, + const struct bufref *initresp); +static CURLcode pop3_continue_auth(struct Curl_easy *data, const char *mech, + const struct bufref *resp); +static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech); +static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out); /* * POP3 protocol handler. @@ -170,13 +171,16 @@ const struct Curl_handler Curl_handler_pop3s = { /* SASL parameters for the pop3 protocol */ static const struct SASLproto saslpop3 = { - "pop", /* The service name */ - '*', /* Code received when continuation is expected */ - '+', /* Code to receive upon authentication success */ - 255 - 8, /* Maximum initial response length (no max) */ - pop3_perform_auth, /* Send authentication command */ - pop3_continue_auth, /* Send authentication continuation */ - pop3_get_message /* Get SASL response message */ + "pop", /* The service name */ + pop3_perform_auth, /* Send authentication command */ + pop3_continue_auth, /* Send authentication continuation */ + pop3_cancel_auth, /* Send authentication cancellation */ + pop3_get_message, /* Get SASL response message */ + 255 - 8, /* Max line len - strlen("AUTH ") - 1 space - crlf */ + '*', /* Code received when continuation is expected */ + '+', /* Code to receive upon authentication success */ + SASL_AUTH_DEFAULT, /* Default mechanisms */ + SASL_FLAG_BASE64 /* Configuration flags */ }; #ifdef USE_SSL @@ -250,34 +254,32 @@ static bool pop3_endofresp(struct Curl_easy *data, struct connectdata *conn, * * Gets the authentication message from the response buffer. */ -static void pop3_get_message(char *buffer, char **outptr) +static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out) { - size_t len = strlen(buffer); - char *message = NULL; + char *message = data->state.buffer; + size_t len = strlen(message); if(len > 2) { /* Find the start of the message */ len -= 2; - for(message = buffer + 2; *message == ' ' || *message == '\t'; - message++, len--) + for(message += 2; *message == ' ' || *message == '\t'; message++, len--) ; /* Find the end of the message */ - for(; len--;) + while(len--) if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && message[len] != '\t') break; /* Terminate the message */ - if(++len) { - message[len] = '\0'; - } + message[++len] = '\0'; + Curl_bufref_set(out, message, len, NULL); } else /* junk input => zero length output */ - message = &buffer[len]; + Curl_bufref_set(out, "", 0, NULL); - *outptr = message; + return CURLE_OK; } /*********************************************************************** @@ -474,16 +476,16 @@ static CURLcode pop3_perform_apop(struct Curl_easy *data, * authentication mechanism. */ static CURLcode pop3_perform_auth(struct Curl_easy *data, - struct connectdata *conn, const char *mech, - const char *initresp) + const struct bufref *initresp) { CURLcode result = CURLE_OK; - struct pop3_conn *pop3c = &conn->proto.pop3c; + struct pop3_conn *pop3c = &data->conn->proto.pop3c; + const char *ir = (const char *) Curl_bufref_ptr(initresp); - if(initresp) { /* AUTH <mech> ...<crlf> */ + if(ir) { /* AUTH <mech> ...<crlf> */ /* Send the AUTH command with the initial response */ - result = Curl_pp_sendf(data, &pop3c->pp, "AUTH %s %s", mech, initresp); + result = Curl_pp_sendf(data, &pop3c->pp, "AUTH %s %s", mech, ir); } else { /* Send the AUTH command */ @@ -497,15 +499,33 @@ static CURLcode pop3_perform_auth(struct Curl_easy *data, * * pop3_continue_auth() * - * Sends SASL continuation data or cancellation. + * Sends SASL continuation data. */ static CURLcode pop3_continue_auth(struct Curl_easy *data, - struct connectdata *conn, - const char *resp) + const char *mech, + const struct bufref *resp) { - struct pop3_conn *pop3c = &conn->proto.pop3c; + struct pop3_conn *pop3c = &data->conn->proto.pop3c; + + (void)mech; - return Curl_pp_sendf(data, &pop3c->pp, "%s", resp); + return Curl_pp_sendf(data, &pop3c->pp, + "%s", (const char *) Curl_bufref_ptr(resp)); +} + +/*********************************************************************** + * + * pop3_cancel_auth() + * + * Sends SASL cancellation. + */ +static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech) +{ + struct pop3_conn *pop3c = &data->conn->proto.pop3c; + + (void)mech; + + return Curl_pp_sendf(data, &pop3c->pp, "*"); } /*********************************************************************** @@ -532,7 +552,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data, if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_SASL) { /* Calculate the SASL login details */ - result = Curl_sasl_start(&pop3c->sasl, data, conn, FALSE, &progress); + result = Curl_sasl_start(&pop3c->sasl, data, FALSE, &progress); if(!result) if(progress == SASL_INPROGRESS) @@ -801,7 +821,7 @@ static CURLcode pop3_state_auth_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ - result = Curl_sasl_continue(&pop3c->sasl, data, conn, pop3code, &progress); + result = Curl_sasl_continue(&pop3c->sasl, data, pop3code, &progress); if(!result) switch(progress) { case SASL_DONE: @@ -1011,7 +1031,9 @@ static CURLcode pop3_statemachine(struct Curl_easy *data, break; case POP3_QUIT: - /* fallthrough, just stop! */ + state(data, POP3_STOP); + break; + default: /* internal error */ state(data, POP3_STOP); @@ -1102,7 +1124,7 @@ static CURLcode pop3_connect(struct Curl_easy *data, bool *done) /* Set the default preferred authentication type and mechanism */ pop3c->preftype = POP3_TYPE_ANY; - Curl_sasl_init(&pop3c->sasl, &saslpop3); + Curl_sasl_init(&pop3c->sasl, data, &saslpop3); /* Initialise the pingpong layer */ Curl_pp_setup(pp); @@ -1343,8 +1365,6 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn) struct pop3_conn *pop3c = &conn->proto.pop3c; const char *ptr = conn->options; - pop3c->sasl.resetprefs = TRUE; - while(!result && ptr && *ptr) { const char *key = ptr; const char *value; diff --git a/contrib/libs/curl/lib/select.c b/contrib/libs/curl/lib/select.c index 52dca5a2c0..70d7ee5c26 100644 --- a/contrib/libs/curl/lib/select.c +++ b/contrib/libs/curl/lib/select.c @@ -64,7 +64,7 @@ * Waiting indefinitely with this function is not allowed, a * zero or negative timeout value will return immediately. * Timeout resolution, accuracy, as well as maximum supported - * value is system dependent, neither factor is a citical issue + * value is system dependent, neither factor is a critical issue * for the intended use of this function in the library. * * Return values: diff --git a/contrib/libs/curl/lib/sendf.c b/contrib/libs/curl/lib/sendf.c index 14ca84bfe5..bcfa27a501 100644 --- a/contrib/libs/curl/lib/sendf.c +++ b/contrib/libs/curl/lib/sendf.c @@ -608,7 +608,7 @@ static CURLcode chop_write(struct Curl_easy *data, /* Curl_client_write() sends data to the write callback(s) The bit pattern defines to what "streams" to write to. Body and/or header. - The defines are in sendf.h of course. "len" is not allowed to be 0. + The defines are in sendf.h of course. If CURL_DO_LINEEND_CONV is enabled, data is converted IN PLACE to the local character encoding. This is a problem and should be changed in @@ -621,8 +621,10 @@ CURLcode Curl_client_write(struct Curl_easy *data, { struct connectdata *conn = data->conn; - DEBUGASSERT(len); - DEBUGASSERT(type <= 3); + DEBUGASSERT(!(type & ~CLIENTWRITE_BOTH)); + + if(!len) + return CURLE_OK; /* FTP data may need conversion. */ if((type & CLIENTWRITE_BODY) && diff --git a/contrib/libs/curl/lib/setopt.c b/contrib/libs/curl/lib/setopt.c index 08827d1ef9..56d9c49926 100644 --- a/contrib/libs/curl/lib/setopt.c +++ b/contrib/libs/curl/lib/setopt.c @@ -2477,6 +2477,15 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) va_arg(param, char *)); break; + case CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256: + /* + * Option to allow for the SHA256 of the host public key to be checked + * for validation purposes. + */ + result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256], + va_arg(param, char *)); + break; + case CURLOPT_SSH_KNOWNHOSTS: /* * Store the file name to read known hosts from. @@ -2507,8 +2516,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * disable libcurl transfer encoding is used */ +#ifndef USE_HYPER data->set.http_te_skip = (0 == va_arg(param, long)) ? TRUE : FALSE; break; +#else + return CURLE_NOT_BUILT_IN; /* hyper doesn't support */ +#endif case CURLOPT_HTTP_CONTENT_DECODING: /* @@ -2929,6 +2942,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) return CURLE_BAD_FUNCTION_ARGUMENT; data->set.maxage_conn = arg; break; + case CURLOPT_MAXLIFETIME_CONN: + arg = va_arg(param, long); + if(arg < 0) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.maxlifetime_conn = arg; + break; case CURLOPT_TRAILERFUNCTION: #ifndef CURL_DISABLE_HTTP data->set.trailer_callback = va_arg(param, curl_trailer_callback); @@ -3004,6 +3023,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) return result; break; #endif + case CURLOPT_PREREQFUNCTION: + data->set.fprereq = va_arg(param, curl_prereq_callback); + break; + case CURLOPT_PREREQDATA: + data->set.prereq_userp = va_arg(param, void *); + break; default: /* unknown tag and its companion, just ignore: */ result = CURLE_UNKNOWN_OPTION; diff --git a/contrib/libs/curl/lib/setup-win32.h b/contrib/libs/curl/lib/setup-win32.h index c35dec88cb..fa8742f3b1 100644 --- a/contrib/libs/curl/lib/setup-win32.h +++ b/contrib/libs/curl/lib/setup-win32.