diff options
| author | shadchin <shadchin@yandex-team.ru> | 2022-04-10 23:38:39 +0300 |
|---|---|---|
| committer | shadchin <shadchin@yandex-team.ru> | 2022-04-10 23:38:39 +0300 |
| commit | d0d27ff451c16dbec7fbc99206cba32803c52cc6 (patch) | |
| tree | 9ab7a06c0bb58e38fe848af1bb8623f468900ba6 /contrib/libs/curl | |
| parent | 37591f1db8ea08ea964badf4ff15f8a923271524 (diff) | |
| download | ydb-d0d27ff451c16dbec7fbc99206cba32803c52cc6.tar.gz | |
CONTRIB-2513 Update contrib/libs/curl to 7.79.1
ref:cfccba5015904b0f0cadfc018200e2a1b4d50ae6
Diffstat (limited to 'contrib/libs/curl')
76 files changed, 2965 insertions, 2612 deletions
diff --git a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report index 004356ae43..d5d9226448 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report +++ b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report @@ -42,6 +42,18 @@ BELONGS ya.make lib/curl_sha256.h [10:11] lib/sha256.c [8:9] +KEEP COPYRIGHT_SERVICE_LABEL 07b936b4d91754a9e3594aa53e39e425 +BELONGS ya.make + License text: + * Copyright (C) 2013 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> + Scancode info: + Original SPDX id: COPYRIGHT_SERVICE_LABEL + Score : 100.00 + Match type : COPYRIGHT + Files with this license: + lib/vtls/mbedtls_threadlock.c [8:9] + KEEP COPYRIGHT_SERVICE_LABEL 0adcfdb2f3aabeff35065b0b55f45563 BELONGS ya.make License text: @@ -59,7 +71,7 @@ BELONGS ya.make KEEP COPYRIGHT_SERVICE_LABEL 0bd7e5cd48a574907e3f8e5d5cfa308f BELONGS ya.make License text: - * Copyright (C) 2013 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2013 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> Scancode info: Original SPDX id: COPYRIGHT_SERVICE_LABEL @@ -149,6 +161,7 @@ BELONGS ya.make lib/hostip.h [10:10] lib/hostip4.c [8:8] lib/hostip6.c [8:8] + lib/hostsyn.c [8:8] lib/http.c [8:8] lib/http.h [10:10] lib/http2.c [8:8] @@ -199,6 +212,8 @@ BELONGS ya.make lib/smtp.c [8:8] lib/socks.c [8:8] lib/socks.h [10:10] + lib/strdup.c [8:8] + lib/strdup.h [10:10] lib/telnet.c [8:8] lib/tftp.c [8:8] lib/timeval.c [8:8] @@ -232,6 +247,7 @@ BELONGS ya.make lib/warnless.c [8:8] lib/warnless.h [10:10] lib/x509asn1.c [8:8] + lib/x509asn1.h [11:11] KEEP COPYRIGHT_SERVICE_LABEL 1b9e8d9d7c9588e9a9cbcbd17572b2e4 BELONGS ya.make @@ -541,18 +557,6 @@ BELONGS ya.make Files with this license: lib/socks_gssapi.c [8:9] -KEEP COPYRIGHT_SERVICE_LABEL 7e4a48765cad1793cccd7bb998bec514 -BELONGS ya.make - License text: - * Copyright (C) 2013 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. - * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> - Scancode info: - Original SPDX id: COPYRIGHT_SERVICE_LABEL - Score : 100.00 - Match type : COPYRIGHT - Files with this license: - lib/vtls/mbedtls_threadlock.c [8:9] - KEEP COPYRIGHT_SERVICE_LABEL 83b79d1f310aaae5890091cddeacd1f9 BELONGS ya.make License text: @@ -629,7 +633,6 @@ BELONGS ya.make lib/hash.h [10:10] lib/hmac.c [8:8] lib/hostcheck.h [10:10] - lib/hostsyn.c [8:8] lib/idn_win32.c [8:8] lib/if2ip.c [8:8] lib/if2ip.h [10:10] @@ -654,8 +657,6 @@ BELONGS ya.make lib/speedcheck.h [10:10] lib/strcase.c [8:8] lib/strcase.h [10:10] - lib/strdup.c [8:8] - lib/strdup.h [10:10] lib/strerror.h [10:10] lib/strtok.c [8:8] lib/strtok.h [10:10] @@ -996,8 +997,8 @@ BELONGS ya.make Score : 100.00 Match type : COPYRIGHT Files with this license: - lib/md4.c [213:218] - lib/md5.c [204:209] + lib/md4.c [217:222] + lib/md5.c [205:210] KEEP COPYRIGHT_SERVICE_LABEL f5681c9f9526985592061799304792ee BELONGS ya.make diff --git a/contrib/libs/curl/.yandex_meta/devtools.licenses.report b/contrib/libs/curl/.yandex_meta/devtools.licenses.report index 7b639ba46f..d695db4a5a 100644 --- a/contrib/libs/curl/.yandex_meta/devtools.licenses.report +++ b/contrib/libs/curl/.yandex_meta/devtools.licenses.report @@ -38,14 +38,14 @@ BELONGS ya.make Match type : NOTICE Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/md5.c [199:216] + lib/md5.c [200:217] Scancode info: Original SPDX id: LicenseRef-scancode-other-permissive Score : 98.04 Match type : NOTICE Links : https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/other-permissive.LICENSE Files with this license: - lib/md5.c [199:216] + lib/md5.c [200:217] KEEP Public-Domain 18ed429b519e9abeeb3f768979574386 BELONGS ya.make @@ -56,14 +56,14 @@ BELONGS ya.make Match type : NOTICE Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/md4.c [208:225] + lib/md4.c [212:229] Scancode info: Original SPDX id: LicenseRef-scancode-other-permissive Score : 97.06 Match type : NOTICE Links : https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/other-permissive.LICENSE Files with this license: - lib/md4.c [208:225] + lib/md4.c [212:229] KEEP curl 22ab1475a8e38f13b0b81e2e769b5d69 BELONGS ya.make @@ -100,7 +100,7 @@ BELONGS ya.make KEEP curl a3ae8291721a79f582bf5823c43adb47 BELONGS ya.make -FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/curl/curl.h at line 18, include/curl/curlver.h at line 12, include/curl/curlver.h at line 18, include/curl/easy.h at line 12, include/curl/easy.h at line 18, include/curl/mprintf.h at line 12, include/curl/mprintf.h at line 18, include/curl/multi.h at line 12, include/curl/multi.h at line 18, include/curl/options.h at line 12, include/curl/options.h at line 18, include/curl/stdcheaders.h at line 12, include/curl/stdcheaders.h at line 18, include/curl/system.h at line 12, include/curl/system.h at line 18, include/curl/typecheck-gcc.h at line 12, include/curl/typecheck-gcc.h at line 18, include/curl/urlapi.h at line 12, include/curl/urlapi.h at line 18, lib/altsvc.c at line 10, lib/altsvc.c at line 16, lib/altsvc.h at line 12, lib/altsvc.h at line 18, lib/amigaos.c at line 10, lib/amigaos.c at line 16, lib/amigaos.h at line 12, lib/amigaos.h at line 18, lib/arpa_telnet.h at line 12, lib/arpa_telnet.h at line 18, lib/asyn-ares.c at line 10, lib/asyn-ares.c at line 16, lib/asyn-thread.c at line 10, lib/asyn-thread.c at line 16, lib/asyn.h at line 12, lib/asyn.h at line 18, lib/base64.c at line 10, lib/base64.c at line 16, lib/bufref.c at line 10, lib/bufref.c at line 16, lib/bufref.h at line 12, lib/bufref.h at line 18, lib/conncache.c at line 11, lib/conncache.c at line 17, lib/conncache.h at line 13, lib/conncache.h at line 19, lib/connect.c at line 10, lib/connect.c at line 16, lib/connect.h at line 12, lib/connect.h at line 18, lib/content_encoding.c at line 10, lib/content_encoding.c at line 16, lib/content_encoding.h at line 12, lib/content_encoding.h at line 18, lib/cookie.c at line 10, lib/cookie.c at line 16, lib/cookie.h at line 12, lib/cookie.h at line 18, lib/curl_addrinfo.c at line 10, lib/curl_addrinfo.c at line 16, lib/curl_addrinfo.h at line 12, lib/curl_addrinfo.h at line 18, lib/curl_base64.h at line 12, lib/curl_base64.h at line 18, lib/curl_ctype.c at line 10, lib/curl_ctype.c at line 16, lib/curl_ctype.h at line 12, lib/curl_ctype.h at line 18, lib/curl_des.c at line 10, lib/curl_des.c at line 16, lib/curl_des.h at line 12, lib/curl_des.h at line 18, lib/curl_endian.c at line 10, lib/curl_endian.c at line 16, lib/curl_endian.h at line 12, lib/curl_endian.h at line 18, lib/curl_fnmatch.c at line 10, lib/curl_fnmatch.c at line 16, lib/curl_fnmatch.h at line 12, lib/curl_fnmatch.h at line 18, lib/curl_get_line.c at line 10, lib/curl_get_line.c at line 16, lib/curl_get_line.h at line 12, lib/curl_get_line.h at line 18, lib/curl_gethostname.c at line 10, lib/curl_gethostname.c at line 16, lib/curl_gethostname.h at line 12, lib/curl_gethostname.h at line 18, lib/curl_gssapi.c at line 10, lib/curl_gssapi.c at line 16, lib/curl_hmac.h at line 12, lib/curl_hmac.h at line 18, lib/curl_krb5.h at line 12, lib/curl_krb5.h at line 18, lib/curl_ldap.h at line 12, lib/curl_ldap.h at line 18, lib/curl_md4.h at line 12, lib/curl_md4.h at line 18, lib/curl_md5.h at line 12, lib/curl_md5.h at line 18, lib/curl_memory.h at line 12, lib/curl_memory.h at line 18, lib/curl_memrchr.c at line 10, lib/curl_memrchr.c at line 16, lib/curl_memrchr.h at line 12, lib/curl_memrchr.h at line 18, lib/curl_multibyte.c at line 10, lib/curl_multibyte.c at line 16, lib/curl_multibyte.h at line 12, lib/curl_multibyte.h at line 18, lib/curl_ntlm_core.c at line 10, lib/curl_ntlm_core.c at line 16, lib/curl_ntlm_core.h at line 12, lib/curl_ntlm_core.h at line 18, lib/curl_ntlm_wb.c at line 10, lib/curl_ntlm_wb.c at line 16, lib/curl_ntlm_wb.h at line 12, lib/curl_ntlm_wb.h at line 18, lib/curl_path.c at line 10, lib/curl_path.c at line 16, lib/curl_printf.h at line 12, lib/curl_printf.h at line 18, lib/curl_range.c at line 10, lib/curl_range.c at line 16, lib/curl_range.h at line 12, lib/curl_range.h at line 18, lib/curl_rtmp.c at line 11, lib/curl_rtmp.c at line 17, lib/curl_rtmp.h at line 12, lib/curl_rtmp.h at line 18, lib/curl_sasl.c at line 10, lib/curl_sasl.c at line 16, lib/curl_sasl.h at line 12, lib/curl_sasl.h at line 18, lib/curl_setup.h at line 12, lib/curl_setup.h at line 18, lib/curl_setup_once.h at line 12, lib/curl_setup_once.h at line 18, lib/curl_sha256.h at line 13, lib/curl_sha256.h at line 19, lib/curl_sspi.c at line 10, lib/curl_sspi.c at line 16, lib/curl_sspi.h at line 12, lib/curl_sspi.h at line 18, lib/curl_threads.c at line 10, lib/curl_threads.c at line 16, lib/curl_threads.h at line 12, lib/curl_threads.h at line 18, lib/curlx.h at line 12, lib/curlx.h at line 18, lib/dict.c at line 10, lib/dict.c at line 16, lib/dict.h at line 12, lib/dict.h at line 18, lib/doh.c at line 10, lib/doh.c at line 16, lib/doh.h at line 12, lib/doh.h at line 18, lib/dotdot.c at line 10, lib/dotdot.c at line 16, lib/dotdot.h at line 12, lib/dotdot.h at line 18, lib/dynbuf.c at line 10, lib/dynbuf.c at line 16, lib/dynbuf.h at line 12, lib/dynbuf.h at line 18, lib/easy.c at line 10, lib/easy.c at line 16, lib/easygetopt.c at line 10, lib/easygetopt.c at line 16, lib/easyif.h at line 12, lib/easyif.h at line 18, lib/easyoptions.c at line 10, lib/easyoptions.c at line 16, lib/easyoptions.h at line 12, lib/easyoptions.h at line 18, lib/escape.c at line 10, lib/escape.c at line 16, lib/escape.h at line 12, lib/escape.h at line 18, lib/file.c at line 10, lib/file.c at line 16, lib/file.h at line 12, lib/file.h at line 18, lib/fileinfo.c at line 10, lib/fileinfo.c at line 16, lib/fileinfo.h at line 12, lib/fileinfo.h at line 18, lib/formdata.c at line 10, lib/formdata.c at line 16, lib/formdata.h at line 12, lib/formdata.h at line 18, lib/ftp.c at line 10, lib/ftp.c at line 16, lib/ftp.h at line 12, lib/ftp.h at line 18, lib/ftplistparser.c at line 10, lib/ftplistparser.c at line 16, lib/ftplistparser.h at line 12, lib/ftplistparser.h at line 18, lib/getenv.c at line 10, lib/getenv.c at line 16, lib/getinfo.c at line 10, lib/getinfo.c at line 16, lib/getinfo.h at line 12, lib/getinfo.h at line 18, lib/gopher.c at line 10, lib/gopher.c at line 16, lib/gopher.h at line 12, lib/gopher.h at line 18, lib/hash.c at line 10, lib/hash.c at line 16, lib/hash.h at line 12, lib/hash.h at line 18, lib/hmac.c at line 10, lib/hmac.c at line 16, lib/hostasyn.c at line 10, lib/hostasyn.c at line 16, lib/hostcheck.c at line 10, lib/hostcheck.c at line 16, lib/hostcheck.h at line 12, lib/hostcheck.h at line 18, lib/hostip.c at line 10, lib/hostip.c at line 16, lib/hostip.h at line 12, lib/hostip.h at line 18, lib/hostip4.c at line 10, lib/hostip4.c at line 16, lib/hostip6.c at line 10, lib/hostip6.c at line 16, lib/hostsyn.c at line 10, lib/hostsyn.c at line 16, lib/hsts.c at line 10, lib/hsts.c at line 16, lib/hsts.h at line 12, lib/hsts.h at line 18, lib/http.c at line 10, lib/http.c at line 16, lib/http.h at line 12, lib/http.h at line 18, lib/http2.c at line 10, lib/http2.c at line 16, lib/http2.h at line 12, lib/http2.h at line 18, lib/http_chunks.c at line 10, lib/http_chunks.c at line 16, lib/http_chunks.h at line 12, lib/http_chunks.h at line 18, lib/http_digest.c at line 10, lib/http_digest.c at line 16, lib/http_digest.h at line 12, lib/http_digest.h at line 18, lib/http_negotiate.c at line 10, lib/http_negotiate.c at line 16, lib/http_negotiate.h at line 12, lib/http_negotiate.h at line 18, lib/http_ntlm.c at line 10, lib/http_ntlm.c at line 16, lib/http_ntlm.h at line 12, lib/http_ntlm.h at line 18, lib/http_proxy.c at line 10, lib/http_proxy.c at line 16, lib/http_proxy.h at line 12, lib/http_proxy.h at line 18, lib/idn_win32.c at line 10, lib/idn_win32.c at line 16, lib/if2ip.c at line 10, lib/if2ip.c at line 16, lib/if2ip.h at line 12, lib/if2ip.h at line 18, lib/imap.c at line 10, lib/imap.c at line 16, lib/imap.h at line 12, lib/imap.h at line 18, lib/inet_ntop.h at line 12, lib/inet_ntop.h at line 18, lib/inet_pton.h at line 12, lib/inet_pton.h at line 18, lib/ldap.c at line 10, lib/ldap.c at line 16, lib/llist.c at line 10, lib/llist.c at line 16, lib/llist.h at line 12, lib/llist.h at line 18, lib/md4.c at line 10, lib/md4.c at line 16, lib/md5.c at line 10, lib/md5.c at line 16, lib/memdebug.c at line 10, lib/memdebug.c at line 16, lib/memdebug.h at line 13, lib/memdebug.h at line 19, lib/mime.c at line 10, lib/mime.c at line 16, lib/mime.h at line 12, lib/mime.h at line 18, lib/mprintf.c at line 10, lib/mprintf.c at line 16, lib/mqtt.c at line 11, lib/mqtt.c at line 17, lib/mqtt.h at line 12, lib/mqtt.h at line 18, lib/multi.c at line 10, lib/multi.c at line 16, lib/multihandle.h at line 12, lib/multihandle.h at line 18, lib/multiif.h at line 12, lib/multiif.h at line 18, lib/netrc.c at line 10, lib/netrc.c at line 16, lib/netrc.h at line 12, lib/netrc.h at line 18, lib/non-ascii.c at line 10, lib/non-ascii.c at line 16, lib/non-ascii.h at line 12, lib/non-ascii.h at line 18, lib/nonblock.c at line 10, lib/nonblock.c at line 16, lib/nonblock.h at line 12, lib/nonblock.h at line 18, lib/openldap.c at line 11, lib/openldap.c at line 17, lib/parsedate.c at line 10, lib/parsedate.c at line 16, lib/parsedate.h at line 12, lib/parsedate.h at line 18, lib/pingpong.c at line 10, lib/pingpong.c at line 16, lib/pingpong.h at line 12, lib/pingpong.h at line 18, lib/pop3.c at line 10, lib/pop3.c at line 16, lib/pop3.h at line 12, lib/pop3.h at line 18, lib/progress.c at line 10, lib/progress.c at line 16, lib/progress.h at line 12, lib/progress.h at line 18, lib/psl.c at line 10, lib/psl.c at line 16, lib/psl.h at line 12, lib/psl.h at line 18, lib/quic.h at line 12, lib/quic.h at line 18, lib/rand.c at line 10, lib/rand.c at line 16, lib/rand.h at line 12, lib/rand.h at line 18, lib/rename.c at line 10, lib/rename.c at line 16, lib/rename.h at line 12, lib/rename.h at line 18, lib/rtsp.c at line 10, lib/rtsp.c at line 16, lib/rtsp.h at line 12, lib/rtsp.h at line 18, lib/select.c at line 10, lib/select.c at line 16, lib/select.h at line 12, lib/select.h at line 18, lib/sendf.c at line 10, lib/sendf.c at line 16, lib/sendf.h at line 12, lib/sendf.h at line 18, lib/setopt.c at line 10, lib/setopt.c at line 16, lib/setopt.h at line 12, lib/setopt.h at line 18, lib/setup-win32.h at line 12, lib/setup-win32.h at line 18, lib/sha256.c at line 11, lib/sha256.c at line 17, lib/share.c at line 10, lib/share.c at line 16, lib/share.h at line 12, lib/share.h at line 18, lib/sigpipe.h at line 12, lib/sigpipe.h at line 18, lib/slist.c at line 10, lib/slist.c at line 16, lib/slist.h at line 12, lib/slist.h at line 18, lib/smb.c at line 11, lib/smb.c at line 17, lib/smb.h at line 13, lib/smb.h at line 19, lib/smtp.c at line 10, lib/smtp.c at line 16, lib/smtp.h at line 12, lib/smtp.h at line 18, lib/sockaddr.h at line 12, lib/sockaddr.h at line 18, lib/socketpair.c at line 10, lib/socketpair.c at line 16, lib/socketpair.h at line 12, lib/socketpair.h at line 18, lib/socks.c at line 10, lib/socks.c at line 16, lib/socks.h at line 12, lib/socks.h at line 18, lib/socks_gssapi.c at line 11, lib/socks_gssapi.c at line 17, lib/socks_sspi.c at line 11, lib/socks_sspi.c at line 17, lib/speedcheck.c at line 10, lib/speedcheck.c at line 16, lib/speedcheck.h at line 12, lib/speedcheck.h at line 18, lib/splay.c at line 10, lib/splay.c at line 16, lib/splay.h at line 12, lib/splay.h at line 18, lib/strcase.c at line 10, lib/strcase.c at line 16, lib/strcase.h at line 12, lib/strcase.h at line 18, lib/strdup.c at line 10, lib/strdup.c at line 16, lib/strdup.h at line 12, lib/strdup.h at line 18, lib/strerror.c at line 10, lib/strerror.c at line 16, lib/strerror.h at line 12, lib/strerror.h at line 18, lib/strtok.c at line 10, lib/strtok.c at line 16, lib/strtok.h at line 12, lib/strtok.h at line 18, lib/strtoofft.c at line 10, lib/strtoofft.c at line 16, lib/strtoofft.h at line 12, lib/strtoofft.h at line 18, lib/system_win32.c at line 10, lib/system_win32.c at line 16, lib/system_win32.h at line 12, lib/system_win32.h at line 18, lib/telnet.c at line 10, lib/telnet.c at line 16, lib/telnet.h at line 12, lib/telnet.h at line 18, lib/tftp.c at line 10, lib/tftp.c at line 16, lib/tftp.h at line 12, lib/tftp.h at line 18, lib/timeval.c at line 10, lib/timeval.c at line 16, lib/timeval.h at line 12, lib/timeval.h at line 18, lib/transfer.c at line 10, lib/transfer.c at line 16, lib/transfer.h at line 12, lib/transfer.h at line 18, lib/url.c at line 10, lib/url.c at line 16, lib/url.h at line 12, lib/url.h at line 18, lib/urlapi-int.h at line 12, lib/urlapi-int.h at line 18, lib/urlapi.c at line 10, lib/urlapi.c at line 16, lib/urldata.h at line 12, lib/urldata.h at line 18, lib/vauth/cleartext.c at line 10, lib/vauth/cleartext.c at line 16, lib/vauth/cram.c at line 10, lib/vauth/cram.c at line 16, lib/vauth/digest.c at line 10, lib/vauth/digest.c at line 16, lib/vauth/digest.h at line 12, lib/vauth/digest.h at line 18, lib/vauth/digest_sspi.c at line 11, lib/vauth/digest_sspi.c at line 17, lib/vauth/gsasl.c at line 10, lib/vauth/gsasl.c at line 16, lib/vauth/krb5_gssapi.c at line 11, lib/vauth/krb5_gssapi.c at line 17, lib/vauth/krb5_sspi.c at line 10, lib/vauth/krb5_sspi.c at line 16, lib/vauth/ntlm.c at line 10, lib/vauth/ntlm.c at line 16, lib/vauth/ntlm.h at line 12, lib/vauth/ntlm.h at line 18, lib/vauth/ntlm_sspi.c at line 10, lib/vauth/ntlm_sspi.c at line 16, lib/vauth/oauth2.c at line 10, lib/vauth/oauth2.c at line 16, lib/vauth/spnego_gssapi.c at line 10, lib/vauth/spnego_gssapi.c at line 16, lib/vauth/spnego_sspi.c at line 10, lib/vauth/spnego_sspi.c at line 16, lib/vauth/vauth.c at line 10, lib/vauth/vauth.c at line 16, lib/vauth/vauth.h at line 12, lib/vauth/vauth.h at line 18, lib/version.c at line 10, lib/version.c at line 16, lib/version_win32.c at line 10, lib/version_win32.c at line 16, lib/version_win32.h at line 12, lib/version_win32.h at line 18, lib/vquic/ngtcp2.c at line 10, lib/vquic/ngtcp2.c at line 16, lib/vquic/quiche.c at line 10, lib/vquic/quiche.c at line 16, lib/vquic/vquic.c at line 10, lib/vquic/vquic.c at line 16, lib/vssh/libssh.c at line 13, lib/vssh/libssh.c at line 19, lib/vssh/libssh2.c at line 10, lib/vssh/libssh2.c at line 16, lib/vssh/ssh.h at line 12, lib/vssh/ssh.h at line 18, lib/vssh/wolfssh.c at line 10, lib/vssh/wolfssh.c at line 16, lib/vtls/bearssl.c at line 10, lib/vtls/bearssl.c at line 16, lib/vtls/bearssl.h at line 12, lib/vtls/bearssl.h at line 18, lib/vtls/gskit.c at line 10, lib/vtls/gskit.c at line 16, lib/vtls/gskit.h at line 12, lib/vtls/gskit.h at line 18, lib/vtls/gtls.c at line 10, lib/vtls/gtls.c at line 16, lib/vtls/gtls.h at line 12, lib/vtls/gtls.h at line 18, lib/vtls/keylog.c at line 10, lib/vtls/keylog.c at line 16, lib/vtls/keylog.h at line 12, lib/vtls/keylog.h at line 18, lib/vtls/mbedtls.c at line 11, lib/vtls/mbedtls.c at line 17, lib/vtls/mbedtls.h at line 13, lib/vtls/mbedtls.h at line 19, lib/vtls/mbedtls_threadlock.c at line 11, lib/vtls/mbedtls_threadlock.c at line 17, lib/vtls/mesalink.c at line 11, lib/vtls/mesalink.c at line 17, lib/vtls/mesalink.h at line 13, lib/vtls/mesalink.h at line 19, lib/vtls/nss.c at line 10, lib/vtls/nss.c at line 16, lib/vtls/nssg.h at line 12, lib/vtls/nssg.h at line 18, lib/vtls/openssl.c at line 10, lib/vtls/openssl.c at line 16, lib/vtls/openssl.h at line 12, lib/vtls/openssl.h at line 18, lib/vtls/rustls.c at line 11, lib/vtls/rustls.c at line 17, lib/vtls/rustls.h at line 11, lib/vtls/rustls.h at line 17, lib/vtls/schannel.c at line 12, lib/vtls/schannel.c at line 18, lib/vtls/schannel.h at line 13, lib/vtls/schannel.h at line 19, lib/vtls/schannel_verify.c at line 12, lib/vtls/schannel_verify.c at line 18, lib/vtls/sectransp.c at line 11, lib/vtls/sectransp.c at line 17, lib/vtls/sectransp.h at line 13, lib/vtls/sectransp.h at line 19, lib/vtls/vtls.c at line 10, lib/vtls/vtls.c at line 16, lib/vtls/vtls.h at line 12, lib/vtls/vtls.h at line 18, lib/vtls/wolfssl.c at line 10, lib/vtls/wolfssl.c at line 16, lib/vtls/wolfssl.h at line 12, lib/vtls/wolfssl.h at line 18, lib/warnless.c at line 10, lib/warnless.c at line 16, lib/warnless.h at line 12, lib/warnless.h at line 18, lib/wildcard.c at line 10, lib/wildcard.c at line 16, lib/wildcard.h at line 12, lib/wildcard.h at line 18, lib/x509asn1.c at line 10, lib/x509asn1.c at line 16 +FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/curl/curl.h at line 18, include/curl/curlver.h at line 12, include/curl/curlver.h at line 18, include/curl/easy.h at line 12, include/curl/easy.h at line 18, include/curl/mprintf.h at line 12, include/curl/mprintf.h at line 18, include/curl/multi.h at line 12, include/curl/multi.h at line 18, include/curl/options.h at line 12, include/curl/options.h at line 18, include/curl/stdcheaders.h at line 12, include/curl/stdcheaders.h at line 18, include/curl/system.h at line 12, include/curl/system.h at line 18, include/curl/typecheck-gcc.h at line 12, include/curl/typecheck-gcc.h at line 18, include/curl/urlapi.h at line 12, include/curl/urlapi.h at line 18, lib/altsvc.c at line 10, lib/altsvc.c at line 16, lib/altsvc.h at line 12, lib/altsvc.h at line 18, lib/amigaos.c at line 10, lib/amigaos.c at line 16, lib/amigaos.h at line 12, lib/amigaos.h at line 18, lib/arpa_telnet.h at line 12, lib/arpa_telnet.h at line 18, lib/asyn-ares.c at line 10, lib/asyn-ares.c at line 16, lib/asyn-thread.c at line 10, lib/asyn-thread.c at line 16, lib/asyn.h at line 12, lib/asyn.h at line 18, lib/base64.c at line 10, lib/base64.c at line 16, lib/bufref.c at line 10, lib/bufref.c at line 16, lib/bufref.h at line 12, lib/bufref.h at line 18, lib/conncache.c at line 11, lib/conncache.c at line 17, lib/conncache.h at line 13, lib/conncache.h at line 19, lib/connect.c at line 10, lib/connect.c at line 16, lib/connect.h at line 12, lib/connect.h at line 18, lib/content_encoding.c at line 10, lib/content_encoding.c at line 16, lib/content_encoding.h at line 12, lib/content_encoding.h at line 18, lib/cookie.c at line 10, lib/cookie.c at line 16, lib/cookie.h at line 12, lib/cookie.h at line 18, lib/curl_addrinfo.c at line 10, lib/curl_addrinfo.c at line 16, lib/curl_addrinfo.h at line 12, lib/curl_addrinfo.h at line 18, lib/curl_base64.h at line 12, lib/curl_base64.h at line 18, lib/curl_ctype.c at line 10, lib/curl_ctype.c at line 16, lib/curl_ctype.h at line 12, lib/curl_ctype.h at line 18, lib/curl_des.c at line 10, lib/curl_des.c at line 16, lib/curl_des.h at line 12, lib/curl_des.h at line 18, lib/curl_endian.c at line 10, lib/curl_endian.c at line 16, lib/curl_endian.h at line 12, lib/curl_endian.h at line 18, lib/curl_fnmatch.c at line 10, lib/curl_fnmatch.c at line 16, lib/curl_fnmatch.h at line 12, lib/curl_fnmatch.h at line 18, lib/curl_get_line.c at line 10, lib/curl_get_line.c at line 16, lib/curl_get_line.h at line 12, lib/curl_get_line.h at line 18, lib/curl_gethostname.c at line 10, lib/curl_gethostname.c at line 16, lib/curl_gethostname.h at line 12, lib/curl_gethostname.h at line 18, lib/curl_gssapi.c at line 10, lib/curl_gssapi.c at line 16, lib/curl_hmac.h at line 12, lib/curl_hmac.h at line 18, lib/curl_krb5.h at line 12, lib/curl_krb5.h at line 18, lib/curl_ldap.h at line 12, lib/curl_ldap.h at line 18, lib/curl_md4.h at line 12, lib/curl_md4.h at line 18, lib/curl_md5.h at line 12, lib/curl_md5.h at line 18, lib/curl_memory.h at line 12, lib/curl_memory.h at line 18, lib/curl_memrchr.c at line 10, lib/curl_memrchr.c at line 16, lib/curl_memrchr.h at line 12, lib/curl_memrchr.h at line 18, lib/curl_multibyte.c at line 10, lib/curl_multibyte.c at line 16, lib/curl_multibyte.h at line 12, lib/curl_multibyte.h at line 18, lib/curl_ntlm_core.c at line 10, lib/curl_ntlm_core.c at line 16, lib/curl_ntlm_core.h at line 12, lib/curl_ntlm_core.h at line 18, lib/curl_ntlm_wb.c at line 10, lib/curl_ntlm_wb.c at line 16, lib/curl_ntlm_wb.h at line 12, lib/curl_ntlm_wb.h at line 18, lib/curl_path.c at line 10, lib/curl_path.c at line 16, lib/curl_printf.h at line 12, lib/curl_printf.h at line 18, lib/curl_range.c at line 10, lib/curl_range.c at line 16, lib/curl_range.h at line 12, lib/curl_range.h at line 18, lib/curl_rtmp.c at line 11, lib/curl_rtmp.c at line 17, lib/curl_rtmp.h at line 12, lib/curl_rtmp.h at line 18, lib/curl_sasl.c at line 10, lib/curl_sasl.c at line 16, lib/curl_sasl.h at line 12, lib/curl_sasl.h at line 18, lib/curl_setup.h at line 12, lib/curl_setup.h at line 18, lib/curl_setup_once.h at line 12, lib/curl_setup_once.h at line 18, lib/curl_sha256.h at line 13, lib/curl_sha256.h at line 19, lib/curl_sspi.c at line 10, lib/curl_sspi.c at line 16, lib/curl_sspi.h at line 12, lib/curl_sspi.h at line 18, lib/curl_threads.c at line 10, lib/curl_threads.c at line 16, lib/curl_threads.h at line 12, lib/curl_threads.h at line 18, lib/curlx.h at line 12, lib/curlx.h at line 18, lib/dict.c at line 10, lib/dict.c at line 16, lib/dict.h at line 12, lib/dict.h at line 18, lib/doh.c at line 10, lib/doh.c at line 16, lib/doh.h at line 12, lib/doh.h at line 18, lib/dotdot.c at line 10, lib/dotdot.c at line 16, lib/dotdot.h at line 12, lib/dotdot.h at line 18, lib/dynbuf.c at line 10, lib/dynbuf.c at line 16, lib/dynbuf.h at line 12, lib/dynbuf.h at line 18, lib/easy.c at line 10, lib/easy.c at line 16, lib/easygetopt.c at line 10, lib/easygetopt.c at line 16, lib/easyif.h at line 12, lib/easyif.h at line 18, lib/easyoptions.c at line 10, lib/easyoptions.c at line 16, lib/easyoptions.h at line 12, lib/easyoptions.h at line 18, lib/escape.c at line 10, lib/escape.c at line 16, lib/escape.h at line 12, lib/escape.h at line 18, lib/file.c at line 10, lib/file.c at line 16, lib/file.h at line 12, lib/file.h at line 18, lib/fileinfo.c at line 10, lib/fileinfo.c at line 16, lib/fileinfo.h at line 12, lib/fileinfo.h at line 18, lib/formdata.c at line 10, lib/formdata.c at line 16, lib/formdata.h at line 12, lib/formdata.h at line 18, lib/ftp.c at line 10, lib/ftp.c at line 16, lib/ftp.h at line 12, lib/ftp.h at line 18, lib/ftplistparser.c at line 10, lib/ftplistparser.c at line 16, lib/ftplistparser.h at line 12, lib/ftplistparser.h at line 18, lib/getenv.c at line 10, lib/getenv.c at line 16, lib/getinfo.c at line 10, lib/getinfo.c at line 16, lib/getinfo.h at line 12, lib/getinfo.h at line 18, lib/gopher.c at line 10, lib/gopher.c at line 16, lib/gopher.h at line 12, lib/gopher.h at line 18, lib/hash.c at line 10, lib/hash.c at line 16, lib/hash.h at line 12, lib/hash.h at line 18, lib/hmac.c at line 10, lib/hmac.c at line 16, lib/hostasyn.c at line 10, lib/hostasyn.c at line 16, lib/hostcheck.c at line 10, lib/hostcheck.c at line 16, lib/hostcheck.h at line 12, lib/hostcheck.h at line 18, lib/hostip.c at line 10, lib/hostip.c at line 16, lib/hostip.h at line 12, lib/hostip.h at line 18, lib/hostip4.c at line 10, lib/hostip4.c at line 16, lib/hostip6.c at line 10, lib/hostip6.c at line 16, lib/hostsyn.c at line 10, lib/hostsyn.c at line 16, lib/hsts.c at line 10, lib/hsts.c at line 16, lib/hsts.h at line 12, lib/hsts.h at line 18, lib/http.c at line 10, lib/http.c at line 16, lib/http.h at line 12, lib/http.h at line 18, lib/http2.c at line 10, lib/http2.c at line 16, lib/http2.h at line 12, lib/http2.h at line 18, lib/http_chunks.c at line 10, lib/http_chunks.c at line 16, lib/http_chunks.h at line 12, lib/http_chunks.h at line 18, lib/http_digest.c at line 10, lib/http_digest.c at line 16, lib/http_digest.h at line 12, lib/http_digest.h at line 18, lib/http_negotiate.c at line 10, lib/http_negotiate.c at line 16, lib/http_negotiate.h at line 12, lib/http_negotiate.h at line 18, lib/http_ntlm.c at line 10, lib/http_ntlm.c at line 16, lib/http_ntlm.h at line 12, lib/http_ntlm.h at line 18, lib/http_proxy.c at line 10, lib/http_proxy.c at line 16, lib/http_proxy.h at line 12, lib/http_proxy.h at line 18, lib/idn_win32.c at line 10, lib/idn_win32.c at line 16, lib/if2ip.c at line 10, lib/if2ip.c at line 16, lib/if2ip.h at line 12, lib/if2ip.h at line 18, lib/imap.c at line 10, lib/imap.c at line 16, lib/imap.h at line 12, lib/imap.h at line 18, lib/inet_ntop.h at line 12, lib/inet_ntop.h at line 18, lib/inet_pton.h at line 12, lib/inet_pton.h at line 18, lib/ldap.c at line 10, lib/ldap.c at line 16, lib/llist.c at line 10, lib/llist.c at line 16, lib/llist.h at line 12, lib/llist.h at line 18, lib/md4.c at line 10, lib/md4.c at line 16, lib/md5.c at line 10, lib/md5.c at line 16, lib/memdebug.c at line 10, lib/memdebug.c at line 16, lib/memdebug.h at line 13, lib/memdebug.h at line 19, lib/mime.c at line 10, lib/mime.c at line 16, lib/mime.h at line 12, lib/mime.h at line 18, lib/mprintf.c at line 10, lib/mprintf.c at line 16, lib/mqtt.c at line 11, lib/mqtt.c at line 17, lib/mqtt.h at line 12, lib/mqtt.h at line 18, lib/multi.c at line 10, lib/multi.c at line 16, lib/multihandle.h at line 12, lib/multihandle.h at line 18, lib/multiif.h at line 12, lib/multiif.h at line 18, lib/netrc.c at line 10, lib/netrc.c at line 16, lib/netrc.h at line 12, lib/netrc.h at line 18, lib/non-ascii.c at line 10, lib/non-ascii.c at line 16, lib/non-ascii.h at line 12, lib/non-ascii.h at line 18, lib/nonblock.c at line 10, lib/nonblock.c at line 16, lib/nonblock.h at line 12, lib/nonblock.h at line 18, lib/openldap.c at line 11, lib/openldap.c at line 17, lib/parsedate.c at line 10, lib/parsedate.c at line 16, lib/parsedate.h at line 12, lib/parsedate.h at line 18, lib/pingpong.c at line 10, lib/pingpong.c at line 16, lib/pingpong.h at line 12, lib/pingpong.h at line 18, lib/pop3.c at line 10, lib/pop3.c at line 16, lib/pop3.h at line 12, lib/pop3.h at line 18, lib/progress.c at line 10, lib/progress.c at line 16, lib/progress.h at line 12, lib/progress.h at line 18, lib/psl.c at line 10, lib/psl.c at line 16, lib/psl.h at line 12, lib/psl.h at line 18, lib/quic.h at line 12, lib/quic.h at line 18, lib/rand.c at line 10, lib/rand.c at line 16, lib/rand.h at line 12, lib/rand.h at line 18, lib/rename.c at line 10, lib/rename.c at line 16, lib/rename.h at line 12, lib/rename.h at line 18, lib/rtsp.c at line 10, lib/rtsp.c at line 16, lib/rtsp.h at line 12, lib/rtsp.h at line 18, lib/select.c at line 10, lib/select.c at line 16, lib/select.h at line 12, lib/select.h at line 18, lib/sendf.c at line 10, lib/sendf.c at line 16, lib/sendf.h at line 12, lib/sendf.h at line 18, lib/setopt.c at line 10, lib/setopt.c at line 16, lib/setopt.h at line 12, lib/setopt.h at line 18, lib/setup-win32.h at line 12, lib/setup-win32.h at line 18, lib/sha256.c at line 11, lib/sha256.c at line 17, lib/share.c at line 10, lib/share.c at line 16, lib/share.h at line 12, lib/share.h at line 18, lib/sigpipe.h at line 12, lib/sigpipe.h at line 18, lib/slist.c at line 10, lib/slist.c at line 16, lib/slist.h at line 12, lib/slist.h at line 18, lib/smb.c at line 11, lib/smb.c at line 17, lib/smb.h at line 13, lib/smb.h at line 19, lib/smtp.c at line 10, lib/smtp.c at line 16, lib/smtp.h at line 12, lib/smtp.h at line 18, lib/sockaddr.h at line 12, lib/sockaddr.h at line 18, lib/socketpair.c at line 10, lib/socketpair.c at line 16, lib/socketpair.h at line 12, lib/socketpair.h at line 18, lib/socks.c at line 10, lib/socks.c at line 16, lib/socks.h at line 12, lib/socks.h at line 18, lib/socks_gssapi.c at line 11, lib/socks_gssapi.c at line 17, lib/socks_sspi.c at line 11, lib/socks_sspi.c at line 17, lib/speedcheck.c at line 10, lib/speedcheck.c at line 16, lib/speedcheck.h at line 12, lib/speedcheck.h at line 18, lib/splay.c at line 10, lib/splay.c at line 16, lib/splay.h at line 12, lib/splay.h at line 18, lib/strcase.c at line 10, lib/strcase.c at line 16, lib/strcase.h at line 12, lib/strcase.h at line 18, lib/strdup.c at line 10, lib/strdup.c at line 16, lib/strdup.h at line 12, lib/strdup.h at line 18, lib/strerror.c at line 10, lib/strerror.c at line 16, lib/strerror.h at line 12, lib/strerror.h at line 18, lib/strtok.c at line 10, lib/strtok.c at line 16, lib/strtok.h at line 12, lib/strtok.h at line 18, lib/strtoofft.c at line 10, lib/strtoofft.c at line 16, lib/strtoofft.h at line 12, lib/strtoofft.h at line 18, lib/system_win32.c at line 10, lib/system_win32.c at line 16, lib/system_win32.h at line 12, lib/system_win32.h at line 18, lib/telnet.c at line 10, lib/telnet.c at line 16, lib/telnet.h at line 12, lib/telnet.h at line 18, lib/tftp.c at line 10, lib/tftp.c at line 16, lib/tftp.h at line 12, lib/tftp.h at line 18, lib/timeval.c at line 10, lib/timeval.c at line 16, lib/timeval.h at line 12, lib/timeval.h at line 18, lib/transfer.c at line 10, lib/transfer.c at line 16, lib/transfer.h at line 12, lib/transfer.h at line 18, lib/url.c at line 10, lib/url.c at line 16, lib/url.h at line 12, lib/url.h at line 18, lib/urlapi-int.h at line 12, lib/urlapi-int.h at line 18, lib/urlapi.c at line 10, lib/urlapi.c at line 16, lib/urldata.h at line 12, lib/urldata.h at line 18, lib/vauth/cleartext.c at line 10, lib/vauth/cleartext.c at line 16, lib/vauth/cram.c at line 10, lib/vauth/cram.c at line 16, lib/vauth/digest.c at line 10, lib/vauth/digest.c at line 16, lib/vauth/digest.h at line 12, lib/vauth/digest.h at line 18, lib/vauth/digest_sspi.c at line 11, lib/vauth/digest_sspi.c at line 17, lib/vauth/gsasl.c at line 10, lib/vauth/gsasl.c at line 16, lib/vauth/krb5_gssapi.c at line 11, lib/vauth/krb5_gssapi.c at line 17, lib/vauth/krb5_sspi.c at line 10, lib/vauth/krb5_sspi.c at line 16, lib/vauth/ntlm.c at line 10, lib/vauth/ntlm.c at line 16, lib/vauth/ntlm.h at line 12, lib/vauth/ntlm.h at line 18, lib/vauth/ntlm_sspi.c at line 10, lib/vauth/ntlm_sspi.c at line 16, lib/vauth/oauth2.c at line 10, lib/vauth/oauth2.c at line 16, lib/vauth/spnego_gssapi.c at line 10, lib/vauth/spnego_gssapi.c at line 16, lib/vauth/spnego_sspi.c at line 10, lib/vauth/spnego_sspi.c at line 16, lib/vauth/vauth.c at line 10, lib/vauth/vauth.c at line 16, lib/vauth/vauth.h at line 12, lib/vauth/vauth.h at line 18, lib/version.c at line 10, lib/version.c at line 16, lib/version_win32.c at line 10, lib/version_win32.c at line 16, lib/version_win32.h at line 12, lib/version_win32.h at line 18, lib/vquic/ngtcp2.c at line 10, lib/vquic/ngtcp2.c at line 16, lib/vquic/quiche.c at line 10, lib/vquic/quiche.c at line 16, lib/vquic/vquic.c at line 10, lib/vquic/vquic.c at line 16, lib/vssh/libssh.c at line 13, lib/vssh/libssh.c at line 19, lib/vssh/libssh2.c at line 10, lib/vssh/libssh2.c at line 16, lib/vssh/ssh.h at line 12, lib/vssh/ssh.h at line 18, lib/vssh/wolfssh.c at line 10, lib/vssh/wolfssh.c at line 16, lib/vtls/bearssl.c at line 10, lib/vtls/bearssl.c at line 16, lib/vtls/bearssl.h at line 12, lib/vtls/bearssl.h at line 18, lib/vtls/gskit.c at line 10, lib/vtls/gskit.c at line 16, lib/vtls/gskit.h at line 12, lib/vtls/gskit.h at line 18, lib/vtls/gtls.c at line 10, lib/vtls/gtls.c at line 16, lib/vtls/gtls.h at line 12, lib/vtls/gtls.h at line 