aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/libs
diff options
context:
space:
mode:
authorshadchin <shadchin@yandex-team.ru>2022-04-13 20:13:40 +0300
committershadchin <shadchin@yandex-team.ru>2022-04-13 20:13:40 +0300
commitad92d4ea3ed939dee26114e765dc7e60eb99349e (patch)
treec9f920ed0d65fca79b89e5e1504808d7b265d49b /contrib/libs
parentf9c8ebd5329f4efcc759fde08d0540f55d9f7acc (diff)
downloadydb-ad92d4ea3ed939dee26114e765dc7e60eb99349e.tar.gz
CONTRIB-2513 Update contrib/libs/curl to 7.80.0
ref:9f073731f38021df100328c1b343280bf6632e23
Diffstat (limited to 'contrib/libs')
-rw-r--r--contrib/libs/curl/.yandex_meta/devtools.copyrights.report24
-rw-r--r--contrib/libs/curl/.yandex_meta/devtools.licenses.report10
-rw-r--r--contrib/libs/curl/.yandex_meta/licenses.list.txt6
-rw-r--r--contrib/libs/curl/CHANGES3220
-rw-r--r--contrib/libs/curl/README2
-rw-r--r--contrib/libs/curl/RELEASE-NOTES301
-rw-r--r--contrib/libs/curl/include/curl/curl.h36
-rw-r--r--contrib/libs/curl/include/curl/curlver.h10
-rw-r--r--contrib/libs/curl/include/curl/typecheck-gcc.h2
-rw-r--r--contrib/libs/curl/include/curl/urlapi.h9
-rw-r--r--contrib/libs/curl/lib/asyn-ares.c2
-rw-r--r--contrib/libs/curl/lib/c-hyper.c203
-rw-r--r--contrib/libs/curl/lib/connect.c20
-rw-r--r--contrib/libs/curl/lib/content_encoding.c3
-rw-r--r--contrib/libs/curl/lib/curl_config-linux.h3
-rw-r--r--contrib/libs/curl/lib/curl_des.c4
-rw-r--r--contrib/libs/curl/lib/curl_gssapi.c10
-rw-r--r--contrib/libs/curl/lib/curl_ntlm_core.c19
-rw-r--r--contrib/libs/curl/lib/curl_sasl.c117
-rw-r--r--contrib/libs/curl/lib/curl_sasl.h67
-rw-r--r--contrib/libs/curl/lib/curl_setup.h2
-rw-r--r--contrib/libs/curl/lib/curl_sha256.h9
-rw-r--r--contrib/libs/curl/lib/doh.c25
-rw-r--r--contrib/libs/curl/lib/easyoptions.c7
-rw-r--r--contrib/libs/curl/lib/ftp.c11
-rw-r--r--contrib/libs/curl/lib/hostip.c6
-rw-r--r--contrib/libs/curl/lib/http.c78
-rw-r--r--contrib/libs/curl/lib/http.h2
-rw-r--r--contrib/libs/curl/lib/http2.c26
-rw-r--r--contrib/libs/curl/lib/http_aws_sigv4.c9
-rw-r--r--contrib/libs/curl/lib/http_ntlm.c11
-rw-r--r--contrib/libs/curl/lib/http_proxy.c91
-rw-r--r--contrib/libs/curl/lib/imap.c155
-rw-r--r--contrib/libs/curl/lib/krb5.c6
-rw-r--r--contrib/libs/curl/lib/llist.c4
-rw-r--r--contrib/libs/curl/lib/md4.c13
-rw-r--r--contrib/libs/curl/lib/md5.c19
-rw-r--r--contrib/libs/curl/lib/mime.c16
-rw-r--r--contrib/libs/curl/lib/multi.c26
-rw-r--r--contrib/libs/curl/lib/pop3.c100
-rw-r--r--contrib/libs/curl/lib/select.c2
-rw-r--r--contrib/libs/curl/lib/sendf.c8
-rw-r--r--contrib/libs/curl/lib/setopt.c25
-rw-r--r--contrib/libs/curl/lib/setup-win32.h14
-rw-r--r--contrib/libs/curl/lib/sha256.c118
-rw-r--r--contrib/libs/curl/lib/smtp.c101
-rw-r--r--contrib/libs/curl/lib/socks_gssapi.c4
-rw-r--r--contrib/libs/curl/lib/socks_sspi.c2
-rw-r--r--contrib/libs/curl/lib/splay.c2
-rw-r--r--contrib/libs/curl/lib/strerror.c72
-rw-r--r--contrib/libs/curl/lib/system_win32.c2
-rw-r--r--contrib/libs/curl/lib/tftp.c4
-rw-r--r--contrib/libs/curl/lib/url.c36
-rw-r--r--contrib/libs/curl/lib/urlapi.c196
-rw-r--r--contrib/libs/curl/lib/urldata.h8
-rw-r--r--contrib/libs/curl/lib/version_win32.c53
-rw-r--r--contrib/libs/curl/lib/vquic/ngtcp2.c50
-rw-r--r--contrib/libs/curl/lib/vssh/libssh2.c155
-rw-r--r--contrib/libs/curl/lib/vssh/wolfssh.c6
-rw-r--r--contrib/libs/curl/lib/vtls/bearssl.c6
-rw-r--r--contrib/libs/curl/lib/vtls/gtls.c45
-rw-r--r--contrib/libs/curl/lib/vtls/mbedtls.c7
-rw-r--r--contrib/libs/curl/lib/vtls/mesalink.c2
-rw-r--r--contrib/libs/curl/lib/vtls/nss.c7
-rw-r--r--contrib/libs/curl/lib/vtls/openssl.c110
-rw-r--r--contrib/libs/curl/lib/vtls/schannel.c52
-rw-r--r--contrib/libs/curl/lib/vtls/sectransp.c2
-rw-r--r--contrib/libs/curl/lib/vtls/vtls.c10
-rw-r--r--contrib/libs/curl/lib/vtls/vtls.h3
-rw-r--r--contrib/libs/curl/lib/vtls/wolfssl.c75
70 files changed, 3476 insertions, 2385 deletions
diff --git a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report
index d5d9226448..6fbba89316 100644
--- a/contrib/libs/curl/.yandex_meta/devtools.copyrights.report
+++ b/contrib/libs/curl/.yandex_meta/devtools.copyrights.report
@@ -33,7 +33,7 @@ KEEP COPYRIGHT_SERVICE_LABEL 01785bd64237dea815d6d9ed22d8812c
BELONGS ya.make
License text:
* Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com>
- * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
Scancode info:
Original SPDX id: COPYRIGHT_SERVICE_LABEL
Score : 100.00
@@ -206,6 +206,7 @@ BELONGS ya.make
lib/sendf.c [8:8]
lib/sendf.h [10:10]
lib/setopt.c [8:8]
+ lib/setup-win32.h [10:10]
lib/share.c [8:8]
lib/share.h [10:10]
lib/sigpipe.h [10:10]
@@ -474,7 +475,6 @@ BELONGS ya.make
Match type : COPYRIGHT
Files with this license:
include/curl/options.h [10:10]
- lib/curl_sha256.h [10:11]
KEEP COPYRIGHT_SERVICE_LABEL 520dfafb050652350468b32c3d62b5cd
BELONGS ya.make
@@ -649,7 +649,6 @@ BELONGS ya.make
lib/psl.h [10:10]
lib/rand.h [10:10]
lib/setopt.h [10:10]
- lib/setup-win32.h [10:10]
lib/slist.c [8:8]
lib/slist.h [10:10]
lib/sockaddr.h [10:10]
@@ -705,6 +704,17 @@ BELONGS ya.make
lib/socketpair.h [10:10]
lib/vssh/wolfssh.c [8:8]
+KEEP COPYRIGHT_SERVICE_LABEL 90cdf298ce2c585659435307b15f1c38
+BELONGS ya.make
+ License text:
+ * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>.
+ Scancode info:
+ Original SPDX id: COPYRIGHT_SERVICE_LABEL
+ Score : 100.00
+ Match type : COPYRIGHT
+ Files with this license:
+ lib/curl_des.c [8:8]
+
KEEP COPYRIGHT_SERVICE_LABEL 90ce0ec9551a9d561300240060256dff
BELONGS ya.make
License text:
@@ -749,7 +759,6 @@ BELONGS ya.make
Score : 100.00
Match type : COPYRIGHT
Files with this license:
- lib/curl_des.c [8:8]
lib/curl_des.h [10:10]
KEEP COPYRIGHT_SERVICE_LABEL 9d962b7054a48ee0efeaca166b582707
@@ -774,7 +783,6 @@ BELONGS ya.make
Match type : COPYRIGHT
Files with this license:
lib/system_win32.h [10:10]
- lib/version_win32.c [8:8]
lib/version_win32.h [10:10]
KEEP COPYRIGHT_SERVICE_LABEL a708a3265e6d737aa48aa8db4c364178
@@ -954,6 +962,7 @@ BELONGS ya.make
Match type : COPYRIGHT
Files with this license:
lib/system_win32.c [8:8]
+ lib/version_win32.c [8:8]
KEEP COPYRIGHT_SERVICE_LABEL e0d1701a5a15c429dd6d54ccbadea738
BELONGS ya.make
@@ -997,8 +1006,8 @@ BELONGS ya.make
Score : 100.00
Match type : COPYRIGHT
Files with this license:
- lib/md4.c [217:222]
- lib/md5.c [205:210]
+ lib/md4.c [226:231]
+ lib/md5.c [220:225]
KEEP COPYRIGHT_SERVICE_LABEL f5681c9f9526985592061799304792ee
BELONGS ya.make
@@ -1021,6 +1030,7 @@ BELONGS ya.make
Match type : COPYRIGHT
Files with this license:
include/curl/urlapi.h [10:10]
+ lib/curl_sha256.h [10:11]
lib/doh.c [8:8]
lib/doh.h [10:10]
lib/sha256.c [8:9]
diff --git a/contrib/libs/curl/.yandex_meta/devtools.licenses.report b/contrib/libs/curl/.yandex_meta/devtools.licenses.report
index d695db4a5a..97e2f94794 100644
--- a/contrib/libs/curl/.yandex_meta/devtools.licenses.report
+++ b/contrib/libs/curl/.yandex_meta/devtools.licenses.report
@@ -38,14 +38,14 @@ BELONGS ya.make
Match type : NOTICE
Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE
Files with this license:
- lib/md5.c [200:217]
+ lib/md5.c [215:232]
Scancode info:
Original SPDX id: LicenseRef-scancode-other-permissive
Score : 98.04
Match type : NOTICE
Links : https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/other-permissive.LICENSE
Files with this license:
- lib/md5.c [200:217]
+ lib/md5.c [215:232]
KEEP Public-Domain 18ed429b519e9abeeb3f768979574386
BELONGS ya.make
@@ -56,14 +56,14 @@ BELONGS ya.make
Match type : NOTICE
Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE
Files with this license:
- lib/md4.c [212:229]
+ lib/md4.c [221:238]
Scancode info:
Original SPDX id: LicenseRef-scancode-other-permissive
Score : 97.06
Match type : NOTICE
Links : https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/other-permissive.LICENSE
Files with this license:
- lib/md4.c [212:229]
+ lib/md4.c [221:238]
KEEP curl 22ab1475a8e38f13b0b81e2e769b5d69
BELONGS ya.make
@@ -437,7 +437,7 @@ BELONGS ya.make
Match type : TEXT
Links : http://www.linfo.org/publicdomain.html, https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/public-domain.LICENSE
Files with this license:
- lib/sha256.c [215:216]
+ lib/sha256.c [251:252]
KEEP ISC e6a382fc7564fdd1a5e46b2d97b3221f
BELONGS ya.make
diff --git a/contrib/libs/curl/.yandex_meta/licenses.list.txt b/contrib/libs/curl/.yandex_meta/licenses.list.txt
index 5170c6d07c..37016499ed 100644
--- a/contrib/libs/curl/.yandex_meta/licenses.list.txt
+++ b/contrib/libs/curl/.yandex_meta/licenses.list.txt
@@ -172,6 +172,10 @@
====================COPYRIGHT====================
+ * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>.
+
+
+====================COPYRIGHT====================
* Copyright (C) 2016 - 2020, Steve Holme, <steve_holme@hotmail.com>.
@@ -195,7 +199,7 @@
====================COPYRIGHT====================
* Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com>
- * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
====================COPYRIGHT====================
diff --git a/contrib/libs/curl/CHANGES b/contrib/libs/curl/CHANGES
index 7bf4a9cae1..f77f0a9e13 100644
--- a/contrib/libs/curl/CHANGES
+++ b/contrib/libs/curl/CHANGES
@@ -6,6 +6,1625 @@
Changelog
+Version 7.80.0 (10 Nov 2021)
+
+Daniel Stenberg (10 Nov 2021)
+- RELEASE-NOTES: synced
+
+ for curl 7.80.0
+
+- THANKS: add contributors from the 7.80.0 cycle
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ ngtcp2: advertise h3 as well as h3-29
+
+ Advertise h3 as well as h3-29 since some servers out there require h3
+ for QUIC v1.
+
+ Closes #7979
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ ngtcp2: use QUIC v1 consistently
+
+ Since we switched to v1 quic_transport_parameters codepoint in #7960
+ with quictls, lets use QUIC v1 consistently.
+
+ Closes #7979
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ ngtcp2: compile with the latest nghttp3
+
+ Closes #7978
+
+Marc Hoersken (9 Nov 2021)
+- tests: add Schannel-specific tests and disable unsupported ones
+
+ Adds Schannel variants of SSLpinning tests that include the option
+ --ssl-revoke-best-effort to ignore certificate revocation check
+ failures which is required due to our custom test CA certificate.
+
+ Disable the original variants if the Schannel backend is enabled.
+
+ Also skip all IDN tests which are broken while using an msys shell.
+
+ This is a step to simplify test exclusions for Windows and MinGW.
+
+ Reviewed-by: Jay Satiro
+ Reviewed-by: Marcel Raad
+ Reviewed-by: Daniel Stenberg
+ Closes #7968
+
+Daniel Stenberg (8 Nov 2021)
+- docs: NAME fixes in easy option man pages
+
+ Closes #7975
+
+- [Roger Young brought this change]
+
+ ftp: make the MKD retry to retry once per directory
+
+ Reported-by: Roger Young
+ Fixes #7967
+ Closes #7976
+
+- tool_operate: reorder code to avoid compiler warning
+
+ tool_operate.c(889) : warning C4701: potentially uninitialized local
+ variable 'per' use
+
+ Follow-up to cc71d352651a0d95
+ Reported-by: Marc Hörsken
+ Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
+ Closes #7971
+
+- curl_easy_perform.3: add a para about recv and send data
+
+ Reported-by: Godwin Stewart
+ Fixes #7973
+ Closes #7974
+
+- tool_operate: fclose stream only if fopened
+
+ Fixes torture test failures
+ Follow-up to cc71d352651
+
+ Closes #7972
+
+- libcurl-easy.3: language polish
+
+- limit-rate.d: this is average over several seconds
+
+ Closes #7970
+
+- docs: reduce/avoid English contractions
+
+ You're => You are
+ Hasn't => Has not
+ Doesn't => Does not
+ Don't => Do not
+ You'll => You will
+ etc
+
+ Closes #7930
+
+- tool_operate: fix torture leaks with etags
+
+ Spotted by torture testing 343 344 345 347.
+
+ Follow-up from cc71d352651a0
+ Pointed-out-by: Dan Fandrich
+
+ Closes #7969
+
+- [Amaury Denoyelle brought this change]
+
+ ngtcp2: support latest QUIC TLS RFC9001
+
+ QUIC Transport Parameters Extension has been changed between draft-29
+ and latest RFC9001. Most notably, its identifier has been updated from
+ 0xffa5 to 0x0039. The version is selected through the QUIC TLS library
+ via the legacy codepoint.
+
+ Disable the usage of legacy codepoint in curl to switch to latest
+ RFC9001. This is required to be able to keep up with latest QUIC
+ implementations.
+
+ Acked-by: Tatsuhiro Tsujikawa
+ Closes #7960
+
+- test1173: make manpage-syntax.pl spot \n errors in examples
+
+- man pages: fix backslash-n in examples
+
+ ... to be proper backslash-backslash-n sequences to render nicely in man
+ and on website.
+
+ Follow-up to 24155569d8a
+ Reported-by: Sergey Markelov
+
+ Fixes https://github.com/curl/curl-www/issues/163
+ Closes #7962
+
+- scripts/release-notes.pl: use out of repo links verbatim in refs
+
+- tool_operate: a failed etag save now only fails that transfer
+
+ When failing to create the output file for saving an etag, only fail
+ that particular single transfer and allow others to follow.
+
+ In a serial transfer setup, if no transfer at all is done due to them
+ all being skipped because of this error, curl will output an error
+ message and return exit code 26.
+
+ Added test 369 and 370 to verify.
+
+ Reported-by: Earnestly on github
+ Ref: #7942
+ Closes #7945
+
+- [Kevin Burke brought this change]
+
+ .github: retry macos "brew install" command on failure
+
+ Previously we saw errors attempting to run "brew install", see
+ https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for
+ an example, since this command is idempotent, it is safe to run again.
+
+ Closes #7955
+
+- CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred
+
+ Ref: https://github.com/curl/curl/discussions/7954
+
+ Closes #7957
+
+- RELEASE-NOTES: synced
+
+- zuul: pin the quiche build to use an older cmake-rs
+
+ The latest cmake-rs assumes cmake's --parallel works. That was added in
+ cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
+ has cmake 3.10.
+
+ Fixes #7927
+ Closes #7952
+
+- [Marc Hoersken brought this change]
+
+ Revert "src/tool_filetime: disable -Wformat on mingw for this file"
+
+ This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f.
+
+ Follow up to #6535 as the pragma is obsolete with warnf
+
+ Closes #7941
+
+Jay Satiro (2 Nov 2021)
+- schannel: fix memory leak due to failed SSL connection
+
+ - Call schannel_shutdown if the SSL connection fails.
+
+ Prior to this change schannel_shutdown (which shuts down the SSL
+ connection as well as memory cleanup) was not called when the SSL
+ connection failed (eg due to failed handshake).
+
+ Co-authored-by: Gisle Vanem
+
+ Fixes https://github.com/curl/curl/issues/7877
+ Closes https://github.com/curl/curl/pull/7878
+
+Daniel Stenberg (2 Nov 2021)
+- Curl_updateconninfo: store addresses for QUIC connections too
+
+ So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP
+ versions.
+
+ Reported-by: Jerome Mao
+ Fixes #7939
+ Closes #7944
+
+- [Sergio Durigan Junior brought this change]
+
+ curl.1: fix typos in the manpage
+
+ s/transfering/transferring/
+ s/transfered/transferred/
+
+ Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
+ Closes #7937
+
+Marc Hoersken (1 Nov 2021)
+- tests/smbserver.py: fix compatibility with impacket 0.9.23+
+
+ impacket now performs sanity checks if the requested and to
+ be served file path actually is inside the real share path.
+
+ Ref: https://github.com/SecureAuthCorp/impacket/pull/1066
+
+ Fixes #7924
+ Closes #7935
+
+Daniel Stenberg (1 Nov 2021)
+- docs: reduce use of "very"
+
+ "Very" should be avoided in most texts. If intensifiers are needed, try
+ find better words instead.
+
+ Closes #7936
+
+- [Tatsuhiro Tsujikawa brought this change]
+
+ ngtcp2: specify the missing required callback functions
+
+ Closes #7929
+
+- CURLOPT_[PROXY]_SSL_CIPHER_LIST.3: bold instead of quote
+
+ Bold the example ciphers instead of using single quotes, which then also
+ avoids the problem of how to use single quotes when first in a line.
+
+ Also rephrased the pages a little.
+
+ Reported-by: Sergio Durigan Junior
+ Ref: #7928
+ Closes #7934
+
+- gen.pl: replace leading single quotes with \(aq
+
+ ... and allow single quotes to be used "normally" in the .d files.
+
+ Makes the output curl.1 use better nroff.
+
+ Reported-by: Sergio Durigan Junior
+ Ref: #7928
+ Closes #7933
+
+Marc Hoersken (1 Nov 2021)
+- tests: kill some test servers afterwards to avoid locked logfiles
+
+ Reviewed-by: Daniel Stenberg
+ Closes #7925
+
+Daniel Stenberg (1 Nov 2021)
+- smooth-gtk-thread.c: enhance the mutex lock use
+
+ Reported-by: ryancaicse on github
+ Fixes #7926
+ Closes #7931
+
+Marc Hoersken (31 Oct 2021)
+- CI/runtests.pl: restore -u flag, but remove it from CI runs
+
+ This makes it possible to use -u again for local testing,
+ but removes the flag from CI config files and make targets.
+
+ Reviewed-by: Daniel Stenberg
+
+ Partially reverts #7841
+ Closes #7921
+
+Daniel Stenberg (29 Oct 2021)
+- [Jonathan Cardoso Machado brought this change]
+
+ CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required
+
+ Closes #7923
+
+- [Axel Morawietz brought this change]
+
+ imap: display quota information
+
+ Show response to "GETQUOTAROOT INBOX" command.
+
+ Closes #6973
+
+- RELEASE-NOTES: synced
+
+- [Boris Rasin brought this change]
+
+ cmake: fix error getting LOCATION property on non-imported target
+
+ Closes #7885
+
+- [x2018 brought this change]
+
+ url: check the return value of curl_url()
+
+ Closes #7917
+
+- [Roy Li brought this change]
+
+ configure.ac: replace krb5-config with pkg-config
+
+ The rationale is that custom *-config tools don't work well when
+ cross-compiling or using sysroots (such as when using Yocto project) and
+ require custom fixing for each of them; pkg-config on the other hand
+ works similarly everywhere.
+
+ Signed-off-by: Roy Li <rongqing.li@windriver.com>
+ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+
+ Closes #7916
+
+- test1160: edited to work with hyper
+
+ Closes #7912
+
+- data/DISABLED: enable tests that now work with hyper
+
+ Closes #7911
+
+- test559: add 'HTTP' in keywords
+
+ Makes it run fine with hyper
+
+ Closes #7911
+
+- test552: updated to work with hyper
+
+ Closes #7911
+
+Marc Hoersken (27 Oct 2021)
+- github: fix incomplete permission to label PRs for Hacktoberfest
+
+ Unfortunately the GitHub API requires a token with write permission
+ for both issues and pull-requests to edit labels on even just PRs.
+
+ Follow up to #7897
+
+Daniel Stenberg (27 Oct 2021)
+- opt-manpages: use 'Added in' instead of 'Since'
+
+ Closes #7913
+
+Marc Hoersken (27 Oct 2021)
+- github: fix missing permission to label PRs for Hacktoberfest
+
+ Follow up to #7897
+
+ Test references to see if permissions are now sufficient:
+
+ Closes #7832
+ Closes #7897
+
+- CI: more use of test-ci make target and verbose output
+
+ Replace test-nonflaky with test-ci and enable verbose output
+ in all remaining CIs except Zuul which is customized a lot.
+
+ Reviewed-by: Daniel Stenberg
+ Reviewed-by: Jay Satiro
+
+ Follow up to #7785
+ Closes #7832
+
+- github: add support for Hacktoberfest using labels
+
+ Automatically add hacktoberfest-accepted label to PRs opened between
+ September 30th and November 1st once a commit with a close reference
+ to it is pushed onto the master branch.
+
+ With this workflow we can participate in Hacktoberfest while not
+ relying on GitHub to identify PRs as merged due to our rebasing.
+
+ Requires hacktoberfest-accepted labels to exist for PRs on the
+ participating repository. Also requires hacktoberfest topic on
+ the participating repository to avoid applying to forked repos.
+
+ Reviewed-by: Daniel Stenberg
+
+ Fixes #7865
+ Closes #7897
+
+Daniel Stenberg (27 Oct 2021)
+- http: reject HTTP response codes < 100
+
+ ... which then also includes negative ones as test 1430 uses.
+
+ This makes native + hyper backend act identically on this and therefore
+ test 1430 can now be enabled when building with hyper. Adjust test 1431
+ as well.
+
+ Closes #7909
+
+- [Kerem Kat brought this change]
+
+ docs: fix typo in CURLOPT_TRAILERFUNCTION example
+
+ Closes #7910
+
+- docs/HYPER: remove some remaining issues, add HTTP/0.9 limitation
+
+- configure: when hyper is selected, deselect nghttp2
+
+ Closes #7908
+
+- [Patrick Monnerat brought this change]
+
+ sendf: accept zero-length data in Curl_client_write()
+
+ Historically, Curl_client_write() used a length value of 0 as a marker
+ for a null-terminated data string. This feature has been removed in
+ commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT
+ statement rejecting a length with value 0 was introduced, effectively
+ precluding use of this function with zero-length data.
+
+ The current commit removes the DEBUGASSERT and makes the function to
+ return immediately if length is 0.
+
+ A direct effect is to fix trying to output a zero-length distinguished
+ name in openldap.
+
+ Another DEBUGASSERT statement is also rephrased for better readability.
+
+ Closes #7898
+
+- hyper: disable test 1294 since hyper doesn't allow such crazy headers
+
+ Closes #7905
+
+- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
+
+ Verified by the enabled test 1288
+
+ Closes #7905
+
+- test1287: make work on hyper
+
+ Closes #7905
+
+- test1266/1267: disabled on hyper: no HTTP/0.9 support
+
+ Closes #7905
+
+Viktor Szakats (25 Oct 2021)
+- Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options
+
+ Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled
+ (and then failed with an error when not finding expected OpenSSL headers),
+ but this isn't necessarly true, e.g. when building both libssh2 and curl
+ against Schannel. This patch makes sure to only enable the OpenSSL backend
+ with -libssh2/-rtmp, when there was no SSL option explicitly selected.
+
+ - Re-implement the logic as a single block of script.
+ - Also fix an indentation while there.
+
+ Assisted-by: Jay Satiro
+
+ Closes #7895
+
+Daniel Stenberg (25 Oct 2021)
+- docs: consistent use of "Added in"
+
+ Make them all say "Added in [version]" without using 'curl' or 'libcurl'
+ in that phrase.
+
+- man pages: require all to use the same section header order
+
+ This is the same order we already enforce among the options' man pages:
+ consistency is good. Add lots of previously missing examples.
+
+ Adjust the manpage-syntax script for this purpose, used in test 1173.
+
+ Closes #7904
+
+- [David Hu brought this change]
+
+ docs/HTTP3: improve build instructions
+
+ 1. If writing to a system path if the command is not prefixed with
+ `sudo` it will cause a permission denied error
+
+ 2. The patched OpenSSL branch has been updated to `openssl-3.0.0+quic`
+ to match upstream OpenSSL version.
+
+ 3. We should not disable GnuTLS docs.
+
+ Updated some commands about `make install`
+
+ Closes #7842
+
+- [Ricardo Martins brought this change]
+
+ CMake: restore support for SecureTransport on iOS
+
+ Restore support for building curl for iOS with SecureTransport enabled.
+
+ Closes #7501
+
+- tests: enable more tests with hyper
+
+ Adjusted 1144, 1164 and 1176.
+
+ Closes #7900
+
+- docs: provide "RETURN VALUE" section for more func manpages
+
+ Three were missing, one used a non-standard name for the header.
+
+ Closes #7902
+
+Jay Satiro (25 Oct 2021)
+- curl_multi_socket_action.3: add a "RETURN VALUE" section
+
+ .. because it may not be immediately clear to the user what
+ curl_multi_socket_action returns.
+
+ Ref: https://curl.se/mail/lib-2021-10/0035.html
+
+ Closes https://github.com/curl/curl/pull/7901
+
+Daniel Stenberg (24 Oct 2021)
+- RELEASE-NOTES: synced
+
+- [Samuel Henrique brought this change]
+
+ tests: use python3 in test 1451
+
+ This is a continuation of commit ec91b5a69000bea0794bbb3 in which
+ changing this test was missed. There are no other python2 leftovers
+ now.
+
+ Based on a Debian patch originally written by Alessandro Ghedini
+ <ghedo@debian.org>
+
+ Closes #7899
+
+- [Eddie Lumpkin brought this change]
+
+ lib: fixing comment spelling typos in lib files
+
+ Closes #7894
+ Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
+
+- openssl: if verifypeer is not requested, skip the CA loading
+
+ It was previously done mostly to show a match/non-match in the verbose
+ output even when verification was not asked for. This change skips the
+ loading of the CA certs unless verifypeer is set to save memory and CPU.
+
+ Closes #7892
+
+- curl-confopts.m4: remove --enable/disable-hidden-symbols
+
+ These configure options have been saying "deprecated" since 9e24b9c7af
+ (April 2012). It was about time we remove them.
+
+ Closes #7891
+
+- c-hyper: don't abort CONNECT responses early when auth-in-progress
+
+ ... and make sure to stop ignoring the body once the CONNECT is done.
+
+ This should make test 206 work proper again and not be flaky.
+
+ Closes #7889
+
+- hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING
+
+ Simply because hyper doesn't have this ability. Mentioned in docs now.
+
+ Skip test 326 then
+
+ Closes #7889
+
+- test262: don't attempt with hyper
+
+ This test verifies that curl works with binary zeroes in HTTP response
+ headers and hyper refuses such. They're not kosher http.
+
+ Closes #7889
+
+- c-hyper: make test 217 run
+
+ Closes #7889
+
+- DISABLED: enable test 209+213 for hyper
+
+ Follow-up to 823d3ab855c
+
+ Closes #7889
+
+- test207: accept a different error code for hyper
+
+ It returns HYPERE_UNEXPECTED_EOF for this case which we convert to the
+ somewhat generic CURLE_RECV_ERROR.
+
+ Closes #7889
+
+- [Érico Nogueira brought this change]
+
+ INSTALL: update symbol hiding option
+
+ --enable-hidden-symbols was deprecated in
+ 9e24b9c7afbcb81120af4cf3f6cdee49a06d8224.
+
+ Closes #7890
+
+- http_proxy: multiple CONNECT with hyper done better
+
+ Enabled test 206
+
+ Closes #7888
+
+- hyper: pass the CONNECT line to the debug callback
+
+ Closes #7887
+
+- mailmap: Malik Idrees Hasan Khan
+
+Jay Satiro (21 Oct 2021)
+- [Malik Idrees Hasan Khan brought this change]
+
+ build: fix typos
+
+ Closes https://github.com/curl/curl/pull/7886
+
+- URL-SYNTAX: add IMAP UID SEARCH example
+
+ - Explain the difference between IMAP search via URL (which returns
+ message sequence numbers) and IMAP search via custom request (which
+ can return UID numbers if prefixed with UID, eg "UID SEARCH ...").
+
+ Bug: https://github.com/curl/curl/issues/7626
+ Reported-by: orycho@users.noreply.github.com
+
+ Ref: https://github.com/curl/curl/issues/2789
+
+ Closes https://github.com/curl/curl/pull/7881
+
+Daniel Stenberg (20 Oct 2021)
+- manpage: adjust the asterisk in some SYNOPSIS sections
+
+ Closes #7884
+
+- curl_multi_perform.3: polish wording
+
+ - simplify the example by using curl_multi_poll
+
+ - mention curl_multi_add_handle in the text
+
+ - cut out the description of pre-7.20.0 return code behavior - that version
+ is now more than eleven years old and is basically no longer out there
+
+ - adjust the "typical usage" to mention curl_multi_poll
+
+ Closes #7883
+
+- docs/THANKS: removed on request
+
+- FAQ: polish the explanation of libcurl
+
+- curl_easy_perform.3: minor wording tweak
+
+- [Erik Stenlund brought this change]
+
+ mime: mention CURL_DISABLE_MIME in comment
+
+ CURL_DISABLE_MIME is not mentioned in the comment describing the if else
+ preprocessor directive.
+
+ Closes #7882
+
+- tls: remove newline from three infof() calls
+
+ Follow-up to e7416cf
+
+ Reported-by: billionai on github
+ Fixes #7879
+ Closes #7880
+
+- RELEASE-NOTES: synced
+
+- curl_gssapi: fix build warnings by removing const
+
+ Follow-up to 20e980f85b0ea6
+
+ In #7875 these inits were modified but I get two warnings that these new
+ typecasts are necessary for.
+
+ Closes #7876
+
+- [Bo Anderson brought this change]
+
+ curl_gssapi: fix link error on macOS Monterey
+
+ Fixes #7657
+ Closes #7875
+
+- test1185: verify checksrc
+
+ Closes #7866
+
+- checksrc: improve the SPACESEMICOLON error message
+
+ and adjust the MULTISPACE one to use plural
+
+ Closes #7866
+
+- url: set "k->size" -1 at start of request
+
+ The size of the transfer is unknown at that point.
+
+ Fixes #7871
+ Closes #7872
+
+Daniel Gustafsson (18 Oct 2021)
+- doh: remove experimental code for DoH with GET
+
+ The code for sending DoH requests with GET was never enabled in a way
+ such that it could be used or tested. As there haven't been requests
+ for this feature, and since it at this is effectively dead, remove it
+ and favor reimplementing the feature in case anyone is interested.
+
+ Closes #7870
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (18 Oct 2021)
+- cirrus: remove FreeBSD 11.4 from the matrix
+
+ It has reached End-Of-Life and causes some LDAP CI issues.
+
+ Closes #7869
+
+- cirrus: switch to openldap24-client
+
+ ... as it seems openldap-client doesn't exist anymore.
+
+ Reported-by: Jay Satiro
+ Fixes #7868
+ Closes #7869
+
+- checksrc: ignore preprocessor lines
+
+ In order to check the actual code better, checksrc now ignores
+ everything that look like preprocessor instructions. It also means
+ that code in macros are now longer checked.
+
+ Note that some rules then still don't need to be followed when code is
+ exactly below a cpp instruction.
+
+ Removes two checksrc exceptions we needed previously because of
+ preprocessor lines being checked.
+
+ Reported-by: Marcel Raad
+ Fixes #7863
+ Closes #7864
+
+- urlapi: skip a strlen(), pass in zero
+
+ ... to let curl_easy_escape() itself do the strlen. This avoids a (false
+ positive) Coverity warning and it avoids us having to store the strlen()
+ return value in an int variable.
+
+ Reviewed-by: Daniel Gustafsson
+ Closes #7862
+
+- misc: update copyright years
+
+- examples/htmltidy: correct wrong printf() use
+
+ ... and update the includes to match how current htmltidy wants them
+ used.
+
+ Reported-by: Stathis Kapnidis
+ Fixes #7860
+ Closes #7861
+
+Jay Satiro (15 Oct 2021)
+- http: set content length earlier
+
+ - Make content length (ie download size) accessible to the user in the
+ header callback, but only after all headers have been processed (ie
+ only in the final call to the header callback).
+
+ Background:
+
+ For a long time the content length could be retrieved in the header
+ callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
+ by curl.
+
+ Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
+ if any transfer encoding is used. A side effect of that was that
+ content length was not set by libcurl until after the header callback
+ was called the final time, because until all headers are processed it
+ cannot be determined if content length is valid.
+
+ This change keeps the same intention --all headers must be processed--
+ but now the content length is available before the final call to the
+ header function that indicates all headers have been processed (ie
+ a blank header).
+
+ Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
+ Reported-by: sergio-nsk@users.noreply.github.com
+
+ Co-authored-by: Daniel Stenberg
+
+ Fixes https://github.com/curl/curl/issues/7804
+ Closes https://github.com/curl/curl/pull/7803
+
+Daniel Stenberg (15 Oct 2021)
+- [Abhinav Singh brought this change]
+
+ aws-sigv4: make signature work when post data is binary
+
+ User sets the post fields size for binary data. Hence, we should not be
+ using strlen on it.
+
+ Added test 1937 and 1938 to verify.
+
+ Closes #7844
+
+- [a1346054 brought this change]
+
+ MacOSX-Framework: remove redundant ';'
+
+ Closes #7859
+
+- RELEASE-NOTES: synced
+
+- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
+
+ One reason we know it can fail is if a provider is used that doesn't do
+ a proper job or is wrongly configured.
+
+ Reported-by: Michael Baentsch
+ Fixes #7840
+ Closes #7856
+
+Marcel Raad (14 Oct 2021)
+- [Ryan Mast brought this change]
+
+ cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend on it
+
+ Closes https://github.com/curl/curl/pull/7822
+
+Daniel Stenberg (14 Oct 2021)
+- http: remove assert that breaks hyper
+
+ Reported-by: Jay Satiro
+ Fixes #7852
+ Closes #7855
+
+- http_proxy: fix one more result assign for hyper
+
+ and remove the bad assert again, since it was run even with no error!
+
+ Closes #7854
+
+Jay Satiro (14 Oct 2021)
+- sws: fix memory leak on exit
+
+ - Free the allocated http request struct on cleanup.
+
+ Prior to this change if sws was built with leak sanitizer it would
+ report a memory leak error during testing.
+
+ Closes https://github.com/curl/curl/pull/7849
+
+Daniel Stenberg (14 Oct 2021)
+- c-hyper: make Curl_http propagate errors better
+
+ Pass on better return codes when errors occur within Curl_http instead
+ of insisting that CURLE_OUT_OF_MEMORY is the only possible one.
+
+ Pointed-out-by: Jay Satiro
+ Closes #7851
+
+- http_proxy: make hyper CONNECT() return the correct error code
+
+ For every 'goto error', make sure the result variable holds the error
+ code for what went wrong.
+
+ Reported-by: Rafał Mikrut
+ Fixes #7825
+ Closes #7846
+
+- docs/Makefile.am: repair 'make html'
+
+ by removing index.html which isn't around anymore
+
+ Closes #7853
+
+- [Борис Верховский brought this change]
+
+ curl: correct grammar in generated libcurl code
+
+ Closes #7802
+
+- tests: disable test 2043
+
+ It uses revoked.badssl.com which now is expired and therefor this now
+ permafails. We should not use external sites for tests, this test should
+ be converted to use our own infra.
+
+ Closes #7845
+
+- runtests: split out ignored tests
+
+ Report ignore tests separately from the actual fails.
+
+ Don't exit non-zero if test servers couldn't get killed.
+
+ Assisted-by: Jay Satiro
+
+ Fixes #7818
+ Closes #7841
+
+- http2: make getsock not wait for write if there's no remote window
+
+ While uploading, check for remote window availability in the getsock
+ function so that we don't wait for a writable socket if no data can be
+ sent.
+
+ Reported-by: Steini2000 on github
+ Fixes #7821
+ Closes #7839
+
+- test368: verify dash is appended for "-r [num]"
+
+ Follow-up to 8758a26f8878
+
+- [Борис Верховский brought this change]
+
+ curl: actually append "-" to --range without number only
+
+ Closes #7837
+
+- RELEASE-NOTES: synced
+
+- urlapi: URL decode percent-encoded host names
+
+ The host name is stored decoded and can be encoded when used to extract
+ the full URL. By default when extracting the URL, the host name will not
+ be URL encoded to work as similar as possible as before. When not URL
+ encoding the host name, the '%' character will however still be encoded.
+
+ Getting the URL with the CURLU_URLENCODE flag set will percent encode
+ the host name part.
