aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-11-23RELEASE-NOTES: syncedDaniel Stenberg
2019-11-22openssl: Revert to less sensitivity for SYSCALL errorsJay Satiro
- Disable the extra sensitivity except in debug builds (--enable-debug). - Improve SYSCALL error message logic in ossl_send and ossl_recv so that "No error" / "Success" socket error text isn't shown on SYSCALL error. Prior to this change 0ab38f5 (precedes 7.67.0) increased the sensitivity of OpenSSL's SSL_ERROR_SYSCALL error so that abrupt server closures were also considered errors. For example, a server that does not send a known protocol termination point (eg HTTP content length or chunked encoding) _and_ does not send a TLS termination point (close_notify alert) would cause an error if it closed the connection. To be clear that behavior made it into release build 7.67.0 unintentionally. Several users have reported it as an issue. Ultimately the idea is a good one, since it can help prevent against a truncation attack. Other SSL backends may already behave similarly (such as Windows native OS SSL Schannel). However much more of our user base is using OpenSSL and there is a mass of legacy users in that space, so I think that behavior should be partially reverted and then rolled out slowly. This commit changes the behavior so that the increased sensitivity is disabled in all curl builds except curl debug builds (DEBUGBUILD). If after a period of time there are no major issues then it can be enabled in dev and release builds with the newest OpenSSL (1.1.1+), since users using the newest OpenSSL are the least likely to have legacy problems. Bug: https://github.com/curl/curl/issues/4409#issuecomment-555955794 Reported-by: Bjoern Franke Fixes https://github.com/curl/curl/issues/4624 Closes https://github.com/curl/curl/pull/4623
2019-11-22openssl: improve error message for SYSCALL during connectDaniel Stenberg
Reported-by: Paulo Roberto Tomasi Bug: https://curl.haxx.se/mail/archive-2019-11/0005.html Closes https://github.com/curl/curl/pull/4593
2019-11-22test1175: verify symbols-in-versions and libcurl-errors.3 in syncDaniel Stenberg
Closes #4628
2019-11-21include: make CURLE_HTTP3 use a new error codeDaniel Stenberg
To avoid potential issues with error code reuse. Reported-by: Christoph M. Becker Assisted-by: Dan Fandrich Fixes #4601 Closes #4627
2019-11-21bump: next release will be 7.68.0Daniel Stenberg
2019-11-21curl: add --parallel-immediateDaniel Stenberg
Starting with this change when doing parallel transfers, without this option set, curl will prefer to create new transfers multiplexed on an existing connection rather than creating a brand new one. --parallel-immediate can be set to tell curl to prefer to use new connections rather than to wait and try to multiplex. libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default on parallel transfers. Suggested-by: Tom van der Woerdt Closes #4500
2019-11-20docs: fix typosVictor Magierski
Change 'experiemental' to 'experimental'. Closes #4618 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-11-18projects: Fix Visual Studio wolfSSL configurationsJay Satiro
- s/USE_CYASSL/USE_WOLFSSL/ - Remove old compatibility macros. Follow-up to 1c6c59a from several months ago when CyaSSL named symbols were renamed to wolfSSL. The wolfSSL library was formerly named CyaSSL and we kept using their old name for compatibility reasons, until earlier this year.
2019-11-18RELEASE-NOTES: syncedDaniel Stenberg
2019-11-18ngtcp2: use overflow buffer for extra HTTP/3 dataJavier Blazquez
Fixes #4525 Closes #4603
2019-11-18altsvc: bump to h3-24Daniel Stenberg
... as both ngtcp2 and quiche now support that in their master branches Closes #4604
2019-11-18ngtcp2: free used resources on disconnectDaniel Stenberg
Fixes #4614 Closes #4615
2019-11-18ngtcp2: handle key updates as ngtcp2 master branch tells usDaniel Stenberg
Reviewed-by: Tatsuhiro Tsujikawa Fixes #4612 Closes #4613
2019-11-17multi: Fix curl_multi_poll wait when extra_fds && !extra_nfdsGergely Nagy
Prior to this change: The check if an extra wait is necessary was based not on the number of extra fds but on the pointer. If a non-null pointer was given in extra_fds, but extra_nfds was zero, then the wait was skipped even though poll was not called. Closes https://github.com/curl/curl/pull/4610
2019-11-17lib: Move lib/ssh.h -> lib/vssh/ssh.hJay Satiro
Follow-up to 5b2d703 which moved ssh source files to vssh. Closes https://github.com/curl/curl/pull/4609
2019-11-16INSTALL.md: provide Android build instructionsAndreas Falkenhahn
Closes #4606
2019-11-16doh: improced both encoding and decodingNiall
Improved estimation of expected_len and updated related comments; increased strictness of QNAME-encoding, adding error detection for empty labels and names longer than the overall limit; avoided treating DNAME as unexpected; updated unit test 1655 with more thorough set of proofs and tests Closes #4598
2019-11-16ngtcp2: increase QUIC window size when data is consumedDaniel Stenberg
Assisted-by: Javier Blazquez Ref #4525 (partial fix) Closes #4600
2019-11-14config-win32: cpu-machine-OS for Windows on ARMMelissa Mears
Define the OS macro properly for Windows on ARM builds. Also, we might as well add the GCC-style IA-64 macro. Closes #4590
2019-11-14examples: add multi-poll.cDaniel Stenberg
Show how curl_multi_poll() makes it even easier to use the multi interface. Closes #4596
2019-11-14multi_poll: avoid busy-loop when called without easy handles attachedDaniel Stenberg