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -25,11 +25,11 @@ /* * Include header files for windows builds before redefining anything. * Use this preprocessor block only to include or exclude windows.h, - * winsock2.h, ws2tcpip.h or winsock.h. Any other windows thing belongs + * winsock2.h or ws2tcpip.h. Any other windows thing belongs * to any other further and independent block. Under Cygwin things work * just as under linux (e.g. <sys/socket.h>) and the winsock headers should * never be included when __CYGWIN__ is defined. configure script takes - * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK_H, HAVE_WINSOCK2_H, + * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK2_H, * neither HAVE_WS2TCPIP_H when __CYGWIN__ is defined. */ @@ -47,10 +47,6 @@ # ifdef HAVE_WS2TCPIP_H # include <ws2tcpip.h> # endif -# else -# ifdef HAVE_WINSOCK_H -# include <winsock.h> -# endif # endif # include <tchar.h> # ifdef UNICODE @@ -67,10 +63,6 @@ #ifdef HAVE_WINSOCK2_H # define USE_WINSOCK 2 -#else -# ifdef HAVE_WINSOCK_H -# error "WinSock version 1 is no longer supported, version 2 is required!" -# endif #endif /* diff --git a/contrib/libs/curl/lib/sha256.c b/contrib/libs/curl/lib/sha256.c index 9bcd110060..068ecccf2f 100644 --- a/contrib/libs/curl/lib/sha256.c +++ b/contrib/libs/curl/lib/sha256.c @@ -29,11 +29,18 @@ #include "curl_sha256.h" #include "curl_hmac.h" +#ifdef USE_WOLFSSL +#error #include <wolfssl/options.h> +#ifndef NO_SHA256 +#define USE_OPENSSL_SHA256 +#endif +#endif + #if defined(USE_OPENSSL) #include <openssl/opensslv.h> -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) +#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) #define USE_OPENSSL_SHA256 #endif @@ -63,7 +70,36 @@ #if defined(USE_OPENSSL_SHA256) /* When OpenSSL is available we use the SHA256-function from OpenSSL */ -#include <openssl/sha.h> +#include <openssl/evp.h> + +#include "curl_memory.h" + +/* The last #include file should be: */ +#include "memdebug.h" + +struct sha256_ctx { + EVP_MD_CTX *openssl_ctx; +}; +typedef struct sha256_ctx my_sha256_ctx; + +static void my_sha256_init(my_sha256_ctx *ctx) +{ + ctx->openssl_ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL); +} + +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) +{ + EVP_DigestUpdate(ctx->openssl_ctx, data, length); +} + +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) +{ + EVP_DigestFinal_ex(ctx->openssl_ctx, digest, NULL); + EVP_MD_CTX_destroy(ctx->openssl_ctx); +} #elif defined(USE_GNUTLS) @@ -74,21 +110,21 @@ /* The last #include file should be: */ #include "memdebug.h" -typedef struct sha256_ctx SHA256_CTX; +typedef struct sha256_ctx my_sha256_ctx; -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { sha256_init(ctx); } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { sha256_update(ctx, length, data); } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { sha256_digest(ctx, SHA256_DIGEST_SIZE, digest); } @@ -102,9 +138,9 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) /* The last #include file should be: */ #include "memdebug.h" -typedef mbedtls_sha256_context SHA256_CTX; +typedef mbedtls_sha256_context my_sha256_ctx; -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_starts(ctx, 0); @@ -113,9 +149,9 @@ static void SHA256_Init(SHA256_CTX *ctx) #endif } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_update(ctx, data, length); @@ -124,7 +160,7 @@ static void SHA256_Update(SHA256_CTX *ctx, #endif } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_finish(ctx, digest); @@ -145,21 +181,21 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) /* The last #include file should be: */ #include "memdebug.h" -typedef CC_SHA256_CTX SHA256_CTX; +typedef CC_SHA256_CTX my_sha256_ctx; -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { (void) CC_SHA256_Init(ctx); } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { (void) CC_SHA256_Update(ctx, data, length); } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { (void) CC_SHA256_Final(digest, ctx); } @@ -172,13 +208,13 @@ struct sha256_ctx { HCRYPTPROV hCryptProv; HCRYPTHASH hHash; }; -typedef struct sha256_ctx SHA256_CTX; +typedef struct sha256_ctx my_sha256_ctx; #if !defined(CALG_SHA_256) #define CALG_SHA_256 0x0000800c #endif -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { @@ -186,14 +222,14 @@ static void SHA256_Init(SHA256_CTX *ctx) } } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { CryptHashData(ctx->hHash, (unsigned char *) data, length, 0); } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { unsigned long length = 0; @@ -262,7 +298,7 @@ struct sha256_state { unsigned long state[8], curlen; unsigned char buf[64]; }; -typedef struct sha256_state SHA256_CTX; +typedef struct sha256_state my_sha256_ctx; /* The K array */ static const unsigned long K[64] = { @@ -339,7 +375,7 @@ static int sha256_compress(struct sha256_state *md, } /* Initialize the hash state */ -static void SHA256_Init(struct sha256_state *md) +static void my_sha256_init(struct sha256_state *md) { md->curlen = 0; md->length = 0; @@ -360,9 +396,9 @@ static void SHA256_Init(struct sha256_state *md) @param inlen The length of the data (octets) @return CRYPT_OK if successful */ -static int SHA256_Update(struct sha256_state *md, - const unsigned char *in, - unsigned long inlen) +static int my_sha256_update(struct sha256_state *md, + const unsigned char *in, + unsigned long inlen) { unsigned long n; @@ -401,8 +437,8 @@ static int SHA256_Update(struct sha256_state *md, @param out [out] The destination of the hash (32 bytes) @return CRYPT_OK if successful */ -static int SHA256_Final(unsigned char *out, - struct sha256_state *md) +static int my_sha256_final(unsigned char *out, + struct sha256_state *md) { int i; @@ -459,24 +495,24 @@ static int SHA256_Final(unsigned char *out, void Curl_sha256it(unsigned char *output, const unsigned char *input, const size_t length) { - SHA256_CTX ctx; + my_sha256_ctx ctx; - SHA256_Init(&ctx); - SHA256_Update(&ctx, input, curlx_uztoui(length)); - SHA256_Final(output, &ctx); + my_sha256_init(&ctx); + my_sha256_update(&ctx, input, curlx_uztoui(length)); + my_sha256_final(output, &ctx); } const struct HMAC_params Curl_HMAC_SHA256[] = { { /* Hash initialization function. */ - CURLX_FUNCTION_CAST(HMAC_hinit_func, SHA256_Init), + CURLX_FUNCTION_CAST(HMAC_hinit_func, my_sha256_init), /* Hash update function. */ - CURLX_FUNCTION_CAST(HMAC_hupdate_func, SHA256_Update), + CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_sha256_update), /* Hash computation end function. */ - CURLX_FUNCTION_CAST(HMAC_hfinal_func, SHA256_Final), + CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_sha256_final), /* Size of hash context structure. */ - sizeof(SHA256_CTX), + sizeof(my_sha256_ctx), /* Maximum key length. */ 64, /* Result size. */ diff --git a/contrib/libs/curl/lib/smtp.c b/contrib/libs/curl/lib/smtp.c index 02ddaca0a2..8e0b046096 100644 --- a/contrib/libs/curl/lib/smtp.c +++ b/contrib/libs/curl/lib/smtp.c @@ -82,6 +82,7 @@ #include "multiif.h" #include "url.h" #include "curl_gethostname.h" +#include "bufref.h" #include "curl_sasl.h" #include "warnless.h" /* The last 3 #include files should be in this order */ @@ -108,12 +109,12 @@ static CURLcode smtp_parse_url_path(struct Curl_easy *data); static CURLcode smtp_parse_custom_request(struct Curl_easy *data); static CURLcode smtp_parse_address(struct Curl_easy *data, const char *fqma, char **address, struct hostname *host); -static CURLcode smtp_perform_auth(struct Curl_easy *data, - struct connectdata *conn, const char *mech, - const char *initresp); -static CURLcode smtp_continue_auth(struct Curl_easy *data, - struct connectdata *conn, const char *resp); -static void smtp_get_message(char *buffer, char **outptr); +static CURLcode smtp_perform_auth(struct Curl_easy *data, const char *mech, + const struct bufref *initresp); +static CURLcode smtp_continue_auth(struct Curl_easy *data, const char *mech, + const struct bufref *resp); +static CURLcode smtp_cancel_auth(struct Curl_easy *data, const char *mech); +static CURLcode smtp_get_message(struct Curl_easy *data, struct bufref *out); /* * SMTP protocol handler. @@ -175,13 +176,16 @@ const struct Curl_handler Curl_handler_smtps = { /* SASL parameters for the smtp protocol */ static const struct SASLproto saslsmtp = { - "smtp", /* The service name */ - 334, /* Code received when continuation is expected */ - 235, /* Code to receive upon authentication success */ - 512 - 8, /* Maximum initial response length (no max) */ - smtp_perform_auth, /* Send authentication command */ - smtp_continue_auth, /* Send authentication continuation */ - smtp_get_message /* Get SASL response message */ + "smtp", /* The service name */ + smtp_perform_auth, /* Send authentication command */ + smtp_continue_auth, /* Send authentication continuation */ + smtp_cancel_auth, /* Cancel authentication */ + smtp_get_message, /* Get SASL response message */ + 512 - 8, /* Max line len - strlen("AUTH ") - 1 space - crlf */ + 334, /* Code received when continuation is expected */ + 235, /* Code to receive upon authentication success */ + SASL_AUTH_DEFAULT, /* Default mechanisms */ + SASL_FLAG_BASE64 /* Configuration flags */ }; #ifdef USE_SSL @@ -248,34 +252,32 @@ static bool smtp_endofresp(struct Curl_easy *data, struct connectdata *conn, * * Gets the authentication message from the response buffer. */ -static void smtp_get_message(char *buffer, char **outptr) +static CURLcode smtp_get_message(struct Curl_easy *data, struct bufref *out) { - size_t len = strlen(buffer); - char *message = NULL; + char *message = data->state.buffer; + size_t len = strlen(message); if(len > 4) { /* Find the start of the message */ len -= 4; - for(message = buffer + 4; *message == ' ' || *message == '\t'; - message++, len--) + for(message += 4; *message == ' ' || *message == '\t'; message++, len--) ; /* Find the end of the message */ - for(; len--;) + while(len--) if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' && message[len] != '\t') break; /* Terminate the message */ - if(++len) { - message[len] = '\0'; - } + message[++len] = '\0'; + Curl_bufref_set(out, message, len, NULL); } else /* junk input => zero length output */ - message = &buffer[len]; + Curl_bufref_set(out, "", 0, NULL); - *outptr = message; + return CURLE_OK; } /*********************************************************************** @@ -421,16 +423,16 @@ static CURLcode smtp_perform_upgrade_tls(struct Curl_easy *data) * authentication mechanism. */ static CURLcode smtp_perform_auth(struct Curl_easy *data, - struct connectdata *conn, const char *mech, - const char *initresp) + const struct bufref *initresp) { CURLcode result = CURLE_OK; - struct smtp_conn *smtpc = &conn->proto.smtpc; + struct smtp_conn *smtpc = &data->conn->proto.smtpc; + const char *ir = (const char *) Curl_bufref_ptr(initresp); - if(initresp) { /* AUTH <mech> ...