+
+ As a bonus, setting the host name part with curl_url_set() no longer
+ accepts a name that contains space, CR or LF.
+
+ Test 1560 has been extended to verify percent encodings.
+
+ Reported-by: Noam Moshe
+ Reported-by: Sharon Brizinov
+ Reported-by: Raul Onitza-Klugman
+ Reported-by: Kirill Efimov
+ Fixes #7830
+ Closes #7834
+
+Marc Hoersken (8 Oct 2021)
+- CI/makefiles: introduce dedicated test target
+
+ Make it easy to use the same set of test flags
+ throughout all current and future CI builds.
+
+ Reviewed-by: Jay Satiro
+
+ Follow up to #7690
+ Closes #7785
+
+Daniel Stenberg (8 Oct 2021)
+- maketgz: redirect updatemanpages.pl output to /dev/null
+
+- CURLOPT_HTTPHEADER.3: add descripion for specific headers
+
+ Settting Host: or Transfer-Encoding: chunked actually have special
+ meanings to libcurl. This change tries to document them
+
+ Closes #7829
+
+- c-hyper: use hyper_request_set_uri_parts to make h2 better
+
+ and make sure to not send Host: over h2.
+
+ Fixes #7679
+ Reported-by: David Cook
+ Closes #7827
+
+- [Michael Afanasiev brought this change]
+
+ curl-openssl.m4: modify library order for openssl linking
+
+ lcrypto may depend on lz, and configure corrently fails with when
+ statically linking as the order is "-lz -lcrypto". This commit switches
+ the order to "-lcrypto -lz".
+
+ Closes #7826
+
+Marcel Raad (7 Oct 2021)
+- sha256: use high-level EVP interface for OpenSSL
+
+ Available since OpenSSL 0.9.7. The low-level SHA256 interface is
+ deprecated in OpenSSL v3, and its usage was discouraged even before.
+
+ Closes https://github.com/curl/curl/pull/7808
+
+- curl_ntlm_core: use OpenSSL only if DES is available
+
+ This selects another SSL backend then if available, or otherwise at
+ least gives a meaningful error message.
+
+ Closes https://github.com/curl/curl/pull/7808
+
+- md5: fix compilation with OpenSSL 3.0 API
+
+ Only use OpenSSL's MD5 code if it's available.
+
+ Also fix wolfSSL build with `NO_MD5`, in which case neither the
+ wolfSSL/OpenSSL implementation nor the fallback implementation was
+ used.
+
+ Closes https://github.com/curl/curl/pull/7808
+
+Daniel Stenberg (7 Oct 2021)
+- print_category: printf %*s needs an int argument
+
+ ... not a size_t!
+
+ Detected by Coverity: CID 1492331.
+ Closes #7823
+
+Jay Satiro (7 Oct 2021)
+- version_win32: use actual version instead of manifested version
+
+ - Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
+
+ Later versions of Windows have normal version functions that compare and
+ return versions based on the way the application is manifested, instead
+ of the actual version of Windows the application is running on. We
+ prefer the actual version of Windows so we'll now call the Rtl variant
+ of version functions (RtlVerifyVersionInfo) which does a proper
+ comparison of the actual version.
+
+ Reported-by: Wyatt O'Day
+
+ Ref: https://github.com/curl/curl/pull/7727
+
+ Fixes https://github.com/curl/curl/issues/7742
+ Closes https://github.com/curl/curl/pull/7810
+
+Daniel Stenberg (6 Oct 2021)
+- RELEASE-NOTES: synced
+
+- http: fix Basic auth with empty name field in URL
+
+ Add test 367 to verify.
+
+ Reported-by: Rick Lane
+ Fixes #7819
+ Closes #7820
+
+- [Jeffrey Tolar brought this change]
+
+ CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
+
+ ... and close connections that are too old instead of reusing them.
+
+ By default, this behavior is disabled.
+
+ Bug: https://curl.se/mail/lib-2021-09/0058.html
+ Closes #7751
+
+Daniel Gustafsson (6 Oct 2021)
+- docs/examples: add missing binaries to gitignore
+
+ Commit f65d7889b added getreferrer, and commit ae8e11ed5 multi-legacy,
+ both of which missed adding .gitignore clauses for the built binaries.
+
+ Closes #7817
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Daniel Stenberg (5 Oct 2021)
+- [Josip Medved brought this change]
+
+ HTTP3: fix the HTTP/3 Explained book link
+
+ Closes #7813
+
+- [Lucas Holt brought this change]
+
+ misc: fix a few issues on MidnightBSD
+
+ Closes #7812
+
+Daniel Gustafsson (4 Oct 2021)
+- [8U61ife brought this change]
+
+ tool_main: fix typo in comment
+
+ Closes: #7811
+ Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
+
+Daniel Stenberg (4 Oct 2021)
+- [Ryan Mast brought this change]
+
+ BINDINGS: URL updates
+
+ For cpr, BBHTTP, Eiffel, Harbour, Haskell, Mono, and Rust
+
+ Closes #7809
+
+- scripts/delta: hide a git error message we don't care about
+
+ fatal: path 'src/tool_listhelp.c' exists on disk, but not in [tag]
+
+- [Patrick Monnerat brought this change]
+
+ sasl: binary messages
+
+ Capabilities of sasl module are extended to exchange messages in binary
+ as an alternative to base64.
+
+ If http authentication flags have been set, those are used as sasl
+ default preferred mechanisms.
+
+ Closes #6930
+
+- [Hayden Roche brought this change]
+
+ wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
+
+ Prior to this commit, OpenSSL could be used for all these functions, but
+ not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
+ is defined.
+
+ Closes #7806
+
+- scripts/delta: count command line options in the new file
+
+ ... which makes the shown delta number wrong until next release.
+
+- RELEASE-NOTES: synced
+
+- print_category: print help descriptions aligned
+
+ Adjust the description position to make an aligned column when doing
+ help listings, which is more pleasing to the eye.
+
+ Suggested-by: Gisle Vanem
+ Closes #7792
+
+- lib/mk-ca-bundle.pl: skip certs passed Not Valid After date
+
+ With this change applied, the now expired 'DST Root CA X3' cert will no
+ longer be included in the output.
+
+ Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
+
+ Closes #7801
+
+- tool_listhelp: easier to generate with gen.pl
+
+ tool_listhelp.c is now a separate file with only the command line --help
+ output, exactly as generated by gen.pl. This makes it easier to generate
+ updates according to what's in the docs/cmdline-opts docs.
+
+ cd $srcroot/docs/cmdline-opts
+ ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
+
+ With a configure build, this also works:
+
+ make -C src listhelp
+
+ Closes #7787
+
+- [Anthony Hu brought this change]
+
+ wolfssl: allow setting of groups/curves
+
+ In particular, the quantum safe KEM and hybrid curves if wolfSSL is
+ built to support them.
+
+ Closes #7728
+
+- [Jan Mazur brought this change]
+
+ connnect: use sysaddr_un fron sys/un.h or custom-defined for windows
+
+ Closes #7737
+
+Jay Satiro (30 Sep 2021)
+- [Rikard Falkeborn brought this change]
+
+ hostip: Move allocation to clarify there is no memleak
+
+ By just glancing at the code, it looks like there is a memleak if the
+ call to Curl_inet_pton() fails. Looking closer, it is clear that the
+ call to Curl_inet_pton() can not fail, so the code will never leak
+ memory. However, we can make this obvious by moving the allocation
+ after the if-statement.
+
+ Closes https://github.com/curl/curl/pull/7796
+
+Daniel Stenberg (30 Sep 2021)
+- gen.pl: make the output date format work better
+
+ Follow-up to 15910dfd143dd
+
+ The previous strftime format used didn't work correctly on Windows, so
+ change to %B %d %Y which today looks like "September 29 2021".
+
+ Reported-by: Gisle Vanem
+ Bug: #7782
+ Closes #7793
+
+- typecheck-gcc.h: add CURLOPT_PREREQDATA awareness
+
+ Follow-up to a517378de58358a
+
+ To make test 1912 happy again
+
+ Closes #7799
+
+Marcel Raad (29 Sep 2021)
+- configure: remove `HAVE_WINSOCK_H` definition
+
+ It's not used anymore.
+
+ Closes https://github.com/curl/curl/pull/7795
+
+- CMake: remove `HAVE_WINSOCK_H` definition
+
+ It's not used anymore.
+
+ Closes https://github.com/curl/curl/pull/7795
+
+- config: remove `HAVE_WINSOCK_H` definition
+
+ It's not used anymore.
+
+ Closes https://github.com/curl/curl/pull/7795
+
+- lib: remove `HAVE_WINSOCK_H` usage
+
+ WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H`
+ instead.
+
+ Closes https://github.com/curl/curl/pull/7795
+
+Daniel Stenberg (29 Sep 2021)
+- easyoptions: add the two new PRE* options
+
+ Follow-up to a517378de58358a
+
+ Also fix optiontable.pl to do the correct remainder on the entry.
+
+ Reported-by: Gisle Vanem
+ Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830
+ Closes #7791
+
+- Revert "build: remove checks for WinSock 1"
+
+ Due to CI issues
+
+ This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc.
+
+ Closes #7790
+
+Daniel Gustafsson (29 Sep 2021)
+- lib: avoid fallthrough cases in switch statements
+
+ Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
+ on implicit fallthrough cases, since the current coding of indicating
+ fallthrough with comments is falling out of fashion with new compilers.
+ This attempts to make the issue smaller by rewriting fallthroughs to no
+ longer fallthrough, via either breaking the cases or turning switch
+ statements into if statements.
+
+ lib/content_encoding.c: the fallthrough codepath is simply copied
+ into the case as it's a single line.
+ lib/http_ntlm.c: the fallthrough case skips a state in the state-
+ machine and fast-forwards to NTLMSTATE_LAST. Do this before the
+ switch statement instead to set up the states that we actually
+ want.
+ lib/http_proxy.c: the fallthrough is just falling into exiting the
+ switch statement which can be done easily enough in the case.
+ lib/mime.c: switch statement rewritten as if statement.
+ lib/pop3.c: the fallthrough case skips to the next state in the
+ statemachine, do this explicitly instead.
+ lib/urlapi.c: switch statement rewritten as if statement.
+ lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
+ machine, do this by running another iteration of the switch
+ statement instead.
+ lib/vtls/gtls.c: switch statement rewritten as if statement.
+ lib/vtls/nss.c: the fallthrough codepath is simply copied into the
+ case as it's a single line. Also twiddle a comment to not be
+ inside a non-brace if statement.
+
+ Closes: #7322
+ See-also: #7295
+ Reviewed-by: Daniel Stenberg <daniel@haxx.se>
+
+Marcel Raad (28 Sep 2021)
+- config-win32ce: enable WinSock 2
+
+ WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of
+ support since 2013).
+
+ Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10)
+
+ Closes https://github.com/curl/curl/pull/7778
+
+- externalsocket: use WinSock 2.2
+
+ That's the only version we support.
+
+ Closes https://github.com/curl/curl/pull/7778
+
+- build: remove checks for WinSock 1
+
+ It's not supported anymore.
+
+ Closes https://github.com/curl/curl/pull/7778
+
+Daniel Stenberg (28 Sep 2021)
+- scripts/copyright: .muse is .lift now
+
+ And update 5 files with old copyright year range
+
+- cmdline-opts: made the 'Added:' field mandatory
+
+ Since "too old" versions are no longer included in the generated man
+ page, this field is now mandatory so that it won't be forgotten and then
+ not included in the documentation.
+
+ Closes #7786
+
+- curl.1: remove mentions of really old version changes
+
+ To make the man page more readable, this change removes all references
+ to changes in support/versions etc that happened before 7.30.0 from the
+ curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular
+ limit is a bit arbitrary but was fairly easy to grep for.
+
+ It is handled like this: the 'Added' keyword is only used in output if
+ it refers to 7.30.0 or later. All occurances of "(Added in $VERSION)" in
+ description will be stripped out if the mentioned $VERSION is from
+ before 7.30.0. It is therefore important that the "Added in..."
+ references are always written exactly like that - and on a single line,
+ not split over two.
+
+ This change removes about 80 version number references from curl.1, down
+ to 138 from 218.
+
+ Closes #7786
+
+- RELEASE-NOTES: synced
+
+- tool_cb_prg: make resumed upload progress bar show better
+
+ This is a regression that was *probably* injected in the larger progress
+ bar overhaul in 2018.
+
+ Reported-by: beslick5 on github
+ Fixes #7760
+ Closes #7777
+
+- gen.pl: insert the current date and version in generated man page
+
+ Reported-by: Gisle Vanem
+ Ref: #7780
+ Closes #7782
+
+- NTLM: use DES_set_key_unchecked with OpenSSL
+
+ ... as the previously used function DES_set_key() will in some cases
+ reject using a key that it deems "weak" which will cause curl to
+ continue using the unitialized buffer content as key instead.
+
+ Assisted-by: Harry Sintonen
+ Fixes #7779
+ Closes #7781
+
+Marc Hoersken (27 Sep 2021)
+- CI: align make and test flags in various config files
+
+ 1. Use Makefile target to run tests in autotools builds on AppVeyor.
+ 2. Disable testing of SCP protocol on native Windows environments.
+ 3. Remove redundant parameters -a -p from target test-nonflaky.
+ 4. Don't use -vc parameter which is reserved for debugging.
+
+ Replaces #7591
+ Closes #7690
+
+Daniel Stenberg (27 Sep 2021)
+- mailmap: unify Max!
+
+- [Max Dymond brought this change]
+
+ CURLOPT_PREREQFUNCTION: add new callback
+
+ Triggered before a request is made but after a connection is set up
+
+ Changes:
+
+ - callback: Update docs and callback for pre-request callback
+ - Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
+ - Add redirect test and callback failure test
+ - Note that the function may be called multiple times on a redirection
+ - Disable new 2086 test due to Windows weirdness
+
+ Closes #7477
+
+- KNOWN_BUGS: HTTP/2 connections through HTTPS proxy frequently stall
+
+ Closes #6936
+
+- TODO: make configure use --cache-file more and better
+
+ Closes #7753
+
+- [Sergey Markelov brought this change]
+
+ urlapi: support UNC paths in file: URLs on Windows
+
+ - file://host.name/path/file.txt is a valid UNC path
+ \\host.name\path\files.txt to a non-local file transformed into URI
+ (RFC 8089 Appendix E.3)
+
+ - UNC paths on other OSs must be smb: URLs
+
+ Closes #7366
+
+- [Gleb Ivanovsky brought this change]
+
+ urlapi: add curl_url_strerror()
+
+ Add curl_url_strerror() to convert CURLUcode into readable string and
+ facilitate easier troubleshooting in programs using URL API.
+ Extend CURLUcode with CURLU_LAST for iteration in unit tests.
+ Update man pages with a mention of new function.
+ Update example code and tests with new functionality where it fits.
+
+ Closes #7605
+
+- RELEASE-NOTES: synced
+
+- [Mats Lindestam brought this change]
+
+ libssh2: add SHA256 fingerprint support
+
+ Added support for SHA256 fingerprint in command line curl and in
+ libcurl.
+
+ Closes #7646
+
+- libcurl.rc: switch out the copyright symbol for plain ASCII
+
+ Reported-by: Vitaly Varyvdin
+ Assisted-by: Viktor Szakats
+ Fixes #7765
+ Closes #7776
+
+- [Jun-ya Kato brought this change]
+
+ ngtcp2: fix QUIC transport parameter version
+
+ fix inappropriate version setting for QUIC transport parameters.
+ this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29).
+
+ Closes #7771
+
+- examples/imap-append: fix end-of-data check
+
+ Reported-by: Alexander Chuykov
+ Fixes #7774
+ Closes #7775
+
+Michael Kaufmann (24 Sep 2021)
+- vtls: Fix a memory leak if an SSL session cannot be added to the cache
+
+ On connection shutdown, a new TLS session ticket may arrive after the
+ SSL session cache has already been destructed. In this case, the new
+ SSL session cannot be added to the SSL session cache.
+
+ The callers of Curl_ssl_addsessionid() need to know whether the SSL
+ session has been added to the cache. If it has not been added, the
+ reference counter of the SSL session must not be incremented, or memory
+ used by the SSL session must be freed. This is now possible with the new
+ output parameter "added" of Curl_ssl_addsessionid().
+
+ Fixes #7683
+ Closes #7752
+
+Daniel Stenberg (24 Sep 2021)
+- [Momoka Yamamoto brought this change]
+
+ HTTP3.md: use 'autoreconf -fi' instead of buildconf
+
+ buildconf is not used since #5853
+
+ Closes #7746
+
+- GIT-INFO: rephrase to adapt to s/buildconf/autoreconf
+
+- [h1zzz brought this change]
+
+ llist: remove redundant code, branch will not be executed
+
+ Closes #7770
+
+- [tlahn brought this change]
+
+ HTTP-COOKIES.md: remove duplicate 'each'
+
+ Closes #7772
+
+Jay Satiro (24 Sep 2021)
+- [Joel Depooter brought this change]
+
+ libssh2: Get the version at runtime if possible
+
+ Previously this code used a compile time constant, meaning that libcurl
+ always reported the libssh2 version that libcurl was built with. This
+ could differ from the libssh2 version actually being used. The new code
+ uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
+ macro calls the libssh2_version function if it is available, otherwise
+ it falls back to the compile time version.
+
+ Closes https://github.com/curl/curl/pull/7768
+
+- [Joel Depooter brought this change]
+
+ schannel: fix typo
+
+ Closes https://github.com/curl/curl/pull/7769
+
+Daniel Stenberg (23 Sep 2021)
+- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
+
+ To avoid the "... is deprecated" warnings brought by OpenSSL v3.
+ (We need to address the underlying code at some point of course.)
+
+ Assisted-by: Jakub Zakrzewski
+ Closes #7767
+
+- curl-openssl: pass argument to sed single-quoted
+
+ ... instead of using an escaped double-quote. This is an attempt to make
+ this work better with ksh that otherwise would insist on a double
+ escape!
+
+ Reported-by: Randall S. Becker
+ Fixes #7758
+ Closes #7764
+
+- RELEASE-NOTES: synced
+
+ Bumped curlver to 7.80.0-dev
+
+- [a1346054 brought this change]
+
+ misc: fix typos in docs and comments
+
+ No user facing output from curl/libcurl is changed by this, just
+ comments.
+
+ Closes #7747
+
+- [Thomas M. DuBuisson brought this change]
+
+ ci: update Lift config to match requirements of curl build
+
+ Also renamed Muse -> Lift, the new tool name.
+
+ Closes #7761
+
+- [Rikard Falkeborn brought this change]
+
+ cleanup: constify unmodified static structs
+
+ Constify a number of static structs that are never modified. Make them
+ const to show this.
+
+ Closes #7759
+
Version 7.79.1 (22 Sep 2021)
Daniel Stenberg (22 Sep 2021)
@@ -3441,19 +5060,19 @@ Daniel Stenberg (3 Jun 2021)
Add test 3017 and 3018 to verify.
Closes #7166
-- [theawless brought this change]
+- [Abhinav Singh brought this change]
cmake: add CURL_DISABLE_NTLM option
Closes #7028
-- [theawless brought this change]
+- [Abhinav Singh brought this change]
configure: add --disable-ntlm option
Closes #7028
-- [theawless brought this change]
+- [Abhinav Singh brought this change]
define: re-add CURL_DISABLE_NTLM and corresponding ifdefs
@@ -6679,1598 +8298,3 @@ Daniel Gustafsson (26 Feb 2021)
Closes #6665
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
-
-- gnutls: Fix nettle discovery
-
- Commit e06fa7462ac258c removed support for libgcrypt leaving only
- support for nettle which has been the default crypto library in
- GnuTLS for a long time. There were however a few conditionals on
- USE_GNUTLS_NETTLE which cause compilation errors in the metalink
- code (as it used the gcrypt fallback instead as a result). See the
- below autobuild for an example of the error:
-
- https://curl.se/dev/log.cgi?id=20210225123226-30704#prob1
-
- This removes all uses of USE_GNUTLS_NETTLE and also removes the
- gcrypt support from the metalink code while at it.
-
- Closes #6656
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-- cookies: Support multiple -b parameters
-
- Previously only a single -b cookie parameter was supported with the last
- one winning. This adds support for supplying multiple -b params to have
- them serialized semicolon separated. Both cookiefiles and cookies can be
- entered multiple times.
-
- Closes #6649
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (25 Feb 2021)
-- build: remove all traces of USE_BLOCKING_SOCKETS
-
- libcurl doesn't behave properly with the define set
-
- Closes #6655
-
-- RELEASE-NOTES: synced
-
-Daniel Gustafsson (25 Feb 2021)
-- docs: Fix typos
-
- Random typos spotted when skimming docs.
-
-- cookies: Use named parameters in header prototypes
-
- Align header with project style of using named parameters in the
- function prototypes to aid readability and self-documentation.
-
- Closes #6653
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
-
-Daniel Stenberg (24 Feb 2021)
-- urldata: make 'actions[]' use unsigned char instead of int
-
- ... as it only needs a few bits per index anyway.
-
- Reviewed-by: Daniel Gustafsson
- Closes #6648
-
-- configure: fail if --with-quiche is used and quiche isn't found
-
- Closes #6652
-
-- [Gregor Jasny brought this change]
-
- cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
-
- Reviewed-by: Sergei Nikulov
- Closes #6440
-
-Viktor Szakats (23 Feb 2021)
-- mingw: enable using strcasecmp()
-
- This makes the 'Features:' list sorted case-insensitively,
- bringing output in-line with *nix builds.
-
- Reviewed-by: Jay Satiro
- Closes #6644
-
-- build: delete unused feature guards
-
- - `HAVE_STRNCASECMP`
- - `HAVE_TCGETATTR`
- - `HAVE_TCSETATTR`
-
- Reviewed-by: Jay Satiro
- Reviewed-by: Daniel Stenberg
- Closes #6645
-
-Jay Satiro (23 Feb 2021)
-- docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
-
- Closes https://github.com/curl/curl/pull/6639
-
-Daniel Stenberg (23 Feb 2021)
-- [Jacob Hoffman-Andrews brought this change]
-
- configure: make hyper opt-in, and fail if missing
-
- Previously, configure would look for hyper by default, and use it if
- found; otherwise it would not use hyper, and not error.
-
- Now, configure will not look for hyper unless --with-hyper is passed. If
- configure looks for hyper and fails, it will error.
-
- Also, add -ld -lpthread -lm to Hyper's libs. I think they are required.
-
- Closes #6598
-
-- multi: do once-per-transfer inits in before_perform in DID state
-
- ... since the state machine might go to RATELIMITING and then back to
- PERFORMING doing once-per-transfer inits in that function is wrong and
- it caused problems with receiving chunked HTTP and it set the
- PRETRANSFER time much too often...
-
- Regression from b68dc34af341805aeb7b3715 (shipped in 7.75.0)
-
- Reported-by: Amaury Denoyelle
- Fixes #6640
- Closes #6641
-
-- RELEASE-NOTES: synced
-
-- CODE_STYLE.md: fix broken link to INTERNALS
-
- ... the link would only work if browsed on GitHub, while this link now
- takes the user to the website instead and thus should work on either.
-
- Reported-by: David Demelier
-
-- curl_url_set.3: mention CURLU_PATH_AS_IS
-
- ... it has been supported since the URL API was added.
-
- Bug: https://curl.se/mail/lib-2021-02/0046.html
-
- Closes #6638
-
-Viktor Szakats (21 Feb 2021)
-- time: enable 64-bit time_t in supported mingw environments
-
- (Unless 32-bit `time_t` is selected manually via the `_USE_32BIT_TIME_T`
- mingw macro.)
-
- Previously, 64-bit `time_t` was enabled on VS2005 and newer only, and
- 32-bit `time_t` was used on all other Windows builds.
-
- Assisted-by: Jay Satiro
- Closes #6636
-
-Jay Satiro (20 Feb 2021)
-- test1188: Check for --fail HTTP status
-
- - Change the test to check for curl error on HTTP 404 Not Found.
-
- test1188 tests "--write-out with %{onerror} and %{urlnum} to stderr".
- Prior to this change it did that by specifying a non-existent host which
- would cause an error. ISPs may hijack DNS and resolve non-existent hosts
- so the test would not work if that was the case.
-
- Ref: https://en.wikipedia.org/wiki/DNS_hijacking#Manipulation_by_ISPs
- Ref: https://github.com/curl/curl/issues/6621
- Ref: https://github.com/curl/curl/pull/6623
-
- Closes https://github.com/curl/curl/pull/6637
-
-- memdebug: close debug logfile explicitly on exit
-
- - Use atexit to register a dbg cleanup function that closes the logfile.
-
- LeakSantizier (LSAN) calls _exit() instead of exit() when a leak is
- detected on exit so the logfile must be closed explicitly or data could
- be lost. Though _exit() does not call atexit handlers such as this,
- LSAN's call to _exit() comes after the atexit handlers are called.
-
- Prior to this change the logfile was not explicitly closed so it was
- possible that if LSAN detected a leak and called _exit (which does
- not flush or close files like exit) then the logfile could be missing
- data. That could then cause curl's memanalyze to report false leaks
- (eg a malloc was recorded to the logfile but the corresponding free was
- discarded from the buffer instead of written to the logfile, then
- memanalyze reports that as a leak).
-
- Ref: https://github.com/google/sanitizers/issues/1374
-
- Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541
-
- Closes https://github.com/curl/curl/pull/6620
-
-- curl_multibyte: always return a heap-allocated copy of string
-
- - Change the Windows char <-> UTF-8 conversion functions to return an
- allocated copy of the passed in string instead of the original.
-
- Prior to this change the curlx_convert_ functions would, as what I
- assume was an optimization, not make a copy of the passed in string if
- no conversion was required. No conversion is required in non-UNICODE
- Windows builds since our tchar strings are type char and remain in
- whatever the passed in encoding is, which is assumed to be UTF-8 but may
- be other encoding.
-
- In contrast the UNICODE Windows builds require conversion
- (wchar <-> char) and do return a copy. That inconsistency could lead to
- programming errors where the developer expects a copy, and does not
- realize that won't happen in all cases.
-
- Closes https://github.com/curl/curl/pull/6602
-
-Viktor Szakats (19 Feb 2021)
-- http: add new files missed from referrer commit
-
- Ref: 44872aefc2d54f297caf2b0cc887df321bc9d791
- Ref: #6591
-
-- http: add support to read and store the referrer header
-
- - add CURLINFO_REFERER libcurl option
- - add --write-out '%{referer}' command-line option
- - extend --xattr command-line option to fill user.xdg.referrer.url extended
- attribute with the referrer (if there was any)
-
- Closes #6591
-
-Daniel Stenberg (19 Feb 2021)
-- urldata: remove the _ORIG suffix from string names
-
- It doesn't provide any useful info but only makes the names longer.
-
- Closes #6624
-
-- url: fix memory leak if OOM in the HSTS handling
-
- Reported-by: Viktor Szakats
- Bug: https://github.com/curl/curl/pull/6627#issuecomment-781626205
-
- Closes #6628
-
-- gnutls: assume nettle crypto support
-
- nettle has been the default crypto library with GnuTLS since 2010. By
- dropping support for the previous libcrypto, we simplify code.
-
- Closes #6625
-
-- asyn-ares: use consistent resolve error message
-
- ... with the help of Curl_resolver_error() which now is moved from
- asyn-thead.c and is provided globally for this purpose.
-
- Follow-up to 35ca04ce1b77636
-
- Makes test 1188 work for c-ares builds
-
- Closes #6626
-
-Viktor Szakats (18 Feb 2021)
-- ci: stop building on freebsd-12-1
-
- An updated freebsd-12-2 image was added a few months ago, and this
- older one is consistently failing to go past `pkginstall`:
- ```
- Newer FreeBSD version for package py37-mlt:
- To ignore this error set IGNORE_OSVERSION=yes
- - package: 1202000
- - running kernel: 1201000
- Ignore the mismatch and continue? [Y/n]: pkg: repository FreeBSD contains packages for wrong OS version: FreeBSD:12:amd64
- ```
-
- FreeBSD thread suggests that 12.1 is EOL, and best to avoid.
-
- Ref: https://forums.freebsd.org/threads/78856/
-
- Reviewed-by: Daniel Stenberg
- Closes #6622
-
-Daniel Stenberg (18 Feb 2021)
-- test1188: change error from connect to resolve error
-
- Using the %NOLISTENPORT to trigger a connection failure is somewhat
- "risky" (since it isn't guaranteed to not be listened to) and caused
- occasional CI problems. This fix changes the infused error to be a more
- reliable one but still verifies the --write-out functionality properly -
- which is the purpose of this test.
-
- Reported-by: Jay Satiro
- Fixes #6621
- Closes #6623
-
-- url.c: use consistent error message for failed resolve
-
-- BUGS: language polish
-
-- wolfssl: don't store a NULL sessionid
-
- This caused a memory leak as the session id cache entry was still
- erroneously stored with a NULL sessionid and that would later be treated
- as not needed to get freed.
-
- Reported-by: Gisle Vanem
- Fixes #6616
- Closes #6617
-
-- parse_proxy: fix a memory leak in the OOM path
-
- Reported-by: Jay Satiro
- Reviewed-by: Jay Satiro
- Reviewed-by: Emil Engler
-
- Closes #6614
- Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541
-
-Jay Satiro (17 Feb 2021)
-- url: fix possible use-after-free in default protocol
-
- Prior to this change if the user specified a default protocol and a
- separately allocated non-absolute URL was used then it was freed
- prematurely, before it was then used to make the replacement URL.
-
- Bug: https://github.com/curl/curl/issues/6604#issuecomment-780138219
- Reported-by: arvids-kokins-bidstack@users.noreply.github.com
-
- Closes https://github.com/curl/curl/pull/6613
-
-Daniel Stenberg (16 Feb 2021)
-- multi: rename the multi transfer states
-
- While working on documenting the states it dawned on me that step one is
- to use more descriptive names on the states. This also changes prefix on
- the states to make them shorter in the source.
-
- State names NOT ending with *ing are transitional ones.
-
- Closes #6612
-
-Viktor Szakats (16 Feb 2021)
-- http: do not add a referrer header with empty value
-
- Previously an empty 'Referer:' header was added to the HTTP request when
- passing `--referer ';auto'` or `--referer ''` on the command-line. This
- patch makes `--referer` work like `--header 'Referer:'` and will only add
- the header if it has a non-zero length value.
-
- Reviewed-by: Jay Satiro
- Closes #6610
-
-Daniel Stenberg (16 Feb 2021)
-- lib: remove 'conn->data' completely
-
- The Curl_easy pointer struct entry in connectdata is now gone. Just
- before commit 215db086e0 landed on January 8, 2021 there were 919
- references to conn->data.
-
- Closes #6608
-
-- openldap: pass 'data' to the callbacks instead of 'conn'
-
-Jay Satiro (15 Feb 2021)
-- doh: Fix sharing user's resolve list with DOH handles
-
- - Share the shared object from the user's easy handle with the DOH
- handles.
-
- Prior to this change if the user had set a shared object with shared
- cached DNS (CURL_LOCK_DATA_DNS) for their easy handle then that wasn't
- used by any associated DOH handles, since they used the multi's default
- hostcache.
-
- This change means all the handles now use the same hostcache, which is
- either the shared hostcache from the user created shared object if it
- exists or if not then the multi's default hostcache.
-
- Reported-by: Manuj Bhatia
-
- Fixes https://github.com/curl/curl/issues/6589
- Closes https://github.com/curl/curl/pull/6607
-
-Daniel Stenberg (15 Feb 2021)
-- http2: remove conn->data use
-
- ... but instead use a private alternative that points to the "driving
- transfer" from the connection. We set the "user data" associated with
- the connection to be the connectdata struct, but when we drive transfers
- the code still needs to know the pointer to the transfer. We can change
- the user data to become the Curl_easy handle, but with older nghttp2
- version we cannot dynamically update that pointer properly when
- different transfers are used over the same connection.
-
- Closes #6520
-
-- openssl: remove conn->data use
-
- We still make the trace callback function get the connectdata struct
- passed to it, since the callback is anchored on the connection.
-
- Repeatedly updating the callback pointer to set 'data' with
- SSL_CTX_set_msg_callback_arg() doesn't seem to work, probably because
- there might already be messages in the queue with the old pointer.
-
- This code therefore makes sure to set the "logger" handle before using
- OpenSSL calls so that the right easy handle gets used for tracing.
-
- Closes #6522
-
-- RELEASE-NOTES: synced
-
-Jay Satiro (14 Feb 2021)
-- doh: add options to disable ssl verification
-
- - New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
- CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
- same as their respective counterparts.
-
- - New curl tool options --doh-insecure and --doh-cert-status do the same
- as their respective counterparts.
-
- Prior to this change DOH SSL certificate verification settings for
- verifyhost and verifypeer were supposed to be inherited respectively
- from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
- were not. As a result DOH verification remained at the default, ie
- enabled, and it was not possible to disable. This commit changes
- behavior so that the DOH verification settings are independent and not
- inherited.
-
- Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676
-
- Fixes https://github.com/curl/curl/issues/4578
- Closes https://github.com/curl/curl/pull/6597
-
-- hostip: fix crash in sync resolver builds that use DOH
-
- - Guard some Curl_async accesses with USE_CURL_ASYNC instead of
- !CURLRES_SYNCH.
-
- This is another follow-up to 8335c64 which moved the async struct from
- the connectdata struct into the Curl_easy struct. A previous follow-up
- 6cd167a fixed building for sync resolver by guarding some async struct
- accesses with !CURLRES_SYNCH. The problem is since DOH (DNS-over-HTTPS)
- is available as an asynchronous secondary resolver the async struct may
- be used even when libcurl is built for the sync resolver. That means
- that CURLRES_SYNCH and USE_CURL_ASYNC may be defined at the same time.
-
- Closes https://github.com/curl/curl/pull/6603
-
-Daniel Stenberg (13 Feb 2021)
-- KNOWN_BUGS: cannot enable LDAPS on Windows with cmake
-
- Reported-by: Jack Boos Yu
- Closes #6284
-
-- KNOWN_BUGS: Excessive HTTP/2 packets with TCP_NODELAY
-
- Reported-by: Alex Xu
- Closes #6363
-
-- http: use credentials from transfer, not connection
-
- HTTP auth "accidentally" worked before this cleanup since the code would
- always overwrite the connection credentials with the credentials from
- the most recent transfer and since HTTP auth is typically done first
- thing, this has not been an issue. It was still wrong and subject to
- possible race conditions or future breakage if the sequence of functions
- would change.
-
- The data.set.str[] strings MUST remain unmodified exactly as set by the
- user, and the credentials to use internally are instead set/updated in
- state.aptr.*
-
- Added test 675 to verify different credentials used in two requests done
- over a reused HTTP connection, which previously behaved wrongly.
-
- Fixes #6542
- Closes #6545
-
-- test433: clear some home dir env variables
-
- Follow-up to bd6b54ba1f55b5
-
- ... so that XDG_CONFIG_HOME is the only home dir variable set and thus
- used correctly in the test!
-
- Fixes #6599
- Closes #6600
-
-- RELEASE-NOTES: synced
-
- bumped the version to 7.76.0
-
-- travis: install libgsasl-dev to add that to the builds
-
- Closes #6588
-
-- urldata: don't touch data->set.httpversion at run-time
-
- Rename it to 'httpwant' and make a cloned field in the state struct as
- well for run-time updates.
-
- Also: refuse non-supported HTTP versions. Verified with test 129.
-
- Closes #6585
-
-Viktor Szakats (11 Feb 2021)
-- tests: disable .curlrc in more environments
-
- by also setting CURL_HOME and XDG_CONFIG_HOME envvars to the local
- directory.
-
- Reviewed-by: Daniel Stenberg
- Fixes #6595
- Closes #6596
-
-- docs/Makefile.inc: format to be update-friendly
-
- - one source file per line
- - convert tabs to spaces
- - do not align line-continuation backslashes
- - sort source files alphabetically
-
- Reviewed-by: Daniel Stenberg
- Closes #6593
-
-Daniel Stenberg (11 Feb 2021)
-- curl: provide libgsasl version and feature info in -V output
-
- Closes #6592
-
-- gsasl: provide CURL_VERSION_GSASL if built-in
-
- To let applications know the feature is available.
-
- Closes #6592
-
-- curl: add --fail-with-body
-
- Prevent both --fail and --fail-with-body on the same command line.
-
- Verify with test 349, 360 and 361.
-
- Closes #6449
-
-- TODO: remove HSTS
-
- Provided now since commit 7385610d0c74
-
-Jay Satiro (10 Feb 2021)
-- tests: Fix tests failing due to change in curl --help
-
- Follow-up to parent 3183217 which added add missing <mode> argument to
- --create-file-mode <mode>.
-
- Ref: https://github.com/curl/curl/issues/6590
-
-- tool_help: add missing argument for --create-file-mode
-
- Prior to this change the required argument was not shown in curl --help.
-
- before:
- --create-file-mode File mode for created files
-
- after:
- --create-file-mode <mode> File mode (octal) for created files
-
- Reported-by: ZimCodes@users.noreply.github.com
-
- Fixes https://github.com/curl/curl/issues/6590
-
-- create-file-mode.d: add missing Arg tag
-
- Prior to this change the required argument was not shown.
-
- curl.1 before: --create-file-mode
- curl.1 after: --create-file-mode <mode>
-
- Reported-by: ZimCodes@users.noreply.github.com
-
- Fixes https://github.com/curl/curl/issues/6590
-
-Viktor Szakats (10 Feb 2021)
-- gsasl: fix errors/warnings building against libgsasl
-
- - also fix an indentation
- - make Curl_auth_gsasl_token() use CURLcode (by Daniel Stenberg)
-
- Ref: https://github.com/curl/curl/pull/6372#issuecomment-776118711
- Ref: https://github.com/curl/curl/pull/6588
-
- Reviewed-by: Jay Satiro
- Assisted-by: Daniel Stenberg
- Reviewed-by: Simon Josefsson
- Closes #6587
-
-- Makefile.m32: add support for libgsasl dependency
-
- Reviewed-by: Marcel Raad
- Closes #6586
-
-Marcel Raad (10 Feb 2021)
-- ngtcp2: clarify calculation precedence
-
- As suggested by Codacy/cppcheck.
-
- Closes https://github.com/curl/curl/pull/6576
-
-- server: remove redundant condition
-
- `end` is always non-null here.
-
- Closes https://github.com/curl/curl/pull/6576
-
-- lib: remove redundant code
-
- Closes https://github.com/curl/curl/pull/6576
-
-- mqttd: remove unused variable
-
- Closes https://github.com/curl/curl/pull/6576
-
-- tool_paramhlp: reduce variable scope
-
- Closes https://github.com/curl/curl/pull/6576
-
-- tests: reduce variable scopes
-
- Closes https://github.com/curl/curl/pull/6576
-
-- lib: reduce variable scopes
-
- Closes https://github.com/curl/curl/pull/6576
-
-- ftp: fix Codacy/cppcheck warning about null pointer arithmetic
-
- Increment `bytes` only if it is non-null.
