summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ngtcp2: clear credentials when freedbagder/ngtcp2-gnutls-credDaniel Stenberg2021-04-061-1/+3
| | | | | | | | ... to avoid double-free. Reported-by: Kenneth Davidson Fixes #6824 Closes #[fill in]
* tool_progress: Fix progress meter in parallel modeCherish982021-04-051-0/+8
| | | | | | | | | | | | | | | | Make sure the total amount of DL/UL bytes are counted before the transfer finalizes. Otherwise if a transfer finishes too quick, its total numbers are not added, and results in a DL%/UL% that goes above 100%. Detail: progress_meter() is called periodically, and it may not catch a transfer's total bytes if the value was unknown during the last call, and the transfer is finished and deleted (i.e., lost) during the next call. Closes https://github.com/curl/curl/pull/6840
* libssh: get rid of PATH_MAXEmil Engler2021-04-051-4/+3
| | | | | | | | This removes the last occurrence of PATH_MAX inside our libssh implementation by calculating the path length from the string length of the two components. Closes #6829
* http_proxy: only loop on 407 + close if we have credentialsDaniel Stenberg2021-04-053-1/+62
| | | | | | | | | | ... to fix the retry-loop. Add test 718 to verify. Reported-by: Daniel Kurečka Fixes #6828 Closes #6850
* h2: allow 100 streams by defaultDaniel Stenberg2021-04-051-1/+1
| | | | | | | | | instead of 13, before the server has told how many streams it accepts. The server can always reject new streams anyway if we go above what it accepts. Ref: #6826 Closes #6852
* file: support GETing directories againLuke Granger-Brown2021-04-053-13/+53
| | | | | | | | | | | | | | After 957bc1881e686f9714c4e6a01bf33535091f0e21, we no longer compute an expected_size for directories. This has the upshot that when we compare even an empty Range with the available size, we fail. This brings back the previous behaviour, which was to succeed, but with empty content. This also removes the "Accept-ranges: bytes" header, which is nonsensical on directories. Adds test 3016 Fixes #6845 Closes #6846
* RELEASE-NOTES: syncedDaniel Stenberg2021-04-042-274/+15
| | | | and bumped to 7.76.1
* TLS: fix HTTP/2 selectionDaniel Stenberg2021-04-027-8/+8
| | | | | | | | | | | for GnuTLS, BearSSL, mbedTLS, NSS, SChannnel, Secure Transport and wolfSSL... Regression since 88dd1a8a115b1f5ece (shipped in 7.76.0) Reported-by: Kenneth Davidson Reported-by: romamik om github Fixes #6825 Closes #6827
* hostip: Fix for builds that disable all asynchronous DNSJay Satiro2021-04-021-0/+2
| | | | | | | | | | | | | | | - Define Curl_resolver_error function only when USE_CURL_ASYNC. Prior to this change building curl without an asynchronous resolver backend (c-ares or threaded) and without DoH (DNS-over-HTTPS, which is also asynchronous but independent of resolver backend) would cause a build error since Curl_resolver_error is called by and evaluates variables only available in asynchronous builds. Reported-by: Benbuck Nason Fixes https://github.com/curl/curl/issues/6831 Closes https://github.com/curl/curl/pull/6832
* openssl: Fix CURLOPT_SSLCERT_BLOB without CURLOPT_SSLCERT_KEYGilles Vollant2021-03-311-52/+56
| | | | | | Reported-by: Christian Schmitz Fixes #6816 Closes #6820
* RELEASE-NOTES: syncedcurl-7_76_0Daniel Stenberg2021-03-311-9/+29
| | | | curl 7.76.0 release
* THANKS: added names from 7.76.0Daniel Stenberg2021-03-311-0/+35
|
* CURLOPT_AUTOREFERER.3: clarify that it sets the full URLDaniel Stenberg2021-03-301-3/+3
| | | | ... some users may not want that!