18, lib/vtls/keylog.c at line 10, lib/vtls/keylog.c at line 16, lib/vtls/keylog.h at line 12, lib/vtls/keylog.h at line 18, lib/vtls/mbedtls.c at line 11, lib/vtls/mbedtls.c at line 17, lib/vtls/mbedtls.h at line 13, lib/vtls/mbedtls.h at line 19, lib/vtls/mbedtls_threadlock.c at line 11, lib/vtls/mbedtls_threadlock.c at line 17, lib/vtls/mesalink.c at line 11, lib/vtls/mesalink.c at line 17, lib/vtls/mesalink.h at line 13, lib/vtls/mesalink.h at line 19, lib/vtls/nss.c at line 10, lib/vtls/nss.c at line 16, lib/vtls/nssg.h at line 12, lib/vtls/nssg.h at line 18, lib/vtls/openssl.c at line 10, lib/vtls/openssl.c at line 16, lib/vtls/openssl.h at line 12, lib/vtls/openssl.h at line 18, lib/vtls/rustls.c at line 11, lib/vtls/rustls.c at line 17, lib/vtls/rustls.h at line 11, lib/vtls/rustls.h at line 17, lib/vtls/schannel.c at line 12, lib/vtls/schannel.c at line 18, lib/vtls/schannel.h at line 13, lib/vtls/schannel.h at line 19, lib/vtls/schannel_verify.c at line 12, lib/vtls/schannel_verify.c at line 18, lib/vtls/sectransp.c at line 11, lib/vtls/sectransp.c at line 17, lib/vtls/sectransp.h at line 13, lib/vtls/sectransp.h at line 19, lib/vtls/vtls.c at line 10, lib/vtls/vtls.c at line 16, lib/vtls/vtls.h at line 12, lib/vtls/vtls.h at line 18, lib/vtls/wolfssl.c at line 10, lib/vtls/wolfssl.c at line 16, lib/vtls/wolfssl.h at line 12, lib/vtls/wolfssl.h at line 18, lib/warnless.c at line 10, lib/warnless.c at line 16, lib/warnless.h at line 12, lib/warnless.h at line 18, lib/wildcard.c at line 10, lib/wildcard.c at line 16, lib/wildcard.h at line 12, lib/wildcard.h at line 18, lib/x509asn1.c at line 10, lib/x509asn1.c at line 16, lib/x509asn1.h at line 13, lib/x509asn1.h at line 19 Note: matched license text is too long. Read it in the source files. Scancode info: Original SPDX id: curl @@ -398,6 +398,7 @@ FILE_INCLUDE COPYING found in files: include/curl/curl.h at line 12, include/cur lib/wildcard.c [10:19] lib/wildcard.h [12:21] lib/x509asn1.c [10:19] + lib/x509asn1.h [13:22] KEEP BSD-3-Clause be4b0ef51fe3fb41b94214ba4614bf94 BELONGS ya.make @@ -436,7 +437,7 @@ BELONGS ya.make Match type : TEXT Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE Files with this license: - lib/sha256.c [214:215] + lib/sha256.c [215:216] KEEP ISC e6a382fc7564fdd1a5e46b2d97b3221f BELONGS ya.make diff --git a/contrib/libs/curl/.yandex_meta/licenses.list.txt b/contrib/libs/curl/.yandex_meta/licenses.list.txt index 7cd3b4921f..5170c6d07c 100644 --- a/contrib/libs/curl/.yandex_meta/licenses.list.txt +++ b/contrib/libs/curl/.yandex_meta/licenses.list.txt @@ -144,7 +144,7 @@ ====================COPYRIGHT==================== - * Copyright (C) 2013 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2013 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> diff --git a/contrib/libs/curl/CHANGES b/contrib/libs/curl/CHANGES index 3842d916a4..7bf4a9cae1 100644 --- a/contrib/libs/curl/CHANGES +++ b/contrib/libs/curl/CHANGES @@ -6,6 +6,1658 @@ Changelog +Version 7.79.1 (22 Sep 2021) + +Daniel Stenberg (22 Sep 2021) +- RELEASE-NOTES: synced + + curl 7.79.1 release + +- THANKS: added names from the 7.79.1 release + +- test897: verify delivery of IMAP post-body header content + + The "content" is delivered as "body" by curl, but the envelope continues + after the body and the rest of it should be delivered as header. + + The IMAP server can now get 'POSTFETCH' set to include more data to + include after the body and test 897 is done to verify that such "extra" + header data is in fact delivered by curl as header. + + Ref: #7284 but fails to reproduce the issue + + Closes #7748 + +- KNOWN_BUGS: connection migration doesn't work + + Closes #7695 + +- RELEASE-NOTES: synced + +- http: fix the broken >3 digit response code detection + + When the "reason phrase" in the HTTP status line starts with a digit, + that was treated as the forth response code digit and curl would claim + the response to be non-compliant. + + Added test 1466 to verify this case. + + Regression brought by 5dc594e44f73b17 + Reported-by: Glenn de boer + Fixes #7738 + Closes #7739 + +Jay Satiro (17 Sep 2021) +- strerror: use sys_errlist instead of strerror on Windows + + - Change Curl_strerror to use sys_errlist[errnum] instead of strerror to + retrieve the error message on Windows. + + Windows' strerror writes to a static buffer and is not thread-safe. + + Follow-up to 2f0bb86 which removed most instances of strerror in favor + of calling Curl_strerror (which calls strerror_r for other platforms). + + Ref: https://github.com/curl/curl/pull/7685 + Ref: https://github.com/curl/curl/commit/2f0bb86 + + Closes https://github.com/curl/curl/pull/7735 + +Daniel Stenberg (16 Sep 2021) +- dist: provide lib/.checksrc in the tarball + + So that debug builds work (checksrc really) + + Reported-by: Marcel Raad + Reported-by: tawmoto on github + Fixes #7733 + Closes #7734 + +- TODO: Improve documentation about fork safety + + Closes #6968 + +- hsts: CURLSTS_FAIL from hsts read callback should fail transfer + + ... and have CURLE_ABORTED_BY_CALLBACK returned. + + Extended test 1915 to verify. + + Reported-by: Jonathan Cardoso + Fixes #7726 + Closes #7729 + +- test1184: disable + + The test should be fine and it works for me repeated when run manually, + but clearly it causes CI failures and it needs more research. + + Reported-by: RiderALT on github + Fixes #7725 + Closes #7732 + +- Curl_http2_setup: don't change connection data on repeat invokes + + Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved + transfer oriented inits to before the check but also erroneously moved a + few connection oriented ones, which causes problems. + + Reported-by: Evangelos Foutras + Fixes #7730 + Closes #7731 + +- RELEASE-NOTES: synced + + and bump to 7.79.1 + +Kamil Dudka (16 Sep 2021) +- tests/sshserver.pl: make it work with openssh-8.7p1 + + ... by not using options with no argument where an argument is required: + + === Start of file tests/log/ssh_server.log + curl_sshd_config line 6: no argument after keyword "DenyGroups" + curl_sshd_config line 7: no argument after keyword "AllowGroups" + curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2 + curl_sshd_config line 29: Deprecated option KeyRegenerationInterval + curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication + curl_sshd_config line 40: Deprecated option RSAAuthentication + curl_sshd_config line 41: Deprecated option ServerKeyBits + curl_sshd_config line 45: Deprecated option UseLogin + curl_sshd_config line 56: no argument after keyword "AcceptEnv" + curl_sshd_config: terminating, 3 bad configuration options + === End of file tests/log/ssh_server.log + + === Start of file log/sftp_server.log + curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication" + curl_sftp_config line 34: Unsupported option "rsaauthentication" + curl_sftp_config line 52: no argument after keyword "sendenv" + curl_sftp_config: terminating, 1 bad configuration options + Connection closed. + Connection closed + === End of file log/sftp_server.log + + Closes #7724 + +Daniel Stenberg (15 Sep 2021) +- hsts: handle unlimited expiry + + When setting a blank expire string, meaning unlimited, curl would pass + TIME_T_MAX to getime_r() when creating the output, while on 64 bit + systems such a large value cannot be convetered to a tm struct making + curl to exit the loop with an error instead. It can't be converted + because the year it would represent doesn't fit in the 'int tm_year' + field! + + Starting now, unlimited expiry is instead handled differently by using a + human readable expiry date spelled out as "unlimited" instead of trying + to use a distant actual date. + + Test 1660 and 1915 have been updated to help verify this change. + + Reported-by: Jonathan Cardoso + Fixes #7720 + Closes #7721 + +- curl_multi_fdset: make FD_SET() not operate on sockets out of range + + The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was + built to use select(), even though the curl_multi_fdset() function + always and unconditionally uses FD_SET and needs the check. + + Reported-by: 0xee on github + Fixes #7718 + Closes #7719 + +- FAQ: add GOPHERS + curl works on data, not files + +Version 7.79.0 (14 Sep 2021) + +Daniel Stenberg (14 Sep 2021) +- RELEASE-NOTES: synced + + For the 7.79.0 release + +- THANKS: add contributors from 7.79.0 release cycle + +- FAQ: add two dev related questions + + 8.1 Why does curl use C89? + 8.2 Will curl be rewritten? + + Spell-checked-by: Paul Johnson + Closes #7715 + +- zuul.d/jobs: disable three tests for *-openssl-disable-proxy + + ... as they mysteriously seem to permfail without being related to + proxy. + + Closes #7714 + +- [Patrick Monnerat brought this change] + + ftp,imap,pop3,smtp: reject STARTTLS server response pipelining + + If a server pipelines future responses within the STARTTLS response, the + former are preserved in the pingpong cache across TLS negotiation and + used as responses to the encrypted commands. + + This fix detects pipelined STARTTLS responses and rejects them with an + error. + + CVE-2021-22947 + + Bug: https://curl.se/docs/CVE-2021-22947.html + +- [Patrick Monnerat brought this change] + + ftp,imap,pop3: do not ignore --ssl-reqd + + In imap and pop3, check if TLS is required even when capabilities + request has failed. + + In ftp, ignore preauthentication (230 status of server greeting) if TLS + is required. + + Bug: https://curl.se/docs/CVE-2021-22946.html + + CVE-2021-22946 + +- [z2_ on hackerone brought this change] + + mqtt: clear the leftovers pointer when sending succeeds + + CVE-2021-22945 + + Bug: https://curl.se/docs/CVE-2021-22945.html + +- zuul: bump the rustls job to use v0.7.2 + + ... and add -lm when using a rust library. + + Closes #7701 + +- RELEASE-PROCEDURE: add release dates from now to 8.0.0 in 2023 + +- SECURITY-PROCESS: tweak a little to match current practices + + Closes #7713 + +- http_proxy: fix the User-Agent inclusion in CONNECT + + It should not refer to the uagent string that is allocated and created + for the end server http request, as that pointer may be cleared on + subsequent CONNECT requests. + + Added test case 1184 to verify. + + Reported-by: T200proX7 on github + Fixes #7705 + Closes #7707 + +- Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited + + Reported-by: Jonathan Cardoso + Fixes #7710 + Closes #7711 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: fix build with ngtcp2 and nghttp3 + + ngtcp2_conn_client_new and nghttp3_conn_client_new are now macros. + Check the wrapped functions instead. + + ngtcp2_stream_close callback now takes flags parameter. + + Closes #7709 + +- write-out.d: clarify size_download/upload + + They show the number of "body" bytes transfered. + Fixes #7702 + Closes #7706 + +- http2: Curl_http2_setup needs to init stream data in all invokes + + Thus function was written to avoid doing multiple connection data + initializations, which is fine, but since it also initiates stream + related data it is crucial that it doesn't skip those even if called + again for the same connection. Solved by moving the stream + initializations before the "doing-it-again" check. + + Reported-by: Inho Oh + Fixes #7630 + Closes #7692 + +- url: fix compiler warning in no-verbose builds + + Follow-up from 2f0bb864c12 + + Closes #7700 + +- non-ascii: fix build errors from strerror fix + + Follow-up to 2f0bb864c12 + + Closes #7697 + +- parse_args: redo the warnings for --remote-header-name combos + + ... to avoid the memory leak risk pointed out by scan-build. + + Follow-up from 7a3e981781d6c18a + + Closes #7698 + +- ngtcp2: adapt to new size defintions upstream + + Reviewed-by: Tatsuhiro Tsujikawa + Closes #7699 + +- rustls: add strerror.h include + + Follow-up to 2f0bb864c12 + +- docs: the security list is reached at security at curl.se now + + Also update the FAQ section a bit to encourage users to rather submit + security issues on hackerone than sending email. + + Closes #7689 + +Marc Hoersken (9 Sep 2021) +- runtests: add option -u to error on server unexpectedly alive + + Let's try to actually handle the server unexpectedly alive + case by first making them visible on CI builds as failures. + + This is needed to detect issues with killing of the test + servers completely including nested process chains with + multiple PIDs per test server (including bash and perl). + + On Windows/cygwin platforms this is especially helpful with + debugging PID mixups due to cygwin using its own PID space. + + Reviewed-by: Daniel Stenberg + Closes #7180 + +Daniel Stenberg (9 Sep 2021) +- opts docs: unify phrasing in NAME header + + - avoid writing "set ..." or "enable/disable ..." or "specify ..." + *All* options for curl_easy_setopt() are about setting or enabling + things and most of the existing options didn't use that way of + description. + + - start with lowercase letter, unless abbreviation. For consistency. + + - Some additional touch-ups + + Closes #7688 + +- strerror.h: remove the #include from files not using it + +- lib: don't use strerror() + + We have and provide Curl_strerror() internally for a reason: strerror() + is not necessarily thread-safe so we should always try to avoid it. + + Extended checksrc to warn for this, but feature the check disabled by + default and only enable it in lib/ + + Closes #7685 + +Daniel Gustafsson (8 Sep 2021) +- cirrus: Add FreeBSD 13.0 job and disable sanitizer build + + As alluded to the in the now removed comment, a 13.0 image became + available and is now ready to be used. + + The sanitizer builds were running on the 12.1 image which since has + been removed from the config, leaving the builds not running at all. + When enabled it turns out that they don't actually work due to very + long timeouts in executing the tests, so keep the disabled for now + but a bit more controlled. + + Closes #7592 + +Daniel Stenberg (8 Sep 2021) +- copyrights: update copyright year ranges + +- RELEASE-NOTES: synced + +- INTERNALS: c-ares has a new home: c-ares.org + +- docs: remove experimental mentions from HSTS and MQTT + + Reported-by: Jonathan Cardoso + Bug: https://github.com/curl/curl/pull/6700#issuecomment-913792863 + Closes #7681 + +- [Cao ZhenXiang brought this change] + + curl: add warning for incompatible parameters usage + + --continue-at - and --remote-header-name are known incompatible parameters + + Closes #7674 + +- [git-bruh brought this change] + + examples/*hiperfifo.c: fix calloc arguments to match function proto + + Closes #7678 + +- INTERNALS: bump c-ares requirement to 1.16.0 + + Since ba904db0705c93 we use ares_getaddrinfo, added in c-ares 1.16.0 + +- curl: stop retry if Retry-After: is longer than allowed + + If Retry-After: specifies a period that is longer than what fits within + --retry-max-time, then stop retrying immediately. + + Added test 366 to verify. + + Reported-by: Kari Pahula + Fixes #7675 + Closes #7676 + +- [Michał Antoniak brought this change] + + mbedtls: avoid using a large buffer on the stack + + Use dynamic memory allocation for the buffer used in checking "pinned + public key". The PUB_DER_MAX_BYTES parameter with default settings is + set to a value greater than 2kB. + + Co-authored-by: Daniel Stenberg + Closes #7586 + +- configure: make --disable-hsts work + + The AC_ARG_ENABLE() macro itself uses a variable called + 'enable_[option]', so when our script also used a variable with that + name for the purpose of storing what the user wants, it also + accidentally made it impossible to switch off the feature with + --disable-hsts. Fix this by renaming our variable. + + Reported-by: Michał Antoniak + Fixes #7669 + Closes #7672 + +Jay Satiro (5 Sep 2021) +- config.d: note that curlrc is used even when --config + + Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751 + Reported-by: Viktor Szakats + + Closes https://github.com/curl/curl/pull/7667 + +Daniel Stenberg (4 Sep 2021) +- RELEASE-NOTES: synced + +- test1173: check references to libcurl options + + ... that they refer to actual existing libcurl options. + + Reviewed-by: Daniel Gustafsson + Closes #7656 + +- CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also + + Closes #7656 + +- opt-docs: verify man page sections + order + + In every libcurl option man page there are now 8 mandatory sections that + must use the right name in the correct order and test 1173 verifies + this. Only 14 man pages needed adjustments. + + The sections and the order is as follows: + + - NAME + - SYNOPSIS + - DESCRIPTION + - PROTOCOLS + - EXAMPLE + - AVAILABILITY + - RETURN VALUE + - SEE ALSO + + Reviewed-by: Daniel Gustafsson + Closes #7656 + +- opt-docs: make sure all man pages have examples + + Extended manpage-syntax.pl (run by test 1173) to check that every man + page for a libcurl option has an EXAMPLE section that is more than two + lines. Then fixed all errors it found and added examples. + + Reviewed-by: Daniel Gustafsson + Closes #7656 + +- get.d: provide more useful examples + + Closes #7668 + +- page-header: add GOPHERS, simplify wording in the 1st para + + Closes #7665 + +- connect: get local port + ip also when reusing connections + + Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage + (connection + easy handle), so this info needs be extracted again even + for re-used connections. + + Add test 435 to verify + + Reported-by: Max Dymond + Fixes #7660 + Closes #7662 + +Marcel Raad (2 Sep 2021) +- multi: fix compiler warning with `CURL_DISABLE_WAKEUP` + + `use_wakeup` is unused in this case. + + Closes https://github.com/curl/curl/pull/7661 + +Daniel Stenberg (1 Sep 2021) +- tests: adjust the tftpd output to work with hyper mode + + By making them look less like http headers, the hyper mode "tweak" + doesn't interfere. + + Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated + but should be enabled). + + Closes #7658 + +Daniel Gustafsson (1 Sep 2021) +- [Gisle Vanem brought this change] + + openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA + + This adds support for the previously unhandled supplemental data which + in -v output was printed like: + + TLSv1.2 (IN), TLS header, Unknown (23): + + These will now be printed with proper annotation: + + TLSv1.2 (OUT), TLS header, Supplemental data (23): + + Closes #7652 + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (1 Sep 2021) +- curl.1: provide examples for each option + + The file format for each option now features a "Example:" header that + can provide one or more examples that get rendered appropriately in the + output. All options MUST have at least one example or gen.pl complains + at build-time. + + This fix also does a few other minor format and consistency cleanups. + + Closes #7654 + +- progress: make trspeed avoid floats + + and compiler warnings for data conversions. + + Reported-by: Michał Antoniak + Fixes #7645 + Closes #7653 + +- test365: verify response with chunked AND Content-Length headers + +- http: ignore content-length if any transfer-encoding is used + + Fixes #7643 + Closes #7649 + +- RELEASE-NOTES: synced + +- Revert "http2: skip immediate parsing of payload following protocol switch" + + This reverts commit 455a63c66f188598275e87d32de2c4e8e26b80cb. + + Reported-by: Tk Xiong + Fixes #7633 + Closes #7648 + +- KNOWN_BUGS: HTTP/3 doesn't support client certs + + Closes #7625 + +- mailing lists: move from cool.haxx.se to lists.haxx.se + +- http_proxy: only wait for writable socket while sending request + + Otherwise it would wait socket writability even after the entire CONNECT + request has sent and make curl basically busy-loop while waiting for a + response to come back. + + The previous fix attempt in #7484 (c27a70a591a4) was inadequate. + + Reported-by: zloi-user on github + Reported-by: Oleguer Llopart + Fixes #7589 + Closes #7647 + +- http: disallow >3-digit response codes + + Make the built-in HTTP parser behave similar to hyper and reject any + HTTP response using more than 3 digits for the response code. + + Updated test 1432 accordingly. + Enabled test 1432 in the hyper builds. + + Closes #7641 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: stop buffering crypto data + + Stop buffering crypto data because libngtcp2 now buffers submitted + crypto data. + + Closes #7637 + +- test1280: CRLFify the response to please hyper + + Closes #7639 + +- tests: enable test 1129 for hyper builds + + Closes #7638 + +- curl: better error message when -O fails to get a good name + + Due to how this currently works internally, it needs a working initial + file name to store contents in, so it may still fail even with -J is + used (and thus accepting a name from content-disposition:) if the file + name part of the URL isn't "good enough". + + Fixes #7628 + Closes #7635 + +- curl_easy_setopt: tweak the string copy wording + + Reported-by: Yaobin Wen + Fixes #7632 + Closes #7634 + +- RELEASE-NOTES: synced + +- [Don J Olmstead brought this change] + + cmake: sync CURL_DISABLE options + + Adds the full listing of CURL_DISABLE options to the CMake build. Moves + all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which + resides near OpenSSL configuration, to the same block of code. Also + sorts the options here and in the cmake config header. + + Additionally sorted the CURL-DISABLE listing and fixed the + CURL_DISABLE_POP3 option. + + Closes #7624 + +Jay Satiro (25 Aug 2021) +- KNOWN_BUGS: FTPS upload data loss with TLS 1.3 + + Bug: https://github.com/curl/curl/issues/6149 + Reported-by: Bylon2@users.noreply.github.com + + Closes https://github.com/curl/curl/pull/7623 + +Daniel Stenberg (24 Aug 2021) +- cmake: avoid poll() on macOS + + ... like we do in configure builds. Since poll() on macOS is not + reliable enough. + + Reported-by: marc-groundctl + Fixes #7595 + Closes #7619 + +- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection + + Enable test 1074 + + Closes #7617 + +- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS + + Enable test 1130 and 1131 + + Closes #7616 + +- [a1346054 brought this change] + + tests: be explicit about using 'python3' instead of 'python' + + This fixes running tests in virtualenvs (or on distros) that no longer + have a symlink from python to python2 or python3. + + Closes #7602 + +- [a1346054 brought this change] + + scripts: invoke interpreters through /usr/bin/env + + Closes #7602 + +- DISABLED: enable 11 more tests for hyper builds + + Closes #7612 + +- setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper + + Since this option is also used for FTP, it needs to work to set for + applications even if hyper doesn't support it for HTTP. Verified by test + 1137. + + Updated docs to specify that the option doesn't work for HTTP when using + the hyper backend. + + Closes #7614 + +- test1138: remove trailing space to make work with hyper + + Closes #7613 + +- libcurl-errors.3: clarify two CURLUcode errors + + CURLUE_BAD_HANDLE and CURLUE_BAD_PARTPOINTER should be for "bad" or + wrong pointers in a generic sense, not just for NULL pointers. + + Reviewed-by: Jay Satiro + + Ref: #7605 + Closes #7611 + +Jay Satiro (23 Aug 2021) +- symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version + + ... and also change the 'Removed' column name to 'Last' since that + column is for the last version to contain the symbol. + + Closes https://github.com/curl/curl/pull/7609 + +Daniel Stenberg (23 Aug 2021) +- urlapi.c:seturl: assert URL instead of using if-check + + There's no code flow possible where this can happen. The assert makes + sure it also won't be introduced undetected in the future. + + Closes #7610 + +- curl-openssl.m4: show correct output for OpenSSL v3 + + Using 3.0.0 versions configure should now show this: + + checking for OpenSSL headers version... 3.0.0 - 0x300 + checking for OpenSSL library version... 3.0.0 + checking for OpenSSL headers and library versions matching... yes + + This output doesn't actually change what configure generates but is only + "cosmetic". + + Reported-by: Randall S. Becker + Fixes #7606 + Closes #7608 + +Jay Satiro (22 Aug 2021) +- mksymbolsmanpage.pl: Fix showing symbol's last used version + + Prior to this change the symbol's deprecated version was erroneously + shown as its last used version. + + Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509 + Reported-by: i-ky@users.noreply.github.com + +Daniel Stenberg (21 Aug 2021) +- mksymbolsmanpage.pl: match symbols case insenitively + + Follow-up to 4e53b9430c750 which made this bug show. + + Reported-by: i-ky + Bug: https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commitcomment-55239253 + Closes #7607 + +- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results + + As this leaks memory otherwise + + Follow-up to ba904db0705c931 + + Closes #7599 + +- [Ehren Bendler brought this change] + + wolfssl: clean up wolfcrypt error queue + + If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error + queue gets added on to for each session and never freed. Fix it by + calling ERR_clear_error() like in vtls/openssl when needed. This func is + a no-op in wolfcrypt if the error queue is not enabled. + + Closes #7594 + +- man pages: remove trailing whitespaces + + Extended test 1173 (via the manpage-syntax.pl script) to detect and warn + for them. + + Ref: #7602 + Reported-by: a1346054 on github + Closes #7604 + +- mailmap: add Gleb Ivanovsky + +- config.d: escape the backslash properly + + Closes #7603 + +- [Don J Olmstead brought this change] + + curl_setup.h: sync values for HTTP_ONLY + + The values for HTTP_ONLY differed between CMakeLists.txt and + curl_setup.h. Sync them and sort the values in curl_setup.h to make it + easier to spot differences. + + Closes #7601 + +Jay Satiro (21 Aug 2021) +- configure: set classic mingw minimum OS version to XP + + - If the user has not specified a minimum OS version (via WINVER or + _WIN32_WINNT macros) then set it to Windows XP. + + Prior to this change classic MinGW defaulted the minimum OS version + to Windows NT 4.0 which is way too old. At least Windows XP is needed + for getaddrinfo (which resolves hostnames to IPv6 addresses). + + Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034 + + Closes https://github.com/curl/curl/pull/7581 + +- schannel: Work around typo in classic mingw macro + + - Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH. + + Prior to this change there was an incomplete fix to ignore the + CALG_TLS1PRF macro on those versions of MinGW where it uses the + ALG_CLASS_DHASH typoed macro. + + Ref: 48cf45c + Ref: https://osdn.net/projects/mingw/ticket/38391 + Ref: https://github.com/curl/curl/issues/2924 + + Closes https://github.com/curl/curl/pull/7580 + +Daniel Stenberg (20 Aug 2021) +- RELEASE-NOTES: synced + +- http_proxy: fix user-agent and custom headers for CONNECT with hyper + + Enable test 287 + + Closes #7598 + +- c-hyper: initial support for "dumping" 1xx HTTP responses + + With the use hyper_request_on_informational() + + Enable test 155 and 158 + + Closes #7597 + +Marc Hoersken (18 Aug 2021) +- tests/*server.pl: flush output before executing subprocess + + Also avoid shell processes staying around by using exec. + This is necessary to avoid output data being buffering + inside the process chain of Perl, Bash/Shell and our + test server binaries. On non-Windows systems the exec + will also make the subprocess replace the intermediate + shell, but on Windows it will at least bind the processes + together since there is no real fork or exec available. + + See: https://cygwin.com/cygwin-ug-net/highlights.html + and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions + Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010 + + Reviewed-by: Daniel Stenberg + Reviewed-by: Jay Satiro + Closes #7530 + +- CI: use GitHub Container Registry instead of Docker Hub + + Avoid limits on Docker Hub and improve image pull/download speed. + + Closes #7587 + +Daniel Stenberg (18 Aug 2021) +- openssl: when creating a new context, there cannot be an old one + + Remove the previous handling that would call SSL_CTX_free(), and instead + add an assert that halts a debug build if there ever is a context + already set at this point. + + Closes #7585 + +Jay Satiro (18 Aug 2021) +- KNOWN_BUGS: Renegotiate from server may cause hang for OpenSSL backend + + Closes https://github.com/curl/curl/issues/6785 + +Viktor Szakats (17 Aug 2021) +- docs/BINDINGS: URL update + +Marc Hoersken (17 Aug 2021) +- tests/server/*.c: align handling of portfile argument and file + + 1. Call the internal variable portname (like pidname) everywhere. + 2. Have a variable wroteportfile (like wrotepidfile) everywhere. + 3. Make sure the file is cleaned up on exit (like pidfile). + 4. Add parameter --portfile to usage outputs everywhere. + + Reviewed-by: Daniel Stenberg + + Replaces #7523 + Closes #7574 + +Daniel Gustafsson (17 Aug 2021) +- KNOWN_BUGS: Fix a number of typos in KNOWN_BUGS + + Fixes a set of typos found in section 11.3. + +Daniel Stenberg (17 Aug 2021) +- getparameter: fix the --local-port number parser + + It could previously get tricked into parsing the uninitialized stack + based buffer. + + Reported-by: Brian Carpenter + Closes #7582 + +- KNOWN_BUGS: Can't use Secure Transport with Crypto Token Kit + + Closes #7048 + +- [Jan Verbeek brought this change] + + curl: add warning for ignored data after quoted form parameter + + In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc` + is ignored. This adds a warning if the ignored data isn't all + whitespace. + + Closes #7394 + +Jay Satiro (17 Aug 2021) +- codeql: fix error "Resource not accessible by integration" + + - Enable codeql writing security-events. + + GitHub set the default permissions to read, apparently since earlier + this year. + + Ref: https://github.com/github/codeql-action/issues/464 + Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ + + Fixes https://github.com/curl/curl/issues/7575 + Closes https://github.com/curl/curl/pull/7576 + +- tool_operate: Fix --fail-early with parallel transfers + + - Abort via progress callback to fail early during parallel transfers. + + When a critical error occurs during a transfer (eg --fail-early + constraint) then other running transfers will be aborted via progress + callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this + case, the callback error does not become the most recent error and a + custom error message is used for those transfers: + + curld --fail --fail-early --parallel + https://httpbin.org/status/404 https://httpbin.org/delay/10 + + curl: (22) The requested URL returned error: 404 + curl: (42) Transfer aborted due to critical error in another transfer + + > echo %ERRORLEVEL% + 22 + + Fixes https://github.com/curl/curl/issues/6939 + Closes https://github.com/curl/curl/pull/6984 + +Daniel Stenberg (17 Aug 2021) +- [Sergey Markelov brought this change] + + sectransp: support CURLINFO_CERTINFO + + Fixes #4130 + Closes #7372 + +- ngtcp2: remove the acked_crypto_offset struct field init + + ... as it is gone from the API upstream. + + Closes #7578 + +- misc: update incorrect copyright year ranges + + Closes #7577 + +- KNOWN_BUGS: HTTP/3 quiche upload large file fails + + Closes #7532 + +- KNOWN_BUGS: CMake build with MIT Kerberos does not work + + Closes #6904 + +- TODO: add asynch getaddrinfo support + + Closes #6746 + +- RELEASE-NOTES: synced + +- [Artur Sinila brought this change] + + http2: revert call the handle-closed function correctly on closed stream + + Reverts 252790c5335a221 + + Assisted-by: Gergely Nagy + Fixes #7400 + Closes #7525 + +- [Patrick Monnerat brought this change] + + auth: do not append zero-terminator to authorisation id in kerberos + + RFC4752 Section 3.1 states "The authorization identity is not terminated + with a zero-valued (%x00) octet". Although a comment in code said it may + be needed anyway, nothing confirms it. In addition, servers may consider + it as part of the identity, causing a failure. + + Closes #7008 + +- [Patrick Monnerat brought this change] + + auth: use sasl authzid option in kerberos + + ... instead of deriving it from active ticket. + Closes #7008 + +- [Patrick Monnerat brought this change] + + auth: we do not support a security layer after kerberos authentication + + Closes #7008 + +- [Patrick Monnerat brought this change] + + auth: properly handle byte order in kerberos security message + + Closes #7008 + +- [z2_ brought this change] + + x509asn1: fix heap over-read when parsing x509 certificates + + Assisted-by: Patrick Monnerat + Closes #7536 + +- KNOWN_BUGS: Disconnects don't do verbose + + Closes #6995 + +- mailmap: fixup Michał Antoniak + +- [Michał Antoniak brought this change] + + build: fix compiler warnings + + For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both + active. + + - socks.c : warning C4100: 'lineno': unreferenced formal parameter + (co-authored by Daniel Stenberg) + + - mbedtls.c: warning C4189: 'port': local variable is initialized but + not referenced + + - schannel.c: warning C4189: 'hostname': local variable is initialized + but not referenced + + Cloes #7528 + +- [Gleb Ivanovsky brought this change] + + CODE_STYLE-md: fix bold font style + + Markdown gets confused with abundance of asterisks, so use underscores + instead. + + Reviewed-by: Daniel Gustafsson + Closes #7569 + +- [Gleb Ivanovsky brought this change] + + CODE_STYLE-md: add missing comma + + Reviewed-by: Daniel Gustafsson + Closes #7570 + +- [Daniel Gustafsson brought this change] + + examples/ephiperfifo.c: simplify signal handler + + The signal handler registered for SIGINT is only handling SIGINT + so there isn't much need for inspecting the signo. While there, + rename the handler to be more specific. + + g_should_exit should really be of sig_atomic_t type, but relying + on autoconf in the examples seems like a bad idea so keep that + for now. + + Reviewed-by: Daniel Stenberg + Closes #7310 + +- c-hyper: initial step for 100-continue support + + Enabled test 154 + + Closes #7568 + +- [Ikko Ashimine brought this change] + + vtls: fix typo in schannel_verify.c + + occurence -> occurrence + + Closes #7566 + +- [Emil Engler brought this change] + + curl_url_get.3: clarify about path and query + + The current man-page lacks some details regarding the obtained path and + query. + + Closes #7563 + +- c-hyper: fix header value passed to debug callback + + Closes #7567 + +Viktor Szakats (12 Aug 2021) +- cleanup: URL updates + + - replace broken URL with the one it was most probably pointing to + when added (lib/tftp.c) + - replace broken URL with archive.org link (lib/curl_ntlm_wb.c) + - delete unnecessary protocol designator from archive.org URL + (docs/BINDINGS.md) + + Closes #7562 + +Daniel Stenberg (12 Aug 2021) +- [April King brought this change] + + DEPRECATE.md: linkify curl-library mailing list + + Closes #7561 + +- [Barry Pollard brought this change] + + output.d: add method to suppress response bodies + + Closes #7560 + +- TODO: remove 'c-ares deviates on http://1346569778' + + Fixed since 56a037cc0ad1b2 (7.77.0) + +- [Colin O'Dell brought this change] + + BINDINGS.md: update links to use https where available + + Closes #7558 + +- asyn-ares.c: move all version number checks to the top + + ... and use #ifdef [feature] in the code as per our guidelines. + +- ares: use ares_getaddrinfo() + + ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced + in version 1.16.0. + + With older c-ares versions, curl invokes ares_gethostbyname() twice - once for + IPv4 