<crlf> */ + if(ir) { /* AUTH <mech> ...<crlf> */ /* Send the AUTH command with the initial response */ - result = Curl_pp_sendf(data, &smtpc->pp, "AUTH %s %s", mech, initresp); + result = Curl_pp_sendf(data, &smtpc->pp, "AUTH %s %s", mech, ir); } else { /* Send the AUTH command */ @@ -444,14 +446,33 @@ static CURLcode smtp_perform_auth(struct Curl_easy *data, * * smtp_continue_auth() * - * Sends SASL continuation data or cancellation. + * Sends SASL continuation data. */ static CURLcode smtp_continue_auth(struct Curl_easy *data, - struct connectdata *conn, const char *resp) + const char *mech, + const struct bufref *resp) { - struct smtp_conn *smtpc = &conn->proto.smtpc; + struct smtp_conn *smtpc = &data->conn->proto.smtpc; + + (void)mech; + + return Curl_pp_sendf(data, &smtpc->pp, + "%s", (const char *) Curl_bufref_ptr(resp)); +} + +/*********************************************************************** + * + * smtp_cancel_auth() + * + * Sends SASL cancellation. + */ +static CURLcode smtp_cancel_auth(struct Curl_easy *data, const char *mech) +{ + struct smtp_conn *smtpc = &data->conn->proto.smtpc; - return Curl_pp_sendf(data, &smtpc->pp, "%s", resp); + (void)mech; + + return Curl_pp_sendf(data, &smtpc->pp, "*"); } /*********************************************************************** @@ -469,7 +490,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data) saslprogress progress; /* Check we have enough data to authenticate with, and the - server supports authentiation, and end the connect phase if not */ + server supports authentication, and end the connect phase if not */ if(!smtpc->auth_supported || !Curl_sasl_can_authenticate(&smtpc->sasl, conn)) { state(data, SMTP_STOP); @@ -477,7 +498,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data) } /* Calculate the SASL login details */ - result = Curl_sasl_start(&smtpc->sasl, data, conn, FALSE, &progress); + result = Curl_sasl_start(&smtpc->sasl, data, FALSE, &progress); if(!result) { if(progress == SASL_INPROGRESS) @@ -506,7 +527,7 @@ static CURLcode smtp_perform_command(struct Curl_easy *data) if(smtp->rcpt) { /* We notify the server we are sending UTF-8 data if a) it supports the - SMTPUTF8 extension and b) The mailbox contains UTF-8 charaacters, in + SMTPUTF8 extension and b) The mailbox contains UTF-8 characters, in either the local address or host name parts. This is regardless of whether the host name is encoded using IDN ACE */ bool utf8 = FALSE; @@ -579,7 +600,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data) struct connectdata *conn = data->conn; /* We notify the server we are sending UTF-8 data if a) it supports the - SMTPUTF8 extension and b) The mailbox contains UTF-8 charaacters, in + SMTPUTF8 extension and b) The mailbox contains UTF-8 characters, in either the local address or host name parts. This is regardless of whether the host name is encoded using IDN ACE */ bool utf8 = FALSE; @@ -985,7 +1006,7 @@ static CURLcode smtp_state_auth_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ - result = Curl_sasl_continue(&smtpc->sasl, data, conn, smtpcode, &progress); + result = Curl_sasl_continue(&smtpc->sasl, data, smtpcode, &progress); if(!result) switch(progress) { case SASL_DONE: @@ -1333,7 +1354,7 @@ static CURLcode smtp_connect(struct Curl_easy *data, bool *done) PINGPONG_SETUP(pp, smtp_statemachine, smtp_endofresp); /* Initialize the SASL storage */ - Curl_sasl_init(&smtpc->sasl, &saslsmtp); + Curl_sasl_init(&smtpc->sasl, data, &saslsmtp); /* Initialise the pingpong layer */ Curl_pp_setup(pp); @@ -1655,8 +1676,6 @@ static CURLcode smtp_parse_url_options(struct connectdata *conn) struct smtp_conn *smtpc = &conn->proto.smtpc; const char *ptr = conn->options; - smtpc->sasl.resetprefs = TRUE; - while(!result && ptr && *ptr) { const char *key = ptr; const char *value; diff --git a/contrib/libs/curl/lib/socks_gssapi.c b/contrib/libs/curl/lib/socks_gssapi.c index c87244138a..f04a18d63b 100644 --- a/contrib/libs/curl/lib/socks_gssapi.c +++ b/contrib/libs/curl/lib/socks_gssapi.c @@ -257,7 +257,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, return CURLE_COULDNT_CONNECT; } - if(socksreq[1] != 1) { /* status / messgae type */ + if(socksreq[1] != 1) { /* status / message type */ failf(data, "Invalid GSS-API authentication response type (%d %d).", socksreq[0], socksreq[1]); gss_release_name(&gss_status, &server); @@ -452,7 +452,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, return CURLE_COULDNT_CONNECT; } - if(socksreq[1] != 2) { /* status / messgae type */ + if(socksreq[1] != 2) { /* status / message type */ failf(data, "Invalid GSS-API encryption response type (%d %d).", socksreq[0], socksreq[1]); gss_delete_sec_context(&gss_status, &gss_context, NULL); diff --git a/contrib/libs/curl/lib/socks_sspi.c b/contrib/libs/curl/lib/socks_sspi.c index cb225b9b5a..ffc8703468 100644 --- a/contrib/libs/curl/lib/socks_sspi.c +++ b/contrib/libs/curl/lib/socks_sspi.c @@ -277,7 +277,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, return CURLE_COULDNT_CONNECT; } - if(socksreq[1] != 1) { /* status / messgae type */ + if(socksreq[1] != 1) { /* status / message type */ failf(data, "Invalid SSPI authentication response type (%u %u).", (unsigned int)socksreq[0], (unsigned int)socksreq[1]); free(service_name); diff --git a/contrib/libs/curl/lib/splay.c b/contrib/libs/curl/lib/splay.c index a94e2c85e9..1c1dafb920 100644 --- a/contrib/libs/curl/lib/splay.c +++ b/contrib/libs/curl/lib/splay.c @@ -154,7 +154,7 @@ struct Curl_tree *Curl_splaygetbest(struct curltime i, struct Curl_tree *t, struct Curl_tree **removed) { - static struct curltime tv_zero = {0, 0}; + static const struct curltime tv_zero = {0, 0}; struct Curl_tree *x; if(!t) { diff --git a/contrib/libs/curl/lib/strerror.c b/contrib/libs/curl/lib/strerror.c index 29c5fb27c1..9d47c477d5 100644 --- a/contrib/libs/curl/lib/strerror.c +++ b/contrib/libs/curl/lib/strerror.c @@ -453,6 +453,78 @@ curl_share_strerror(CURLSHcode error) #endif } +const char * +curl_url_strerror(CURLUcode error) +{ +#ifndef CURL_DISABLE_VERBOSE_STRINGS + switch(error) { + case CURLUE_OK: + return "No error"; + + case CURLUE_BAD_HANDLE: + return "An invalid CURLU pointer was passed as argument"; + + case CURLUE_BAD_PARTPOINTER: + return "An invalid 'part' argument was passed as argument"; + + case CURLUE_MALFORMED_INPUT: + return "A malformed input was passed to a URL API function"; + + case CURLUE_BAD_PORT_NUMBER: + return "The port number was not a decimal number between 0 and 65535"; + + case CURLUE_UNSUPPORTED_SCHEME: + return "This libcurl build doesn't support the given URL scheme"; + + case CURLUE_URLDECODE: + return "URL decode error, most likely because of rubbish in the input"; + + case CURLUE_OUT_OF_MEMORY: + return "A memory function failed"; + + case CURLUE_USER_NOT_ALLOWED: + return "Credentials was passed in the URL when prohibited"; + + case CURLUE_UNKNOWN_PART: + return "An unknown part ID was passed to a URL API function"; + + case CURLUE_NO_SCHEME: + return "There is no scheme part in the URL"; + + case CURLUE_NO_USER: + return "There is no user part in the URL"; + + case CURLUE_NO_PASSWORD: + return "There is no password part in the URL"; + + case CURLUE_NO_OPTIONS: + return "There is no options part in the URL"; + + case CURLUE_NO_HOST: + return "There is no host part in the URL"; + + case CURLUE_NO_PORT: + return "There is no port part in the URL"; + + case CURLUE_NO_QUERY: + return "There is no query part in the URL"; + + case CURLUE_NO_FRAGMENT: + return "There is no fragment part in the URL"; + + case CURLUE_LAST: + break; + } + + return "CURLUcode unknown"; +#else + if(error == CURLUE_OK) + return "No error"; + else + return "Error"; +#endif +} + #ifdef USE_WINSOCK /* This is a helper function for Curl_strerror that converts Winsock error * codes (WSAGetLastError) to error messages. diff --git a/contrib/libs/curl/lib/system_win32.c b/contrib/libs/curl/lib/system_win32.c index 2939fd0d74..d4e194831f 100644 --- a/contrib/libs/curl/lib/system_win32.c +++ b/contrib/libs/curl/lib/system_win32.c @@ -102,6 +102,8 @@ CURLcode Curl_win32_init(long flags) Curl_if_nametoindex = pIfNameToIndex; } + /* curlx_verify_windows_version must be called during init at least once + because it has its own initialization routine. */ if(curlx_verify_windows_version(6, 0, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL)) { Curl_isVistaOrGreater = TRUE; diff --git a/contrib/libs/curl/lib/tftp.c b/contrib/libs/curl/lib/tftp.c index aae997d0f1..7e5246f010 100644 --- a/contrib/libs/curl/lib/tftp.c +++ b/contrib/libs/curl/lib/tftp.c @@ -1304,9 +1304,9 @@ static CURLcode tftp_doing(struct Curl_easy *data, bool *dophase_done) /********************************************************** * - * tftp_peform + * tftp_perform * - * Entry point for transfer from tftp_do, sarts state mach + * Entry point for transfer from tftp_do, starts state mach * **********************************************************/ static CURLcode tftp_perform(struct Curl_easy *data, bool *dophase_done) diff --git a/contrib/libs/curl/lib/url.c b/contrib/libs/curl/lib/url.c index a353588cbd..9a1a14a262 100644 --- a/contrib/libs/curl/lib/url.c +++ b/contrib/libs/curl/lib/url.c @@ -622,6 +622,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->upkeep_interval_ms = CURL_UPKEEP_INTERVAL_DEFAULT; set->maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */ set->maxage_conn = 118; + set->maxlifetime_conn = 0; set->http09_allowed = FALSE; set->httpwant = #ifdef USE_NGHTTP2 @@ -962,21 +963,36 @@ socks_proxy_info_matches(const struct proxy_info *data, #define socks_proxy_info_matches(x,y) FALSE #endif -/* A connection has to have been idle for a shorter time than 'maxage_conn' to - be subject for reuse. The success rate is just too low after this. */ +/* A connection has to have been idle for a shorter time than 'maxage_conn' + (the success rate is just too low after this), or created less than + 'maxlifetime_conn' ago, to be subject for reuse. */ static bool conn_maxage(struct Curl_easy *data, struct connectdata *conn, struct curltime now) { - timediff_t idletime = Curl_timediff(now, conn->lastused); + timediff_t idletime, lifetime; + + idletime = Curl_timediff(now, conn->lastused); idletime /= 1000; /* integer seconds is fine */ if(idletime > data->set.maxage_conn) { - infof(data, "Too old connection (%ld seconds), disconnect it", + infof(data, "Too old connection (%ld seconds idle), disconnect it", idletime); return TRUE; } + + lifetime = Curl_timediff(now, conn->created); + lifetime /= 1000; /* integer seconds is fine */ + + if(data->set.maxlifetime_conn && lifetime > data->set.maxlifetime_conn) { + infof(data, + "Too old connection (%ld seconds since creation), disconnect it", + lifetime); + return TRUE; + } + + return FALSE; } @@ -1954,7 +1970,8 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, CURLU_DISALLOW_USER : 0) | (data->set.path_as_is ? CURLU_PATH_AS_IS : 0)); if(uc) { - DEBUGF(infof(data, "curl_url_set rejected %s", data->state.url)); + DEBUGF(infof(data, "curl_url_set rejected %s: %s", data->state.url, + curl_url_strerror(uc))); return Curl_uc_to_curlcode(uc); } @@ -2380,6 +2397,11 @@ static CURLcode parse_proxy(struct Curl_easy *data, CURLcode result = CURLE_OK; char *scheme = NULL; + if(!uhp) { + result = CURLE_OUT_OF_MEMORY; + goto error; + } + /* When parsing the proxy, allowing non-supported schemes since we have these made up ones for proxies. Guess scheme for URLs without it. */ uc = curl_url_set(uhp, CURLUPART_URL, proxy, @@ -2763,7 +2785,7 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len, size_t plen; size_t olen; - /* the input length check is because this is called directcly from setopt + /* the input length check is because this is called directly from setopt and isn't going through the regular string length check */ size_t llen = strlen(login); if(llen > CURL_MAX_INPUT_LENGTH) @@ -4093,7 +4115,7 @@ CURLcode Curl_connect(struct Curl_easy *data, /* init the single-transfer specific data */ Curl_free_request_state(data); memset(&data->req, 0, sizeof(struct SingleRequest)); - data->req.maxdownload = -1; + data->req.size = data->req.maxdownload = -1; /* call the stuff that needs to be called */ result = create_conn(data, &conn, asyncp); diff --git a/contrib/libs/curl/lib/urlapi.c b/contrib/libs/curl/lib/urlapi.c index 7f03862cfa..6d116b61bf 100644 --- a/contrib/libs/curl/lib/urlapi.c +++ b/contrib/libs/curl/lib/urlapi.c @@ -157,23 +157,23 @@ static size_t strlen_url(const char *url, bool relative) continue; } - switch(*ptr) { - case '?': - left = FALSE; - /* FALLTHROUGH */ - default: - if(urlchar_needs_escaping(*ptr)) - newlen += 2; - newlen++; - break; - case ' ': + if(*ptr == ' ') { if(left) newlen += 3; else newlen++; - break; + continue; } + + if (*ptr == '?') + left = FALSE; + + if(urlchar_needs_escaping(*ptr)) + newlen += 2; + + newlen++; } + return newlen; } @@ -202,19 +202,7 @@ static void strcpy_url(char *output, const char *url, bool relative) continue; } - switch(*iptr) { - case '?': - left = FALSE; - /* FALLTHROUGH */ - default: - if(urlchar_needs_escaping(*iptr)) { - msnprintf(optr, 4, "%%%02x", *iptr); - optr += 3; - } - else - *optr++=*iptr; - break; - case ' ': + if(*iptr == ' ') { if(left) { *optr++='%'; /* add a '%' */ *optr++='2'; /* add a '2' */ @@ -222,8 +210,18 @@ static void strcpy_url(char *output, const char *url, bool relative) } else *optr++='+'; /* add a '+' here */ - break; + continue; + } + + if(*iptr == '?') + left = FALSE; + + if(urlchar_needs_escaping(*iptr)) { + msnprintf(optr, 4, "%%%02x", *iptr); + optr += 3; } + else + *optr++ = *iptr; } *optr = 0; /* null-terminate output buffer */ @@ -656,7 +654,7 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname) } else { /* letters from the second string is not ok */ - len = strcspn(hostname, " "); + len = strcspn(hostname, " \r\n"); if(hlen != len) /* hostname with bad content */ return CURLUE_MALFORMED_INPUT; @@ -756,10 +754,35 @@ static bool ipv4_normalize(const char *hostname, char *outp, size_t olen) return TRUE; } +/* return strdup'ed version in 'outp', possibly percent decoded */ +static CURLUcode decode_host(char *hostname, char **outp) +{ + char *per = NULL; + if(hostname[0] != '[') + /* only decode if not an ipv6 numerical */ + per = strchr(hostname, '%'); + if(!per) { + *outp = strdup(hostname); + if(!*outp) + return CURLUE_OUT_OF_MEMORY; + } + else { + /* might be encoded */ + size_t dlen; + CURLcode result = Curl_urldecode(NULL, hostname, 0, + outp, &dlen, REJECT_CTRL); + if(result) + return CURLUE_MALFORMED_INPUT; + } + + return CURLUE_OK; +} + static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) { char *path; bool path_alloced = FALSE; + bool uncpath = FALSE; char *hostname; char *query = NULL; char *fragment = NULL; @@ -798,7 +821,6 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) /* path has been allocated large enough to hold this */ strcpy(path, &url[5]); - hostname = NULL; /* no host for file: URLs */ u->scheme = strdup("file"); if(!u->scheme) return CURLUE_OUT_OF_MEMORY; @@ -820,10 +842,13 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) * * o the hostname matches "localhost" (case-insensitively), or * - * o the hostname is a FQDN that resolves to this machine. + * o the hostname is a FQDN that resolves to this machine, or + * + * o it is an UNC String transformed to an URI (Windows only, RFC 8089 + * Appendix E.3). * * For brevity, we only consider URLs with empty, "localhost", or - * "127.0.0.1" hostnames as local. + * "127.0.0.1" hostnames as local, otherwise as an UNC String. * * Additionally, there is an exception for URLs with a Windows drive * letter in the authority (which was accidentally omitted from RFC 8089 @@ -832,18 +857,43 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) if(ptr[0] != '/' && !STARTS_WITH_URL_DRIVE_PREFIX(ptr)) { /* the URL includes a host name, it must match "localhost" or "127.0.0.1" to be valid */ - if(!checkprefix("localhost/", ptr) && - !checkprefix("127.0.0.1/", ptr)) { + if(checkprefix("localhost/", ptr) || + checkprefix("127.0.0.1/", ptr)) { + ptr += 9; /* now points to the slash after the host */ + } + else { +#if defined(WIN32) + size_t len; + + /* the host name, NetBIOS computer name, can not contain disallowed + chars, and the delimiting slash character must be appended to the + host name */ + path = strpbrk(ptr, "/\\:*?\"<>|"); + if(!path || *path != '/') + return CURLUE_MALFORMED_INPUT; + + len = path - ptr; + if(len) { + memcpy(hostname, ptr, len); + hostname[len] = 0; + uncpath = TRUE; + } + + ptr -= 2; /* now points to the // before the host in UNC */ +#else /* Invalid file://hostname/, expected localhost or 127.0.0.1 or none */ return CURLUE_MALFORMED_INPUT; +#endif } - ptr += 9; /* now points to the slash after the host */ } path = ptr; } + if(!uncpath) + hostname = NULL; /* no host for file: URLs by default */ + #if !defined(MSDOS) && !defined(WIN32) && !defined(__CYGWIN__) /* Don't allow Windows drive letters when not in Windows. * This catches both "file:/c:" and "file:c:" */ @@ -1003,20 +1053,22 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) if(0 == strlen(hostname) && (flags & CURLU_NO_AUTHORITY)) { /* Skip hostname check, it's allowed to be empty. */ + u->host = strdup(""); } else { - result = hostname_check(u, hostname); - if(result) - return result; + if(ipv4_normalize(hostname, normalized_ipv4, sizeof(normalized_ipv4))) + u->host = strdup(normalized_ipv4); + else { + result = decode_host(hostname, &u->host); + if(result) + return result; + result = hostname_check(u, u->host); + if(result) + return result; + } } - - if(ipv4_normalize(hostname, normalized_ipv4, sizeof(normalized_ipv4))) - u->host = strdup(normalized_ipv4); - else - u->host = strdup(hostname); if(!u->host) return CURLUE_OUT_OF_MEMORY; - if((flags & CURLU_GUESS_SCHEME) && !schemep) { /* legacy curl-style guess based on host name */ if(checkprefix("ftp.", hostname)) @@ -1111,6 +1163,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what, CURLUcode ifmissing = CURLUE_UNKNOWN_PART; char portbuf[7]; bool urldecode = (flags & CURLU_URLDECODE)?1:0; + bool urlencode = (flags & CURLU_URLENCODE)?1:0; bool plusdecode = FALSE; (void)flags; if(!u) @@ -1228,16 +1281,54 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what, if(h && !