Curl_follow: extract the Location: header field unvalidated

... when not actually following the redirect. Otherwise we return error
for this and an application can't extract the value.

Curl_follow: extract the Location: header field unvalidated

... when not actually following the redirect. Otherwise we return error
for this and an application can't extract the value.

Test 1518 added to verify.

Reported-by: Pavel Pavlov
Fixes #3340
Closes #3364

show more ...

multi: convert two timeout variables to timediff_t

The time_t type is unsigned on some systems and these variables are used
to hold return values from functions that return timediff_t

multi: convert two timeout variables to timediff_t

The time_t type is unsigned on some systems and these variables are used
to hold return values from functions that return timediff_t
already. timediff_t is always a signed type.

Closes #3363

show more ...

delta: use --diff-filter on the git diff-tree invokes

Suggested-by: Dave Reisner

documentation: curl_formadd field and file names are now escaped

Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
header without special processing: this may lea

documentation: curl_formadd field and file names are now escaped

Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
header without special processing: this may lead to invalid RFC 822
quoted-strings.
7.56.0 introduces escaping of backslashes and double quotes in these names:
mention it in the documentation.

Reported-by: daboul on github
Closes #3361

show more ...

scripts/delta: show repo delta info from last release

... where "last release" should be the git tag in the repo.

tests: add urlapi unittest

This adds a new unittest intended to cover the internal functions in
the urlapi code, starting with parse_port(). In order to avoid name
collisions in debu

tests: add urlapi unittest

This adds a new unittest intended to cover the internal functions in
the urlapi code, starting with parse_port(). In order to avoid name
collisions in debug builds, parse_port() is renamed Curl_parse_port()
since it will be exported.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>

show more ...

urlapi: fix portnumber parsing for ipv6 zone index

An IPv6 URL which contains a zone index includes a '%%25<zode id>'
string before the ending ']' bracket. The parsing logic wasn't set

urlapi: fix portnumber parsing for ipv6 zone index

An IPv6 URL which contains a zone index includes a '%%25<zode id>'
string before the ending ']' bracket. The parsing logic wasn't set
up to cope with the zone index however, resulting in a malformed url
error being returned. Fix by breaking the parsing into two stages
to correctly handle the zone index.

Closes #3355
Closes #3319
Reported-by: tonystz on Github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>

show more ...

http: fix HTTP auth to include query in URI

- Include query in the path passed to generate HTTP auth.

Recent changes to use the URL API internally (46e1640, 7.62.0)
inadvertentl

http: fix HTTP auth to include query in URI

- Include query in the path passed to generate HTTP auth.

Recent changes to use the URL API internally (46e1640, 7.62.0)
inadvertently broke authentication URIs by omitting the query.

Fixes https://github.com/curl/curl/issues/3353
Closes #3356

show more ...

http: don't set CURLINFO_CONDITION_UNMET for http status code 204

The http status code 204 (No Content) should not change the "condition
unmet" flag. Only the http status code 304 (Not M

http: don't set CURLINFO_CONDITION_UNMET for http status code 204

The http status code 204 (No Content) should not change the "condition
unmet" flag. Only the http status code 304 (Not Modified) should do
this.

Closes #359

show more ...

ldap: fix LDAP URL parsing regressions

- Match URL scheme with LDAP and LDAPS
- Retrieve attributes, scope and filter from URL query instead

Regression brought in 46e164069d1a52

ldap: fix LDAP URL parsing regressions

- Match URL scheme with LDAP and LDAPS
- Retrieve attributes, scope and filter from URL query instead

Regression brought in 46e164069d1a5230 (7.62.0)

Closes #3362

show more ...

RELEASE-NOTES: synced

(lib)curl.rc: fixup for minor bugs

All resources defined in lib/libcurl.rc and curl.rc are language
neutral.

winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so th

(lib)curl.rc: fixup for minor bugs

All resources defined in lib/libcurl.rc and curl.rc are language
neutral.

winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the
ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong.

Replace the hard-coded constants in both *.rc files with #define'd
values.

Thumbs-uped-by: Rod Widdowson, Johannes Schindelin
URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
Closes #3348

show more ...

test329: verify cookie max-age=0 immediate expiry

cookies: expire "Max-Age=0" immediately

Reported-by: Jeroen Ooms
Fixes #3351
Closes #3352

Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1

This is a companion patch to cbea2fd2c (NTLM: force the connection to
HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1

Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1

This is a companion patch to cbea2fd2c (NTLM: force the connection to
HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
preemptively. However, with other (Negotiate) authentication it is not
clear to this developer whether there is a way to make it work with
HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
error HTTP_1_1_REQUIRED.

Note: we will still keep the NTLM workaround, as it avoids an extra
round trip.

Daniel Stenberg helped a lot with this patch, in particular by
suggesting to introduce the Curl_h2_http_1_1_error() function.

Closes #3349

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

show more ...

openssl: fix unused variable compiler warning with old openssl

URL: https://curl.haxx.se/mail/lib-2018-11/0055.html

Closes #3347

NTLM: force the connection to HTTP/1.1

Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
the capability. However, NTLM authentication only works with HTTP/1.1,
an

NTLM: force the connection to HTTP/1.1

Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
the capability. However, NTLM authentication only works with HTTP/1.1,
and will likely remain in that boat (for details, see
https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).

When we just found out that we want to use NTLM, and when the current
connection runs in HTTP/2 mode, let's force the connection to be closed
and to be re-opened using HTTP/1.1.

Fixes https://github.com/curl/curl/issues/3341.
Closes #3345

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

show more ...

curl_global_sslset(): id == -1 is not necessarily an error

It is allowed to call that function with id set to -1, specifying the
backend by the name instead. We should imitate what is do

curl_global_sslset(): id == -1 is not necessarily an error

It is allowed to call that function with id set to -1, specifying the
backend by the name instead. We should imitate what is done further down
in that function to allow for that.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes #3346

show more ...

.gitattributes: make tabs in indentation a visible error

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

RELEASE-NOTES: synced

doh: fix memory leak in OOM situation

Reviewed-by: Daniel Gustafsson
Closes #3342

doh: make it work for h2-disabled builds too

Reported-by: dtmsecurity at github
Fixes #3325
Closes #3336

packages: remove old leftover files and dirs

This subdir has mostly become an attic of never-used cruft from the
past.

Closes #3331

openssl: do not use file BIOs if not requested

Moves the file handling BIO calls to the branch of the code where they
are actually used.

Closes #3339

nss: Fix compatibility with nss versions 3.14 to 3.15