-
- Closes https://github.com/curl/curl/pull/6576
-
-Daniel Stenberg (9 Feb 2021)
-- ngtcp2: adapt to the new recv_datagram callback
-
-- quiche: fix build error: use 'int' for port number
-
- Follow-up to cb2dc1ba8
-
-- ftp: add 'list_only' to the transfer state struct
-
- and rename it from 'ftp_list_only' since it is also used for SSH and
- POP3. The state is updated internally for 'type=D' FTP URLs.
-
- Added test case 1570 to verify.
-
- Closes #6578
-
-- ftp: add 'prefer_ascii' to the transfer state struct
-
- ... and make sure the code never updates 'set.prefer_ascii' as it breaks
- handle reuse which should use the setting as the user specified it.
-
- Added test 1569 to verify: it first makes an FTP transfer with ';type=A'
- and then another without type on the same handle and the second should
- then use binary. Previously, curl failed this.
-
- Closes #6578
-
-- RELEASE-NOTES: synced
-
-- [Jacob Hoffman-Andrews brought this change]
-
- vtls: initial implementation of rustls backend
-
- This adds a new TLS backend, rustls. It uses the C-to-rustls bindings
- from https://github.com/abetterinternet/crustls.
-
- Rustls is at https://github.com/ctz/rustls/.
-
- There is still a fair bit to be done, like sending CloseNotify on
- connection shutdown, respecting CAPATH, and properly indicating features
- like "supports TLS 1.3 ciphersuites." But it works well enough to make
- requests and receive responses.
-
- Blog post for context:
- https://www.abetterinternet.org/post/memory-safe-curl/
-
- Closes #6350
-
-- [Simon Josefsson brought this change]
-
- sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
-
- Closes #6372
-
-Jay Satiro (9 Feb 2021)
-- lib: use int type for more port variables
-
- This is a follow-up to 764c6bd. Prior to that change port variables
- were usually type long.
-
- Closes https://github.com/curl/curl/pull/6553
-
-- tool_writeout: refactor write-out and write-out json
-
- - Deduplicate the logic used by write-out and write-out json.
-
- Rather than have separate writeLong, writeString, etc, logic for
- each of write-out and write-out json instead have respective shared
- functions that can output either format and a 'use_json' parameter to
- indicate whether it is json that is output.
-
- This will make it easier to maintain. Rather than have to go through
- two sets of logic now we only have to go through one.
-
- - Support write-out %{errormsg} and %{exitcode} in json.
-
- - Clarify in the doc that %{exitcode} is the exit code of the transfer.
-
- Prior to this change it just said "The numerical exitcode" which
- implies it's the exit code of the tool, and it's not necessarily that.
-
- Closes https://github.com/curl/curl/pull/6544
-
-- lib: drop USE_SOCKETPAIR in favor of CURL_DISABLE_SOCKETPAIR
-
- .. since the former is undocumented and they both do the same thing.
-
- Closes https://github.com/curl/curl/pull/6517
-
-- curl_multibyte: fall back to local code page stat/access on Windows
-
- If libcurl is built with Unicode support for Windows then it is assumed
- the filename string is Unicode in UTF-8 encoding and it is converted to
- UTF-16 to be passed to the wide character version of the respective
- function (eg wstat). However the filename string may actually be in the
- local encoding so, even if it successfully converted to UTF-16, if it
- could not be stat/accessed then try again using the local code page
- version of the function (eg wstat fails try stat).
-
- We already do this with fopen (ie wfopen fails try fopen), so I think it
- makes sense to extend it to stat and access functions.
-
- Closes https://github.com/curl/curl/pull/6514
-
-- [Stephan Szabo brought this change]
-
- file: Support unicode urls on windows
-
- Closes https://github.com/curl/curl/pull/6501
-
-- [Vincent Torri brought this change]
-
- cmake: fix import library name for non-MS compiler on Windows
-
- - Use _imp.lib suffix only for Microsoft's compiler (MSVC).
-
- Prior to this change library suffix _imp.lib was used for the import
- library on Windows regardless of compiler.
-
- With this change the other compilers should now use their default
- suffix which should be .dll.a.
-
- This change is motivated by the usage of pkg-config on MSYS2.
- Indeed, when 'pkg-config --libs libcurl' is used, -lcurl is
- passed to ld. The documentation of ld on Windows :
-
- https://sourceware.org/binutils/docs/ld/WIN32.html
-
- lists, in the 'direct linking to a dll' section, the pattern
- of the searched import library, and libcurl_imp.lib is not there.
-
- Closes https://github.com/curl/curl/pull/6225
-
-Daniel Stenberg (9 Feb 2021)
-- urldata: move 'followlocation' to UrlState
-
- As this is a state variable it does not belong in UserDefined which is
- used to store values set by the user.
-
- Closes #6582
-
-- [Ikko Ashimine brought this change]
-
- http_proxy: fix typo in http_proxy.c
-
- settting -> setting
-
- Closes #6583
-
-- [Fabian Keil brought this change]
-
- tests/server: Bump MAX_TAG_LEN to 200
-
- This is useful for tests containing HTML inside of <data> sections.
- For <img> tags it's not uncommon to be longer than the previous
- limit of 79 bytes.
-
- An example of a previously problem-causing tag is:
- <img src="http://config.privoxy.org/send-banner?type=auto" border="0" title="Killed-http://www.privoxy.org/images/privoxy.png-by-size" width="88" height="31">
- which is needed for a Privoxy test for the banners-by-size filter.
-
- Previously it caused server failures like:
- 12:29:05.786961 ====> Client connect
- 12:29:05.787116 accept_connection 3 returned 4
- 12:29:05.787194 accept_connection 3 returned 0
- 12:29:05.787285 Read 119 bytes
- 12:29:05.787345 Process 119 bytes request
- 12:29:05.787407 Got request: GET /banners-by-size/9 HTTP/1.1
- 12:29:05.787464 Requested test number 9 part 0
- 12:29:05.787686 getpart() failed with error: -2
- 12:29:05.787744 - request found to be complete (9)
- 12:29:05.787912 getpart() failed with error: -2
- 12:29:05.788048 Wrote request (119 bytes) input to log/server.input
- 12:29:05.788157 Send response test9 section <data>
- 12:29:05.788443 getpart() failed with error: -2
- 12:29:05.788498 instructed to close connection after server-reply
- 12:29:05.788550 ====> Client disconnect 0
- 12:29:05.871448 exit_signal_handler: 15
- 12:29:05.871714 signalled to die
- 12:29:05.872040 ========> IPv4 sws (port 21108 pid: 51758) exits with signal (15)
-
-- [Fabian Keil brought this change]
-
- tests/badsymbols.pl: when opening '$incdir' fails include it in the error message
-
-- [Fabian Keil brought this change]
-
- runtests.1: document -o, -P, -L, and -E
-
-- [Fabian Keil brought this change]
-
- runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
-
-- [Fabian Keil brought this change]
-
- runtests.pl: add an -o option to change internal variables
-
- runtests.pl has lots of internal variables one might want to
- change in certain situations, but adding a dedicated option
- for every single one of them isn't practical.
-
- Usage:
- ./runtests.pl -o TESTDIR=$privoxy_curl_test_dir -o HOSTIP=10.0.0.1 ...
-
-- [Fabian Keil brought this change]
-
- runtests.pl: cleanups
-
- - show the summarized test result in the last line of the report
- - do not use $_ after mapping it to a named variable
- Doing that makes the code harder to follow.
- - log the restraints sorted by the number of their occurrences
- - fix language when logging restraints that only occured once
- - let runhttpserver() use $TESTDIR instead of $srcdir
- ... so it works if a non-default $TESTDIR is being used.
-
-- [Fabian Keil brought this change]
-
- runtests.pl: add an -E option to specify an exclude file
-
- It can contain additional restraints for test numbers,
- keywords and tools.
-
- The idea is to let third parties like the Privoxy project
- distribute an exclude file with their tarballs that specifies
- which curl tests are not expected to work when using Privoxy
- as a proxy, without having to fork the whole curl test suite.
-
- The syntax could be changed to be extendable and maybe
- more closely reflect the "curl test" syntax. Currently
- it's a bunch of lines like these:
-
- test:$TESTNUMBER:Reason why this test with number $TESTNUMBER should be skipped
- keyword:$KEYWORD:Reason why tests whose keywords contain the $KEYWORD should be skipped
- tool:$TOOL:Reason why tests with tools that contain $TOOL should be skipped
-
- To specify multiple $TESTNUMBERs, $KEYWORDs and $TOOLs
- on a single line, split them with commas.
-
-- [Fabian Keil brought this change]
-
- runtests.pl: add -L parameter to require additional perl libraries
-
- This is useful to change the behaviour of the script without
- having to modify the file itself, for example to use a custom
- compareparts() function that ignores header differences that
- are expected to occur when an external proxy is being used.
-
- Such differences are proxy-specific and thus the modifications
- should be maintained together with the proxy.
-
-- [Fabian Keil brought this change]
-
- runtests.pl: add a -P option to specify an external proxy
-
- ... that should be used when executing the tests.
-
- The assumption is that the proxy is an HTTP proxy.
-
- This option should be used together with -L to provide
- a customized compareparts() version that knows which
- proxy-specific header differences should be ignored.
-
- This option doesn't work for all test types yet.
-
-- [Fabian Keil brought this change]
-
- tests: fixup several tests
-
- missing CRs and modified %hostip
-
- lib556/test556: use a real HTTP version to make test reuse more convenient
-
- make sure the weekday in Date headers matches the date
-
- test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d)
-
- Gets the test working with external proxies like Privoxy again.
-
- Closes #6463
-
-- ftp: never set data->set.ftp_append outside setopt
-
- Since the set value then risks getting used like that when the easy
- handle is reused by the application.
-
- Also: renamed the struct field from 'ftp_append' to 'remote_append'
- since it is also used for SSH protocols.
-
- Closes #6579
-
-- urldata: remove the 'rtspversion' field
-
- from struct connectdata and the corresponding code in http.c that set
- it. It was never used for anything!
-
- Closes #6581
-
-- CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
-
- ... so passed in commands may confuse libcurl's knowledge of state.
-
- Reported-by: Bodo Bergmann
- Fixes #6577
- Closes #6580
-
-- [Jacob Hoffman-Andrews brought this change]
-
- vtls: factor out Curl_ssl_getsock to field of Curl_ssl
-
- Closes #6558
-
-- RELEASE-PROCEDURE: remove old release dates, add new
-
-- docs/SSL-PROBLEMS: enhanced
-
- Elaborate on the intermediate cert issue, and mention that anything
- below TLS 1.2 is generally considered insecure these days.
-
- Closes #6572
-
-- THANKS: remove a Jon Rumsey dupe
-
-Daniel Gustafsson (5 Feb 2021)
-- [nimaje brought this change]
-
- docs: fix FILE example url in --metalink documentation
-
- In a url after <scheme>:// follows the possibly empty authority part
- till the next /, so that url missed a /.
-
- Closes #6573
- Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
-
-Daniel Stenberg (5 Feb 2021)
-- hostip: fix build with sync resolver
-
- Reported-by: David Goerger
- Follow-up from 8335c6417
- Fixes #6566
- Closes #6568
-
-- mailmap: Jon Rumsey
-
-- [Jon Rumsey brought this change]
-
- gskit: correct the gskit_send() prototype
-
- gskit_send() first paramater is a pointer to Curl_easy not connectdata
- struct.
-
- Closes #6570
- Fixes #6569
-
-- urldata: fix build without HTTP and MQTT
-
- Reported-by: Joseph Chen
- Fixes #6562
- Closes #6563
-
-- ftp: avoid SIZE when asking for a TYPE A file
-
- ... as we ignore it anyway because servers don't report the correct size
- and proftpd even blatantly returns a 550.
-
- Updates a set of tests accordingly.
-
- Reported-by: awesomenode on github
- Fixes #6564
- Closes #6565
-
-- pingpong: rename the curl_pp_transfer enum to use PP prefix
-
- Using an FTP prefix for PP provided functionality was misleading.
-
-- RELEASE-NOTES: synced
-
- ... and bump pending version to 7.75.1 (for now)
-
-Jay Satiro (4 Feb 2021)
-- build: fix --disable-http-auth
-
- Broken since 215db08 (precedes 7.75.0).
-
- Reported-by: Benbuck Nason
-
- Fixes https://github.com/curl/curl/issues/6567
-
-- build: fix --disable-dateparse
-
- Broken since 215db08 (precedes 7.75.0).
-
- Bug: https://curl.se/mail/lib-2021-02/0008.html
- Reported-by: Firefox OS
-
-Daniel Stenberg (4 Feb 2021)
-- [Jon Rumsey brought this change]
-
- OS400: update for CURLOPT_AWS_SIGV4
-
- chkstrings fails because a new string option that could require codepage
- conversion has been added.
-
- Closes #6561
- Fixes #6560
-
-- BUG-BOUNTY: removed the cooperation mention
-
-Version 7.75.0 (3 Feb 2021)
-
-Daniel Stenberg (3 Feb 2021)
-- RELEASE-NOTES: synced
-
-- THANKS: added contributors from 7.75.0
-
-- copyright: fix year ranges in need of updates
-
-- TODO: remove items for next SONAME bump etc
-
- We want to avoid that completely, so we don't plan for things after such
- an event.
-
-- [Jay Satiro brought this change]
-
- ngtcp2: Fix build error due to change in ngtcp2_settings
-
- - Separate ngtcp2_transport_params.
-
- ngtcp2/ngtcp2@05d7adc made ngtcp2_transport_params separate from
- ngtcp2_settings.
-
- ngtcp2 master is required to build curl with http3 support.
-
- Closes #6554
-
-- vtls: remove md5sum
-
- As it is not used anymore.
-
- Reported-by: Jacob Hoffman-Andrews
- Bug: https://curl.se/mail/lib-2021-02/0000.html
-
- Closes #6557
-
-- [Alessandro Ghedini brought this change]
-
- quiche: don't use primary_ip / primary_port
-
- Closes #6555
-
-Alessandro Ghedini (1 Feb 2021)
-- travis: enable quiche's FFI feature
-
-Daniel Stenberg (30 Jan 2021)
-- [Dmitry Wagin brought this change]
-
- http: improve AWS HTTP v4 Signature auth
-
- - Add support services without region and service prefixes in
- the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
- by providing region and service parameters via aws-sigv4 option.
- - Add [:region[:service]] suffix to aws-sigv4 option;
- - Fix memory allocation errors.
- - Refactor memory management.
- - Use Curl_http_method instead() STRING_CUSTOMREQUEST.
- - Refactor canonical headers generating.
- - Remove repeated sha256_to_hex() usage.
- - Add some docs fixes.
- - Add some codestyle fixes.
- - Add overloaded strndup() for debug - curl_dbg_strndup().
- - Update tests.
-
- Closes #6524
-
-- hyper: fix CONNECT to set 'data' as userdata
-
- Follow-up to 14e075d1a7fd
-
-- [Layla brought this change]
-
- connect: fix compile errors in `Curl_conninfo_local`
-
- .. for the `#else` (`!HAVE_GETSOCKNAME`) case
-
- Fixes https://github.com/curl/curl/issues/6548
- Closes #6549
-
- Signed-off-by: Layla <layla@insightfulvr.com>
-
-- [Michał Antoniak brought this change]
-
- transfer: fix GCC 10 warning with flag '-Wint-in-bool-context'
-
- ... and return the error code from the Curl_mime_rewind call.
-
- Closes #6537
-
-- [Michał Antoniak brought this change]
-
- avoid warning: enum constant in boolean context
-
-- copyright: fix missing year (range) updates
-
-- RELEASE-NOTES: synced
-
-- openssl: lowercase the hostname before using it for SNI
-
- ... because it turns out several servers out there don't actually behave
- correctly otherwise in spite of the fact that the SNI field is
- specifically said to be case insensitive in RFC 6066 section 3.
-
- Reported-by: David Earl
- Fixes #6540
- Closes #6543
-
-- KNOWN_BUGS: cmake: ExternalProject_Add does not set CURL_CA_PATH
-
- Closes #6313
-
-- KNOWN_BUGS: Multi perform hangs waiting for threaded resolver
-
- Closes #4852
-
-- KNOWN_BUGS: "pulseUI VPN client" is known to be buggy
-
- First entry in the new section "applications" for known problems in
- libcurl using applications.
-
- Closes #6306
-
-- tool_writeout: make %{errormsg} blank for no errors
-
- Closes #6539
-
-Jay Satiro (27 Jan 2021)
-- [Gisle Vanem brought this change]
-
- build: fix djgpp builds
-
- - Update build instructions in packages/DOS/README
-
- - Extend 'VPATH' with 'vquic' and 'vssh'.
-
- - Allow 'Makefile.dist' to build both 'lib' and 'src'.
-
- - Allow using the Windows hosted djgpp cross compiler to build for MSDOS
- under Windows.
-
- - 'USE_SSL' -> 'USE_OPENSSL'
-
- - Added a 'link_EXE' macro. Etc, etc.
-
- - Linking 'curl.exe' needs '$(CURLX_CFILES)' too.
-
- - Do not pick-up '../lib/djgpp/*.o' files. Recompile locally.
-
- - Generate a gzipped 'tool_hugehelp.c' if 'USE_ZLIB=1'.
-
- - Remove 'djgpp-clean'
-
- - Adapt to new C-ares directory structure
-
- - Use conditional variable assignments
-
- Clarify the 'conditional variable assignment' in 'common.dj'.
-
- Closes https://github.com/curl/curl/pull/6382
-
-Daniel Stenberg (27 Jan 2021)
-- [Ikko Ashimine brought this change]
-
- hyper: fix typo in c-hyper.c
-
- settting -> setting
-
- Closes #6538
-
-- libssh2: fix CURL_LIBSSH2_DEBUG-enabled build
-
- Follow-up to 2dcc940959772a
-
- Reported-by: Gisle Vanem
- Bug: https://github.com/curl/curl/commit/2dcc940959772a652f6813fb6bd3092095a4877b#commitcomment-46420088
-
-Jay Satiro (27 Jan 2021)
-- asyn-thread: fix build for when getaddrinfo missing
-
- This is a follow-up to 8315343 which several days ago moved the resolver
- pointer into the async struct but did not update the code that uses it
- when getaddrinfo is not present.
-
- Closes https://github.com/curl/curl/pull/6536
-
-Daniel Stenberg (27 Jan 2021)
-- urldata: move 'ints' to the end of 'connectdata'
-
- To optimize storage slightly.
-
- Closes #6534
-
-- urldata: store ip version in a single byte
-
- Closes #6534
-
-- urldata: remove duplicate 'upkeep_interval_ms' from connectdata
-
- ... and rely only on the value already set in Curl_easy.
-
- Closes #6534
-
-- urldata: remove 'local_ip' from the connectdata struct
-
- As the info is already stored in the transfer handle anyway, there's no
- need to carry around a duplicate buffer for the life-time of the handle.
-
- Closes #6534
-
-- urldata: remove duplicate port number storage
-
- ... and use 'int' for ports. We don't use 'unsigned short' since -1 is
- still often used internally to signify "unknown value" and 0 - 65535 are
- all valid port numbers.
-
- Closes #6534
-
-- urldata: remove the duplicate 'ip_addr_str' field
-
- ... as the numerical IP address is already stored and kept in 'primary_ip'.
-
- Closes #6534
-
-- select: convert Curl_select() to private static function
-
- The old function should not be used anywhere anymore (the only remaining
- gskit use has to be fixed to instead use Curl_poll or none at all).
-
- The static function version is now called our_select() and is only built
- if necessary.
-
- Closes #6531
-
-- Curl_chunker: shrink the struct
-
- ... by removing a field, converting the hex index into a byte and
- rearranging the order. Cuts it down from 48 bytes to 32 on x86_64.
-
- Closes #6527
-
-- curl: include the file name in --xattr/--remote-time error msgs
-
-- curl: s/config->global/global/ in single_transfer()
-
-- curl: move fprintf outputs to warnf
-
- For setting and getting time of the download. To make the outputs
- respect --silent etc.
-
- Reported-by: Viktor Szakats
- Fixes #6533
- Closes #6535
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- ngtcp2: Fix http3 upload stall
-
- Closes #6521
-
-- [Tatsuhiro Tsujikawa brought this change]
-
- ngtcp2: Fix stack buffer overflow
-
- Closes #6521
-
-- warnless.h: remove the prototype for curlx_ultosi
-
- Follow-up to 217552503ff3
-
-- warnless: remove curlx_ultosi
-
- ... not used anywhere
-
- Closes #6530
-
-- [Patrick Monnerat brought this change]
-
- lib: remove conn->data uses
-
- Closes #6515
-
-- pingpong: remove the 'conn' struct member
-
- ... as it's superfluous now when Curl_easy is passed in and we can
- derive the connection from that instead and avoid the duplicate copy.
-
- Closes #6525
-
-- hostip/proxy: remove conn->data use
-
- Closes #6513
-
-- url: reduce conn->data references
-
- ... there are a few left but let's keep them to last
-
- Closes #6512
-
-- scripts/singleuse: add curl_easy_option*
-
-Jay Satiro (25 Jan 2021)
-- test410: fix for windows
-
- - Pass the very long request header via file instead of command line.
-
- Prior to this change the 49k very long request header string was passed
- via command line and on Windows that is too long so it was truncated and
- the test would fail (specifically msys CI).
-
- Closes https://github.com/curl/curl/pull/6516
-
-Daniel Stenberg (25 Jan 2021)
-- libssh2: move data from connection object to transfer object
-
- Readdir data, filenames and attributes are strictly related to the
- transfer and not the connection. This also reduces the total size of the
- fixed connectdata struct.
-
- Closes #6519
-
-- RELEASE-NOTES: synced
-
-- [Patrick Monnerat brought this change]
-
- lib: remove conn->data uses
-
- Closes #6499
-
-- hyper: remove the conn->data references
-
- Closes #6508
-
-- travis: build ngtcp2 --with-gnutls
-
- ... since they disable it by default since a few days back.
-
- Closes #6506
- Fixes #6493
-
-- hostip: remove conn->data from resolver functions
-
- This also moves the 'async' struct from the connectdata struct into the
- Curl_easy struct, which seems like a better home for it.
-
- Closes #6497
-
-Jay Satiro (22 Jan 2021)
-- strerror: skip errnum >= 0 assertion on windows
-
- On Windows an error number may be greater than INT_MAX and negative once
- cast to int.
-
- The assertion is checked only in debug builds.
-
- Closes https://github.com/curl/curl/pull/6504
-
-Daniel Stenberg (21 Jan 2021)
-- doh: make Curl_doh_is_resolved survive a NULL pointer
-
- ... if Curl_doh() returned a NULL, this function gets called anyway as
- in a asynch procedure. Then the doh struct pointer is NULL and signifies
- an OOM situation.
-
- Follow-up to 6246a1d8c6776
-
-- wolfssh: remove conn->data references
-
- ... and repair recent build breakage
-
- Closes #6507
-
-- http: empty reply connection are not left intact
-
- ... so mark the connection as closed in this condition to prevent that
- verbose message to wrongly appear.
-
- Reported-by: Matt Holt
- Bug: https://twitter.com/mholt6/status/1352130240265375744
- Closes #6503
-
-- chunk/encoding: remove conn->data references
-
- ... by anchoring more functions on Curl_easy instead of connectdata
-
- Closes #6498
-
-Jay Satiro (20 Jan 2021)
-- [Erik Olsson brought this change]
-
- lib: save a bit of space with some structure packing
-
- - Reorder some internal struct members so that less padding is used.
-
- This is an attempt at saving a bit of space by packing some structs
- (using pahole to find the holes) where it might make sense to do
- so without losing readability.
-
- I.e., I tried to avoid separating fields that seem grouped
- together (like the cwd... fields in struct ftp_conn for instance).
- Also abstained from touching fields behind conditional macros as
- that quickly can get complicated.
-
- Closes https://github.com/curl/curl/pull/6483
-
-Daniel Stenberg (20 Jan 2021)
-- INSTALL.md: fix typo
-
- Found-by: Marcel Raad
-
-- [Fabian Keil brought this change]
-
- http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
-
- Added test 1613 to verify.
-
- Closes #6490
-
-- Merge branch 'bagder/curl_range-data-conn'
-
-- ftp: remove conn->data leftover
-
-- curl_range: remove conn->data
-
- Closes #6496
-
-- INSTALL: now at 85 operating systems
-
-- quiche: fix unused parameter ‘conn’
-
- Follow-up to 2bdec0b3
-
-- transfer: fix ‘conn’ undeclared mistake for iconv build
-
- Follow-up to 219d9f8620d
-
-- doh: allocate state struct on demand
-
- ... instead of having it static within the Curl_easy struct. This takes
- away 1176 bytes (18%) from the Curl_easy struct that aren't used very
- often and instead makes the code allocate it when needed.
-
- Closes #6492
-
-- socks: use the download buffer instead
-
- The SOCKS code now uses the generic download buffer for temporary
- storage during the connection procedure, instead of having its own
- private 600 byte buffer that adds to the connectdata struct size. This
- works fine because this point the buffer is allocated but is not use for
- download yet since the connection hasn't completed.
-
- This reduces the connection struct size by 22% on a 64bit arch!
-
- The SOCKS buffer needs to be at least 600 bytes, and the download buffer
- is guaranteed to never be smaller than 1000 bytes.
-
- Closes #6491
-
-- urldata: make magic be the first struct field
-
- By making the `magic` identifier the same size and at the same place
- within the structs (easy, multi, share), libcurl will be able to more
- reliably detect and safely error out if an application passes in the
- wrong handle to APIs. Easier to detect and less likely to cause crashes
- if done.
-
- Such mixups can't be detected at compile-time due to them being
- typedefed void pointers - unless `CURL_STRICTER` is defined.
-
- Closes #6484
-
-- http_chunks: correct and clarify a comment on hexnumber length
-
- ... and also rename the define for max length.
-
- Closes #6489
-
-- curl_path: remove conn->data use
-
- Closes #6487
-
-- transfer: remove conn->data use
-
- Closes #6486
-
-- quic: remove conn->data use
-
- Closes #6485
-
-- [Fabian Keil brought this change]
-
- Add test1181: Proxy request with --proxy-header "Connection: Keep-Alive"
-
-- [Fabian Keil brought this change]
-
- Add test1180: Proxy request with -H "Proxy-Connection: Keep-Alive"
-
- At the moment the test fails as curl sends two Proxy-Connection
- headers.
-
-- c-hyper: avoid duplicated Proxy-Connection headers
-
-- http: make providing Proxy-Connection header not cause duplicated headers
-
- Fixes test 1180
-
- Bug: https://curl.se/mail/lib-2021-01/0095.html
- Reported-by: Fabian Keil
- Closes #6472
-
-- runtests: preprocess DISABLED to allow conditionals
-
- ... with this function provided, we can disable tests for specific
- environments and setups directly within this file.
-
- Closes #6477
-
-- runtests: turn preprocessing into a separate function
-
- ... and remove all other variable substitutions as they're now done once
- and for all in the preprocessor.
-
-- lib/Makefile.inc: convert to listing each file on its own line
-
- ... to make it diff friendlier and easier to read.
-
- Closes #6448
-
-- ftplistparser: remove use of conn->data
-
- Closes #6482
-
-- lib: more conn->data cleanups
-
- Closes #6479
-
-- [Patrick Monnerat brought this change]
-
- vtls: reduce conn->data use
-
- Closes #6474
-
-- hyper: deliver data to application with Curl_client_write
-
- ... just as the native code path does. Avoids sending too large data
- chunks in the callback and more.
-
- Reported-by: Gisle Vanem
- Fixes #6462
- Closes #6473
-
-- gopher: remove accidental conn->data leftover
diff --git a/contrib/libs/curl/README b/contrib/libs/curl/README
index b690816e1f..9705f41988 100644
--- a/contrib/libs/curl/README
+++ b/contrib/libs/curl/README
@@ -40,7 +40,7 @@ GIT
git clone https://github.com/curl/curl.git
- (you'll get a directory named curl created, filled with the source code)
+ (you will get a directory named curl created, filled with the source code)
SECURITY PROBLEMS
diff --git a/contrib/libs/curl/RELEASE-NOTES b/contrib/libs/curl/RELEASE-NOTES
index 1829b78807..2dcccb1cd7 100644
--- a/contrib/libs/curl/RELEASE-NOTES
+++ b/contrib/libs/curl/RELEASE-NOTES
@@ -1,23 +1,139 @@
-curl and libcurl 7.79.1
+curl and libcurl 7.80.0
- Public curl releases: 203
- Command line options: 242
- curl_easy_setopt() options: 290
- Public functions in libcurl: 85
- Contributors: 2489
+ Public curl releases: 204
+ Command line options: 243
+ curl_easy_setopt() options: 294
+ Public functions in libcurl: 86
+ Contributors: 2533
+
+This release includes the following changes:
+
+ o CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse [25]
+ o CURLOPT_PREREQFUNCTION: add new callback [17]
+ o libssh2: add SHA256 fingerprint support [4]
+ o urlapi: add curl_url_strerror() [21]
+ o urlapi: support UNC paths in file: URLs on Windows [20]
+ o wolfssl: allow setting of groups/curves [22]
This release includes the following bugfixes:
- o Curl_http2_setup: don't change connection data on repeat invokes [10]
- o curl_multi_fdset: make FD_SET() not operate on sockets out of range [4]
- o dist: provide lib/.checksrc in the tarball [6]
- o FAQ: add GOPHERS + curl works on data, not files
- o hsts: CURLSTS_FAIL from hsts read callback should fail transfer [8]
- o hsts: handle unlimited expiry [3]
- o http: fix the broken >3 digit response code detection [1]
- o strerror: use sys_errlist instead of strerror on Windows [5]
- o test1184: disable [9]
- o tests/sshserver.pl: make it work with openssh-8.7p1 [2]
+ o .github: retry macos "brew install" command on failure [125]
+ o aws-sigv4: make signature work when post data is binary [68]
+ o BINDINGS: URL updates [30]
+ o build: remove checks for WinSock 1 [36]
+ o c-hyper: don't abort CONNECT responses early when auth-in-progress [71]
+ o c-hyper: make Curl_http propagate errors better [50]
+ o c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work [97]
+ o c-hyper: make test 217 run [74]
+ o c-hyper: use hyper_request_set_uri_parts to make h2 better [39]
+ o checksrc: ignore preprocessor lines [64]
+ o CI/makefiles: introduce dedicated test target [34]
+ o ci: update Lift config to match requirements of curl build [1]
+ o cirrus: remove FreeBSD 11.4 from the matrix [62]
+ o cirrus: switch to openldap24-client [63]
+ o cleanup: constify unmodified static structs [2]
+ o cmake: add CURL_ENABLE_SSL option [46]
+ o cmake: fix error getting LOCATION property on non-imported target [59]
+ o CMake: restore support for SecureTransport on iOS [103]
+ o cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED [14]
+ o cmdline-opts: made the 'Added:' field mandatory [37]
+ o configure.ac: replace krb5-config with pkg-config [80]
+ o configure: when hyper is selected, deselect nghttp2 [94]
+ o connect: use sysaddr_un from sys/un.h or custom-defined for windows [23]
+ o curl-confopts.m4: remove --enable/disable-hidden-symbols [70]
+ o curl-openssl.m4: modify library order for openssl linking [40]
+ o curl-openssl: pass argument to sed single-quoted [15]
+ o curl.1: remove mentions of really old version changes [38]
+ o curl: actually append "-" to --range without number only [57]
+ o curl: correct grammar in generated libcurl code [53]
+ o curl: print help descriptions in an aligned right column [16]
+ o curl_gssapi: fix link error on macOS Monterey [55]
+ o curl_multi_socket_action.3: add a "RETURN VALUE" section [106]
+ o curl_ntlm_core: use OpenSSL only if DES is available [42]
+ o Curl_updateconninfo: store addresses for QUIC connections too [90]
+ o CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred [126]
+ o CURLOPT_HSTSWRITEFUNCTION.3: using CURLOPT_HSTS_CTRL is required [114]
+ o CURLOPT_HTTPHEADER.3: add descripion for specific headers [35]
+ o docs/HTTP3: improve build instructions [102]
+ o docs/Makefile.am: repair 'make html' [52]
+ o docs: fix typo in CURLOPT_TRAILERFUNCTION example [93]
+ o docs: provide "RETURN VALUE" section for more func manpages [105]
+ o docs: reduce use of "very" [107]
+ o doh: remove experimental code for DoH with GET [61]
+ o examples/htmltidy: correct wrong printf() use [66]
+ o examples/imap-append: fix end-of-data check [7]
+ o ftp: make the MKD retry to retry once per directory [113]
+ o gen.pl: insert the current date and version in generated man page [11]
+ o gen.pl: replace leading single quotes with \(aq [110]
+ o http2: make getsock not wait for write if there's no remote window [56]
+ o HTTP3: fix the HTTP/3 Explained book link [27]
+ o http: fix Basic auth with empty name field in URL [24]
+ o http: reject HTTP response codes < 100 [92]
+ o http: remove assert that breaks hyper [47]
+ o http: set content length earlier [67]
+ o http_proxy: make hyper CONNECT() return the correct error code [51]
+ o http_proxy: multiple CONNECT with hyper done better [78]
+ o hyper: disable test 1294 since hyper doesn't allow such crazy headers [96]
+ o hyper: does not support disabling CURLOPT_HTTP_TRANSFER_DECODING [72]
+ o hyper: pass the CONNECT line to the debug callback [79]
+ o imap: display quota information [115]
+ o INSTALL: update symbol hiding option [77]
+ o lib/mk-ca-bundle.pl: skip certs passed Not Valid After date [18]
+ o lib: avoid fallthrough cases in switch statements [33]
+ o libcurl.rc: switch out the copyright symbol for plain ASCII [5]
+ o libssh2: Get the version at runtime if possible [12]
+ o limit-rate.d: this is average over several seconds [119]
+ o llist: remove redundant code, branch will not be executed [10]
+ o Makefile.m32: fix to not require OpenSSL with -libssh2 or -rtmp options [100]
+ o maketgz: redirect updatemanpages.pl output to /dev/null
+ o man pages: require all to use the same section header order [101]
+ o manpage: adjust the asterisk in some SYNOPSIS sections [82]
+ o md5: fix compilation with OpenSSL 3.0 API [43]
+ o misc: fix a few issues on MidnightBSD [28]
+ o misc: fix typos in docs and comments [3]
+ o ngtcp2: advertise h3 as well as h3-29 [109]
+ o ngtcp2: compile with the latest nghttp3 [117]
+ o ngtcp2: specify the missing required callback functions [108]
+ o ngtcp2: use latest QUIC TLS RFC9001 [122]
+ o NTLM: use DES_set_key_unchecked with OpenSSL [13]
+ o openssl: if verifypeer is not requested, skip the CA loading [69]
+ o openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway [44]
+ o Revert "src/tool_filetime: disable -Wformat on mingw for this file" [88]
+ o sasl: binary messages [31]
+ o schannel: fix memory leak due to failed SSL connection [89]
+ o scripts/delta: count command line options in the new file
+ o sendf: accept zero-length data in Curl_client_write() [95]
+ o sha256: use high-level EVP interface for OpenSSL [41]
+ o smooth-gtk-thread.c: enhance the mutex lock use [112]
+ o sws: fix memory leak on exit [49]
+ o test1160: edited to work with hyper [83]
+ o test1173: make manpage-syntax.pl spot \n errors in examples
+ o test1185: verify checksrc [58]
+ o test1266/1267: disabled on hyper: no HTTP/0.9 support [99]
+ o test1287: make work on hyper [98]
+ o test207: accept a different error code for hyper [76]
+ o test262: don't attempt with hyper [73]
+ o test552: updated to work with hyper [87]
+ o test559: add 'HTTP' in keywords [86]
+ o tests/smbserver.py: fix compatibility with impacket 0.9.23+ [104]
+ o tests: add Schannel-specific tests and disable unsupported ones [91]
+ o tests: disable test 2043 [54]
+ o tests: kill some test servers afterwards to avoid locked logfiles [111]
+ o tests: use python3 in test 1451 [48]
+ o tls: remove newline from three infof() calls [85]
+ o tool_cb_prg: make resumed upload progress bar show better [9]
+ o tool_listhelp: easier generated with gen.pl [19]
+ o tool_main: fix typo in comment [29]
+ o tool_operate: a failed etag save now only fails that transfer [124]
+ o URL-SYNTAX: add IMAP UID SEARCH example [81]
+ o url: check the return value of curl_url() [75]
+ o url: set "k->size" -1 at start of request [60]
+ o urlapi: skip a strlen(), pass in zero [65]
+ o urlapi: URL decode percent-encoded host names [26]
+ o version_win32: use actual version instead of manifested version [45]
+ o vtls: Fix a memory leak if an SSL session cannot be added to the cache [8]
+ o wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity [32]
+ o zuul: pin the quiche build to use an older cmake-rs [84]
This release includes the following known bugs:
@@ -26,19 +142,146 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
- 0xee on github, Daniel Stenberg, Evangelos Foutras, Glenn de boer,
- Jonathan Cardoso Machado, Kamil Dudka, Marcel Raad, Ray Satiro,
- RiderALT on github, tawmoto on github, Viktor Szakats,
- (11 contributors)
+ 8U61ife on github, a1346054 on github, Abhinav Singh, Alexander Chuykov,
+ Alexander Kanavin, Amaury Denoyelle, Anthony Hu, Axel Morawietz,
+ beslick5 on github, billionai on github, Bo Anderson, Boris Rasin,
+ Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, David Cook, David Hu,
+ Earnestly on github, Eddie Lumpkin, Érico Nogueira, Erik Stenlund,
+ Gisle Vanem, Gleb Ivanovsky, Godwin Stewart, h1zzz on github, Harry Sintonen,
+ Hayden Roche, Jakub Zakrzewski, Jan Mazur, Jeffrey Tolar, Jerome Mao,
+ Joel Depooter, Jonathan Cardoso Machado, Josip Medved, Jun-ya Kato,
+ Kerem Kat, Kevin Burke, Kirill Efimov, Lucas Holt, Malik Idrees Hasan Khan,
+ Marcel Raad, Marc Hörsken, Mats Lindestam, Max Dymond, Michael Afanasiev,
+ Michael Baentsch, Michael Kaufmann, Momoka Yamamoto, Noam Moshe,
+ orycho on github, Patrick Monnerat, Rafał Mikrut, Randall S. Becker,
+ Raul Onitza-Klugman, Ray Satiro, Ricardo Martins, Rick Lane,
+ Rikard Falkeborn, Roger Young, Roy Li, ryancaicse on github, Ryan Mast,
+ Samuel Henrique, Sean Molenaar, Sergey Markelov, Sergio Durigan Junior,
+ sergio-nsk on github, Sharon Brizinov, Stathis Kapnidis,
+ Steini2000 on github, Tatsuhiro Tsujikawa, Thomas M. DuBuisson,
+ tlahn on github, Viktor Szakats, Vitaly Varyvdin, Wyatt O'Day,
+ x2018 on github, Борис Верховский,
+ (78 contributors)
References to bug reports and discussions on issues:
- [1] = https://curl.se/bug/?i=7738
- [2] = https://curl.se/bug/?i=7724
- [3] = https://curl.se/bug/?i=7720
- [4] = https://curl.se/bug/?i=7718
- [5] = https://curl.se/bug/?i=7735
- [6] = https://curl.se/bug/?i=7733
- [8] = https://curl.se/bug/?i=7726
- [9] = https://curl.se/bug/?i=7725
- [10] = https://curl.se/bug/?i=7730
+ [1] = https://curl.se/bug/?i=7761
+ [2] = https://curl.se/bug/?i=7759
+ [3] = https://curl.se/bug/?i=7747
+ [4] = https://curl.se/bug/?i=7646
+ [5] = https://curl.se/bug/?i=7765
+ [7] = https://curl.se/bug/?i=7774
+ [8] = https://curl.se/bug/?i=7683
+ [9] = https://curl.se/bug/?i=7760
+ [10] = https://curl.se/bug/?i=7770
+ [11] = https://curl.se/bug/?i=7782
+ [12] = https://curl.se/bug/?i=7768
+ [13] = https://curl.se/bug/?i=7779
+ [14] = https://curl.se/bug/?i=7767
+ [15] = https://curl.se/bug/?i=7758
+ [16] = https://curl.se/bug/?i=7792
+ [17] = https://curl.se/bug/?i=7477
+ [18] = https://curl.se/bug/?i=7801
+ [19] = https://curl.se/bug/?i=7787
+ [20] = https://curl.se/bug/?i=7366
+ [21] = https://curl.se/bug/?i=7605
+ [22] = https://curl.se/bug/?i=7728
+ [23] = https://curl.se/bug/?i=7737
+ [24] = https://curl.se/bug/?i=7819
+ [25] = https://curl.se/mail/lib-2021-09/0058.html
+ [26] = https://curl.se/bug/?i=7830
+ [27] = https://curl.se/bug/?i=7813
+ [28] = https://curl.se/bug/?i=7812
+ [29] = https://curl.se/bug/?i=7811
+ [30] = https://curl.se/bug/?i=7809
+ [31] = https://curl.se/bug/?i=6930
+ [32] = https://curl.se/bug/?i=7806
+ [33] = https://curl.se/bug/?i=7322
+ [34] = https://curl.se/bug/?i=7785
+ [35] = https://curl.se/bug/?i=7829
+ [36] = https://curl.se/bug/?i=7778
+ [37] = https://curl.se/bug/?i=7786
+ [38] = https://curl.se/bug/?i=7786
+ [39] = https://curl.se/bug/?i=7679
+ [40] = https://curl.se/bug/?i=7826
+ [41] = https://curl.se/bug/?i=7808
+ [42] = https://curl.se/bug/?i=7808
+ [43] = https://curl.se/bug/?i=7808
+ [44] = https://curl.se/bug/?i=7840
+ [45] = https://curl.se/bug/?i=7742
+ [46] = https://curl.se/bug/?i=7822
+ [47] = https://curl.se/bug/?i=7852
+ [48] = https://curl.se/bug/?i=7899
+ [49] = https://curl.se/bug/?i=7849
+ [50] = https://curl.se/bug/?i=7851
+ [51] = https://curl.se/bug/?i=7825
+ [52] = https://curl.se/bug/?i=7853
+ [53] = https://curl.se/bug/?i=7802
+ [54] = https://curl.se/bug/?i=7845
+ [55] = https://curl.se/bug/?i=7657
+ [56] = https://curl.se/bug/?i=7821
+ [57] = https://curl.se/bug/?i=7837
+ [58] = https://curl.se/bug/?i=7866
+ [59] = https://curl.se/bug/?i=7885
+ [60] = https://curl.se/bug/?i=7871
+ [61] = https://curl.se/bug/?i=7870
+ [62] = https://curl.se/bug/?i=7869
+ [63] = https://curl.se/bug/?i=7868
+ [64] = https://curl.se/bug/?i=7863
+ [65] = https://curl.se/bug/?i=7862
+ [66] = https://curl.se/bug/?i=7860
+ [67] = https://github.com/curl/curl/commit/8a16e54#r57374914
+ [68] = https://curl.se/bug/?i=7844
+ [69] = https://curl.se/bug/?i=7892
+ [70] = https://curl.se/bug/?i=7891
+ [71] = https://curl.se/bug/?i=7889
+ [72] = https://curl.se/bug/?i=7889
+ [73] = https://curl.se/bug/?i=7889
+ [74] = https://curl.se/bug/?i=7889
+ [75] = https://curl.se/bug/?i=7917
+ [76] = https://curl.se/bug/?i=7889
+ [77] = https://curl.se/bug/?i=7890
+ [78] = https://curl.se/bug/?i=7888
+ [79] = https://curl.se/bug/?i=7887
+ [80] = https://curl.se/bug/?i=7916
+ [81] = https://github.com/curl/curl/issues/7626
+ [82] = https://curl.se/bug/?i=7884
+ [83] = https://curl.se/bug/?i=7912
+ [84] = https://curl.se/bug/?i=7927
+ [85] = https://curl.se/bug/?i=7879
+ [86] = https://curl.se/bug/?i=7911
+ [87] = https://curl.se/bug/?i=7911
+ [88] = https://curl.se/bug/?i=7941
+ [89] = https://curl.se/bug/?i=7877
+ [90] = https://curl.se/bug/?i=7939
+ [91] = https://curl.se/bug/?i=7968
+ [92] = https://curl.se/bug/?i=7909
+ [93] = https://curl.se/bug/?i=7910
+ [94] = https://curl.se/bug/?i=7908
+ [95] = https://curl.se/bug/?i=7898
+ [96] = https://curl.se/bug/?i=7905
+ [97] = https://curl.se/bug/?i=7905
+ [98] = https://curl.se/bug/?i=7905
+ [99] = https://curl.se/bug/?i=7905
+ [100] = https://curl.se/bug/?i=7895
+ [101] = https://curl.se/bug/?i=7904
+ [102] = https://curl.se/bug/?i=7842
+ [103] = https://curl.se/bug/?i=7501
+ [104] = https://curl.se/bug/?i=7924
+ [105] = https://curl.se/bug/?i=7902
+ [106] = https://curl.se/bug/?i=7901
+ [107] = https://curl.se/bug/?i=7936
+ [108] = https://curl.se/bug/?i=7929
+ [109] = https://curl.se/bug/?i=7979
+ [110] = https://curl.se/bug/?i=7933
+ [111] = https://curl.se/bug/?i=7925
+ [112] = https://curl.se/bug/?i=7926
+ [113] = https://curl.se/bug/?i=7967
+ [114] = https://curl.se/bug/?i=7923
+ [115] = https://curl.se/bug/?i=6973
+ [117] = https://curl.se/bug/?i=7978
+ [119] = https://curl.se/bug/?i=7970
+ [122] = https://curl.se/bug/?i=7960
+ [124] = https://curl.se/bug/?i=7945
+ [125] = https://curl.se/bug/?i=7955
+ [126] = https://curl.se/bug/?i=7957
diff --git a/contrib/libs/curl/include/curl/curl.h b/contrib/libs/curl/include/curl/curl.h
index 835c3d871b..6b6ac8a05e 100644
--- a/contrib/libs/curl/include/curl/curl.h
+++ b/contrib/libs/curl/include/curl/curl.h
@@ -46,8 +46,8 @@
#include <stdio.h>
#include <limits.h>
-#if defined(__FreeBSD__) && (__FreeBSD__ >= 2)
-/* Needed for __FreeBSD_version symbol definition */
+#if (defined(__FreeBSD__) && (__FreeBSD__ >= 2)) || defined(__MidnightBSD__)
+/* Needed for __FreeBSD_version or __MidnightBSD_version symbol definition */
#include <osreldate.h>
#endif
@@ -73,6 +73,7 @@
defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \
defined(__CYGWIN__) || defined(AMIGA) || defined(__NuttX__) || \
(defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) || \
+ (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) || \
defined(__VXWORKS__)
#include <sys/select.h>
#endif
@@ -470,6 +471,20 @@ typedef int (*curl_debug_callback)
size_t size, /* size of the data pointed to */
void *userptr); /* whatever the user please */
+/* This is the CURLOPT_PREREQFUNCTION callback prototype. */
+typedef int (*curl_prereq_callback)(void *clientp,
+ char *conn_primary_ip,
+ char *conn_local_ip,
+ int conn_primary_port,
+ int conn_local_port);
+
+/* Return code for when the pre-request callback has terminated without
+ any errors */
+#define CURL_PREREQFUNC_OK 0
+/* Return code for when the pre-request callback wants to abort the
+ request */
+#define CURL_PREREQFUNC_ABORT 1
+
/* All possible error codes from all sorts of curl functions. Future versions
may return other values, stay prepared.