(h->flags & PROTOPT_URLOPTIONS)) options = NULL; - if((u->host[0] == '[') && u->zoneid) { - /* make it '[ host %25 zoneid ]' */ - size_t hostlen = strlen(u->host); - size_t alen = hostlen + 3 + strlen(u->zoneid) + 1; - allochost = malloc(alen); + if(u->host[0] == '[') { + if(u->zoneid) { + /* make it '[ host %25 zoneid ]' */ + size_t hostlen = strlen(u->host); + size_t alen = hostlen + 3 + strlen(u->zoneid) + 1; + allochost = malloc(alen); + if(!allochost) + return CURLUE_OUT_OF_MEMORY; + memcpy(allochost, u->host, hostlen - 1); + msnprintf(&allochost[hostlen - 1], alen - hostlen + 1, + "%%25%s]", u->zoneid); + } + } + else if(urlencode) { + allochost = curl_easy_escape(NULL, u->host, 0); if(!allochost) return CURLUE_OUT_OF_MEMORY; - memcpy(allochost, u->host, hostlen - 1); - msnprintf(&allochost[hostlen - 1], alen - hostlen + 1, - "%%25%s]", u->zoneid); + } + else { + /* only encode '%' in output host name */ + char *host = u->host; + size_t pcount = 0; + /* first, count number of percents present in the name */ + while(*host) { + if(*host == '%') + pcount++; + host++; + } + /* if there were percents, encode the host name */ + if(pcount) { + size_t hostlen = strlen(u->host); + size_t alen = hostlen + 2 * pcount + 1; + char *o = allochost = malloc(alen); + if(!allochost) + return CURLUE_OUT_OF_MEMORY; + + host = u->host; + while(*host) { + if(*host == '%') { + memcpy(o, "%25", 3); + o += 3; + host++; + continue; + } + *o++ = *host++; + } + *o = '\0'; + } } url = aprintf("%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", @@ -1379,10 +1470,15 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, case CURLUPART_OPTIONS: storep = &u->options; break; - case CURLUPART_HOST: + case CURLUPART_HOST: { + size_t len = strcspn(part, " \r\n"); + if(strlen(part) != len) + /* hostname with bad content */ + return CURLUE_MALFORMED_INPUT; storep = &u->host; Curl_safefree(u->zoneid); break; + } case CURLUPART_ZONEID: storep = &u->zoneid; break; diff --git a/contrib/libs/curl/lib/urldata.h b/contrib/libs/curl/lib/urldata.h index b1b298b691..76488b2549 100644 --- a/contrib/libs/curl/lib/urldata.h +++ b/contrib/libs/curl/lib/urldata.h @@ -330,7 +330,7 @@ struct digestdata { char *opaque; char *qop; char *algorithm; - int nc; /* nounce count */ + int nc; /* nonce count */ BIT(stale); /* set true for re-negotiation */ BIT(userhash); #endif @@ -1554,6 +1554,7 @@ enum dupstring { STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */ STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */ STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */ + STRING_SSH_HOST_PUBLIC_KEY_SHA256, /* sha256 of host public key in base64 */ STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */ STRING_PROXY_SERVICE_NAME, /* Proxy service name */ STRING_SERVICE_NAME, /* Service name */ @@ -1651,6 +1652,8 @@ struct UserDefined { curl_closesocket_callback fclosesocket; /* function for closing the socket */ void *closesocket_client; + curl_prereq_callback fprereq; /* pre-initial request callback */ + void *prereq_userp; /* pre-initial request user data */ void *seek_client; /* pointer to pass to the seek callback */ /* the 3 curl_conv_callback functions below are used on non-ASCII hosts */ @@ -1675,6 +1678,8 @@ struct UserDefined { long server_response_timeout; /* in milliseconds, 0 means no timeout */ long maxage_conn; /* in seconds, max idle time to allow a connection that is to be reused */ + long maxlifetime_conn; /* in seconds, max time since creation to allow a + connection that is to be reused */ long tftp_blksize; /* in bytes, 0 means use default */ curl_off_t filesize; /* size of file to upload, -1 means unknown */ long low_speed_limit; /* bytes/second */ @@ -1852,7 +1857,6 @@ struct UserDefined { BIT(abstract_unix_socket); BIT(disallow_username_in_url); /* disallow username in url */ BIT(doh); /* DNS-over-HTTPS enabled */ - BIT(doh_get); /* use GET for DoH requests, instead of POST */ BIT(doh_verifypeer); /* DoH certificate peer verification */ BIT(doh_verifyhost); /* DoH certificate hostname verification */ BIT(doh_verifystatus); /* DoH certificate status verification */ diff --git a/contrib/libs/curl/lib/version_win32.c b/contrib/libs/curl/lib/version_win32.c index b8157e9893..2f845413cc 100644 --- a/contrib/libs/curl/lib/version_win32.c +++ b/contrib/libs/curl/lib/version_win32.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016 - 2020, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2016 - 2021, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,11 +26,28 @@ #include <curl/curl.h> #include "version_win32.h" +#include "warnless.h" /* The last #include files should be: */ #include "curl_memory.h" #include "memdebug.h" +/* This Unicode version struct works for VerifyVersionInfoW (OSVERSIONINFOEXW) + and RtlVerifyVersionInfo (RTLOSVERSIONINFOEXW) */ +struct OUR_OSVERSIONINFOEXW { + ULONG dwOSVersionInfoSize; + ULONG dwMajorVersion; + ULONG dwMinorVersion; + ULONG dwBuildNumber; + ULONG dwPlatformId; + WCHAR szCSDVersion[128]; + USHORT wServicePackMajor; + USHORT wServicePackMinor; + USHORT wSuiteMask; + UCHAR wProductType; + UCHAR wReserved; +}; + /* * curlx_verify_windows_version() * @@ -152,12 +169,23 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, } #else ULONGLONG cm = 0; - OSVERSIONINFOEX osver; + struct OUR_OSVERSIONINFOEXW osver; BYTE majorCondition; BYTE minorCondition; BYTE spMajorCondition; BYTE spMinorCondition; + typedef LONG (APIENTRY *RTLVERIFYVERSIONINFO_FN) + (struct OUR_OSVERSIONINFOEXW *, ULONG, ULONGLONG); + static RTLVERIFYVERSIONINFO_FN pRtlVerifyVersionInfo; + static bool onetime = true; /* safe because first call is during init */ + + if(onetime) { + pRtlVerifyVersionInfo = CURLX_FUNCTION_CAST(RTLVERIFYVERSIONINFO_FN, + (GetProcAddress(GetModuleHandleA("ntdll"), "RtlVerifyVersionInfo"))); + onetime = false; + } + switch(condition) { case VERSION_LESS_THAN: majorCondition = VER_LESS; @@ -214,10 +242,23 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, if(platform != PLATFORM_DONT_CARE) cm = VerSetConditionMask(cm, VER_PLATFORMID, VER_EQUAL); - if(VerifyVersionInfo(&osver, (VER_MAJORVERSION | VER_MINORVERSION | - VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR), - cm)) - matched = TRUE; + /* Later versions of Windows have version functions that may not return the + real version of Windows unless the application is so manifested. We prefer + the real version always, so we use the Rtl variant of the function when + possible. Note though the function signatures have underlying fundamental + types that are the same, the return values are different. */ + if(pRtlVerifyVersionInfo) { + matched = !pRtlVerifyVersionInfo(&osver, + (VER_MAJORVERSION | VER_MINORVERSION | + VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR), + cm); + } + else { + matched = !!VerifyVersionInfoW((OSVERSIONINFOEXW *)&osver, + (VER_MAJORVERSION | VER_MINORVERSION | + VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR), + cm); + } #endif return matched; diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c index a61061cec1..e1f2d020df 100644 --- a/contrib/libs/curl/lib/vquic/ngtcp2.c +++ b/contrib/libs/curl/lib/vquic/ngtcp2.c @@ -61,6 +61,7 @@ #endif #define H3_ALPN_H3_29 "\x5h3-29" +#define H3_ALPN_H3 "\x2h3" /* * This holds outgoing HTTP/3 stream data that is used by nghttp3 until acked. @@ -303,9 +304,10 @@ static int quic_init_ssl(struct quicsocket *qs) SSL_set_app_data(qs->ssl, qs); SSL_set_connect_state(qs->ssl); + SSL_set_quic_use_legacy_codepoint(qs->ssl, 0); - alpn = (const uint8_t *)H3_ALPN_H3_29; - alpnlen = sizeof(H3_ALPN_H3_29) - 1; + alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3; + alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1; if(alpn) SSL_set_alpn_protos(qs->ssl, alpn, (int)alpnlen); @@ -417,7 +419,7 @@ static int tp_send_func(gnutls_session_t ssl, gnutls_buffer_t extdata) static int quic_init_ssl(struct quicsocket *qs) { - gnutls_datum_t alpn = {NULL, 0}; + gnutls_datum_t alpn[2]; /* this will need some attention when HTTPS proxy over QUIC get fixed */ const char * const hostname = qs->conn->host.name; int rc; @@ -439,12 +441,10 @@ static int quic_init_ssl(struct quicsocket *qs) gnutls_alert_set_read_function(qs->ssl, alert_read_func); rc = gnutls_session_ext_register(qs->ssl, "QUIC Transport Parameters", - 0xffa5, GNUTLS_EXT_TLS, - tp_recv_func, tp_send_func, - NULL, NULL, NULL, - GNUTLS_EXT_FLAG_TLS | - GNUTLS_EXT_FLAG_CLIENT_HELLO | - GNUTLS_EXT_FLAG_EE); + NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS_V1, GNUTLS_EXT_TLS, + tp_recv_func, tp_send_func, NULL, NULL, NULL, + GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | + GNUTLS_EXT_FLAG_EE); if(rc < 0) { H3BUGF(fprintf(stderr, "gnutls_session_ext_register failed: %s\n", gnutls_strerror(rc))); @@ -484,10 +484,12 @@ static int quic_init_ssl(struct quicsocket *qs) } /* strip the first byte (the length) from NGHTTP3_ALPN_H3 */ - alpn.data = (unsigned char *)H3_ALPN_H3_29 + 1; - alpn.size = sizeof(H3_ALPN_H3_29) - 2; - if(alpn.data) - gnutls_alpn_set_protocols(qs->ssl, &alpn, 1, 0); + alpn[0].data = (unsigned char *)H3_ALPN_H3_29 + 1; + alpn[0].size = sizeof(H3_ALPN_H3_29) - 2; + alpn[1].data = (unsigned char *)H3_ALPN_H3 + 1; + alpn[1].size = sizeof(H3_ALPN_H3) - 2; + + gnutls_alpn_set_protocols(qs->ssl, alpn, 2, GNUTLS_ALPN_MANDATORY); /* set SNI */ gnutls_server_name_set(qs->ssl, GNUTLS_NAME_DNS, hostname, strlen(hostname)); @@ -648,6 +650,20 @@ static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t stream_id, return 0; } +static void cb_rand(uint8_t *dest, size_t destlen, + const ngtcp2_rand_ctx *rand_ctx) +{ + CURLcode result; + (void)rand_ctx; + + result = Curl_rand(NULL, dest, destlen); + if(result) { + /* cb_rand is only used for non-cryptographic context. If Curl_rand + failed, just fill 0 and call it *random*. */ + memset(dest, 0, destlen); + } +} + static int cb_get_new_connection_id(ngtcp2_conn *tconn, ngtcp2_cid *cid, uint8_t *token, size_t cidlen, void *user_data) @@ -685,7 +701,7 @@ static