url: cleanup dangling DOH request headers too

Follow-up to 9bc44ff64d9081

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17269

Closes #4372

http2: relax verification of :authority in push promise requests

If the :authority pseudo header field doesn't contain an explicit port,
we assume it is valid for the default port, inste

http2: relax verification of :authority in push promise requests

If the :authority pseudo header field doesn't contain an explicit port,
we assume it is valid for the default port, instead of rejecting the
request for all ports.

Ref: https://curl.haxx.se/mail/lib-2019-09/0041.html

Closes #4365

show more ...

doh: clean up dangling DOH handles and memory on easy close

If you set the same URL for target as for DoH (and it isn't a DoH
server), like "https://example.com" in both, the easy handle

doh: clean up dangling DOH handles and memory on easy close

If you set the same URL for target as for DoH (and it isn't a DoH
server), like "https://example.com" in both, the easy handles used for
the DoH requests could be left "dangling" and end up not getting freed.

Reported-by: Paul Dreik
Closes #4366

show more ...

unit1655: make it C90 compliant

Unclear why this was not detected in the CI.

Follow-up to b7666027296a

smb: check for full size message before reading message details

To avoid reading of uninitialized data.

Assisted-by: Max Dymond
Bug: https://crbug.com/oss-fuzz/16907
Closes

smb: check for full size message before reading message details

To avoid reading of uninitialized data.

Assisted-by: Max Dymond
Bug: https://crbug.com/oss-fuzz/16907
Closes #4363

show more ...

quiche: persist connection details

... like we do for other protocols at connect time. This makes "curl -I"
and other things work.

Reported-by: George Liu
Fixes #4358
Cl

quiche: persist connection details

... like we do for other protocols at connect time. This makes "curl -I"
and other things work.

Reported-by: George Liu
Fixes #4358
Closes #4360

show more ...

openssl: fix warning with boringssl and SSL_CTX_set_min_proto_version

Follow-up to ffe34b7b59
Closes #4359

doh: fix undefined behaviour and open up for gcc and clang optimization

The undefined behaviour is annoying when running fuzzing with
sanitizers. The codegen is the same, but the meaning

doh: fix undefined behaviour and open up for gcc and clang optimization

The undefined behaviour is annoying when running fuzzing with
sanitizers. The codegen is the same, but the meaning is now not up for
dispute. See https://cppinsights.io/s/516a2ff4

By incrementing the pointer first, both gcc and clang recognize this as
a bswap and optimizes it to a single instruction. See
https://godbolt.org/z/994Zpx

Closes #4350

show more ...

doh: fix (harmless) buffer overrun

Added unit test case 1655 to verify.
Close #4352

the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to

doh: fix (harmless) buffer overrun

Added unit test case 1655 to verify.
Close #4352

the code correctly finds the flaws in the old code,
if one temporarily restores doh.c to the old version.

show more ...

docs: remove trailing ':' from section names in CURLOPT_TRAILER* man

docs: fix typo in CURLOPT_HTTP_VERSION man

CI: inintial github action job

First shot at a CI build on github actions

appveyor: add a winbuild

Assisted-by: Marcel Raad
Assisted-by: Jay Satiro

Closes #4324

FTP: allow "rubbish" prepended to the SIZE response

This is a protocol violation but apparently there are legacy proprietary
servers doing this.

Added test 336 and 337 to verify

FTP: allow "rubbish" prepended to the SIZE response

This is a protocol violation but apparently there are legacy proprietary
servers doing this.

Added test 336 and 337 to verify.

Reported-by: Philippe Marguinaud
Closes #4339

show more ...

FTP: skip CWD to entry dir when target is absolute

Closes #4332

curl: fix memory leaked by parse_metalink()

This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind

curl: fix memory leaked by parse_metalink()

This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
and libmetalink enabled.

Closes #4326

show more ...

parsedate: still provide the name arrays when disabled

If FILE or FTP are enabled, since they also use them!

Reported-by: Roland Hieber
Fixes #4325
Closes #4343

curl:file2string: load large files much faster

... by using a more efficient realloc scheme.

Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html
Closes #4336

openssl: close_notify on the FTP data connection doesn't mean closure

For FTPS transfers, curl gets close_notify on the data connection
without that being a signal to close the control c

openssl: close_notify on the FTP data connection doesn't mean closure

For FTPS transfers, curl gets close_notify on the data connection
without that being a signal to close the control connection!

Regression since 3f5da4e59a556fc (7.65.0)

Reported-by: Zenju on github
Reviewed-by: Jay Satiro
Fixes #4329
Closes #4340

show more ...

docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag

Closes #4338

RELEASE-NOTES: synced

curlver: bump to 7.66.1

setopt: make it easier to add new enum values

... by using the *_LAST define names better.

Closes #4321

asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris

Reported-by: Dagobert Michelsen
Fixes #4328
Closes #4333

winbuild/MakefileBuild.vc: Add vssh

Without that modification, the Windows build using the makefiles doesn't
work.

Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>

winbuild/MakefileBuild.vc: Add vssh

Without that modification, the Windows build using the makefiles doesn't
work.

Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>

Fixes #4322
Closes #4323

show more ...