@@ -2043,7 +2058,8 @@ typedef enum {
/* alt-svc cache file name to possibly read from/write to */
CURLOPT(CURLOPT_ALTSVC, CURLOPTTYPE_STRINGPOINT, 287),
- /* maximum age of a connection to consider it for reuse (in seconds) */
+ /* maximum age (idle time) of a connection to consider it for reuse
+ * (in seconds) */
CURLOPT(CURLOPT_MAXAGE_CONN, CURLOPTTYPE_LONG, 288),
/* SASL authorisation identity */
@@ -2102,6 +2118,20 @@ typedef enum {
this option is used only if PROXY_SSL_VERIFYPEER is true */
CURLOPT(CURLOPT_PROXY_CAINFO_BLOB, CURLOPTTYPE_BLOB, 310),
+ /* used by scp/sftp to verify the host's public key */
+ CURLOPT(CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, CURLOPTTYPE_STRINGPOINT, 311),
+
+ /* Function that will be called immediately before the initial request
+ is made on a connection (after any protocol negotiation step). */
+ CURLOPT(CURLOPT_PREREQFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 312),
+
+ /* Data passed to the CURLOPT_PREREQFUNCTION callback */
+ CURLOPT(CURLOPT_PREREQDATA, CURLOPTTYPE_CBPOINT, 313),
+
+ /* maximum age (since creation) of a connection to consider it for reuse
+ * (in seconds) */
+ CURLOPT(CURLOPT_MAXLIFETIME_CONN, CURLOPTTYPE_LONG, 314),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/contrib/libs/curl/include/curl/curlver.h b/contrib/libs/curl/include/curl/curlver.h
index 556a2290b0..6756c31bff 100644
--- a/contrib/libs/curl/include/curl/curlver.h
+++ b/contrib/libs/curl/include/curl/curlver.h
@@ -30,13 +30,13 @@
/* This is the version number of the libcurl package from which this header
file origins: */
-#define LIBCURL_VERSION "7.79.1"
+#define LIBCURL_VERSION "7.80.0"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 79
-#define LIBCURL_VERSION_PATCH 1
+#define LIBCURL_VERSION_MINOR 80
+#define LIBCURL_VERSION_PATCH 0
/* This is the numeric version of the libcurl version number, meant for easier
parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will
@@ -57,7 +57,7 @@
CURL_VERSION_BITS() macro since curl's own configure script greps for it
and needs it to contain the full number.
*/
-#define LIBCURL_VERSION_NUM 0x074f01
+#define LIBCURL_VERSION_NUM 0x075000
/*
* This is the date and time when the full source package was created. The
@@ -68,7 +68,7 @@
*
* "2007-11-23"
*/
-#define LIBCURL_TIMESTAMP "2021-09-22"
+#define LIBCURL_TIMESTAMP "2021-11-10"
#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z))
#define CURL_AT_LEAST_VERSION(x,y,z) \
diff --git a/contrib/libs/curl/include/curl/typecheck-gcc.h b/contrib/libs/curl/include/curl/typecheck-gcc.h
index 34d0267ed9..9e14d8a372 100644
--- a/contrib/libs/curl/include/curl/typecheck-gcc.h
+++ b/contrib/libs/curl/include/curl/typecheck-gcc.h
@@ -317,6 +317,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
(option) == CURLOPT_SERVICE_NAME || \
(option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \
(option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \
+ (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 || \
(option) == CURLOPT_SSH_KNOWNHOSTS || \
(option) == CURLOPT_SSH_PRIVATE_KEYFILE || \
(option) == CURLOPT_SSH_PUBLIC_KEYFILE || \
@@ -363,6 +364,7 @@ CURLWARNING(_curl_easy_getinfo_err_curl_off_t,
(option) == CURLOPT_INTERLEAVEDATA || \
(option) == CURLOPT_IOCTLDATA || \
(option) == CURLOPT_OPENSOCKETDATA || \
+ (option) == CURLOPT_PREREQDATA || \
(option) == CURLOPT_PROGRESSDATA || \
(option) == CURLOPT_READDATA || \
(option) == CURLOPT_SEEKDATA || \
diff --git a/contrib/libs/curl/include/curl/urlapi.h b/contrib/libs/curl/include/curl/urlapi.h
index 1d70880117..3c4b4e18aa 100644
--- a/contrib/libs/curl/include/curl/urlapi.h
+++ b/contrib/libs/curl/include/curl/urlapi.h
@@ -47,7 +47,8 @@ typedef enum {
CURLUE_NO_HOST, /* 14 */
CURLUE_NO_PORT, /* 15 */
CURLUE_NO_QUERY, /* 16 */
- CURLUE_NO_FRAGMENT /* 17 */
+ CURLUE_NO_FRAGMENT, /* 17 */
+ CURLUE_LAST
} CURLUcode;
typedef enum {
@@ -118,6 +119,12 @@ CURL_EXTERN CURLUcode curl_url_get(CURLU *handle, CURLUPart what,
CURL_EXTERN CURLUcode curl_url_set(CURLU *handle, CURLUPart what,
const char *part, unsigned int flags);
+/*
+ * curl_url_strerror() turns a CURLUcode value into the equivalent human
+ * readable error string. This is useful for printing meaningful error
+ * messages.
+ */
+CURL_EXTERN const char *curl_url_strerror(CURLUcode);
#ifdef __cplusplus
} /* end of extern "C" */
diff --git a/contrib/libs/curl/lib/asyn-ares.c b/contrib/libs/curl/lib/asyn-ares.c
index 895a9e55dd..f8a21175ab 100644
--- a/contrib/libs/curl/lib/asyn-ares.c
+++ b/contrib/libs/curl/lib/asyn-ares.c
@@ -343,7 +343,7 @@ static int waitperform(struct Curl_easy *data, timediff_t timeout_ms)
nfds = 0;
if(!nfds)
- /* Call ares_process() unconditonally here, even if we simply timed out
+ /* Call ares_process() unconditionally here, even if we simply timed out
above, as otherwise the ares name resolve won't timeout! */
ares_process_fd((ares_channel)data->state.async.resolver, ARES_SOCKET_BAD,
ARES_SOCKET_BAD);
diff --git a/contrib/libs/curl/lib/c-hyper.c b/contrib/libs/curl/lib/c-hyper.c
index b9180fec52..a19a556b6f 100644
--- a/contrib/libs/curl/lib/c-hyper.c
+++ b/contrib/libs/curl/lib/c-hyper.c
@@ -156,13 +156,15 @@ static int hyper_each_header(void *userdata,
Curl_debug(data, CURLINFO_HEADER_IN, headp, len);
- writetype = CLIENTWRITE_HEADER;
- if(data->set.include_header)
- writetype |= CLIENTWRITE_BODY;
- result = Curl_client_write(data, writetype, headp, len);
- if(result) {
- data->state.hresult = CURLE_ABORTED_BY_CALLBACK;
- return HYPER_ITER_BREAK;
+ if(!data->state.hconnect || !data->set.suppress_connect_headers) {
+ writetype = CLIENTWRITE_HEADER;
+ if(data->set.include_header)
+ writetype |= CLIENTWRITE_BODY;
+ result = Curl_client_write(data, writetype, headp, len);
+ if(result) {
+ data->state.hresult = CURLE_ABORTED_BY_CALLBACK;
+ return HYPER_ITER_BREAK;
+ }
}
data->info.header_size += (long)len;
@@ -205,7 +207,8 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk)
k->exp100 = EXP100_FAILED;
}
}
- if(data->state.hconnect && (data->req.httpcode/100 != 2)) {
+ if(data->state.hconnect && (data->req.httpcode/100 != 2) &&
+ data->state.authproxy.done) {
done = TRUE;
result = CURLE_OK;
}
@@ -260,6 +263,12 @@ static CURLcode status_line(struct Curl_easy *data,
if(http_version == HYPER_HTTP_VERSION_1_0)
data->state.httpwant = CURL_HTTP_VERSION_1_0;
+ if(data->state.hconnect)
+ /* CONNECT */
+ data->info.httpproxycode = http_status;
+
+ /* We need to set 'httpcodeq' for functions that check the response code in
+ a single place. */
data->req.httpcode = http_status;
result = Curl_http_statusline(data, conn);
@@ -277,16 +286,18 @@ static CURLcode status_line(struct Curl_easy *data,
len = Curl_dyn_len(&data->state.headerb);
Curl_debug(data, CURLINFO_HEADER_IN, Curl_dyn_ptr(&data->state.headerb),
len);
- writetype = CLIENTWRITE_HEADER;
- if(data->set.include_header)
- writetype |= CLIENTWRITE_BODY;
- result = Curl_client_write(data, writetype,
- Curl_dyn_ptr(&data->state.headerb), len);
- if(result) {
- data->state.hresult = CURLE_ABORTED_BY_CALLBACK;
- return HYPER_ITER_BREAK;
- }
+ if(!data->state.hconnect || !data->set.suppress_connect_headers) {
+ writetype = CLIENTWRITE_HEADER;
+ if(data->set.include_header)
+ writetype |= CLIENTWRITE_BODY;
+ result = Curl_client_write(data, writetype,
+ Curl_dyn_ptr(&data->state.headerb), len);
+ if(result) {
+ data->state.hresult = CURLE_ABORTED_BY_CALLBACK;
+ return HYPER_ITER_BREAK;
+ }
+ }
data->info.header_size += (long)len;
data->req.headerbytecount += (long)len;
data->req.httpcode = http_status;
@@ -299,8 +310,14 @@ static CURLcode status_line(struct Curl_easy *data,
*/
static CURLcode empty_header(struct Curl_easy *data)
{
- return hyper_each_header(data, NULL, 0, NULL, 0) ?
- CURLE_WRITE_ERROR : CURLE_OK;
+ CURLcode result = Curl_http_size(data);
+ if(!result) {
+ result = hyper_each_header(data, NULL, 0, NULL, 0) ?
+ CURLE_WRITE_ERROR : CURLE_OK;
+ if(result)
+ failf(data, "hyperstream: couldn't pass blank header");
+ }
+ return result;
}
CURLcode Curl_hyper_stream(struct Curl_easy *data,
@@ -443,11 +460,9 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data,
break;
}
- if(empty_header(data)) {
- failf(data, "hyperstream: couldn't pass blank header");
- result = CURLE_OUT_OF_MEMORY;
+ result = empty_header(data);
+ if(result)
break;
- }
/* Curl_http_auth_act() checks what authentication methods that are
* available and decides which one (if any) to use. It will set 'newurl'
@@ -584,9 +599,22 @@ static CURLcode request_target(struct Curl_easy *data,
if(result)
return result;
- if(hyper_request_set_uri(req, (uint8_t *)Curl_dyn_uptr(&r),
- Curl_dyn_len(&r))) {
- failf(data, "error setting path");
+ if(h2 && hyper_request_set_uri_parts(req,
+ /* scheme */
+ (uint8_t *)data->state.up.scheme,
+ strlen(data->state.up.scheme),
+ /* authority */
+ (uint8_t *)conn->host.name,
+ strlen(conn->host.name),
+ /* path_and_query */
+ (uint8_t *)Curl_dyn_uptr(&r),
+ Curl_dyn_len(&r))) {
+ failf(data, "error setting uri parts to hyper");
+ result = CURLE_OUT_OF_MEMORY;
+ }
+ else if(!h2 && hyper_request_set_uri(req, (uint8_t *)Curl_dyn_uptr(&r),
+ Curl_dyn_len(&r))) {
+ failf(data, "error setting uri to hyper");
result = CURLE_OUT_OF_MEMORY;
}
else
@@ -850,6 +878,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
io = hyper_io_new();
if(!io) {
failf(data, "Couldn't create hyper IO");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
/* tell Hyper how to read/write network data */
@@ -862,6 +891,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
h->exec = hyper_executor_new();
if(!h->exec) {
failf(data, "Couldn't create hyper executor");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
}
@@ -869,6 +899,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
options = hyper_clientconn_options_new();
if(!options) {
failf(data, "Couldn't create hyper client options");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
if(conn->negnpn == CURL_HTTP_VERSION_2) {
@@ -882,6 +913,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
handshake = hyper_clientconn_handshake(io, options);
if(!handshake) {
failf(data, "Couldn't create hyper client handshake");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
io = NULL;
@@ -889,6 +921,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
if(HYPERE_OK != hyper_executor_push(h->exec, handshake)) {
failf(data, "Couldn't hyper_executor_push the handshake");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
handshake = NULL; /* ownership passed on */
@@ -896,6 +929,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
task = hyper_executor_poll(h->exec);
if(!task) {
failf(data, "Couldn't hyper_executor_poll the handshake");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
@@ -905,6 +939,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
req = hyper_request_new();
if(!req) {
failf(data, "Couldn't hyper_request_new");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
@@ -912,12 +947,14 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
if(HYPERE_OK != hyper_request_set_version(req,
HYPER_HTTP_VERSION_1_0)) {
failf(data, "error setting HTTP version");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
}
if(hyper_request_set_method(req, (uint8_t *)method, strlen(method))) {
failf(data, "error setting method");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
@@ -928,51 +965,81 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
headers = hyper_request_headers(req);
if(!headers) {
failf(data, "hyper_request_headers");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
rc = hyper_request_on_informational(req, http1xx_cb, data);
- if(rc)
- return CURLE_OUT_OF_MEMORY;
+ if(rc) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto error;
+ }
result = Curl_http_body(data, conn, httpreq, &te);
if(result)
- return result;
-
- if(data->state.aptr.host &&
- Curl_hyper_header(data, headers, data->state.aptr.host))
goto error;
- if(data->state.aptr.proxyuserpwd &&
- Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd))
- goto error;
+ if(!h2) {
+ if(data->state.aptr.host) {
+ result = Curl_hyper_header(data, headers, data->state.aptr.host);
+ if(result)
+ goto error;
+ }
+ }
+ else {
+ /* For HTTP/2, we show the Host: header as if we sent it, to make it look
+ like for HTTP/1 but it isn't actually sent since :authority is then
+ used. */
+ result = Curl_debug(data, CURLINFO_HEADER_OUT, data->state.aptr.host,
+ strlen(data->state.aptr.host));
+ if(result)
+ goto error;
+ }
- if(data->state.aptr.userpwd &&
- Curl_hyper_header(data, headers, data->state.aptr.userpwd))
- goto error;
+ if(data->state.aptr.proxyuserpwd) {
+ result = Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd);
+ if(result)
+ goto error;
+ }
- if((data->state.use_range && data->state.aptr.rangeline) &&
- Curl_hyper_header(data, headers, data->state.aptr.rangeline))
- goto error;
+ if(data->state.aptr.userpwd) {
+ result = Curl_hyper_header(data, headers, data->state.aptr.userpwd);
+ if(result)
+ goto error;
+ }
+
+ if((data->state.use_range && data->state.aptr.rangeline)) {
+ result = Curl_hyper_header(data, headers, data->state.aptr.rangeline);
+ if(result)
+ goto error;
+ }
if(data->set.str[STRING_USERAGENT] &&
*data->set.str[STRING_USERAGENT] &&
- data->state.aptr.uagent &&
- Curl_hyper_header(data, headers, data->state.aptr.uagent))
- goto error;
+ data->state.aptr.uagent) {
+ result = Curl_hyper_header(data, headers, data->state.aptr.uagent);
+ if(result)
+ goto error;
+ }
p_accept = Curl_checkheaders(data, "Accept")?NULL:"Accept: */*\r\n";
- if(p_accept && Curl_hyper_header(data, headers, p_accept))
- goto error;
-
- if(te && Curl_hyper_header(data, headers, te))
- goto error;
+ if(p_accept) {
+ result = Curl_hyper_header(data, headers, p_accept);
+ if(result)
+ goto error;
+ }
+ if(te) {
+ result = Curl_hyper_header(data, headers, te);
+ if(result)
+ goto error;
+ }
#ifndef CURL_DISABLE_PROXY
if(conn->bits.httpproxy && !conn->bits.tunnel_proxy &&
!Curl_checkheaders(data, "Proxy-Connection") &&
!Curl_checkProxyheaders(data, conn, "Proxy-Connection")) {
- if(Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"))
+ result = Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive");
+ if(result)
goto error;
}
#endif
@@ -981,8 +1048,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
if(data->state.referer && !Curl_checkheaders(data, "Referer")) {
data->state.aptr.ref = aprintf("Referer: %s\r\n", data->state.referer);
if(!data->state.aptr.ref)
- return CURLE_OUT_OF_MEMORY;
- if(Curl_hyper_header(data, headers, data->state.aptr.ref))
+ result = CURLE_OUT_OF_MEMORY;
+ else
+ result = Curl_hyper_header(data, headers, data->state.aptr.ref);
+ if(result)
goto error;
}
@@ -992,8 +1061,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
data->state.aptr.accept_encoding =
aprintf("Accept-Encoding: %s\r\n", data->set.str[STRING_ENCODING]);
if(!data->state.aptr.accept_encoding)
- return CURLE_OUT_OF_MEMORY;
- if(Curl_hyper_header(data, headers, data->state.aptr.accept_encoding))
+ result = CURLE_OUT_OF_MEMORY;
+ else
+ result = Curl_hyper_header(data, headers,
+ data->state.aptr.accept_encoding);
+ if(result)
goto error;
}
else
@@ -1003,38 +1075,43 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
/* we only consider transfer-encoding magic if libz support is built-in */
result = Curl_transferencode(data);
if(result)
- return result;
- if(Curl_hyper_header(data, headers, data->state.aptr.te))
+ goto error;
+ result = Curl_hyper_header(data, headers, data->state.aptr.te);
+ if(result)
goto error;
#endif
result = cookies(data, conn, headers);
if(result)
- return result;
+ goto error;
result = Curl_add_timecondition(data, headers);
if(result)
- return result;
+ goto error;
result = Curl_add_custom_headers(data, FALSE, headers);
if(result)
- return result;
+ goto error;
result = bodysend(data, conn, headers, req, httpreq);
if(result)
- return result;
+ goto error;
- Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2);
+ result = Curl_debug(data, CURLINFO_HEADER_OUT, (char *)"\r\n", 2);
+ if(result)
+ goto error;
data->req.upload_chunky = FALSE;
sendtask = hyper_clientconn_send(client, req);
if(!sendtask) {
failf(data, "hyper_clientconn_send");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
if(HYPERE_OK != hyper_executor_push(h->exec, sendtask)) {
failf(data, "Couldn't hyper_executor_push the send");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
@@ -1057,7 +1134,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
Curl_safefree(data->state.aptr.proxyuserpwd);
return CURLE_OK;
error:
-
+ DEBUGASSERT(result);
if(io)
hyper_io_free(io);
@@ -1067,7 +1144,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
if(handshake)
hyper_task_free(handshake);
- return CURLE_OUT_OF_MEMORY;
+ return result;
}
void Curl_hyper_done(struct Curl_easy *data)
diff --git a/contrib/libs/curl/lib/connect.c b/contrib/libs/curl/lib/connect.c
index d61b0374e3..af60947314 100644
--- a/contrib/libs/curl/lib/connect.c
+++ b/contrib/libs/curl/lib/connect.c
@@ -85,7 +85,7 @@
static bool verifyconnect(curl_socket_t sockfd, int *error);
-#if defined(__DragonFly__) || defined(HAVE_WINSOCK_H)
+#if defined(__DragonFly__) || defined(HAVE_WINSOCK2_H)
/* DragonFlyBSD and Windows use millisecond units */
#define KEEPALIVE_FACTOR(x) (x *= 1000)
#else
@@ -629,7 +629,7 @@ bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen,
#ifdef ENABLE_IPV6
struct sockaddr_in6 *si6 = NULL;
#endif
-#if defined(HAVE_SYS_UN_H) && defined(AF_UNIX)
+#if (defined(HAVE_SYS_UN_H) || defined(WIN32_SOCKADDR_UN)) && defined(AF_UNIX)
struct sockaddr_un *su = NULL;
#else
(void)salen;
@@ -656,7 +656,7 @@ bool Curl_addr2string(struct sockaddr *sa, curl_socklen_t salen,
}
break;
#endif
-#if defined(HAVE_SYS_UN_H) && defined(AF_UNIX)
+#if (defined(HAVE_SYS_UN_H) || defined(WIN32_SOCKADDR_UN)) && defined(AF_UNIX)
case AF_UNIX:
if(salen > (curl_socklen_t)sizeof(CURL_SA_FAMILY_T)) {
su = (struct sockaddr_un*)sa;
@@ -744,17 +744,15 @@ void Curl_conninfo_local(struct Curl_easy *data, curl_socket_t sockfd,
void Curl_updateconninfo(struct Curl_easy *data, struct connectdata *conn,
curl_socket_t sockfd)
{
- /* 'local_ip' and 'local_port' get filled with local's numerical
- ip address and port number whenever an outgoing connection is
- **established** from the primary socket to a remote address. */
+ /* 'local_ip' and 'local_port' get filled with local's numerical ip address
+ and port number whenever an outgoing connection is **established** from
+ the primary socket to a remote address. */
char local_ip[MAX_IPADR_LEN] = "";
int local_port = -1;
- if(conn->transport == TRNSPRT_TCP) {
- if(!conn->bits.reuse && !conn->bits.tcp_fastopen)
- Curl_conninfo_remote(data, conn, sockfd);
- Curl_conninfo_local(data, sockfd, local_ip, &local_port);
- } /* end of TCP-only section */
+ if(!conn->bits.reuse && !conn->bits.tcp_fastopen)
+ Curl_conninfo_remote(data, conn, sockfd);
+ Curl_conninfo_local(data, sockfd, local_ip, &local_port);
/* persist connection info in session handle */
Curl_persistconninfo(data, conn, local_ip, local_port);
diff --git a/contrib/libs/curl/lib/content_encoding.c b/contrib/libs/curl/lib/content_encoding.c
index dad0a6dc73..0b8bae926b 100644
--- a/contrib/libs/curl/lib/content_encoding.c
+++ b/contrib/libs/curl/lib/content_encoding.c
@@ -240,7 +240,8 @@ static CURLcode inflate_stream(struct Curl_easy *data,
}
zp->zlib_init = ZLIB_UNINIT; /* inflateEnd() already called. */
}
- /* FALLTHROUGH */
+ result = exit_zlib(data, z, &zp->zlib_init, process_zlib_error(data, z));
+ break;
default:
result = exit_zlib(data, z, &zp->zlib_init, process_zlib_error(data, z));
break;
diff --git a/contrib/libs/curl/lib/curl_config-linux.h b/contrib/libs/curl/lib/curl_config-linux.h
index 244d372f8d..984a078525 100644
--- a/contrib/libs/curl/lib/curl_config-linux.h
+++ b/contrib/libs/curl/lib/curl_config-linux.h
@@ -763,9 +763,6 @@
/* Define to 1 if you have the winsock2.h header file. */
/* #undef HAVE_WINSOCK2_H */
-/* Define to 1 if you have the winsock.h header file. */
-/* #undef HAVE_WINSOCK_H */
-
/* Define to 1 if you have the <wolfssh/ssh.h> header file. */
/* #undef HAVE_WOLFSSH_SSH_H */
diff --git a/contrib/libs/curl/lib/curl_des.c b/contrib/libs/curl/lib/curl_des.c
index 8c5af19cd2..76185cbf21 100644
--- a/contrib/libs/curl/lib/curl_des.c
+++ b/contrib/libs/curl/lib/curl_des.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2015 - 2020, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2015 - 2021, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,7 +22,7 @@
#include "curl_setup.h"
-#if defined(USE_NTLM) && !defined(USE_OPENSSL)
+#if defined(USE_NTLM) && !defined(USE_OPENSSL) && !defined(USE_WOLFSSL)
#include "curl_des.h"
diff --git a/contrib/libs/curl/lib/curl_gssapi.c b/contrib/libs/curl/lib/curl_gssapi.c
index e80a07609f..70a607f3ab 100644
--- a/contrib/libs/curl/lib/curl_gssapi.c
+++ b/contrib/libs/curl/lib/curl_gssapi.c
@@ -32,10 +32,12 @@
#include "curl_memory.h"
#include "memdebug.h"
-static char spnego_oid_bytes[] = "\x2b\x06\x01\x05\x05\x02";
-gss_OID_desc Curl_spnego_mech_oid = { 6, &spnego_oid_bytes };
-static char krb5_oid_bytes[] = "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02";
-gss_OID_desc Curl_krb5_mech_oid = { 9, &krb5_oid_bytes };
+gss_OID_desc Curl_spnego_mech_oid = {
+ 6, (char *)"\x2b\x06\x01\x05\x05\x02"
+};
+gss_OID_desc Curl_krb5_mech_oid = {
+ 9, (char *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
+};
OM_uint32 Curl_gss_init_sec_context(
struct Curl_easy *data,
diff --git a/contrib/libs/curl/lib/curl_ntlm_core.c b/contrib/libs/curl/lib/curl_ntlm_core.c
index 1c3013c83f..daefaae7c0 100644
--- a/contrib/libs/curl/lib/curl_ntlm_core.c
+++ b/contrib/libs/curl/lib/curl_ntlm_core.c
@@ -49,7 +49,14 @@
in NTLM type-3 messages.
*/
-#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+#if defined(USE_OPENSSL)
+ #include <openssl/opensslconf.h>
+ #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ #define USE_OPENSSL_DES
+ #endif
+#endif
+
+#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL)
#ifdef USE_WOLFSSL
#error #include <wolfssl/options.h>
@@ -97,7 +104,7 @@
#elif defined(USE_WIN32_CRYPTO)
# include <wincrypt.h>
#else
-# error "Can't compile NTLM support without a crypto library."
+# error "Can't compile NTLM support without a crypto library with DES."
#endif
#include "urldata.h"
@@ -133,7 +140,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key)
key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
}
-#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL)
/*
* Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The
* key schedule ks is also set.
@@ -150,7 +157,7 @@ static void setup_des_key(const unsigned char *key_56,
DES_set_odd_parity(&key);
/* Set the key */
- DES_set_key(&key, ks);
+ DES_set_key_unchecked(&key, ks);
}
#elif defined(USE_GNUTLS)
@@ -362,7 +369,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
const unsigned char *plaintext,
unsigned char *results)
{
-#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL)
DES_key_schedule ks;
setup_des_key(keys, DESKEY(ks));
@@ -420,7 +427,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data,
{
/* Create LanManager hashed password. */
-#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+#if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL)
DES_key_schedule ks;
setup_des_key(pw, DESKEY(ks));
diff --git a/contrib/libs/curl/lib/curl_sasl.c b/contrib/libs/curl/lib/curl_sasl.c
index 4a2488720e..8d39e4f81b 100644
--- a/contrib/libs/curl/lib/curl_sasl.c
+++ b/contrib/libs/curl/lib/curl_sasl.c
@@ -56,8 +56,8 @@
/* Supported mechanisms */
static const struct {
- const char *name; /* Name */
- size_t len; /* Name length */
+ const char *name; /* Name */
+ size_t len; /* Name length */
unsigned short bit; /* Flag bit */
} mechtable[] = {
{ "LOGIN", 5, SASL_MECH_LOGIN },
@@ -85,8 +85,11 @@ static const struct {
* conn [in] - The connection data.
* authused [in] - The authentication mechanism used.
*/
-void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
+void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused)
{
+ (void)conn;
+ (void)authused;
+
#if defined(USE_KERBEROS5)
/* Cleanup the gssapi structure */
if(authused == SASL_MECH_GSSAPI) {
@@ -107,12 +110,6 @@ void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
Curl_auth_cleanup_ntlm(&conn->ntlm);
}
#endif
-
-#if !defined(USE_KERBEROS5) && !defined(USE_NTLM)
- /* Reserved for future use */
- (void)conn;
- (void)authused;
-#endif
}
/*
@@ -189,16 +186,35 @@ CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
*
* Initializes the SASL structure.
*/
-void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params)
+void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data,
+ const struct SASLproto *params)
{
+ unsigned long auth = data->set.httpauth;
+
sasl->params = params; /* Set protocol dependent parameters */
sasl->state = SASL_STOP; /* Not yet running */
+ sasl->curmech = NULL; /* No mechanism yet. */
sasl->authmechs = SASL_AUTH_NONE; /* No known authentication mechanism yet */
- sasl->prefmech = SASL_AUTH_DEFAULT; /* Prefer all mechanisms */
- sasl->authused = SASL_AUTH_NONE; /* No the authentication mechanism used */
+ sasl->prefmech = params->defmechs; /* Default preferred mechanisms */
+ sasl->authused = SASL_AUTH_NONE; /* The authentication mechanism used */
sasl->resetprefs = TRUE; /* Reset prefmech upon AUTH parsing. */
sasl->mutual_auth = FALSE; /* No mutual authentication (GSSAPI only) */
sasl->force_ir = FALSE; /* Respect external option */
+
+ if(auth != CURLAUTH_BASIC) {
+ sasl->resetprefs = FALSE;
+ sasl->prefmech = SASL_AUTH_NONE;
+ if(auth & CURLAUTH_BASIC)
+ sasl->prefmech |= SASL_MECH_PLAIN | SASL_MECH_LOGIN;
+ if(auth & CURLAUTH_DIGEST)
+ sasl->prefmech |= SASL_MECH_DIGEST_MD5;
+ if(auth & CURLAUTH_NTLM)
+ sasl->prefmech |= SASL_MECH_NTLM;
+ if(auth & CURLAUTH_BEARER)
+ sasl->prefmech |= SASL_MECH_OAUTHBEARER | SASL_MECH_XOAUTH2;
+ if(auth & CURLAUTH_GSSAPI)
+ sasl->prefmech |= SASL_MECH_GSSAPI;
+ }
}
/*
@@ -247,40 +263,45 @@ static void state(struct SASL *sasl, struct Curl_easy *data,
static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data,
struct bufref *out)
{
- unsigned char *msg;
- size_t msglen;
- char *serverdata = NULL;
CURLcode result = CURLE_OK;
- sasl->params->getmessage(data->state.buffer, &serverdata);
- if(!serverdata)
- result = CURLE_BAD_CONTENT_ENCODING;
- else if(!*serverdata || *serverdata == '=')
- Curl_bufref_set(out, NULL, 0, NULL);
- else {
- result = Curl_base64_decode(serverdata, &msg, &msglen);
- if(!result)
- Curl_bufref_set(out, msg, msglen, curl_free);
+ result = sasl->params->getmessage(data, out);
+ if(!result && (sasl->params->flags & SASL_FLAG_BASE64)) {
+ unsigned char *msg;
+ size_t msglen;
+ const char *serverdata = (const char *) Curl_bufref_ptr(out);
+
+ if(!*serverdata || *serverdata == '=')
+ Curl_bufref_set(out, NULL, 0, NULL);
+ else {
+ result = Curl_base64_decode(serverdata, &msg, &msglen);
+ if(!result)
+ Curl_bufref_set(out, msg, msglen, curl_free);
+ }
}
return result;
}
/* Encode the outgoing SASL message. */
-static CURLcode build_message(struct Curl_easy *data, struct bufref *msg)
+static CURLcode build_message(struct SASL *sasl, struct Curl_easy *data,
+ struct bufref *msg)
{
CURLcode result = CURLE_OK;
- char *base64;
- size_t base64len;
- if(!Curl_bufref_ptr(msg)) /* Empty mesage. */
- Curl_bufref_set(msg, "", 0, NULL);
- else if(!Curl_bufref_len(msg)) /* Explicit empty response. */
- Curl_bufref_set(msg, "=", 1, NULL);
- else {
- result = Curl_base64_encode(data, (const char *) Curl_bufref_ptr(msg),
- Curl_bufref_len(msg), &base64, &base64len);
- if(!result)
- Curl_bufref_set(msg, base64, base64len, curl_free);
+ if(sasl->params->flags & SASL_FLAG_BASE64) {
+ if(!Curl_bufref_ptr(msg)) /* Empty message. */
+ Curl_bufref_set(msg, "", 0, NULL);
+ else if(!Curl_bufref_len(msg)) /* Explicit empty response. */
+ Curl_bufref_set(msg, "=", 1, NULL);
+ else {
+ char *base64;
+ size_t base64len;
+
+ result = Curl_base64_encode(data, (const char *) Curl_bufref_ptr(msg),
+ Curl_bufref_len(msg), &base64, &base64len);
+ if(!result)
+ Curl_bufref_set(msg, base64, base64len, curl_free);
+ }
}
return result;
@@ -310,11 +331,11 @@ bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn)
* Calculate the required login details for SASL authentication.