* define: remove CURL_DISABLE_NTLM ifdefsbagder/disable-scan-improvementDaniel Stenberg2021-03-294-12/+3
| | | | | | | It was never defined anywhere. Fixed disable-scan (test 1165) to also scan headers, which found this issue. Closes #6809
* vtls: fix addsessionid for non-proxy buildsDaniel Stenberg2021-03-291-3/+0
| | | | | | Follow-up to b09c8ee15771c61 Fixes #6812 Closes #6811
* cmake: support WinIDNLi Xinwei2021-03-292-1/+15
| | | | Closes #6807
* transfer: clear 'referer' in declarationDaniel Stenberg2021-03-291-2/+2
| | | | | | | | | To silence (false positive) compiler warnings about it. Follow-up to 7214288898f5625 Reviewed-by: Marcel Raad Closes #6810
* config: fix SSPI enabling NTLM if crypto auth is disabledMarc Hoersken2021-03-292-15/+19
| | | | | | | | | | | Avoid enabling NTLM feature based upon Windows SSPI being enabled in case that crypto auth is disabled. Reported-by: Marcel Raad Follow-up to #6277 Fixes #6803 Closes #6808
* HISTORY: add two 2021 eventsDaniel Stenberg2021-03-291-2/+8
|
* vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()Daniel Stenberg2021-03-2810-44/+103
| | | | | | | | | To make sure we set and extract the correct session. Reported-by: Mingtao Yang Bug: https://curl.se/docs/CVE-2021-22890.html CVE-2021-22890
* transfer: strip credentials from the auto-referer header fieldViktor Szakats2021-03-283-3/+90
| | | | | | | | Added test 2081 to verify. CVE-2021-22876 Bug: https://curl.se/docs/CVE-2021-22876.html
* curl_sasl: fix compiler error with --disable-crypto-authDaniel Stenberg2021-03-281-2/+1
| | | | | | ... if libgsasl was found. Closes #6806
* ldap: only set the callback ptr for TLS context when TLS is usedPatrick Monnerat2021-03-281-4/+5
| | | | | | Follow-up to a5eee22e594c2460f Fixes #6804 Closes #6805
* copyright: update copyright year ranges to 2021Daniel Stenberg2021-03-2735-35/+36
| | | | | Reviewed-by: Emil Engler Closes #6802
* send_speed: simplify the checks for if a speed limit is setDaniel Stenberg2021-03-273-7/+7
| | | | | ... as we know the value cannot be set to negative: enforced by setopt()
* http: cap body data amount during send speed limitingDaniel Stenberg2021-03-272-11/+40
| | | | | | | | | By making sure never to send off more than the allowed number of bytes per second the speed limit logic is given more room to actually work. Reported-by: Fabian Keil Bug: https://curl.se/mail/lib-2021-03/0042.html Closes #6797
* urldata: merge "struct DynamicStatic" into "struct UrlState"Daniel Stenberg2021-03-2616-141/+127
| | | | | | | | Both were used for the same purposes and there was no logical separation between them. Combined, this also saves 16 bytes in less holes in my test build. Closes #6798
* tests/README.md: mentioned that en_US.UTF-8 is requiredDaniel Stenberg2021-03-261-0/+1
| | | | | Reported-by: Oumph on github Fixes #6768
* HISTORY: fixed the Mac OS X 10.1 release dateDaniel Stenberg2021-03-261-5/+7
| | | | Based on what Wikipedia says
* examples: Remove threaded-shared-conn.c due to bugJay Satiro2021-03-262-157/+0
| | | | | | | | | | Known bug 11.11 is the shared object's connection cache is not thread safe, so we should not have an example for it. Ref: https://github.com/curl/curl/issues/4915 Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not Closes https://github.com/curl/curl/pull/6795
* KNOWN_BUGS: Update 11.9 - DoH option inheritanceJay Satiro2021-03-261-1/+11
| | | | | | | | | | | | | | | | | | | - Add description: Explain that some options aren't inherited because they are not relevant for the DoH SSL connections or may result in unexpected behavior. - Remove the reference to #4578 (SSL verify options not inherited) since that was fixed by #6597 (separate DoH-specific options for verify). - Explain that DoH-specific options (those created by #6597) are available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS. - Add a reference to #6605 and explain that the user's debug function is not inherited because it would be unexpected to pass internal handles (ie DoH handles) to the user's callback. Closes https://github.com/curl/curl/issues/6605
* curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSODaniel Stenberg2021-03-261-1/+3
|
* openssl: ensure to check SSL_CTX_set_alpn_protos return valuesJean-Philippe Menil2021-03-251-1/+4
| | | | | | | | SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> Closes #6794
* multi: close the connection when h2=>h1 downgradingDaniel Stenberg2021-03-251-0/+1
| | | | | | | | | | Otherwise libcurl is likely to reuse the connection again in the next attempt since the connection reuse logic doesn't take downgrades into account. Reported-by: Anthony Ramine Fixes #6788 Closes #6793
* openssl: set the transfer pointer for logging earlyDaniel Stenberg2021-03-251-0/+1
| | | | | | | | | | | Otherwise, the transfer will be NULL in the trace function when the early handshake details arrive and then curl won't show them. Regresssion in 7.75.0 Reported-by: David Hu Fixes #6783 Closes #6792
* RELEASE-NOTES: syncedDaniel Stenberg2021-03-251-10/+25
|
* TODO: Custom progress meter update intervalDaniel Stenberg2021-03-251-0/+7
| | | | Ref: https://stackoverflow.com/q/66789977/93747
* docs/ABI: tighten up the languageDaniel Stenberg2021-03-241-9/+8
| | | | | | Make the promises more firm Closes #6786
* openldap: disconnect betterDaniel Stenberg2021-03-241-1/+1
| | | | | | | | | Instead of clearing the callback argument in disconnect, set it to the (new) transfer to make sure the correct data is passed to the callbacks. Follow-up to e467ea3bd937f38 Assisted-by: Patrick Monnerat Closes #6787
* libssh2: kdb_callback: get the right struct pointerDaniel Stenberg2021-03-231-2/+2
| | | | | | | | | | | | After the recent conn/data refactor in this source file, this function was mistakenly still getting the old struct pointer which would lead to crash on servers with keyboard-interactive auth enabled. Follow-up to a304051620b92e12b (shipped in 7.75.0) Reported-by: Christian Schmitz Fixes #6691 Closes #6782
* tftp: remove unused struct fieldsDaniel Stenberg2021-03-231-7/+0
| | | | | | Follow-up to d3d90ad9c00530d Closes #6781
* openldap: avoid NULL pointer dereferencesDaniel Stenberg2021-03-231-15/+25
| | | | | | | Follow-up to a59c33ceffb8f78 Reported-by: Patrick Monnerat Fixes #6676 Closes #6780
* http: strip default port from URL sent to proxyDaniel Stenberg2021-03-232-2/+2
| | | | | | | | | | To make sure the Host: header and the URL provide the same authority portion when sent to the proxy, strip the default port number from the URL if one was provided. Reported-by: Michael Brown Fixes #6769 Closes #6778
* azure: disable test 433 on azure-ubuntuDaniel Stenberg2021-03-231-2/+2
| | | | | | | | | Something in that environment sets XDG_CONFIG_HOME for us in a way that breaks the test. Reported-by: Marc Hörsken Fixes #6739 Closes #6777
* tftp: remove the 3600 second default timeoutDaniel Stenberg2021-03-221-38/+22
| | | | | | | | ... it was never meant to be there. Reported-by: Tomas Berger Fixes #6774 Closes #6776
* docs: make gen.pl support *italic* and **bold**Daniel Stenberg2021-03-2221-41/+53
| | | | | | | Remove some nroffisms from the cmdline doc files to simplify editing, and instead support this markdown style. Closes #6771
* ngtcp2: sync with recent API updatesDaniel Stenberg2021-03-221-2/+4
| | | | Closes #6770
* RELEASE-NOTES: syncedDaniel Stenberg2021-03-211-12/+26
|
* libssh2:ssh_connect: clear session pointer after freeDaniel Stenberg2021-03-211-0/+1
| | | | | | | | | If libssh2_knownhost_init() returns NULL, like in an OOM situation, the ssh session was freed but the pointer wasn't cleared which made libcurl later call libssh2 to cleanup using the stale pointer. Fixes #6764 Closes #6766
* docs: document version of crustls dependencyJacob Hoffman-Andrews2021-03-215-3/+36
| | | | | | | | | | | | | This also pins a specific release in the Travis test so future API-breaking changins in crustls won't break curl builds. Add RUSTLS documentation to release tarball. Enable running tests for rustls, minus FTP tests (require connect_blocking, which rustls doesn't implement) and 313 (requires CRL handling). Closes #6763
View Lorry Controller Status