Fixes #4594 Closes #4595 Reported-by: 3dyd on github
2019-11-14curl: fix -T globbingDaniel Stenberg
Regression from e59371a4936f8 (7.67.0) Added test 490, 491 and 492 to verify the functionality. Reported-by: Kamil Dudka Reported-by: Anderson Sasaki Fixes #4588 Closes #4591
2019-11-13HISTORY: added cmake, HTTP/3 and parallel downloads with curlDaniel Stenberg
2019-11-12quiche: reject headers in the wrong orderDaniel Stenberg
Pseudo header MUST come before regular headers or cause an error. Reported-by: Cynthia Coan Fixes #4571 Closes #4584
2019-11-12openssl: prevent recursive function calls from ctx callbacksDaniel Stenberg
Follow the pattern of many other callbacks. Ref: #4546 Closes #4585
2019-11-12CURL-DISABLE: initial docs for the CURL_DISABLE_* definesDaniel Stenberg
The disable-scan script used in test 1165 is extended to also verify that the docs cover all used defines and all defines offered by configure. Reported-by: SLDiggie on github Fixes #4545 Closes #4587
2019-11-11remove_handle: clear expire timers after multi_done()Daniel Stenberg
Since 59041f0, a new timer might be set in multi_done() so the clearing of the timers need to happen afterwards! Reported-by: Max Kellermann Fixes #4575 Closes #4583
2019-11-10test1558: use double slash after file:Marcel Raad
Classic MinGW / MSYS 1 doesn't support `MSYS2_ARG_CONV_EXCL`, so this test unnecessarily failed when using `file:/` instead of `file:///`. Closes https://github.com/curl/curl/pull/4554
2019-11-10pause: avoid updating socket if done was already calledDaniel Stenberg
... avoids unnecesary recursive risk when the transfer is already done. Reported-by: Richard Bowker Fixes #4563 Closes #4574
2019-11-09strerror: Fix an error looking up some Windows error stringsJay Satiro
- Use FORMAT_MESSAGE_IGNORE_INSERTS to ignore format specifiers in Windows error strings. Since we are not in control of the error code we don't know what information may be needed by the error string's format specifiers. Prior to this change Windows API error strings which contain specifiers (think specifiers like similar to printf specifiers) would not be shown. The FormatMessage Windows API call which turns a Windows error code into a string could fail and set error ERROR_INVALID_PARAMETER if that error string contained a format specifier. FormatMessage expects a va_list for the specifiers, unless inserts are ignored in which case no substitution is attempted. Ref: https://devblogs.microsoft.com/oldnewthing/20071128-00/?p=24353
2019-11-09system.h: fix for MCST lcc compilerr-a-sattarov
Fixed build by MCST lcc compiler on MCST Elbrus 2000 architecture and do some code cleanup. e2k (Elbrus 2000) - this is VLIW/EPIC architecture, like Intel Itanium architecture. Ref: https://en.wikipedia.org/wiki/Elbrus_2000 Closes https://github.com/curl/curl/pull/4576
2019-11-08TODO: curl_multi_unblockDaniel Stenberg
Closes #4418
2019-11-08TODO: Run web-platform-tests url testsDaniel Stenberg
Closes #4477
2019-11-08TODO: 1.4 alt-svc sharingDaniel Stenberg
Closes #4476
2019-11-08test1560: require IPv6 for IPv6 aware URL parsingDaniel Stenberg
The URL parser function can't reject a bad IPv6 address properly when curl was built without IPv6 support. Reported-by: Marcel Raad Fixes #4556 Closes #4572
2019-11-08checksrc: repair the copyrightyear checkDaniel Stenberg
- Consider a modified file to be committed this year. - Make the travis CHECKSRC also do COPYRIGHTYEAR scan in examples and includes - Ignore 0 parents when getting latest commit date of file. since in the CI we're dealing with a truncated repo of last 50 commits, the file's most recent commit may not be available. when this happens git log and rev-list show the initial commit (ie first commit not to be truncated) but that's incorrect so ignore it. Ref: https://github.com/curl/curl/pull/4547 Closes https://github.com/curl/curl/pull/4549 Co-authored-by: Jay Satiro
2019-11-08copyrights: fix copyright year rangeDaniel Stenberg
.. because checksrc's copyright year check stopped working. Ref: https://github.com/curl/curl/pull/4547 Closes https://github.com/curl/curl/pull/4549
2019-11-08RELEASE-NOTES: syncedDaniel Stenberg
2019-11-08curlver: bump to 7.67.1Daniel Stenberg
2019-11-08mailmap: fixup Massimiliano FantuzziDaniel Stenberg
2019-11-08scripts/contributors: make committers get included tooDaniel Stenberg
in addition to authors
2019-11-08configure: fix typo in help textMassimiliano Fantuzzi HB9GUS
Closes https://github.com/curl/curl/pull/4570
2019-11-07ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION setChristian Schmitz
Closes #3704
2019-11-06build: fix for CURL_DISABLE_DOHWyatt O'Day
Fixes https://github.com/curl/curl/issues/4565 Closes https://github.com/curl/curl/pull/4566
2019-11-06configure: avoid unportable `==' test(1) operatorLeonardo Taccari
Closes https://github.com/curl/curl/pull/4567
2019-11-05RELEASE-NOTES: syncedDaniel Stenberg
The 7.67.0 release
2019-11-05THANKS: add new names from 7.67.0Daniel Stenberg
2019-11-05configure: only say ipv6 enabled when the variable is setDaniel Stenberg
Previously it could say "IPv6: enabled" at the end of the configure run but the define wasn't set because of a missing getaddrinfo(). Reported-by: Marcel Raad Fixes #4555 Closes #4560
2019-11-02certs/Server-localhost-lastSAN-sv: regenerate with sha256Marcel Raad
All other certificates were regenerated in commit ba782baac30, but this one was missed. Fixes test3001 on modern systems. Closes https://github.com/curl/curl/pull/4551