*/
CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
- struct connectdata *conn,
bool force_ir, saslprogress *progress)
{
CURLcode result = CURLE_OK;
- unsigned int enabledmechs;
+ struct connectdata *conn = data->conn;
+ unsigned short enabledmechs;
const char *mech = NULL;
struct bufref resp;
saslstate state1 = SASL_STOP;
@@ -471,16 +492,16 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
}
if(!result && mech) {
+ sasl->curmech = mech;
if(Curl_bufref_ptr(&resp))
- result = build_message(data, &resp);
+ result = build_message(sasl, data, &resp);
if(sasl->params->maxirlen &&
strlen(mech) + Curl_bufref_len(&resp) > sasl->params->maxirlen)
Curl_bufref_free(&resp);
if(!result)
- result = sasl->params->sendauth(data, conn, mech,
- (const char *) Curl_bufref_ptr(&resp));
+ result = sasl->params->sendauth(data, mech, &resp);
if(!result) {
*progress = SASL_INPROGRESS;
@@ -498,10 +519,10 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
* Continue the authentication.
*/
CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
- struct connectdata *conn,
int code, saslprogress *progress)
{
CURLcode result = CURLE_OK;
+ struct connectdata *conn = data->conn;
saslstate newstate = SASL_FINAL;
struct bufref resp;
const char * const hostname = SSL_HOST_NAME();
@@ -574,7 +595,8 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
result = Curl_auth_create_digest_md5_message(data, &serverdata,
conn->user, conn->passwd,
service, &resp);
- newstate = SASL_DIGESTMD5_RESP;
+ if(!result && (sasl->params->flags & SASL_FLAG_BASE64))
+ newstate = SASL_DIGESTMD5_RESP;
break;
case SASL_DIGESTMD5_RESP:
/* Keep response NULL to output an empty line. */
@@ -691,7 +713,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
sasl->authmechs ^= sasl->authused;
/* Start an alternative SASL authentication */
- return Curl_sasl_start(sasl, data, conn, sasl->force_ir, progress);
+ return Curl_sasl_start(sasl, data, sasl->force_ir, progress);
default:
failf(data, "Unsupported SASL authentication mechanism");
result = CURLE_UNSUPPORTED_PROTOCOL; /* Should not happen */
@@ -703,14 +725,13 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
switch(result) {
case CURLE_BAD_CONTENT_ENCODING:
/* Cancel dialog */
- result = sasl->params->sendcont(data, conn, "*");
+ result = sasl->params->cancelauth(data, sasl->curmech);
newstate = SASL_CANCEL;
break;
case CURLE_OK:
- result = build_message(data, &resp);
+ result = build_message(sasl, data, &resp);
if(!result)
- result = sasl->params->sendcont(data, conn,
- (const char *) Curl_bufref_ptr(&resp));
+ result = sasl->params->contauth(data, sasl->curmech, &resp);
break;
default:
newstate = SASL_STOP; /* Stop on error */
diff --git a/contrib/libs/curl/lib/curl_sasl.h b/contrib/libs/curl/lib/curl_sasl.h
index e17d323eba..91458c74a0 100644
--- a/contrib/libs/curl/lib/curl_sasl.h
+++ b/contrib/libs/curl/lib/curl_sasl.h
@@ -24,6 +24,8 @@
#include <curl/curl.h>
+#include "bufref.h"
+
struct Curl_easy;
struct connectdata;
@@ -46,17 +48,20 @@ struct connectdata;
#define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
/* Authentication mechanism strings */
-#define SASL_MECH_STRING_LOGIN "LOGIN"
-#define SASL_MECH_STRING_PLAIN "PLAIN"
-#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
-#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
-#define SASL_MECH_STRING_GSSAPI "GSSAPI"
-#define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
-#define SASL_MECH_STRING_NTLM "NTLM"
-#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
-#define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER"
-#define SASL_MECH_STRING_SCRAM_SHA_1 "SCRAM-SHA-1"
-#define SASL_MECH_STRING_SCRAM_SHA_256 "SCRAM-SHA-256"
+#define SASL_MECH_STRING_LOGIN "LOGIN"
+#define SASL_MECH_STRING_PLAIN "PLAIN"
+#define SASL_MECH_STRING_CRAM_MD5 "CRAM-MD5"
+#define SASL_MECH_STRING_DIGEST_MD5 "DIGEST-MD5"
+#define SASL_MECH_STRING_GSSAPI "GSSAPI"
+#define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
+#define SASL_MECH_STRING_NTLM "NTLM"
+#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
+#define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER"
+#define SASL_MECH_STRING_SCRAM_SHA_1 "SCRAM-SHA-1"
+#define SASL_MECH_STRING_SCRAM_SHA_256 "SCRAM-SHA-256"
+
+/* SASL flags */
+#define SASL_FLAG_BASE64 0x0001 /* Messages are base64-encoded */
/* SASL machine states */
typedef enum {
@@ -90,30 +95,37 @@ typedef enum {
/* Protocol dependent SASL parameters */
struct SASLproto {
const char *service; /* The service name */
- int contcode; /* Code to receive when continuation is expected */
- int finalcode; /* Code to receive upon authentication success */
- size_t maxirlen; /* Maximum initial response length */
- CURLcode (*sendauth)(struct Curl_easy *data,
- struct connectdata *conn,
- const char *mech, const char *ir);
+ CURLcode (*sendauth)(struct Curl_easy *data, const char *mech,
+ const struct bufref *ir);
/* Send authentication command */
- CURLcode (*sendcont)(struct Curl_easy *data,
- struct connectdata *conn, const char *contauth);
+ CURLcode (*contauth)(struct Curl_easy *data, const char *mech,
+ const struct bufref *contauth);
/* Send authentication continuation */
- void (*getmessage)(char *buffer, char **outptr);
+ CURLcode (*cancelauth)(struct Curl_easy *data, const char *mech);
+ /* Cancel authentication. */
+ CURLcode (*getmessage)(struct Curl_easy *data, struct bufref *out);
/* Get SASL response message */
+ size_t maxirlen; /* Maximum initial response + mechanism length,
+ or zero if no max. This is normally the max
+ command length - other characters count.
+ This has to be zero for non-base64 protocols. */
+ int contcode; /* Code to receive when continuation is expected */
+ int finalcode; /* Code to receive upon authentication success */
+ unsigned short defmechs; /* Mechanisms enabled by default */
+ unsigned short flags; /* Configuration flags. */
};
/* Per-connection parameters */
struct SASL {
const struct SASLproto *params; /* Protocol dependent parameters */
- saslstate state; /* Current machine state */
+ saslstate state; /* Current machine state */
+ const char *curmech; /* Current mechanism id. */
unsigned short authmechs; /* Accepted authentication mechanisms */
unsigned short prefmech; /* Preferred authentication mechanism */
unsigned short authused; /* Auth mechanism used for the connection */
- bool resetprefs; /* For URL auth option parsing. */
- bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */
- bool force_ir; /* Protocol always supports initial response */
+ bool resetprefs; /* For URL auth option parsing. */
+ bool mutual_auth; /* Mutual authentication enabled (GSSAPI only) */
+ bool force_ir; /* Protocol always supports initial response */
};
/* This is used to test whether the line starts with the given mechanism */
@@ -123,7 +135,7 @@ struct SASL {
/* This is used to cleanup any libraries or curl modules used by the sasl
functions */
-void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
+void Curl_sasl_cleanup(struct connectdata *conn, unsigned short authused);
/* Convert a mechanism name to a token */
unsigned short Curl_sasl_decode_mech(const char *ptr,
@@ -134,19 +146,18 @@ CURLcode Curl_sasl_parse_url_auth_option(struct SASL *sasl,
const char *value, size_t len);
/* Initializes an SASL structure */
-void Curl_sasl_init(struct SASL *sasl, const struct SASLproto *params);
+void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data,
+ const struct SASLproto *params);
/* Check if we have enough auth data and capabilities to authenticate */
bool Curl_sasl_can_authenticate(struct SASL *sasl, struct connectdata *conn);
/* Calculate the required login details for SASL authentication */
CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
- struct connectdata *conn,
bool force_ir, saslprogress *progress);
/* Continue an SASL authentication */
CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
- struct connectdata *conn,
int code, saslprogress *progress);
#endif /* HEADER_CURL_SASL_H */
diff --git a/contrib/libs/curl/lib/curl_setup.h b/contrib/libs/curl/lib/curl_setup.h
index 27d68ba8c7..6b61f93d94 100644
--- a/contrib/libs/curl/lib/curl_setup.h
+++ b/contrib/libs/curl/lib/curl_setup.h
@@ -717,7 +717,6 @@ int netware_init(void);
#if defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)
# if defined(SOCKET) || \
defined(USE_WINSOCK) || \
- defined(HAVE_WINSOCK_H) || \
defined(HAVE_WINSOCK2_H) || \
defined(HAVE_WS2TCPIP_H)
# error "WinSock and lwIP TCP/IP stack definitions shall not coexist!"
@@ -839,6 +838,7 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf,
ADDRESS_FAMILY sun_family;
char sun_path[UNIX_PATH_MAX];
} SOCKADDR_UN, *PSOCKADDR_UN;
+# define WIN32_SOCKADDR_UN
# endif
#endif
diff --git a/contrib/libs/curl/lib/curl_sha256.h b/contrib/libs/curl/lib/curl_sha256.h
index b4579d7692..3cafe8ee7b 100644
--- a/contrib/libs/curl/lib/curl_sha256.h
+++ b/contrib/libs/curl/lib/curl_sha256.h
@@ -8,7 +8,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com>
- * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -28,7 +28,14 @@
extern const struct HMAC_params Curl_HMAC_SHA256[1];
+#ifdef USE_WOLFSSL
+/* SHA256_DIGEST_LENGTH is an enum value in wolfSSL. Need to import it from
+ * sha.h*/
+#error #include <wolfssl/options.h>
+#include <openssl/sha.h>
+#else
#define SHA256_DIGEST_LENGTH 32
+#endif
void Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
const size_t len);
diff --git a/contrib/libs/curl/lib/doh.c b/contrib/libs/curl/lib/doh.c
index de0c902b86..d6a2167701 100644
--- a/contrib/libs/curl/lib/doh.c
+++ b/contrib/libs/curl/lib/doh.c
@@ -235,25 +235,6 @@ static CURLcode dohprobe(struct Curl_easy *data,
p->dnstype = dnstype;
Curl_dyn_init(&p->serverdoh, DYN_DOH_RESPONSE);
- /* Note: this is code for sending the DoH request with GET but there's still
- no logic that actually enables this. We should either add that ability or
- yank out the GET code. Discuss! */
- if(data->set.doh_get) {
- char *b64;
- size_t b64len;
- result = Curl_base64url_encode(data, (char *)p->dohbuffer, p->dohlen,
- &b64, &b64len);
- if(result)
- goto error;
- nurl = aprintf("%s?dns=%s", url, b64);
- free(b64);
- if(!nurl) {
- result = CURLE_OUT_OF_MEMORY;
- goto error;
- }
- url = nurl;
- }
-
timeout_ms = Curl_timeleft(data, NULL, TRUE);
if(timeout_ms <= 0) {
result = CURLE_OPERATION_TIMEDOUT;
@@ -268,10 +249,8 @@ static CURLcode dohprobe(struct Curl_easy *data,
ERROR_CHECK_SETOPT(CURLOPT_URL, url);
ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb);
ERROR_CHECK_SETOPT(CURLOPT_WRITEDATA, resp);
- if(!data->set.doh_get) {
- ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer);
- ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen);
- }
+ ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDS, p->dohbuffer);
+ ERROR_CHECK_SETOPT(CURLOPT_POSTFIELDSIZE, (long)p->dohlen);
ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers);
#ifdef USE_NGHTTP2
ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS);
diff --git a/contrib/libs/curl/lib/easyoptions.c b/contrib/libs/curl/lib/easyoptions.c
index 4e65e3525b..b6131d4321 100644
--- a/contrib/libs/curl/lib/easyoptions.c
+++ b/contrib/libs/curl/lib/easyoptions.c
@@ -165,6 +165,7 @@ struct curl_easyoption Curl_easyopts[] = {
{"MAXCONNECTS", CURLOPT_MAXCONNECTS, CURLOT_LONG, 0},
{"MAXFILESIZE", CURLOPT_MAXFILESIZE, CURLOT_LONG, 0},
{"MAXFILESIZE_LARGE", CURLOPT_MAXFILESIZE_LARGE, CURLOT_OFF_T, 0},
+ {"MAXLIFETIME_CONN", CURLOPT_MAXLIFETIME_CONN, CURLOT_LONG, 0},
{"MAXREDIRS", CURLOPT_MAXREDIRS, CURLOT_LONG, 0},
{"MAX_RECV_SPEED_LARGE", CURLOPT_MAX_RECV_SPEED_LARGE, CURLOT_OFF_T, 0},
{"MAX_SEND_SPEED_LARGE", CURLOPT_MAX_SEND_SPEED_LARGE, CURLOT_OFF_T, 0},
@@ -192,6 +193,8 @@ struct curl_easyoption Curl_easyopts[] = {
{"POSTQUOTE", CURLOPT_POSTQUOTE, CURLOT_SLIST, 0},
{"POSTREDIR", CURLOPT_POSTREDIR, CURLOT_VALUES, 0},
{"PREQUOTE", CURLOPT_PREQUOTE, CURLOT_SLIST, 0},
+ {"PREREQDATA", CURLOPT_PREREQDATA, CURLOT_CBPTR, 0},
+ {"PREREQFUNCTION", CURLOPT_PREREQFUNCTION, CURLOT_FUNCTION, 0},
{"PRE_PROXY", CURLOPT_PRE_PROXY, CURLOT_STRING, 0},
{"PRIVATE", CURLOPT_PRIVATE, CURLOT_OBJECT, 0},
{"PROGRESSDATA", CURLOPT_XFERINFODATA, CURLOT_CBPTR, CURLOT_FLAG_ALIAS},
@@ -271,6 +274,8 @@ struct curl_easyoption Curl_easyopts[] = {
{"SSH_COMPRESSION", CURLOPT_SSH_COMPRESSION, CURLOT_LONG, 0},
{"SSH_HOST_PUBLIC_KEY_MD5", CURLOPT_SSH_HOST_PUBLIC_KEY_MD5,
CURLOT_STRING, 0},
+ {"SSH_HOST_PUBLIC_KEY_SHA256", CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256,
+ CURLOT_STRING, 0},
{"SSH_KEYDATA", CURLOPT_SSH_KEYDATA, CURLOT_CBPTR, 0},
{"SSH_KEYFUNCTION", CURLOPT_SSH_KEYFUNCTION, CURLOT_FUNCTION, 0},
{"SSH_KNOWNHOSTS", CURLOPT_SSH_KNOWNHOSTS, CURLOT_STRING, 0},
@@ -354,6 +359,6 @@ struct curl_easyoption Curl_easyopts[] = {
*/
int Curl_easyopts_check(void)
{
- return ((CURLOPT_LASTENTRY%10000) != (310 + 1));
+ return ((CURLOPT_LASTENTRY%10000) != (314 + 1));
}
#endif
diff --git a/contrib/libs/curl/lib/ftp.c b/contrib/libs/curl/lib/ftp.c
index 0b9c9b7322..a8d209e3fb 100644
--- a/contrib/libs/curl/lib/ftp.c
+++ b/contrib/libs/curl/lib/ftp.c
@@ -876,11 +876,6 @@ static CURLcode ftp_state_cwd(struct Curl_easy *data,
ftpc->count2 = 0; /* count2 counts failed CWDs */
- /* count3 is set to allow a MKD to fail once. In the case when first CWD
- fails and then MKD fails (due to another session raced it to create the
- dir) this then allows for a second try to CWD to it */
- ftpc->count3 = (data->set.ftp_create_missing_dirs == 2)?1:0;
-
if(conn->bits.reuse && ftpc->entrypath &&
/* no need to go to entrypath when we have an absolute path */
!(ftpc->dirdepth && ftpc->dirs[0][0] == '/')) {
@@ -3002,6 +2997,12 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
ftpc->cwdcount && !ftpc->count2) {
/* try making it */
ftpc->count2++; /* counter to prevent CWD-MKD loops */
+
+ /* count3 is set to allow MKD to fail once per dir. In the case when
+ CWD fails and then MKD fails (due to another session raced it to
+ create the dir) this then allows for a second try to CWD to it. */
+ ftpc->count3 = (data->set.ftp_create_missing_dirs == 2) ? 1 : 0;
+
result = Curl_pp_sendf(data, &ftpc->pp, "MKD %s",
ftpc->dirs[ftpc->cwdcount - 1]);
if(!result)
diff --git a/contrib/libs/curl/lib/hostip.c b/contrib/libs/curl/lib/hostip.c
index 633c48e800..62537f8237 100644
--- a/contrib/libs/curl/lib/hostip.c
+++ b/contrib/libs/curl/lib/hostip.c
@@ -507,9 +507,6 @@ static struct Curl_addrinfo *get_localhost(int port)
struct sockaddr_in sa;
unsigned int ipv4;
unsigned short port16 = (unsigned short)(port & 0xffff);
- ca = calloc(sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1, 1);
- if(!ca)
- return NULL;
/* memset to clear the sa.sin_zero field */
memset(&sa, 0, sizeof(sa));
@@ -519,6 +516,9 @@ static struct Curl_addrinfo *get_localhost(int port)
return NULL;
memcpy(&sa.sin_addr, &ipv4, sizeof(ipv4));
+ ca = calloc(sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1, 1);
+ if(!ca)
+ return NULL;
ca->ai_flags = 0;
ca->ai_family = AF_INET;
ca->ai_socktype = SOCK_STREAM;
diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c
index 777bc3401a..838c5bf401 100644
--- a/contrib/libs/curl/lib/http.c
+++ b/contrib/libs/curl/lib/http.c
@@ -323,7 +323,7 @@ static CURLcode http_output_basic(struct Curl_easy *data, bool proxy)
pwd = data->state.aptr.passwd;
}
- out = aprintf("%s:%s", user, pwd ? pwd : "");
+ out = aprintf("%s:%s", user ? user : "", pwd ? pwd : "");
if(!out)
return CURLE_OUT_OF_MEMORY;
@@ -2902,20 +2902,6 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data,
bool *done)
{
struct SingleRequest *k = &data->req;
- DEBUGASSERT(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP));
- if(data->req.ignore_cl) {
- k->size = k->maxdownload = -1;
- }
- else if(k->size != -1) {
- /* We wait until after all headers have been received to set this so that
- we know for sure Content-Length is valid. */
- if(data->set.max_filesize &&
- k->size > data->set.max_filesize) {
- failf(data, "Maximum file size exceeded");
- return CURLE_FILESIZE_EXCEEDED;
- }
- Curl_pgrsSetDownloadSize(data, k->size);
- }
if(data->req.newurl) {
if(conn->bits.close) {
@@ -3787,6 +3773,29 @@ CURLcode Curl_http_statusline(struct Curl_easy *data,
return CURLE_OK;
}
+/* Content-Length must be ignored if any Transfer-Encoding is present in the
+ response. Refer to RFC 7230 section 3.3.3 and RFC2616 section 4.4. This is
+ figured out here after all headers have been received but before the final
+ call to the user's header callback, so that a valid content length can be
+ retrieved by the user in the final call. */
+CURLcode Curl_http_size(struct Curl_easy *data)
+{
+ struct SingleRequest *k = &data->req;
+ if(data->req.ignore_cl || k->chunk) {
+ k->size = k->maxdownload = -1;
+ }
+ else if(k->size != -1) {
+ if(data->set.max_filesize &&
+ k->size > data->set.max_filesize) {
+ failf(data, "Maximum file size exceeded");
+ return CURLE_FILESIZE_EXCEEDED;
+ }
+ Curl_pgrsSetDownloadSize(data, k->size);
+ k->maxdownload = k->size;
+ }
+ return CURLE_OK;
+}
+
/*
* Read any HTTP header lines from the server and pass them to the client app.
*/
@@ -3981,6 +3990,12 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
}
}
+ if(!k->header) {
+ result = Curl_http_size(data);
+ if(result)
+ return result;
+ }
+
/* At this point we have some idea about the fate of the connection.
If we are closing the connection it may result auth failure. */
#if defined(USE_NTLM)
@@ -4137,31 +4152,6 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
reason */
*stop_reading = TRUE;
#endif
- else {
- /* If we know the expected size of this document, we set the
- maximum download size to the size of the expected
- document or else, we won't know when to stop reading!
-
- Note that we set the download maximum even if we read a
- "Connection: close" header, to make sure that
- "Content-Length: 0" still prevents us from attempting to
- read the (missing) response-body.
- */
- /* According to RFC2616 section 4.4, we MUST ignore
- Content-Length: headers if we are now receiving data
- using chunked Transfer-Encoding.
- */
- if(k->chunk)
- k->maxdownload = k->size = -1;
- }
- if(-1 != k->size) {
- /* We do this operation even if no_body is true, since this
- data might be retrieved later with curl_easy_getinfo()
- and its CURLINFO_CONTENT_LENGTH_DOWNLOAD option. */
-
- Curl_pgrsSetDownloadSize(data, k->size);
- k->maxdownload = k->size;
- }
/* If max download size is *zero* (nothing) we already have
nothing and can safely return ok now! But for HTTP/2, we'd
@@ -4250,8 +4240,12 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
/* There can only be a 4th response code digit stored in 'digit4' if
all the other fields were parsed and stored first, so nc is 5 when
- digit4 a digit */
- else if(ISDIGIT(digit4)) {
+ digit4 a digit.
+
+ The sscanf() line above will also allow zero-prefixed and negative
+ numbers, so we check for that too here.
+ */
+ else if(ISDIGIT(digit4) || (k->httpcode < 100)) {
failf(data, "Unsupported response code in HTTP response");
return CURLE_UNSUPPORTED_PROTOCOL;
}
diff --git a/contrib/libs/curl/lib/http.h b/contrib/libs/curl/lib/http.h
index e4ab466c00..cb5b56faf3 100644
--- a/contrib/libs/curl/lib/http.h
+++ b/contrib/libs/curl/lib/http.h
@@ -289,6 +289,8 @@ struct http_conn {
#endif
};
+CURLcode Curl_http_size(struct Curl_easy *data);
+
CURLcode Curl_http_readwrite_headers(struct Curl_easy *data,
struct connectdata *conn,
ssize_t *nread,
diff --git a/contrib/libs/curl/lib/http2.c b/contrib/libs/curl/lib/http2.c
index 6d63f43636..992fbbb26d 100644
--- a/contrib/libs/curl/lib/http2.c
+++ b/contrib/libs/curl/lib/http2.c
@@ -100,6 +100,7 @@ static int http2_getsock(struct Curl_easy *data,
const struct http_conn *c = &conn->proto.httpc;
struct SingleRequest *k = &data->req;
int bitmap = GETSOCK_BLANK;
+ struct HTTP *stream = data->req.p.http;
sock[0] = conn->sock[FIRSTSOCKET];
@@ -108,9 +109,13 @@ static int http2_getsock(struct Curl_easy *data,
frame so we should always be ready for one */
bitmap |= GETSOCK_READSOCK(FIRSTSOCKET);
- /* we're still uploading or the HTTP/2 layer wants to send data */
- if(((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) ||
- nghttp2_session_want_write(c->h2))
+ /* we're (still uploading OR the HTTP/2 layer wants to send data) AND
+ there's a window to send data in */
+ if((((k->keepon & (KEEP_SEND|KEEP_SEND_PAUSE)) == KEEP_SEND) ||
+ nghttp2_session_want_write(c->h2)) &&
+ (nghttp2_session_get_remote_window_size(c->h2) &&
+ nghttp2_session_get_stream_remote_window_size(c->h2,
+ stream->stream_id)))
bitmap |= GETSOCK_WRITESOCK(FIRSTSOCKET);
return bitmap;
@@ -1953,8 +1958,19 @@ static ssize_t http2_send(struct Curl_easy *data, int sockindex,
nghttp2_session_resume_data(h2, stream->stream_id);
}
- H2BUGF(infof(data, "http2_send returns %zu for stream %u", len,
- stream->stream_id));
+#ifdef DEBUG_HTTP2
+ if(!len) {
+ infof(data, "http2_send: easy %p (stream %u) win %u/%u",
+ data, stream->stream_id,
+ nghttp2_session_get_remote_window_size(httpc->h2),
+ nghttp2_session_get_stream_remote_window_size(httpc->h2,
+ stream->stream_id)
+ );
+
+ }
+ infof(data, "http2_send returns %zu for stream %u", len,
+ stream->stream_id);
+#endif
return len;
}
diff --git a/contrib/libs/curl/lib/http_aws_sigv4.c b/contrib/libs/curl/lib/http_aws_sigv4.c
index 02663abd63..cbbecb7129 100644
--- a/contrib/libs/curl/lib/http_aws_sigv4.c
+++ b/contrib/libs/curl/lib/http_aws_sigv4.c
@@ -92,6 +92,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
char *signed_headers = NULL;
Curl_HttpReq httpreq;
const char *method;
+ size_t post_data_len;
const char *post_data = data->set.postfields ? data->set.postfields : "";
unsigned char sha_hash[32];
char sha_hex[65];
@@ -281,8 +282,12 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
goto fail;
}
+ if(data->set.postfieldsize < 0)
+ post_data_len = strlen(post_data);
+ else
+ post_data_len = (size_t)data->set.postfieldsize;
Curl_sha256it(sha_hash,
- (const unsigned char *) post_data, strlen(post_data));
+ (const unsigned char *) post_data, post_data_len);
sha256_to_hex(sha_hex, sha_hash, sizeof(sha_hex));
Curl_http_method(data, conn, &method, &httpreq);
@@ -321,7 +326,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
/*
* Google allow to use rsa key instead of HMAC, so this code might change
- * In the furure, but for now we support only HMAC version
+ * In the future, but for now we support only HMAC version
*/
str_to_sign = curl_maprintf("%s4-HMAC-SHA256\n" /* Algorithm */
"%s\n" /* RequestDateTime */
diff --git a/contrib/libs/curl/lib/http_ntlm.c b/contrib/libs/curl/lib/http_ntlm.c
index 627a11c5af..a6526db9f7 100644
--- a/contrib/libs/curl/lib/http_ntlm.c
+++ b/contrib/libs/curl/lib/http_ntlm.c
@@ -198,6 +198,12 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy)
#endif
Curl_bufref_init(&ntlmmsg);
+
+ /* connection is already authenticated, don't send a header in future
+ * requests so go directly to NTLMSTATE_LAST */
+ if(*state == NTLMSTATE_TYPE3)
+ *state = NTLMSTATE_LAST;
+
switch(*state) {
case NTLMSTATE_TYPE1:
default: /* for the weird cases we (re)start here */
@@ -246,11 +252,6 @@ CURLcode Curl_output_ntlm(struct Curl_easy *data, bool proxy)
}
break;
- case NTLMSTATE_TYPE3:
- /* connection is already authenticated,
- * don't send a header in future requests */
- *state = NTLMSTATE_LAST;
- /* FALLTHROUGH */
case NTLMSTATE_LAST:
Curl_safefree(*allocuserpwd);
authp->done = TRUE;
diff --git a/contrib/libs/curl/lib/http_proxy.c b/contrib/libs/curl/lib/http_proxy.c
index 20631927f0..bc0d0bfcc3 100644
--- a/contrib/libs/curl/lib/http_proxy.c
+++ b/contrib/libs/curl/lib/http_proxy.c
@@ -207,9 +207,15 @@ static void connect_done(struct Curl_easy *data)
Curl_dyn_free(&s->rcvbuf);
Curl_dyn_free(&s->req);
- /* retore the protocol pointer */
+ /* restore the protocol pointer */
data->req.p.http = s->prot_save;
s->prot_save = NULL;
+ data->info.httpcode = 0; /* clear it as it might've been used for the
+ proxy */
+ data->req.ignorebody = FALSE;
+#ifdef USE_HYPER
+ data->state.hconnect = FALSE;
+#endif
infof(data, "CONNECT phase completed!");
}
}
@@ -284,8 +290,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
/* This only happens if we've looped here due to authentication
reasons, and we don't really use the newly cloned URL here
then. Just free() it. */
- free(data->req.newurl);
- data->req.newurl = NULL;
+ Curl_safefree(data->req.newurl);
/* initialize send-buffer */
Curl_dyn_init(req, DYN_HTTP_REQUEST);
@@ -735,6 +740,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
io = hyper_io_new();
if(!io) {
failf(data, "Couldn't create hyper IO");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
/* tell Hyper how to read/write network data */
@@ -750,6 +756,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
h->exec = hyper_executor_new();
if(!h->exec) {
failf(data, "Couldn't create hyper executor");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
}
@@ -757,6 +764,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
options = hyper_clientconn_options_new();
if(!options) {
failf(data, "Couldn't create hyper client options");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
@@ -767,6 +775,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
handshake = hyper_clientconn_handshake(io, options);
if(!handshake) {
failf(data, "Couldn't create hyper client handshake");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
io = NULL;
@@ -774,6 +783,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
if(HYPERE_OK != hyper_executor_push(h->exec, handshake)) {
failf(data, "Couldn't hyper_executor_push the handshake");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
handshake = NULL; /* ownership passed on */
@@ -781,6 +791,7 @@ static CURLcode CONNECT(struct Curl_easy *data,
task = hyper_executor_poll(h->exec);
if(!task) {
failf(data, "Couldn't hyper_executor_poll the handshake");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
@@ -789,14 +800,24 @@ static CURLcode CONNECT(struct Curl_easy *data,
req = hyper_request_new();
if(!req) {
failf(data, "Couldn't hyper_request_new");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
if(hyper_request_set_method(req, (uint8_t *)"CONNECT",
strlen("CONNECT"))) {
failf(data, "error setting method");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
+ infof(data, "Establish HTTP proxy tunnel to %s:%d",
+ hostname, remote_port);
+
+ /* This only happens if we've looped here due to authentication
+ reasons, and we don't really use the newly cloned URL here
+ then. Just free() it. */
+ Curl_safefree(data->req.newurl);
+
result = CONNECT_host(data, conn, hostname, remote_port,
&hostheader, &host);
if(result)
@@ -806,6 +827,16 @@ static CURLcode CONNECT(struct Curl_easy *data,
strlen(hostheader))) {
failf(data, "error setting path");
result = CURLE_OUT_OF_MEMORY;
+ goto error;
+ }
+ if(data->set.verbose) {
+ char *se = aprintf("CONNECT %s HTTP/1.1\r\n", hostheader);
+ if(!se) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto error;
+ }
+ Curl_debug(data, CURLINFO_HEADER_OUT, se, strlen(se));
+ free(se);
}
/* Setup the proxy-authorization header, if any */
result = Curl_http_output_auth(data, conn, "CONNECT", HTTPREQ_GET,
@@ -819,21 +850,29 @@ static CURLcode CONNECT(struct Curl_easy *data,
(HYPERE_OK != hyper_request_set_version(req,
HYPER_HTTP_VERSION_1_0))) {
failf(data, "error setting HTTP version");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
headers = hyper_request_headers(req);
if(!headers) {
failf(data, "hyper_request_headers");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
- if(host && Curl_hyper_header(data, headers, host))
- goto error;
- Curl_safefree(host);
+ if(host) {
+ result = Curl_hyper_header(data, headers, host);
+ if(result)
+ goto error;
+ Curl_safefree(host);
+ }
- if(data->state.aptr.proxyuserpwd &&
- Curl_hyper_header(data, headers, data->state.aptr.proxyuserpwd))
- goto error;
+ if(data->state.aptr.proxyuserpwd) {
+ result = Curl_hyper_header(data, headers,
+ data->state.aptr.proxyuserpwd);
+ if(result)
+ goto error;
+ }
if(!Curl_checkProxyheaders(data, conn, "User-Agent") &&
data->set.str[STRING_USERAGENT]) {
@@ -843,26 +882,33 @@ static CURLcode CONNECT(struct Curl_easy *data,
data->set.str[STRING_USERAGENT]);
if(result)
goto error;
- if(Curl_hyper_header(data, headers, Curl_dyn_ptr(&ua)))
+ result = Curl_hyper_header(data, headers, Curl_dyn_ptr(&ua));
+ if(result)
goto error;
Curl_dyn_free(&ua);
}
- if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection") &&
- Curl_hyper_header(data, headers, "Proxy-Connection: Keep-Alive"))
- goto error;
+ if(!Curl_checkProxyheaders(data, conn, "Proxy-Connection")) {
+ result = Curl_hyper_header(data, headers,
+ "Proxy-Connection: Keep-Alive");
+ if(result)
+ goto error;
+ }
- if(Curl_add_custom_headers(data, TRUE, headers))
+ result = Curl_add_custom_headers(data, TRUE, headers);
+ if(result)
goto error;
sendtask = hyper_clientconn_send(client, req);
if(!sendtask) {
failf(data, "hyper_clientconn_send");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
if(HYPERE_OK != hyper_executor_push(h->exec, sendtask)) {
failf(data, "Couldn't hyper_executor_push the send");
+ result = CURLE_OUT_OF_MEMORY;
goto error;
}
@@ -875,8 +921,11 @@ static CURLcode CONNECT(struct Curl_easy *data,
if(error)
hypererr = hyper_task_value(task);
hyper_task_free(task);
- if(error)
+ if(error) {
+ /* this could probably use a better error code? */
+ result = CURLE_OUT_OF_MEMORY;
goto error;
+ }
}
} while(task);
s->tunnel_state = TUNNEL_CONNECT;
@@ -904,15 +953,23 @@ static CURLcode CONNECT(struct Curl_easy *data,
h->write_waker = NULL;
}
}
- /* FALLTHROUGH */
+ break;
+
default:
break;
}
+
+ /* If we are supposed to continue and request a new URL, which basically
+ * means the HTTP authentication is still going on so if the tunnel
+ * is complete we start over in INIT state */
+ if(data->req.newurl && (TUNNEL_COMPLETE == s->tunnel_state)) {
+ infof(data, "CONNECT request done, loop to make another");
+ connect_init(data, TRUE); /* reinit */
+ }
} while(data->req.newurl);
result = CURLE_OK;
if(s->tunnel_state == TUNNEL_COMPLETE) {
- data->info.httpproxycode = data->req.httpcode;
if(data->info.httpproxycode/100 != 2) {
if(conn->bits.close && data->req.newurl) {
conn->bits.proxy_connect_closed = TRUE;
diff --git a/contrib/libs/curl/lib/imap.c b/contrib/libs/curl/lib/imap.c
index 6163899bbe..bea964f79a 100644
--- a/contrib/libs/curl/lib/imap.c
+++ b/contrib/libs/curl/lib/imap.c
@@ -78,6 +78,7 @@
#include "multiif.h"
#include "url.h"
#include "strcase.h"
+#include "bufref.h"
#include "curl_sasl.h"
#include "warnless.h"
@@ -101,19 +102,19 @@ static CURLcode imap_doing(struct Curl_easy *data, bool *dophase_done);
static CURLcode imap_setup_connection(struct Curl_easy *data,
struct connectdata *conn);
static char *imap_atom(const char *str, bool escape_only);
-static CURLcode imap_sendf(struct Curl_easy *data,
- struct connectdata *conn, const char *fmt, ...);
+static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...);
static CURLcode imap_parse_url_options(struct connectdata *conn);
static CURLcode imap_parse_url_path(struct Curl_easy *data);
static CURLcode imap_parse_custom_request(struct Curl_easy *data);
static CURLcode imap_perform_authenticate(struct Curl_easy *data,
- struct connectdata *conn,
const char *mech,
- const char *initresp);
+ const struct bufref *initresp);
static CURLcode imap_continue_authenticate(struct Curl_easy *data,
- struct connectdata *conn,
- const char *resp);
-static void imap_get_message(char *buffer, char **outptr);
+ const char *mech,
+ const struct bufref *resp);
+static CURLcode imap_cancel_authenticate(struct Curl_easy *data,
+ const char *mech);
+static CURLcode imap_get_message(struct Curl_easy *data, struct bufref *out);
/*
* IMAP protocol handler.
@@ -180,12 +181,15 @@ const struct Curl_handler Curl_handler_imaps = {
/* SASL parameters for the imap protocol */
static const struct SASLproto saslimap = {
"imap", /* The service name */
- '+', /* Code received when continuation is expected */
- IMAP_RESP_OK, /* Code to receive upon authentication success */
- 0, /* Maximum initial response length (no max) */
imap_perform_authenticate, /* Send authentication command */
imap_continue_authenticate, /* Send authentication continuation */
- imap_get_message /* Get SASL response message */
+ imap_cancel_authenticate, /* Send authentication cancellation */
+ imap_get_message, /* Get SASL response message */
+ 0, /* No maximum initial response length */
+ '+', /* Code received when continuation is expected */
+ IMAP_RESP_OK, /* Code to receive upon authentication success */
+ SASL_AUTH_DEFAULT, /* Default mechanisms */
+ SASL_FLAG_BASE64 /* Configuration flags */
};
@@ -293,6 +297,7 @@ static bool imap_endofresp(struct Curl_easy *data, struct connectdata *conn,
!strcasecompare(imap->custom, "EXPUNGE") &&
!strcasecompare(imap->custom, "LSUB") &&
!strcasecompare(imap->custom, "UID") &&
+ !strcasecompare(imap->custom, "GETQUOTAROOT") &&
!strcasecompare(imap->custom, "NOOP")))
return FALSE;
break;
@@ -352,34 +357,32 @@ static bool imap_endofresp(struct Curl_easy *data, struct connectdata *conn,
*
* Gets the authentication message from the response buffer.