and once for IPv6 to resolve both addresses, and then combines the + returned results. + + Reported-by: jjandesmet + Fixes #7364 + Closes #7552 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: utilize crypto API functions to simplify + + Closes #7551 + +- [megatronking brought this change] + + ngtcp2: reset the oustanding send buffer again when drained + + Closes #7538 + +Michael Kaufmann (10 Aug 2021) +- progress: fix a compile warning on some systems + + lib/progress.c:380:40: warning: conversion to 'long double' from + 'curl_off_t {aka long long int}' may alter its value [-Wconversion] + + Closes #7549 + +Daniel Stenberg (10 Aug 2021) +- RELEASE-NOTES: synced + +- http: consider cookies over localhost to be secure + + Updated test31. + Added test 392 to verify secure cookies used for http://localhost + + Reviewed-by: Daniel Gustafsson + Fixes #6733 + Closes #7263 + +- TODO: erase secrets from heap/stack after use + + Closes #7268 + +Jay Satiro (10 Aug 2021) +- hostip: Make Curl_ipv6works function independent of getaddrinfo + + - Do not assume IPv6 is not working when getaddrinfo is not present. + + The check to see if IPv6 actually works is now independent of whether + there is any resolver that can potentially resolve a hostname to IPv6. + + Prior to this change if getaddrinfo() was not found at compile time then + Curl_ipv6works() would be defined as a macro that returns FALSE. + + When getaddrinfo is not found then libcurl is built with CURLRES_IPV4 + defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups + in the traditional way. With this commit if libcurl is built with IPv6 + support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the + IPv6 stack is actually working, then it is possible for libcurl to + resolve IPv6 addresses by using DoH. + + Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378 + + Closes https://github.com/curl/curl/pull/7529 + +- test1565: fix windows build errors + + - Use our wait_ms() instead of sleep() since Windows doesn't have the + latter. + + - Use a separate variable to keep track of whether the pthread_t thread + id is valid. + + On Windows pthread_t is not an integer type. pthread offers no macro for + invalid pthread_t thread id, so validity is kept track of separately. + + Closes https://github.com/curl/curl/pull/7527 + +- [Jeremy Falcon brought this change] + + winbuild/README.md: clarify GEN_PDB option + + - Document that GEN_PDB option creates an external database. + + Ref: https://github.com/curl/curl/issues/7502 + +Daniel Stenberg (9 Aug 2021) +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read + + Closes #7546 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream + + Rework the return value handling of ngtcp2_conn_writev_stream and treat + NGTCP2_ERR_STREAM_SHUT_WR separately. + + Closes #7546 + +- configure: error out if both ngtcp2 and quiche are specified + + Reported-by: Vincent Grande + See #7539 + Closes #7545 + +- [Jeff Mears brought this change] + + easy: use a custom implementation of wcsdup on Windows + + ... so that malloc/free overrides from curl_global_init are used for + wcsdup correctly. + + Closes #7540 + +- zuul: add an mbedtls3 CI job + + Closes #7544 + +- [Benau brought this change] + + mbedTLS: initial 3.0.0 support + + Closes #7428 + +- RELEASE-NOTES: synced + +- configure.ac: revert bad nghttp2 library detection improvements + + This reverts commit b4b34db65f9f8, 673753344c5f and 29c7cf79e8b. + + The logic is now back to assuming that the nghttp2 lib is called nghttp2 and + nothing else. + + Reported-by: Rui Pinheiro + Reported-by: Alex Crichton + Fixes #7514 + Closes #7515 + +- happy-eyeballs-timeout-ms.d: polish the wording + + Reported-by: Josh Soref + Fixes #7433 + Closes #7542 + +- [modbw brought this change] + + mbedtls_threadlock: fix unused variable warning + + Closes #7393 + +- [Tatsuhiro Tsujikawa brought this change] + + ngtcp2: compile with the latest ngtcp2 and nghttp3 + + Closes #7541 + +Marc Hoersken (31 Jul 2021) +- CI/cirrus: reduce compile time with increased parallism + + Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds. + + Reviewed-by: Daniel Stenberg + Closes #7505 + +Daniel Stenberg (30 Jul 2021) +- [Bin Lan brought this change] + + tool/tests: fix potential year 2038 issues + + The length of 'long' in a 32-bit system is 32 bits, which cannot be used + to save timestamps after 2038. Most operating systems have extended + time_t to 64 bits. + + Remove the castings to long. + + Closes #7466 + +- compressed.d: it's a request, not an order + + Clarified + + Reported-by: Dan Jacobson + Reviewed-by: Daniel Gustafsson + Fixes #7516 + Closes #7517 + +- [Bernhard M. Wiedemann brought this change] + + tests: make three tests pass until 2037 + + after 2038 something in test1915 fails on 32-bit OSes + + Closes #7512 + +Daniel Gustafsson (30 Jul 2021) +- connect: remove superfluous conditional + + Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos, + but the move left a conditional on ai which no longer is needed as + the while loop reevaluation will cover it. + + Closes #7511 + Reviewed-by: Carlo Marcelo Arenas Belón + Reviewed-by: Daniel Stenberg <daniel@haxx.se> + +Daniel Stenberg (29 Jul 2021) +- RELEASE-NOTES: synced + + and bump curlver to 7.79.0 for next release + +Marc Hoersken (29 Jul 2021) +- tests/*server.py: remove pidfile on server termination + + Avoid pidfile leaking/laying around after server already exited. + + Reviewed-by: Daniel Stenberg + Closes #7506 + +Daniel Gustafsson (27 Jul 2021) +- tool_main: fix typo in comment + + The referred to library is NSPR, so fix the switched around characters. + +Daniel Stenberg (28 Jul 2021) +- [Aleksandr Krotov brought this change] + + bearssl: support CURLOPT_CAINFO_BLOB + + Closes #7468 + +- curl.1: mention "global" flags + + Mention options that are "global". A global command line option is one + that doesn't get reset at --next uses and therefore don't need to be + used again. + + Reported-by: Josh Soref + + Fixes #7457 + Closes #7510 + +- CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited + + Reported-by: Daniel Woelfel + Fixes #7441 + Closes #7509 + +- KNOWN_BUGS: add more HTTP/3 problems + + Closes #7351 + Closes #7339 + Closes #7125 + +Marc Hoersken (27 Jul 2021) +- CI/azure: reduce compile time with increased parallism + + Azure Pipelines CI VMs have 2 CPUs, let's use them. + + Closes #7489 + +Jay Satiro (27 Jul 2021) +- [Josh Soref brought this change] + + docs: fix grammar + + Fixes https://github.com/curl/curl/issues/7444 + Fixes https://github.com/curl/curl/issues/7451 + Fixes https://github.com/curl/curl/issues/7465 + Closes https://github.com/curl/curl/pull/7495 + +- mail-rcpt.d: fix grammar + + Remove confusing sentence that says to specify an e-mail address for + mail transfer, since that's implied. + + Reported-by: Josh Soref + + Fixes https://github.com/curl/curl/issues/7452 + Closes https://github.com/curl/curl/pull/7495 + +Daniel Stenberg (27 Jul 2021) +- c-hyper: remove the hyper_executor_poll() loop from Curl_http + + 1. it's superfluous + 2. it didn't work identically to the Curl_hyper_stream one which could + cause problems like #7486 + + Pointed-out-by: David Cook + Closes #7499 + +- curl-openssl.m4: check lib64 for the pkg-config file + + OpenSSL recently started putting the libs in $prefix/lib64 on 'make + install', so we check that directory for pkg-config data if the 'lib' + check fails. + + Closes #7503 + +- CURLOPT_SSL_CTX_*.3: tidy up the example + + Use the proper code style. Don't store return codes that aren't read. + Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well. + + Closes #7500 + +- example/cookie_interface: fix scan-build printf warning + + Follow-up to 4b79c4fb565 + + Fixes #7497 + Closes #7498 + +- [Josh Soref brought this change] + + limit-rate.d: clarify base unit + + Fixes #7439 + Closes #7494 + +- [Carlo Marcelo Arenas Belón brought this change] + + examples/cookie_interface: avoid printfing time_t directly + + time_t representation is undefined and varies on bitsize and signedness, + and as of C11 could be even non integer. + + instead of casting to unsigned long (which would truncate in systems + with a 32bit long after 2106) use difftime to get the elapsed time as a + double and print that (without decimals) instead. + + alternatively a cast to curl_off_t and its corresponding print + formatting could have been used (at least in POSIX) but portability and + curl agnostic code was prioritized. + + Closes #7490 + +Marc Hoersken (25 Jul 2021) +- tests/servers: remove obsolete pid variable + + Variable is not used since pidfile handling moved to util.[ch] + + Reviewed-by: Jay Satiro + Closes #7482 + +- tests/servers: use our platform-aware pid for server verification + + The pid used for server verification is later stored as pid2 in + the hash of running test servers and therefore used for shutdown. + + The pid used for shutdown must be the platform-aware (Win32) pid + to avoid leaking test servers while running them using Cygwin/msys. + + Reviewed-by: Jay Satiro + Closes #7481 + +- tests/runtests.pl: cleanup copy&paste mistakes and unused code + + Reviewed-by: Jay Satiro + Part of #7481 + +Daniel Stenberg (25 Jul 2021) +- RELEASE-NOTES: synced + + bumped to 7.78.1 for next release + +- http_proxy: clear 'sending' when the outgoing request is sent + + ... so that Curl_connect_getsock() will know how to wait for the socket + to become readable and not writable after the entire CONNECT request has + been issued. + + Regression added in 7.77.0 + + Reported-by: zloi-user on github + Assisted-by: Jay Satiro + Fixes #7155 + Closes #7484 + +Jay Satiro (25 Jul 2021) +- [Josh Soref brought this change] + + openssl: fix grammar + + Closes https://github.com/curl/curl/pull/7480 + +- configure.ac: tweak nghttp2 library name fix again + + - Change extraction to handle multiple library names returned by + pkg-config (eg a possible scenario with pkg-config --static). + + Ref: https://github.com/curl/curl/pull/7472 + + Closes https://github.com/curl/curl/pull/7485 + +Dan Fandrich (23 Jul 2021) +- Get rid of the unused HAVE_SIG_ATOMIC_T et. al. + + It was added in 2006 but I see no evidence it was ever used. + +Jay Satiro (23 Jul 2021) +- docs: change max-filesize caveat again + + - Add protocols field to max-filesize.d. + + - Revert wording on unknown file size caveat and do not discuss specific + protocols in that section. + + Partial revert of ecf0225. All max-filesize options now have the list of + protocols and it's clearer just to have that list without discussing + specific protocols in the caveat. + + Reported-by: Josh Soref + + Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762 + +Daniel Stenberg (22 Jul 2021) +- [Christian Weisgerber brought this change] + + configure: tweak nghttp2 library name fix + + commit 29c7cf79e8b44cf (shipped in 7.78.0) introduced a problem by + assuming that LIB_H2 does not have any leading whitespace. At least + OpenBSD's native pkg-config can produce such whitespace, though: + + $ pkg-config --libs-only-l libnghttp2 + -lnghttp2 + + As a result, the configure check for libnghttp2 will erroneously fail. + + Bug: https://curl.se/mail/lib-2021-07/0050.html + Closes #7472 + +- [Bastian Krause brought this change] + + docs/MQTT: update state of username/password support + + PR #7243 implemented username/password support for MQTT, so let's drop + these items from the caveats. + + Signed-off-by: Bastian Krause <bst@pengutronix.de> + + Closes #7474 + +- [Oleg Pudeyev brought this change] + + CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" + + Closes #7470 + Version 7.78.0 (21 Jul 2021) Daniel Stenberg (21 Jul 2021) @@ -192,7 +1844,7 @@ Daniel Stenberg (18 Jul 2021) Closes #7411 Closes #7412 -- [MAntoniak brought this change] +- [Michał Antoniak brought this change] lib: fix compiler warnings with CURL_DISABLE_NETRC @@ -279,7 +1931,7 @@ Daniel Stenberg (18 Jul 2021) Fixes #7415 Closes #7417 -- [MAntoniak brought this change] +- [Michał Antoniak brought this change] mbedtls: Remove unnecessary include @@ -3040,7 +4692,7 @@ Daniel Stenberg (4 May 2021) Closes #6960 -- [MAntoniak brought this change] +- [Michał Antoniak brought this change] gskit: fix CURL_DISABLE_PROXY build @@ -3050,7 +4702,7 @@ Daniel Stenberg (4 May 2021) Closes #6981 -- [MAntoniak brought this change] +- [Michał Antoniak brought this change] gskit: fix undefined reference to 'conn' @@ -6622,1470 +8274,3 @@ Daniel Stenberg (20 Jan 2021) Closes #6473 - gopher: remove accidental conn->data leftover - -- libssh: avoid plain free() of libssh-memory - - Since curl's own memory debugging system redefines free() calls to track - and fiddle with memory, it cannot be used on memory allocated by 3rd - party libraries. - - Third party libraries SHOULD NOT require free() to release allocated - resources for this reason - and libs can use separate healp allocators - on some systems (like Windows) so free() doesn't necessarily work - anyway. - - Filed as an issue with libssh: https://bugs.libssh.org/T268 - - Closes #6481 - -- send: assert that Curl_write_plain() has a ->conn when called - - To help catch bad invokes. - - Closes #6476 - -- test410: verify HTTPS GET with a 49K request header - - skip test 410 for mesalink in the CI as it otherwise hangs "forever" - -- lib: pass in 'struct Curl_easy *' to most functions - - ... in most cases instead of 'struct connectdata *' but in some cases in - addition to. - - - We mostly operate on transfers and not connections. - - - We need the transfer handle to log, store data and more. Everything in - libcurl is driven by a transfer (the CURL * in the public API). - - - This work clarifies and separates the transfers from the connections - better. - - - We should avoid "conn->data". Since individual connections can be used - by many transfers when multiplexing, making sure that conn->data - points to the current and correct transfer at all times is difficult - and has been notoriously error-prone over the years. The goal is to - ultimately remove the conn->data pointer for this reason. - - Closes #6425 - -Emil Engler (17 Jan 2021) -- docs: fix typos in NEW-PROTOCOL.md - - This fixes a misspelled "it" and a grammatically wrong "-ing" suffix. - - Closes #6471 - -Daniel Stenberg (16 Jan 2021) -- RELEASE-NOTES: synced - -Jay Satiro (16 Jan 2021) -- [Razvan Cojocaru brought this change] - - cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG - - This does for cmake builds what --disable-openssl-auto-load-config - does for autoconf builds. - - Closes https://github.com/curl/curl/pull/6435 - -Daniel Stenberg (15 Jan 2021) -- test1918: verify curl_easy_option_by_name() and curl_easy_option_by_id() - - ... and as a practical side-effect, make sure that the - Curl_easyopts_check() function is asserted in debug builds, which we - want to detect mismatches between the options list in easyoptions.c and - the options in curl.h - - Found-by: Gisle Vanem - Bug: https://github.com/curl/curl/commit/08e8455dddc5e48e58a12ade3815c01ae3da3b64#commitcomment-45991815 - - Closes #6461 - -- [Gisle Vanem brought this change] - - easyoptions: add the missing AWS_SIGV4 - - Follow-up from AWS_SIGV4 - -- schannel_verify: fix safefree call typo - - Follow-up from e87ad71d1ba00519 - - Closes #6459 - -- mime: make sure setting MIMEPOST to NULL resets properly - - ... so that a function can first use MIMEPOST and then set it to NULL to - reset it back to a blank POST. - - Added test 584 to verify the fix. - - Reported-by: Christoph M. Becker - - Fixes #6455 - Closes #6456 - -- multi: set the PRETRANSFER time-stamp when we switch to PERFORM - - ... instead of at end of the DO state. This makes the timer more - accurate for the protocols that use the DOING state (such as FTP), and - simplifies how the function (now called init_perform) is called. - - The timer will then include the entire procedure up to PERFORM - - including all instructions for getting the transfer started. - - Closes #6454 - -- CURLINFO_PRETRANSFER_TIME.3: clarify - - ... the timer *does* include the instructions for getting the remote - file. - - Ref: #6452 - Closes #6453 - -- [Gisle Vanem brought this change] - - schannel: plug a memory-leak - - ... when built without -DUNICODE. - - Closes #6457 - -Jay Satiro (14 Jan 2021) -- gitattributes: Set batch files to CRLF line endings on checkout - - If a batch file is run without CRLF line endings (ie LF-only) then - arbitrary behavior may occur. I consider that a bug in Windows, however - the effects can be serious enough (eg unintended code executed) that - we're fixing it in the repo by requiring CRLF line endings for batch - files on checkout. - - Prior to this change the checked-out line endings of batch files were - dependent on a user's git preferences. On Windows it is common for git - users to have automatic CRLF conversion enabled (core.autocrlf true), - but those users that don't would run into this behavior. - - For example a user has reported running the Visual Studio project - generator batch file (projects/generate.bat) and it looped forever. - Output showed that the Windows OS interpreter was occasionally jumping - to arbitrary points in the batch file and executing commands. This - resulted in unintended files being removed (a removal sequence called) - and looping forever. - - Ref: https://serverfault.com/q/429594 - Ref: https://stackoverflow.com/q/232651 - Ref: https://www.dostips.com/forum/viewtopic.php?t=8988 - Ref: https://git-scm.com/docs/gitattributes#_checking_out_and_checking_in - Ref: https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration#_core_autocrlf - - Bug: https://github.com/curl/curl/discussions/6427 - Reported-by: Ganesh Kamath - - Closes https://github.com/curl/curl/pull/6442 - -Daniel Stenberg (14 Jan 2021) -- tool_operate: spellfix a comment - -- ROADMAP: refreshed - - o removed HSTS - already implemented - o added HTTPS RR records - o mention HTTP/3 completion - -- http_chunks: remove Curl_ prefix from static functions - -- transfer: remove Curl_ prefix from static functions - -- tftp: remove Curl_ prefix from static functions - -- multi: remove Curl_ prefix from static functions - -- ldap: remove Curl_ prefix from static functions - -- doh: remove Curl_ prefix from static functions - -- asyn-ares: remove Curl_ prefix from static functions - -- vtls: remove Curl_ prefix from static functions - -- bearssl: remove Curl_ prefix from static functions - -- mbedtls: remove Curl_ prefix from static functions - -- wolfssl: remove Curl_ prefix from static functions - -- nss: remove Curl_ prefix from static functions - -- gnutls: remove Curl_ prefix from static functions - -- openssl: remove Curl_ prefix from static functions - - ... as we reserve this prefix to library-wide functions. - - Closes #6443 - -- nss: get the run-time version instead of build-time - - Closes #6445 - -Jay Satiro (12 Jan 2021) -- tool_doswin: Restore original console settings on CTRL signal - - - Move Windows terminal init code from tool_main to tool_doswin. - - - Restore the original console settings on CTRL+C and CTRL+BREAK. - - Background: On Windows the curl tool changes the console settings to - enable virtual terminal processing (eg color output) if supported - (ie Win 10). The original settings are restored on exit but prior to - this change were not restored in the case of the CTRL signals. - - Windows VT behavior varies depending on console/powershell/terminal; - refer to the discussion in #6226. - - Assisted-by: Rich Turner - - Closes https://github.com/curl/curl/pull/6226 - -Daniel Stenberg (12 Jan 2021) -- gen.pl: fix perl syntax - - Follow-up to 324cf1d2e - -- [Emil Engler brought this change] - - help: update to current codebase - - This commit bumps the help to the current state of the project. - - Closes #6437 - -- [Emil Engler brought this change] - - docs: fix line length bug in gen.pl - - The script warns if the length of $opt and $desc is > 78. However, these - two variables are on totally separate lines so the check makes no sense. - Also the $bitmask field is totally forgotten. Currently this leads to - two warnings within `--resolve` and `--aws-sigv4`. - - Closes #6438 - -- [Emil Engler brought this change] - - docs: fix wrong documentation in help.d - - curl does not list all categories when you invoke "--help" without any - parameters. - - Closes #6436 - -- aws-sigv4.d: polish the wording - - Make it shorter and imperative form - - Closes #6439 - -- [Fabian Keil brought this change] - - misc: fix typos - - Bug: https://curl.se/mail/lib-2021-01/0063.html - Closes #6434 - -- multi_runsingle: bail out early on data->conn == NULL - - As that's a significant error condition and scan-build warns for NULL - pointer dereferences if we don't. - - Closes #6433 - -- multi: skip DONE state if there's no connection left for ftp wildcard - - ... to avoid running in that state with data->conn being NULL. - -- libssh2: fix "Value stored to 'readdir_len' is never read" - - Detected by scan-build - -- connect: mark intentional ignores of setsockopt return values - - Pointed out by Coverity - - Closes #6431 - -Jay Satiro (11 Jan 2021) -- http_proxy: Fix CONNECT chunked encoding race condition - - - During the end-of-headers response phase do not mark the tunnel - complete unless the response body was completely parsed/ignored. - - Prior to this change if the entirety of a CONNECT response with chunked - encoding was not received by the time the final header was parsed then - the connection would be marked done prematurely, before all the chunked - data could be read in and ignored (since this is what we do with any - CONNECT response body) and the connection could not be used. - - Bug: https://curl.se/mail/lib-2021-01/0033.html - Reported-by: Fabian Keil - - Closes https://github.com/curl/curl/pull/6432 - -Daniel Stenberg (11 Jan 2021) -- RELEASE-NOTES: synced - -- url: if IDNA conversion fails, fallback to Transitional - - This improves IDNA2003 compatiblity. - - Reported-by: Bubu on github - Fixes #6423 - Closes #6428 - -- travis: make the Hyper build from its master branch - - Closes #6430 - -- http: make 'authneg' also work for Hyper - - When doing a request with a request body expecting a 401/407 back, that - initial request is sent with a zero content-length. Test 177 and more. - - Closes #6424 - -Jay Satiro (8 Jan 2021) -- cmake: Add an option to disable libidn2 - - New option USE_LIBIDN2 defaults to ON for libidn2 detection. Prior to - this change libidn2 detection could not be turned off in cmake builds. - - Reported-by: William A Rowe Jr - - Fixes https://github.com/curl/curl/issues/6361 - Closes https://github.com/curl/curl/pull/6362 - -Daniel Stenberg (8 Jan 2021) -- HYPER: no longer needs the special branch - -- test179: use consistent header line endings - - ... to make "Hyper mode" work better. - -- file: don't provide content-length for directories - - ... as it is misleading. - - Ref #6379 - Closes #6421 - -- TODO: Directory listing for FILE: - - Ref #6379 - -- curl.h: add CURLPROTO_GOPHERS as own protocol identifier - - Follow-up to a1f06f32b860, to make sure it can be handled separately - from plain gopher. - - Closes #6418 - -- http: have CURLOPT_FAILONERROR fail after all headers - - ... so that Retry-After and other meta-content can still be used. - - Added 1634 to verify. Adjusted test 194 and 281 since --fail now also - includes the header-terminating CRLF in the output before it exits. - - Fixes #6408 - Closes #6409 - -- global_init: debug builds allocates a byte in init - - ... to make build tools/valgrind warn if no curl_global_cleanup is - called. - - This is conditionally only done for debug builds with the env variable - CURL_GLOBAL_INIT set. - - Closes #6410 - -- lib/unit tests: add missing curl_global_cleanup() calls - -- travis: adapt to Hyper build change - - Closes #6419 - -- pretransfer: setup the User-Agent header here - - ... and not in the connection setup, as for multiplexed transfers the - connection setup might be skipped and then the transfer would end up - without the set user-agent! - - Reported-by: Flameborn on github - Assisted-by: Andrey Gursky - Assisted-by: Jay Satiro - Assisted-by: Mike Gelfand - Fixes #6312 - Closes #6417 - -- test66: disable with Hyper - - ...as Hyper doesn't support HTTP/0.9 - -- c-hyper: poll the tasks until end correctly - - ... makes test 36 work. - - Closes #6412 - -- [Gergely Nagy brought this change] - - mk-ca-bundle.pl: deterministic output when using -t - - Printing trust purposes are now sorted, making the output deterministic - when running on the same input certdata.txt. - - Closes #6413 - -- KNOWN_BUGS: fixed "wolfSSL lacks support for renegotiation" - - Fixed by #6411 - -- [Himanshu Gupta brought this change] - - wolfssl: add SECURE_RENEGOTIATION support - - Closes #6411 - -- RELEASE-NOTES: synced - -- wolfssl: update copyright year range - - Follow-up to 7de2e96535e9 - -- c-hyper: make CURLE_GOT_NOTHING work - - Test 30 - - Closes #6407 - -- http_proxy: make CONNECT work with the Hyper backend - - Makes test 80 run - - Closes #6406 - -- TODO: --fail-with-body perchance? - -Jay Satiro (4 Jan 2021) -- tool_operate: fix the suppression logic of some error messages - - - Fix the failed truncation and failed writing body error messages to - not be shown unless error messages are shown. (ie the user has - specified -sS, or has not specified -s). - - - Also prefix same error messages with "curl: ", for example: - curl: (23) Failed to truncate, exiting - - Prior to this change the failed truncation error messages would be shown - if not -s, but did not account for -sS which should show. - - Prior to this change the failed writing body error messages would be - shown always. - - Ref: https://curl.se/docs/manpage.html#-S - - Bug: https://curl.se/mail/archive-2020-12/0017.html - Reported-by: Hongyi Zhao - - Closes https://github.com/curl/curl/pull/6402 - -- wolfssl: Support wolfSSL builds missing TLS 1.1 - - The wolfSSL TLS library defines NO_OLD_TLS in some of their build - configurations and that causes the library to be built without TLS 1.1. - For example if MD5 is explicitly disabled when building wolfSSL then - that defines NO_OLD_TLS and the library is built without TLS 1.1 [1]. - - Prior to this change attempting to build curl with a wolfSSL that was - built with NO_OLD_TLS would cause a build link error undefined reference - to wolfTLSv1_client_method. - - [1]: https://github.com/wolfSSL/wolfssl/blob/v4.5.0-stable/configure.ac#L2366 - - Bug: https://curl.se/mail/lib-2020-12/0121.html - Reported-by: Julian Montes - - Closes https://github.com/curl/curl/pull/6388 - -Daniel Stenberg (4 Jan 2021) -- test1633: set appropriate name - - "--retry with a 429 response and Retry-After:" - -- travis: limit the tests with quiche builds to HTTPS and FTPS only - - ... since it runs into the 50 minute time limit too often otherwise. - - Closes #6403 - -- HISTORY: added dates to early history - - Mostly thanks to this archived web page for urlget: - - https://web.archive.org/web/19980216125115/http://www.inf.ufrgs.br/~sagula/urlget.html - -- httpauth: make multi-request auth work with custom port - - When doing HTTP authentication and a port number set with CURLOPT_PORT, - the code would previously have the URL's port number override as if it - had been a redirect to an absolute URL. - - Added test 1568 to verify. - - Reported-by: UrsusArctos on github - Fixes #6397 - Closes #6400 - -- [Emil Engler brought this change] - - language: s/behaviour/behavior/g - - We currently use both spellings the british "behaviour" and the american - "behavior". However "behavior" is more used in the project so I think - it's worth dropping the british name. - - Closes #6395 - -- cmdline-opts/retry.d: mention response code 429 as well - - Reported-by: Cherish98 - Bug: https://curl.se/mail/archive-2020-12/0018.html - -- docs/HYPER.md: mention outstanding issues - - To make it more obvious to users what doesn't work (yet) - - Closes #6389 - -- COPYING/configure: bump copyright year range - -- c-hyper: add timecondition to the request - - Test 77-78 - - Closes #6391 - -- c-hyper: make Digest and NTLM work - - Test 64, 65, 67, 68, 69, 70, 72 - - Closes #6390 - -- examples/curlgtk.c: fix the copyright year range - - ... and make private functions static. - -- [Olaf Hering brought this change] - - docs/examples: adjust prototypes for CURLOPT_READFUNCTION - - The type of the buffer in curl_read_callback is 'char *', not 'void *'. - - Signed-off-by: Olaf Hering <olaf@aepfle.de> - Closes #6392 - -- examples: fix more empty expression statement has no effect - - Follow-up to 26e46617b9 - -- cleanup: fix two empty expression statement has no effect - - Follow-up to 26e46617b9 - -- configure: set -Wextra-semi-stmt for clang with --enable-debug - - To have it properly complain on empty statements with no effect. - - Ref: #6376 - Closes #6378 - -- tests/unit: fix empty statements with no effect - - ... by making macros use "do {} while(0)" - -- [Paul Groke brought this change] - - dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries - - Extend the syntax of CURLOPT_RESOLVE strings: allow using a '+' prefix - (similar to the existing '-' prefix for removing entries) to add - DNS cache entries that will time out just like entries that are added - by libcurl itself. - - Append " (non-permanent)" to info log message in case a non-permanent - entry is added. - - Adjust relevant comments to reflect the new behavior. - - Adjust documentation. - - Extend unit1607 to test the new functionality. - - Closes #6294 - -- schannel: fix "empty expression statement has no effect" - - Bug: https://github.com/curl/curl/commit/8ab78f720ae478d533e30b202baec4b451741579#commitcomment-45445950 - Reported-by: Gisle Vanem - Closes #6381 - -- [Denis Laxalde brought this change] - - docs: remove redundant "better" in --fail help - - Closes #6385 - -- [Kevin Ushey brought this change] - - curl.1: fix typo microsft -> microsoft - - Closes #6380 - -- [XhmikosR brought this change] - - misc: assorted typo fixes - - Closes #6375 - -- RELEASE-NOTES: synced - -- tool_operate: avoid NULL dereference of first_arg - - Follow-up to 6a5e020d4d2b04a - Identified by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28999 - Closes #6377 - -- misc: fix "warning: empty expression statement has no effect" - - Turned several macros into do-while(0) style to allow their use to work - find with semicolon. - - Bug: https://github.com/curl/curl/commit/08e8455dddc5e48e58a12ade3815c01ae3da3b64#commitcomment-45433279 - Follow-up to 08e8455dddc5e4 - Reported-by: Gisle Vanem - Closes #6376 - -- KNOWN_BUGS: 6.10 curl never completes Negotiate over HTTP - - Closes #5235 - Closes #6370 - -- writeout: fix NULL dereference for "this url" - - Detected by torture test 1029 - - Follow-up to 7a90ddf88f5a - - Closes #6374 - -- failf: remove newline from formatting strings - - ... as failf adds one itself. - - Also: add an assert() to failf() that triggers on a newline in the - format string! - - Closes #6365 - -- [XhmikosR brought this change] - - CI: fix warning with the latest versions - - `git checkout HEAD^2` is no longer needed - - Closes #6369 - -- INSTALL: update the list known OSes and CPU archs curl has run on - - Closes #6366 - -- [Cherish98 brought this change] - - curl: fix handling of -q option - - The match of the "-q" option (short for "--disable") should: - a) allow concatenation with other single-letters; and - b) be case-sensitive, lest confusing with "-Q" ("--quote") - - Closes #6364 - -- tests/badsymbols.pl: ignore stand-alone single hash lines - - Bug: https://curl.se/mail/lib-2020-12/0084.html - Reported-by: Dennis Clarke - Assisted-by: Jay Satiro - - Closes #6355 - -- curl_easy_pause.3: add multiplexed pause effects - - and generally refresh and update. Remove details for ancient versions. - - Reviewed-by: Jay Satiro - Closes #6360 - -Jay Satiro (22 Dec 2020) -- curl_easy_pause.3: fix man page reference - - Follow-up to ac9a724 from earlier today. - - Ref: https://github.com/curl/curl/pull/6359 - -Daniel Stenberg (22 Dec 2020) -- EXPERIMENTAL: add the Hyper backend to the list - - ... of current experimental features in curl. - -- speedcheck: exclude paused transfers - - Paused transfers should not be stopped due to slow speed even when - CURLOPT_LOW_SPEED_LIMIT is set. Additionally, the slow speed timer is - now reset when the transfer is unpaused - as otherwise it would easily - just trigger immediately after unpausing. - - Reported-by: Harry Sintonen - Fixes #6358 - Closes #6359 - -- h2: do not wait for RECV on paused transfers - - ... as the socket might be readable all the time when paused and thus - causing a busy-loop. - - Reported-by: Harry Sintonen - Reviewed-by: Jay Satiro - Fixes #6356 - Closes #6357 - -- RELEASE-NOTES: synced - -- cmdline-opts/gen.pl: return hard on errors - - ... as the warnings tend to go unnoticed otherwise! - - Closes #6354 - -- examples/libtest: add .checksrc to dist - - ... so that (auto)builds from tarballs also get the correct instructions. - - Fixes #6176 - Closes #6353 - -- test: verify new --write-out variables - - Extended test 1029 and added 1188 - -- test970: adapted to the new internal order of variables - -- curl: add variables to --write-out - - In particular, these ones can help a user to create its own error - message when one or transfers fail. - - writeout: add 'onerror', 'url', 'urlnum', 'exitcode', 'errormsg' - - onerror - lets a user only show the rest on non-zero exit codes - - url - the input URL used for this transfer - - urlnum - the numerical URL counter (0 indexed) for this transfer - - exitcode - the numerical exit code for the transfer - - errormsg - obvious - - Reported-by: Earnestly on github - Fixes #6199 - Closes #6207 - -- [Matthias Gatto brought this change] - - tests: add very simple AWS HTTP v4 Signature test - - Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> - -- [Matthias Gatto brought this change] - - docs: add AWS HTTP v4 Signature - -- [Matthias Gatto brought this change] - - tool: add AWS HTTP v4 Signature support - - Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> - -- [Matthias Gatto brought this change] - - http: Make the call to v4 signature - - This patch allow to call the v4 signature introduce in previous commit - - Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> - -- [Matthias Gatto brought this change] - - http: introduce AWS HTTP v4 Signature - - It is a security process for HTTP. - - It doesn't seems to be standard, but it is used by some cloud providers. - - Aws: - https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html - Outscale: - https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request - GCP (I didn't test that this code work with GCP though): - https://cloud.google.com/storage/docs/access-control/signing-urls-manually - - most of the code is in lib/http_v4_signature.c - - Information require by the algorithm: - - The URL - - Current time - - some prefix that are append to some of the signature parameters. - - The data extracted from the URL are: the URI, the region, - the host and the API type - - example: - https://api.eu-west-2.outscale.com/api/latest/ReadNets - ~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ - ^ ^ ^ - / \ URI - API type region - - Small description of the algorithm: - - make canonical header using content type, the host, and the date - - hash the post data - - make canonical_request using custom request, the URI, - the get data, the canonical header, the signed header - and post data hash - - hash canonical_request - - make str_to_sign using one of the prefix pass in parameter, - the date, the credential scope and the canonical_request hash - - compute hmac from date, using secret key as key. - - compute hmac from region, using above hmac as key - - compute hmac from api_type, using above hmac as key - - compute hmac from request_type, using above hmac as key - - compute hmac from str_to_sign using above hmac as key - - create Authorization header using above hmac, prefix pass in parameter, - the date, and above hash - - Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> - - Closes #5703 - -- [Matthias Gatto brought this change] - - http: add hmac support for sha256 - - It seems current hmac implementation use md5 for the hash, - V4 signature require sha256, so I've added the needed struct in - this commit. - - I've added the functions that do the hmac in v4 signature file - as a static function ,in the next patch of the serie, - because it's used only by this file. - - Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com> - -- [Cristian Rodríguez brought this change] - - connect: on linux, enable reporting of all ICMP errors on UDP sockets - - The linux kernel does not report all ICMP errors back to userspace due - to historical reasons. - - IP*_RECVERR sockopt must be turned on to have the correct behaviour - which is to pass all ICMP errors to userspace. - - See https://bugzilla.kernel.org/show_bug.cgi?id=202355 - - Closes #6341 - -- curl: add --create-file-mode [mode] - - This option sets the (octal) mode to use for the remote file when one is - created, using the SFTP, SCP or FILE protocols. When not set, the - default is 0644. - - Closes #6244 - -- c-hyper: fix compiler warnings - - Identified by clang on windows. - - Reported-by: Gisle Vanem - Bug: 58974d25d8173aec154e593ed9d866da566c9811 - - Closes #6351 - -- KNOWN_BUGS: Remote recursive folder creation with SFTP - - Closes #5204 - -Jay Satiro (20 Dec 2020) -- badsymbols.pl: Add verbose mode -v - - Use -v as the first option to enable verbose mode which will show source - input, extracted symbol and line info. For example: - - Source: ./../include/curl/typecheck-gcc.h - Symbol: curlcheck_socket_info(info) - Line #423: #define curlcheck_socket_info(info) \ - - Ref: https://curl.se/mail/lib-2020-12/0084.html - - Closes https://github.com/curl/curl/pull/6349 - -- KNOWN_BUGS: Secure Transport disabling hostname validation also disables SNI - - That behavior is a limitation of Apple's Secure Transport. - - Reported-by: Cory Benfield - Reported-by: Ian Spence - Confirmed-by: Nick Zitzmann - - Ref: https://github.com/curl/curl/issues/998 - - Closes https://github.com/curl/curl/issues/6347 - Closes https://github.com/curl/curl/pull/6348 - -Daniel Stenberg (18 Dec 2020) -- TODO: alt-svc should fallback if alt-svc doesn't work - - Closes #4908 - -- travis: restrict the openssl3 job to only run https and ftps tests - - ... as it runs too long otherwise and the other tests are verified in - other builds anyway. - - Closes #6345 - -- build: repair http disabled but mqtt enabled build - - ... as the mqtt code reuses the "method" originally used for HTTP. - - Closes #6344 - -- [Jon Wilkes brought this change] - - cookie: avoid the C1001 internal compiler error with MSVC 14 - - Fixes #6112 - Closes #6135 - -- RELEASE-NOTES: synced - -- mqtt: handle POST/PUBLISH without a set POSTFIELDSIZE - - Detected by OSS-Fuzz - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735 - - Added test 1916 and 1917 to verify. - - Closes #6338 - -- travis: add CI job for Hyper build - -- tests: updated tests for Hyper - -- lib: introduce c-hyper for using Hyper - - ... as an alternative HTTP backend within libcurl. - -- tool_setopt: provide helper output in debug builds - - ... for when setopt() returns error. - -- setopt: adjust to Hyper and disabled HTTP builds - -- rtsp: disable if Hyper is used - -- getinfo: build with disabled HTTP support - -- version: include hyper version - -- docs: add HYPER.md - -- configure: add --with-hyper - - As the first (optional) HTTP backend alternative instead of native - - Close #6110 - -- test1522: add debug tracing - - I used this to track down some issues and I figured I could just as well - keep this extra logging in here for future needs. - - Closes #6331 - -- http: show the request as headers even when split-sending - - When the initial request isn't possible to send in its entirety, the - remainder of request would be delivered to the debug callback as data - and would wrongly be counted internally as body-bytes sent. - - Extended test 1295 to verify. - - Closes #6328 - -- multi: when erroring in TOOFAST state, act as for PERFORM - - When failing in TOOFAST, the multi_done() wasn't called so the same - cleanup and handling wasn't done like when it fails in PERFORM, which in - the case of FTP could mean that the control connection wouldn't be - marked as "dead" for the CURLE_ABORTED_BY_CALLBACK case. Which caused - ftp_disconnect() to use it to send "QUIT", which could end up waiting - for a response a long time before giving up! - - Reported-by: Tomas Berger - Fixes #6333 - Closes #6337 - -- cmake: enable gophers correctly in curl-config - - Closes #6336 - -- test1198/9: add two mqtt publish tests without payload lengths - - Closes #6335 - -- tests/mqttd: extract the client id from the correct offset - - Closes #6334 - -- TODO: Prevent terminal injection when writing to terminal - - Closes #6150 - -- Revert "CI/github: work-around for brew breakage on macOS" - - This reverts commit 4cbb17a2cbbbe6337142d39479e21c3990b9c22f. - - ... as the work-around now causes failures. - - Closes #6332 - -- examples: remove superfluous asterisk uses - - ... for function pointers. Breaks in ancient compilers. - -- RELEASE-NOTES: synced - -- test1272: fix line ending - - Follow-up to f24784f9143 - -- URL-SYNTAX: add gophers details - -- test1272: test gophers - -- runtests: add support for gophers, gopher over TLS - -- [parazyd brought this change] - - gopher: Implement secure gopher protocol. - - This commit introduces a "gophers" handler inside the gopher protocol if - USE_SSL is defined. This protocol is no different than the usual gopher - prococol, with the added TLS encapsulation upon connecting. The protocol - has been adopted in the gopher community, and many people have enabled - TLS in their gopher daemons like geomyidae(8), and clients, like clic(1) - and hurl(1). - - I have not implemented test units for this protocol because my knowledge - of Perl is sub-par. However, for someone more knowledgeable it might be - fairly trivial, because the same test that tests the plain gopher - protocol can be used for "gophers" just by adding a TLS listener. - - Signed-off-by: parazyd <parazyd@dyne.org> - - Closes #6208 - -- TODO: Package curl for Windows in a signed installer - - Closes #5424 - -- mqtt: deal with 0 byte reads correctly - - OSS-Fuzz found it - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28676 - - Closes #6327 - -- BUG-BOUNTY: minor language update - - ... and remove the wording about entries from before 2019 as the "within - 12 months" is still there and covers that. - - Closes #6318 - -- tooĺ_writeout: fix the -w time output units - - Fix regression from commit fc813f80e1bcac (#6248) that changed the unit - to microseconds instead of seconds with fractions - - Reported-by: 不确定 - Fixes #6321 - Closes #6322 - -- quiche: remove fprintf() leftover - -Jay Satiro (14 Dec 2020) -- KNOWN_BUGS: SHA-256 digest not supported in Windows SSPI builds - - Closes https://github.com/curl/curl/issues/6302 - -- digest_sspi: Show InitializeSecurityContext errors in verbose mode - - The error is shown with infof rather than failf so that the user will - see the extended error message information only in verbose mode, and - will still see the standard CURLE_AUTH_ERROR message. For example: - - --- - - * schannel: InitializeSecurityContext failed: SEC_E_QOP_NOT_SUPPORTED - (0x8009030A) - The per-message Quality of Protection is not supported by - the security package - * multi_done - * Connection #1 to host 127.0.0.1 left intact - curl: (94) An authentication function returned an error - - --- - - Ref: https://github.com/curl/curl/issues/6302 - - Closes https://github.com/curl/curl/pull/6315 - -Daniel Stenberg (13 Dec 2020) -- URL-SYNTAX: add default port numbers and IDNA details - - Closes #6316 - -- URL-SYNTAX: mention how FILE:// access can access network on windows - - Closes #6314 - -Jay Satiro (12 Dec 2020) -- URL-SYNTAX: Document default SMTP port 25 - - Note that ports 25 and 587 are common ports for smtp, the former being - the default. - - Closes https://github.com/curl/curl/pull/6310 - -Daniel Stenberg (12 Dec 2020) -- CURLOPT_URL.3: remove scheme specific details - - ... that are now found in URL-SYNTAX.md - - Closes #6307 - -Dan Fandrich (12 Dec 2020) -- docs: Fix some typos - - [skip ci] - -Daniel Stenberg (12 Dec 2020) -- URL-SYNTAX: mention all supported schemes - - Closes #6311 - -- [Douglas R. Reno brought this change] - - URL-SYNTAX.md: minor language improvements - - Closes #6308 - -- docs/URL-SYNTAX: the URL syntax curl accepts and works with - - Closes #6285 - -- [0xflotus brought this change] - - docs: enable syntax highlighting in several docs files - - ... for better readability - - Closes #6286 - -- test1564/1565: require the 'wakeup' feature to run - - Fixes #6299 - Fixes #6300 - Closes #6301 - -- runtests: add 'wakeup' as a feature - -- tests/server/disabled: add "wakeup" - - To allow the test suite to know if wakeup support is disabled in the - build. - -- lib1564/5: verify that curl_multi_wakeup returns OK - -- tests: make --libcurl tests only test FTP options if ftp enabled - - Adjust six --libcurl tests to only check the FTP option if FTP is - actually present in the build. - - Fixes #6303 - Closes #6305 - -- runtests.pl: fix "uninitialized value" warning - - follow-up to e12825c642a88774 - -- runtests: add support for %if [feature] conditions - - ... to make tests run differently or expect different results depending - on what features that are present or not in curl. - - Bonus: initial minor 'Hyper' awareness but nothing is using that yet - - Closes #6304 - -- [Jon Rumsey brought this change] - - OS400: update ccsidcurl.c - - Add 'struct' to cast and declaration of cfcdata to fix compilation - error. - - Fixes #6292 - Closes #6297 - -- ngtcp2: make it build it current master again - - Closes #6296 - -- [Cristian Rodríguez brought this change] - - connect: defer port selection until connect() time - - If supported, defer port selection until connect() time - if --interface is given and source port is 0. - - Reproducer: - - * start fast webserver on port 80 - * starve system of ephemeral ports - $ sysctl net.ipv4.ip_local_port_range="60990 60999" - - * start a curl/libcurl "crawler" - $curl --keepalive --parallel --parallel-immediate --head --interface - 127.0.0.2 "http://127.0.0.[1-254]/file[001-002].txt" - - current result: - (possible some successful data) - curl: (45) bind failed with errno 98: Address already in use - - result after patch: - (complete success or few connections failing, higlhy depending on load) - - Fail only when all the possible 4-tuple combinations are exhausted, - which is impossible to do when port is selected at bind() time becuse - the kernel does not know if socket will be listen()'ed on or connect'ed - yet. - - Closes #6295 - -- [Hans-Christian Noren Egtvedt brought this change] - - connect: zero variable on stack to silence valgrind complaint - - Valgrind will complain that ssrem buffer usage if not explicit - initialized, hence initialize it to zero. - - This completes the change intially started in commit 2c0d7212151 ('ftp: - retry getpeername for FTP with TCP_FASTOPEN') where the ssloc buffer has - a similar memset to zero. - - Signed-off-by: Hans-Christian Noren Egtvedt <hegtvedt@cisco.com> - Closes #6289 - -- RELEASE-NOTES: synced - - start over on the next release cycle - -Version 7.74.0 (9 Dec 2020) - -Daniel Stenberg (9 Dec 2020) -- RELEASE-NOTES: synced - - for 7.74.0 - -Jay Satiro (7 Dec 2020) -- [Jacob Hoffman-Andrews brought this change] - - urldata: restore comment on ssl_connect_data.use - - This comment was originally on the `use` field, but was separated from - its field in 62a2534. - - Closes https://github.com/curl/curl/pull/6287 - -Daniel Stenberg (7 Dec 2020) -- VERSIONS: refreshed - - We always use the patch number these days: all releases are - "major.minor.patch" - -- [Jakub Zakrzewski brought this change] - - cmake: don't use reserved target name 'test' - - CMake up to 3.10 always reserves this name - - Fixes #6257 - Closes #6258 - -- openssl: make the OCSP verification verify the certificate id - - CVE-2020-8286 - - Reported by anonymous - - Bug: https://curl.se/docs/CVE-2020-8286.html - -- ftp: make wc_statemach loop instead of recurse - - CVE-2020-8285 - - Fixes #6255 - Bug: https://curl.se/docs/CVE-2020-8285.html - Reported-by: xnynx on github - -- ftp: CURLOPT_FTP_SKIP_PASV_IP by default - - The command line tool also independently sets --ftp-skip-pasv-ip by - default. - - Ten test cases updated to adapt the modified --libcurl output. - - Bug: https://curl.se/docs/CVE-2020-8284.html - CVE-2020-8284 - - Reported-by: Varnavas Papaioannou - -- urlapi: don't accept blank port number field without scheme - - ... as it makes the URL parser accept "very-long-hostname://" as a valid - host name and we don't want that. The parser now only accepts a blank - (no digits) after the colon if the URL starts with a scheme. - - Reported-by: d4d on hackerone - - Closes #6283 - -- Revert "multi: implement wait using winsock events" - - This reverts commit d2a7d7c185f98df8f3e585e5620cbc0482e45fac. - - This commit also reverts the subsequent follow-ups to that commit, which - were all done within windows #ifdefs that are removed in this - change. Marc helped me verify this. - - Fixes #6146 - Closes #6281 - -- [Klaus Crusius brought this change] - - ftp: retry getpeername for FTP with TCP_FASTOPEN - - In the case of TFO, the remote host name is not resolved at the - connetion time. - - For FTP that has lead to missing hostname for the secondary connection. - Therefore the name resolution is done at the time, when FTP requires it. - - Fixes #6252 - Closes #6265 - Closes #6282 - -- [Thomas Danielsson brought this change] - - scripts/completion.pl: parse all opts - - For tab-completion it may be preferable to include all the - available options. - - Closes #6280 - -- RELEASE-NOTES: synced - -- openssl: use OPENSSL_init_ssl() with >= 1.1.0 - - Reported-by: Kovalkov Dmitrii and Per Nilsson - Fixes #6254 - Fixes #6256 - Closes #6260 - -- SECURITY-PROCESS: disclose on hackerone - - Once a vulnerability has been published, the hackerone issue should be - disclosed. For tranparency. - - Closes #6275 - -Marc Hoersken (3 Dec 2020) -- tests/util.py: fix compatibility with Python 2 - - Backporting the Python 3 implementation of setStream - to ClosingFileHandler as a fallback within Python 2. - - Reported-by: Jay Satiro - - Fixes #6259 - Closes #6270 - -Daniel Gustafsson (3 Dec 2020) -- docs: fix typos and markup in ETag manpage sections - - Reported-by: emanruse on github - Fixes #6273 - -Daniel Stenberg (2 Dec 2020) -- quiche: close the connection - - Reported-by: Junho Choi - Fixes #6213 - Closes #6217 - -Jay Satiro (2 Dec 2020) -- ngtcp2: Fix build error due to symbol name change - - - NGTCP2_CRYPTO_LEVEL_APP -> NGTCP2_CRYPTO_LEVEL_APPLICATION - - ngtcp2/ngtcp2@76232e9 changed the name. - - ngtcp2 master is required to build curl with http3 support. - - Closes https://github.com/curl/curl/pull/6271 - -Daniel Stenberg (1 Dec 2020) -- [Klaus Crusius brought this change] - - cmake: check for linux/tcp.h - - The HAVE_LINUX_TCP_H define was not set by cmake. - - Closes #6252 diff --git a/contrib/libs/curl/RELEASE-NOTES b/contrib/libs/curl/RELEASE-NOTES index 1dc81810fc..1829b78807 100644 --- a/contrib/libs/curl/RELEASE-NOTES +++ b/contrib/libs/curl/RELEASE-NOTES @@ -1,198 +1,23 @@ -curl and libcurl 7.78.0 +curl and libcurl 7.79.1 - Public curl releases: 201 + Public curl releases: 203 Command line options: 242 curl_easy_setopt() options: 290 Public functions in libcurl: 85 - Contributors: 2459 - -This release includes the following changes: - - o curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE [118] - o CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax [40] - o hostip: make 'localhost' return fixed values [16] - o mbedtls: add support for cert and key blob options [11] - o metalink: remove all support for it [54] - o mqtt: add support for username and password [91] + Contributors: 2489 This release includes the following bugfixes: - o --socks4[a]: clarify where the host name is resolved [107] - o ares: always store IPv6 addresses first [20] - o asyn-ares: remove check for 'data' in Curl_resolver_cancel [89] - o bearssl: explicitly initialize all fields of Curl_ssl [1] - o bearssl: remove incorrect const on variable that is modified [1] - o build: fix compiler warnings when CURL_DISABLE_VERBOSE_STRINGS [155] - o c-hyper: abort CONNECT response reading early on non 2xx responses [75] - o c-hyper: add support for transfer-encoding in the request [121] - o c-hyper: bail on too long response headers [115] - o c-hyper: clear NTLM auth buffer when request is issued [23] - o c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL [21] - o c-hyper: fix NTLM on closed connection tested with test159 [4] - o c-hyper: fix the uploaded field in progress callbacks [78] - o c-hyper: handle NULL from hyper_buf_copy() [19] - o c-hyper: support CURLINFO_STARTTRANSFER_TIME [29] - o c-hyper: support CURLOPT_HEADER [32] - o ccsidcurl: fix the compile errors [27] - o CI/cirrus: install impacket from PyPI instead of FreeBSD packages [166] - o CI: add bearssl build [1] - o CI: add Circle CI [92] - o CI: add jobs using Zuul [86] - o CI: delete --enable-hsts option (it is the default now) [2] - o CI: remove travis details [144] - o cleanup: spell DoH with a lowercase o [172] - o cmake: add CURL_DISABLE_NTLM option [44] - o cmake: avoid leaking absolute paths into exported config [3] - o cmake: fix IoctlSocket FIONBIO check [156] - o cmake: fix support for UnixSockets feature on Win32 [104] - o cmake: remove libssh2 feature checks [122] - o cmake: try well-known send/recv signature for Apple [12] - o configure.ac: make non-executable [109] - o configure/cmake: remove checks for many unused functions [95] - o configure: add --disable-ntlm option [45] - o configure: disable RTSP when hyper is selected [68] - o configure: do not strip out debug flags [110] - o configure: fix nghttp2 library name for static builds [157] - o configure: inhibit the implicit-fallthrough warning on gcc-12 [106] - o configure: rename get-easy-option configure option to get-easy-options [81] - o conn_shutdown: if closed during CONNECT cleanup properly [59] - o conncache: lowercase the hash key for better match [5] - o cookies: track expiration in jar to optimize removals [25] - o copyright: add boiler-plate headers to CI config files [143] - o crustls: bump crustls version and use new URL [119] - o curl.h: <sys/select.h> is supported by VxWorks7 [102] - o curl.h: include sys/select.h for NuttX RTOS [100] - o curl: ignore blank --output-dir [57] - o curl_endian: remove the unused Curl_write64_le function [85] - o curl_multibyte: Remove local encoding fallbacks [58] - o Curl_ntlm_core_mk_nt_hash: fix OOM in error path [8] - o Curl_ssl_getsessionid: fail if no session cache exists [14] - o CURLOPT_WRITEFUNCTION.3: minor update of the example [80] - o docs/BINDINGS: fix outdated links [116] - o docs/examples: use curl_multi_poll() in multi examples [152] - o docs/INSTALL: remove mentions of configure --with-darwin-ssl [55] - o docs: document missing arguments to commands [160] - o docs: fix inconsistencies in EGDSOCKET documentation [159] - o docs: fix incorrect argument name reference [161] - o docs: Fix typos [146] - o docs: make docs for --etag-save match the program behaviour [169] - o docs: use --max-redirs instead of --max-redir [28] - o doh: (void)-prefix call to curl_easy_setopt - o doh: fix wrong DEBUGASSERT for doh private_data [62] - o easy: during upkeep, attach Curl_easy to connections in the cache [171] - o examples/multi-single: fix scan-build warning [150] - o examples: length-limit two sscanf() uses of %s [96] - o examples: safer and more proper read callback logic [127] - o filecheck: quietly remove test-place/*~ [39] - o formdata: avoid "Argument cannot be negative" warning [131] - o formdata: correct typecast in curl_mime_data call [137] - o GHA: add a linux-hyper job [52] - o GHA: add several libcurl tests to the hyper job - o GHA: run the newly fixed tests with hyper [36] - o github: timeout jobs on macOS after 90 minutes [42] - o glob: pass an 'int' as len when using printf's %*s [139] - o gnutls: set the preferred TLS versions in correct order [94] - o GOVERNANCE: add 'user', 'committer' and 'contributor' [15] - o hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies [105] - o hostip: bad CURLOPT_RESOLVE syntax now returns error [35] - o hsts: ignore numberical IP address hosts [17] - o HSTS: not experimental anymore - o http2: clarify 'Using HTTP2' verbose message [63] - o http2: init recvbuf struct for pushed streams [13] - o http2_connisdead: handle trailing GOAWAY better [18] - o http: fix crash in rate-limited upload [142] - o http: make the haproxy support work with unix domain sockets [99] - o http_proxy: deal with non-200 CONNECT response with Hyper [22] - o hyper: propagate errors back up from read callbacks [113] - o HYPER: remove mentions of deprecated development branch - o idn: fix libidn2 with windows unicode builds [117] - o infof: remove newline from format strings, always append it [149] - o lib: don't compare fd to FD_SETSIZE when using poll [61] - o lib: fix compiler warnings with CURL_DISABLE_NETRC [168] - o lib: fix type of len passed to *printf's %*s [133] - o lib: more %u for port and int for %*s fixes [132] - o lib: use %u instead of %ld for port number printf [134] - o libcurl-security.3: mention file descriptors and forks [108] - o libssh2: limit time a disconnect can take to 1 second [111] - o mbedtls: make mbedtls_strerror always work [6] - o mbedtls: Remove unnecessary include [175] - o mqtt: detect illegal and too large file size [43] - o mqtt: extend the error message for no topic [136] - o msnprintf: return number of printed characters excluding null byte [148] - o multi: add scan-build-6 work-around in curl_multi_fdset [88] - o multi: alter transfer timeout ordering [97] - o multi: do not switch off connect_only flag when closing [98] - o multi: fix crash in curl_multi_wait / curl_multi_poll [153] - o netrc: skip 'macdef' definitions [87] - o ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS [83] - o openssl: avoid static variable for seed flag [101] - o openssl: don't remove session id entry in disassociate [56] - o pinnedpubkey.d: fix formatting for version support lists [126] - o proto.d: fix formatting for paragraphs after margin changes [125] - o quiche: use send() instead of sendto() to avoid macOS issue [103] - o Revert "c-hyper: handle body on HYPER_TASK_EMPTY" [26] - o Revert "ftp: Expression 'ftpc->wait_data_conn' is always false" [147] - o runtests: also find the last test in Makefile.inc [66] - o runtests: enable 'hyper mode' only for HTTP tests [34] - o runtests: init $VERSION to avoid warnings when using -l - o runtests: parse data/Makefile.inc instead of using make [38] - o runtests: skip disabled tests unless -f is used [82] - o rustls: remove native_roots fallback [65] - o schannel: set ALPN length correctly for HTTP/2 [24] - o SChannel: Use '_tcsncmp()' instead [164] - o sectransp: check for client certs by name first, then file [167] - o setopt: fix incorrect comments [10] - o socketpair: fix potential hangs [37] - o socks4: scan for the IPv4 address in resolve results [124] - o ssl: read pending close notify alert before closing the connection [9] - o sws: malloc request struct instead of using stack [60] - o telnet: fix option parser to not send uninitialized contents [170] - o test1116: hyper doesn't pass through "surprise-trailers" [123] - o test1147: hyper doesn't allow "crazy" request headers like built-in [114] - o test1151: added missing CRLF to work with hyper [120] - o test1216: adjusted for hyper mode [73] - o test1218: adjusted for hyper mode [72] - o test1230: adjust to work in hyper mode [74] - o test1340/1341: adjusted for hyper mode [71] - o test1438/1457: add HTTP keyword to make hyper mode work [70] - o test1514: add a CRLF to the response to make it correct [130] - o test1518: adjusted to work with hyper [129] - o test1519: adjusted to work with hyper [128] - o test1594/1595/1596: fix to work in hyper mode [69] - o test269: disable for hyper [33] - o test3010: work with hyper mode [67] - o test328: avoid a header-looking body to make hyper mode work [53] - o test339: CRLFify better to work in hyper mode [51] - o test347: CRLFify to work in hyper mode [50] - o test393: make Content-Length fit within 64 bit for hyper [49] - o test394: hyper returns a different error [48] - o test395: hyper cannot work around > 64 bit content-lengths like built-in [47] - o test433: adjust for hyper mode [46] - o test434: add HTTP keyword [76] - o test500: adjust to work with hyper mode - o test566: adjust to work with hyper mode [79] - o test599: adjusted to work in hyper mode [77] - o test644: remove as duplicate of test 587 [84] - o tests: fix Accept-Encoding strips to work with Hyper builds [41] - o TLS: prevent shutdown loops to get stuck [112] - o tool: make _lseeki64() macro work with the PellesC compiler [163] - o tool_help: document that --tlspassword takes a password [162] - o tool_help: remove unused define [154] - o url.c: remove two variable assigns that are never read [90] - o url: (void)-prefix a curl_url_get() call [138] - o url: bad CURLOPT_CONNECT_TO syntax now returns error [31] - o version: turn version number functions into returning void [135] - o vtls: exit addsessionid if no cache is inited [7] - o vtls: fix connection reuse checks for issuer cert and case sensitivity [165] - o vtls: only store TIMER_APPCONNECT for non-proxy connect [93] - o vtls: use free() not curl_free() [140] - o warnless: simplify type size handling [30] - o Win32: fix build with Watt-32 - o winbuild/README: VC should be set to 6 'or larger' [64] - o winbuild: support alternate nghttp2 static lib name [174] - o wolfssl: failing to set a session id is not reason to error out [151] - o write-out.d: clarify urlnum is not unique for de-globbed URLs [145] - o zuul: use the new rustls directory name [141] + o Curl_http2_setup: don't change connection data on repeat invokes [10] + o curl_multi_fdset: make FD_SET() not operate on sockets out of range [4] + o dist: provide lib/.checksrc in the tarball [6] + o FAQ: add GOPHERS + curl works on data, not files + o hsts: CURLSTS_FAIL from hsts read callback should fail transfer [8] + o hsts: handle unlimited expiry [3] + o http: fix the broken >3 digit response code detection [1] + o strerror: use sys_errlist instead of strerror on Windows [5] + o test1184: disable [9] + o tests/sshserver.pl: make it work with openssh-8.7p1 [2] This release includes the following known bugs: @@ -201,199 +26,19 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Albin Vass, Aleksander Mazur, Alexis Vachette, Alex Xu, Andrea Pappacoda, - Andrei Rybak, Bachue Zhou, Bastian Krause, Bin Lan, Bin Meng, - Christian Weisgerber, Christoph M. Becker, civodul on github, Dan Fandrich, - Daniel Gustafsson, Daniel Stenberg, David Hu, dEajL3kA on github, - Dmitry Karpov, Dmitry Kostjuchenko, Douglas R. Reno, Ebe Janchivdorj, - Fawad Mirza, Francisco Munoz, Gabriel Simmer, Gealber Morales, Gergely Nagy, - Gerrit Renker, Gisle Vanem, Gregor Jasny, Gregory Muchka, Harry Sintonen, - Hugh Macdonald, Jacob Hoffman-Andrews, Jishan Shaikh, Joel Depooter, - Jonathan Wernberg, Jon Rumsey, Josh Soref, Josie Huddleston, Jun-ya Kato, - Kevin Burke, Laurent Dufresne, Li Xinwei, MAntoniak on github, Marcel Raad, - Marc Hörsken, Mark Swaanenburg, Martin Howarth, Max Zettlmeißl, - Michael Forney, Michael Kaufmann, Mohammed Naser, nian6324 on github, - Nikos Mavrogiannopoulos, Paul Groke, Peter Körner, Phil E. Taylor, - Pierre Yager, Randolf J, Ray Satiro, Red Hat Product Security, - Richard Marion, Richard Whitehouse, Sergey Markelov, Shikha Sharma, - shithappens2016 on github, sylgal on github, Timur Artikov, Tobias Nyholm, - Tommy Chiang, User Sg, Vadim Grinshpun, Valentín Gutiérrez, Viktor Szakats, - William Desportes, Wyatt OʼDay, Xiang Xiao, Yongkang Huang, Younes El-karama, - Zhang Xiuhua, Борис Верховский, Коваленко Анатолий Викторович, - (83 contributors) + 0xee on github, Daniel Stenberg, Evangelos Foutras, Glenn de boer, + Jonathan Cardoso Machado, Kamil Dudka, Marcel Raad, Ray Satiro, + RiderALT on github, tawmoto on github, Viktor Szakats, + (11 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=7133 - [2] = https://curl.se/bug/?i=7167 - [3] = https://curl.se/bug/?i=7152 - [4] = https://curl.se/bug/?i=7154 - [5] = https://curl.se/bug/?i=7159 - [6] = https://curl.se/bug/?i=7162 - [7] = https://curl.se/bug/?i=7165 - [8] = https://curl.se/bug/?i=7164 - [9] = https://curl.se/bug/?i=7095 - [10] = https://curl.se/bug/?i=7157 - [11] = https://curl.se/bug/?i=7157 - [12] = https://curl.se/bug/?i=7158 - [13] = https://curl.se/bug/?i=7153 - [14] = https://curl.se/bug/?i=7148 - [15] = https://curl.se/bug/?i=7151 - [16] = https://curl.se/bug/?i=7039 - [17] = https://curl.se/bug/?i=7146 - [18] = https://curl.se/mail/lib-2021-06/0001.html - [19] = https://curl.se/bug/?i=7143 - [20] = https://curl.se/mail/lib-2021-06/0003.html - [21] = https://curl.se/bug/?i=7141 - [22] = https://curl.se/bug/?i=7141 - [23] = https://curl.se/bug/?i=7139 - [24] = https://curl.se/bug/?i=7138 - [25] = https://curl.se/bug/?i=7172 - [26] = https://curl.se/bug/?i=7122 - [27] = https://curl.se/bug/?i=7134 - [28] = https://curl.se/bug/?i=7130 - [29] = https://curl.se/bug/?i=7204 - [30] = https://curl.se/bug/?i=7181 - [31] = https://curl.se/bug/?i=7183 - [32] = https://curl.se/bug/?i=7204 - [33] = https://curl.se/bug/?i=7184 - [34] = https://curl.se/bug/?i=7185 - [35] = https://curl.se/bug/?i=7170 - [36] = https://curl.se/bug/?i=7205 - [37] = https://curl.se/bug/?i=7144 - [38] = https://curl.se/bug/?i=7177 - [39] = https://curl.se/bug/?i=7179 - [40] = https://curl.se/bug/?i=7175 - [41] = https://curl.se/bug/?i=7169 - [42] = https://curl.se/bug/?i=7173 - [43] = https://curl.se/bug/?i=7166 - [44] = https://curl.se/bug/?i=7028 - [45] = https://curl.se/bug/?i=7028 - [46] = https://curl.se/bug/?i=7205 - [47] = https://curl.se/bug/?i=7205 - [48] = https://curl.se/bug/?i=7205 - [49] = https://curl.se/bug/?i=7205 - [50] = https://curl.se/bug/?i=7205 - [51] = https://curl.se/bug/?i=7205 - [52] = https://curl.se/bug/?i=7206 - [53] = https://curl.se/bug/?i=7203 - [54] = https://curl.se/bug/?i=7176 - [55] = https://curl.se/mail/lib-2021-06/0008.html - [56] = https://curl.se/bug/?i=7222 - [57] = https://curl.se/bug/?i=7218 - [58] = https://curl.se/bug/?i=7257 - [59] = https://curl.se/bug/?i=7236 - [60] = https://curl.se/mail/lib-2021-06/0018.html - [61] = https://curl.se/bug/?i=7240 - [62] = https://curl.se/bug/?i=7227 - [63] = https://github.com/curl/curl/discussions/7255 - [64] = https://curl.se/bug/?i=7253 - [65] = https://curl.se/bug/?i=7250 - [66] = https://curl.se/bug/?i=7209 - [67] = https://curl.se/bug/?i=7209 - [68] = https://curl.se/bug/?i=7209 - [69] = https://curl.se/bug/?i=7209 - [70] = https://curl.se/bug/?i=7209 - [71] = https://curl.se/bug/?i=7209 - [72] = https://curl.se/bug/?i=7209 - [73] = https://curl.se/bug/?i=7209 - [74] = https://curl.se/bug/?i=7209 - [75] = https://curl.se/bug/?i=493 - [76] = https://curl.se/bug/?i=7209 - [77] = https://curl.se/bug/?i=7209 - [78] = https://curl.se/bug/?i=7209 - [79] = https://curl.se/bug/?i=7209 - [80] = https://curl.se/bug/?i=7219 - [81] = https://curl.se/bug/?i=7211 - [82] = https://curl.se/bug/?i=7212 - [83] = https://curl.se/bug/?i=6896 - [84] = https://curl.se/bug/?i=7208 - [85] = https://curl.se/bug/?i=7280 - [86] = https://curl.se/bug/?i=7245 - [87] = https://curl.se/bug/?i=7238 - [88] = https://curl.se/bug/?i=7248 - [89] = https://curl.se/bug/?i=7248 - [90] = https://curl.se/bug/?i=7248 - [91] = https://curl.se/bug/?i=7243 - [92] = https://curl.se/bug/?i=7239 - [93] = https://curl.se/bug/?i=7274 - [94] = https://curl.se/bug/?i=7277 - [95] = https://curl.se/bug/?i=7276 - [96] = https://curl.se/bug/?i=7293 - [97] = https://curl.se/bug/?i=7178 - [98] = https://curl.se/mail/lib-2021-06/0024.html - [99] = https://curl.se/bug/?i=7290 - [100] = https://curl.se/bug/?i=7287 - [101] = https://curl.se/bug/?i=7296 - [102] = https://curl.se/bug/?i=7285 - [103] = https://curl.se/bug/?i=7260 - [104] = https://curl.se/bug/?i=7034 - [105] = https://curl.se/bug/?i=7265 - [106] = https://curl.se/bug/?i=7295 - [107] = https://curl.se/bug/?i=7273 - [108] = https://curl.se/bug/?i=7270 - [109] = https://curl.se/bug/?i=7272 - [110] = https://curl.se/bug/?i=7216 - [111] = https://curl.se/bug/?i=7271 - [112] = https://curl.se/bug/?i=7271 - [113] = https://curl.se/bug/?i=7266 - [114] = https://curl.se/bug/?i=7349 - [115] = https://curl.se/bug/?i=7350 - [116] = https://curl.se/bug/?i=7301 - [117] = https://curl.se/bug/?i=7228 - [118] = https://curl.se/bug/?i=7073 - [119] = https://curl.se/bug/?i=7297 - [120] = https://curl.se/bug/?i=7350 - [121] = https://curl.se/bug/?i=7348 - [122] = https://curl.se/bug/?i=7343 - [123] = https://curl.se/bug/?i=7344 - [124] = https://curl.se/bug/?i=7345 - [125] = https://curl.se/bug/?i=7341 - [126] = https://curl.se/bug/?i=7340 - [127] = https://curl.se/bug/?i=7330 - [128] = https://curl.se/bug/?i=7333 - [129] = https://curl.se/bug/?i=7333 - [130] = https://curl.se/bug/?i=7334 - [131] = https://curl.se/bug/?i=7328 - [132] = https://curl.se/bug/?i=7329 - [133] = https://curl.se/bug/?i=7326 - [134] = https://curl.se/bug/?i=7325 - [135] = https://curl.se/bug/?i=7319 - [136] = https://curl.se/bug/?i=7316 - [137] = https://curl.se/bug/?i=7327 - [138] = https://curl.se/bug/?i=7320 - [139] = https://curl.se/bug/?i=7324 - [140] = https://curl.se/bug/?i=7318 - [141] = https://curl.se/bug/?i=7311 - [142] = https://curl.se/bug/?i=7308 - [143] = https://curl.se/bug/?i=7314 - [144] = https://curl.se/bug/?i=7313 - [145] = https://curl.se/bug/?i=7342 - [146] = https://curl.se/bug/?i=7370 - [147] = https://curl.se/mail/lib-2021-07/0025.html - [148] = https://curl.se/bug/?i=7361 - [149] = https://curl.se/bug/?i=7357 - [150] = https://curl.se/bug/?i=7360 - [151] = https://curl.se/bug/?i=7358 - [152] = https://curl.se/bug/?i=7352 - [153] = https://curl.se/bug/?i=7379 - [154] = https://curl.se/bug/?i=7380 - [155] = https://curl.se/bug/?i=7377 - [156] = https://curl.se/bug/?i=7375 - [157] = https://curl.se/bug/?i=7367 - [159] = https://curl.se/bug/?i=7391 - [160] = https://curl.se/bug/?i=7382 - [161] = https://curl.se/bug/?i=7383 - [162] = https://curl.se/bug/?i=7378 - [163] = https://curl.se/bug/?i=7397 - [164] = https://curl.se/bug/?i=7398 - [165] = https://curl.se/docs/CVE-2021-22924.html - [166] = https://curl.se/bug/?i=7418 - [167] = https://curl.se/docs/CVE-2021-22926.html - [168] = https://curl.se/bug/?i=7423 - [169] = https://curl.se/bug/?i=7429 - [170] = https://curl.se/docs/CVE-2021-22925.html - [171] = https://curl.se/bug/?i=7386 - [172] = https://curl.se/bug/?i=7413 - [174] = https://curl.se/bug/?i=7446 - [175] = https://curl.se/bug/?i=7419 + [1] = https://curl.se/bug/?i=7738 + [2] = https://curl.se/bug/?i=7724 + [3] = https://curl.se/bug/?i=7720 + [4] = https://curl.se/bug/?i=7718 + [5] = https://curl.se/bug/?i=7735 + [6] = https://curl.se/bug/?i=7733 + [8] = https://curl.se/bug/?i=7726 + [9] = https://curl.se/bug/?i=7725 + [10] = https://curl.se/bug/?i=7730 diff --git a/contrib/libs/curl/include/curl/curl.h b/contrib/libs/curl/include/curl/curl.h index 521c254e77..835c3d871b 100644 --- a/contrib/libs/curl/include/curl/curl.h +++ b/contrib/libs/curl/include/curl/curl.h @@ -25,9 +25,6 @@ /* * If you have libcurl problems, all docs and details are found here: * https://curl.se/libcurl/ - * - * curl-library mailing list subscription and unsubscription web interface: - * https://cool.haxx.se/mailman/listinfo/curl-library/ */ #ifdef CURL_NO_OLDIES diff --git a/contrib/libs/curl/include/curl/curlver.h b/contrib/libs/curl/include/curl/curlver.h index d2ccdbaf83..556a2290b0 100644 --- a/contrib/libs/curl/include/curl/curlver.h +++ b/contrib/libs/curl/include/curl/curlver.h @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.78.0" +#define LIBCURL_VERSION "7.79.1" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 78 -#define LIBCURL_VERSION_PATCH 0 +#define LIBCURL_VERSION_MINOR 79 +#define LIBCURL_VERSION_PATCH 1 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x074e00 +#define LIBCURL_VERSION_NUM 0x074f01 /* * This is the date and time when the full source package was created. The @@ -68,7 +68,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2021-07-21" +#define LIBCURL_TIMESTAMP "2021-09-22" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/contrib/libs/curl/lib/asyn-ares.c b/contrib/libs/curl/lib/asyn-ares.c index 839fabb86a..895a9e55dd 100644 --- a/contrib/libs/curl/lib/asyn-ares.c +++ b/contrib/libs/curl/lib/asyn-ares.c @@ -59,7 +59,6 @@ #include "hostip.h" #include "hash.h" #include "share.h" -#include "strerror.h" #include "url.h" #include "multiif.h" #include "inet_pton.h" @@ -80,13 +79,35 @@ #define HAVE_CARES_CALLBACK_TIMEOUTS 1 #endif +#if ARES_VERSION >= 0x010601 +/* IPv6 supported since 1.6.1 */ +#define HAVE_CARES_IPV6 1 +#endif + +#if ARES_VERSION >= 0x010704 +#define HAVE_CARES_SERVERS_CSV 1 +#define HAVE_CARES_LOCAL_DEV 1 +#define HAVE_CARES_SET_LOCAL 1 +#endif + +#if ARES_VERSION >= 0x010b00 +#define HAVE_CARES_PORTS_CSV 1 +#endif + +#if ARES_VERSION >= 0x011000 +/* 1.16.0 or later has ares_getaddrinfo */ +#if !