| 6a9b7103 | 04-Sep-2024 |
Viktor Szakats |
cmake: restore variable names `CURL_CA_BUNDLE_SET`/`CURL_CA_PATH_SET`
They were renamed recently as internal variables, but they are both
cached, so let's keep the original names for con
cmake: restore variable names `CURL_CA_BUNDLE_SET`/`CURL_CA_PATH_SET`
They were renamed recently as internal variables, but they are both
cached, so let's keep the original names for consistency and
compatibility.
Partial revert of c2889a7b4180fc963ae30811f59ab547b6eb03cd #14388
Tested via #14778
show more ...
|
| 9e629a14 | 03-Sep-2024 |
Daniel Stenberg |
docs: document the (weak) random value situation in rustls builds
Closes #14770 |
| 4e16f8aa | 03-Sep-2024 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| a07ba37b | 03-Sep-2024 |
Stefan Eissing |
cf-socket: fix pollset for listening
When FTP does an active data connection, the socket connection
filter is instantiated with a listening socket. When the filter
adjusts its pollse
cf-socket: fix pollset for listening
When FTP does an active data connection, the socket connection
filter is instantiated with a listening socket. When the filter
adjusts its pollset, it needs to POLLIN, not OUT.
Bug: https://curl.se/mail/lib-2024-08/0023.html
Reported-by: Yoshimasa Ohno
Closes #14766
show more ...
|
| 81a33428 | 03-Sep-2024 |
Stefan Eissing |
connect: always prefer ipv6 in IP eyeballing
Always try ipv6 addresses first, ipv4 second after a delay.
If neither ipv4/6 are amongst the supplied addresses, start a happy
eyeb
connect: always prefer ipv6 in IP eyeballing
Always try ipv6 addresses first, ipv4 second after a delay.
If neither ipv4/6 are amongst the supplied addresses, start a happy
eyeballer for the first address family present. This is for AF_UNIX
connects.
Fixes #14761
Reported-by: janedenone on hackerone
Closes #14768
show more ...
|
| 933e202e | 03-Sep-2024 |
Daniel Stenberg |
KNOWN_BUGS: CURLOPT_CONNECT_TO does not work for HTTPS proxy
Closes #14481
Closes #14769 |
| 4ff04615 | 02-Sep-2024 |
Daniel Stenberg |
lib: use FMT_ as prefix instead of CURL_FORMAT_
For printf format defines used internally. Makes the code slighly
easier to read.
Closes #14764 |
| a2bcec0e | 31-Aug-2024 |
Aki Sakurai <75532970+AkiSakurai@users.noreply.github.com> |
openssl: fix the data race when sharing an SSL session between threads
The SSL_Session object is mutated during connection inside openssl,
and it might not be thread-safe. Besides, accor
openssl: fix the data race when sharing an SSL session between threads
The SSL_Session object is mutated during connection inside openssl,
and it might not be thread-safe. Besides, according to documentation
of openssl:
```
SSL_SESSION objects keep internal link information about the session
cache list, when being inserted into one SSL_CTX object's session
cache. One SSL_SESSION object, regardless of its reference count,
must therefore only be used with one SSL_CTX object (and the SSL
objects created from this SSL_CTX object).
```
If I understand correctly, it is not safe to share it even in a
single thread.
Instead, serialize the SSL_SESSION before adding it to the cache,
and deserialize it after retrieving it from the cache, so that no
concurrent write to the same object is infeasible.
Also
- add a ci test for thread sanitizer
- add a test for sharing ssl sessions concurrently
- avoid redefining memory functions when not building libcurl, but
including the soruce in libtest
- increase the concurrent connections limit in sws
Notice that there are fix for a global data race for openssl which
is not yet release. The fix is cherry pick for the ci test with
thread sanitizer.
https://github.com/openssl/openssl/commit/d8def79838cd0d5e7c21d217aa26edb5229f0ab4
Closes #14751
show more ...
|
| 2c2292ec | 02-Sep-2024 |
Stefan Eissing |
haproxy: send though next filter
Small but, instead of sending the initial data though the connection
method, send it to the next filter in the chain. While the connection
methods ac
haproxy: send though next filter
Small but, instead of sending the initial data though the connection
method, send it to the next filter in the chain. While the connection
methods accomodates for such use, by ignoring unconnected filters, it is
better to follow the filter chain explicitly.
Closes #14756
show more ...
|
| e512fbfa | 22-Aug-2024 |
Viktor Szakats |
printf: fix mingw-w64 format checks
Change mingw-w64 printf format checks in public curl headers to use
`__MINGW_PRINTF_FORMAT` instead of `gnu_printf`. This syncs the format
checker
printf: fix mingw-w64 format checks
Change mingw-w64 printf format checks in public curl headers to use
`__MINGW_PRINTF_FORMAT` instead of `gnu_printf`. This syncs the format
checker with format string macros published via `curl/system.h`. (Also
disable format checks for mingw-w64 older than 3.0.0 (2013-09-20) and
classic-mingw, which do not support this macro.)