ngtcp2_callbacks ng_callbacks = { ngtcp2_crypto_recv_retry_cb, cb_extend_max_local_streams_bidi, NULL, /* extend_max_local_streams_uni */ - NULL, /* rand */ + cb_rand, cb_get_new_connection_id, NULL, /* remove_connection_id */ ngtcp2_crypto_update_key_cb, /* update_key */ @@ -703,7 +719,7 @@ static ngtcp2_callbacks ng_callbacks = { NULL, /* recv_datagram */ NULL, /* ack_datagram */ NULL, /* lost_datagram */ - NULL, /* get_path_challenge_data */ + ngtcp2_crypto_get_path_challenge_data_cb, cb_stream_stop_sending }; @@ -776,7 +792,7 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, ngtcp2_addr_init(&path.remote, addr, addrlen); rc = ngtcp2_conn_client_new(&qs->qconn, &qs->dcid, &qs->scid, &path, - NGTCP2_PROTO_VER_MIN, &ng_callbacks, + NGTCP2_PROTO_VER_V1, &ng_callbacks, &qs->settings, &qs->transport_params, NULL, qs); if(rc) return CURLE_QUIC_CONNECT_ERROR; @@ -792,7 +808,7 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, void Curl_quic_ver(char *p, size_t len) { const ngtcp2_info *ng2 = ngtcp2_version(0); - nghttp3_info *ht3 = nghttp3_version(0); + const nghttp3_info *ht3 = nghttp3_version(0); (void)msnprintf(p, len, "ngtcp2/%s nghttp3/%s", ng2->version_str, ht3->version_str); } diff --git a/contrib/libs/curl/lib/vssh/libssh2.c b/contrib/libs/curl/lib/vssh/libssh2.c index 7683b43cfa..74909c460c 100644 --- a/contrib/libs/curl/lib/vssh/libssh2.c +++ b/contrib/libs/curl/lib/vssh/libssh2.c @@ -81,6 +81,11 @@ #include "select.h" #include "warnless.h" #error #include "curl_path.h" +#include "strcase.h" + +#include <curl_base64.h> /* for base64 encoding/decoding */ +#include <curl_sha256.h> + /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -615,40 +620,142 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data) struct connectdata *conn = data->conn; struct ssh_conn *sshc = &conn->proto.sshc; const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]; - char md5buffer[33]; + const char *pubkey_sha256 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256]; + + infof(data, "SSH MD5 public key: %s", + pubkey_md5 != NULL ? pubkey_md5 : "NULL"); + infof(data, "SSH SHA256 public key: %s", + pubkey_sha256 != NULL ? pubkey_sha256 : "NULL"); - const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session, - LIBSSH2_HOSTKEY_HASH_MD5); + if(pubkey_sha256) { + const char *fingerprint = NULL; + char *fingerprint_b64 = NULL; + size_t fingerprint_b64_len; + size_t pub_pos = 0; + size_t b64_pos = 0; - if(fingerprint) { +#ifdef LIBSSH2_HOSTKEY_HASH_SHA256 /* The fingerprint points to static storage (!), don't free() it. */ - int i; - for(i = 0; i < 16; i++) - msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); - infof(data, "SSH MD5 fingerprint: %s", md5buffer); - } + fingerprint = libssh2_hostkey_hash(sshc->ssh_session, + LIBSSH2_HOSTKEY_HASH_SHA256); +#else + const char *hostkey; + size_t len = 0; + unsigned char hash[32]; + + hostkey = libssh2_session_hostkey(sshc->ssh_session, &len, NULL); + if(hostkey) { + Curl_sha256it(hash, (const unsigned char *) hostkey, len); + fingerprint = (char *) hash; + } +#endif - /* Before we authenticate we check the hostkey's MD5 fingerprint - * against a known fingerprint, if available. - */ - if(pubkey_md5 && strlen(pubkey_md5) == 32) { - if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) { - if(fingerprint) - failf(data, - "Denied establishing ssh session: mismatch md5 fingerprint. " - "Remote %s is not equal to %s", md5buffer, pubkey_md5); - else - failf(data, - "Denied establishing ssh session: md5 fingerprint not available"); + if(!fingerprint) { + failf(data, + "Denied establishing ssh session: sha256 fingerprint " + "not available"); + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; + } + + /* The length of fingerprint is 32 bytes for SHA256. + * See libssh2_hostkey_hash documentation. */ + if(Curl_base64_encode (data, fingerprint, 32, &fingerprint_b64, + &fingerprint_b64_len) != CURLE_OK) { + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; + } + + if(!fingerprint_b64) { + failf(data, + "sha256 fingerprint could not be encoded"); + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; + } + + infof(data, "SSH SHA256 fingerprint: %s", fingerprint_b64); + + /* Find the position of any = padding characters in the public key */ + while((pubkey_sha256[pub_pos] != '=') && pubkey_sha256[pub_pos]) { + pub_pos++; + } + + /* Find the position of any = padding characters in the base64 coded + * hostkey fingerprint */ + while((fingerprint_b64[b64_pos] != '=') && fingerprint_b64[b64_pos]) { + b64_pos++; + } + + /* Before we authenticate we check the hostkey's sha256 fingerprint + * against a known fingerprint, if available. + */ + if((pub_pos != b64_pos) || + Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) { + free(fingerprint_b64); + + failf(data, + "Denied establishing ssh session: mismatch sha256 fingerprint. " + "Remote %s is not equal to %s", fingerprint, pubkey_sha256); state(data, SSH_SESSION_FREE); sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; return sshc->actualcode; } - infof(data, "MD5 checksum match!"); + + free(fingerprint_b64); + + infof(data, "SHA256 checksum match!"); + } + + if(pubkey_md5) { + char md5buffer[33]; + const char *fingerprint = NULL; + + fingerprint = libssh2_hostkey_hash(sshc->ssh_session, + LIBSSH2_HOSTKEY_HASH_MD5); + + if(fingerprint) { + /* The fingerprint points to static storage (!), don't free() it. */ + int i; + for(i = 0; i < 16; i++) { + msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]); + } + + infof(data, "SSH MD5 fingerprint: %s", md5buffer); + } + + /* Before we authenticate we check the hostkey's MD5 fingerprint + * against a known fingerprint, if available. + */ + if(pubkey_md5 && strlen(pubkey_md5) == 32) { + if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) { + if(fingerprint) { + failf(data, + "Denied establishing ssh session: mismatch md5 fingerprint. " + "Remote %s is not equal to %s", md5buffer, pubkey_md5); + } + else { + failf(data, + "Denied establishing ssh session: md5 fingerprint " + "not available"); + } + state(data, SSH_SESSION_FREE); + sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; + return sshc->actualcode; + } + infof(data, "MD5 checksum match!"); + } + } + + if(!pubkey_md5 && !pubkey_sha256) { + return ssh_knownhost(data); + } + else { /* as we already matched, we skip the check for known hosts */ return CURLE_OK; } - return ssh_knownhost(data); } /* @@ -3610,7 +3717,7 @@ void Curl_ssh_cleanup(void) void Curl_ssh_version(char *buffer, size_t buflen) { - (void)msnprintf(buffer, buflen, "libssh2/%s", LIBSSH2_VERSION); + (void)msnprintf(buffer, buflen, "libssh2/%s", CURL_LIBSSH2_VERSION); } /* The SSH session is associated with the *CONNECTION* but the callback user diff --git a/contrib/libs/curl/lib/vssh/wolfssh.c b/contrib/libs/curl/lib/vssh/wolfssh.c index c5a90487c5..12cc59b2a2 100644 --- a/contrib/libs/curl/lib/vssh/wolfssh.c +++ b/contrib/libs/curl/lib/vssh/wolfssh.c @@ -449,7 +449,8 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) switch(sshc->state) { case SSH_INIT: state(data, SSH_S_STARTUP); - /* FALLTHROUGH */ + break; + case SSH_S_STARTUP: rc = wolfSSH_connect(sshc->ssh_session); if(rc != WS_SUCCESS) @@ -838,7 +839,8 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) break; } state(data, SSH_SFTP_READDIR); - /* FALLTHROUGH */ + break; + case SSH_SFTP_READDIR: name = wolfSSH_SFTP_LS(sshc->ssh_session, sftp_scp->path); if(!name) diff --git a/contrib/libs/curl/lib/vtls/bearssl.c b/contrib/libs/curl/lib/vtls/bearssl.c index e87649e2a7..9b772d064d 100644 --- a/contrib/libs/curl/lib/vtls/bearssl.c +++ b/contrib/libs/curl/lib/vtls/bearssl.c @@ -608,6 +608,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data, if(SSL_SET_OPTION(primary.sessionid)) { bool incache; + bool added = FALSE; void *oldsession; br_ssl_session_parameters *session; @@ -623,10 +624,11 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data, Curl_ssl_delsessionid(data, oldsession); ret = Curl_ssl_addsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, - session, 0, sockindex); + session, 0, sockindex, &added); Curl_ssl_sessionid_unlock(data); - if(ret) { + if(!added) free(session); + if(ret) { return CURLE_OUT_OF_MEMORY; } } diff --git a/contrib/libs/curl/lib/vtls/gtls.c b/contrib/libs/curl/lib/vtls/gtls.c index 1b145d8ebb..2053fd439d 100644 --- a/contrib/libs/curl/lib/vtls/gtls.c +++ b/contrib/libs/curl/lib/vtls/gtls.c @@ -404,6 +404,7 @@ gtls_connect_step1(struct Curl_easy *data, const char * const hostname = SSL_HOST_NAME(); long * const certverifyresult = &SSL_SET_OPTION_LVALUE(certverifyresult); const char *tls13support; + CURLcode result; if(connssl->state == ssl_connection_complete) /* to make us tolerant against being called more than once for the @@ -557,31 +558,25 @@ gtls_connect_step1(struct Curl_easy *data, /* Ensure +SRP comes at the *end* of all relevant strings so that it can be * removed if a run-time error indicates that SRP is not supported by this * GnuTLS version */ - switch(SSL_CONN_CONFIG(version)) { - case CURL_SSLVERSION_TLSv1_3: - if(!tls13support) { - failf(data, "This GnuTLS installation does not support TLS 1.3"); - return CURLE_SSL_CONNECT_ERROR; - } - /* FALLTHROUGH */ - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: - case CURL_SSLVERSION_TLSv1_2: { - CURLcode result = set_ssl_version_min_max(data, &prioritylist, - tls13support); - if(result) - return result; - break; - } - case CURL_SSLVERSION_SSLv2: - case CURL_SSLVERSION_SSLv3: - default: - failf(data, "GnuTLS does not support SSLv2 or SSLv3"); + + if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2 || + SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3) { + failf(data, "GnuTLS does not