__has_feature(memory_sanitizer) +#define HAVE_CARES_GETADDRINFO 1 +#endif +#endif + /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" struct thread_data { - int num_pending; /* number of ares_gethostbyname() requests */ + int num_pending; /* number of outstanding c-ares requests */ struct Curl_addrinfo *temp_ai; /* intermediary result while fetching c-ares parts */ int last_status; @@ -490,6 +511,8 @@ CURLcode Curl_resolver_wait_resolv(struct Curl_easy *data, return result; } +#ifndef HAVE_CARES_GETADDRINFO + /* Connects results to the list */ static void compound_results(struct thread_data *res, struct Curl_addrinfo *ai) @@ -620,7 +643,98 @@ static void query_completed_cb(void *arg, /* (struct connectdata *) */ } } } +#else +/* c-ares 1.16.0 or later */ + +/* + * ares2addr() converts an address list provided by c-ares to an internal + * libcurl compatible list + */ +static struct Curl_addrinfo *ares2addr(struct ares_addrinfo_node *node) +{ + /* traverse the ares_addrinfo_node list */ + struct ares_addrinfo_node *ai; + struct Curl_addrinfo *cafirst = NULL; + struct Curl_addrinfo *calast = NULL; + int error = 0; + + for(ai = node; ai != NULL; ai = ai->ai_next) { + size_t ss_size; + struct Curl_addrinfo *ca; + /* ignore elements with unsupported address family, */ + /* settle family-specific sockaddr structure size. */ + if(ai->ai_family == AF_INET) + ss_size = sizeof(struct sockaddr_in); +#ifdef ENABLE_IPV6 + else if(ai->ai_family == AF_INET6) + ss_size = sizeof(struct sockaddr_in6); +#endif + else + continue; + + /* ignore elements without required address info */ + if(!ai->ai_addr || !(ai->ai_addrlen > 0)) + continue; + + /* ignore elements with bogus address size */ + if((size_t)ai->ai_addrlen < ss_size) + continue; + + ca = malloc(sizeof(struct Curl_addrinfo) + ss_size); + if(!ca) { + error = EAI_MEMORY; + break; + } + + /* copy each structure member individually, member ordering, */ + /* size, or padding might be different for each platform. */ + + ca->ai_flags = ai->ai_flags; + ca->ai_family = ai->ai_family; + ca->ai_socktype = ai->ai_socktype; + ca->ai_protocol = ai->ai_protocol; + ca->ai_addrlen = (curl_socklen_t)ss_size; + ca->ai_addr = NULL; + ca->ai_canonname = NULL; + ca->ai_next = NULL; + + ca->ai_addr = (void *)((char *)ca + sizeof(struct Curl_addrinfo)); + memcpy(ca->ai_addr, ai->ai_addr, ss_size); + + /* if the return list is empty, this becomes the first element */ + if(!cafirst) + cafirst = ca; + + /* add this element last in the return list */ + if(calast) + calast->ai_next = ca; + calast = ca; + } + + /* if we failed, destroy the Curl_addrinfo list */ + if(error) { + Curl_freeaddrinfo(cafirst); + cafirst = NULL; + } + + return cafirst; +} + +static void addrinfo_cb(void *arg, int status, int timeouts, + struct ares_addrinfo *result) +{ + struct Curl_easy *data = (struct Curl_easy *)arg; + struct thread_data *res = data->state.async.tdata; + (void)timeouts; + if(ARES_SUCCESS == status) { + res->temp_ai = ares2addr(result->nodes); + res->last_status = CURL_ASYNC_SUCCESS; + ares_freeaddrinfo(result); + } + res->num_pending--; +} +#endif /* * Curl_resolver_getaddrinfo() - when using ares * @@ -658,8 +772,28 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, /* initial status - failed */ res->last_status = ARES_ENOTFOUND; -#if ARES_VERSION >= 0x010601 - /* IPv6 supported by c-ares since 1.6.1 */ +#ifdef HAVE_CARES_GETADDRINFO + { + struct ares_addrinfo_hints hints; + char service[12]; + int pf = PF_INET; + memset(&hints, 0, sizeof(hints)); +#ifdef CURLRES_IPV6 + if(Curl_ipv6works(data)) + /* The stack seems to be IPv6-enabled */ + pf = PF_UNSPEC; +#endif /* CURLRES_IPV6 */ + hints.ai_family = pf; + hints.ai_socktype = (data->conn->transport == TRNSPRT_TCP)? + SOCK_STREAM : SOCK_DGRAM; + msnprintf(service, sizeof(service), "%d", port); + res->num_pending = 1; + ares_getaddrinfo((ares_channel)data->state.async.resolver, hostname, + service, &hints, addrinfo_cb, data); + } +#else + +#ifdef HAVE_CARES_IPV6 if(Curl_ipv6works(data)) { /* The stack seems to be IPv6-enabled */ res->num_pending = 2; @@ -671,7 +805,7 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, PF_INET6, query_completed_cb, data); } else -#endif /* ARES_VERSION >= 0x010601 */ +#endif { res->num_pending = 1; @@ -680,7 +814,7 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, hostname, PF_INET, query_completed_cb, data); } - +#endif *waitp = 1; /* expect asynchronous response */ } return NULL; /* no struct yet */ @@ -701,8 +835,8 @@ CURLcode Curl_set_dns_servers(struct Curl_easy *data, if(!(servers && servers[0])) return CURLE_OK; -#if (ARES_VERSION >= 0x010704) -#if (ARES_VERSION >= 0x010b00) +#ifdef HAVE_CARES_SERVERS_CSV +#ifdef HAVE_CARES_PORTS_CSV ares_result = ares_set_servers_ports_csv(data->state.async.resolver, servers); #else @@ -732,7 +866,7 @@ CURLcode Curl_set_dns_servers(struct Curl_easy *data, CURLcode Curl_set_dns_interface(struct Curl_easy *data, const char *interf) { -#if (ARES_VERSION >= 0x010704) +#ifdef HAVE_CARES_LOCAL_DEV if(!interf) interf = ""; @@ -749,7 +883,7 @@ CURLcode Curl_set_dns_interface(struct Curl_easy *data, CURLcode Curl_set_dns_local_ip4(struct Curl_easy *data, const char *local_ip4) { -#if (ARES_VERSION >= 0x010704) +#ifdef HAVE_CARES_SET_LOCAL struct in_addr a4; if((!local_ip4) || (local_ip4[0] == 0)) { @@ -775,7 +909,7 @@ CURLcode Curl_set_dns_local_ip4(struct Curl_easy *data, CURLcode Curl_set_dns_local_ip6(struct Curl_easy *data, const char *local_ip6) { -#if (ARES_VERSION >= 0x010704) && defined(ENABLE_IPV6) +#if defined(HAVE_CARES_SET_LOCAL) && defined(ENABLE_IPV6) unsigned char a6[INET6_ADDRSTRLEN]; if((!local_ip6) || (local_ip6[0] == 0)) { diff --git a/contrib/libs/curl/lib/asyn-thread.c b/contrib/libs/curl/lib/asyn-thread.c index eee0375c02..6df0a926d9 100644 --- a/contrib/libs/curl/lib/asyn-thread.c +++ b/contrib/libs/curl/lib/asyn-thread.c @@ -68,7 +68,6 @@ #include "hostip.h" #include "hash.h" #include "share.h" -#include "strerror.h" #include "url.h" #include "multiif.h" #include "inet_ntop.h" diff --git a/contrib/libs/curl/lib/c-hyper.c b/contrib/libs/curl/lib/c-hyper.c index 361035d85a..b9180fec52 100644 --- a/contrib/libs/curl/lib/c-hyper.c +++ b/contrib/libs/curl/lib/c-hyper.c @@ -176,7 +176,7 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk) size_t len = hyper_buf_len(chunk); struct Curl_easy *data = (struct Curl_easy *)userdata; struct SingleRequest *k = &data->req; - CURLcode result; + CURLcode result = CURLE_OK; if(0 == k->bodywrites++) { bool done = FALSE; @@ -192,8 +192,20 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk) Curl_safefree(data->req.newurl); } #endif - if(data->state.hconnect && - (data->req.httpcode/100 != 2)) { + if(data->state.expect100header) { + Curl_expire_done(data, EXPIRE_100_TIMEOUT); + if(data->req.httpcode < 400) { + k->exp100 = EXP100_SEND_DATA; + if(data->hyp.exp100_waker) { + hyper_waker_wake(data->hyp.exp100_waker); + data->hyp.exp100_waker = NULL; + } + } + else { /* >= 4xx */ + k->exp100 = EXP100_FAILED; + } + } + if(data->state.hconnect && (data->req.httpcode/100 != 2)) { done = TRUE; result = CURLE_OK; } @@ -245,6 +257,9 @@ static CURLcode status_line(struct Curl_easy *data, conn->httpversion = http_version == HYPER_HTTP_VERSION_1_1 ? 11 : (http_version == HYPER_HTTP_VERSION_2 ? 20 : 10); + if(http_version == HYPER_HTTP_VERSION_1_0) + data->state.httpwant = CURL_HTTP_VERSION_1_0; + data->req.httpcode = http_status; result = Curl_http_statusline(data, conn); @@ -306,8 +321,25 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, const uint8_t *reasonp; size_t reason_len; CURLcode result = CURLE_OK; + struct SingleRequest *k = &data->req; (void)conn; + if(k->exp100 > EXP100_SEND_DATA) { + struct curltime now = Curl_now(); + timediff_t ms = Curl_timediff(now, k->start100); + if(ms >= data->set.expect_100_timeout) { + /* we've waited long enough, continue anyway */ + k->exp100 = EXP100_SEND_DATA; + k->keepon |= KEEP_SEND; + Curl_expire_done(data, EXPIRE_100_TIMEOUT); + infof(data, "Done waiting for 100-continue"); + if(data->hyp.exp100_waker) { + hyper_waker_wake(data->hyp.exp100_waker); + data->hyp.exp100_waker = NULL; + } + } + } + if(select_res & CURL_CSELECT_IN) { if(h->read_waker) hyper_waker_wake(h->read_waker); @@ -341,8 +373,7 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, hyper_task_free(task); if(t == HYPER_TASK_ERROR) { - hyper_code errnum = hyper_error_code(hypererr); - if(errnum == HYPERE_ABORTED_BY_CALLBACK) { + if(data->state.hresult) { /* override Hyper's view, might not even be an error */ result = data->state.hresult; infof(data, "hyperstream is done (by early callback)"); @@ -352,7 +383,9 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, size_t errlen = hyper_error_print(hypererr, errbuf, sizeof(errbuf)); hyper_code code = hyper_error_code(hypererr); failf(data, "Hyper: [%d] %.*s", (int)code, (int)errlen, errbuf); - if((code == HYPERE_UNEXPECTED_EOF) && !data->req.bytecount) + if(code == HYPERE_ABORTED_BY_CALLBACK) + result = CURLE_OK; + else if((code == HYPERE_UNEXPECTED_EOF) && !data->req.bytecount) result = CURLE_GOT_NOTHING; else if(code == HYPERE_INVALID_PEER_MESSAGE) result = CURLE_UNSUPPORTED_PROTOCOL; /* maybe */ @@ -367,6 +400,11 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, /* end of transfer */ *done = TRUE; infof(data, "hyperstream is done!"); + if(!k->bodywrites) { + /* hyper doesn't always call the body write callback */ + bool stilldone; + result = Curl_http_firstwrite(data, data->conn, &stilldone); + } break; } else if(t != HYPER_TASK_RESPONSE) { @@ -523,7 +561,7 @@ CURLcode Curl_hyper_header(struct Curl_easy *data, hyper_headers *headers, free(ptr); } else - Curl_debug(data, CURLINFO_HEADER_OUT, (char *)line, linelen); + Curl_debug(data, CURLINFO_HEADER_OUT, (char *)n, linelen); } numh++; n += linelen; @@ -564,6 +602,16 @@ static int uploadpostfields(void *userdata, hyper_context *ctx, { struct Curl_easy *data = (struct Curl_easy *)userdata; (void)ctx; + if(data->req.exp100 > EXP100_SEND_DATA) { + if(data->req.exp100 == EXP100_FAILED) + return HYPER_POLL_ERROR; + + /* still waiting confirmation */ + if(data->hyp.exp100_waker) + hyper_waker_free(data->hyp.exp100_waker); + data->hyp.exp100_waker = hyper_context_waker(ctx); + return HYPER_POLL_PENDING; + } if(data->req.upload_done) *chunk = NULL; /* nothing more to deliver */ else { @@ -590,9 +638,21 @@ static int uploadstreamed(void *userdata, hyper_context *ctx, { size_t fillcount; struct Curl_easy *data = (struct Curl_easy *)userdata; - CURLcode result = - Curl_fillreadbuffer(data, data->set.upload_buffer_size, &fillcount); + CURLcode result; (void)ctx; + + if(data->req.exp100 > EXP100_SEND_DATA) { + if(data->req.exp100 == EXP100_FAILED) + return HYPER_POLL_ERROR; + + /* still waiting confirmation */ + if(data->hyp.exp100_waker) + hyper_waker_free(data->hyp.exp100_waker); + data->hyp.exp100_waker = hyper_context_waker(ctx); + return HYPER_POLL_PENDING; + } + + result = Curl_fillreadbuffer(data, data->set.upload_buffer_size, &fillcount); if(result) { data->state.hresult = result; return HYPER_POLL_ERROR; @@ -627,6 +687,7 @@ static CURLcode bodysend(struct Curl_easy *data, hyper_request *hyperreq, Curl_HttpReq httpreq) { + struct HTTP *http = data->req.p.http; CURLcode result = CURLE_OK; struct dynbuf req; if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) @@ -659,6 +720,7 @@ static CURLcode bodysend(struct Curl_easy *data, result = CURLE_OUT_OF_MEMORY; } } + http->sending = HTTPSEND_BODY; return result; } @@ -677,6 +739,48 @@ static CURLcode cookies(struct Curl_easy *data, return result; } +/* called on 1xx responses */ +static void http1xx_cb(void *arg, struct hyper_response *resp) +{ + struct Curl_easy *data = (struct Curl_easy *)arg; + hyper_headers *headers = NULL; + CURLcode result = CURLE_OK; + uint16_t http_status; + int http_version; + const uint8_t *reasonp; + size_t reason_len; + + infof(data, "Got HTTP 1xx informational"); + + http_status = hyper_response_status(resp); + http_version = hyper_response_version(resp); + reasonp = hyper_response_reason_phrase(resp); + reason_len = hyper_response_reason_phrase_len(resp); + + result = status_line(data, data->conn, + http_status, http_version, reasonp, reason_len); + if(!result) { + headers = hyper_response_headers(resp); + if(!headers) { + failf(data, "hyperstream: couldn't get 1xx response headers"); + result = CURLE_RECV_ERROR; + } + } + data->state.hresult = result; + + if(!result) { + /* the headers are already received */ + hyper_headers_foreach(headers, hyper_each_header, data); + /* this callback also sets data->state.hresult on error */ + + if(empty_header(data)) + result = CURLE_OUT_OF_MEMORY; + } + + if(data->state.hresult) + infof(data, "ERROR in 1xx, bail out!"); +} + /* * Curl_http() gets called from the generic multi_do() function when a HTTP * request is to be performed. This creates and sends a properly constructed @@ -694,13 +798,13 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) hyper_request *req = NULL; hyper_headers *headers = NULL; hyper_task *handshake = NULL; - hyper_error *hypererr = NULL; CURLcode result; const char *p_accept; /* Accept: string */ const char *method; Curl_HttpReq httpreq; bool h2 = FALSE; const char *te = NULL; /* transfer-encoding */ + hyper_code rc; /* Always consider the DO phase done after this function call, even if there may be parts of the request that is not yet sent, since we can deal with @@ -804,7 +908,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } - if(data->state.httpwant == CURL_HTTP_VERSION_1_0) { + if(!Curl_use_http_1_1plus(data, conn)) { if(HYPERE_OK != hyper_request_set_version(req, HYPER_HTTP_VERSION_1_0)) { failf(data, "error setting HTTP version"); @@ -827,6 +931,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } + rc = hyper_request_on_informational(req, http1xx_cb, data); + if(rc) + return CURLE_OUT_OF_MEMORY; + result = Curl_http_body(data, conn, httpreq, &te); if(result) return result; @@ -932,24 +1040,16 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) hyper_clientconn_free(client); - do { - task = hyper_executor_poll(h->exec); - if(task) { - bool error = hyper_task_type(task) == HYPER_TASK_ERROR; - if(error) - hypererr = hyper_task_value(task); - hyper_task_free(task); - if(error) - goto error; - } - } while(task); - if((httpreq == HTTPREQ_GET) || (httpreq == HTTPREQ_HEAD)) { /* HTTP GET/HEAD download */ Curl_pgrsSetUploadSize(data, 0); /* nothing */ Curl_setup_transfer(data, FIRSTSOCKET, -1, TRUE, -1); } conn->datastream = Curl_hyper_stream; + if(data->state.expect100header) + /* Timeout count starts now since with Hyper we don't know exactly when + the full request has been sent. */ + data->req.start100 = Curl_now(); /* clear userpwd and proxyuserpwd to avoid re-using old credentials * from re-used connections */ @@ -967,15 +1067,6 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(handshake) hyper_task_free(handshake); - if(hypererr) { - uint8_t errbuf[256]; - size_t errlen = hyper_error_print(hypererr, errbuf, sizeof(errbuf)); - hyper_code code = hyper_error_code(hypererr); - failf(data, "Hyper: [%d] %.*s", (int)code, (int)errlen, errbuf); - hyper_error_free(hypererr); - if(data->state.hresult) - return data->state.hresult; - } return CURLE_OUT_OF_MEMORY; } @@ -994,6 +1085,10 @@ void Curl_hyper_done(struct Curl_easy *data) hyper_waker_free(h->write_waker); h->write_waker = NULL; } + if(h->exp100_waker) { + hyper_waker_free(h->exp100_waker); + h->exp100_waker = NULL; + } } #endif /* !defined(CURL_DISABLE_HTTP) && defined(USE_HYPER) */ diff --git a/contrib/libs/curl/lib/c-hyper.h b/contrib/libs/curl/lib/c-hyper.h index c2ab0a004e..92db694916 100644 --- a/contrib/libs/curl/lib/c-hyper.h +++ b/contrib/libs/curl/lib/c-hyper.h @@ -33,6 +33,7 @@ struct hyptransfer { hyper_waker *read_waker; const hyper_executor *exec; hyper_task *endtask; + hyper_waker *exp100_waker; }; size_t Curl_hyper_recv(void *userp, hyper_context *ctx, diff --git a/contrib/libs/curl/lib/connect.c b/contrib/libs/curl/lib/connect.c index 11e6b888b7..d61b0374e3 100644 --- a/contrib/libs/curl/lib/connect.c +++ b/contrib/libs/curl/lib/connect.c @@ -589,12 +589,10 @@ static CURLcode trynextip(struct Curl_easy *data, struct Curl_addrinfo *ai = conn->tempaddr[tempindex]; while(ai) { - if(ai) { - result = singleipconnect(data, conn, ai, tempindex); - if(result == CURLE_COULDNT_CONNECT) { - ai = ainext(conn, tempindex, TRUE); - continue; - } + result = singleipconnect(data, conn, ai, tempindex); + if(result == CURLE_COULDNT_CONNECT) { + ai = ainext(conn, tempindex, TRUE); + continue; } break; } @@ -753,10 +751,9 @@ void Curl_updateconninfo(struct Curl_easy *data, struct connectdata *conn, int local_port = -1; if(conn->transport == TRNSPRT_TCP) { - if(!conn->bits.reuse && !conn->bits.tcp_fastopen) { + if(!conn->bits.reuse && !conn->bits.tcp_fastopen) Curl_conninfo_remote(data, conn, sockfd); - Curl_conninfo_local(data, sockfd, local_ip, &local_port); - } + Curl_conninfo_local(data, sockfd, local_ip, &local_port); } /* end of TCP-only section */ /* persist connection info in session handle */ diff --git a/contrib/libs/curl/lib/curl_config-android-maps-mobile.h b/contrib/libs/curl/lib/curl_config-android-maps-mobile.h index 0a56d2496f..b2c12bee27 100644 --- a/contrib/libs/curl/lib/curl_config-android-maps-mobile.h +++ b/contrib/libs/curl/lib/curl_config-android-maps-mobile.h @@ -1017,11 +1017,6 @@ /* # undef _ALL_SOURCE */ #endif -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/contrib/libs/curl/lib/curl_config-ios-maps-mobile.h b/contrib/libs/curl/lib/curl_config-ios-maps-mobile.h index b51776686d..82352c78e6 100644 --- a/contrib/libs/curl/lib/curl_config-ios-maps-mobile.h +++ b/contrib/libs/curl/lib/curl_config-ios-maps-mobile.h @@ -1017,11 +1017,6 @@ /* # undef _ALL_SOURCE */ #endif -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/contrib/libs/curl/lib/curl_config-linux.h b/contrib/libs/curl/lib/curl_config-linux.h index 9af3db897d..244d372f8d 100644 --- a/contrib/libs/curl/lib/curl_config-linux.h +++ b/contrib/libs/curl/lib/curl_config-linux.h @@ -439,7 +439,7 @@ #define HAVE_MALLOC_H 1 /* Define to 1 if you have the memory.h header file. */ -#define HAVE_MEMORY_H 1 +/* #undef HAVE_MEMORY_H */ /* Define to 1 if you have the memrchr function or macro. */ #define HAVE_MEMRCHR 1 @@ -589,12 +589,6 @@ /* Define to 1 if you have the sigsetjmp function or macro. */ #define HAVE_SIGSETJMP 1 -/* Define to 1 if sig_atomic_t is an available typedef. */ -#define HAVE_SIG_ATOMIC_T 1 - -/* Define to 1 if sig_atomic_t is already defined as volatile. */ -/* #undef HAVE_SIG_ATOMIC_T_VOLATILE */ - /* Define to 1 if struct sockaddr_in6 has the sin6_scope_id member */ #define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1 @@ -622,6 +616,9 @@ /* Define to 1 if you have the <stdint.h> header file. */ #define HAVE_STDINT_H 1 +/* Define to 1 if you have the <stdio.h> header file. */ +#define HAVE_STDIO_H 1 + /* Define to 1 if you have the <stdlib.h> header file. */ #define HAVE_STDLIB_H 1 @@ -931,7 +928,9 @@ /* The number of bytes in type time_t */ #define SIZEOF_TIME_T SIZEOF_LONG -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #define STDC_HEADERS 1 /* Define to the type of arg 3 for strerror_r. */ @@ -1065,11 +1064,6 @@ /* # undef _ALL_SOURCE */ #endif -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/contrib/libs/curl/lib/curl_config-osx.h b/contrib/libs/curl/lib/curl_config-osx.h index 37e6f39ef3..b6694c6704 100644 --- a/contrib/libs/curl/lib/curl_config-osx.h +++ b/contrib/libs/curl/lib/curl_config-osx.h @@ -1059,11 +1059,6 @@ /* # undef _ALL_SOURCE */ #endif -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ /* #undef _FILE_OFFSET_BITS */ diff --git a/contrib/libs/curl/lib/curl_ntlm_wb.c b/contrib/libs/curl/lib/curl_ntlm_wb.c index ca9e2874a7..5a3bc3c893 100644 --- a/contrib/libs/curl/lib/curl_ntlm_wb.c +++ b/contrib/libs/curl/lib/curl_ntlm_wb.c @@ -426,7 +426,8 @@ CURLcode Curl_output_ntlm_wb(struct Curl_easy *data, struct connectdata *conn, /* Use Samba's 'winbind' daemon to support NTLM authentication, * by delegating the NTLM challenge/response protocol to a helper * in ntlm_auth. - * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html + * https://web.archive.org/web/20190925164737 + * /devel.squid-cache.org/ntlm/squid_helper_protocol.html * https://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html * https://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html * Preprocessor symbol 'NTLM_WB_ENABLED' is defined when this diff --git a/contrib/libs/curl/lib/curl_sasl.c b/contrib/libs/curl/lib/curl_sasl.c index f5ac99a68d..4a2488720e 100644 --- a/contrib/libs/curl/lib/curl_sasl.c +++ b/contrib/libs/curl/lib/curl_sasl.c @@ -630,7 +630,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, } else /* Decode the security challenge and create the response message */ - result = Curl_auth_create_gssapi_security_message(data, &serverdata, + result = Curl_auth_create_gssapi_security_message(data, + conn->sasl_authzid, + &serverdata, &conn->krb5, &resp); } @@ -639,7 +641,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data, /* Decode the security challenge and create the response message */ result = get_server_message(sasl, data, &serverdata); if(!result) - result = Curl_auth_create_gssapi_security_message(data, &serverdata, + result = Curl_auth_create_gssapi_security_message(data, + conn->sasl_authzid, + &serverdata, &conn->krb5, &resp); break; diff --git a/contrib/libs/curl/lib/curl_setup.h b/contrib/libs/curl/lib/curl_setup.h index 42aaaf8c59..27d68ba8c7 100644 --- a/contrib/libs/curl/lib/curl_setup.h +++ b/contrib/libs/curl/lib/curl_setup.h @@ -166,41 +166,47 @@ */ #ifdef HTTP_ONLY -# ifndef CURL_DISABLE_TFTP -# define CURL_DISABLE_TFTP +# ifndef CURL_DISABLE_DICT +# define CURL_DISABLE_DICT +# endif +# ifndef CURL_DISABLE_FILE +# define CURL_DISABLE_FILE # endif # ifndef CURL_DISABLE_FTP # define CURL_DISABLE_FTP # endif +# ifndef CURL_DISABLE_GOPHER +# define CURL_DISABLE_GOPHER +# endif +# ifndef CURL_DISABLE_IMAP +# define CURL_DISABLE_IMAP +# endif # ifndef CURL_DISABLE_LDAP # define CURL_DISABLE_LDAP # endif -# ifndef CURL_DISABLE_TELNET -# define CURL_DISABLE_TELNET +# ifndef CURL_DISABLE_LDAPS +# define CURL_DISABLE_LDAPS # endif -# ifndef CURL_DISABLE_DICT -# define CURL_DISABLE_DICT +# ifndef CURL_DISABLE_MQTT +# define CURL_DISABLE_MQTT # endif -# ifndef CURL_DISABLE_FILE -# define CURL_DISABLE_FILE +# ifndef CURL_DISABLE_POP3 +# define CURL_DISABLE_POP3 # endif # ifndef CURL_DISABLE_RTSP # define CURL_DISABLE_RTSP # endif -# ifndef CURL_DISABLE_POP3 -# define CURL_DISABLE_POP3 -# endif -# ifndef CURL_DISABLE_IMAP -# define CURL_DISABLE_IMAP +# ifndef CURL_DISABLE_SMB +# define CURL_DISABLE_SMB # endif # ifndef CURL_DISABLE_SMTP # define CURL_DISABLE_SMTP # endif -# ifndef CURL_DISABLE_GOPHER -# define CURL_DISABLE_GOPHER +# ifndef CURL_DISABLE_TELNET +# define CURL_DISABLE_TELNET # endif -# ifndef CURL_DISABLE_SMB -# define CURL_DISABLE_SMB +# ifndef CURL_DISABLE_TFTP +# define CURL_DISABLE_TFTP # endif #endif diff --git a/contrib/libs/curl/lib/curl_setup_once.h b/contrib/libs/curl/lib/curl_setup_once.h index 22d0a063ef..38018d23c7 100644 --- a/contrib/libs/curl/lib/curl_setup_once.h +++ b/contrib/libs/curl/lib/curl_setup_once.h @@ -323,26 +323,6 @@ struct timeval { #include "curl_ctype.h" -/* - * Typedef to 'int' if sig_atomic_t is not an available 'typedefed' type. - */ - -#ifndef HAVE_SIG_ATOMIC_T -typedef int sig_atomic_t; -#define HAVE_SIG_ATOMIC_T -#endif - - -/* - * Convenience SIG_ATOMIC_T definition - */ - -#ifdef HAVE_SIG_ATOMIC_T_VOLATILE -#define SIG_ATOMIC_T static sig_atomic_t -#else -#define SIG_ATOMIC_T static volatile sig_atomic_t -#endif - /* * Macro used to include code only in debug builds. diff --git a/contrib/libs/curl/lib/easy.c b/contrib/libs/curl/lib/easy.c index 588b1fb47e..2aca93845b 100644 --- a/contrib/libs/curl/lib/easy.c +++ b/contrib/libs/curl/lib/easy.c @@ -117,7 +117,7 @@ curl_realloc_callback Curl_crealloc = (curl_realloc_callback)realloc; curl_strdup_callback Curl_cstrdup = (curl_strdup_callback)system_strdup; curl_calloc_callback Curl_ccalloc = (curl_calloc_callback)calloc; #if defined(WIN32) && defined(UNICODE) -curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup; +curl_wcsdup_callback Curl_cwcsdup = Curl_wcsdup; #endif #if defined(_MSC_VER) && defined(_DLL) && !defined(__POCC__) diff --git a/contrib/libs/curl/lib/ftp.c b/contrib/libs/curl/lib/ftp.c index 1a699de594..0b9c9b7322 100644 --- a/contrib/libs/curl/lib/ftp.c +++ b/contrib/libs/curl/lib/ftp.c @@ -2681,9 +2681,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, /* we have now received a full FTP server response */ switch(ftpc->state) { case FTP_WAIT220: - if(ftpcode == 230) - /* 230 User logged in - already! */ - return ftp_state_user_resp(data, ftpcode, ftpc->state); + if(ftpcode == 230) { + /* 230 User logged in - already! Take as 220 if TLS required. */ + if(data->set.use_ssl <= CURLUSESSL_TRY || + conn->bits.ftp_use_control_ssl) + return ftp_state_user_resp(data, ftpcode, ftpc->state); + } else if(ftpcode != 220) { failf(data, "Got a %03d ftp-server response when 220 was expected", ftpcode); @@ -2740,6 +2743,9 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, case FTP_AUTH: /* we have gotten the response to a previous AUTH command */ + if(pp->cache_size) + return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ + /* RFC2228 (page 5) says: * * If the server is willing to accept the named security mechanism, diff --git a/contrib/libs/curl/lib/hostasyn.c b/contrib/libs/curl/lib/hostasyn.c index b25de1d417..f7d99ce9a6 100644 --- a/contrib/libs/curl/lib/hostasyn.c +++ b/contrib/libs/curl/lib/hostasyn.c @@ -50,7 +50,6 @@ #include "hostip.h" #include "hash.h" #include "share.h" -#include "strerror.h" #include "url.h" #include "curl_memory.h" /* The last #include file should be: */ diff --git a/contrib/libs/curl/lib/hostip.c b/contrib/libs/curl/lib/hostip.c index 5ec84a3f87..633c48e800 100644 --- a/contrib/libs/curl/lib/hostip.c +++ b/contrib/libs/curl/lib/hostip.c @@ -56,7 +56,6 @@ #include "hash.h" #include "rand.h" #include "share.h" -#include "strerror.h" #include "url.h" #include "inet_ntop.h" #include "inet_pton.h" @@ -533,6 +532,36 @@ static struct Curl_addrinfo *get_localhost(int port) return ca; } +#ifdef ENABLE_IPV6 +/* + * Curl_ipv6works() returns TRUE if IPv6 seems to work. + */ +bool Curl_ipv6works(struct Curl_easy *data) +{ + if(data) { + /* the nature of most system is that IPv6 status doesn't come and go + during a program's lifetime so we only probe the first time and then we + have the info kept for fast re-use */ + DEBUGASSERT(data); + DEBUGASSERT(data->multi); + return data->multi->ipv6_works; + } + else { + int ipv6_works = -1; + /* probe to see if we have a working IPv6 stack */ + curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); + if(s == CURL_SOCKET_BAD) + /* an IPv6 address was requested but we can't get/use one */ + ipv6_works = 0; + else { + ipv6_works = 1; + sclose(s); + } + return (ipv6_works>0)?TRUE:FALSE; + } +} +#endif /* ENABLE_IPV6 */ + /* * Curl_host_is_ipnum() returns TRUE if the given string is a numerical IPv4 * (or IPv6 if supported) address. @@ -674,9 +703,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, #endif /* !USE_RESOLVE_ON_IPS */ if(!addr) { - /* Check what IP specifics the app has requested and if we can provide - * it. If not, bail out. */ - if(!Curl_ipvalid(data, conn)) + if(conn->ip_version == CURL_IPRESOLVE_V6 && !Curl_ipv6works(data)) return CURLRESOLV_ERROR; if(strcasecompare(hostname, "localhost")) @@ -684,6 +711,10 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, else if(allowDOH && data->set.doh && !ipnum) addr = Curl_doh(data, hostname, port, &respwait); else { + /* Check what IP specifics the app has requested and if we can provide + * it. If not, bail out. */ + if(!Curl_ipvalid(data, conn)) + return CURLRESOLV_ERROR; /* If Curl_getaddrinfo() returns NULL, 'respwait' might be set to a non-zero value indicating that we need to wait for the response to the resolve call */ diff --git a/contrib/libs/curl/lib/hostip.h b/contrib/libs/curl/lib/hostip.h index 28f3b84018..67a688aebd 100644 --- a/contrib/libs/curl/lib/hostip.h +++ b/contrib/libs/curl/lib/hostip.h @@ -97,7 +97,7 @@ enum resolve_t Curl_resolv_timeout(struct Curl_easy *data, struct Curl_dns_entry **dnsentry, timediff_t timeoutms); -#ifdef CURLRES_IPV6 +#ifdef ENABLE_IPV6 /* * Curl_ipv6works() returns TRUE if IPv6 seems to work. */ diff --git a/contrib/libs/curl/lib/hostip4.c b/contrib/libs/curl/lib/hostip4.c index ac92126d8c..1fd791015c 100644 --- a/contrib/libs/curl/lib/hostip4.c +++ b/contrib/libs/curl/lib/hostip4.c @@ -50,7 +50,6 @@ #include "hostip.h" #include "hash.h" #include "share.h" -#include "strerror.h" #include "url.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" diff --git a/contrib/libs/curl/lib/hostip6.c b/contrib/libs/curl/lib/hostip6.c index 943cdd261c..c2d5f08e32 100644 --- a/contrib/libs/curl/lib/hostip6.c +++ b/contrib/libs/curl/lib/hostip6.c @@ -50,7 +50,6 @@ #include "hostip.h" #include "hash.h" #include "share.h" -#include "strerror.h" #include "url.h" #include "inet_pton.h" #include "connect.h" @@ -60,34 +59,6 @@ #include "memdebug.h" /* - * Curl_ipv6works() returns TRUE if IPv6 seems to work. - */ -bool Curl_ipv6works(struct Curl_easy *data) -{ - if(data) { - /* the nature of most system is that IPv6 status doesn't come and go - during a program's lifetime so we only probe the first time and then we - have the info kept for fast re-use */ - DEBUGASSERT(data); - DEBUGASSERT(data->multi); - return data->multi->ipv6_works; - } - else { - int ipv6_works = -1; - /* probe to see if we have a working IPv6 stack */ - curl_socket_t s = socket(PF_INET6, SOCK_DGRAM, 0); - if(s == CURL_SOCKET_BAD) - /* an IPv6 address was requested but we can't get/use one */ - ipv6_works = 0; - else { - ipv6_works = 1; - sclose(s); - } - return (ipv6_works>0)?TRUE:FALSE; - } -} - -/* * Curl_ipvalid() checks what CURL_IPRESOLVE_* requirements that might've * been set and returns TRUE if they are OK. */ diff --git a/contrib/libs/curl/lib/hostsyn.c b/contrib/libs/curl/lib/hostsyn.c index 550b43a085..c00c2744c4 100644 --- a/contrib/libs/curl/lib/hostsyn.c +++ b/contrib/libs/curl/lib/hostsyn.