This fixes bogus format checker `-Wformat` warnings in 3rd party code
using curl format strings with the curl printf functions, when using
mingw-w64 7.0.0 (2019-11-10) and older (with GCC, MSVCRT).
It also allows to delete two workaounds for this within curl itself:
- setting `-D__USE_MINGW_ANSI_STDIO=1` for mingw-w64 via cmake and
configure for `docs/examples` and `tests/http/clients`.
Ref: c730c8549b5b67e7668ca5d2cd82c3cc183e125d #14640
The format check macro is incompatible (depending on mingw-w64 version
and configuration) with the C99 `%z` (`size_t`) format string used
internally by curl.
To work around this problem, override the format check style in curl
public headers to use `gnu_printf`. This is compatible with `%z` in all
mingw-w64 versions and allows keeping the C99 format strings internally.
Also:
- lib/ws.c: add missing space to an error message.
- docs/examples/ftpgetinfo.c: fix to use standard printf.
Ref: #14643 (take 1)
Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489
Closes #14703
show more ...
|
| 6004f967 | 27-Aug-2024 |
Viktor Szakats |
cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP`
After this patch LDAPS is disabled by default when LDAP is manually
disabled.
This makes it unnecessary t
cmake: default `CURL_DISABLE_LDAPS` to the value of `CURL_DISABLE_LDAP`
After this patch LDAPS is disabled by default when LDAP is manually
disabled.
This makes it unnecessary to disable them in sync manually just to avoid
a `CMakeLists.txt` warning.
Syncs behavior with `./configure`.
Closes #14758
show more ...
|
| d76b6485 | 31-Aug-2024 |
Daniel Stenberg |
rand: only provide weak random when needed
builds without TLS and builds using rustls
Closes #14749 |
| 269fdd4c | 31-Aug-2024 |
Daniel Stenberg |
lib: remove use of RANDOM_FILE
It could previously be set with configure/cmake and used in rare cases
for reading randomness: with ancient mbedTLS or rustls without
arc4random.
lib: remove use of RANDOM_FILE
It could previously be set with configure/cmake and used in rare cases
for reading randomness: with ancient mbedTLS or rustls without
arc4random.
We now get randomness in this order:
1. The TLS library's way to provide random
2. On Windows: Curl_win32_random
3. if arc4random exists, use that
4. weak non-crytographically strong pseudo-random
Closes #14749
show more ...
|
| 00ef6073 | 30-Aug-2024 |
Stefan Eissing |
url: fix connection reuse for HTTP/2 upgrades
Normally, when a connection's filters have all connected, the
multiplex status is determined. However, HTTP/2 Upgrade:
requests will onl
url: fix connection reuse for HTTP/2 upgrades
Normally, when a connection's filters have all connected, the
multiplex status is determined. However, HTTP/2 Upgrade:
requests will only do this when the first server response
has been received.
The current connection reuse mechanism does not accomodate
that and when the time between connect and response is large
enough, connection reuse may not happen as desired.
See test case 2405 failures, such as in
https://github.com/curl/curl/actions/runs/10629497461/job/29467166451
Add 'conn->bits.asks_multiplex' as indicator that a connection is
still being evaluated for mulitplexing, so that new transfers
may wait on this to be cleared.
Closes #14739
show more ...
|
| 76212cbf | 01-Sep-2024 |
наб |
curl_easy_handler.md: fix language
Applications need to [...] if it needs -> The application needs to
Closes #14752 |
| 8bb71d5f | 31-Aug-2024 |
Daniel Stenberg |
curl.h: make CURLOPT_WRITEINFO and CURLOPT_CLOSEPOLICY compile
The symbols have not been in use for 17+ years and they did not do
anything for several years before that, but apparently t
curl.h: make CURLOPT_WRITEINFO and CURLOPT_CLOSEPOLICY compile
The symbols have not been in use for 17+ years and they did not do
anything for several years before that, but apparently there are still
code using them.
Follow-up to 3b057d4b7a7
Fixes #14747
Reported-by: Kai Pastor
Closes #14748
show more ...
|
| 33629949 | 01-Sep-2024 |
Viktor Szakats |
build: add options to disable SHA-512/256 hash algo
Existing C macro lacked build-level counterparts.
Add them in this patch.
- cmake: `-DCURL_DISABLE_SHA512_256=ON`
- autot
build: add options to disable SHA-512/256 hash algo
Existing C macro lacked build-level counterparts.
Add them in this patch.
- cmake: `-DCURL_DISABLE_SHA512_256=ON`
- autotools: `--disable-sha512-256`
Also drop the checker exception from `test1165.pl`.