support SSLv2 or SSLv3"); + return CURLE_SSL_CONNECT_ERROR; + } + + if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_TLSv1_3) { + if(!tls13support) { + failf(data, "This GnuTLS installation does not support TLS 1.3"); return CURLE_SSL_CONNECT_ERROR; + } } + /* At this point we know we have a supported TLS version, so set it */ + result = set_ssl_version_min_max(data, &prioritylist, tls13support); + if(result) + return result; + #ifdef HAVE_GNUTLS_SRP /* Only add SRP to the cipher list if SRP is requested. Otherwise * GnuTLS will disable TLS 1.3 support. */ @@ -1287,6 +1282,7 @@ gtls_connect_step3(struct Curl_easy *data, if(connect_sessionid) { bool incache; + bool added = FALSE; void *ssl_sessionid; /* extract session ID to the allocated buffer */ @@ -1306,10 +1302,11 @@ gtls_connect_step3(struct Curl_easy *data, result = Curl_ssl_addsessionid(data, conn, SSL_IS_PROXY() ? TRUE : FALSE, connect_sessionid, connect_idsize, - sockindex); + sockindex, &added); Curl_ssl_sessionid_unlock(data); - if(result) { + if(!added) free(connect_sessionid); + if(result) { result = CURLE_OUT_OF_MEMORY; } } diff --git a/contrib/libs/curl/lib/vtls/mbedtls.c b/contrib/libs/curl/lib/vtls/mbedtls.c index c1b427cfb4..3b08df9662 100644 --- a/contrib/libs/curl/lib/vtls/mbedtls.c +++ b/contrib/libs/curl/lib/vtls/mbedtls.c @@ -784,6 +784,7 @@ mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn, mbedtls_ssl_session *our_ssl_sessionid; void *old_ssl_sessionid = NULL; bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE; + bool added = FALSE; our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session)); if(!our_ssl_sessionid) @@ -807,11 +808,13 @@ mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn, Curl_ssl_delsessionid(data, old_ssl_sessionid); retcode = Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid, - 0, sockindex); + 0, sockindex, &added); Curl_ssl_sessionid_unlock(data); - if(retcode) { + if(!added) { mbedtls_ssl_session_free(our_ssl_sessionid); free(our_ssl_sessionid); + } + if(retcode) { failf(data, "failed to store ssl session"); return retcode; } diff --git a/contrib/libs/curl/lib/vtls/mesalink.c b/contrib/libs/curl/lib/vtls/mesalink.c index 3db9184f79..0a1dea3ac0 100644 --- a/contrib/libs/curl/lib/vtls/mesalink.c +++ b/contrib/libs/curl/lib/vtls/mesalink.c @@ -365,7 +365,7 @@ mesalink_connect_step3(struct connectdata *conn, int sockindex) if(!incache) { result = Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid, 0, - sockindex); + sockindex, NULL); if(result) { Curl_ssl_sessionid_unlock(data); failf(data, "failed to store ssl session"); diff --git a/contrib/libs/curl/lib/vtls/nss.c b/contrib/libs/curl/lib/vtls/nss.c index cf657895f6..1897b9ab1d 100644 --- a/contrib/libs/curl/lib/vtls/nss.c +++ b/contrib/libs/curl/lib/vtls/nss.c @@ -955,7 +955,7 @@ static void display_cert_info(struct Curl_easy *data, subject = CERT_NameToAscii(&cert->subject); issuer = CERT_NameToAscii(&cert->issuer); common_name = CERT_GetCommonName(&cert->subject); - infof(data, "subject: %s\n", subject); + infof(data, "subject: %s", subject); CERT_GetCertTimes(cert, ¬Before, ¬After); PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime); @@ -2250,10 +2250,11 @@ static CURLcode nss_connect_common(struct Curl_easy *data, case CURLE_OK: break; case CURLE_AGAIN: + /* CURLE_AGAIN in non-blocking mode is not an error */ if(!blocking) - /* CURLE_AGAIN in non-blocking mode is not an error */ return CURLE_OK; - /* FALLTHROUGH */ + else + return result; default: return result; } diff --git a/contrib/libs/curl/lib/vtls/openssl.c b/contrib/libs/curl/lib/vtls/openssl.c index 87f4b02b71..a1baef9c3f 100644 --- a/contrib/libs/curl/lib/vtls/openssl.c +++ b/contrib/libs/curl/lib/vtls/openssl.c @@ -227,6 +227,10 @@ #endif #endif +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) +#define HAVE_RANDOM_INIT_BY_DEFAULT 1 +#endif + struct ssl_backend_data { struct Curl_easy *logger; /* transfer handle to pass trace logs to, only using sockindex 0 */ @@ -435,18 +439,21 @@ static bool rand_enough(void) static CURLcode ossl_seed(struct Curl_easy *data) { - char fname[256]; - /* This might get called before it has been added to a multi handle */ if(data->multi && data->multi->ssl_seeded) return CURLE_OK; if(rand_enough()) { - /* OpenSSL 1.1.0+ will return here */ + /* OpenSSL 1.1.0+ should return here */ if(data->multi) data->multi->ssl_seeded = TRUE; return CURLE_OK; } +#ifdef HAVE_RANDOM_INIT_BY_DEFAULT + /* with OpenSSL 1.1.0+, a failed RAND_status is a showstopper */ + failf(data, "Insufficient randomness"); + return CURLE_SSL_CONNECT_ERROR; +#else #ifndef RANDOM_FILE /* if RANDOM_FILE isn't defined, we only perform this if an option tells @@ -507,19 +514,23 @@ static CURLcode ossl_seed(struct Curl_easy *data) RAND_add(randb, (int)len, (double)len/2); } while(!rand_enough()); - /* generates a default path for the random seed file */ - fname[0] = 0; /* blank it first */ - RAND_file_name(fname, sizeof(fname)); - if(fname[0]) { - /* we got a file name to try */ - RAND_load_file(fname, RAND_LOAD_LENGTH); - if(rand_enough()) - return CURLE_OK; + { + /* generates a default path for the random seed file */ + char fname[256]; + fname[0] = 0; /* blank it first */ + RAND_file_name(fname, sizeof(fname)); + if(fname[0]) { + /* we got a file name to try */ + RAND_load_file(fname, RAND_LOAD_LENGTH); + if(rand_enough()) + return CURLE_OK; + } } infof(data, "libcurl is now using a weak random seed!"); return (rand_enough() ? CURLE_OK : - CURLE_SSL_CONNECT_ERROR /* confusing error code */); + CURLE_SSL_CONNECT_ERROR /* confusing error code */); +#endif } #ifndef SSL_FILETYPE_ENGINE @@ -2493,6 +2504,7 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) if(SSL_SET_OPTION(primary.sessionid)) { bool incache; + bool added = FALSE; void *old_ssl_sessionid = NULL; Curl_ssl_sessionid_lock(data); @@ -2511,9 +2523,11 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) if(!incache) { if(!Curl_ssl_addsessionid(data, conn, isproxy, ssl_sessionid, - 0 /* unknown size */, sockindex)) { - /* the session has been put into the session cache */ - res = 1; + 0 /* unknown size */, sockindex, &added)) { + if(added) { + /* the session has been put into the session cache */ + res = 1; + } } else failf(data, "failed to store ssl session"); @@ -2936,7 +2950,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, NULL, cert_name, sizeof(cert_name))) { strcpy(cert_name, "Unknown"); } - infof(data, "SSL: Checking cert %s\"\n", cert_name); + infof(data, "SSL: Checking cert \"%s\"", cert_name); #endif encoded_cert = (const unsigned char *)pContext->pbCertEncoded; @@ -3052,60 +3066,36 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, } } + if(verifypeer && !imported_native_ca && (ssl_cafile || ssl_capath)) { #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) /* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */ - { - if(ssl_cafile) { - if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) { - if(verifypeer && !imported_native_ca) { - /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate file: %s", ssl_cafile); - return CURLE_SSL_CACERT_BADFILE; - } - /* Continue with warning if certificate verification isn't required. */ - infof(data, "error setting certificate file, continuing anyway"); - } - infof(data, " CAfile: %s", ssl_cafile); + if(ssl_cafile && + !SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate file: %s", ssl_cafile); + return CURLE_SSL_CACERT_BADFILE; } - if(ssl_capath) { - if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) { - if(verifypeer && !imported_native_ca) { - /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate path: %s", ssl_capath); - return CURLE_SSL_CACERT_BADFILE; - } - /* Continue with warning if certificate verification isn't required. */ - infof(data, "error setting certificate path, continuing anyway"); - } - infof(data, " CApath: %s", ssl_capath); + if(ssl_capath && + !SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate path: %s", ssl_capath); + return CURLE_SSL_CACERT_BADFILE; } - } #else - if(ssl_cafile || ssl_capath) { - /* tell SSL where to find CA certificates that are used to verify - the server's certificate. */ + /* tell OpenSSL where to find CA certificates that are used to verify the + server's certificate. */ if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) { - if(verifypeer && !imported_native_ca) { - /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate verify locations:" - " CAfile: %s CApath: %s", - ssl_cafile ? ssl_cafile : "none", - ssl_capath ? ssl_capath : "none"); - return CURLE_SSL_CACERT_BADFILE; - } - /* Just continue with a warning if no strict certificate verification - is required. */ - infof(data, "error setting certificate verify locations," - " continuing anyway:"); - } - else { - /* Everything is fine. */ - infof(data, "successfully set certificate verify locations:"); + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", + ssl_cafile ? ssl_cafile : "none", + ssl_capath ? ssl_capath : "none"); + return CURLE_SSL_CACERT_BADFILE; } +#endif infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); } -#endif #ifdef CURL_CA_FALLBACK if(verifypeer && diff --git a/contrib/libs/curl/lib/vtls/schannel.c b/contrib/libs/curl/lib/vtls/schannel.c index 722a937c42..44c59e7796 100644 --- a/contrib/libs/curl/lib/vtls/schannel.c +++ b/contrib/libs/curl/lib/vtls/schannel.c @@ -716,8 +716,6 @@ schannel_acquire_credential_handle(struct Curl_easy *data, } BACKEND->cred->refcount = 1; - /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx - */ sspi_status = s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, @@ -1141,8 +1139,6 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(!host_name) return