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -50,7 +50,6 @@ #include "hostip.h" #include "hash.h" #include "share.h" -#include "strerror.h" #include "url.h" #include "curl_memory.h" /* The last #include file should be: */ diff --git a/contrib/libs/curl/lib/hsts.c b/contrib/libs/curl/lib/hsts.c index 0d5a584012..052dc11571 100644 --- a/contrib/libs/curl/lib/hsts.c +++ b/contrib/libs/curl/lib/hsts.c @@ -49,6 +49,7 @@ #define MAX_HSTS_HOSTLENSTR "256" #define MAX_HSTS_DATELEN 64 #define MAX_HSTS_DATELENSTR "64" +#define UNLIMITED "unlimited" #ifdef DEBUGBUILD /* to play well with debug builds, we can *set* a fixed time this will @@ -283,13 +284,17 @@ static CURLcode hsts_push(struct Curl_easy *data, e.namelen = strlen(sts->host); e.includeSubDomains = sts->includeSubDomains; - result = Curl_gmtime((time_t)sts->expires, &stamp); - if(result) - return result; + if(sts->expires != TIME_T_MAX) { + result = Curl_gmtime((time_t)sts->expires, &stamp); + if(result) + return result; - msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d", - stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday, - stamp.tm_hour, stamp.tm_min, stamp.tm_sec); + msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d", + stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday, + stamp.tm_hour, stamp.tm_min, stamp.tm_sec); + } + else + strcpy(e.expire, UNLIMITED); sc = data->set.hsts_write(data, &e, i, data->set.hsts_write_userp); @@ -303,14 +308,18 @@ static CURLcode hsts_push(struct Curl_easy *data, static CURLcode hsts_out(struct stsentry *sts, FILE *fp) { struct tm stamp; - CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp); - if(result) - return result; - - fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n", - sts->includeSubDomains ? ".": "", sts->host, - stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday, - stamp.tm_hour, stamp.tm_min, stamp.tm_sec); + if(sts->expires != TIME_T_MAX) { + CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp); + if(result) + return result; + fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n", + sts->includeSubDomains ? ".": "", sts->host, + stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday, + stamp.tm_hour, stamp.tm_min, stamp.tm_sec); + } + else + fprintf(fp, "%s%s \"%s\"\n", + sts->includeSubDomains ? ".": "", sts->host, UNLIMITED); return CURLE_OK; } @@ -403,7 +412,8 @@ static CURLcode hsts_add(struct hsts *h, char *line) "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"", host, date); if(2 == rc) { - time_t expires = Curl_getdate_capped(date); + time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) : + TIME_T_MAX; CURLcode result; char *p = host; bool subdomain = FALSE; @@ -456,7 +466,7 @@ static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h) return result; } else if(sc == CURLSTS_FAIL) - return CURLE_BAD_FUNCTION_ARGUMENT; + return CURLE_ABORTED_BY_CALLBACK; } while(sc == CURLSTS_OK); } return CURLE_OK; @@ -526,7 +536,9 @@ CURLcode Curl_hsts_loadfile(struct Curl_easy *data, */ CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h) { - return hsts_pull(data, h); + if(h) + return hsts_pull(data, h); + return CURLE_OK; } #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */ diff --git a/contrib/libs/curl/lib/hsts.h b/contrib/libs/curl/lib/hsts.h index baa582864a..653c05348d 100644 --- a/contrib/libs/curl/lib/hsts.h +++ b/contrib/libs/curl/lib/hsts.h @@ -59,7 +59,7 @@ CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h); #else #define Curl_hsts_cleanup(x) -#define Curl_hsts_loadcb(x,y) +#define Curl_hsts_loadcb(x,y) CURLE_OK #define Curl_hsts_save(x,y,z) #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */ #endif /* HEADER_CURL_HSTS_H */ diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c index d49a8c0aa1..777bc3401a 100644 --- a/contrib/libs/curl/lib/http.c +++ b/contrib/libs/curl/lib/http.c @@ -1669,8 +1669,8 @@ CURLcode Curl_http_done(struct Curl_easy *data, * - if any server previously contacted to handle this request only supports * 1.0. */ -static bool use_http_1_1plus(const struct Curl_easy *data, - const struct connectdata *conn) +bool Curl_use_http_1_1plus(const struct Curl_easy *data, + const struct connectdata *conn) { if((data->state.httpversion == 10) || (conn->httpversion == 10)) return FALSE; @@ -1696,7 +1696,7 @@ static const char *get_http_string(const struct Curl_easy *data, return "2"; #endif - if(use_http_1_1plus(data, conn)) + if(Curl_use_http_1_1plus(data, conn)) return "1.1"; return "1.0"; @@ -1711,7 +1711,7 @@ static CURLcode expect100(struct Curl_easy *data, CURLcode result = CURLE_OK; data->state.expect100header = FALSE; /* default to false unless it is set to TRUE below */ - if(!data->state.disableexpect && use_http_1_1plus(data, conn) && + if(!data->state.disableexpect && Curl_use_http_1_1plus(data, conn) && (conn->httpversion < 20)) { /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an Expect: 100-continue to the headers which actually speeds up post @@ -2348,7 +2348,7 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, if(conn->bits.authneg) /* don't enable chunked during auth neg */ ; - else if(use_http_1_1plus(data, conn)) { + else if(Curl_use_http_1_1plus(data, conn)) { if(conn->httpversion < 20) /* HTTP, upload, unknown file size and not HTTP 1.0 */ data->req.upload_chunky = TRUE; @@ -2711,14 +2711,16 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, int count = 0; if(data->cookies && data->state.cookie_engine) { + const char *host = data->state.aptr.cookiehost ? + data->state.aptr.cookiehost : conn->host.name; + const bool secure_context = + conn->handler->protocol&CURLPROTO_HTTPS || + strcasecompare("localhost", host) || + !strcmp(host, "127.0.0.1") || + !strcmp(host, "[::1]") ? TRUE : FALSE; Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - co = Curl_cookie_getlist(data->cookies, - data->state.aptr.cookiehost? - data->state.aptr.cookiehost: - conn->host.name, - data->state.up.path, - (conn->handler->protocol&CURLPROTO_HTTPS)? - TRUE:FALSE); + co = Curl_cookie_getlist(data->cookies, host, data->state.up.path, + secure_context); Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); } if(co) { @@ -2901,6 +2903,20 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, { struct SingleRequest *k = &data->req; DEBUGASSERT(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)); + if(data->req.ignore_cl) { + k->size = k->maxdownload = -1; + } + else if(k->size != -1) { + /* We wait until after all headers have been received to set this so that + we know for sure Content-Length is valid. */ + if(data->set.max_filesize && + k->size > data->set.max_filesize) { + failf(data, "Maximum file size exceeded"); + return CURLE_FILESIZE_EXCEEDED; + } + Curl_pgrsSetDownloadSize(data, k->size); + } + if(data->req.newurl) { if(conn->bits.close) { /* Abort after the headers if "follow Location" is set @@ -3401,17 +3417,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, NULL, 10, &contentlength); if(offt == CURL_OFFT_OK) { - if(data->set.max_filesize && - contentlength > data->set.max_filesize) { - failf(data, "Maximum file size exceeded"); - return CURLE_FILESIZE_EXCEEDED; - } k->size = contentlength; k->maxdownload = k->size; - /* we set the progress download size already at this point - just to make it easier for apps/callbacks to extract this - info as soon as possible */ - Curl_pgrsSetDownloadSize(data, k->size); } else if(offt == CURL_OFFT_FLOW) { /* out of range */ @@ -3502,6 +3509,12 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, TRUE); if(result) return result; + if(!k->chunk) { + /* if this isn't chunked, only close can signal the end of this transfer + as Content-Length is said not to be trusted for transfer-encoding! */ + connclose(conn, "HTTP/1.1 transfer-encoding without chunks"); + k->ignore_cl = TRUE; + } } else if(!k->http_bodyless && checkprefix("Content-Encoding:", headp) && data->set.str[STRING_ENCODING]) { @@ -3564,18 +3577,21 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, #if !defined(CURL_DISABLE_COOKIES) else if(data->cookies && data->state.cookie_engine && checkprefix("Set-Cookie:", headp)) { + /* If there is a custom-set Host: name, use it here, or else use real peer + host name. */ + const char *host = data->state.aptr.cookiehost? + data->state.aptr.cookiehost:conn->host.name; + const bool secure_context = + conn->handler->protocol&CURLPROTO_HTTPS || + strcasecompare("localhost", host) || + !strcmp(host, "127.0.0.1") || + !strcmp(host, "[::1]") ? TRUE : FALSE; + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); - Curl_cookie_add(data, - data->cookies, TRUE, FALSE, - headp + strlen("Set-Cookie:"), - /* If there is a custom-set Host: name, use it - here, or else use real peer host name. */ - data->state.aptr.cookiehost? - data->state.aptr.cookiehost:conn->host.name, - data->state.up.path, - (conn->handler->protocol&CURLPROTO_HTTPS)? - TRUE:FALSE); + Curl_cookie_add(data, data->cookies, TRUE, FALSE, + headp + strlen("Set-Cookie:"), host, + data->state.up.path, secure_context); Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); } #endif @@ -4210,18 +4226,20 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, * https://tools.ietf.org/html/rfc7230#section-3.1.2 * * The response code is always a three-digit number in HTTP as the spec - * says. We try to allow any number here, but we cannot make + * says. We allow any three-digit number here, but we cannot make * guarantees on future behaviors since it isn't within the protocol. */ char separator; char twoorthree[2]; int httpversion = 0; + char digit4 = 0; nc = sscanf(HEADER1, - " HTTP/%1d.%1d%c%3d", + " HTTP/%1d.%1d%c%3d%c", &httpversion_major, &httpversion, &separator, - &k->httpcode); + &k->httpcode, + &digit4); if(nc == 1 && httpversion_major >= 2 && 2 == sscanf(HEADER1, " HTTP/%1[23] %d", twoorthree, &k->httpcode)) { @@ -4230,7 +4248,15 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, separator = ' '; } - if((nc == 4) && (' ' == separator)) { + /* There can only be a 4th response code digit stored in 'digit4' if + all the other fields were parsed and stored first, so nc is 5 when + digit4 a digit */ + else if(ISDIGIT(digit4)) { + failf(data, "Unsupported response code in HTTP response"); + return CURLE_UNSUPPORTED_PROTOCOL; + } + + if((nc >= 4) && (' ' == separator)) { httpversion += 10 * httpversion_major; switch(httpversion) { case 10: diff --git a/contrib/libs/curl/lib/http.h b/contrib/libs/curl/lib/http.h index bce171550d..e4ab466c00 100644 --- a/contrib/libs/curl/lib/http.h +++ b/contrib/libs/curl/lib/http.h @@ -99,6 +99,8 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, const char **teep); CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, struct dynbuf *r, Curl_HttpReq httpreq); +bool Curl_use_http_1_1plus(const struct Curl_easy *data, + const struct connectdata *conn); #ifndef CURL_DISABLE_COOKIES CURLcode Curl_http_cookies(struct Curl_easy *data, struct connectdata *conn, diff --git a/contrib/libs/curl/lib/http2.c b/contrib/libs/curl/lib/http2.c index 60e0143c15..6d63f43636 100644 --- a/contrib/libs/curl/lib/http2.c +++ b/contrib/libs/curl/lib/http2.c @@ -763,6 +763,7 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, ncopy); stream->nread_header_recvbuf += ncopy; + DEBUGASSERT(stream->mem); H2BUGF(infof(data_s, "Store %zu bytes headers from stream %u at %p", ncopy, stream_id, stream->mem)); @@ -1624,10 +1625,6 @@ static ssize_t http2_recv(struct Curl_easy *data, int sockindex, return -1; } - if(stream->closed) - /* closed overrides paused */ - return http2_handle_stream_close(conn, data, stream, err); - /* Nullify here because we call nghttp2_session_send() and they might refer to the old buffer. */ stream->upload_mem = NULL; @@ -2218,6 +2215,16 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, Curl_dyn_init(&stream->header_recvbuf, DYN_H2_HEADERS); Curl_dyn_init(&stream->trailer_recvbuf, DYN_H2_TRAILERS); + stream->upload_left = 0; + stream->upload_mem = NULL; + stream->upload_len = 0; + stream->mem = data->state.buffer; + stream->len = data->set.buffer_size; + + multi_connchanged(data->multi); + /* below this point only connection related inits are done, which only needs + to be done once per connection */ + if((conn->handler == &Curl_handler_http2_ssl) || (conn->handler == &Curl_handler_http2)) return CURLE_OK; /* already done */ @@ -2234,11 +2241,10 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, } infof(data, "Using HTTP2, server supports multiplexing"); - stream->upload_left = 0; - stream->upload_mem = NULL; - stream->upload_len = 0; - stream->mem = data->state.buffer; - stream->len = data->set.buffer_size; + + conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ + conn->httpversion = 20; + conn->bundle->multiuse = BUNDLE_MULTIPLEX; httpc->inbuflen = 0; httpc->nread_inbuf = 0; @@ -2246,12 +2252,7 @@ CURLcode Curl_http2_setup(struct Curl_easy *data, httpc->pause_stream_id = 0; httpc->drain_total = 0; - conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - conn->httpversion = 20; - conn->bundle->multiuse = BUNDLE_MULTIPLEX; - infof(data, "Connection state changed (HTTP/2 confirmed)"); - multi_connchanged(data->multi); return CURLE_OK; } @@ -2340,15 +2341,8 @@ CURLcode Curl_http2_switched(struct Curl_easy *data, DEBUGASSERT(httpc->nread_inbuf == 0); - /* Good enough to call it an end once the remaining payload is copied to the - * connection buffer. - * Some servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately - * following the protocol switch other than waiting for the client-side - * connection preface. If h2_process_pending_input is invoked here to parse - * the remaining payload, stream 1 would be marked as closed too early and - * thus ignored in http2_recv (following 252790c53). - * The logic in lib/http.c and lib/transfer.c guarantees a following - * http2_recv would be invoked very soon. */ + if(-1 == h2_process_pending_input(data, httpc, &result)) + return CURLE_HTTP2; return CURLE_OK; } diff --git a/contrib/libs/curl/lib/http_proxy.c b/contrib/libs/curl/lib/http_proxy.c index 61457094e4..20631927f0 100644 --- a/contrib/libs/curl/lib/http_proxy.c +++ b/contrib/libs/curl/lib/http_proxy.c @@ -148,7 +148,7 @@ int Curl_connect_getsock(struct connectdata *conn) DEBUGASSERT(conn->connect_state); http = &conn->connect_state->http_proxy; - if(http->sending) + if(http->sending == HTTPSEND_REQUEST) return GETSOCK_WRITESOCK(0); return GETSOCK_READSOCK(0); @@ -300,32 +300,27 @@ static CURLcode CONNECT(struct Curl_easy *data, hostheader, TRUE); if(!result) { - const char *proxyconn = ""; - const char *useragent = ""; const char *httpv = (conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0) ? "1.0" : "1.1"; - if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection")) - proxyconn = "Proxy-Connection: Keep-Alive\r\n"; - - if(!Curl_checkProxyheaders(data, conn, "User-Agent") && - data->set.str[STRING_USERAGENT]) - useragent = data->state.aptr.uagent; - result = Curl_dyn_addf(req, "CONNECT %s HTTP/%s\r\n" "%s" /* Host: */ - "%s" /* Proxy-Authorization */ - "%s" /* User-Agent */ - "%s", /* Proxy-Connection */ + "%s", /* Proxy-Authorization */ hostheader, httpv, host?host:"", data->state.aptr.proxyuserpwd? - data->state.aptr.proxyuserpwd:"", - useragent, - proxyconn); + data->state.aptr.proxyuserpwd:""); + + if(!result && !Curl_checkProxyheaders(data, conn, "User-Agent") && + data->set.str[STRING_USERAGENT]) + result = Curl_dyn_addf(req, "User-Agent: %s\r\n", + data->set.str[STRING_USERAGENT]); + + if(!result && !Curl_checkProxyheaders(data, conn, "Proxy-Connection")) + result = Curl_dyn_add(req, "Proxy-Connection: Keep-Alive\r\n"); if(!result) result = Curl_add_custom_headers(data, TRUE, req); @@ -390,6 +385,7 @@ static CURLcode CONNECT(struct Curl_easy *data, k->upload_fromhere += bytes_written; return result; } + http->sending = HTTPSEND_NADA; /* if nothing left to send, continue */ } { /* READING RESPONSE PHASE */ @@ -839,16 +835,26 @@ static CURLcode CONNECT(struct Curl_easy *data, Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd)) goto error; - if(data->set.str[STRING_USERAGENT] && - *data->set.str[STRING_USERAGENT] && - data->state.aptr.uagent && - Curl_hyper_header(data, headers, data->state.aptr.uagent)) - goto error; + if(!Curl_checkProxyheaders(data, conn, "User-Agent") && + data->set.str[STRING_USERAGENT]) { + struct dynbuf ua; + Curl_dyn_init(&ua, DYN_HTTP_REQUEST); + result = Curl_dyn_addf(&ua, "User-Agent: %s\r\n", + data->set.str[STRING_USERAGENT]); + if(result) + goto error; + if(Curl_hyper_header(data, headers, Curl_dyn_ptr(&ua))) + goto error; + Curl_dyn_free(&ua); + } if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection") && Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive")) goto error; + if(Curl_add_custom_headers(data, TRUE, headers)) + goto error; + sendtask = hyper_clientconn_send(client, req); if(!sendtask) { failf(data, "hyper_clientconn_send"); diff --git a/contrib/libs/curl/lib/imap.c b/contrib/libs/curl/lib/imap.c index ab4d412ee3..6163899bbe 100644 --- a/contrib/libs/curl/lib/imap.c +++ b/contrib/libs/curl/lib/imap.c @@ -74,7 +74,6 @@ #include "strcase.h" #include "vtls/vtls.h" #include "connect.h" -#include "strerror.h" #include "select.h" #include "multiif.h" #include "url.h" @@ -935,22 +934,18 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, line += wordlen; } } - else if(imapcode == IMAP_RESP_OK) { - if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { - /* We don't have a SSL/TLS connection yet, but SSL is requested */ - if(imapc->tls_supported) - /* Switch to TLS connection now */ - result = imap_perform_starttls(data, conn); - else if(data->set.use_ssl == CURLUSESSL_TRY) - /* Fallback and carry on with authentication */ - result = imap_perform_authentication(data, conn); - else { - failf(data, "STARTTLS not supported."); - result = CURLE_USE_SSL_FAILED; - } + else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { + /* PREAUTH is not compatible with STARTTLS. */ + if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) { + /* Switch to TLS connection now */ + result = imap_perform_starttls(data, conn); } - else + else if(data->set.use_ssl <= CURLUSESSL_TRY) result = imap_perform_authentication(data, conn); + else { + failf(data, "STARTTLS not available."); + result = CURLE_USE_SSL_FAILED; + } } else result = imap_perform_authentication(data, conn); @@ -968,6 +963,10 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.imapc.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(imapcode != IMAP_RESP_OK) { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied"); diff --git a/contrib/libs/curl/lib/md4.c b/contrib/libs/curl/lib/md4.c index 3eee1c8521..3cfc393bc2 100644 --- a/contrib/libs/curl/lib/md4.c +++ b/contrib/libs/curl/lib/md4.c @@ -36,8 +36,12 @@ #endif /* USE_OPENSSL */ #ifdef USE_MBEDTLS -#error #include <mbedtls/config.h> #error #include <mbedtls/version.h> +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#error #include <mbedtls/mbedtls_config.h> +#else +#error #include <mbedtls/config.h> +#endif #if(MBEDTLS_VERSION_NUMBER >= 0x02070000) #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS diff --git a/contrib/libs/curl/lib/md5.c b/contrib/libs/curl/lib/md5.c index 782d8ccf54..62b602ffbb 100644 --- a/contrib/libs/curl/lib/md5.c +++ b/contrib/libs/curl/lib/md5.c @@ -33,7 +33,8 @@ #ifdef USE_MBEDTLS #error #include <mbedtls/version.h> -#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) +#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) && \ + (MBEDTLS_VERSION_NUMBER < 0x03000000) #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS #endif #endif /* USE_MBEDTLS */ @@ -85,7 +86,7 @@ typedef mbedtls_md5_context MD5_CTX; static void MD5_Init(MD5_CTX *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) - mbedtls_md5_starts(ctx); + (void) mbedtls_md5_starts(ctx); #else (void) mbedtls_md5_starts_ret(ctx); #endif @@ -96,7 +97,7 @@ static void MD5_Update(MD5_CTX *ctx, unsigned int length) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) - mbedtls_md5_update(ctx, data, length); + (void) mbedtls_md5_update(ctx, data, length); #else (void) mbedtls_md5_update_ret(ctx, data, length); #endif @@ -105,7 +106,7 @@ static void MD5_Update(MD5_CTX *ctx, static void MD5_Final(unsigned char *digest, MD5_CTX *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) - mbedtls_md5_finish(ctx, digest); + (void) mbedtls_md5_finish(ctx, digest); #else (void) mbedtls_md5_finish_ret(ctx, digest); #endif diff --git a/contrib/libs/curl/lib/mqtt.c b/contrib/libs/curl/lib/mqtt.c index f077e6c3dc..fcd40b41e6 100644 --- a/contrib/libs/curl/lib/mqtt.c +++ b/contrib/libs/curl/lib/mqtt.c @@ -128,6 +128,10 @@ static CURLcode mqtt_send(struct Curl_easy *data, mq->sendleftovers = sendleftovers; mq->nsend = nsend; } + else { + mq->sendleftovers = NULL; + mq->nsend = 0; + } return result; } diff --git a/contrib/libs/curl/lib/multi.c b/contrib/libs/curl/lib/multi.c index c31922d262..73015ed4d7 100644 --- a/contrib/libs/curl/lib/multi.c +++ b/contrib/libs/curl/lib/multi.c @@ -1054,11 +1054,17 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) { curl_socket_t s = CURL_SOCKET_BAD; - if((bitmap & GETSOCK_READSOCK(i)) && VALID_SOCK((sockbunch[i]))) { + if((bitmap & GETSOCK_READSOCK(i)) && VALID_SOCK(sockbunch[i])) { + if(!FDSET_SOCK(sockbunch[i])) + /* pretend it doesn't exist */ + continue; FD_SET(sockbunch[i], read_fd_set); s = sockbunch[i]; } - if((bitmap & GETSOCK_WRITESOCK(i)) && VALID_SOCK((sockbunch[i]))) { + if((bitmap & GETSOCK_WRITESOCK(i)) && VALID_SOCK(sockbunch[i])) { + if(!FDSET_SOCK(sockbunch[i])) + /* pretend it doesn't exist */ + continue; FD_SET(sockbunch[i], write_fd_set); s = sockbunch[i]; } @@ -1102,6 +1108,9 @@ static CURLMcode multi_wait(struct Curl_multi *multi, WSANETWORKEVENTS wsa_events; DEBUGASSERT(multi->wsa_event != WSA_INVALID_EVENT); #endif +#ifndef ENABLE_WAKEUP + (void)use_wakeup; +#endif if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; diff --git a/contrib/libs/curl/lib/non-ascii.c b/contrib/libs/curl/lib/non-ascii.c index 932cf89eef..3b77ae98d5 100644 --- a/contrib/libs/curl/lib/non-ascii.c +++ b/contrib/libs/curl/lib/non-ascii.c @@ -31,6 +31,7 @@ #include "sendf.h" #include "urldata.h" #include "multiif.h" +#include "strerror.h" #include "curl_memory.h" /* The last #include file should be: */ @@ -104,6 +105,7 @@ CURLcode Curl_convert_to_network(struct Curl_easy *data, iconv_t *cd = &tmpcd; char *input_ptr, *output_ptr; size_t in_bytes, out_bytes, rc; + char ebuffer[STRERROR_LEN]; /* open an iconv conversion descriptor if necessary */ if(data) @@ -116,7 +118,7 @@ CURLcode Curl_convert_to_network(struct Curl_easy *data, "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", CURL_ICONV_CODESET_OF_NETWORK, CURL_ICONV_CODESET_OF_HOST, - errno, strerror(errno)); + errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); return CURLE_CONV_FAILED; } } @@ -130,7 +132,7 @@ CURLcode Curl_convert_to_network(struct Curl_easy *data, if((rc == ICONV_ERROR) || (in_bytes)) { failf(data, "The Curl_convert_to_network iconv call failed with errno %i: %s", - errno, strerror(errno)); + errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); return CURLE_CONV_FAILED; } #else @@ -170,6 +172,7 @@ CURLcode Curl_convert_from_network(struct Curl_easy *data, iconv_t *cd = &tmpcd; char *input_ptr, *output_ptr; size_t in_bytes, out_bytes, rc; + char ebuffer[STRERROR_LEN]; /* open an iconv conversion descriptor if necessary */ if(data) @@ -182,7 +185,7 @@ CURLcode Curl_convert_from_network(struct Curl_easy *data, "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", CURL_ICONV_CODESET_OF_HOST, CURL_ICONV_CODESET_OF_NETWORK, - errno, strerror(errno)); + errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); return CURLE_CONV_FAILED; } } @@ -196,7 +199,7 @@ CURLcode Curl_convert_from_network(struct Curl_easy *data, if((rc == ICONV_ERROR) || (in_bytes)) { failf(data, "Curl_convert_from_network iconv call failed with errno %i: %s", - errno, strerror(errno)); + errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); return CURLE_CONV_FAILED; } #else @@ -237,6 +240,7 @@ CURLcode Curl_convert_from_utf8(struct Curl_easy *data, char *input_ptr; char *output_ptr; size_t in_bytes, out_bytes, rc; + char ebuffer[STRERROR_LEN]; /* open an iconv conversion descriptor if necessary */ if(data) @@ -249,7 +253,7 @@ CURLcode Curl_convert_from_utf8(struct Curl_easy *data, "The iconv_open(\"%s\", \"%s\") call failed with errno %i: %s", CURL_ICONV_CODESET_OF_HOST, CURL_ICONV_CODESET_FOR_UTF8, - errno, strerror(errno)); + errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); return CURLE_CONV_FAILED; } } @@ -263,7 +267,7 @@ CURLcode Curl_convert_from_utf8(struct Curl_easy *data, if((rc == ICONV_ERROR) || (in_bytes)) { failf(data, "The Curl_convert_from_utf8 iconv call failed with errno %i: %s", - errno, strerror(errno)); + errno, Curl_strerror(errno, ebuffer, sizeof(ebuffer))); return CURLE_CONV_FAILED; } if(output_ptr < input_ptr) { diff --git a/contrib/libs/curl/lib/pop3.c b/contrib/libs/curl/lib/pop3.c index 5fdd6f3e05..d3f3de6d49 100644 --- a/contrib/libs/curl/lib/pop3.c +++ b/contrib/libs/curl/lib/pop3.c @@ -75,7 +75,6 @@ #include "strcase.h" #include "vtls/vtls.h" #include "connect.h" -#include "strerror.h" #include "select.h" #include "multiif.h" #include "url.h" @@ -741,28 +740,23 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, } } } - else if(pop3code == '+') { - if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) { - /* We don't have a SSL/TLS connection yet, but SSL is requested */ - if(pop3c->tls_supported) - /* Switch to TLS connection now */ - result = pop3_perform_starttls(data, conn); - else if(data->set.use_ssl == CURLUSESSL_TRY) - /* Fallback and carry on with authentication */ - result = pop3_perform_authentication(data, conn); - else { - failf(data, "STLS not supported."); - result = CURLE_USE_SSL_FAILED; - } - } - else - result = pop3_perform_authentication(data, conn); - } else { /* Clear text is supported when CAPA isn't recognised */ - pop3c->authtypes |= POP3_TYPE_CLEARTEXT; + if(pop3code != '+') + pop3c->authtypes |= POP3_TYPE_CLEARTEXT; - result = pop3_perform_authentication(data, conn); + if(!data->set.use_ssl || conn->ssl[FIRSTSOCKET].use) + result = pop3_perform_authentication(data, conn); + else if(pop3code == '+' && pop3c->tls_supported) + /* Switch to TLS connection now */ + result = pop3_perform_starttls(data, conn); + else if(data->set.use_ssl <= CURLUSESSL_TRY) + /* Fallback and carry on with authentication */ + result = pop3_perform_authentication(data, conn); + else { + failf(data, "STLS not supported."); + result = CURLE_USE_SSL_FAILED; + } } return result; @@ -777,6 +771,10 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, CURLcode result = CURLE_OK; (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.pop3c.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(pop3code != '+') { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied"); diff --git a/contrib/libs/curl/lib/progress.c b/contrib/libs/curl/lib/progress.c index 4bcd615eba..f5ef6bd526 100644 --- a/contrib/libs/curl/lib/progress.c +++ b/contrib/libs/curl/lib/progress.c @@ -377,7 +377,12 @@ static curl_off_t trspeed(curl_off_t size, /* number of bytes */ { if(us < 1) return size * 1000000; - return (curl_off_t)((long double)size/us * 1000000); + else if(size < CURL_OFF_T_MAX/1000000) + return (size * 1000000) / us; + else if(us >= 1000000) + return size / (us / 1000000); + else + return CURL_OFF_T_MAX; } /* returns TRUE if it's time to show the progress meter */ diff --git a/contrib/libs/curl/lib/select.h b/contrib/libs/curl/lib/select.h index 19da1e774b..59a571dbbd 100644 --- a/contrib/libs/curl/lib/select.h +++ b/contrib/libs/curl/lib/select.h @@ -97,8 +97,10 @@ int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes, #if defined(TPF) #define VALID_SOCK(x) 1 #define VERIFY_SOCK(x) Curl_nop_stmt +#define FDSET_SOCK(x) 1 #elif defined(USE_WINSOCK) #define VALID_SOCK(s) ((s) < INVALID_SOCKET) +#define FDSET_SOCK(x) 1 #define VERIFY_SOCK(x) do { \ if(!VALID_SOCK(x)) { \ SET_SOCKERRNO(WSAEINVAL); \ @@ -106,17 +108,17 @@ int tpf_select_libcurl(int maxfds, fd_set* reads, fd_set* writes, } \ } while(0) #else -#ifdef HAVE_POLL_FINE -#define VALID_SOCK(s) ((s) >= 0) /* FD_SETSIZE is irrelevant for poll */ -#else -#define VALID_SOCK(s) (((s) >= 0) && ((s) < FD_SETSIZE)) -#endif -#define VERIFY_SOCK(x) do { \ - if(!VALID_SOCK(x)) { \ - SET_SOCKERRNO(EINVAL); \ - return -1; \ - } \ -} while(0) +#define VALID_SOCK(s) ((s) >= 0) + +/* If the socket is small enough to get set or read from an fdset */ +#define FDSET_SOCK(s) ((s) < FD_SETSIZE) + +#define VERIFY_SOCK(x) do { \ + if(!VALID_SOCK(x) || !FDSET_SOCK(x)) { \ + SET_SOCKERRNO(EINVAL); \ + return -1; \ + } \ + } while(0) #endif #endif /* HEADER_CURL_SELECT_H */ diff --git a/contrib/libs/curl/lib/setopt.c b/contrib/libs/curl/lib/setopt.c index 076fe5f59c..08827d1ef9 100644 --- a/contrib/libs/curl/lib/setopt.c +++ b/contrib/libs/curl/lib/setopt.c @@ -2370,12 +2370,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_IGNORE_CONTENT_LENGTH: -#ifndef USE_HYPER data->set.ignorecl = (0 != va_arg(param, long)) ? TRUE : FALSE; break; -#else - return CURLE_NOT_BUILT_IN; -#endif case CURLOPT_CONNECT_ONLY: /* diff --git a/contrib/libs/curl/lib/sha256.c b/contrib/libs/curl/lib/sha256.c index 704d51fa51..9bcd110060 100644 --- a/contrib/libs/curl/lib/sha256.c +++ b/contrib/libs/curl/lib/sha256.c @@ -42,8 +42,9 @@ #ifdef USE_MBEDTLS #error #include <mbedtls/version.h> -#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) - #define HAS_RESULT_CODE_BASED_FUNCTIONS +#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) && \ + (MBEDTLS_VERSION_NUMBER < 0x03000000) + #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS #endif #endif /* USE_MBEDTLS */ @@ -105,8 +106,8 @@ typedef mbedtls_sha256_context SHA256_CTX; static void SHA256_Init(SHA256_CTX *ctx) { -#if !defined(HAS_RESULT_CODE_BASED_FUNCTIONS) - mbedtls_sha256_starts(ctx, 0); +#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + (void) mbedtls_sha256_starts(ctx, 0); #else (void) mbedtls_sha256_starts_ret(ctx, 0); #endif @@ -116,8 +117,8 @@ static void SHA256_Update(SHA256_CTX *ctx, const unsigned char *data, unsigned int length) { -#if !defined(HAS_RESULT_CODE_BASED_FUNCTIONS) - mbedtls_sha256_update(ctx, data, length); +#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + (void) mbedtls_sha256_update(ctx, data, length); #else (void) mbedtls_sha256_update_ret(ctx, data, length); #endif @@ -125,8 +126,8 @@ static void SHA256_Update(SHA256_CTX *ctx, static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) { -#if !defined(HAS_RESULT_CODE_BASED_FUNCTIONS) - mbedtls_sha256_finish(ctx, digest); +#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) + (void) mbedtls_sha256_finish(ctx, digest); #else (void) mbedtls_sha256_finish_ret(ctx, digest); #endif diff --git a/contrib/libs/curl/lib/smtp.c b/contrib/libs/curl/lib/smtp.c index 1a3da15599..02ddaca0a2 100644 --- a/contrib/libs/curl/lib/smtp.c +++ b/contrib/libs/curl/lib/smtp.c @@ -78,7 +78,6 @@ #include "strcase.h" #include "vtls/vtls.h" #include "connect.h" -#include "strerror.h" #include "select.h" #include "multiif.h" #include "url.h" @@ -835,6 +834,10 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, CURLcode result = CURLE_OK; (void)instate; /* no use for this yet */ + /* Pipelining in response is forbidden. */ + if(data->conn->proto.smtpc.pp.cache_size) + return CURLE_WEIRD_SERVER_REPLY; + if(smtpcode != 220) { if(data->set.use_ssl != CURLUSESSL_TRY) { failf(data, "STARTTLS denied, code %d", smtpcode); diff --git a/contrib/libs/curl/lib/socks.c b/contrib/libs/curl/lib/socks.c index 91c4223a5f..db4c80834e 100644 --- a/contrib/libs/curl/lib/socks.c +++ b/contrib/libs/curl/lib/socks.c @@ -99,24 +99,24 @@ int Curl_blockread_all(struct Curl_easy *data, /* transfer */ } #endif -#ifndef DEBUGBUILD -#define sxstate(x,y) socksstate(x,y) -#else +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) +#define DEBUG_AND_VERBOSE #define sxstate(x,y) socksstate(x,y, __LINE__) +#else +#define sxstate(x,y) socksstate(x,y) #endif - /* always use this function to change state, to make debugging easier */ static void socksstate(struct Curl_easy *data, enum connect_t state -#ifdef DEBUGBUILD +#ifdef DEBUG_AND_VERBOSE , int lineno #endif ) { struct connectdata *conn = data->conn; enum connect_t oldstate = conn->cnnct.state; -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) +#ifdef DEBUG_AND_VERBOSE /* synced with the state list in urldata.h */ static const char * const statename[] = { "INIT", @@ -146,7 +146,7 @@ static void socksstate(struct Curl_easy *data, conn->cnnct.state = state; -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) +#ifdef DEBUG_AND_VERBOSE infof(data, "SXSTATE: %s => %s conn %p; line %d", statename[oldstate], statename[conn->cnnct.state], conn, diff --git a/contrib/libs/curl/lib/strdup.c b/contrib/libs/curl/lib/strdup.c index 9af47ea473..85cf33b3ed 100644 --- a/contrib/libs/curl/lib/strdup.c +++ b/contrib/libs/curl/lib/strdup.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -24,6 +24,10 @@ #include <curl/curl.h> +#ifdef WIN32 +#include <wchar.h> +#endif + #include "strdup.h" #include "curl_memory.h" @@ -50,6 +54,28 @@ char *curlx_strdup(const char *str) } #endif +#ifdef WIN32 +/*************************************************************************** + * + * Curl_wcsdup(source) + * + * Copies the 'source' wchar string to a newly allocated buffer (that is + * returned). + * + * Returns the new pointer or NULL on failure. + * + ***************************************************************************/ +wchar_t *Curl_wcsdup(const wchar_t *src) +{ + size_t length = wcslen(src); + + if(length > (SIZE_T_MAX / sizeof(wchar_t)) - 1) + return (wchar_t *)NULL; /* integer overflow */ + + return (wchar_t *)Curl_memdup(src, (length + 1) * sizeof(wchar_t)); +} +#endif + /*************************************************************************** * * Curl_memdup(source, length) diff --git a/contrib/libs/curl/lib/strdup.h b/contrib/libs/curl/lib/strdup.h index 0936956f89..8c8a6f20e1 100644 --- a/contrib/libs/curl/lib/strdup.h +++ b/contrib/libs/curl/lib/strdup.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,6 +26,9 @@ #ifndef HAVE_STRDUP extern char *curlx_strdup(const char *str); #endif +#ifdef WIN32 +wchar_t* Curl_wcsdup(const wchar_t* src); +#endif void *Curl_memdup(const void *src, size_t buffer_length); void *Curl_saferealloc(void *ptr, size_t size); diff --git a/contrib/libs/curl/lib/strerror.c b/contrib/libs/curl/lib/strerror.c index ab9deaed00..29c5fb27c1 100644 --- a/contrib/libs/curl/lib/strerror.c +++ b/contrib/libs/curl/lib/strerror.c @@ -735,7 +735,7 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) #if defined(WIN32) /* 'sys_nerr' is the maximum errno number, it is not widely portable */ if(err >= 0 && err < sys_nerr) - strncpy(buf, strerror(err), max); + strncpy(buf, sys_errlist[err], max); else #endif { @@ -786,6 +786,7 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) } #else { + /* !checksrc! disable STRERROR 1 */ const char *msg = strerror(err); if(msg) strncpy(buf, msg, max); diff --git a/contrib/libs/curl/lib/tftp.c b/contrib/libs/curl/lib/tftp.c index 8aeb14a4f5..aae997d0f1 100644 --- a/contrib/libs/curl/lib/tftp.c +++ b/contrib/libs/curl/lib/tftp.c @@ -720,7 +720,7 @@ static CURLcode tftp_tx(struct tftp_state_data *state, tftp_event_t event) /* There's a bug in tftpd-hpa that causes it to send us an ack for * 65535 when the block number wraps to 0. So when we're expecting * 0, also accept 65535. See - * http://syslinux.zytor.com/archives/2010-September/015253.html + * https://www.syslinux.org/archives/2010-September/015612.html * */ !