Follow-up to cbe41d151d6a100c1f045eaf37ff06b2b2a7b382 #12897
Closes #14753
show more ...
|
| 83bcd335 | 01-Sep-2024 |
Viktor Szakats |
test1165: check if `curl_config.h.cmake` lists all `DISABLED` options
Also fix issues:
- cmake: fix `CURL_DISABLE_HTTP_AUTH` option
- cmake: fix `CURL_DISABLE_SHUFFLE_DNS` option
test1165: check if `curl_config.h.cmake` lists all `DISABLED` options
Also fix issues:
- cmake: fix `CURL_DISABLE_HTTP_AUTH` option
- cmake: fix `CURL_DISABLE_SHUFFLE_DNS` option
Fixes:
```
Present in CMakeLists.txt, not propagated via curl_config.h.cmake: CURL_DISABLE_HTTP_AUTH
Present in CMakeLists.txt, not propagated via curl_config.h.cmake: CURL_DISABLE_SHUFFLE_DNS
```
Ref: https://github.com/curl/curl/actions/runs/10655027540/job/29532054141?pr=14754#step:11:2090
Closes #14754
show more ...
|
| ad32fb42 | 31-Aug-2024 |
Viktor Szakats |
autotools: settle with option name: `--enable-windows-unicode`
Bring the option name style in sync with cmake and with other configure
options aiming to enable something unrelated to an
autotools: settle with option name: `--enable-windows-unicode`
Bring the option name style in sync with cmake and with other configure
options aiming to enable something unrelated to an optional package.
(I initially named this new option `--with-windows-unicode` within this
release cycle.)
Follow-up to 9e4a2187e763dd80a1296b07fd3e073f46c4dc8f #14478
Closes #14746
show more ...
|
| 1e58665c | 31-Aug-2024 |
Viktor Szakats |
configure: break indentation to fix `--help` output
For recently added/updated options:
windows-unicode, winidn, apple-idn
It looks like the second `AS_HELP_STRING()` must start
configure: break indentation to fix `--help` output
For recently added/updated options:
windows-unicode, winidn, apple-idn
It looks like the second `AS_HELP_STRING()` must start in the first
column, otherwise its indentation will appear in the `--help` output,
and break unalignment with the rest.
(There must be a better way to tackle this.)
show more ...
|
| 3fc81be4 | 30-Aug-2024 |
Viktor Szakats |
cmake: sync `CURL_DISABLE_*` behaviour with autotools
- disable RTSP, ALTSVC, HSTS when HTTP is disabled.
(`./configure` warning deemed unnecessary and not replicated with
cmake.
cmake: sync `CURL_DISABLE_*` behaviour with autotools
- disable RTSP, ALTSVC, HSTS when HTTP is disabled.
(`./configure` warning deemed unnecessary and not replicated with
cmake.)
- disable HSTS when there is no TLS backend.
Tested via #14744
Closes #14745
show more ...
|
| d4240b9b | 30-Aug-2024 |
Viktor Szakats |
cmake: allow disabling `RANDOM_FILE`
`./configure` allows `--random-file=no`. Allow this with CMake too,
using `-DRANDOM_FILE=OFF` (other boolean values work too: no, false, 0,
case
cmake: allow disabling `RANDOM_FILE`
`./configure` allows `--random-file=no`. Allow this with CMake too,
using `-DRANDOM_FILE=OFF` (other boolean values work too: no, false, 0,
case insensitive.)
Also disable `RANDOM_FILE` detection for Windows.
Closes #14743
show more ...
|
| 04e3621d | 29-Aug-2024 |
Viktor Szakats |
build: add `poll()` detection for cross-builds
For cross-builds rely on `_POSIX_C_SOURCE` to decide if `poll()` is
supported, rather than just assuming it isn't.
This may still
build: add `poll()` detection for cross-builds
For cross-builds rely on `_POSIX_C_SOURCE` to decide if `poll()` is
supported, rather than just assuming it isn't.
This may still miss to detect `poll()` support, as seen for example with
Linux MUSL cross-builds.
Also:
- GHA/curl-for-win: enable RISC-V 64 cross-target for Linux MUSL.
(to test this case with cmake, with a false-negative.)
The first RISC-V 64 build in curl's CI.
- GHA/curl-for-win: add arm64/intel64 job for Linux glibc.
(to test this case with cmake, and succeed.)
- cmake: delete unnecessary `#include <sys/time.h>` from non-cross-build
`poll()` detection snippet.
Follow-up tp cc8b8137659e1733fdd3810c19ff5ec8db438509 #14718
Fixes #14714
Closes #14734
show more ...
|
| 415573a7 | 30-Aug-2024 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| 4cd10ee2 | 28-Aug-2024 |
Stefan Eissing |
POP3: fix multi-line responses
Some POP3 commands are multi-line, e.g. have responses terminated by a
last line with '.', but some are not. Define the known command
properties and fi
POP3: fix multi-line responses
Some POP3 commands are multi-line, e.g. have responses terminated by a
last line with '.', but some are not. Define the known command
properties and fix response handling.
Add test case for STAT.
Fixes #14677
Reported-by: ralfjunker on github
Closes #14707
show more ...
|