*/
-static void imap_get_message(char *buffer, char **outptr)
+static CURLcode imap_get_message(struct Curl_easy *data, struct bufref *out)
{
- size_t len = strlen(buffer);
- char *message = NULL;
+ char *message = data->state.buffer;
+ size_t len = strlen(message);
if(len > 2) {
/* Find the start of the message */
len -= 2;
- for(message = buffer + 2; *message == ' ' || *message == '\t';
- message++, len--)
+ for(message += 2; *message == ' ' || *message == '\t'; message++, len--)
;
/* Find the end of the message */
- for(; len--;)
+ while(len--)
if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
message[len] != '\t')
break;
/* Terminate the message */
- if(++len) {
- message[len] = '\0';
- }
+ message[++len] = '\0';
+ Curl_bufref_set(out, message, len, NULL);
}
else
/* junk input => zero length output */
- message = &buffer[len];
+ Curl_bufref_set(out, "", 0, NULL);
- *outptr = message;
+ return CURLE_OK;
}
/***********************************************************************
@@ -437,7 +440,7 @@ static CURLcode imap_perform_capability(struct Curl_easy *data,
imapc->tls_supported = FALSE; /* Clear the TLS capability */
/* Send the CAPABILITY command */
- result = imap_sendf(data, conn, "CAPABILITY");
+ result = imap_sendf(data, "CAPABILITY");
if(!result)
state(data, IMAP_CAPABILITY);
@@ -451,11 +454,10 @@ static CURLcode imap_perform_capability(struct Curl_easy *data,
*
* Sends the STARTTLS command to start the upgrade to TLS.
*/
-static CURLcode imap_perform_starttls(struct Curl_easy *data,
- struct connectdata *conn)
+static CURLcode imap_perform_starttls(struct Curl_easy *data)
{
/* Send the STARTTLS command */
- CURLcode result = imap_sendf(data, conn, "STARTTLS");
+ CURLcode result = imap_sendf(data, "STARTTLS");
if(!result)
state(data, IMAP_STARTTLS);
@@ -516,7 +518,7 @@ static CURLcode imap_perform_login(struct Curl_easy *data,
passwd = imap_atom(conn->passwd, false);
/* Send the LOGIN command */
- result = imap_sendf(data, conn, "LOGIN %s %s", user ? user : "",
+ result = imap_sendf(data, "LOGIN %s %s", user ? user : "",
passwd ? passwd : "");
free(user);
@@ -536,20 +538,19 @@ static CURLcode imap_perform_login(struct Curl_easy *data,
* SASL authentication mechanism.
*/
static CURLcode imap_perform_authenticate(struct Curl_easy *data,
- struct connectdata *conn,
const char *mech,
- const char *initresp)
+ const struct bufref *initresp)
{
CURLcode result = CURLE_OK;
- (void)data;
+ const char *ir = (const char *) Curl_bufref_ptr(initresp);
- if(initresp) {
+ if(ir) {
/* Send the AUTHENTICATE command with the initial response */
- result = imap_sendf(data, conn, "AUTHENTICATE %s %s", mech, initresp);
+ result = imap_sendf(data, "AUTHENTICATE %s %s", mech, ir);
}
else {
/* Send the AUTHENTICATE command */
- result = imap_sendf(data, conn, "AUTHENTICATE %s", mech);
+ result = imap_sendf(data, "AUTHENTICATE %s", mech);
}
return result;
@@ -559,15 +560,34 @@ static CURLcode imap_perform_authenticate(struct Curl_easy *data,
*
* imap_continue_authenticate()
*
- * Sends SASL continuation data or cancellation.
+ * Sends SASL continuation data.
*/
static CURLcode imap_continue_authenticate(struct Curl_easy *data,
- struct connectdata *conn,
- const char *resp)
+ const char *mech,
+ const struct bufref *resp)
{
- struct imap_conn *imapc = &conn->proto.imapc;
+ struct imap_conn *imapc = &data->conn->proto.imapc;
+
+ (void)mech;
- return Curl_pp_sendf(data, &imapc->pp, "%s", resp);
+ return Curl_pp_sendf(data, &imapc->pp,
+ "%s", (const char *) Curl_bufref_ptr(resp));
+}
+
+/***********************************************************************
+ *
+ * imap_cancel_authenticate()
+ *
+ * Sends SASL cancellation.
+ */
+static CURLcode imap_cancel_authenticate(struct Curl_easy *data,
+ const char *mech)
+{
+ struct imap_conn *imapc = &data->conn->proto.imapc;
+
+ (void)mech;
+
+ return Curl_pp_sendf(data, &imapc->pp, "*");
}
/***********************************************************************
@@ -594,8 +614,7 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data,
}
/* Calculate the SASL login details */
- result = Curl_sasl_start(&imapc->sasl, data, conn,
- imapc->ir_supported, &progress);
+ result = Curl_sasl_start(&imapc->sasl, data, imapc->ir_supported, &progress);
if(!result) {
if(progress == SASL_INPROGRESS)
@@ -622,12 +641,11 @@ static CURLcode imap_perform_authentication(struct Curl_easy *data,
static CURLcode imap_perform_list(struct Curl_easy *data)
{
CURLcode result = CURLE_OK;
- struct connectdata *conn = data->conn;
struct IMAP *imap = data->req.p.imap;
if(imap->custom)
/* Send the custom request */
- result = imap_sendf(data, conn, "%s%s", imap->custom,
+ result = imap_sendf(data, "%s%s", imap->custom,
imap->custom_params ? imap->custom_params : "");
else {
/* Make sure the mailbox is in the correct atom format if necessary */
@@ -637,7 +655,7 @@ static CURLcode imap_perform_list(struct Curl_easy *data)
return CURLE_OUT_OF_MEMORY;
/* Send the LIST command */
- result = imap_sendf(data, conn, "LIST \"%s\" *", mailbox);
+ result = imap_sendf(data, "LIST \"%s\" *", mailbox);
free(mailbox);
}
@@ -678,7 +696,7 @@ static CURLcode imap_perform_select(struct Curl_easy *data)
return CURLE_OUT_OF_MEMORY;
/* Send the SELECT command */
- result = imap_sendf(data, conn, "SELECT %s", mailbox);
+ result = imap_sendf(data, "SELECT %s", mailbox);
free(mailbox);
@@ -694,8 +712,7 @@ static CURLcode imap_perform_select(struct Curl_easy *data)
*
* Sends a FETCH command to initiate the download of a message.
*/
-static CURLcode imap_perform_fetch(struct Curl_easy *data,
- struct connectdata *conn)
+static CURLcode imap_perform_fetch(struct Curl_easy *data)
{
CURLcode result = CURLE_OK;
struct IMAP *imap = data->req.p.imap;
@@ -704,21 +721,21 @@ static CURLcode imap_perform_fetch(struct Curl_easy *data,
/* Send the FETCH command */
if(imap->partial)
- result = imap_sendf(data, conn, "UID FETCH %s BODY[%s]<%s>",
+ result = imap_sendf(data, "UID FETCH %s BODY[%s]<%s>",
imap->uid, imap->section ? imap->section : "",
imap->partial);
else
- result = imap_sendf(data, conn, "UID FETCH %s BODY[%s]",
+ result = imap_sendf(data, "UID FETCH %s BODY[%s]",
imap->uid, imap->section ? imap->section : "");
}
else if(imap->mindex) {
/* Send the FETCH command */
if(imap->partial)
- result = imap_sendf(data, conn, "FETCH %s BODY[%s]<%s>",
+ result = imap_sendf(data, "FETCH %s BODY[%s]<%s>",
imap->mindex, imap->section ? imap->section : "",
imap->partial);
else
- result = imap_sendf(data, conn, "FETCH %s BODY[%s]",
+ result = imap_sendf(data, "FETCH %s BODY[%s]",
imap->mindex, imap->section ? imap->section : "");
}
else {
@@ -740,7 +757,6 @@ static CURLcode imap_perform_fetch(struct Curl_easy *data,
static CURLcode imap_perform_append(struct Curl_easy *data)
{
CURLcode result = CURLE_OK;
- struct connectdata *conn = data->conn;
struct IMAP *imap = data->req.p.imap;
char *mailbox;
@@ -791,7 +807,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data)
return CURLE_OUT_OF_MEMORY;
/* Send the APPEND command */
- result = imap_sendf(data, conn,
+ result = imap_sendf(data,
"APPEND %s (\\Seen) {%" CURL_FORMAT_CURL_OFF_T "}",
mailbox, data->state.infilesize);
@@ -809,8 +825,7 @@ static CURLcode imap_perform_append(struct Curl_easy *data)
*
* Sends a SEARCH command.
*/
-static CURLcode imap_perform_search(struct Curl_easy *data,
- struct connectdata *conn)
+static CURLcode imap_perform_search(struct Curl_easy *data)
{
CURLcode result = CURLE_OK;
struct IMAP *imap = data->req.p.imap;
@@ -822,7 +837,7 @@ static CURLcode imap_perform_search(struct Curl_easy *data,
}
/* Send the SEARCH command */
- result = imap_sendf(data, conn, "SEARCH %s", imap->query);
+ result = imap_sendf(data, "SEARCH %s", imap->query);
if(!result)
state(data, IMAP_SEARCH);
@@ -836,11 +851,10 @@ static CURLcode imap_perform_search(struct Curl_easy *data,
*
* Performs the logout action prior to sclose() being called.
*/
-static CURLcode imap_perform_logout(struct Curl_easy *data,
- struct connectdata *conn)
+static CURLcode imap_perform_logout(struct Curl_easy *data)
{
/* Send the LOGOUT command */
- CURLcode result = imap_sendf(data, conn, "LOGOUT");
+ CURLcode result = imap_sendf(data, "LOGOUT");
if(!result)
state(data, IMAP_LOGOUT);
@@ -938,7 +952,7 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data,
/* PREAUTH is not compatible with STARTTLS. */
if(imapcode == IMAP_RESP_OK && imapc->tls_supported && !imapc->preauth) {
/* Switch to TLS connection now */
- result = imap_perform_starttls(data, conn);
+ result = imap_perform_starttls(data);
}
else if(data->set.use_ssl <= CURLUSESSL_TRY)
result = imap_perform_authentication(data, conn);
@@ -993,7 +1007,7 @@ static CURLcode imap_state_auth_resp(struct Curl_easy *data,
(void)instate; /* no use for this yet */
- result = Curl_sasl_continue(&imapc->sasl, data, conn, imapcode, &progress);
+ result = Curl_sasl_continue(&imapc->sasl, data, imapcode, &progress);
if(!result)
switch(progress) {
case SASL_DONE:
@@ -1094,9 +1108,9 @@ static CURLcode imap_state_select_resp(struct Curl_easy *data, int imapcode,
if(imap->custom)
result = imap_perform_list(data);
else if(imap->query)
- result = imap_perform_search(data, conn);
+ result = imap_perform_search(data);
else
- result = imap_perform_fetch(data, conn);
+ result = imap_perform_fetch(data);
}
}
else {
@@ -1441,7 +1455,7 @@ static CURLcode imap_connect(struct Curl_easy *data, bool *done)
/* Set the default preferred authentication type and mechanism */
imapc->preftype = IMAP_TYPE_ANY;
- Curl_sasl_init(&imapc->sasl, &saslimap);
+ Curl_sasl_init(&imapc->sasl, data, &saslimap);
Curl_dyn_init(&imapc->dyn, DYN_IMAP_CMD);
/* Initialise the pingpong layer */
@@ -1568,10 +1582,10 @@ static CURLcode imap_perform(struct Curl_easy *data, bool *connected,
result = imap_perform_list(data);
else if(!imap->custom && selected && (imap->uid || imap->mindex))
/* FETCH from the same mailbox */
- result = imap_perform_fetch(data, conn);
+ result = imap_perform_fetch(data);
else if(!imap->custom && selected && imap->query)
/* SEARCH the current mailbox */
- result = imap_perform_search(data, conn);
+ result = imap_perform_search(data);
else if(imap->mailbox && !selected &&
(imap->custom || imap->uid || imap->mindex || imap->query))
/* SELECT the mailbox */
@@ -1643,7 +1657,7 @@ static CURLcode imap_disconnect(struct Curl_easy *data,
/* The IMAP session may or may not have been allocated/setup at this
point! */
if(!dead_connection && conn->bits.protoconnstart) {
- if(!imap_perform_logout(data, conn))
+ if(!imap_perform_logout(data))
(void)imap_block_statemach(data, conn, TRUE); /* ignore errors */
}
@@ -1747,17 +1761,16 @@ static CURLcode imap_setup_connection(struct Curl_easy *data,
*
* Designed to never block.
*/
-static CURLcode imap_sendf(struct Curl_easy *data,
- struct connectdata *conn, const char *fmt, ...)
+static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...)
{
CURLcode result = CURLE_OK;
- struct imap_conn *imapc = &conn->proto.imapc;
+ struct imap_conn *imapc = &data->conn->proto.imapc;
DEBUGASSERT(fmt);
/* Calculate the tag based on the connection ID and command ID */
msnprintf(imapc->resptag, sizeof(imapc->resptag), "%c%03d",
- 'A' + curlx_sltosi(conn->connection_id % 26),
+ 'A' + curlx_sltosi(data->conn->connection_id % 26),
(++imapc->cmdid)%1000);
/* start with a blank buffer */
@@ -1911,8 +1924,6 @@ static CURLcode imap_parse_url_options(struct connectdata *conn)
struct imap_conn *imapc = &conn->proto.imapc;
const char *ptr = conn->options;
- imapc->sasl.resetprefs = TRUE;
-
while(!result && ptr && *ptr) {
const char *key = ptr;
const char *value;
diff --git a/contrib/libs/curl/lib/krb5.c b/contrib/libs/curl/lib/krb5.c
index b888521990..57cfbf4282 100644
--- a/contrib/libs/curl/lib/krb5.c
+++ b/contrib/libs/curl/lib/krb5.c
@@ -374,7 +374,7 @@ static void krb5_end(void *app_data)
}
}
-static struct Curl_sec_client_mech Curl_krb5_client_mech = {
+static const struct Curl_sec_client_mech Curl_krb5_client_mech = {
"GSSAPI",
sizeof(gss_ctx_id_t),
krb5_init,
@@ -684,7 +684,7 @@ int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn,
(void) data;
if(!conn->mech)
- /* not inititalized, return error */
+ /* not initialized, return error */
return -1;
DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
@@ -768,7 +768,7 @@ static int sec_set_protection_level(struct Curl_easy *data)
}
}
- /* Now try to negiociate the protection level. */
+ /* Now try to negotiate the protection level. */
code = ftp_send_command(data, "PROT %c", level_to_char(level));
if(code < 0)
diff --git a/contrib/libs/curl/lib/llist.c b/contrib/libs/curl/lib/llist.c
index e0ec7393d2..e78da7da82 100644
--- a/contrib/libs/curl/lib/llist.c
+++ b/contrib/libs/curl/lib/llist.c
@@ -106,9 +106,7 @@ Curl_llist_remove(struct Curl_llist *list, struct Curl_llist_element *e,
e->next->prev = NULL;
}
else {
- if(!e->prev)
- list->head = e->next;
- else
+ if(e->prev)
e->prev->next = e->next;
if(!e->next)
diff --git a/contrib/libs/curl/lib/md4.c b/contrib/libs/curl/lib/md4.c
index 3cfc393bc2..87b5621363 100644
--- a/contrib/libs/curl/lib/md4.c
+++ b/contrib/libs/curl/lib/md4.c
@@ -27,6 +27,7 @@
#include "curl_md4.h"
#include "warnless.h"
+
#ifdef USE_OPENSSL
#include <openssl/opensslconf.h>
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
@@ -35,6 +36,13 @@
#endif
#endif /* USE_OPENSSL */
+#ifdef USE_WOLFSSL
+#error #include <wolfssl/options.h>
+#ifdef NO_MD4
+#define OPENSSL_NO_MD4
+#endif
+#endif
+
#ifdef USE_MBEDTLS
#error #include <mbedtls/version.h>
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
@@ -74,8 +82,9 @@ static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
md4_digest(ctx, MD4_DIGEST_SIZE, result);
}
-#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
-/* When OpenSSL is available we use the MD4-functions from OpenSSL */
+#elif (defined(USE_OPENSSL) || defined(USE_WOLFSSL)) && \
+ !defined(OPENSSL_NO_MD4)
+/* When OpenSSL or wolfSSL is available, we use their MD4 functions. */
#include <openssl/md4.h>
#elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \
diff --git a/contrib/libs/curl/lib/md5.c b/contrib/libs/curl/lib/md5.c
index 62b602ffbb..63371511b7 100644
--- a/contrib/libs/curl/lib/md5.c
+++ b/contrib/libs/curl/lib/md5.c
@@ -39,6 +39,20 @@
#endif
#endif /* USE_MBEDTLS */
+#if defined(USE_OPENSSL) && !defined(USE_AMISSL)
+ #include <openssl/opensslconf.h>
+ #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+ #define USE_OPENSSL_MD5
+ #endif
+#endif
+
+#ifdef USE_WOLFSSL
+ #error #include <wolfssl/options.h>
+ #ifndef NO_MD5
+ #define USE_WOLFSSL_MD5
+ #endif
+#endif
+
#if defined(USE_GNUTLS)
#include <nettle/md5.h>
@@ -65,8 +79,9 @@ static void MD5_Final(unsigned char *digest, MD5_CTX *ctx)
md5_digest(ctx, 16, digest);
}
-#elif defined(USE_OPENSSL) && !defined(USE_AMISSL)
-/* When OpenSSL is available we use the MD5-function from OpenSSL */
+#elif defined(USE_OPENSSL_MD5) || defined(USE_WOLFSSL_MD5)
+
+/* When OpenSSL or wolfSSL is available, we use their MD5 functions. */
#include <openssl/md5.h>
#include "curl_memory.h"
/* The last #include file should be: */
diff --git a/contrib/libs/curl/lib/mime.c b/contrib/libs/curl/lib/mime.c
index 0bf1b46a4c..f40cc1a618 100644
--- a/contrib/libs/curl/lib/mime.c
+++ b/contrib/libs/curl/lib/mime.c
@@ -462,11 +462,13 @@ static size_t encoder_base64_read(char *buffer, size_t size, bool ateof,
/* Buffered data size can only be 0, 1 or 2. */
ptr[2] = ptr[3] = '=';
i = 0;
- switch(st->bufend - st->bufbeg) {
- case 2:
- i = (st->buf[st->bufbeg + 1] & 0xFF) << 8;
- /* FALLTHROUGH */
- case 1:
+
+ /* If there is buffered data */
+ if(st->bufend != st->bufbeg) {
+
+ if(st->bufend - st->bufbeg == 2)
+ i = (st->buf[st->bufbeg + 1] & 0xFF) << 8;
+
i |= (st->buf[st->bufbeg] & 0xFF) << 16;
ptr[0] = base64[(i >> 18) & 0x3F];
ptr[1] = base64[(i >> 12) & 0x3F];
@@ -476,7 +478,6 @@ static size_t encoder_base64_read(char *buffer, size_t size, bool ateof,
}
cursize += 4;
st->pos += 4;
- break;
}
}
}
@@ -1954,7 +1955,8 @@ void Curl_mime_unpause(curl_mimepart *part)
}
-#else /* !CURL_DISABLE_HTTP || !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */
+#else /* !CURL_DISABLE_HTTP && !CURL_DISABLE_MIME ||
+ !CURL_DISABLE_SMTP || !CURL_DISABLE_IMAP */
/* Mime not compiled in: define stubs for externally-referenced functions. */
curl_mime *curl_mime_init(CURL *easy)
diff --git a/contrib/libs/curl/lib/multi.c b/contrib/libs/curl/lib/multi.c
index 73015ed4d7..9dfa844d7d 100644
--- a/contrib/libs/curl/lib/multi.c
+++ b/contrib/libs/curl/lib/multi.c
@@ -2030,6 +2030,28 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
break;
case MSTATE_DO:
+ if(data->set.fprereq) {
+ int prereq_rc;
+
+ /* call the prerequest callback function */
+ Curl_set_in_callback(data, true);
+ prereq_rc = data->set.fprereq(data->set.prereq_userp,
+ data->info.conn_primary_ip,
+ data->info.conn_local_ip,
+ data->info.conn_primary_port,
+ data->info.conn_local_port);
+ Curl_set_in_callback(data, false);
+ if(prereq_rc != CURL_PREREQFUNC_OK) {
+ failf(data, "operation aborted by pre-request callback");
+ /* failure in pre-request callback - don't do any other processing */
+ result = CURLE_ABORTED_BY_CALLBACK;
+ Curl_posttransfer(data);
+ multi_done(data, result, FALSE);
+ stream_error = TRUE;
+ break;
+ }
+ }
+
if(data->set.connect_only) {
/* keep connection open for application to use the socket */
connkeep(data->conn, "CONNECT_ONLY");
@@ -2613,7 +2635,7 @@ CURLMcode curl_multi_cleanup(struct Curl_multi *multi)
multi->magic = 0; /* not good anymore */
- /* Firsrt remove all remaining easy handles */
+ /* First remove all remaining easy handles */
data = multi->easyp;
while(data) {
nextdata = data->next;
@@ -3182,7 +3204,7 @@ CURLMcode curl_multi_socket_all(struct Curl_multi *multi, int *running_handles)
static CURLMcode multi_timeout(struct Curl_multi *multi,
long *timeout_ms)
{
- static struct curltime tv_zero = {0, 0};
+ static const struct curltime tv_zero = {0, 0};
if(multi->timetree) {
/* we have a tree of expire times */
diff --git a/contrib/libs/curl/lib/pop3.c b/contrib/libs/curl/lib/pop3.c
index d3f3de6d49..d4ca67877d 100644
--- a/contrib/libs/curl/lib/pop3.c
+++ b/contrib/libs/curl/lib/pop3.c
@@ -78,6 +78,7 @@
#include "select.h"
#include "multiif.h"
#include "url.h"
+#include "bufref.h"
#include "curl_sasl.h"
#include "curl_md5.h"
#include "warnless.h"
@@ -103,12 +104,12 @@ static CURLcode pop3_setup_connection(struct Curl_easy *data,
static CURLcode pop3_parse_url_options(struct connectdata *conn);
static CURLcode pop3_parse_url_path(struct Curl_easy *data);
static CURLcode pop3_parse_custom_request(struct Curl_easy *data);
-static CURLcode pop3_perform_auth(struct Curl_easy *data,
- struct connectdata *conn, const char *mech,
- const char *initresp);
-static CURLcode pop3_continue_auth(struct Curl_easy *data,
- struct connectdata *conn, const char *resp);
-static void pop3_get_message(char *buffer, char **outptr);
+static CURLcode pop3_perform_auth(struct Curl_easy *data, const char *mech,
+ const struct bufref *initresp);
+static CURLcode pop3_continue_auth(struct Curl_easy *data, const char *mech,
+ const struct bufref *resp);
+static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech);
+static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out);
/*
* POP3 protocol handler.
@@ -170,13 +171,16 @@ const struct Curl_handler Curl_handler_pop3s = {
/* SASL parameters for the pop3 protocol */
static const struct SASLproto saslpop3 = {
- "pop", /* The service name */
- '*', /* Code received when continuation is expected */
- '+', /* Code to receive upon authentication success */
- 255 - 8, /* Maximum initial response length (no max) */
- pop3_perform_auth, /* Send authentication command */
- pop3_continue_auth, /* Send authentication continuation */
- pop3_get_message /* Get SASL response message */
+ "pop", /* The service name */
+ pop3_perform_auth, /* Send authentication command */
+ pop3_continue_auth, /* Send authentication continuation */
+ pop3_cancel_auth, /* Send authentication cancellation */
+ pop3_get_message, /* Get SASL response message */
+ 255 - 8, /* Max line len - strlen("AUTH ") - 1 space - crlf */
+ '*', /* Code received when continuation is expected */
+ '+', /* Code to receive upon authentication success */
+ SASL_AUTH_DEFAULT, /* Default mechanisms */
+ SASL_FLAG_BASE64 /* Configuration flags */
};
#ifdef USE_SSL
@@ -250,34 +254,32 @@ static bool pop3_endofresp(struct Curl_easy *data, struct connectdata *conn,
*
* Gets the authentication message from the response buffer.
*/
-static void pop3_get_message(char *buffer, char **outptr)
+static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out)
{
- size_t len = strlen(buffer);
- char *message = NULL;
+ char *message = data->state.buffer;
+ size_t len = strlen(message);
if(len > 2) {
/* Find the start of the message */
len -= 2;
- for(message = buffer + 2; *message == ' ' || *message == '\t';
- message++, len--)
+ for(message += 2; *message == ' ' || *message == '\t'; message++, len--)
;
/* Find the end of the message */
- for(; len--;)
+ while(len--)
if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
message[len] != '\t')
break;
/* Terminate the message */
- if(++len) {
- message[len] = '\0';
- }
+ message[++len] = '\0';
+ Curl_bufref_set(out, message, len, NULL);
}
else
/* junk input => zero length output */
- message = &buffer[len];
+ Curl_bufref_set(out, "", 0, NULL);
- *outptr = message;
+ return CURLE_OK;
}
/***********************************************************************
@@ -474,16 +476,16 @@ static CURLcode pop3_perform_apop(struct Curl_easy *data,
* authentication mechanism.
*/
static CURLcode pop3_perform_auth(struct Curl_easy *data,
- struct connectdata *conn,
const char *mech,
- const char *initresp)
+ const struct bufref *initresp)
{
CURLcode result = CURLE_OK;
- struct pop3_conn *pop3c = &conn->proto.pop3c;
+ struct pop3_conn *pop3c = &data->conn->proto.pop3c;
+ const char *ir = (const char *) Curl_bufref_ptr(initresp);
- if(initresp) { /* AUTH <mech> ...<crlf> */
+ if(ir) { /* AUTH <mech> ...<crlf> */
/* Send the AUTH command with the initial response */
- result = Curl_pp_sendf(data, &pop3c->pp, "AUTH %s %s", mech, initresp);
+ result = Curl_pp_sendf(data, &pop3c->pp, "AUTH %s %s", mech, ir);
}
else {
/* Send the AUTH command */
@@ -497,15 +499,33 @@ static CURLcode pop3_perform_auth(struct Curl_easy *data,
*
* pop3_continue_auth()
*
- * Sends SASL continuation data or cancellation.
+ * Sends SASL continuation data.
*/
static CURLcode pop3_continue_auth(struct Curl_easy *data,
- struct connectdata *conn,
- const char *resp)
+ const char *mech,
+ const struct bufref *resp)
{
- struct pop3_conn *pop3c = &conn->proto.pop3c;
+ struct pop3_conn *pop3c = &data->conn->proto.pop3c;
+
+ (void)mech;
- return Curl_pp_sendf(data, &pop3c->pp, "%s", resp);
+ return Curl_pp_sendf(data, &pop3c->pp,
+ "%s", (const char *) Curl_bufref_ptr(resp));
+}
+
+/***********************************************************************
+ *
+ * pop3_cancel_auth()
+ *
+ * Sends SASL cancellation.
+ */
+static CURLcode pop3_cancel_auth(struct Curl_easy *data, const char *mech)
+{
+ struct pop3_conn *pop3c = &data->conn->proto.pop3c;
+
+ (void)mech;
+
+ return Curl_pp_sendf(data, &pop3c->pp, "*");
}
/***********************************************************************
@@ -532,7 +552,7 @@ static CURLcode pop3_perform_authentication(struct Curl_easy *data,
if(pop3c->authtypes & pop3c->preftype & POP3_TYPE_SASL) {
/* Calculate the SASL login details */
- result = Curl_sasl_start(&pop3c->sasl, data, conn, FALSE, &progress);
+ result = Curl_sasl_start(&pop3c->sasl, data, FALSE, &progress);
if(!result)
if(progress == SASL_INPROGRESS)
@@ -801,7 +821,7 @@ static CURLcode pop3_state_auth_resp(struct Curl_easy *data,
(void)instate; /* no use for this yet */
- result = Curl_sasl_continue(&pop3c->sasl, data, conn, pop3code, &progress);
+ result = Curl_sasl_continue(&pop3c->sasl, data, pop3code, &progress);
if(!result)
switch(progress) {
case SASL_DONE:
@@ -1011,7 +1031,9 @@ static CURLcode pop3_statemachine(struct Curl_easy *data,
break;
case POP3_QUIT:
- /* fallthrough, just stop! */
+ state(data, POP3_STOP);
+ break;
+
default:
/* internal error */
state(data, POP3_STOP);
@@ -1102,7 +1124,7 @@ static CURLcode pop3_connect(struct Curl_easy *data, bool *done)
/* Set the default preferred authentication type and mechanism */
pop3c->preftype = POP3_TYPE_ANY;
- Curl_sasl_init(&pop3c->sasl, &saslpop3);
+ Curl_sasl_init(&pop3c->sasl, data, &saslpop3);
/* Initialise the pingpong layer */
Curl_pp_setup(pp);
@@ -1343,8 +1365,6 @@ static CURLcode pop3_parse_url_options(struct connectdata *conn)
struct pop3_conn *pop3c = &conn->proto.pop3c;
const char *ptr = conn->options;
- pop3c->sasl.resetprefs = TRUE;
-
while(!result && ptr && *ptr) {
const char *key = ptr;
const char *value;
diff --git a/contrib/libs/curl/lib/select.c b/contrib/libs/curl/lib/select.c
index 52dca5a2c0..70d7ee5c26 100644
--- a/contrib/libs/curl/lib/select.c
+++ b/contrib/libs/curl/lib/select.c
@@ -64,7 +64,7 @@
* Waiting indefinitely with this function is not allowed, a
* zero or negative timeout value will return immediately.
* Timeout resolution, accuracy, as well as maximum supported
- * value is system dependent, neither factor is a citical issue
+ * value is system dependent, neither factor is a critical issue
* for the intended use of this function in the library.
*
* Return values:
diff --git a/contrib/libs/curl/lib/sendf.c b/contrib/libs/curl/lib/sendf.c
index 14ca84bfe5..bcfa27a501 100644
--- a/contrib/libs/curl/lib/sendf.c
+++ b/contrib/libs/curl/lib/sendf.c
@@ -608,7 +608,7 @@ static CURLcode chop_write(struct Curl_easy *data,
/* Curl_client_write() sends data to the write callback(s)
The bit pattern defines to what "streams" to write to. Body and/or header.
- The defines are in sendf.h of course. "len" is not allowed to be 0.
+ The defines are in sendf.h of course.
If CURL_DO_LINEEND_CONV is enabled, data is converted IN PLACE to the
local character encoding. This is a problem and should be changed in
@@ -621,8 +621,10 @@ CURLcode Curl_client_write(struct Curl_easy *data,
{
struct connectdata *conn = data->conn;
- DEBUGASSERT(len);
- DEBUGASSERT(type <= 3);
+ DEBUGASSERT(!(type & ~CLIENTWRITE_BOTH));
+
+ if(!len)
+ return CURLE_OK;
/* FTP data may need conversion. */
if((type & CLIENTWRITE_BODY) &&
diff --git a/contrib/libs/curl/lib/setopt.c b/contrib/libs/curl/lib/setopt.c
index 08827d1ef9..56d9c49926 100644
--- a/contrib/libs/curl/lib/setopt.c
+++ b/contrib/libs/curl/lib/setopt.c
@@ -2477,6 +2477,15 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
va_arg(param, char *));
break;
+ case CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256:
+ /*
+ * Option to allow for the SHA256 of the host public key to be checked
+ * for validation purposes.
+ */
+ result = Curl_setstropt(&data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256],
+ va_arg(param, char *));
+ break;
+
case CURLOPT_SSH_KNOWNHOSTS:
/*
* Store the file name to read known hosts from.
@@ -2507,8 +2516,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
/*
* disable libcurl transfer encoding is used
*/
+#ifndef USE_HYPER
data->set.http_te_skip = (0 == va_arg(param, long)) ? TRUE : FALSE;
break;
+#else
+ return CURLE_NOT_BUILT_IN; /* hyper doesn't support */
+#endif
case CURLOPT_HTTP_CONTENT_DECODING:
/*
@@ -2929,6 +2942,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
return CURLE_BAD_FUNCTION_ARGUMENT;
data->set.maxage_conn = arg;
break;
+ case CURLOPT_MAXLIFETIME_CONN:
+ arg = va_arg(param, long);
+ if(arg < 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ data->set.maxlifetime_conn = arg;
+ break;
case CURLOPT_TRAILERFUNCTION:
#ifndef CURL_DISABLE_HTTP
data->set.trailer_callback = va_arg(param, curl_trailer_callback);
@@ -3004,6 +3023,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
return result;
break;
#endif
+ case CURLOPT_PREREQFUNCTION:
+ data->set.fprereq = va_arg(param, curl_prereq_callback);
+ break;
+ case CURLOPT_PREREQDATA:
+ data->set.prereq_userp = va_arg(param, void *);
+ break;
default:
/* unknown tag and its companion, just ignore: */
result = CURLE_UNKNOWN_OPTION;
diff --git a/contrib/libs/curl/lib/setup-win32.h b/contrib/libs/curl/lib/setup-win32.h
index c35dec88cb..fa8742f3b1 100644
--- a/contrib/libs/curl/lib/setup-win32.h
+++ b/contrib/libs/curl/lib/setup-win32.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -25,11 +25,11 @@
/*
* Include header files for windows builds before redefining anything.
* Use this preprocessor block only to include or exclude windows.h,
- * winsock2.h, ws2tcpip.h or winsock.h. Any other windows thing belongs
+ * winsock2.h or ws2tcpip.h. Any other windows thing belongs
* to any other further and independent block. Under Cygwin things work
* just as under linux (e.g. <sys/socket.h>) and the winsock headers should
* never be included when __CYGWIN__ is defined. configure script takes
- * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK_H, HAVE_WINSOCK2_H,
+ * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK2_H,
* neither HAVE_WS2TCPIP_H when __CYGWIN__ is defined.
*/
@@ -47,10 +47,6 @@
# ifdef HAVE_WS2TCPIP_H
# include <ws2tcpip.h>
# endif
-# else
-# ifdef HAVE_WINSOCK_H
-# include <winsock.h>
-# endif
# endif
# include <tchar.h>
# ifdef UNICODE
@@ -67,10 +63,6 @@
#ifdef HAVE_WINSOCK2_H
# define USE_WINSOCK 2
-#else
-# ifdef HAVE_WINSOCK_H
-# error "WinSock version 1 is no longer supported, version 2 is required!"