(state->block == 0 && rblock == 65535)) { /* This isn't the expected block. Log it and up the retry counter */ diff --git a/contrib/libs/curl/lib/transfer.c b/contrib/libs/curl/lib/transfer.c index 3e650b5b9e..05fec7998c 100644 --- a/contrib/libs/curl/lib/transfer.c +++ b/contrib/libs/curl/lib/transfer.c @@ -1503,7 +1503,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) } #endif Curl_http2_init_state(&data->state); - Curl_hsts_loadcb(data, data->hsts); + result = Curl_hsts_loadcb(data, data->hsts); } /* diff --git a/contrib/libs/curl/lib/url.c b/contrib/libs/curl/lib/url.c index bbe8b48728..a353588cbd 100644 --- a/contrib/libs/curl/lib/url.c +++ b/contrib/libs/curl/lib/url.c @@ -1892,9 +1892,13 @@ static void zonefrom_url(CURLU *uh, struct Curl_easy *data, #else scopeidx = if_nametoindex(zoneid); #endif - if(!scopeidx) + if(!scopeidx) { +#ifndef CURL_DISABLE_VERBOSE_STRINGS + char buffer[STRERROR_LEN]; infof(data, "Invalid zoneid: %s; %s", zoneid, - strerror(errno)); + Curl_strerror(errno, buffer, sizeof(buffer))); +#endif + } else conn->scope_id = scopeidx; } diff --git a/contrib/libs/curl/lib/urlapi.c b/contrib/libs/curl/lib/urlapi.c index 905c499d99..7f03862cfa 100644 --- a/contrib/libs/curl/lib/urlapi.c +++ b/contrib/libs/curl/lib/urlapi.c @@ -770,8 +770,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) size_t schemelen = 0; size_t urllen; - if(!url) - return CURLUE_MALFORMED_INPUT; + DEBUGASSERT(url); /************************************************************* * Parse the URL. diff --git a/contrib/libs/curl/lib/urldata.h b/contrib/libs/curl/lib/urldata.h index c409d2afed..b1b298b691 100644 --- a/contrib/libs/curl/lib/urldata.h +++ b/contrib/libs/curl/lib/urldata.h @@ -704,14 +704,15 @@ struct SingleRequest { #ifndef CURL_DISABLE_DOH struct dohdata *doh; /* DoH specific data for this request */ #endif - BIT(header); /* incoming data has HTTP header */ + BIT(header); /* incoming data has HTTP header */ BIT(content_range); /* set TRUE if Content-Range: was found */ - BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding - upload and we're uploading the last chunk */ - BIT(ignorebody); /* we read a response-body but we ignore it! */ + BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding + upload and we're uploading the last chunk */ + BIT(ignorebody); /* we read a response-body but we ignore it! */ BIT(http_bodyless); /* HTTP response status code is between 100 and 199, 204 or 304 */ - BIT(chunk); /* if set, this is a chunked transfer-encoding */ + BIT(chunk); /* if set, this is a chunked transfer-encoding */ + BIT(ignore_cl); /* ignore content-length */ BIT(upload_chunky); /* set TRUE if we are doing chunked transfer-encoding on upload */ BIT(getheader); /* TRUE if header parsing is wanted */ diff --git a/contrib/libs/curl/lib/vauth/krb5_gssapi.c b/contrib/libs/curl/lib/vauth/krb5_gssapi.c index d1c5ffd215..0a91e8a24d 100644 --- a/contrib/libs/curl/lib/vauth/krb5_gssapi.c +++ b/contrib/libs/curl/lib/vauth/krb5_gssapi.c @@ -170,6 +170,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, * Parameters: * * data [in] - The session handle. + * authzid [in] - The authorization identity if some. * chlg [in] - Optional challenge message. * krb5 [in/out] - The Kerberos 5 data struct being used and modified. * out [out] - The result storage. @@ -177,6 +178,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, * Returns CURLE_OK on success. */ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, + const char *authzid, const struct bufref *chlg, struct kerberos5data *krb5, struct bufref *out) @@ -189,13 +191,10 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, OM_uint32 unused_status; gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; - unsigned int indata = 0; - unsigned int outdata = 0; + unsigned char *indata; gss_qop_t qop = GSS_C_QOP_DEFAULT; unsigned int sec_layer = 0; unsigned int max_size = 0; - gss_name_t username = GSS_C_NO_NAME; - gss_buffer_desc username_token; /* Ensure we have a valid challenge message */ if(!Curl_bufref_len(chlg)) { @@ -203,25 +202,6 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, return CURLE_BAD_CONTENT_ENCODING; } - /* Get the fully qualified username back from the context */ - major_status = gss_inquire_context(&minor_status, krb5->context, - &username, NULL, NULL, NULL, NULL, - NULL, NULL); - if(GSS_ERROR(major_status)) { - Curl_gss_log_error(data, "gss_inquire_context() failed: ", - major_status, minor_status); - return CURLE_AUTH_ERROR; - } - - /* Convert the username from internal format to a displayable token */ - major_status = gss_display_name(&minor_status, username, - &username_token, NULL); - if(GSS_ERROR(major_status)) { - Curl_gss_log_error(data, "gss_display_name() failed: ", - major_status, minor_status); - return CURLE_AUTH_ERROR; - } - /* Setup the challenge "input" security buffer */ input_token.value = (void *) Curl_bufref_ptr(chlg); input_token.length = Curl_bufref_len(chlg); @@ -232,32 +212,32 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, if(GSS_ERROR(major_status)) { Curl_gss_log_error(data, "gss_unwrap() failed: ", major_status, minor_status); - gss_release_buffer(&unused_status, &username_token); return CURLE_BAD_CONTENT_ENCODING; } /* Not 4 octets long so fail as per RFC4752 Section 3.1 */ if(output_token.length != 4) { infof(data, "GSSAPI handshake failure (invalid security data)"); - gss_release_buffer(&unused_status, &username_token); return CURLE_BAD_CONTENT_ENCODING; } - /* Copy the data out and free the challenge as it is not required anymore */ - memcpy(&indata, output_token.value, 4); + /* Extract the security layer and the maximum message size */ + indata = output_token.value; + sec_layer = indata[0]; + max_size = (indata[1] << 16) | (indata[2] << 8) | indata[3]; + + /* Free the challenge as it is not required anymore */ gss_release_buffer(&unused_status, &output_token); - /* Extract the security layer */ - sec_layer = indata & 0x000000FF; + /* Process the security layer */ if(!(sec_layer & GSSAUTH_P_NONE)) { infof(data, "GSSAPI handshake failure (invalid security layer)"); - gss_release_buffer(&unused_status, &username_token); return CURLE_BAD_CONTENT_ENCODING; } + sec_layer &= GSSAUTH_P_NONE; /* We do not support a security layer */ - /* Extract the maximum message size the server can receive */ - max_size = ntohl(indata & 0xFFFFFF00); + /* Process the maximum message size the server can receive */ if(max_size > 0) { /* The server has told us it supports a maximum receive buffer, however, as we don't require one unless we are encrypting data, we tell the server @@ -266,26 +246,24 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, } /* Allocate our message */ - messagelen = sizeof(outdata) + username_token.length + 1; + messagelen = 4; + if(authzid) + messagelen += strlen(authzid); message = malloc(messagelen); - if(!message) { - gss_release_buffer(&unused_status, &username_token); + if(!message) return CURLE_OUT_OF_MEMORY; - } - /* Populate the message with the security layer, client supported receive - message size and authorization identity including the 0x00 based - terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization - identity is not terminated with the zero-valued (%x00) octet." it seems - necessary to include it. */ - outdata = htonl(max_size) | sec_layer; - memcpy(message, &outdata, sizeof(outdata)); - memcpy(message + sizeof(outdata), username_token.value, - username_token.length); - message[messagelen - 1] = '\0'; - - /* Free the username token as it is not required anymore */ - gss_release_buffer(&unused_status, &username_token); + /* Populate the message with the security layer and client supported receive + message size. */ + message[0] = sec_layer & 0xFF; + message[1] = (max_size >> 16) & 0xFF; + message[2] = (max_size >> 8) & 0xFF; + message[3] = max_size & 0xFF; + + /* If given, append the authorization identity. */ + + if(authzid && *authzid) + memcpy(message + 4, authzid, messagelen - 4); /* Setup the "authentication data" security buffer */ input_token.value = message; diff --git a/contrib/libs/curl/lib/vauth/krb5_sspi.c b/contrib/libs/curl/lib/vauth/krb5_sspi.c index 8f7a2b02de..c652fd7365 100644 --- a/contrib/libs/curl/lib/vauth/krb5_sspi.c +++ b/contrib/libs/curl/lib/vauth/krb5_sspi.c @@ -238,13 +238,15 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, * Parameters: * * data [in] - The session handle. - * chlg [in] - The optional challenge message. + * authzid [in] - The authorization identity if some. + * chlg [in] - The optional challenge message. * krb5 [in/out] - The Kerberos 5 data struct being used and modified. * out [out] - The result storage. * * Returns CURLE_OK on success. */ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, + const char *authzid, const struct bufref *chlg, struct kerberos5data *krb5, struct bufref *out) @@ -260,15 +262,12 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, SecBuffer wrap_buf[3]; SecBufferDesc input_desc; SecBufferDesc wrap_desc; - unsigned long indata = 0; - unsigned long outdata = 0; + unsigned char *indata; unsigned long qop = 0; unsigned long sec_layer = 0; unsigned long max_size = 0; SecPkgContext_Sizes sizes; - SecPkgCredentials_Names names; SECURITY_STATUS status; - char *user_name; #if defined(CURL_DISABLE_VERBOSE_STRINGS) (void) data; @@ -291,17 +290,6 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, if(status != SEC_E_OK) return CURLE_AUTH_ERROR; - /* Get the fully qualified username back from the context */ - status = s_pSecFn->QueryCredentialsAttributes(krb5->credentials, - SECPKG_CRED_ATTR_NAMES, - &names); - - if(status == SEC_E_INSUFFICIENT_MEMORY) - return CURLE_OUT_OF_MEMORY; - - if(status != SEC_E_OK) - return CURLE_AUTH_ERROR; - /* Setup the "input" security buffer */ input_desc.ulVersion = SECBUFFER_VERSION; input_desc.cBuffers = 2; @@ -326,19 +314,22 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, return CURLE_BAD_CONTENT_ENCODING; } - /* Copy the data out and free the challenge as it is not required anymore */ - memcpy(&indata, input_buf[1].pvBuffer, 4); + /* Extract the security layer and the maximum message size */ + indata = input_buf[1].pvBuffer; + sec_layer = indata[0]; + max_size = (indata[1] << 16) | (indata[2] << 8) | indata[3]; + + /* Free the challenge as it is not required anymore */ s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer); - /* Extract the security layer */ - sec_layer = indata & 0x000000FF; + /* Process the security layer */ if(!(sec_layer & KERB_WRAP_NO_ENCRYPT)) { infof(data, "GSSAPI handshake failure (invalid security layer)"); return CURLE_BAD_CONTENT_ENCODING; } + sec_layer &= KERB_WRAP_NO_ENCRYPT; /* We do not support a security layer */ - /* Extract the maximum message size the server can receive */ - max_size = ntohl(indata & 0xFFFFFF00); + /* Process the maximum message size the server can receive */ if(max_size > 0) { /* The server has told us it supports a maximum receive buffer, however, as we don't require one unless we are encrypting data, we tell the server @@ -351,33 +342,28 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, if(!trailer) return CURLE_OUT_OF_MEMORY; - /* Convert the user name to UTF8 when operating with Unicode */ - user_name = curlx_convert_tchar_to_UTF8(names.sUserName); - if(!user_name) { - free(trailer); - - return CURLE_OUT_OF_MEMORY; - } - /* Allocate our message */ - messagelen = sizeof(outdata) + strlen(user_name) + 1; + messagelen = 4; + if(authzid) + messagelen += strlen(authzid); message = malloc(messagelen); if(!message) { free(trailer); - curlx_unicodefree(user_name); return CURLE_OUT_OF_MEMORY; } - /* Populate the message with the security layer, client supported receive - message size and authorization identity including the 0x00 based - terminator. Note: Despite RFC4752 Section 3.1 stating "The authorization - identity is not terminated with the zero-valued (%x00) octet." it seems - necessary to include it. */ - outdata = htonl(max_size) | sec_layer; - memcpy(message, &outdata, sizeof(outdata)); - strcpy((char *) message + sizeof(outdata), user_name); - curlx_unicodefree(user_name); + /* Populate the message with the security layer and client supported receive + message size. */ + message[0] = sec_layer & 0xFF; + message[1] = (max_size >> 16) & 0xFF; + message[2] = (max_size >> 8) & 0xFF; + message[3] = max_size & 0xFF; + + /* If given, append the authorization identity. */ + + if(authzid && *authzid) + memcpy(message + 4, authzid, messagelen - 4); /* Allocate the padding */ padding = malloc(sizes.cbBlockSize); diff --git a/contrib/libs/curl/lib/vauth/vauth.h b/contrib/libs/curl/lib/vauth/vauth.h index ec5b0007f5..47a7c0bc81 100644 --- a/contrib/libs/curl/lib/vauth/vauth.h +++ b/contrib/libs/curl/lib/vauth/vauth.h @@ -194,6 +194,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data, /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) security token message */ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, + const char *authzid, const struct bufref *chlg, struct kerberos5data *krb5, struct bufref *out); diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c index 20810274e0..a61061cec1 100644 --- a/contrib/libs/curl/lib/vquic/ngtcp2.c +++ b/contrib/libs/curl/lib/vquic/ngtcp2.c @@ -28,6 +28,9 @@ #error #include <nghttp3/nghttp3.h> #ifdef USE_OPENSSL #include <openssl/err.h> +#error #include <ngtcp2/ngtcp2_crypto_openssl.h> +#elif defined(USE_GNUTLS) +#error #include <ngtcp2/ngtcp2_crypto_gnutls.h> #endif #include "urldata.h" #include "sendf.h" @@ -117,42 +120,6 @@ static void quic_printf(void *user_data, const char *fmt, ...) } #endif -#ifdef USE_OPENSSL -static ngtcp2_crypto_level -quic_from_ossl_level(OSSL_ENCRYPTION_LEVEL ossl_level) -{ - switch(ossl_level) { - case ssl_encryption_initial: - return NGTCP2_CRYPTO_LEVEL_INITIAL; - case ssl_encryption_early_data: - return NGTCP2_CRYPTO_LEVEL_EARLY; - case ssl_encryption_handshake: - return NGTCP2_CRYPTO_LEVEL_HANDSHAKE; - case ssl_encryption_application: - return NGTCP2_CRYPTO_LEVEL_APPLICATION; - default: - assert(0); - } -} -#elif defined(USE_GNUTLS) -static ngtcp2_crypto_level -quic_from_gtls_level(gnutls_record_encryption_level_t gtls_level) -{ - switch(gtls_level) { - case GNUTLS_ENCRYPTION_LEVEL_INITIAL: - return NGTCP2_CRYPTO_LEVEL_INITIAL; - case GNUTLS_ENCRYPTION_LEVEL_EARLY: - return NGTCP2_CRYPTO_LEVEL_EARLY; - case GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE: - return NGTCP2_CRYPTO_LEVEL_HANDSHAKE; - case GNUTLS_ENCRYPTION_LEVEL_APPLICATION: - return NGTCP2_CRYPTO_LEVEL_APPLICATION; - default: - assert(0); - } -} -#endif - static void qlog_callback(void *user_data, uint32_t flags, const void *data, size_t datalen) { @@ -223,27 +190,9 @@ static int write_client_handshake(struct quicsocket *qs, ngtcp2_crypto_level level, const uint8_t *data, size_t len) { - struct quic_handshake *crypto_data; int rv; - crypto_data = &qs->crypto_data[level]; - if(!crypto_data->buf) { - crypto_data->buf = malloc(4096); - if(!crypto_data->buf) - return 0; - crypto_data->alloclen = 4096; - } - - /* TODO Just pretend that handshake does not grow more than 4KiB for - now */ - assert(crypto_data->len + len <= crypto_data->alloclen); - - memcpy(&crypto_data->buf[crypto_data->len], data, len); - crypto_data->len += len; - - rv = ngtcp2_conn_submit_crypto_data( - qs->qconn, level, (uint8_t *)(&crypto_data->buf[crypto_data->len] - len), - len); + rv = ngtcp2_conn_submit_crypto_data(qs->qconn, level, data, len); if(rv) { H3BUGF(fprintf(stderr, "write_client_handshake failed\n")); } @@ -260,7 +209,7 @@ static int quic_set_encryption_secrets(SSL *ssl, size_t secretlen) { struct quicsocket *qs = (struct quicsocket *)SSL_get_app_data(ssl); - int level = quic_from_ossl_level(ossl_level); + int level = ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level); if(ngtcp2_crypto_derive_and_install_rx_key( qs->qconn, NULL, NULL, NULL, level, rx_secret, secretlen) != 0) @@ -282,7 +231,8 @@ static int quic_add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL ossl_level, const uint8_t *data, size_t len) { struct quicsocket *qs = (struct quicsocket *)SSL_get_app_data(ssl); - ngtcp2_crypto_level level = quic_from_ossl_level(ossl_level); + ngtcp2_crypto_level level = + ngtcp2_crypto_openssl_from_ossl_encryption_level(ossl_level); return write_client_handshake(qs, level, data, len); } @@ -370,7 +320,8 @@ static int secret_func(gnutls_session_t ssl, const void *tx_secret, size_t secretlen) { struct quicsocket *qs = gnutls_session_get_ptr(ssl); - int level = quic_from_gtls_level(gtls_level); + int level = + ngtcp2_crypto_gnutls_from_gnutls_record_encryption_level(gtls_level); if(level != NGTCP2_CRYPTO_LEVEL_EARLY && ngtcp2_crypto_derive_and_install_rx_key( @@ -395,7 +346,8 @@ static int read_func(gnutls_session_t ssl, size_t len) { struct quicsocket *qs = gnutls_session_get_ptr(ssl); - ngtcp2_crypto_level level = quic_from_gtls_level(gtls_level); + ngtcp2_crypto_level level = + ngtcp2_crypto_gnutls_from_gnutls_record_encryption_level(gtls_level); int rv; if(htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC) @@ -543,22 +495,6 @@ static int quic_init_ssl(struct quicsocket *qs) } #endif -static int -cb_recv_crypto_data(ngtcp2_conn *tconn, ngtcp2_crypto_level crypto_level, - uint64_t offset, - const uint8_t *data, size_t datalen, - void *user_data) -{ - (void)offset; - (void)user_data; - - if(ngtcp2_crypto_read_write_crypto_data(tconn, crypto_level, data, - datalen) != 0) - return NGTCP2_ERR_CRYPTO; - - return 0; -} - static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data) { (void)user_data; @@ -623,8 +559,8 @@ cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id, return 0; } -static int cb_stream_close(ngtcp2_conn *tconn, int64_t stream_id, - uint64_t app_error_code, +static int cb_stream_close(ngtcp2_conn *tconn, uint32_t flags, + int64_t stream_id, uint64_t app_error_code, void *user_data, void *stream_user_data) { struct quicsocket *qs = (struct quicsocket *)user_data; @@ -633,6 +569,10 @@ static int cb_stream_close(ngtcp2_conn *tconn, int64_t stream_id, (void)stream_user_data; /* stream is closed... */ + if(!(flags & NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET)) { + app_error_code = NGHTTP3_H3_NO_ERROR; + } + rv = nghttp3_conn_close_stream(qs->h3conn, stream_id, app_error_code); if(rv) { @@ -653,7 +593,25 @@ static int cb_stream_reset(ngtcp2_conn *tconn, int64_t stream_id, (void)app_error_code; (void)stream_user_data; - rv = nghttp3_conn_reset_stream(qs->h3conn, stream_id); + rv = nghttp3_conn_shutdown_stream_read(qs->h3conn, stream_id); + if(rv) { + return NGTCP2_ERR_CALLBACK_FAILURE; + } + + return 0; +} + +static int cb_stream_stop_sending(ngtcp2_conn *tconn, int64_t stream_id, + uint64_t app_error_code, void *user_data, + void *stream_user_data) +{ + struct quicsocket *qs = (struct quicsocket *)user_data; + int rv; + (void)tconn; + (void)app_error_code; + (void)stream_user_data; + + rv = nghttp3_conn_shutdown_stream_read(qs->h3conn, stream_id); if(rv) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -713,14 +671,13 @@ static int cb_get_new_connection_id(ngtcp2_conn *tconn, ngtcp2_cid *cid, static ngtcp2_callbacks ng_callbacks = { ngtcp2_crypto_client_initial_cb, NULL, /* recv_client_initial */ - cb_recv_crypto_data, + ngtcp2_crypto_recv_crypto_data_cb, cb_handshake_completed, NULL, /* recv_version_negotiation */ ngtcp2_crypto_encrypt_cb, ngtcp2_crypto_decrypt_cb, ngtcp2_crypto_hp_mask_cb, cb_recv_stream_data, - NULL, /* acked_crypto_offset */ cb_acked_stream_data_offset, NULL, /* stream_open */ cb_stream_close, @@ -745,7 +702,9 @@ static ngtcp2_callbacks ng_callbacks = { ngtcp2_crypto_delete_crypto_cipher_ctx_cb, NULL, /* recv_datagram */ NULL, /* ack_datagram */ - NULL /* lost_datagram */ + NULL, /* lost_datagram */ + NULL, /* get_path_challenge_data */ + cb_stream_stop_sending }; /* @@ -859,7 +818,6 @@ static int ng_getsock(struct Curl_easy *data, struct connectdata *conn, static void qs_disconnect(struct quicsocket *qs) { - int i; if(!qs->conn) /* already closed */ return; qs->conn = NULL; @@ -880,8 +838,6 @@ static void qs_disconnect(struct quicsocket *qs) qs->cred = NULL; } #endif - for(i = 0; i < 3; i++) - Curl_safefree(qs->crypto_data[i].buf); nghttp3_conn_del(qs->h3conn); ngtcp2_conn_del(qs->qconn); #ifdef USE_OPENSSL @@ -1143,14 +1099,10 @@ static nghttp3_callbacks ngh3_callbacks = { NULL, /* begin_trailers */ cb_h3_recv_header, NULL, /* end_trailers */ - NULL, /* http_begin_push_promise */ - NULL, /* http_recv_push_promise */ - NULL, /* http_end_push_promise */ - NULL, /* http_cancel_push */ cb_h3_send_stop_sending, - NULL, /* push_stream */ NULL, /* end_stream */ NULL, /* reset_stream */ + NULL /* shutdown */ }; static int init_ngh3_conn(struct quicsocket *qs) @@ -1660,6 +1612,12 @@ static ssize_t ngh3_stream_send(struct Curl_easy *data, return -1; } + /* Reset post upload buffer after resumed. */ + if(stream->upload_mem) { + stream->upload_mem = NULL; + stream->upload_len = 0; + } + *curlcode = CURLE_OK; return sent; } @@ -1758,8 +1716,7 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, int rv; ssize_t sent; ssize_t outlen; - uint8_t out[NGTCP2_MAX_PKTLEN_IPV4]; - size_t pktlen; + uint8_t out[NGTCP2_MAX_UDP_PAYLOAD_SIZE]; ngtcp2_path_storage ps; ngtcp2_tstamp ts = timestamp(); struct sockaddr_storage remote_addr; @@ -1772,19 +1729,6 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, ssize_t ndatalen; uint32_t flags; - switch(qs->local_addr.ss_family) { - case AF_INET: - pktlen = NGTCP2_MAX_PKTLEN_IPV4; - break; -#ifdef ENABLE_IPV6 - case AF_INET6: - pktlen = NGTCP2_MAX_PKTLEN_IPV6; - break; -#endif - default: - assert(0); - } - rv = ngtcp2_conn_handle_expiry(qs->qconn, ts); if(rv) { failf(data, "ngtcp2_conn_handle_expiry returned error: %s", @@ -1811,15 +1755,16 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, flags = NGTCP2_WRITE_STREAM_FLAG_MORE | (fin ? NGTCP2_WRITE_STREAM_FLAG_FIN : 0); - outlen = ngtcp2_conn_writev_stream(qs->qconn, &ps.path, NULL, out, pktlen, + outlen = ngtcp2_conn_writev_stream(qs->qconn, &ps.path, NULL, out, + sizeof(out), &ndatalen, flags, stream_id, (const ngtcp2_vec *)vec, veccnt, ts); if(outlen == 0) { break; } if(outlen < 0) { - if(outlen == NGTCP2_ERR_STREAM_DATA_BLOCKED || - outlen == NGTCP2_ERR_STREAM_SHUT_WR) { + switch(outlen) { + case NGTCP2_ERR_STREAM_DATA_BLOCKED: assert(ndatalen == -1); rv = nghttp3_conn_block_stream(qs->h3conn, stream_id); if(rv) { @@ -1828,8 +1773,17 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, return CURLE_SEND_ERROR; } continue; - } - else if(outlen == NGTCP2_ERR_WRITE_MORE) { + case NGTCP2_ERR_STREAM_SHUT_WR: + assert(ndatalen == -1); + rv = nghttp3_conn_shutdown_stream_write(qs->h3conn, stream_id); + if(rv) { + failf(data, + "nghttp3_conn_shutdown_stream_write returned error: %s\n", + nghttp3_strerror(rv)); + return CURLE_SEND_ERROR; + } + continue; + case NGTCP2_ERR_WRITE_MORE: assert(ndatalen >= 0); rv = nghttp3_conn_add_write_offset(qs->h3conn, stream_id, ndatalen); if(rv) { @@ -1838,8 +1792,7 @@ static CURLcode ng_flush_egress(struct Curl_easy *data, return CURLE_SEND_ERROR; } continue; - } - else { + default: assert(ndatalen == -1); failf(data, "ngtcp2_conn_writev_stream returned error: %s", ngtcp2_strerror((int)outlen)); diff --git a/contrib/libs/curl/lib/vssh/libssh.c b/contrib/libs/curl/lib/vssh/libssh.c index 5ec2442a38..c1e42edee3 100644 --- a/contrib/libs/curl/lib/vssh/libssh.c +++ b/contrib/libs/curl/lib/vssh/libssh.c @@ -74,7 +74,6 @@ #include "strcase.h" #include "vtls/vtls.h" #include "connect.h" -#include "strerror.h" #include "inet_ntop.h" #include "parsedate.h" /* for the week day and month names */ #include "sockaddr.h" /* required for Curl_sockaddr_storage */ diff --git a/contrib/libs/curl/lib/vssh/libssh2.c b/contrib/libs/curl/lib/vssh/libssh2.c index bfb498cf42..7683b43cfa 100644 --- a/contrib/libs/curl/lib/vssh/libssh2.c +++ b/contrib/libs/curl/lib/vssh/libssh2.c @@ -73,7 +73,6 @@ #include "strcase.h" #include "vtls/vtls.h" #include "connect.h" -#include "strerror.h" #include "inet_ntop.h" #include "parsedate.h" /* for the week day and month names */ #include "sockaddr.h" /* required for Curl_sockaddr_storage */ diff --git a/contrib/libs/curl/lib/vtls/bearssl.c b/contrib/libs/curl/lib/vtls/bearssl.c index cbbb3b5deb..e87649e2a7 100644 --- a/contrib/libs/curl/lib/vtls/bearssl.c +++ b/contrib/libs/curl/lib/vtls/bearssl.c @@ -68,6 +68,14 @@ struct cafile_parser { size_t dn_len; }; +#define CAFILE_SOURCE_PATH 1 +#define CAFILE_SOURCE_BLOB 2 +struct cafile_source { + const int type; + const char * const data; + const size_t len; +}; + static void append_dn(void *ctx, const void *buf, size_t len) { struct cafile_parser *ca = ctx; @@ -90,7 +98,8 @@ static void x509_push(void *ctx, const void *buf, size_t len) br_x509_decoder_push(&ca->xc, buf, len); } -static CURLcode load_cafile(const char *path, br_x509_trust_anchor **anchors, +static CURLcode load_cafile(struct cafile_source *source, + br_x509_trust_anchor **anchors, size_t *anchors_len) { struct cafile_parser ca; @@ -100,13 +109,22 @@ static CURLcode load_cafile(const char *path, br_x509_trust_anchor **anchors, br_x509_trust_anchor *new_anchors; size_t new_anchors_len; br_x509_pkey *pkey; - FILE *fp; - unsigned char buf[BUFSIZ], *p; + FILE *fp = 0; + unsigned char buf[BUFSIZ]; + const unsigned char *p; const char *name; size_t n, i, pushed; - fp = fopen(path, "rb"); - if(!fp) + DEBUGASSERT(source->type == CAFILE_SOURCE_PATH + || source->type == CAFILE_SOURCE_BLOB); + + if(source->type == CAFILE_SOURCE_PATH) { + fp = fopen(source->data, "rb"); + if(!fp) + return CURLE_SSL_CACERT_BADFILE; + } + + if(source->type == CAFILE_SOURCE_BLOB && source->len > (size_t)INT_MAX) return CURLE_SSL_CACERT_BADFILE; ca.err = CURLE_OK; @@ -115,11 +133,17 @@ static CURLcode load_cafile(const char *path, br_x509_trust_anchor **anchors, ca.anchors_len = 0; br_pem_decoder_init(&pc); br_pem_decoder_setdest(&pc, x509_push, &ca); - for(;;) { - n = fread(buf, 1, sizeof(buf), fp); - if(n == 0) - break; - p = buf; + do { + if(source->type == CAFILE_SOURCE_PATH) { + n = fread(buf, 1, sizeof(buf), fp); + if(n == 0) + break; + p = buf; + } + else if(source->type == CAFILE_SOURCE_BLOB) { + n = source->len; + p = (unsigned char *) source->data; + } while(n) { pushed = br_pem_decoder_push(&pc, p, n); if(ca.err) @@ -211,12 +235,13 @@ static CURLcode load_cafile(const char *path, br_x509_trust_anchor **anchors, goto fail; } } - } - if(ferror(fp)) + } while(source->type != CAFILE_SOURCE_BLOB); + if(fp && ferror(fp)) ca.err = CURLE_READ_ERROR; fail: - fclose(fp); + if(fp) + fclose(fp); if(ca.err == CURLE_OK) { *anchors = ca.anchors; *anchors_len = ca.anchors_len; @@ -299,7 +324,10 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; - const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile); + const struct curl_blob *ca_info_blob = SSL_CONN_CONFIG(ca_info_blob); + const char * const ssl_cafile = + /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ + (ca_info_blob ? NULL : SSL_CONN_CONFIG(CAfile)); const char *hostname = SSL_HOST_NAME(); const bool verifypeer = SSL_CONN_CONFIG(verifypeer); const bool verifyhost = SSL_CONN_CONFIG(verifyhost); @@ -340,8 +368,30 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data, return CURLE_SSL_CONNECT_ERROR; } + if(ca_info_blob) { + struct cafile_source source = { + CAFILE_SOURCE_BLOB, + ca_info_blob->data, + ca_info_blob->len, + }; + ret = load_cafile(&source, &backend->anchors, &backend->anchors_len); + if(ret != CURLE_OK) { + if(verifypeer) { + failf(data, "error importing CA certificate blob"); + return ret; + } + /* Only warn if no certificate verification is required. */ + infof(data, "error importing CA certificate blob, continuing anyway"); + } + } + if(ssl_cafile) { - ret = load_cafile(ssl_cafile, &backend->anchors, &backend->anchors_len); + struct cafile_source source = { + CAFILE_SOURCE_PATH, + ssl_cafile, + 0, + }; + ret = load_cafile(&source, &backend->anchors, &backend->anchors_len); if(ret != CURLE_OK) { if(verifypeer) { failf(data, "error setting certificate verify locations." @@ -841,7 +891,7 @@ static CURLcode bearssl_sha256sum(const unsigned char *input, const struct Curl_ssl Curl_ssl_bearssl = { { CURLSSLBACKEND_BEARSSL, "bearssl" }, /* info */ - 0, + SSLSUPP_CAINFO_BLOB, sizeof(struct ssl_backend_data), Curl_none_init, /* init */ diff --git a/contrib/libs/curl/lib/vtls/gskit.c b/contrib/libs/curl/lib/vtls/gskit.c index c337d6472f..e451f6aebe 100644 --- a/contrib/libs/curl/lib/vtls/gskit.c +++ b/contrib/libs/curl/lib/vtls/gskit.c @@ -73,7 +73,7 @@ #include "connect.h" /* for the connect timeout */ #include "select.h" #include "strcase.h" -#error #include "x509asn1.h" +#include "x509asn1.h" #include "curl_printf.h" #include "curl_memory.h" @@ -180,6 +180,7 @@ static bool is_separator(char c) static CURLcode gskit_status(struct Curl_easy *data, int rc, const char *procname, CURLcode defcode) { + char buffer[STRERROR_LEN]; /* Process GSKit status and map it to a CURLcode. */ switch(rc) { case GSK_OK: @@ -208,7 +209,8 @@ static CURLcode gskit_status(struct Curl_easy *data, int rc, case ENOMEM: return CURLE_OUT_OF_MEMORY; default: - failf(data, "%s I/O error: %s", procname, strerror(errno)); + failf(data, "%s I/O error: %s", procname, + Curl_strerror(errno, buffer, sizeof(buffer))); break; } break; @@ -223,13 +225,15 @@ static CURLcode gskit_status(struct Curl_easy *data, int rc, static CURLcode set_enum(struct Curl_easy *data, gsk_handle h, GSK_ENUM_ID id, GSK_ENUM_VALUE value, bool unsupported_ok) { + char buffer[STRERROR_LEN]; int rc = gsk_attribute_set_enum(h, id, value); switch(rc) { case GSK_OK: return CURLE_OK; case GSK_ERROR_IO: - failf(data, "gsk_attribute_set_enum() I/O error: %s", strerror(errno)); + failf(data, "gsk_attribute_set_enum() I/O error: %s", + Curl_strerror(errno, buffer, sizeof(buffer))); break; case GSK_ATTRIBUTE_INVALID_ID: if(unsupported_ok) @@ -245,13 +249,15 @@ static CURLcode set_enum(struct Curl_easy *data, gsk_handle h, static CURLcode set_buffer(struct Curl_easy *data, gsk_handle h, GSK_BUF_ID id, const char *buffer, bool unsupported_ok) { + char buffer[STRERROR_LEN]; int rc = gsk_attribute_set_buffer(h, id, buffer, 0); switch(rc) { case GSK_OK: return CURLE_OK; case GSK_ERROR_IO: - failf(data, "gsk_attribute_set_buffer() I/O error: %s", strerror(errno)); + failf(data, "gsk_attribute_set_buffer() I/O error: %s", + Curl_strerror(errno, buffer, sizeof(buffer))); break; case GSK_ATTRIBUTE_INVALID_ID: if(unsupported_ok) @@ -267,6 +273,7 @@ static CURLcode set_buffer(struct Curl_easy *data, gsk_handle h, static CURLcode set_numeric(struct Curl_easy *data, gsk_handle h, GSK_NUM_ID id, int value) { + char buffer[STRERROR_LEN]; int rc = gsk_attribute_set_numeric_value(h, id, value); switch(rc) { @@ -274,7 +281,7 @@ static CURLcode set_numeric(struct Curl_easy *data, return CURLE_OK; case GSK_ERROR_IO: failf(data, "gsk_attribute_set_numeric_value() I/O error: %s", - strerror(errno)); + Curl_strerror(errno, buffer, sizeof(buffer))); break; default: failf(data, "gsk_attribute_set_numeric_value(): %s", gsk_strerror(rc)); @@ -287,13 +294,15 @@ static CURLcode set_numeric(struct Curl_easy *data, static CURLcode set_callback(struct Curl_easy *data, gsk_handle h, GSK_CALLBACK_ID id, void *info) { + char buffer[STRERROR_LEN]; int rc = gsk_attribute_set_callback(h, id, info); switch(rc) { case GSK_OK: return CURLE_OK; case GSK_ERROR_IO: - failf(data, "gsk_attribute_set_callback() I/O error: %s", strerror(errno)); + failf(data, "gsk_attribute_set_callback() I/O error: %s", + Curl_strerror(errno, buffer, sizeof(buffer))); break; default: failf(data, "gsk_attribute_set_callback(): %s", gsk_strerror(rc)); @@ -966,7 +975,9 @@ static CURLcode gskit_connect_step2(struct Curl_easy *data, continue; /* Retry. */ } if(errno != ETIME) { - failf(data, "QsoWaitForIOCompletion() I/O error: %s", strerror(errno)); + char buffer[STRERROR_LEN]; + failf(data, "QsoWaitForIOCompletion() I/O error: %s", + Curl_strerror(errno, buffer, sizeof(buffer))); cancel_async_handshake(conn, sockindex); close_async_handshake(connssl); return CURLE_SSL_CONNECT_ERROR; @@ -1229,7 +1240,8 @@ static int gskit_shutdown(struct Curl_easy *data, nread = read(conn->sock[sockindex], buf, sizeof(buf)); if(nread < 0) { - failf(data, "read: %s", strerror(errno)); + char buffer[STRERROR_LEN]; + failf(data, "read: %s", Curl_strerror(errno, buffer, sizeof(buffer))); rc = -1; } diff --git a/contrib/libs/curl/lib/vtls/gtls.c b/contrib/libs/curl/lib/vtls/gtls.c index efba454591..1b145d8ebb 100644 --- a/contrib/libs/curl/lib/vtls/gtls.c +++ b/contrib/libs/curl/lib/vtls/gtls.c @@ -48,7 +48,7 @@ #include "select.h" #include "strcase.h" #include "warnless.h" -#error #include "x509asn1.h" +#include "x509asn1.h" #include "multiif.h" #include "curl_printf.h" #include "curl_memory.h" diff --git a/contrib/libs/curl/lib/vtls/mbedtls.c b/contrib/libs/curl/lib/vtls/mbedtls.c index e61dcc9c36..c1b427cfb4 100644 --- a/contrib/libs/curl/lib/vtls/mbedtls.c +++ b/contrib/libs/curl/lib/vtls/mbedtls.c @@ -41,7 +41,9 @@ #error #include <mbedtls/net.h> #endif #error #include <mbedtls/ssl.h> +#if MBEDTLS_VERSION_NUMBER < 0x03000000 #error #include <mbedtls/certs.h> +#endif #error #include <mbedtls/x509.h> #error #include <mbedtls/error.h> @@ -183,6 +185,17 @@ static Curl_send mbed_send; static CURLcode mbedtls_version_from_curl(int *mbedver, long version) { +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + switch(version) { + case CURL_SSLVERSION_TLSv1_0: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_2: + *mbedver = MBEDTLS_SSL_MINOR_VERSION_3; + return CURLE_OK; + case CURL_SSLVERSION_TLSv1_3: + break; + } +#else switch(version) { case CURL_SSLVERSION_TLSv1_0: *mbedver = MBEDTLS_SSL_MINOR_VERSION_1; @@ -196,6 +209,8 @@ static CURLcode mbedtls_version_from_curl(int *mbedver, long version) case CURL_SSLVERSION_TLSv1_3: break; } +#endif + return CURLE_SSL_CONNECT_ERROR; } @@ -205,8 +220,13 @@ set_ssl_version_min_max(struct Curl_easy *data, struct connectdata *conn, { struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_3; + int mbedtls_ver_max = MBEDTLS_SSL_MINOR_VERSION_3; +#else int mbedtls_ver_min = MBEDTLS_SSL_MINOR_VERSION_1; int mbedtls_ver_max = MBEDTLS_SSL_MINOR_VERSION_1; +#endif long ssl_version = SSL_CONN_CONFIG(version); long ssl_version_max = SSL_CONN_CONFIG(version_max); CURLcode result = CURLE_OK; @@ -257,7 +277,9 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob); const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile); const char * const hostname = SSL_HOST_NAME(); +#ifndef CURL_DISABLE_VERBOSE_STRINGS const long int port = SSL_HOST_PORT(); +#endif int ret = -1; char errorbuf[128]; @@ -354,8 +376,15 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, if(SSL_SET_OPTION(key) || SSL_SET_OPTION(key_blob)) { if(SSL_SET_OPTION(key)) { +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + ret = mbedtls_pk_parse_keyfile(&backend->pk, SSL_SET_OPTION(key), + SSL_SET_OPTION(key_passwd), + mbedtls_ctr_drbg_random, + &backend->ctr_drbg); +#else ret = mbedtls_pk_parse_keyfile(&backend->pk, SSL_SET_OPTION(key), SSL_SET_OPTION(key_passwd)); +#endif if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); @@ -369,9 +398,17 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, const unsigned char *key_data = (const unsigned char *)ssl_key_blob->data; const char *passwd = SSL_SET_OPTION(key_passwd); +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + ret = mbedtls_pk_parse_key(&backend->pk, key_data, ssl_key_blob->len, + (const unsigned char *)passwd, + passwd ? strlen(passwd) : 0, + mbedtls_ctr_drbg_random, + &backend->ctr_drbg); +#else ret = mbedtls_pk_parse_key(&backend->pk, key_data, ssl_key_blob->len, (const unsigned char *)passwd, passwd ? strlen(passwd) : 0); +#endif if(ret) { mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); @@ -426,10 +463,12 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn, switch(SSL_CONN_CONFIG(version)) { case CURL_SSLVERSION_DEFAULT: case CURL_SSLVERSION_TLSv1: +#if MBEDTLS_VERSION_NUMBER < 0x03000000 mbedtls_ssl_conf_min_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1); infof(data, "mbedTLS: Set min SSL version to TLS 1.0"); break; +#endif case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: @@ -629,10 +668,15 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(pinnedpubkey) { int size; CURLcode result; - mbedtls_x509_crt *p; - unsigned char pubkey[PUB_DER_MAX_BYTES]; + mbedtls_x509_crt *p = NULL; + unsigned char *pubkey = NULL; +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) || + !