CURLE_OUT_OF_MEMORY; - /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx - */ sspi_status = s_pSecFn->InitializeSecurityContext( &BACKEND->cred->cred_handle, &BACKEND->ctxt->ctxt_handle, host_name, BACKEND->req_flags, 0, 0, &inbuf_desc, 0, NULL, @@ -1436,6 +1432,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, /* save the current session data for possible re-use */ if(SSL_SET_OPTION(primary.sessionid)) { bool incache; + bool added = FALSE; struct Curl_schannel_cred *old_cred = NULL; Curl_ssl_sessionid_lock(data); @@ -1453,13 +1450,13 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, if(!incache) { result = Curl_ssl_addsessionid(data, conn, isproxy, BACKEND->cred, sizeof(struct Curl_schannel_cred), - sockindex); + sockindex, &added); if(result) { Curl_ssl_sessionid_unlock(data); failf(data, "schannel: failed to store credential handle"); return result; } - else { + else if(added) { /* this cred session is now also referenced by sessionid cache */ BACKEND->cred->refcount++; DEBUGF(infof(data, @@ -1970,12 +1967,12 @@ schannel_recv(struct Curl_easy *data, int sockindex, if(sspi_status == SEC_I_RENEGOTIATE) { infof(data, "schannel: remote party requests renegotiation"); if(*err && *err != CURLE_AGAIN) { - infof(data, "schannel: can't renogotiate, an error is pending"); + infof(data, "schannel: can't renegotiate, an error is pending"); goto cleanup; } if(BACKEND->encdata_offset) { *err = CURLE_RECV_ERROR; - infof(data, "schannel: can't renogotiate, " + infof(data, "schannel: can't renegotiate, " "encrypted data available"); goto cleanup; } @@ -2124,26 +2121,23 @@ static bool schannel_data_pending(const struct connectdata *conn, return FALSE; } -static void schannel_close(struct Curl_easy *data, struct connectdata *conn, - int sockindex) -{ - if(conn->ssl[sockindex].use) - /* if the SSL/TLS channel hasn't been shut down yet, do that now. */ - Curl_ssl_shutdown(data, conn, sockindex); -} - static void schannel_session_free(void *ptr) { /* this is expected to be called under sessionid lock */ struct Curl_schannel_cred *cred = ptr; - cred->refcount--; - if(cred->refcount == 0) { - s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); - Curl_safefree(cred); + if(cred) { + cred->refcount--; + if(cred->refcount == 0) { + s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); + Curl_safefree(cred); + } } } +/* shut down the SSL connection and clean up related memory. + this function can be called multiple times on the same connection including + if the SSL connection failed (eg connection made but failed handshake). */ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, int sockindex) { @@ -2155,10 +2149,12 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, DEBUGASSERT(data); - infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu", - hostname, conn->remote_port); + if(connssl->use) { + infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu", + hostname, conn->remote_port); + } - if(BACKEND->cred && BACKEND->ctxt) { + if(connssl->use && BACKEND->cred && BACKEND->ctxt) { SecBufferDesc BuffDesc; SecBuffer Buffer; SECURITY_STATUS sspi_status; @@ -2251,6 +2247,16 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn, return CURLE_OK; } +static void schannel_close(struct Curl_easy *data, struct connectdata *conn, + int sockindex) +{ + if(conn->ssl[sockindex].use) + /* Curl_ssl_shutdown resets the socket state and calls schannel_shutdown */ + Curl_ssl_shutdown(data, conn, sockindex); + else + schannel_shutdown(data, conn, sockindex); +} + static int schannel_init(void) { return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0); diff --git a/contrib/libs/curl/lib/vtls/sectransp.c b/contrib/libs/curl/lib/vtls/sectransp.c index 1e6ed5f06d..0bf515460d 100644 --- a/contrib/libs/curl/lib/vtls/sectransp.c +++ b/contrib/libs/curl/lib/vtls/sectransp.c @@ -2109,7 +2109,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data, } result = Curl_ssl_addsessionid(data, conn, isproxy, ssl_sessionid, - ssl_sessionid_len, sockindex); + ssl_sessionid_len, sockindex, NULL); Curl_ssl_sessionid_unlock(data); if(result) { failf(data, "failed to store ssl session"); diff --git a/contrib/libs/curl/lib/vtls/vtls.c b/contrib/libs/curl/lib/vtls/vtls.c index e5bbe1f5f0..6007bbba0f 100644 --- a/contrib/libs/curl/lib/vtls/vtls.c +++ b/contrib/libs/curl/lib/vtls/vtls.c @@ -516,7 +516,8 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data, const bool isProxy, void *ssl_sessionid, size_t idsize, - int sockindex) + int sockindex, + bool *added) { size_t i; struct Curl_ssl_session *store; @@ -536,6 +537,10 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data, const char *hostname = conn->host.name; #endif (void)sockindex; + + if(added) + *added = FALSE; + if(!data->state.session) return CURLE_OK; @@ -609,6 +614,9 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } + if(added) + *added = TRUE; + DEBUGF(infof(data, "Added Session ID to cache for %s://%s:%d [%s]", store->scheme, store->name, store->remote_port, isProxy ? "PROXY" : "server")); diff --git a/contrib/libs/curl/lib/vtls/vtls.h b/contrib/libs/curl/lib/vtls/vtls.h index beaa83d9e3..c7bbba082d 100644 --- a/contrib/libs/curl/lib/vtls/vtls.h +++ b/contrib/libs/curl/lib/vtls/vtls.h @@ -261,7 +261,8 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data, const bool isProxy, void *ssl_sessionid, size_t idsize, - int sockindex); + int sockindex, + bool *added); /* Kill a single session ID entry in the cache * Sessionid mutex must be locked (see Curl_ssl_sessionid_lock). * This will call engine-specific curlssl_session_free function, which must diff --git a/contrib/libs/curl/lib/vtls/wolfssl.c b/contrib/libs/curl/lib/vtls/wolfssl.c index 617c54c2af..242f193bc0 100644 --- a/contrib/libs/curl/lib/vtls/wolfssl.c +++ b/contrib/libs/curl/lib/vtls/wolfssl.c @@ -202,6 +202,43 @@ static int do_file_type(const char *type) return -1; } +#ifdef HAVE_LIBOQS +struct group_name_map { + const word16 group; + const char *name; +}; + +static const struct group_name_map gnm[] = { + { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" }, + { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" }, + { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" }, + { WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" }, + { WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" }, + { WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" }, + { WOLFSSL_NTRU_HRSS_LEVEL3, "NTRU_HRSS_LEVEL3" }, + { WOLFSSL_SABER_LEVEL1, "SABER_LEVEL1" }, + { WOLFSSL_SABER_LEVEL3, "SABER_LEVEL3" }, + { WOLFSSL_SABER_LEVEL5, "SABER_LEVEL5" }, + { WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" }, + { WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" }, + { WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" }, + { WOLFSSL_P256_NTRU_HPS_LEVEL1, "P256_NTRU_HPS_LEVEL1" }, + { WOLFSSL_P384_NTRU_HPS_LEVEL3, "P384_NTRU_HPS_LEVEL3" }, + { WOLFSSL_P521_NTRU_HPS_LEVEL5, "P521_NTRU_HPS_LEVEL5" }, + { WOLFSSL_P384_NTRU_HRSS_LEVEL3, "P384_NTRU_HRSS_LEVEL3" }, + { WOLFSSL_P256_SABER_LEVEL1, "P256_SABER_LEVEL1" }, + { WOLFSSL_P384_SABER_LEVEL3, "P384_SABER_LEVEL3" }, + { WOLFSSL_P521_SABER_LEVEL5, "P521_SABER_LEVEL5" }, + { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" }, + { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" }, + { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" }, + { WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" }, + { WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" }, + { WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" }, + { 0, NULL } +}; +#endif + /* * This function loads all the client/CA certificates and CRLs. Setup the TLS * layer and do all necessary magic. @@ -210,11 +247,15 @@ static CURLcode wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, int sockindex) { - char *ciphers; + char *ciphers, *curves; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; SSL_METHOD* req_method = NULL; curl_socket_t sockfd = conn->sock[sockindex]; +#ifdef HAVE_LIBOQS + word16 oqsAlg = 0; + size_t idx = 0; +#endif #ifdef HAVE_SNI bool sni = FALSE; #define use_sni(x) sni = (x) @@ -327,6 +368,26 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, infof(data, "Cipher selection: %s", ciphers); } + curves = SSL_CONN_CONFIG(curves); + if(curves) { + +#ifdef HAVE_LIBOQS + for(idx = 0; gnm[idx].name != NULL; idx++) { + if(strncmp(curves, gnm[idx].name, strlen(gnm[idx].name)) == 0) { + oqsAlg = gnm[idx].group; + break; + } + } + + if(oqsAlg == 0) +#endif + { + if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) { + failf(data, "failed setting curves list: '%s'", curves); + return CURLE_SSL_CIPHER; + } + } + } #ifndef NO_FILESYSTEM /* load trusted cacert */ if(SSL_CONN_CONFIG(CAfile)) { @@ -439,6 +500,14 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, return CURLE_OUT_OF_MEMORY; } +#ifdef HAVE_LIBOQS + if(oqsAlg) { + if(wolfSSL_UseKeyShare(backend->handle, oqsAlg) != WOLFSSL_SUCCESS) { + failf(data, "unable to use oqs KEM"); + } + } +#endif + #ifdef HAVE_ALPN if(conn->bits.tls_enable_alpn) { char protocols[128]; @@ -495,7 +564,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn, /* we got a session id, use it! */ if(!SSL_set_session(backend->handle, ssl_sessionid)) { Curl_ssl_delsessionid(data, ssl_sessionid); - infof(data, "Can't use session ID, going on without\n"); + infof(data, "Can't use session ID, going on without"); } else infof(data, "SSL re-using session ID"); @@ -749,7 +818,7 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn, if(!incache) { result = Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid, - 0, sockindex); + 0, sockindex, NULL); if(result) { Curl_ssl_sessionid_unlock(data); failf(data, "failed to store ssl session"); |