-# endif
#endif
/*
diff --git a/contrib/libs/curl/lib/sha256.c b/contrib/libs/curl/lib/sha256.c
index 9bcd110060..068ecccf2f 100644
--- a/contrib/libs/curl/lib/sha256.c
+++ b/contrib/libs/curl/lib/sha256.c
@@ -29,11 +29,18 @@
#include "curl_sha256.h"
#include "curl_hmac.h"
+#ifdef USE_WOLFSSL
+#error #include <wolfssl/options.h>
+#ifndef NO_SHA256
+#define USE_OPENSSL_SHA256
+#endif
+#endif
+
#if defined(USE_OPENSSL)
#include <openssl/opensslv.h>
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL)
#define USE_OPENSSL_SHA256
#endif
@@ -63,7 +70,36 @@
#if defined(USE_OPENSSL_SHA256)
/* When OpenSSL is available we use the SHA256-function from OpenSSL */
-#include <openssl/sha.h>
+#include <openssl/evp.h>
+
+#include "curl_memory.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+struct sha256_ctx {
+ EVP_MD_CTX *openssl_ctx;
+};
+typedef struct sha256_ctx my_sha256_ctx;
+
+static void my_sha256_init(my_sha256_ctx *ctx)
+{
+ ctx->openssl_ctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL);
+}
+
+static void my_sha256_update(my_sha256_ctx *ctx,
+ const unsigned char *data,
+ unsigned int length)
+{
+ EVP_DigestUpdate(ctx->openssl_ctx, data, length);
+}
+
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
+{
+ EVP_DigestFinal_ex(ctx->openssl_ctx, digest, NULL);
+ EVP_MD_CTX_destroy(ctx->openssl_ctx);
+}
#elif defined(USE_GNUTLS)
@@ -74,21 +110,21 @@
/* The last #include file should be: */
#include "memdebug.h"
-typedef struct sha256_ctx SHA256_CTX;
+typedef struct sha256_ctx my_sha256_ctx;
-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
{
sha256_init(ctx);
}
-static void SHA256_Update(SHA256_CTX *ctx,
- const unsigned char *data,
- unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+ const unsigned char *data,
+ unsigned int length)
{
sha256_update(ctx, length, data);
}
-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
{
sha256_digest(ctx, SHA256_DIGEST_SIZE, digest);
}
@@ -102,9 +138,9 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
/* The last #include file should be: */
#include "memdebug.h"
-typedef mbedtls_sha256_context SHA256_CTX;
+typedef mbedtls_sha256_context my_sha256_ctx;
-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
{
#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS)
(void) mbedtls_sha256_starts(ctx, 0);
@@ -113,9 +149,9 @@ static void SHA256_Init(SHA256_CTX *ctx)
#endif
}
-static void SHA256_Update(SHA256_CTX *ctx,
- const unsigned char *data,
- unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+ const unsigned char *data,
+ unsigned int length)
{
#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS)
(void) mbedtls_sha256_update(ctx, data, length);
@@ -124,7 +160,7 @@ static void SHA256_Update(SHA256_CTX *ctx,
#endif
}
-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
{
#if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS)
(void) mbedtls_sha256_finish(ctx, digest);
@@ -145,21 +181,21 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
/* The last #include file should be: */
#include "memdebug.h"
-typedef CC_SHA256_CTX SHA256_CTX;
+typedef CC_SHA256_CTX my_sha256_ctx;
-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
{
(void) CC_SHA256_Init(ctx);
}
-static void SHA256_Update(SHA256_CTX *ctx,
- const unsigned char *data,
- unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+ const unsigned char *data,
+ unsigned int length)
{
(void) CC_SHA256_Update(ctx, data, length);
}
-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
{
(void) CC_SHA256_Final(digest, ctx);
}
@@ -172,13 +208,13 @@ struct sha256_ctx {
HCRYPTPROV hCryptProv;
HCRYPTHASH hHash;
};
-typedef struct sha256_ctx SHA256_CTX;
+typedef struct sha256_ctx my_sha256_ctx;
#if !defined(CALG_SHA_256)
#define CALG_SHA_256 0x0000800c
#endif
-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
{
if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
@@ -186,14 +222,14 @@ static void SHA256_Init(SHA256_CTX *ctx)
}
}
-static void SHA256_Update(SHA256_CTX *ctx,
- const unsigned char *data,
- unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+ const unsigned char *data,
+ unsigned int length)
{
CryptHashData(ctx->hHash, (unsigned char *) data, length, 0);
}
-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
{
unsigned long length = 0;
@@ -262,7 +298,7 @@ struct sha256_state {
unsigned long state[8], curlen;
unsigned char buf[64];
};
-typedef struct sha256_state SHA256_CTX;
+typedef struct sha256_state my_sha256_ctx;
/* The K array */
static const unsigned long K[64] = {
@@ -339,7 +375,7 @@ static int sha256_compress(struct sha256_state *md,
}
/* Initialize the hash state */
-static void SHA256_Init(struct sha256_state *md)
+static void my_sha256_init(struct sha256_state *md)
{
md->curlen = 0;
md->length = 0;
@@ -360,9 +396,9 @@ static void SHA256_Init(struct sha256_state *md)
@param inlen The length of the data (octets)
@return CRYPT_OK if successful
*/
-static int SHA256_Update(struct sha256_state *md,
- const unsigned char *in,
- unsigned long inlen)
+static int my_sha256_update(struct sha256_state *md,
+ const unsigned char *in,
+ unsigned long inlen)
{
unsigned long n;
@@ -401,8 +437,8 @@ static int SHA256_Update(struct sha256_state *md,
@param out [out] The destination of the hash (32 bytes)
@return CRYPT_OK if successful
*/
-static int SHA256_Final(unsigned char *out,
- struct sha256_state *md)
+static int my_sha256_final(unsigned char *out,
+ struct sha256_state *md)
{
int i;
@@ -459,24 +495,24 @@ static int SHA256_Final(unsigned char *out,
void Curl_sha256it(unsigned char *output, const unsigned char *input,
const size_t length)
{
- SHA256_CTX ctx;
+ my_sha256_ctx ctx;
- SHA256_Init(&ctx);
- SHA256_Update(&ctx, input, curlx_uztoui(length));
- SHA256_Final(output, &ctx);
+ my_sha256_init(&ctx);
+ my_sha256_update(&ctx, input, curlx_uztoui(length));
+ my_sha256_final(output, &ctx);
}
const struct HMAC_params Curl_HMAC_SHA256[] = {
{
/* Hash initialization function. */
- CURLX_FUNCTION_CAST(HMAC_hinit_func, SHA256_Init),
+ CURLX_FUNCTION_CAST(HMAC_hinit_func, my_sha256_init),
/* Hash update function. */
- CURLX_FUNCTION_CAST(HMAC_hupdate_func, SHA256_Update),
+ CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_sha256_update),
/* Hash computation end function. */
- CURLX_FUNCTION_CAST(HMAC_hfinal_func, SHA256_Final),
+ CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_sha256_final),
/* Size of hash context structure. */
- sizeof(SHA256_CTX),
+ sizeof(my_sha256_ctx),
/* Maximum key length. */
64,
/* Result size. */
diff --git a/contrib/libs/curl/lib/smtp.c b/contrib/libs/curl/lib/smtp.c
index 02ddaca0a2..8e0b046096 100644
--- a/contrib/libs/curl/lib/smtp.c
+++ b/contrib/libs/curl/lib/smtp.c
@@ -82,6 +82,7 @@
#include "multiif.h"
#include "url.h"
#include "curl_gethostname.h"
+#include "bufref.h"
#include "curl_sasl.h"
#include "warnless.h"
/* The last 3 #include files should be in this order */
@@ -108,12 +109,12 @@ static CURLcode smtp_parse_url_path(struct Curl_easy *data);
static CURLcode smtp_parse_custom_request(struct Curl_easy *data);
static CURLcode smtp_parse_address(struct Curl_easy *data, const char *fqma,
char **address, struct hostname *host);
-static CURLcode smtp_perform_auth(struct Curl_easy *data,
- struct connectdata *conn, const char *mech,
- const char *initresp);
-static CURLcode smtp_continue_auth(struct Curl_easy *data,
- struct connectdata *conn, const char *resp);
-static void smtp_get_message(char *buffer, char **outptr);
+static CURLcode smtp_perform_auth(struct Curl_easy *data, const char *mech,
+ const struct bufref *initresp);
+static CURLcode smtp_continue_auth(struct Curl_easy *data, const char *mech,
+ const struct bufref *resp);
+static CURLcode smtp_cancel_auth(struct Curl_easy *data, const char *mech);
+static CURLcode smtp_get_message(struct Curl_easy *data, struct bufref *out);
/*
* SMTP protocol handler.
@@ -175,13 +176,16 @@ const struct Curl_handler Curl_handler_smtps = {
/* SASL parameters for the smtp protocol */
static const struct SASLproto saslsmtp = {
- "smtp", /* The service name */
- 334, /* Code received when continuation is expected */
- 235, /* Code to receive upon authentication success */
- 512 - 8, /* Maximum initial response length (no max) */
- smtp_perform_auth, /* Send authentication command */
- smtp_continue_auth, /* Send authentication continuation */
- smtp_get_message /* Get SASL response message */
+ "smtp", /* The service name */
+ smtp_perform_auth, /* Send authentication command */
+ smtp_continue_auth, /* Send authentication continuation */
+ smtp_cancel_auth, /* Cancel authentication */
+ smtp_get_message, /* Get SASL response message */
+ 512 - 8, /* Max line len - strlen("AUTH ") - 1 space - crlf */
+ 334, /* Code received when continuation is expected */
+ 235, /* Code to receive upon authentication success */
+ SASL_AUTH_DEFAULT, /* Default mechanisms */
+ SASL_FLAG_BASE64 /* Configuration flags */
};
#ifdef USE_SSL
@@ -248,34 +252,32 @@ static bool smtp_endofresp(struct Curl_easy *data, struct connectdata *conn,
*
* Gets the authentication message from the response buffer.
*/
-static void smtp_get_message(char *buffer, char **outptr)
+static CURLcode smtp_get_message(struct Curl_easy *data, struct bufref *out)
{
- size_t len = strlen(buffer);
- char *message = NULL;
+ char *message = data->state.buffer;
+ size_t len = strlen(message);
if(len > 4) {
/* Find the start of the message */
len -= 4;
- for(message = buffer + 4; *message == ' ' || *message == '\t';
- message++, len--)
+ for(message += 4; *message == ' ' || *message == '\t'; message++, len--)
;
/* Find the end of the message */
- for(; len--;)
+ while(len--)
if(message[len] != '\r' && message[len] != '\n' && message[len] != ' ' &&
message[len] != '\t')
break;
/* Terminate the message */
- if(++len) {
- message[len] = '\0';
- }
+ message[++len] = '\0';
+ Curl_bufref_set(out, message, len, NULL);
}
else
/* junk input => zero length output */
- message = &buffer[len];
+ Curl_bufref_set(out, "", 0, NULL);
- *outptr = message;
+ return CURLE_OK;
}
/***********************************************************************
@@ -421,16 +423,16 @@ static CURLcode smtp_perform_upgrade_tls(struct Curl_easy *data)
* authentication mechanism.
*/
static CURLcode smtp_perform_auth(struct Curl_easy *data,
- struct connectdata *conn,
const char *mech,
- const char *initresp)
+ const struct bufref *initresp)
{
CURLcode result = CURLE_OK;
- struct smtp_conn *smtpc = &conn->proto.smtpc;
+ struct smtp_conn *smtpc = &data->conn->proto.smtpc;
+ const char *ir = (const char *) Curl_bufref_ptr(initresp);
- if(initresp) { /* AUTH <mech> ...<crlf> */
+ if(ir) { /* AUTH <mech> ...<crlf> */
/* Send the AUTH command with the initial response */
- result = Curl_pp_sendf(data, &smtpc->pp, "AUTH %s %s", mech, initresp);
+ result = Curl_pp_sendf(data, &smtpc->pp, "AUTH %s %s", mech, ir);
}
else {
/* Send the AUTH command */
@@ -444,14 +446,33 @@ static CURLcode smtp_perform_auth(struct Curl_easy *data,
*
* smtp_continue_auth()
*
- * Sends SASL continuation data or cancellation.
+ * Sends SASL continuation data.
*/
static CURLcode smtp_continue_auth(struct Curl_easy *data,
- struct connectdata *conn, const char *resp)
+ const char *mech,
+ const struct bufref *resp)
{
- struct smtp_conn *smtpc = &conn->proto.smtpc;
+ struct smtp_conn *smtpc = &data->conn->proto.smtpc;
+
+ (void)mech;
+
+ return Curl_pp_sendf(data, &smtpc->pp,
+ "%s", (const char *) Curl_bufref_ptr(resp));
+}
+
+/***********************************************************************
+ *
+ * smtp_cancel_auth()
+ *
+ * Sends SASL cancellation.
+ */
+static CURLcode smtp_cancel_auth(struct Curl_easy *data, const char *mech)
+{
+ struct smtp_conn *smtpc = &data->conn->proto.smtpc;
- return Curl_pp_sendf(data, &smtpc->pp, "%s", resp);
+ (void)mech;
+
+ return Curl_pp_sendf(data, &smtpc->pp, "*");
}
/***********************************************************************
@@ -469,7 +490,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data)
saslprogress progress;
/* Check we have enough data to authenticate with, and the
- server supports authentiation, and end the connect phase if not */
+ server supports authentication, and end the connect phase if not */
if(!smtpc->auth_supported ||
!Curl_sasl_can_authenticate(&smtpc->sasl, conn)) {
state(data, SMTP_STOP);
@@ -477,7 +498,7 @@ static CURLcode smtp_perform_authentication(struct Curl_easy *data)
}
/* Calculate the SASL login details */
- result = Curl_sasl_start(&smtpc->sasl, data, conn, FALSE, &progress);
+ result = Curl_sasl_start(&smtpc->sasl, data, FALSE, &progress);
if(!result) {
if(progress == SASL_INPROGRESS)
@@ -506,7 +527,7 @@ static CURLcode smtp_perform_command(struct Curl_easy *data)
if(smtp->rcpt) {
/* We notify the server we are sending UTF-8 data if a) it supports the
- SMTPUTF8 extension and b) The mailbox contains UTF-8 charaacters, in
+ SMTPUTF8 extension and b) The mailbox contains UTF-8 characters, in
either the local address or host name parts. This is regardless of
whether the host name is encoded using IDN ACE */
bool utf8 = FALSE;
@@ -579,7 +600,7 @@ static CURLcode smtp_perform_mail(struct Curl_easy *data)
struct connectdata *conn = data->conn;
/* We notify the server we are sending UTF-8 data if a) it supports the
- SMTPUTF8 extension and b) The mailbox contains UTF-8 charaacters, in
+ SMTPUTF8 extension and b) The mailbox contains UTF-8 characters, in
either the local address or host name parts. This is regardless of
whether the host name is encoded using IDN ACE */
bool utf8 = FALSE;
@@ -985,7 +1006,7 @@ static CURLcode smtp_state_auth_resp(struct Curl_easy *data,
(void)instate; /* no use for this yet */
- result = Curl_sasl_continue(&smtpc->sasl, data, conn, smtpcode, &progress);
+ result = Curl_sasl_continue(&smtpc->sasl, data, smtpcode, &progress);
if(!result)
switch(progress) {
case SASL_DONE:
@@ -1333,7 +1354,7 @@ static CURLcode smtp_connect(struct Curl_easy *data, bool *done)
PINGPONG_SETUP(pp, smtp_statemachine, smtp_endofresp);
/* Initialize the SASL storage */
- Curl_sasl_init(&smtpc->sasl, &saslsmtp);
+ Curl_sasl_init(&smtpc->sasl, data, &saslsmtp);
/* Initialise the pingpong layer */
Curl_pp_setup(pp);
@@ -1655,8 +1676,6 @@ static CURLcode smtp_parse_url_options(struct connectdata *conn)
struct smtp_conn *smtpc = &conn->proto.smtpc;
const char *ptr = conn->options;
- smtpc->sasl.resetprefs = TRUE;
-
while(!result && ptr && *ptr) {
const char *key = ptr;
const char *value;
diff --git a/contrib/libs/curl/lib/socks_gssapi.c b/contrib/libs/curl/lib/socks_gssapi.c
index c87244138a..f04a18d63b 100644
--- a/contrib/libs/curl/lib/socks_gssapi.c
+++ b/contrib/libs/curl/lib/socks_gssapi.c
@@ -257,7 +257,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
return CURLE_COULDNT_CONNECT;
}
- if(socksreq[1] != 1) { /* status / messgae type */
+ if(socksreq[1] != 1) { /* status / message type */
failf(data, "Invalid GSS-API authentication response type (%d %d).",
socksreq[0], socksreq[1]);
gss_release_name(&gss_status, &server);
@@ -452,7 +452,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
return CURLE_COULDNT_CONNECT;
}
- if(socksreq[1] != 2) { /* status / messgae type */
+ if(socksreq[1] != 2) { /* status / message type */
failf(data, "Invalid GSS-API encryption response type (%d %d).",
socksreq[0], socksreq[1]);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
diff --git a/contrib/libs/curl/lib/socks_sspi.c b/contrib/libs/curl/lib/socks_sspi.c
index cb225b9b5a..ffc8703468 100644
--- a/contrib/libs/curl/lib/socks_sspi.c
+++ b/contrib/libs/curl/lib/socks_sspi.c
@@ -277,7 +277,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
return CURLE_COULDNT_CONNECT;
}
- if(socksreq[1] != 1) { /* status / messgae type */
+ if(socksreq[1] != 1) { /* status / message type */
failf(data, "Invalid SSPI authentication response type (%u %u).",
(unsigned int)socksreq[0], (unsigned int)socksreq[1]);
free(service_name);
diff --git a/contrib/libs/curl/lib/splay.c b/contrib/libs/curl/lib/splay.c
index a94e2c85e9..1c1dafb920 100644
--- a/contrib/libs/curl/lib/splay.c
+++ b/contrib/libs/curl/lib/splay.c
@@ -154,7 +154,7 @@ struct Curl_tree *Curl_splaygetbest(struct curltime i,
struct Curl_tree *t,
struct Curl_tree **removed)
{
- static struct curltime tv_zero = {0, 0};
+ static const struct curltime tv_zero = {0, 0};
struct Curl_tree *x;
if(!t) {
diff --git a/contrib/libs/curl/lib/strerror.c b/contrib/libs/curl/lib/strerror.c
index 29c5fb27c1..9d47c477d5 100644
--- a/contrib/libs/curl/lib/strerror.c
+++ b/contrib/libs/curl/lib/strerror.c
@@ -453,6 +453,78 @@ curl_share_strerror(CURLSHcode error)
#endif
}
+const char *
+curl_url_strerror(CURLUcode error)
+{
+#ifndef CURL_DISABLE_VERBOSE_STRINGS
+ switch(error) {
+ case CURLUE_OK:
+ return "No error";
+
+ case CURLUE_BAD_HANDLE:
+ return "An invalid CURLU pointer was passed as argument";
+
+ case CURLUE_BAD_PARTPOINTER:
+ return "An invalid 'part' argument was passed as argument";
+
+ case CURLUE_MALFORMED_INPUT:
+ return "A malformed input was passed to a URL API function";
+
+ case CURLUE_BAD_PORT_NUMBER:
+ return "The port number was not a decimal number between 0 and 65535";
+
+ case CURLUE_UNSUPPORTED_SCHEME:
+ return "This libcurl build doesn't support the given URL scheme";
+
+ case CURLUE_URLDECODE:
+ return "URL decode error, most likely because of rubbish in the input";
+
+ case CURLUE_OUT_OF_MEMORY:
+ return "A memory function failed";
+
+ case CURLUE_USER_NOT_ALLOWED:
+ return "Credentials was passed in the URL when prohibited";
+
+ case CURLUE_UNKNOWN_PART:
+ return "An unknown part ID was passed to a URL API function";
+
+ case CURLUE_NO_SCHEME:
+ return "There is no scheme part in the URL";
+
+ case CURLUE_NO_USER:
+ return "There is no user part in the URL";
+
+ case CURLUE_NO_PASSWORD:
+ return "There is no password part in the URL";
+
+ case CURLUE_NO_OPTIONS:
+ return "There is no options part in the URL";
+
+ case CURLUE_NO_HOST:
+ return "There is no host part in the URL";
+
+ case CURLUE_NO_PORT:
+ return "There is no port part in the URL";
+
+ case CURLUE_NO_QUERY:
+ return "There is no query part in the URL";
+
+ case CURLUE_NO_FRAGMENT:
+ return "There is no fragment part in the URL";
+
+ case CURLUE_LAST:
+ break;
+ }
+
+ return "CURLUcode unknown";
+#else
+ if(error == CURLUE_OK)
+ return "No error";
+ else
+ return "Error";
+#endif
+}
+
#ifdef USE_WINSOCK
/* This is a helper function for Curl_strerror that converts Winsock error
* codes (WSAGetLastError) to error messages.
diff --git a/contrib/libs/curl/lib/system_win32.c b/contrib/libs/curl/lib/system_win32.c
index 2939fd0d74..d4e194831f 100644
--- a/contrib/libs/curl/lib/system_win32.c
+++ b/contrib/libs/curl/lib/system_win32.c
@@ -102,6 +102,8 @@ CURLcode Curl_win32_init(long flags)
Curl_if_nametoindex = pIfNameToIndex;
}
+ /* curlx_verify_windows_version must be called during init at least once
+ because it has its own initialization routine. */
if(curlx_verify_windows_version(6, 0, PLATFORM_WINNT,
VERSION_GREATER_THAN_EQUAL)) {
Curl_isVistaOrGreater = TRUE;
diff --git a/contrib/libs/curl/lib/tftp.c b/contrib/libs/curl/lib/tftp.c
index aae997d0f1..7e5246f010 100644
--- a/contrib/libs/curl/lib/tftp.c
+++ b/contrib/libs/curl/lib/tftp.c
@@ -1304,9 +1304,9 @@ static CURLcode tftp_doing(struct Curl_easy *data, bool *dophase_done)
/**********************************************************
*
- * tftp_peform
+ * tftp_perform
*
- * Entry point for transfer from tftp_do, sarts state mach
+ * Entry point for transfer from tftp_do, starts state mach
*
**********************************************************/
static CURLcode tftp_perform(struct Curl_easy *data, bool *dophase_done)
diff --git a/contrib/libs/curl/lib/url.c b/contrib/libs/curl/lib/url.c
index a353588cbd..9a1a14a262 100644
--- a/contrib/libs/curl/lib/url.c
+++ b/contrib/libs/curl/lib/url.c
@@ -622,6 +622,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
set->upkeep_interval_ms = CURL_UPKEEP_INTERVAL_DEFAULT;
set->maxconnects = DEFAULT_CONNCACHE_SIZE; /* for easy handles */
set->maxage_conn = 118;
+ set->maxlifetime_conn = 0;
set->http09_allowed = FALSE;
set->httpwant =
#ifdef USE_NGHTTP2
@@ -962,21 +963,36 @@ socks_proxy_info_matches(const struct proxy_info *data,
#define socks_proxy_info_matches(x,y) FALSE
#endif
-/* A connection has to have been idle for a shorter time than 'maxage_conn' to
- be subject for reuse. The success rate is just too low after this. */
+/* A connection has to have been idle for a shorter time than 'maxage_conn'
+ (the success rate is just too low after this), or created less than
+ 'maxlifetime_conn' ago, to be subject for reuse. */
static bool conn_maxage(struct Curl_easy *data,
struct connectdata *conn,
struct curltime now)
{
- timediff_t idletime = Curl_timediff(now, conn->lastused);
+ timediff_t idletime, lifetime;
+
+ idletime = Curl_timediff(now, conn->lastused);
idletime /= 1000; /* integer seconds is fine */
if(idletime > data->set.maxage_conn) {
- infof(data, "Too old connection (%ld seconds), disconnect it",
+ infof(data, "Too old connection (%ld seconds idle), disconnect it",
idletime);
return TRUE;
}
+
+ lifetime = Curl_timediff(now, conn->created);
+ lifetime /= 1000; /* integer seconds is fine */
+
+ if(data->set.maxlifetime_conn && lifetime > data->set.maxlifetime_conn) {
+ infof(data,
+ "Too old connection (%ld seconds since creation), disconnect it",
+ lifetime);
+ return TRUE;
+ }
+
+
return FALSE;
}
@@ -1954,7 +1970,8 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
CURLU_DISALLOW_USER : 0) |
(data->set.path_as_is ? CURLU_PATH_AS_IS : 0));
if(uc) {
- DEBUGF(infof(data, "curl_url_set rejected %s", data->state.url));
+ DEBUGF(infof(data, "curl_url_set rejected %s: %s", data->state.url,
+ curl_url_strerror(uc)));
return Curl_uc_to_curlcode(uc);
}
@@ -2380,6 +2397,11 @@ static CURLcode parse_proxy(struct Curl_easy *data,
CURLcode result = CURLE_OK;
char *scheme = NULL;
+ if(!uhp) {
+ result = CURLE_OUT_OF_MEMORY;
+ goto error;
+ }
+
/* When parsing the proxy, allowing non-supported schemes since we have
these made up ones for proxies. Guess scheme for URLs without it. */
uc = curl_url_set(uhp, CURLUPART_URL, proxy,
@@ -2763,7 +2785,7 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len,
size_t plen;
size_t olen;
- /* the input length check is because this is called directcly from setopt
+ /* the input length check is because this is called directly from setopt
and isn't going through the regular string length check */
size_t llen = strlen(login);
if(llen > CURL_MAX_INPUT_LENGTH)
@@ -4093,7 +4115,7 @@ CURLcode Curl_connect(struct Curl_easy *data,
/* init the single-transfer specific data */
Curl_free_request_state(data);
memset(&data->req, 0, sizeof(struct SingleRequest));
- data->req.maxdownload = -1;
+ data->req.size = data->req.maxdownload = -1;
/* call the stuff that needs to be called */
result = create_conn(data, &conn, asyncp);
diff --git a/contrib/libs/curl/lib/urlapi.c b/contrib/libs/curl/lib/urlapi.c
index 7f03862cfa..6d116b61bf 100644
--- a/contrib/libs/curl/lib/urlapi.c
+++ b/contrib/libs/curl/lib/urlapi.c
@@ -157,23 +157,23 @@ static size_t strlen_url(const char *url, bool relative)
continue;
}
- switch(*ptr) {
- case '?':
- left = FALSE;
- /* FALLTHROUGH */
- default:
- if(urlchar_needs_escaping(*ptr))
- newlen += 2;
- newlen++;
- break;
- case ' ':
+ if(*ptr == ' ') {
if(left)
newlen += 3;
else
newlen++;
- break;
+ continue;
}
+
+ if (*ptr == '?')
+ left = FALSE;
+
+ if(urlchar_needs_escaping(*ptr))
+ newlen += 2;
+
+ newlen++;
}
+
return newlen;
}
@@ -202,19 +202,7 @@ static void strcpy_url(char *output, const char *url, bool relative)
continue;
}
- switch(*iptr) {
- case '?':
- left = FALSE;
- /* FALLTHROUGH */
- default:
- if(urlchar_needs_escaping(*iptr)) {
- msnprintf(optr, 4, "%%%02x", *iptr);
- optr += 3;
- }
- else
- *optr++=*iptr;
- break;
- case ' ':
+ if(*iptr == ' ') {
if(left) {
*optr++='%'; /* add a '%' */
*optr++='2'; /* add a '2' */
@@ -222,8 +210,18 @@ static void strcpy_url(char *output, const char *url, bool relative)
}
else
*optr++='+'; /* add a '+' here */
- break;
+ continue;
+ }
+
+ if(*iptr == '?')
+ left = FALSE;
+
+ if(urlchar_needs_escaping(*iptr)) {
+ msnprintf(optr, 4, "%%%02x", *iptr);
+ optr += 3;
}
+ else
+ *optr++ = *iptr;
}
*optr = 0; /* null-terminate output buffer */
@@ -656,7 +654,7 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
}
else {
/* letters from the second string is not ok */
- len = strcspn(hostname, " ");
+ len = strcspn(hostname, " \r\n");
if(hlen != len)
/* hostname with bad content */
return CURLUE_MALFORMED_INPUT;
@@ -756,10 +754,35 @@ static bool ipv4_normalize(const char *hostname, char *outp, size_t olen)
return TRUE;
}
+/* return strdup'ed version in 'outp', possibly percent decoded */
+static CURLUcode decode_host(char *hostname, char **outp)
+{
+ char *per = NULL;
+ if(hostname[0] != '[')
+ /* only decode if not an ipv6 numerical */
+ per = strchr(hostname, '%');
+ if(!per) {
+ *outp = strdup(hostname);
+ if(!*outp)
+ return CURLUE_OUT_OF_MEMORY;
+ }
+ else {
+ /* might be encoded */
+ size_t dlen;
+ CURLcode result = Curl_urldecode(NULL, hostname, 0,
+ outp, &dlen, REJECT_CTRL);
+ if(result)
+ return CURLUE_MALFORMED_INPUT;
+ }
+
+ return CURLUE_OK;
+}
+
static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
{
char *path;
bool path_alloced = FALSE;
+ bool uncpath = FALSE;
char *hostname;
char *query = NULL;
char *fragment = NULL;
@@ -798,7 +821,6 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
/* path has been allocated large enough to hold this */
strcpy(path, &url[5]);
- hostname = NULL; /* no host for file: URLs */
u->scheme = strdup("file");
if(!u->scheme)
return CURLUE_OUT_OF_MEMORY;
@@ -820,10 +842,13 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
*
* o the hostname matches "localhost" (case-insensitively), or
*
- * o the hostname is a FQDN that resolves to this machine.
+ * o the hostname is a FQDN that resolves to this machine, or
+ *
+ * o it is an UNC String transformed to an URI (Windows only, RFC 8089
+ * Appendix E.3).
*
* For brevity, we only consider URLs with empty, "localhost", or
- * "127.0.0.1" hostnames as local.
+ * "127.0.0.1" hostnames as local, otherwise as an UNC String.
*
* Additionally, there is an exception for URLs with a Windows drive
* letter in the authority (which was accidentally omitted from RFC 8089
@@ -832,18 +857,43 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
if(ptr[0] != '/' && !STARTS_WITH_URL_DRIVE_PREFIX(ptr)) {
/* the URL includes a host name, it must match "localhost" or
"127.0.0.1" to be valid */
- if(!checkprefix("localhost/", ptr) &&
- !checkprefix("127.0.0.1/", ptr)) {
+ if(checkprefix("localhost/", ptr) ||
+ checkprefix("127.0.0.1/", ptr)) {
+ ptr += 9; /* now points to the slash after the host */
+ }
+ else {
+#if defined(WIN32)
+ size_t len;
+
+ /* the host name, NetBIOS computer name, can not contain disallowed
+ chars, and the delimiting slash character must be appended to the
+ host name */
+ path = strpbrk(ptr, "/\\:*?\"<>|");
+ if(!path || *path != '/')
+ return CURLUE_MALFORMED_INPUT;
+
+ len = path - ptr;
+ if(len) {
+ memcpy(hostname, ptr, len);
+ hostname[len] = 0;
+ uncpath = TRUE;
+ }
+
+ ptr -= 2; /* now points to the // before the host in UNC */
+#else
/* Invalid file://hostname/, expected localhost or 127.0.0.1 or
none */
return CURLUE_MALFORMED_INPUT;
+#endif
}
- ptr += 9; /* now points to the slash after the host */
}
path = ptr;
}
+ if(!uncpath)
+ hostname = NULL; /* no host for file: URLs by default */
+
#if !defined(MSDOS) && !defined(WIN32) && !defined(__CYGWIN__)
/* Don't allow Windows drive letters when not in Windows.
* This catches both "file:/c:" and "file:c:" */
@@ -1003,20 +1053,22 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
if(0 == strlen(hostname) && (flags & CURLU_NO_AUTHORITY)) {
/* Skip hostname check, it's allowed to be empty. */
+ u->host = strdup("");
}
else {
- result = hostname_check(u, hostname);
- if(result)
- return result;
+ if(ipv4_normalize(hostname, normalized_ipv4, sizeof(normalized_ipv4)))
+ u->host = strdup(normalized_ipv4);
+ else {
+ result = decode_host(hostname, &u->host);
+ if(result)
+ return result;
+ result = hostname_check(u, u->host);
+ if(result)
+ return result;
+ }
}
-
- if(ipv4_normalize(hostname, normalized_ipv4, sizeof(normalized_ipv4)))
- u->host = strdup(normalized_ipv4);
- else
- u->host = strdup(hostname);
if(!u->host)
return CURLUE_OUT_OF_MEMORY;
-
if((flags & CURLU_GUESS_SCHEME) && !schemep) {
/* legacy curl-style guess based on host name */
if(checkprefix("ftp.", hostname))
@@ -1111,6 +1163,7 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
CURLUcode ifmissing = CURLUE_UNKNOWN_PART;
char portbuf[7];
bool urldecode = (flags & CURLU_URLDECODE)?1:0;
+ bool urlencode = (flags & CURLU_URLENCODE)?1:0;
bool plusdecode = FALSE;
(void)flags;
if(!u)
@@ -1228,16 +1281,54 @@ CURLUcode curl_url_get(CURLU *u, CURLUPart what,
if(h && !(h->flags & PROTOPT_URLOPTIONS))
options = NULL;
- if((u->host[0] == '[') && u->zoneid) {
- /* make it '[ host %25 zoneid ]' */
- size_t hostlen = strlen(u->host);
- size_t alen = hostlen + 3 + strlen(u->zoneid) + 1;
- allochost = malloc(alen);
+ if(u->host[0] == '[') {
+ if(u->zoneid) {
+ /* make it '[ host %25 zoneid ]' */
+ size_t hostlen = strlen(u->host);
+ size_t alen = hostlen + 3 + strlen(u->zoneid) + 1;
+ allochost = malloc(alen);
+ if(!allochost)
+ return CURLUE_OUT_OF_MEMORY;
+ memcpy(allochost, u->host, hostlen - 1);
+ msnprintf(&allochost[hostlen - 1], alen - hostlen + 1,
+ "%%25%s]", u->zoneid);
+ }
+ }
+ else if(urlencode) {
+ allochost = curl_easy_escape(NULL, u->host, 0);
if(!allochost)
return CURLUE_OUT_OF_MEMORY;
- memcpy(allochost, u->host, hostlen - 1);
- msnprintf(&allochost[hostlen - 1], alen - hostlen + 1,
- "%%25%s]", u->zoneid);
+ }
+ else {
+ /* only encode '%' in output host name */
+ char *host = u->host;
+ size_t pcount = 0;
+ /* first, count number of percents present in the name */
+ while(*host) {
+ if(*host == '%')
+ pcount++;
+ host++;
+ }
+ /* if there were percents, encode the host name */
+ if(pcount) {
+ size_t hostlen = strlen(u->host);
+ size_t alen = hostlen + 2 * pcount + 1;
+ char *o = allochost = malloc(alen);
+ if(!allochost)
+ return CURLUE_OUT_OF_MEMORY;
+
+ host = u->host;
+ while(*host) {
+ if(*host == '%') {
+ memcpy(o, "%25", 3);
+ o += 3;
+ host++;
+ continue;
+ }
+ *o++ = *host++;
+ }
+ *o = '\0';
+ }
}
url = aprintf("%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
@@ -1379,10 +1470,15 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
case CURLUPART_OPTIONS:
storep = &u->options;
break;
- case CURLUPART_HOST:
+ case CURLUPART_HOST: {
+ size_t len = strcspn(part, " \r\n");
+ if(strlen(part) != len)
+ /* hostname with bad content */
+ return CURLUE_MALFORMED_INPUT;
storep = &u->host;
Curl_safefree(u->zoneid);
break;
+ }
case CURLUPART_ZONEID:
storep = &u->zoneid;
break;
diff --git a/contrib/libs/curl/lib/urldata.h b/contrib/libs/curl/lib/urldata.h
index b1b298b691..76488b2549 100644
--- a/contrib/libs/curl/lib/urldata.h
+++ b/contrib/libs/curl/lib/urldata.h
@@ -330,7 +330,7 @@ struct digestdata {
char *opaque;
char *qop;
char *algorithm;
- int nc; /* nounce count */
+ int nc; /* nonce count */
BIT(stale); /* set true for re-negotiation */
BIT(userhash);
#endif
@@ -1554,6 +1554,7 @@ enum dupstring {
STRING_SSH_PRIVATE_KEY, /* path to the private key file for auth */
STRING_SSH_PUBLIC_KEY, /* path to the public key file for auth */
STRING_SSH_HOST_PUBLIC_KEY_MD5, /* md5 of host public key in ascii hex */
+ STRING_SSH_HOST_PUBLIC_KEY_SHA256, /* sha256 of host public key in base64 */
STRING_SSH_KNOWNHOSTS, /* file name of knownhosts file */
STRING_PROXY_SERVICE_NAME, /* Proxy service name */
STRING_SERVICE_NAME, /* Service name */
@@ -1651,6 +1652,8 @@ struct UserDefined {
curl_closesocket_callback fclosesocket; /* function for closing the
socket */
void *closesocket_client;
+ curl_prereq_callback fprereq; /* pre-initial request callback */
+ void *prereq_userp; /* pre-initial request user data */
void *seek_client; /* pointer to pass to the seek callback */
/* the 3 curl_conv_callback functions below are used on non-ASCII hosts */
@@ -1675,6 +1678,8 @@ struct UserDefined {
long server_response_timeout; /* in milliseconds, 0 means no timeout */
long maxage_conn; /* in seconds, max idle time to allow a connection that
is to be reused */
+ long maxlifetime_conn; /* in seconds, max time since creation to allow a
+ connection that is to be reused */
long tftp_blksize; /* in bytes, 0 means use default */
curl_off_t filesize; /* size of file to upload, -1 means unknown */
long low_speed_limit; /* bytes/second */
@@ -1852,7 +1857,6 @@ struct UserDefined {
BIT(abstract_unix_socket);
BIT(disallow_username_in_url); /* disallow username in url */
BIT(doh); /* DNS-over-HTTPS enabled */
- BIT(doh_get); /* use GET for DoH requests, instead of POST */
BIT(doh_verifypeer); /* DoH certificate peer verification */
BIT(doh_verifyhost); /* DoH certificate hostname verification */
BIT(doh_verifystatus); /* DoH certificate status verification */
diff --git a/contrib/libs/curl/lib/version_win32.c b/contrib/libs/curl/lib/version_win32.c
index b8157e9893..2f845413cc 100644
--- a/contrib/libs/curl/lib/version_win32.c
+++ b/contrib/libs/curl/lib/version_win32.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 2016 - 2020, Steve Holme, <steve_holme@hotmail.com>.
+ * Copyright (C) 2016 - 2021, Steve Holme, <steve_holme@hotmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -26,11 +26,28 @@
#include <curl/curl.h>
#include "version_win32.h"
+#include "warnless.h"
/* The last #include files should be: */
#include "curl_memory.h"
#include "memdebug.h"
+/* This Unicode version struct works for VerifyVersionInfoW (OSVERSIONINFOEXW)
+ and RtlVerifyVersionInfo (RTLOSVERSIONINFOEXW) */
+struct OUR_OSVERSIONINFOEXW {
+ ULONG dwOSVersionInfoSize;
+ ULONG dwMajorVersion;
+ ULONG dwMinorVersion;
+ ULONG dwBuildNumber;
+ ULONG dwPlatformId;
+ WCHAR szCSDVersion[128];
+ USHORT wServicePackMajor;
+ USHORT wServicePackMinor;
+ USHORT wSuiteMask;
+ UCHAR wProductType;
+ UCHAR wReserved;
+};
+
/*
* curlx_verify_windows_version()
*
@@ -152,12 +169,23 @@ bool curlx_verify_windows_version(const unsigned int majorVersion,
}
#else
ULONGLONG cm = 0;
- OSVERSIONINFOEX osver;
+ struct OUR_OSVERSIONINFOEXW osver;
BYTE majorCondition;
BYTE minorCondition;
BYTE spMajorCondition;
BYTE spMinorCondition;
+ typedef LONG (APIENTRY *RTLVERIFYVERSIONINFO_FN)
+ (struct OUR_OSVERSIONINFOEXW *, ULONG, ULONGLONG);
+ static RTLVERIFYVERSIONINFO_FN pRtlVerifyVersionInfo;
+ static bool onetime = true; /* safe because first call is during init */
+
+ if(onetime) {
+ pRtlVerifyVersionInfo = CURLX_FUNCTION_CAST(RTLVERIFYVERSIONINFO_FN,
+ (GetProcAddress(GetModuleHandleA("ntdll"), "RtlVerifyVersionInfo")));
+ onetime = false;
+ }
+
switch(condition) {
case VERSION_LESS_THAN:
majorCondition = VER_LESS;
@@ -214,10 +242,23 @@ bool curlx_verify_windows_version(const unsigned int majorVersion,
if(platform != PLATFORM_DONT_CARE)
cm = VerSetConditionMask(cm, VER_PLATFORMID, VER_EQUAL);
- if(VerifyVersionInfo(&osver, (VER_MAJORVERSION | VER_MINORVERSION |
- VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR),
- cm))
- matched = TRUE;
+ /* Later versions of Windows have version functions that may not return the
+ real version of Windows unless the application is so manifested. We prefer
+ the real version always, so we use the Rtl variant of the function when
+ possible. Note though the function signatures have underlying fundamental
+ types that are the same, the return values are different. */
+ if(pRtlVerifyVersionInfo) {
+ matched = !pRtlVerifyVersionInfo(&osver,
+ (VER_MAJORVERSION | VER_MINORVERSION |
+ VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR),
+ cm);
+ }
+ else {
+ matched = !!VerifyVersionInfoW((OSVERSIONINFOEXW *)&osver,
+ (VER_MAJORVERSION | VER_MINORVERSION |
+ VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR),
+ cm);
+ }
#endif
return matched;
diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c
index a61061cec1..e1f2d020df 100644
--- a/contrib/libs/curl/lib/vquic/ngtcp2.c
+++ b/contrib/libs/curl/lib/vquic/ngtcp2.c
@@ -61,6 +61,7 @@
#endif
#define H3_ALPN_H3_29 "\x5h3-29"
+#define H3_ALPN_H3 "\x2h3"
/*
* This holds outgoing HTTP/3 stream data that is used by nghttp3 until acked.