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) { +#else if(!peercert || !peercert->raw.p || !peercert->raw.len) { +#endif failf(data, "Failed due to missing peer certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH; } @@ -642,39 +686,54 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn, if(!p) return CURLE_OUT_OF_MEMORY; + pubkey = malloc(PUB_DER_MAX_BYTES); + + if(!pubkey) { + result = CURLE_OUT_OF_MEMORY; + goto pinnedpubkey_error; + } + mbedtls_x509_crt_init(p); /* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der needs a non-const key, for now. https://github.com/ARMmbed/mbedtls/issues/396 */ +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + if(mbedtls_x509_crt_parse_der(p, + peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p), + peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len))) { +#else if(mbedtls_x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) { +#endif failf(data, "Failed copying peer certificate"); - mbedtls_x509_crt_free(p); - free(p); - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + goto pinnedpubkey_error; } +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + size = mbedtls_pk_write_pubkey_der(&p->MBEDTLS_PRIVATE(pk), pubkey, + PUB_DER_MAX_BYTES); +#else size = mbedtls_pk_write_pubkey_der(&p->pk, pubkey, PUB_DER_MAX_BYTES); +#endif if(size <= 0) { failf(data, "Failed copying public key from peer certificate"); - mbedtls_x509_crt_free(p); - free(p); - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; + goto pinnedpubkey_error; } /* mbedtls_pk_write_pubkey_der writes data at the end of the buffer. */ result = Curl_pin_peer_pubkey(data, pinnedpubkey, &pubkey[PUB_DER_MAX_BYTES - size], size); + pinnedpubkey_error: + mbedtls_x509_crt_free(p); + free(p); + free(pubkey); if(result) { - mbedtls_x509_crt_free(p); - free(p); return result; } - - mbedtls_x509_crt_free(p); - free(p); } #ifdef HAS_ALPN @@ -1064,12 +1123,17 @@ static CURLcode mbedtls_sha256sum(const unsigned char *input, unsigned char *sha256sum, size_t sha256len UNUSED_PARAM) { + /* TODO: explain this for different mbedtls 2.x vs 3 version */ (void)sha256len; #if MBEDTLS_VERSION_NUMBER < 0x02070000 mbedtls_sha256(input, inputlen, sha256sum, 0); #else /* returns 0 on success, otherwise failure */ +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 + if(mbedtls_sha256(input, inputlen, sha256sum, 0) != 0) +#else if(mbedtls_sha256_ret(input, inputlen, sha256sum, 0) != 0) +#endif return CURLE_BAD_FUNCTION_ARGUMENT; #endif return CURLE_OK; diff --git a/contrib/libs/curl/lib/vtls/mbedtls_threadlock.c b/contrib/libs/curl/lib/vtls/mbedtls_threadlock.c index d3c4698131..2bfb522af2 100644 --- a/contrib/libs/curl/lib/vtls/mbedtls_threadlock.c +++ b/contrib/libs/curl/lib/vtls/mbedtls_threadlock.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2013 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2013 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> * * This software is licensed as described in the file COPYING, which @@ -55,10 +55,8 @@ int Curl_mbedtlsthreadlock_thread_setup(void) return 0; /* error, no number of threads defined */ for(i = 0; i < NUMT; i++) { - int ret; #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) - ret = pthread_mutex_init(&mutex_buf[i], NULL); - if(ret) + if(pthread_mutex_init(&mutex_buf[i], NULL)) return 0; /* pthread_mutex_init failed */ #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) mutex_buf[i] = CreateMutex(0, FALSE, 0); @@ -78,14 +76,11 @@ int Curl_mbedtlsthreadlock_thread_cleanup(void) return 0; /* error, no threads locks defined */ for(i = 0; i < NUMT; i++) { - int ret; #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) - ret = pthread_mutex_destroy(&mutex_buf[i]); - if(ret) + if(pthread_mutex_destroy(&mutex_buf[i])) return 0; /* pthread_mutex_destroy failed */ #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - ret = CloseHandle(mutex_buf[i]); - if(!ret) + if(!CloseHandle(mutex_buf[i])) return 0; /* CloseHandle failed */ #endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */ } @@ -98,17 +93,14 @@ int Curl_mbedtlsthreadlock_thread_cleanup(void) int Curl_mbedtlsthreadlock_lock_function(int n) { if(n < NUMT) { - int ret; #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) - ret = pthread_mutex_lock(&mutex_buf[n]); - if(ret) { + if(pthread_mutex_lock(&mutex_buf[n])) { DEBUGF(fprintf(stderr, "Error: mbedtlsthreadlock_lock_function failed\n")); return 0; /* pthread_mutex_lock failed */ } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0); - if(ret) { + if(WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED) { DEBUGF(fprintf(stderr, "Error: mbedtlsthreadlock_lock_function failed\n")); return 0; /* pthread_mutex_lock failed */ @@ -121,17 +113,14 @@ int Curl_mbedtlsthreadlock_lock_function(int n) int Curl_mbedtlsthreadlock_unlock_function(int n) { if(n < NUMT) { - int ret; #if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) - ret = pthread_mutex_unlock(&mutex_buf[n]); - if(ret) { + if(pthread_mutex_unlock(&mutex_buf[n])) { DEBUGF(fprintf(stderr, "Error: mbedtlsthreadlock_unlock_function failed\n")); return 0; /* pthread_mutex_unlock failed */ } #elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H) - ret = ReleaseMutex(mutex_buf[n]); - if(!ret) { + if(!ReleaseMutex(mutex_buf[n])) { DEBUGF(fprintf(stderr, "Error: mbedtlsthreadlock_unlock_function failed\n")); return 0; /* pthread_mutex_lock failed */ diff --git a/contrib/libs/curl/lib/vtls/mesalink.c b/contrib/libs/curl/lib/vtls/mesalink.c index 5deaea5f6e..3db9184f79 100644 --- a/contrib/libs/curl/lib/vtls/mesalink.c +++ b/contrib/libs/curl/lib/vtls/mesalink.c @@ -49,7 +49,7 @@ #include "connect.h" /* for the connect timeout */ #include "select.h" #include "strcase.h" -#error #include "x509asn1.h" +#include "x509asn1.h" #include "curl_printf.h" #include "mesalink.h" diff --git a/contrib/libs/curl/lib/vtls/nss.c b/contrib/libs/curl/lib/vtls/nss.c index f274baf05f..cf657895f6 100644 --- a/contrib/libs/curl/lib/vtls/nss.c +++ b/contrib/libs/curl/lib/vtls/nss.c @@ -68,7 +68,7 @@ #include "strcase.h" #include "warnless.h" -#error #include "x509asn1.h" +#include "x509asn1.h" /* The last #include files should be: */ #include "curl_memory.h" diff --git a/contrib/libs/curl/lib/vtls/openssl.c b/contrib/libs/curl/lib/vtls/openssl.c index 8af23b783a..87f4b02b71 100644 --- a/contrib/libs/curl/lib/vtls/openssl.c +++ b/contrib/libs/curl/lib/vtls/openssl.c @@ -194,7 +194,7 @@ !defined(OPENSSL_IS_BORINGSSL)) #define HAVE_SSL_CTX_SET_CIPHERSUITES #define HAVE_SSL_CTX_SET_POST_HANDSHAKE_AUTH -/* SET_EC_CURVES available under the same preconditions: see +/* SET_EC_CURVES is available under the same preconditions: see * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html */ #define HAVE_SSL_CTX_SET_EC_CURVES @@ -209,8 +209,8 @@ #endif #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) -/* up2date versions of OpenSSL maintain the default reasonably secure without - * breaking compatibility, so it is better not to override the default by curl +/* up2date versions of OpenSSL maintain reasonably secure defaults without + * breaking compatibility, so it is better not to override the defaults in curl */ #define DEFAULT_CIPHER_SELECTION NULL #else @@ -1192,7 +1192,7 @@ static int ossl_init(void) CONF_MFLAGS_IGNORE_MISSING_FILE); #endif - /* Lets get nice error messages */ + /* Let's get nice error messages */ SSL_load_error_strings(); /* Init the global ciphers and digests */ @@ -1769,7 +1769,7 @@ static CURLcode verifyhost(struct Curl_easy *data, struct connectdata *conn, /* we have the name entry and we will now convert this to a string that we can use for comparison. Doing this we support BMPstring, - UTF8 etc. */ + UTF8, etc. */ if(i >= 0) { ASN1_STRING *tmp = @@ -2060,6 +2060,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg) case SSL3_MT_ENCRYPTED_EXTENSIONS: return "Encrypted Extensions"; #endif +#ifdef SSL3_MT_SUPPLEMENTAL_DATA + case SSL3_MT_SUPPLEMENTAL_DATA: + return "Supplemental data"; +#endif #ifdef SSL3_MT_END_OF_EARLY_DATA case SSL3_MT_END_OF_EARLY_DATA: return "End of early data"; @@ -2158,7 +2162,7 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, /* Log progress for interesting records only (like Handshake or Alert), skip * all raw record headers (content_type == SSL3_RT_HEADER or ssl_ver == 0). - * For TLS 1.3, skip notification of the decrypted inner Content Type. + * For TLS 1.3, skip notification of the decrypted inner Content-Type. */ if(ssl_ver #ifdef SSL3_RT_INNER_CONTENT_TYPE @@ -2299,7 +2303,7 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) long curl_ssl_version_min = SSL_CONN_CONFIG(version); long curl_ssl_version_max; - /* convert cURL min SSL version option to OpenSSL constant */ + /* convert curl min SSL version option to OpenSSL constant */ #if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER) uint16_t ossl_ssl_version_min = 0; uint16_t ossl_ssl_version_max = 0; @@ -2329,7 +2333,7 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) We don't want to pass 0 to SSL_CTX_set_min_proto_version as it would enable all versions down to the lowest supported by the library. - So we skip this, and stay with the OS default + So we skip this, and stay with the library default */ if(curl_ssl_version_min != CURL_SSLVERSION_DEFAULT) { if(!SSL_CTX_set_min_proto_version(ctx, ossl_ssl_version_min)) { @@ -2340,7 +2344,7 @@ set_ssl_version_min_max(SSL_CTX *ctx, struct connectdata *conn) /* ... then, TLS max version */ curl_ssl_version_max = SSL_CONN_CONFIG(version_max); - /* convert cURL max SSL version option to OpenSSL constant */ + /* convert curl max SSL version option to OpenSSL constant */ switch(curl_ssl_version_max) { case CURL_SSLVERSION_MAX_TLSv1_0: ossl_ssl_version_max = TLS1_VERSION; @@ -2523,7 +2527,7 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid) static CURLcode load_cacert_from_memory(SSL_CTX *ctx, const struct curl_blob *ca_info_blob) { - /* these need freed at the end */ + /* these need to be freed at the end */ BIO *cbio = NULL; STACK_OF(X509_INFO) *inf = NULL; @@ -2658,8 +2662,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, return CURLE_SSL_CONNECT_ERROR; } - if(backend->ctx) - SSL_CTX_free(backend->ctx); + DEBUGASSERT(!backend->ctx); backend->ctx = SSL_CTX_new(req_method); if(!backend->ctx) { @@ -2681,23 +2684,23 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, } #endif - /* OpenSSL contains code to work-around lots of bugs and flaws in various + /* OpenSSL contains code to work around lots of bugs and flaws in various SSL-implementations. SSL_CTX_set_options() is used to enabled those work-arounds. The man page for this option states that SSL_OP_ALL enables all the work-arounds and that "It is usually safe to use SSL_OP_ALL to enable the bug workaround options if compatibility with somewhat broken implementations is desired." - The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to + The "-no_ticket" option was introduced in OpenSSL 0.9.8j. It's a flag to disable "rfc4507bis session ticket support". rfc4507bis was later turned into the proper RFC5077 it seems: https://tools.ietf.org/html/rfc5077 The enabled extension concerns the session management. I wonder how often - libcurl stops a connection and then resumes a TLS session. also, sending - the session data is some overhead. .I suggest that you just use your + libcurl stops a connection and then resumes a TLS session. Also, sending + the session data is some overhead. I suggest that you just use your proposed patch (which explicitly disables TICKET). - If someone writes an application with libcurl and openssl who wants to + If someone writes an application with libcurl and OpenSSL who wants to enable the feature, one can do this in the SSL callback. SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed proper @@ -2733,7 +2736,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #endif #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS - /* unless the user explicitly ask to allow the protocol vulnerability we + /* unless the user explicitly asks to allow the protocol vulnerability we use the work-around */ if(!SSL_SET_OPTION(enable_beast)) ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; @@ -3030,9 +3033,9 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, return result; } if(imported_native_ca) - infof(data, "successfully imported windows ca store"); + infof(data, "successfully imported Windows CA store"); else - infof(data, "error importing windows ca store, continuing anyway"); + infof(data, "error importing Windows CA store, continuing anyway"); } #endif @@ -3044,7 +3047,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, failf(data, "error importing CA certificate blob"); return result; } - /* Only warning if no certificate verification is required. */ + /* Only warn if no certificate verification is required. */ infof(data, "error importing CA certificate blob, continuing anyway"); } } @@ -3059,7 +3062,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, failf(data, "error setting certificate file: %s", ssl_cafile); return CURLE_SSL_CACERT_BADFILE; } - /* Continue with a warning if no certificate verif is required. */ + /* Continue with warning if certificate verification isn't required. */ infof(data, "error setting certificate file, continuing anyway"); } infof(data, " CAfile: %s", ssl_cafile); @@ -3071,7 +3074,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, failf(data, "error setting certificate path: %s", ssl_capath); return CURLE_SSL_CACERT_BADFILE; } - /* Continue with a warning if no certificate verif is required. */ + /* Continue with warning if certificate verification isn't required. */ infof(data, "error setting certificate path, continuing anyway"); } infof(data, " CApath: %s", ssl_capath); @@ -3080,7 +3083,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #else if(ssl_cafile || ssl_capath) { /* tell SSL where to find CA certificates that are used to verify - the servers certificate. */ + the server's certificate. */ if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) { if(verifypeer && !imported_native_ca) { /* Fail if we insist on successfully verifying the server. */ @@ -3108,13 +3111,13 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, if(verifypeer && !ca_info_blob && !ssl_cafile && !ssl_capath && !imported_native_ca) { /* verifying the peer without any CA certificates won't - work so use openssl's built in default as fallback */ + work so use openssl's built-in default as fallback */ SSL_CTX_set_default_verify_paths(backend->ctx); } #endif if(ssl_crlfile) { - /* tell SSL where to find CRL file that is used to check certificate + /* tell OpenSSL where to find CRL file that is used to check certificate * revocation */ lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(backend->ctx), X509_LOOKUP_file()); @@ -3124,7 +3127,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, return CURLE_SSL_CRL_BADFILE; } /* Everything is fine. */ - infof(data, "successfully load CRL file:"); + infof(data, "successfully loaded CRL file:"); X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx), X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); @@ -3150,7 +3153,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, only, instead of needing the whole chain. Due to OpenSSL bug https://github.com/openssl/openssl/issues/5081 we - cannot do partial chains with CRL check. + cannot do partial chains with a CRL check. */ X509_STORE_set_flags(SSL_CTX_get_cert_store(backend->ctx), X509_V_FLAG_PARTIAL_CHAIN); @@ -3158,7 +3161,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #endif } - /* SSL always tries to verify the peer, this only says whether it should + /* OpenSSL always tries to verify the peer, this only says whether it should * fail to connect if the verification fails, or if it should continue * anyway. In the latter case the result of the verification is checked with * SSL_get_verify_result() below. */ @@ -3173,7 +3176,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, #endif /* Enable the session cache because it's a prerequisite for the "new session" - * callback. Use the "external storage" mode to avoid that OpenSSL creates + * callback. Use the "external storage" mode to prevent OpenSSL from creating * an internal session cache. */ SSL_CTX_set_session_cache_mode(backend->ctx, @@ -3192,7 +3195,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data, } } - /* Lets make an SSL structure */ + /* Let's make an SSL structure */ if(backend->handle) SSL_free(backend->handle); backend->handle = SSL_new(backend->ctx); @@ -3332,7 +3335,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, /* the connection failed, we're not waiting for anything else. */ connssl->connecting_state = ssl_connect_2; - /* Get the earliest error code from the thread's error queue and removes + /* Get the earliest error code from the thread's error queue and remove the entry. */ errdetail = ERR_get_error(); @@ -3361,7 +3364,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, !defined(LIBRESSL_VERSION_NUMBER) && \ !defined(OPENSSL_IS_BORINGSSL)) /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on - OpenSSL version above v1.1.1, not Libre SSL nor BoringSSL */ + OpenSSL version above v1.1.1, not LibreSSL nor BoringSSL */ else if((lib == ERR_LIB_SSL) && (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) { /* If client certificate is required, communicate the @@ -3378,7 +3381,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, /* detail is already set to the SSL error above */ /* If we e.g. use SSLv2 request-method and the server doesn't like us - * (RST connection etc.), OpenSSL gives no explanation whatsoever and + * (RST connection, etc.), OpenSSL gives no explanation whatsoever and * the SO_ERROR is also lost. */ if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) { @@ -3401,7 +3404,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data, } } else { - /* we have been connected fine, we're not waiting for anything else. */ + /* we connected fine, we're not waiting for anything else. */ connssl->connecting_state = ssl_connect_3; /* Informational message */ @@ -3820,7 +3823,7 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, } /* - * Get the server cert, verify it and show it etc, only call failf() if the + * Get the server cert, verify it and show it, etc., only call failf() if the * 'strict' argument is TRUE as otherwise all this is for informational * purposes only! * @@ -4021,7 +4024,7 @@ static CURLcode ossl_connect_step3(struct Curl_easy *data, /* * We check certificates to authenticate the server; otherwise we risk * man-in-the-middle attack; NEVERTHELESS, if we're told explicitly not to - * verify the peer ignore faults and failures from the server cert + * verify the peer, ignore faults and failures from the server cert * operations. */ @@ -4059,7 +4062,7 @@ static CURLcode ossl_connect_common(struct Curl_easy *data, const timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE); if(timeout_ms < 0) { - /* no need to continue if time already is up */ + /* no need to continue if time is already up */ failf(data, "SSL connection timeout"); return CURLE_OPERATION_TIMEDOUT; } diff --git a/contrib/libs/curl/lib/vtls/rustls.c b/contrib/libs/curl/lib/vtls/rustls.c index 3d7aaed782..29bb4259a4 100644 --- a/contrib/libs/curl/lib/vtls/rustls.c +++ b/contrib/libs/curl/lib/vtls/rustls.c @@ -34,7 +34,7 @@ #include "sendf.h" #include "vtls.h" #include "select.h" - +#include "strerror.h" #include "multiif.h" struct ssl_backend_data @@ -132,7 +132,9 @@ cr_recv(struct Curl_easy *data, int sockindex, infof(data, "sread: EAGAIN or EWOULDBLOCK"); } else if(io_error) { - failf(data, "reading from socket: %s", strerror(io_error)); + char buffer[STRERROR_LEN]; + failf(data, "reading from socket: %s", + Curl_strerror(io_error, buffer, sizeof(buffer))); *err = CURLE_READ_ERROR; return -1; } @@ -244,7 +246,9 @@ cr_send(struct Curl_easy *data, int sockindex, return -1; } else if(io_error) { - failf(data, "writing to socket: %s", strerror(io_error)); + char buffer[STRERROR_LEN]; + failf(data, "writing to socket: %s", + Curl_strerror(io_error, buffer, sizeof(buffer))); *err = CURLE_WRITE_ERROR; return -1; } diff --git a/contrib/libs/curl/lib/vtls/schannel.c b/contrib/libs/curl/lib/vtls/schannel.c index 96b7120474..722a937c42 100644 --- a/contrib/libs/curl/lib/vtls/schannel.c +++ b/contrib/libs/curl/lib/vtls/schannel.c @@ -47,7 +47,7 @@ #include "inet_pton.h" /* for IP addr SNI check */ #include "curl_multibyte.h" #include "warnless.h" -#error #include "x509asn1.h" +#include "x509asn1.h" #include "curl_printf.h" #include "multiif.h" #include "version_win32.h" @@ -141,6 +141,12 @@ # define CALG_SHA_256 0x0000800c #endif +/* Work around typo in classic MinGW's w32api up to version 5.0, + see https://osdn.net/projects/mingw/ticket/38391 */ +#if !defined(ALG_CLASS_DHASH) && defined(ALG_CLASS_HASH) +#define ALG_CLASS_DHASH ALG_CLASS_HASH +#endif + #define BACKEND connssl->backend static Curl_recv schannel_recv; @@ -279,13 +285,7 @@ get_alg_id_by_name(char *name) #ifdef CALG_HMAC CIPHEROPTION(CALG_HMAC); #endif -#if !defined(__W32API_MAJOR_VERSION) || \ - !defined(__W32API_MINOR_VERSION) || \ - defined(__MINGW64_VERSION_MAJOR) || \ - (__W32API_MAJOR_VERSION > 5) || \ - ((__W32API_MAJOR_VERSION == 5) && (__W32API_MINOR_VERSION > 0)) - /* CALG_TLS1PRF has a syntax error in MinGW's w32api up to version 5.0, - see https://osdn.net/projects/mingw/ticket/38391 */ +#ifdef CALG_TLS1PRF CIPHEROPTION(CALG_TLS1PRF); #endif #ifdef CALG_HASH_REPLACE_OWF @@ -1364,7 +1364,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn, SECURITY_STATUS sspi_status = SEC_E_OK; CERT_CONTEXT *ccert_context = NULL; bool isproxy = SSL_IS_PROXY(); -#ifdef DEBUGBUILD +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) const char * const hostname = SSL_HOST_NAME(); #endif #ifdef HAS_ALPN diff --git a/contrib/libs/curl/lib/vtls/schannel_verify.c b/contrib/libs/curl/lib/vtls/schannel_verify.c index 12fccaa8ee..1b283d0453 100644 --- a/contrib/libs/curl/lib/vtls/schannel_verify.c +++ b/contrib/libs/curl/lib/vtls/schannel_verify.c @@ -80,7 +80,7 @@ static int is_cr_or_lf(char c) /* Search the substring needle,needlelen into string haystack,haystacklen * Strings don't need to be terminated by a '\0'. * Similar of OSX/Linux memmem (not available on Visual Studio). - * Return position of beginning of first occurence or NULL if not found + * Return position of beginning of first occurrence or NULL if not found */ static const char *c_memmem(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) diff --git a/contrib/libs/curl/lib/vtls/sectransp.c b/contrib/libs/curl/lib/vtls/sectransp.c index 26b833dd2a..1e6ed5f06d 100644 --- a/contrib/libs/curl/lib/vtls/sectransp.c +++ b/contrib/libs/curl/lib/vtls/sectransp.c @@ -33,6 +33,8 @@ #include "strtok.h" #include "multiif.h" #include "strcase.h" +#include "x509asn1.h" +#include "strerror.h" #ifdef USE_SECTRANSP @@ -2854,13 +2856,60 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn, } } +static CURLcode +add_cert_to_certinfo(struct Curl_easy *data, + SecCertificateRef server_cert, + int idx) +{ + CURLcode result = CURLE_OK; + const char *beg; + const char *end; + CFDataRef cert_data = SecCertificateCopyData(server_cert); + + if(!cert_data) + return CURLE_PEER_FAILED_VERIFICATION; + + beg = (const char *)CFDataGetBytePtr(cert_data); + end = beg + CFDataGetLength(cert_data); + result = Curl_extract_certinfo(data, idx, beg, end); + CFRelease(cert_data); + return result; +} + +static CURLcode +collect_server_cert_single(struct Curl_easy *data, + SecCertificateRef server_cert, + CFIndex idx) +{ + CURLcode result = CURLE_OK; #ifndef CURL_DISABLE_VERBOSE_STRINGS + if(data->set.verbose) { + char *certp; + result = CopyCertSubject(data, server_cert, &certp); + if(!result) { + infof(data, "Server certificate: %s", certp); + free(certp); + } + } +#endif + if(data->set.ssl.certinfo) + result = add_cert_to_certinfo(data, server_cert, (int)idx); + return result; +} + /* This should be called during step3 of the connection at the earliest */ -static void -show_verbose_server_cert(struct Curl_easy *data, - struct connectdata *conn, - int sockindex) +static CURLcode +collect_server_cert(struct Curl_easy *data, + struct connectdata *conn, + int sockindex) { +#ifndef CURL_DISABLE_VERBOSE_STRINGS + const bool show_verbose_server_cert = data->set.verbose; +#else + const bool show_verbose_server_cert = false; +#endif + CURLcode result = data->set.ssl.certinfo ? + CURLE_PEER_FAILED_VERIFICATION : CURLE_OK; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_backend_data *backend = connssl->backend; CFArrayRef server_certs = NULL; @@ -2869,8 +2918,11 @@ show_verbose_server_cert(struct Curl_easy *data, CFIndex i, count; SecTrustRef trust = NULL; + if(!show_verbose_server_cert && !data->set.ssl.certinfo) + return CURLE_OK; + if(!backend->ssl_ctx) - return; + return result; #if CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS #if CURL_BUILD_IOS @@ -2880,15 +2932,11 @@ show_verbose_server_cert(struct Curl_easy *data, a null trust, so be on guard for that: */ if(err == noErr && trust) { count = SecTrustGetCertificateCount(trust); - for(i = 0L ; i < count ; i++) { - CURLcode result; - char *certp; + if(data->set.ssl.certinfo) + result = Curl_ssl_init_certinfo(data, (int)count); + for(i = 0L ; !result && (i < count) ; i++) { server_cert = SecTrustGetCertificateAtIndex(trust, i); - result = CopyCertSubject(data, server_cert, &certp); - if(!result) { - infof(data, "Server certificate: %s", certp); - free(certp); - } + result = collect_server_cert_single(data, server_cert, i); } CFRelease(trust); } @@ -2906,15 +2954,11 @@ show_verbose_server_cert(struct Curl_easy *data, a null trust, so be on guard for that: */ if(err == noErr && trust) { count = SecTrustGetCertificateCount(trust); - for(i = 0L ; i < count ; i++) { - char *certp; - CURLcode result; + if(data->set.ssl.certinfo) + result = Curl_ssl_init_certinfo(data, (int)count); + for(i = 0L ; !result && (i < count) ; i++) { server_cert = SecTrustGetCertificateAtIndex(trust, i); - result = CopyCertSubject(data, server_cert, &certp); - if(!result) { - infof(data, "Server certificate: %s", certp); - free(certp); - } + result = collect_server_cert_single(data, server_cert, i); } CFRelease(trust); } @@ -2925,16 +2969,12 @@ show_verbose_server_cert(struct Curl_easy *data, /* Just in case SSLCopyPeerCertificates() returns null too... */ if(err == noErr && server_certs) { count = CFArrayGetCount(server_certs); - for(i = 0L ; i < count ; i++) { - char *certp; - CURLcode result; + if(data->set.ssl.certinfo) + result = Curl_ssl_init_certinfo(data, (int)count); + for(i = 0L ; !result && (i < count) ; i++) { server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i); - result = CopyCertSubject(data, server_cert, &certp); - if(!result) { - infof(data, "Server certificate: %s", certp); - free(certp); - } + result = collect_server_cert_single(data, server_cert, i); } CFRelease(server_certs); } @@ -2946,21 +2986,17 @@ show_verbose_server_cert(struct Curl_easy *data, err = SSLCopyPeerCertificates(backend->ssl_ctx, &server_certs); if(err == noErr) { count = CFArrayGetCount(server_certs); - for(i = 0L ; i < count ; i++) { - CURLcode result; - char *certp; + if(data->set.ssl.certinfo) + result = Curl_ssl_init_certinfo(data, (int)count); + for(i = 0L ; !result && (i < count) ; i++) { server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i); - result = CopyCertSubject(data, server_cert, &certp); - if(!result) { - infof(data, "Server certificate: %s", certp); - free(certp); - } + result = collect_server_cert_single(data, server_cert, i); } CFRelease(server_certs); } #endif /* CURL_BUILD_MAC_10_7 || CURL_BUILD_IOS */ + return result; } -#endif /* !CURL_DISABLE_VERBOSE_STRINGS */ static CURLcode sectransp_connect_step3(struct Curl_easy *data, struct connectdata *conn, @@ -2969,12 +3005,11 @@ sectransp_connect_step3(struct Curl_easy *data, struct connectdata *conn, struct ssl_connect_data *connssl = &conn->ssl[sockindex]; /* There is no step 3! - * Well, okay, if verbose mode is on, let's print the details of the - * server certificates. */ -#ifndef CURL_DISABLE_VERBOSE_STRINGS - if(data->set.verbose) - show_verbose_server_cert(data, conn, sockindex); -#endif + * Well, okay, let's collect server certificates, and if verbose mode is on, + * let's print the details of the server certificates. */ + const CURLcode result = collect_server_cert(data, conn, sockindex); + if(result) + return result; connssl->connecting_state = ssl_connect_done; return CURLE_OK; @@ -3188,7 +3223,9 @@ static int sectransp_shutdown(struct Curl_easy *data, nread = read(conn->sock[sockindex], buf, sizeof(buf)); if(nread < 0) { - failf(data, "read: %s", strerror(errno)); + char buffer[STRERROR_LEN]; + failf(data, "read: %s", + Curl_strerror(errno, buffer, sizeof(buffer))); rc = -1; } @@ -3433,6 +3470,7 @@ const struct Curl_ssl Curl_ssl_sectransp = { { CURLSSLBACKEND_SECURETRANSPORT, "secure-transport" }, /* info */ SSLSUPP_CAINFO_BLOB | + SSLSUPP_CERTINFO | #ifdef SECTRANSP_PINNEDPUBKEY SSLSUPP_PINNEDPUBKEY, #else diff --git a/contrib/libs/curl/lib/vtls/wolfssl.c b/contrib/libs/curl/lib/vtls/wolfssl.c index 3bc45c4956..617c54c2af 100644 --- a/contrib/libs/curl/lib/vtls/wolfssl.c +++ b/contrib/libs/curl/lib/vtls/wolfssl.c @@ -58,7 +58,7 @@ #include "connect.h" /* for the connect timeout */ #include "select.h" #include "strcase.h" -#error #include "x509asn1.h" +#include "x509asn1.h" #include "curl_printf.h" #include "multiif.h" @@ -525,6 +525,8 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn, const char * const dispname = SSL_HOST_DISPNAME(); const char * const pinnedpubkey = SSL_PINNED_PUB_KEY(); + ERR_clear_error(); + conn->recv[sockindex] = wolfssl_recv; conn->send[sockindex] = wolfssl_send; @@ -775,7 +777,11 @@ static ssize_t wolfssl_send(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; char error_buffer[WOLFSSL_MAX_ERROR_SZ]; int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; - int rc = SSL_write(backend->handle, mem, memlen); + int rc; + + ERR_clear_error(); + + rc = SSL_write(backend->handle, mem, memlen); if(rc <= 0) { int err = SSL_get_error(backend->handle, rc); @@ -831,7 +837,11 @@ static ssize_t wolfssl_recv(struct Curl_easy *data, struct ssl_backend_data *backend = connssl->backend; char error_buffer[WOLFSSL_MAX_ERROR_SZ]; int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - int nread = SSL_read(backend->handle, buf, buffsize); + int nread; + + ERR_clear_error(); + + nread = SSL_read(backend->handle, buf, buffsize); if(nread < 0) { int err = SSL_get_error(backend->handle, nread); @@ -916,6 +926,7 @@ static int wolfssl_shutdown(struct Curl_easy *data, struct connectdata *conn, (void) data; if(backend->handle) { + ERR_clear_error(); SSL_free(backend->handle); backend->handle = NULL; } diff --git a/contrib/libs/curl/lib/x509asn1.c b/contrib/libs/curl/lib/x509asn1.c index df54438b36..1bdaeadc80 100644 --- a/contrib/libs/curl/lib/x509asn1.c +++ b/contrib/libs/curl/lib/x509asn1.c @@ -23,7 +23,7 @@ #include "curl_setup.h" #if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ - defined(USE_WOLFSSL) || defined(USE_SCHANNEL) + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) #include <curl/curl.h> #include "urldata.h" @@ -33,7 +33,8 @@ #include "sendf.h" #include "inet_pton.h" #include "curl_base64.h" -#error #include "x509asn1.h" +#include "x509asn1.h" +#include "dynbuf.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -205,16 +206,16 @@ static const char *bool2str(const char *beg, const char *end) */ static const char *octet2str(const char *beg, const char *end) { - size_t n = end - beg; - char *buf = NULL; + struct dynbuf buf; + CURLcode result; - if(n <= (SIZE_T_MAX - 1) / 3) { - buf = malloc(3 * n + 1); - if(buf) - for(n = 0; beg < end; n += 3) - msnprintf(buf + n, 4, "%02x:", *(const unsigned char *) beg++); - } - return buf; + Curl_dyn_init(&buf, 3 * CURL_ASN1_MAX + 1); + result = Curl_dyn_addn(&buf, "", 0); + + while(!result && beg < end) + result = Curl_dyn_addf(&buf, "%02x:", (unsigned char) *beg++); + + return Curl_dyn_ptr(&buf); } static const char *bit2str(const char *beg, const char *end) @@ -1103,7 +1104,8 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, return CURLE_OK; } -#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL */ +#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL + * or USE_SECTRANSP */ #if defined(USE_GSKIT) diff --git a/contrib/libs/curl/lib/x509asn1.h b/contrib/libs/curl/lib/x509asn1.h new file mode 100644 index 0000000000..3b51eeef8d --- /dev/null +++ b/contrib/libs/curl/lib/x509asn1.h @@ -0,0 +1,134 @@ +#ifndef HEADER_CURL_X509ASN1_H +#define HEADER_CURL_X509ASN1_H + +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) + +#include "urldata.h" + +/* + * Constants. + */ + +/* Largest supported ASN.1 structure. */ +#define CURL_ASN1_MAX ((size_t) 0x40000) /* 256K */ + +/* ASN.1 classes. */ +#define CURL_ASN1_UNIVERSAL 0 +#define CURL_ASN1_APPLICATION 1 +#define CURL_ASN1_CONTEXT_SPECIFIC 2 +#define CURL_ASN1_PRIVATE 3 + +/* ASN.1 types. */ +#define CURL_ASN1_BOOLEAN 1 +#define CURL_ASN1_INTEGER 2 +#define CURL_ASN1_BIT_STRING 3 +#define CURL_ASN1_OCTET_STRING 4 +#define CURL_ASN1_NULL 5 +#define CURL_ASN1_OBJECT_IDENTIFIER 6 +#define CURL_ASN1_OBJECT_DESCRIPTOR 7 +#define CURL_ASN1_INSTANCE_OF 8 +#define CURL_ASN1_REAL 9 +#define CURL_ASN1_ENUMERATED 10 +#define CURL_ASN1_EMBEDDED 11 +#define CURL_ASN1_UTF8_STRING 12 +#define CURL_ASN1_RELATIVE_OID 13 +#define CURL_ASN1_SEQUENCE 16 +#define CURL_ASN1_SET 17 +#define CURL_ASN1_NUMERIC_STRING 18 +#define CURL_ASN1_PRINTABLE_STRING 19 +#define CURL_ASN1_TELETEX_STRING 20 +#define CURL_ASN1_VIDEOTEX_STRING 21 +#define CURL_ASN1_IA5_STRING 22 +#define CURL_ASN1_UTC_TIME 23 +#define CURL_ASN1_GENERALIZED_TIME 24 +#define CURL_ASN1_GRAPHIC_STRING 25 +#define CURL_ASN1_VISIBLE_STRING 26 +#define CURL_ASN1_GENERAL_STRING 27 +#define CURL_ASN1_UNIVERSAL_STRING 28 +#define CURL_ASN1_CHARACTER_STRING 29 +#define CURL_ASN1_BMP_STRING 30 + + +/* + * Types. + */ + +/* ASN.1 parsed element. */ +struct Curl_asn1Element { + const char *header; /* Pointer to header byte. */ + const char *beg; /* Pointer to element data. */ + const char *end; /* Pointer to 1st byte after element. */ + unsigned char class; /* ASN.1 element class. */ + unsigned char tag; /* ASN.1 element tag. */ + bool constructed; /* Element is constructed. */ +}; + + +/* ASN.1 OID table entry. */ +struct Curl_OID { + const char *numoid; /* Dotted-numeric OID. */ + const char *textoid; /* OID name. */ +}; + + +/* X509 certificate: RFC 5280. */ +struct Curl_X509certificate { + struct Curl_asn1Element certificate; + struct Curl_asn1Element version; + struct Curl_asn1Element serialNumber; + struct Curl_asn1Element signatureAlgorithm; + struct Curl_asn1Element signature; + struct Curl_asn1Element issuer; + struct Curl_asn1Element notBefore; + struct Curl_asn1Element notAfter; + struct Curl_asn1Element subject; + struct Curl_asn1Element subjectPublicKeyInfo; + struct Curl_asn1Element subjectPublicKeyAlgorithm; + struct Curl_asn1Element subjectPublicKey; + struct Curl_asn1Element issuerUniqueID; + struct Curl_asn1Element subjectUniqueID; + struct Curl_asn1Element extensions; +}; + +/* + * Prototypes. + */ + +const char *Curl_getASN1Element(struct Curl_asn1Element *elem, + const char *beg, const char *end); +const char *Curl_ASN1tostr(struct Curl_asn1Element *elem, int type); +const char *Curl_DNtostr(struct Curl_asn1Element *dn); +int Curl_parseX509(struct Curl_X509certificate *cert, + const char *beg, const char *end); +CURLcode Curl_extract_certinfo(struct Curl_easy *data, int certnum, + const char *beg, const char *end); +CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn, + const char *beg, const char *end); +#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL + * or USE_SECTRANSP */ +#endif /* HEADER_CURL_X509ASN1_H */ |