ftp: make domore_getsock() return the secondary socket properly

Previously, after PASV and immediately after the data connection has
connected, the function would only return the control

ftp: make domore_getsock() return the secondary socket properly

Previously, after PASV and immediately after the data connection has
connected, the function would only return the control socket to wait for
which then made the data connection simply timeout and not get polled
correctly. This become obvious when running test 1631 and 1632 event-
based.

show more ...

test1632: verify FTP through HTTPS-proxy with connection re-use

test1631: verify FTP download through HTTPS-proxy

sws: as last resort, get test number from server cmd file

If it can't be found in the request. Also support --cmdfile to set it to
a custom file name.

runtests.pl always writes

sws: as last resort, get test number from server cmd file

If it can't be found in the request. Also support --cmdfile to set it to
a custom file name.

runtests.pl always writes this file with the test number in it since a
while back.

show more ...

ftp: shut down the secondary connection properly when SSL is used

Reported-by: Neal Poole
Fixes #5340
Closes #5385

KNOWN_BUGS: adapt 5.5 to recent changes

It only applies to non-Unicode builds now.
Also merge 5.10 into it as it's effectively a duplicate.

Closes https://github.com/curl/curl/p

KNOWN_BUGS: adapt 5.5 to recent changes

It only applies to non-Unicode builds now.
Also merge 5.10 into it as it's effectively a duplicate.

Closes https://github.com/curl/curl/pull/3784

show more ...

curl_setup: support Unicode functions to open files on Windows

Use them only if `_UNICODE` is defined, in which case command-line
arguments have been converted to UTF-8.

Closes

curl_setup: support Unicode functions to open files on Windows

Use them only if `_UNICODE` is defined, in which case command-line
arguments have been converted to UTF-8.

Closes https://github.com/curl/curl/pull/3784

show more ...

tool: support UTF-16 command line on Windows

- use `wmain` instead of `main` when `_UNICODE` is defined [0]
- define `argv_item_t` as `wchar_t *` in this case
- use the curl_multibyt

tool: support UTF-16 command line on Windows

- use `wmain` instead of `main` when `_UNICODE` is defined [0]
- define `argv_item_t` as `wchar_t *` in this case
- use the curl_multibyte gear to convert the command-line arguments to
UTF-8

This makes it possible to pass parameters with characters outside of
the current locale on Windows, which is required for some tests, e.g.
the IDN tests. Out of the box, this currently only works with the
Visual Studio project files, which default to Unicode, and winbuild
with the `ENABLE_UNICODE` option.

[0] https://devblogs.microsoft.com/oldnewthing/?p=40643

Ref: https://github.com/curl/curl/issues/3747
Closes https://github.com/curl/curl/pull/3784

show more ...

curl_multibyte: add to curlx

This will also be needed in the tool and tests.

Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512
Closes https://github.com/curl/cu

curl_multibyte: add to curlx

This will also be needed in the tool and tests.

Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512
Closes https://github.com/curl/curl/pull/3784

show more ...

url: make the updated credentials URL-encoded in the URL

Found-by: Gregory Jefferis
Reported-by: Jeroen Ooms
Added test 1168 to verify. Bug spotted when doing a redirect.
Bug: ht

url: make the updated credentials URL-encoded in the URL

Found-by: Gregory Jefferis
Reported-by: Jeroen Ooms
Added test 1168 to verify. Bug spotted when doing a redirect.
Bug: https://github.com/jeroen/curl/issues/224
Closes #5400

show more ...

tests: add https-proxy support to the test suite

Initial test 1630 added with basic HTTPS-proxy use. HTTPS-proxy is like
HTTP proxy but with a full TLS connection to the proxy.

tests: add https-proxy support to the test suite

Initial test 1630 added with basic HTTPS-proxy use. HTTPS-proxy is like
HTTP proxy but with a full TLS connection to the proxy.

Closes #5399

show more ...

mailmap: James Fuller

vauth/cleartext: fix theoretical integer overflow

Fix theoretical integer overflow in Curl_auth_create_plain_message.

The security impact of the overflow was discussed on hackerone.

vauth/cleartext: fix theoretical integer overflow

Fix theoretical integer overflow in Curl_auth_create_plain_message.

The security impact of the overflow was discussed on hackerone. We
agreed this is more of a theoretical vulnerability, as the integer
overflow would only be triggerable on systems using 32-bits size_t with
over 4GB of available memory space for the process.

Closes #5391

show more ...

curl.1: Quote globbed URLs

- Quote the globbing example URLs that contain characters [] {} since
otherwise they may be interpreted as shell metacharacters.

Bug: https://github

curl.1: Quote globbed URLs

- Quote the globbing example URLs that contain characters [] {} since
otherwise they may be interpreted as shell metacharacters.

Bug: https://github.com/curl/curl/issues/5388
Reported-by: John Simpson

Closes https://github.com/curl/curl/pull/5394

show more ...

checksrc: enhance the ASTERISKSPACE and update code accordingly

Fine: "struct hello *world"

Not fine: "struct hello* world" (and variations)

Closes #5386

docs/options-in-versions: which version added each cmdline option

Added test 971 to verify that the list is in sync with the files in
cmdline-opts. The check also verifies that .d-files

docs/options-in-versions: which version added each cmdline option

Added test 971 to verify that the list is in sync with the files in
cmdline-opts. The check also verifies that .d-files that uses Added:
specify the same version number as the options-in-versions file does.

Closes #5381

show more ...

docs: unify protocol lists

We boast support for 25 transfer protocols. Make sure the lists are
consistent

Closes #5384

OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN

... to avoid an OpenSSL bug that otherwise makes the CRL check to fail.

Reported-by: Michael Kaufmann
Fixes #5374

OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN

... to avoid an OpenSSL bug that otherwise makes the CRL check to fail.

Reported-by: Michael Kaufmann
Fixes #5374
Closes #5376

show more ...

tls13-ciphers.d: shorten the Arg

sasl-authzid.d: add Arg: and shorten the desc

cert-type.d: mention the available types in the desc

tool: shorten 3 --help descriptions

--happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort

gen.pl already warned about these lines but we didn't listen

Closes

tool: shorten 3 --help descriptions

--happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort

gen.pl already warned about these lines but we didn't listen

Closes #5379

show more ...

configure: the wolfssh backend does not provide SCP

Closes #5387

RELEASE-NOTES: synced

url: reject too long input when parsing credentials

Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in

url: reject too long input when parsing credentials

Since input passed to libcurl with CURLOPT_USERPWD and
CURLOPT_PROXYUSERPWD circumvents the regular string length check we have
in Curl_setstropt(), the input length limit is enforced in
Curl_parse_login_details too, separately.

Reported-by: Thomas Bouzerar
Closes #5383

show more ...