@@ -303,9 +304,10 @@ static int quic_init_ssl(struct quicsocket *qs)
SSL_set_app_data(qs->ssl, qs);
SSL_set_connect_state(qs->ssl);
+ SSL_set_quic_use_legacy_codepoint(qs->ssl, 0);
- alpn = (const uint8_t *)H3_ALPN_H3_29;
- alpnlen = sizeof(H3_ALPN_H3_29) - 1;
+ alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3;
+ alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1;
if(alpn)
SSL_set_alpn_protos(qs->ssl, alpn, (int)alpnlen);
@@ -417,7 +419,7 @@ static int tp_send_func(gnutls_session_t ssl, gnutls_buffer_t extdata)
static int quic_init_ssl(struct quicsocket *qs)
{
- gnutls_datum_t alpn = {NULL, 0};
+ gnutls_datum_t alpn[2];
/* this will need some attention when HTTPS proxy over QUIC get fixed */
const char * const hostname = qs->conn->host.name;
int rc;
@@ -439,12 +441,10 @@ static int quic_init_ssl(struct quicsocket *qs)
gnutls_alert_set_read_function(qs->ssl, alert_read_func);
rc = gnutls_session_ext_register(qs->ssl, "QUIC Transport Parameters",
- 0xffa5, GNUTLS_EXT_TLS,
- tp_recv_func, tp_send_func,
- NULL, NULL, NULL,
- GNUTLS_EXT_FLAG_TLS |
- GNUTLS_EXT_FLAG_CLIENT_HELLO |
- GNUTLS_EXT_FLAG_EE);
+ NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS_V1, GNUTLS_EXT_TLS,
+ tp_recv_func, tp_send_func, NULL, NULL, NULL,
+ GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_EE);
if(rc < 0) {
H3BUGF(fprintf(stderr, "gnutls_session_ext_register failed: %s\n",
gnutls_strerror(rc)));
@@ -484,10 +484,12 @@ static int quic_init_ssl(struct quicsocket *qs)
}
/* strip the first byte (the length) from NGHTTP3_ALPN_H3 */
- alpn.data = (unsigned char *)H3_ALPN_H3_29 + 1;
- alpn.size = sizeof(H3_ALPN_H3_29) - 2;
- if(alpn.data)
- gnutls_alpn_set_protocols(qs->ssl, &alpn, 1, 0);
+ alpn[0].data = (unsigned char *)H3_ALPN_H3_29 + 1;
+ alpn[0].size = sizeof(H3_ALPN_H3_29) - 2;
+ alpn[1].data = (unsigned char *)H3_ALPN_H3 + 1;
+ alpn[1].size = sizeof(H3_ALPN_H3) - 2;
+
+ gnutls_alpn_set_protocols(qs->ssl, alpn, 2, GNUTLS_ALPN_MANDATORY);
/* set SNI */
gnutls_server_name_set(qs->ssl, GNUTLS_NAME_DNS, hostname, strlen(hostname));
@@ -648,6 +650,20 @@ static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t stream_id,
return 0;
}
+static void cb_rand(uint8_t *dest, size_t destlen,
+ const ngtcp2_rand_ctx *rand_ctx)
+{
+ CURLcode result;
+ (void)rand_ctx;
+
+ result = Curl_rand(NULL, dest, destlen);
+ if(result) {
+ /* cb_rand is only used for non-cryptographic context. If Curl_rand
+ failed, just fill 0 and call it *random*. */
+ memset(dest, 0, destlen);
+ }
+}
+
static int cb_get_new_connection_id(ngtcp2_conn *tconn, ngtcp2_cid *cid,
uint8_t *token, size_t cidlen,
void *user_data)
@@ -685,7 +701,7 @@ static ngtcp2_callbacks ng_callbacks = {
ngtcp2_crypto_recv_retry_cb,
cb_extend_max_local_streams_bidi,
NULL, /* extend_max_local_streams_uni */
- NULL, /* rand */
+ cb_rand,
cb_get_new_connection_id,
NULL, /* remove_connection_id */
ngtcp2_crypto_update_key_cb, /* update_key */
@@ -703,7 +719,7 @@ static ngtcp2_callbacks ng_callbacks = {
NULL, /* recv_datagram */
NULL, /* ack_datagram */
NULL, /* lost_datagram */
- NULL, /* get_path_challenge_data */
+ ngtcp2_crypto_get_path_challenge_data_cb,
cb_stream_stop_sending
};
@@ -776,7 +792,7 @@ CURLcode Curl_quic_connect(struct Curl_easy *data,
ngtcp2_addr_init(&path.remote, addr, addrlen);
rc = ngtcp2_conn_client_new(&qs->qconn, &qs->dcid, &qs->scid, &path,
- NGTCP2_PROTO_VER_MIN, &ng_callbacks,
+ NGTCP2_PROTO_VER_V1, &ng_callbacks,
&qs->settings, &qs->transport_params, NULL, qs);
if(rc)
return CURLE_QUIC_CONNECT_ERROR;
@@ -792,7 +808,7 @@ CURLcode Curl_quic_connect(struct Curl_easy *data,
void Curl_quic_ver(char *p, size_t len)
{
const ngtcp2_info *ng2 = ngtcp2_version(0);
- nghttp3_info *ht3 = nghttp3_version(0);
+ const nghttp3_info *ht3 = nghttp3_version(0);
(void)msnprintf(p, len, "ngtcp2/%s nghttp3/%s",
ng2->version_str, ht3->version_str);
}
diff --git a/contrib/libs/curl/lib/vssh/libssh2.c b/contrib/libs/curl/lib/vssh/libssh2.c
index 7683b43cfa..74909c460c 100644
--- a/contrib/libs/curl/lib/vssh/libssh2.c
+++ b/contrib/libs/curl/lib/vssh/libssh2.c
@@ -81,6 +81,11 @@
#include "select.h"
#include "warnless.h"
#error #include "curl_path.h"
+#include "strcase.h"
+
+#include <curl_base64.h> /* for base64 encoding/decoding */
+#include <curl_sha256.h>
+
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -615,40 +620,142 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data)
struct connectdata *conn = data->conn;
struct ssh_conn *sshc = &conn->proto.sshc;
const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
- char md5buffer[33];
+ const char *pubkey_sha256 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256];
+
+ infof(data, "SSH MD5 public key: %s",
+ pubkey_md5 != NULL ? pubkey_md5 : "NULL");
+ infof(data, "SSH SHA256 public key: %s",
+ pubkey_sha256 != NULL ? pubkey_sha256 : "NULL");
- const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
- LIBSSH2_HOSTKEY_HASH_MD5);
+ if(pubkey_sha256) {
+ const char *fingerprint = NULL;
+ char *fingerprint_b64 = NULL;
+ size_t fingerprint_b64_len;
+ size_t pub_pos = 0;
+ size_t b64_pos = 0;
- if(fingerprint) {
+#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
/* The fingerprint points to static storage (!), don't free() it. */
- int i;
- for(i = 0; i < 16; i++)
- msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
- infof(data, "SSH MD5 fingerprint: %s", md5buffer);
- }
+ fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
+ LIBSSH2_HOSTKEY_HASH_SHA256);
+#else
+ const char *hostkey;
+ size_t len = 0;
+ unsigned char hash[32];
+
+ hostkey = libssh2_session_hostkey(sshc->ssh_session, &len, NULL);
+ if(hostkey) {
+ Curl_sha256it(hash, (const unsigned char *) hostkey, len);
+ fingerprint = (char *) hash;
+ }
+#endif
- /* Before we authenticate we check the hostkey's MD5 fingerprint
- * against a known fingerprint, if available.
- */
- if(pubkey_md5 && strlen(pubkey_md5) == 32) {
- if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) {
- if(fingerprint)
- failf(data,
- "Denied establishing ssh session: mismatch md5 fingerprint. "
- "Remote %s is not equal to %s", md5buffer, pubkey_md5);
- else
- failf(data,
- "Denied establishing ssh session: md5 fingerprint not available");
+ if(!fingerprint) {
+ failf(data,
+ "Denied establishing ssh session: sha256 fingerprint "
+ "not available");
+ state(data, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+ return sshc->actualcode;
+ }
+
+ /* The length of fingerprint is 32 bytes for SHA256.
+ * See libssh2_hostkey_hash documentation. */
+ if(Curl_base64_encode (data, fingerprint, 32, &fingerprint_b64,
+ &fingerprint_b64_len) != CURLE_OK) {
+ state(data, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+ return sshc->actualcode;
+ }
+
+ if(!fingerprint_b64) {
+ failf(data,
+ "sha256 fingerprint could not be encoded");
+ state(data, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+ return sshc->actualcode;
+ }
+
+ infof(data, "SSH SHA256 fingerprint: %s", fingerprint_b64);
+
+ /* Find the position of any = padding characters in the public key */
+ while((pubkey_sha256[pub_pos] != '=') && pubkey_sha256[pub_pos]) {
+ pub_pos++;
+ }
+
+ /* Find the position of any = padding characters in the base64 coded
+ * hostkey fingerprint */
+ while((fingerprint_b64[b64_pos] != '=') && fingerprint_b64[b64_pos]) {
+ b64_pos++;
+ }
+
+ /* Before we authenticate we check the hostkey's sha256 fingerprint
+ * against a known fingerprint, if available.
+ */
+ if((pub_pos != b64_pos) ||
+ Curl_strncasecompare(fingerprint_b64, pubkey_sha256, pub_pos) != 1) {
+ free(fingerprint_b64);
+
+ failf(data,
+ "Denied establishing ssh session: mismatch sha256 fingerprint. "
+ "Remote %s is not equal to %s", fingerprint, pubkey_sha256);
state(data, SSH_SESSION_FREE);
sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
return sshc->actualcode;
}
- infof(data, "MD5 checksum match!");
+
+ free(fingerprint_b64);
+
+ infof(data, "SHA256 checksum match!");
+ }
+
+ if(pubkey_md5) {
+ char md5buffer[33];
+ const char *fingerprint = NULL;
+
+ fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
+ LIBSSH2_HOSTKEY_HASH_MD5);
+
+ if(fingerprint) {
+ /* The fingerprint points to static storage (!), don't free() it. */
+ int i;
+ for(i = 0; i < 16; i++) {
+ msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
+ }
+
+ infof(data, "SSH MD5 fingerprint: %s", md5buffer);
+ }
+
+ /* Before we authenticate we check the hostkey's MD5 fingerprint
+ * against a known fingerprint, if available.
+ */
+ if(pubkey_md5 && strlen(pubkey_md5) == 32) {
+ if(!fingerprint || !strcasecompare(md5buffer, pubkey_md5)) {
+ if(fingerprint) {
+ failf(data,
+ "Denied establishing ssh session: mismatch md5 fingerprint. "
+ "Remote %s is not equal to %s", md5buffer, pubkey_md5);
+ }
+ else {
+ failf(data,
+ "Denied establishing ssh session: md5 fingerprint "
+ "not available");
+ }
+ state(data, SSH_SESSION_FREE);
+ sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
+ return sshc->actualcode;
+ }
+ infof(data, "MD5 checksum match!");
+ }
+ }
+
+ if(!pubkey_md5 && !pubkey_sha256) {
+ return ssh_knownhost(data);
+ }
+ else {
/* as we already matched, we skip the check for known hosts */
return CURLE_OK;
}
- return ssh_knownhost(data);
}
/*
@@ -3610,7 +3717,7 @@ void Curl_ssh_cleanup(void)
void Curl_ssh_version(char *buffer, size_t buflen)
{
- (void)msnprintf(buffer, buflen, "libssh2/%s", LIBSSH2_VERSION);
+ (void)msnprintf(buffer, buflen, "libssh2/%s", CURL_LIBSSH2_VERSION);
}
/* The SSH session is associated with the *CONNECTION* but the callback user
diff --git a/contrib/libs/curl/lib/vssh/wolfssh.c b/contrib/libs/curl/lib/vssh/wolfssh.c
index c5a90487c5..12cc59b2a2 100644
--- a/contrib/libs/curl/lib/vssh/wolfssh.c
+++ b/contrib/libs/curl/lib/vssh/wolfssh.c
@@ -449,7 +449,8 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
switch(sshc->state) {
case SSH_INIT:
state(data, SSH_S_STARTUP);
- /* FALLTHROUGH */
+ break;
+
case SSH_S_STARTUP:
rc = wolfSSH_connect(sshc->ssh_session);
if(rc != WS_SUCCESS)
@@ -838,7 +839,8 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block)
break;
}
state(data, SSH_SFTP_READDIR);
- /* FALLTHROUGH */
+ break;
+
case SSH_SFTP_READDIR:
name = wolfSSH_SFTP_LS(sshc->ssh_session, sftp_scp->path);
if(!name)
diff --git a/contrib/libs/curl/lib/vtls/bearssl.c b/contrib/libs/curl/lib/vtls/bearssl.c
index e87649e2a7..9b772d064d 100644
--- a/contrib/libs/curl/lib/vtls/bearssl.c
+++ b/contrib/libs/curl/lib/vtls/bearssl.c
@@ -608,6 +608,7 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
if(SSL_SET_OPTION(primary.sessionid)) {
bool incache;
+ bool added = FALSE;
void *oldsession;
br_ssl_session_parameters *session;
@@ -623,10 +624,11 @@ static CURLcode bearssl_connect_step3(struct Curl_easy *data,
Curl_ssl_delsessionid(data, oldsession);
ret = Curl_ssl_addsessionid(data, conn,
SSL_IS_PROXY() ? TRUE : FALSE,
- session, 0, sockindex);
+ session, 0, sockindex, &added);
Curl_ssl_sessionid_unlock(data);
- if(ret) {
+ if(!added)
free(session);
+ if(ret) {
return CURLE_OUT_OF_MEMORY;
}
}
diff --git a/contrib/libs/curl/lib/vtls/gtls.c b/contrib/libs/curl/lib/vtls/gtls.c
index 1b145d8ebb..2053fd439d 100644
--- a/contrib/libs/curl/lib/vtls/gtls.c
+++ b/contrib/libs/curl/lib/vtls/gtls.c
@@ -404,6 +404,7 @@ gtls_connect_step1(struct Curl_easy *data,
const char * const hostname = SSL_HOST_NAME();
long * const certverifyresult = &SSL_SET_OPTION_LVALUE(certverifyresult);
const char *tls13support;
+ CURLcode result;
if(connssl->state == ssl_connection_complete)
/* to make us tolerant against being called more than once for the
@@ -557,31 +558,25 @@ gtls_connect_step1(struct Curl_easy *data,
/* Ensure +SRP comes at the *end* of all relevant strings so that it can be
* removed if a run-time error indicates that SRP is not supported by this
* GnuTLS version */
- switch(SSL_CONN_CONFIG(version)) {
- case CURL_SSLVERSION_TLSv1_3:
- if(!tls13support) {
- failf(data, "This GnuTLS installation does not support TLS 1.3");
- return CURLE_SSL_CONNECT_ERROR;
- }
- /* FALLTHROUGH */
- case CURL_SSLVERSION_DEFAULT:
- case CURL_SSLVERSION_TLSv1:
- case CURL_SSLVERSION_TLSv1_0:
- case CURL_SSLVERSION_TLSv1_1:
- case CURL_SSLVERSION_TLSv1_2: {
- CURLcode result = set_ssl_version_min_max(data, &prioritylist,
- tls13support);
- if(result)
- return result;
- break;
- }
- case CURL_SSLVERSION_SSLv2:
- case CURL_SSLVERSION_SSLv3:
- default:
- failf(data, "GnuTLS does not support SSLv2 or SSLv3");
+
+ if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv2 ||
+ SSL_CONN_CONFIG(version) == CURL_SSLVERSION_SSLv3) {
+ failf(data, "GnuTLS does not support SSLv2 or SSLv3");
+ return CURLE_SSL_CONNECT_ERROR;
+ }
+
+ if(SSL_CONN_CONFIG(version) == CURL_SSLVERSION_TLSv1_3) {
+ if(!tls13support) {
+ failf(data, "This GnuTLS installation does not support TLS 1.3");
return CURLE_SSL_CONNECT_ERROR;
+ }
}
+ /* At this point we know we have a supported TLS version, so set it */
+ result = set_ssl_version_min_max(data, &prioritylist, tls13support);
+ if(result)
+ return result;
+
#ifdef HAVE_GNUTLS_SRP
/* Only add SRP to the cipher list if SRP is requested. Otherwise
* GnuTLS will disable TLS 1.3 support. */
@@ -1287,6 +1282,7 @@ gtls_connect_step3(struct Curl_easy *data,
if(connect_sessionid) {
bool incache;
+ bool added = FALSE;
void *ssl_sessionid;
/* extract session ID to the allocated buffer */
@@ -1306,10 +1302,11 @@ gtls_connect_step3(struct Curl_easy *data,
result = Curl_ssl_addsessionid(data, conn,
SSL_IS_PROXY() ? TRUE : FALSE,
connect_sessionid, connect_idsize,
- sockindex);
+ sockindex, &added);
Curl_ssl_sessionid_unlock(data);
- if(result) {
+ if(!added)
free(connect_sessionid);
+ if(result) {
result = CURLE_OUT_OF_MEMORY;
}
}
diff --git a/contrib/libs/curl/lib/vtls/mbedtls.c b/contrib/libs/curl/lib/vtls/mbedtls.c
index c1b427cfb4..3b08df9662 100644
--- a/contrib/libs/curl/lib/vtls/mbedtls.c
+++ b/contrib/libs/curl/lib/vtls/mbedtls.c
@@ -784,6 +784,7 @@ mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn,
mbedtls_ssl_session *our_ssl_sessionid;
void *old_ssl_sessionid = NULL;
bool isproxy = SSL_IS_PROXY() ? TRUE : FALSE;
+ bool added = FALSE;
our_ssl_sessionid = malloc(sizeof(mbedtls_ssl_session));
if(!our_ssl_sessionid)
@@ -807,11 +808,13 @@ mbed_connect_step3(struct Curl_easy *data, struct connectdata *conn,
Curl_ssl_delsessionid(data, old_ssl_sessionid);
retcode = Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid,
- 0, sockindex);
+ 0, sockindex, &added);
Curl_ssl_sessionid_unlock(data);
- if(retcode) {
+ if(!added) {
mbedtls_ssl_session_free(our_ssl_sessionid);
free(our_ssl_sessionid);
+ }
+ if(retcode) {
failf(data, "failed to store ssl session");
return retcode;
}
diff --git a/contrib/libs/curl/lib/vtls/mesalink.c b/contrib/libs/curl/lib/vtls/mesalink.c
index 3db9184f79..0a1dea3ac0 100644
--- a/contrib/libs/curl/lib/vtls/mesalink.c
+++ b/contrib/libs/curl/lib/vtls/mesalink.c
@@ -365,7 +365,7 @@ mesalink_connect_step3(struct connectdata *conn, int sockindex)
if(!incache) {
result =
Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid, 0,
- sockindex);
+ sockindex, NULL);
if(result) {
Curl_ssl_sessionid_unlock(data);
failf(data, "failed to store ssl session");
diff --git a/contrib/libs/curl/lib/vtls/nss.c b/contrib/libs/curl/lib/vtls/nss.c
index cf657895f6..1897b9ab1d 100644
--- a/contrib/libs/curl/lib/vtls/nss.c
+++ b/contrib/libs/curl/lib/vtls/nss.c
@@ -955,7 +955,7 @@ static void display_cert_info(struct Curl_easy *data,
subject = CERT_NameToAscii(&cert->subject);
issuer = CERT_NameToAscii(&cert->issuer);
common_name = CERT_GetCommonName(&cert->subject);
- infof(data, "subject: %s\n", subject);
+ infof(data, "subject: %s", subject);
CERT_GetCertTimes(cert, &notBefore, &notAfter);
PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
@@ -2250,10 +2250,11 @@ static CURLcode nss_connect_common(struct Curl_easy *data,
case CURLE_OK:
break;
case CURLE_AGAIN:
+ /* CURLE_AGAIN in non-blocking mode is not an error */
if(!blocking)
- /* CURLE_AGAIN in non-blocking mode is not an error */
return CURLE_OK;
- /* FALLTHROUGH */
+ else
+ return result;
default:
return result;
}
diff --git a/contrib/libs/curl/lib/vtls/openssl.c b/contrib/libs/curl/lib/vtls/openssl.c
index 87f4b02b71..a1baef9c3f 100644
--- a/contrib/libs/curl/lib/vtls/openssl.c
+++ b/contrib/libs/curl/lib/vtls/openssl.c
@@ -227,6 +227,10 @@
#endif
#endif
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define HAVE_RANDOM_INIT_BY_DEFAULT 1
+#endif
+
struct ssl_backend_data {
struct Curl_easy *logger; /* transfer handle to pass trace logs to, only
using sockindex 0 */
@@ -435,18 +439,21 @@ static bool rand_enough(void)
static CURLcode ossl_seed(struct Curl_easy *data)
{
- char fname[256];
-
/* This might get called before it has been added to a multi handle */
if(data->multi && data->multi->ssl_seeded)
return CURLE_OK;
if(rand_enough()) {
- /* OpenSSL 1.1.0+ will return here */
+ /* OpenSSL 1.1.0+ should return here */
if(data->multi)
data->multi->ssl_seeded = TRUE;
return CURLE_OK;
}
+#ifdef HAVE_RANDOM_INIT_BY_DEFAULT
+ /* with OpenSSL 1.1.0+, a failed RAND_status is a showstopper */
+ failf(data, "Insufficient randomness");
+ return CURLE_SSL_CONNECT_ERROR;
+#else
#ifndef RANDOM_FILE
/* if RANDOM_FILE isn't defined, we only perform this if an option tells
@@ -507,19 +514,23 @@ static CURLcode ossl_seed(struct Curl_easy *data)
RAND_add(randb, (int)len, (double)len/2);
} while(!rand_enough());
- /* generates a default path for the random seed file */
- fname[0] = 0; /* blank it first */
- RAND_file_name(fname, sizeof(fname));
- if(fname[0]) {
- /* we got a file name to try */
- RAND_load_file(fname, RAND_LOAD_LENGTH);
- if(rand_enough())
- return CURLE_OK;
+ {
+ /* generates a default path for the random seed file */
+ char fname[256];
+ fname[0] = 0; /* blank it first */
+ RAND_file_name(fname, sizeof(fname));
+ if(fname[0]) {
+ /* we got a file name to try */
+ RAND_load_file(fname, RAND_LOAD_LENGTH);
+ if(rand_enough())
+ return CURLE_OK;
+ }
}
infof(data, "libcurl is now using a weak random seed!");
return (rand_enough() ? CURLE_OK :
- CURLE_SSL_CONNECT_ERROR /* confusing error code */);
+ CURLE_SSL_CONNECT_ERROR /* confusing error code */);
+#endif
}
#ifndef SSL_FILETYPE_ENGINE
@@ -2493,6 +2504,7 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
if(SSL_SET_OPTION(primary.sessionid)) {
bool incache;
+ bool added = FALSE;
void *old_ssl_sessionid = NULL;
Curl_ssl_sessionid_lock(data);
@@ -2511,9 +2523,11 @@ static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
if(!incache) {
if(!Curl_ssl_addsessionid(data, conn, isproxy, ssl_sessionid,
- 0 /* unknown size */, sockindex)) {
- /* the session has been put into the session cache */
- res = 1;
+ 0 /* unknown size */, sockindex, &added)) {
+ if(added) {
+ /* the session has been put into the session cache */
+ res = 1;
+ }
}
else
failf(data, "failed to store ssl session");
@@ -2936,7 +2950,7 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
NULL, cert_name, sizeof(cert_name))) {
strcpy(cert_name, "Unknown");
}
- infof(data, "SSL: Checking cert %s\"\n", cert_name);
+ infof(data, "SSL: Checking cert \"%s\"", cert_name);
#endif
encoded_cert = (const unsigned char *)pContext->pbCertEncoded;
@@ -3052,60 +3066,36 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
}
}
+ if(verifypeer && !imported_native_ca && (ssl_cafile || ssl_capath)) {
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
/* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */
- {
- if(ssl_cafile) {
- if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
- if(verifypeer && !imported_native_ca) {
- /* Fail if we insist on successfully verifying the server. */
- failf(data, "error setting certificate file: %s", ssl_cafile);
- return CURLE_SSL_CACERT_BADFILE;
- }
- /* Continue with warning if certificate verification isn't required. */
- infof(data, "error setting certificate file, continuing anyway");
- }
- infof(data, " CAfile: %s", ssl_cafile);
+ if(ssl_cafile &&
+ !SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
+ /* Fail if we insist on successfully verifying the server. */
+ failf(data, "error setting certificate file: %s", ssl_cafile);
+ return CURLE_SSL_CACERT_BADFILE;
}
- if(ssl_capath) {
- if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
- if(verifypeer && !imported_native_ca) {
- /* Fail if we insist on successfully verifying the server. */
- failf(data, "error setting certificate path: %s", ssl_capath);
- return CURLE_SSL_CACERT_BADFILE;
- }
- /* Continue with warning if certificate verification isn't required. */
- infof(data, "error setting certificate path, continuing anyway");
- }
- infof(data, " CApath: %s", ssl_capath);
+ if(ssl_capath &&
+ !SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
+ /* Fail if we insist on successfully verifying the server. */
+ failf(data, "error setting certificate path: %s", ssl_capath);
+ return CURLE_SSL_CACERT_BADFILE;
}
- }
#else
- if(ssl_cafile || ssl_capath) {
- /* tell SSL where to find CA certificates that are used to verify
- the server's certificate. */
+ /* tell OpenSSL where to find CA certificates that are used to verify the
+ server's certificate. */
if(!SSL_CTX_load_verify_locations(backend->ctx, ssl_cafile, ssl_capath)) {
- if(verifypeer && !imported_native_ca) {
- /* Fail if we insist on successfully verifying the server. */
- failf(data, "error setting certificate verify locations:"
- " CAfile: %s CApath: %s",
- ssl_cafile ? ssl_cafile : "none",
- ssl_capath ? ssl_capath : "none");
- return CURLE_SSL_CACERT_BADFILE;
- }
- /* Just continue with a warning if no strict certificate verification
- is required. */
- infof(data, "error setting certificate verify locations,"
- " continuing anyway:");
- }
- else {
- /* Everything is fine. */
- infof(data, "successfully set certificate verify locations:");
+ /* Fail if we insist on successfully verifying the server. */
+ failf(data, "error setting certificate verify locations:"
+ " CAfile: %s CApath: %s",
+ ssl_cafile ? ssl_cafile : "none",
+ ssl_capath ? ssl_capath : "none");
+ return CURLE_SSL_CACERT_BADFILE;
}
+#endif
infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none");
infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none");
}
-#endif
#ifdef CURL_CA_FALLBACK
if(verifypeer &&
diff --git a/contrib/libs/curl/lib/vtls/schannel.c b/contrib/libs/curl/lib/vtls/schannel.c
index 722a937c42..44c59e7796 100644
--- a/contrib/libs/curl/lib/vtls/schannel.c
+++ b/contrib/libs/curl/lib/vtls/schannel.c
@@ -716,8 +716,6 @@ schannel_acquire_credential_handle(struct Curl_easy *data,
}
BACKEND->cred->refcount = 1;
- /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa374716.aspx
- */
sspi_status =
s_pSecFn->AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME,
SECPKG_CRED_OUTBOUND, NULL,
@@ -1141,8 +1139,6 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn,
if(!host_name)
return CURLE_OUT_OF_MEMORY;
- /* https://msdn.microsoft.com/en-us/library/windows/desktop/aa375924.aspx
- */
sspi_status = s_pSecFn->InitializeSecurityContext(
&BACKEND->cred->cred_handle, &BACKEND->ctxt->ctxt_handle,
host_name, BACKEND->req_flags, 0, 0, &inbuf_desc, 0, NULL,
@@ -1436,6 +1432,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
/* save the current session data for possible re-use */
if(SSL_SET_OPTION(primary.sessionid)) {
bool incache;
+ bool added = FALSE;
struct Curl_schannel_cred *old_cred = NULL;
Curl_ssl_sessionid_lock(data);
@@ -1453,13 +1450,13 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
if(!incache) {
result = Curl_ssl_addsessionid(data, conn, isproxy, BACKEND->cred,
sizeof(struct Curl_schannel_cred),
- sockindex);
+ sockindex, &added);
if(result) {
Curl_ssl_sessionid_unlock(data);
failf(data, "schannel: failed to store credential handle");
return result;
}
- else {
+ else if(added) {
/* this cred session is now also referenced by sessionid cache */
BACKEND->cred->refcount++;
DEBUGF(infof(data,
@@ -1970,12 +1967,12 @@ schannel_recv(struct Curl_easy *data, int sockindex,
if(sspi_status == SEC_I_RENEGOTIATE) {
infof(data, "schannel: remote party requests renegotiation");
if(*err && *err != CURLE_AGAIN) {
- infof(data, "schannel: can't renogotiate, an error is pending");
+ infof(data, "schannel: can't renegotiate, an error is pending");
goto cleanup;
}
if(BACKEND->encdata_offset) {
*err = CURLE_RECV_ERROR;
- infof(data, "schannel: can't renogotiate, "
+ infof(data, "schannel: can't renegotiate, "
"encrypted data available");
goto cleanup;
}
@@ -2124,26 +2121,23 @@ static bool schannel_data_pending(const struct connectdata *conn,
return FALSE;
}
-static void schannel_close(struct Curl_easy *data, struct connectdata *conn,
- int sockindex)
-{
- if(conn->ssl[sockindex].use)
- /* if the SSL/TLS channel hasn't been shut down yet, do that now. */
- Curl_ssl_shutdown(data, conn, sockindex);
-}
-
static void schannel_session_free(void *ptr)
{
/* this is expected to be called under sessionid lock */
struct Curl_schannel_cred *cred = ptr;
- cred->refcount--;
- if(cred->refcount == 0) {
- s_pSecFn->FreeCredentialsHandle(&cred->cred_handle);
- Curl_safefree(cred);
+ if(cred) {
+ cred->refcount--;
+ if(cred->refcount == 0) {
+ s_pSecFn->FreeCredentialsHandle(&cred->cred_handle);
+ Curl_safefree(cred);
+ }
}
}
+/* shut down the SSL connection and clean up related memory.
+ this function can be called multiple times on the same connection including
+ if the SSL connection failed (eg connection made but failed handshake). */
static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
@@ -2155,10 +2149,12 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn,
DEBUGASSERT(data);
- infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu",
- hostname, conn->remote_port);
+ if(connssl->use) {
+ infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu",
+ hostname, conn->remote_port);
+ }
- if(BACKEND->cred && BACKEND->ctxt) {
+ if(connssl->use && BACKEND->cred && BACKEND->ctxt) {
SecBufferDesc BuffDesc;
SecBuffer Buffer;
SECURITY_STATUS sspi_status;
@@ -2251,6 +2247,16 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn,
return CURLE_OK;
}
+static void schannel_close(struct Curl_easy *data, struct connectdata *conn,
+ int sockindex)
+{
+ if(conn->ssl[sockindex].use)
+ /* Curl_ssl_shutdown resets the socket state and calls schannel_shutdown */
+ Curl_ssl_shutdown(data, conn, sockindex);
+ else
+ schannel_shutdown(data, conn, sockindex);
+}
+
static int schannel_init(void)
{
return (Curl_sspi_global_init() == CURLE_OK ? 1 : 0);
diff --git a/contrib/libs/curl/lib/vtls/sectransp.c b/contrib/libs/curl/lib/vtls/sectransp.c
index 1e6ed5f06d..0bf515460d 100644
--- a/contrib/libs/curl/lib/vtls/sectransp.c
+++ b/contrib/libs/curl/lib/vtls/sectransp.c
@@ -2109,7 +2109,7 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
}
result = Curl_ssl_addsessionid(data, conn, isproxy, ssl_sessionid,
- ssl_sessionid_len, sockindex);
+ ssl_sessionid_len, sockindex, NULL);
Curl_ssl_sessionid_unlock(data);
if(result) {
failf(data, "failed to store ssl session");
diff --git a/contrib/libs/curl/lib/vtls/vtls.c b/contrib/libs/curl/lib/vtls/vtls.c
index e5bbe1f5f0..6007bbba0f 100644
--- a/contrib/libs/curl/lib/vtls/vtls.c
+++ b/contrib/libs/curl/lib/vtls/vtls.c
@@ -516,7 +516,8 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
const bool isProxy,
void *ssl_sessionid,
size_t idsize,
- int sockindex)
+ int sockindex,
+ bool *added)
{
size_t i;
struct Curl_ssl_session *store;
@@ -536,6 +537,10 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
const char *hostname = conn->host.name;
#endif
(void)sockindex;
+
+ if(added)
+ *added = FALSE;
+
if(!data->state.session)
return CURLE_OK;
@@ -609,6 +614,9 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
+ if(added)
+ *added = TRUE;
+
DEBUGF(infof(data, "Added Session ID to cache for %s://%s:%d [%s]",
store->scheme, store->name, store->remote_port,
isProxy ? "PROXY" : "server"));
diff --git a/contrib/libs/curl/lib/vtls/vtls.h b/contrib/libs/curl/lib/vtls/vtls.h
index beaa83d9e3..c7bbba082d 100644
--- a/contrib/libs/curl/lib/vtls/vtls.h
+++ b/contrib/libs/curl/lib/vtls/vtls.h
@@ -261,7 +261,8 @@ CURLcode Curl_ssl_addsessionid(struct Curl_easy *data,
const bool isProxy,
void *ssl_sessionid,
size_t idsize,
- int sockindex);
+ int sockindex,
+ bool *added);
/* Kill a single session ID entry in the cache
* Sessionid mutex must be locked (see Curl_ssl_sessionid_lock).
* This will call engine-specific curlssl_session_free function, which must
diff --git a/contrib/libs/curl/lib/vtls/wolfssl.c b/contrib/libs/curl/lib/vtls/wolfssl.c
index 617c54c2af..242f193bc0 100644
--- a/contrib/libs/curl/lib/vtls/wolfssl.c
+++ b/contrib/libs/curl/lib/vtls/wolfssl.c
@@ -202,6 +202,43 @@ static int do_file_type(const char *type)
return -1;
}
+#ifdef HAVE_LIBOQS
+struct group_name_map {
+ const word16 group;
+ const char *name;
+};
+
+static const struct group_name_map gnm[] = {
+ { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
+ { WOLFSSL_KYBER_LEVEL3, "KYBER_LEVEL3" },
+ { WOLFSSL_KYBER_LEVEL5, "KYBER_LEVEL5" },
+ { WOLFSSL_NTRU_HPS_LEVEL1, "NTRU_HPS_LEVEL1" },
+ { WOLFSSL_NTRU_HPS_LEVEL3, "NTRU_HPS_LEVEL3" },
+ { WOLFSSL_NTRU_HPS_LEVEL5, "NTRU_HPS_LEVEL5" },
+ { WOLFSSL_NTRU_HRSS_LEVEL3, "NTRU_HRSS_LEVEL3" },
+ { WOLFSSL_SABER_LEVEL1, "SABER_LEVEL1" },
+ { WOLFSSL_SABER_LEVEL3, "SABER_LEVEL3" },
+ { WOLFSSL_SABER_LEVEL5, "SABER_LEVEL5" },
+ { WOLFSSL_KYBER_90S_LEVEL1, "KYBER_90S_LEVEL1" },
+ { WOLFSSL_KYBER_90S_LEVEL3, "KYBER_90S_LEVEL3" },
+ { WOLFSSL_KYBER_90S_LEVEL5, "KYBER_90S_LEVEL5" },
+ { WOLFSSL_P256_NTRU_HPS_LEVEL1, "P256_NTRU_HPS_LEVEL1" },
+ { WOLFSSL_P384_NTRU_HPS_LEVEL3, "P384_NTRU_HPS_LEVEL3" },
+ { WOLFSSL_P521_NTRU_HPS_LEVEL5, "P521_NTRU_HPS_LEVEL5" },
+ { WOLFSSL_P384_NTRU_HRSS_LEVEL3, "P384_NTRU_HRSS_LEVEL3" },
+ { WOLFSSL_P256_SABER_LEVEL1, "P256_SABER_LEVEL1" },
+ { WOLFSSL_P384_SABER_LEVEL3, "P384_SABER_LEVEL3" },
+ { WOLFSSL_P521_SABER_LEVEL5, "P521_SABER_LEVEL5" },
+ { WOLFSSL_P256_KYBER_LEVEL1, "P256_KYBER_LEVEL1" },
+ { WOLFSSL_P384_KYBER_LEVEL3, "P384_KYBER_LEVEL3" },
+ { WOLFSSL_P521_KYBER_LEVEL5, "P521_KYBER_LEVEL5" },
+ { WOLFSSL_P256_KYBER_90S_LEVEL1, "P256_KYBER_90S_LEVEL1" },
+ { WOLFSSL_P384_KYBER_90S_LEVEL3, "P384_KYBER_90S_LEVEL3" },
+ { WOLFSSL_P521_KYBER_90S_LEVEL5, "P521_KYBER_90S_LEVEL5" },
+ { 0, NULL }
+};
+#endif
+
/*
* This function loads all the client/CA certificates and CRLs. Setup the TLS
* layer and do all necessary magic.
@@ -210,11 +247,15 @@ static CURLcode
wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
int sockindex)
{
- char *ciphers;
+ char *ciphers, *curves;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct ssl_backend_data *backend = connssl->backend;
SSL_METHOD* req_method = NULL;
curl_socket_t sockfd = conn->sock[sockindex];
+#ifdef HAVE_LIBOQS
+ word16 oqsAlg = 0;
+ size_t idx = 0;
+#endif
#ifdef HAVE_SNI
bool sni = FALSE;
#define use_sni(x) sni = (x)
@@ -327,6 +368,26 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
infof(data, "Cipher selection: %s", ciphers);
}
+ curves = SSL_CONN_CONFIG(curves);
+ if(curves) {
+
+#ifdef HAVE_LIBOQS
+ for(idx = 0; gnm[idx].name != NULL; idx++) {
+ if(strncmp(curves, gnm[idx].name, strlen(gnm[idx].name)) == 0) {
+ oqsAlg = gnm[idx].group;
+ break;
+ }
+ }
+
+ if(oqsAlg == 0)
+#endif
+ {
+ if(!SSL_CTX_set1_curves_list(backend->ctx, curves)) {
+ failf(data, "failed setting curves list: '%s'", curves);
+ return CURLE_SSL_CIPHER;
+ }
+ }
+ }
#ifndef NO_FILESYSTEM
/* load trusted cacert */
if(SSL_CONN_CONFIG(CAfile)) {
@@ -439,6 +500,14 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
return CURLE_OUT_OF_MEMORY;
}
+#ifdef HAVE_LIBOQS
+ if(oqsAlg) {
+ if(wolfSSL_UseKeyShare(backend->handle, oqsAlg) != WOLFSSL_SUCCESS) {
+ failf(data, "unable to use oqs KEM");
+ }
+ }
+#endif
+
#ifdef HAVE_ALPN
if(conn->bits.tls_enable_alpn) {
char protocols[128];
@@ -495,7 +564,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
/* we got a session id, use it! */
if(!SSL_set_session(backend->handle, ssl_sessionid)) {
Curl_ssl_delsessionid(data, ssl_sessionid);
- infof(data, "Can't use session ID, going on without\n");
+ infof(data, "Can't use session ID, going on without");
}
else
infof(data, "SSL re-using session ID");
@@ -749,7 +818,7 @@ wolfssl_connect_step3(struct Curl_easy *data, struct connectdata *conn,
if(!incache) {
result = Curl_ssl_addsessionid(data, conn, isproxy, our_ssl_sessionid,
- 0, sockindex);
+ 0, sockindex, NULL);
if(result) {
Curl_ssl_sessionid_unlock(data);
failf(data, "failed to store ssl session");