Update to 7.60.0 - May 15 2018.
Changes:
Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool
Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
Bugfixes:
FTP: shutdown response buffer overflow CVE-2018-1000300
RTSP: bad headers buffer over-read CVE-2018-1000301
FTP: fix typo in recursive callback detection for seeking
test1208: marked flaky
HTTP: make header-less responses still count correct body size
user-agent.d:: mention --proxy-header as well
http2: fixes typo
cleanup: misc typos in strings and comments
rate-limit: use three second window to better handle high speeds
examples/hiperfifo.c: improved
pause: when changing pause state, update socket state
multi: improved pending transfers handling => improved performance
curl_version_info.3: fix ssl_version description
add_handle/easy_perform: clear errorbuffer on start if set
darwinssl: fix iOS build
cmake: add support for brotli
parsedate: support UT timezone
vauth/ntlm.h: fix the #ifdef header guard
lib/curl_path.h: added #ifdef header guard
vauth/cleartext: fix integer overflow check
CURLINFO_COOKIELIST.3: made the example not leak memory
cookie.d: mention that "-" as filename means stdin
CURLINFO_SSL_VERIFYRESULT.3: fixed the example
http2: read pending frames (including GOAWAY) in connection-check
timeval: remove compilation warning by casting
cmake: avoid warn-as-error during config checks
travis-ci: enable -Werror for CMake builds
openldap: fix for NULL return from ldap_get_attribute_ber()
threaded resolver: track resolver time and set suitable timeout values
cmake: Add advapi32 as explicit link library for win32
docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
test1148: set a fixed locale for the test
cookies: when reading from a file, only remove_expired once
cookie: store cookies per top-level-domain-specific hash table
openssl: fix build with LibreSSL 2.7
tls: fix mbedTLS 2.7.0 build + handle sha256 failures
openssl: RESTORED verify locations when verifypeer==0
file: restore old behavior for file:////foo/bar URLs
FTP: allow PASV on IPv6 connections when a proxy is being used
build-openssl.bat: allow custom paths for VS and perl
winbuild: make the clean target work without build-type
build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
curl: retry on FTP 4xx, ignore other protocols
configure: detect (and use) sa_family_t
examples/sftpuploadresume: Fix Windows large file seek
build: cleanup to fix clang warnings/errors
winbuild: updated the documentation
lib: silence null-dereference warnings
travis: bump to clang 6 and gcc 7
travis: build libpsl and make builds use it
proxy: show getenv proxy use in verbose output
duphandle: make sure CURLOPT_RESOLVE is duplicated
all: Refactor malloc+memset to use calloc
checksrc: Fix typo
system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
vauth: Fix typo
ssh: show libSSH2 error code when closing fails
test1148: tolerate progress updates better
urldata: make service names unconditional
configure: keep LD_LIBRARY_PATH changes local
ntlm_sspi: fix authentication using Credential Manager
schannel: add client certificate authentication
winbuild: Support custom devel paths for each dependency
schannel: add support for CURLOPT_CAINFO
http2: handle on_begin_headers() called more than once
openssl: support OpenSSL 1.1.1 verbose-mode trace messages
openssl: fix subjectAltName check on non-ASCII platforms
http2: avoid strstr() on data not zero terminated
http2: clear the "drain counter" when a stream is closed
http2: handle GOAWAY properly
tool_help: clarify --max-time unit of time is seconds
curl.1: clarify that options and URLs can be mixed
http2: convert an assert to run-time check
curl_global_sslset: always provide available backends
ftplistparser: keep state between invokes
Curl_memchr: zero length input can't match
examples/sftpuploadresume: typecast fseek argument to long
examples/http2-upload: expand buffer to avoid silly warning
ctype: restore character classification for non-ASCII platforms
mime: avoid NULL pointer dereference risk
cookies: ensure that we have cookies before writing jar
os400.c: fix checksrc warnings
configure: provide --with-wolfssl as an alias for --with-cyassl
cyassl: adapt to libraries without TLS 1.0 support built-in
http2: get rid of another strstr
checksrc: force indentation of lines after an else
cookies: remove unused macro
CURLINFO_PROTOCOL.3: mention the existing defined names
tests: provide 'manual' as a feature to optionally require
travis: enable libssh2 on both macos and Linux
CURLOPT_URL.3: added ENCODING section
wolfssl: Fix non-blocking connect
vtls: don't define MD5_DIGEST_LENGTH for wolfssl
docs: remove extraneous commas in man pages
URL: fix ASCII dependency in strcpy_url and strlen_url
ssh-libssh.c: fix left shift compiler warning
configure: only check for CA bundle for file-using SSL backends
travis: add an mbedtls build
http: don't set the "rewind" flag when not uploading anything
configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
transfer: don't unset writesockfd on setup of multiplexed conns
vtls: use unified "supports" bitfield member in backends
URLs: fix one more http url
travis: add a build using WolfSSL
openssl: change FILE ops to BIO ops
travis: add build using NSS
smb: reject negative file sizes
cookies: accept parameter names as cookie name
http2: getsock fix for uploads
all over: fixed format specifiers
http2: use the correct function pointer typedef
Bug: http://b/78771319
Test: builds, boots, `vendor/google/tools/fake-ota on streaming` works
Change-Id: Icfcaf6f3f6e5e00894d731c1623ebd66674bcb0d
diff --git a/configure.ac b/configure.ac
index 798fa5f..5569a26 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1053,13 +1053,13 @@
if test "$HAVE_BROTLI" = "1"; then
if test -n "$DIR_BROTLI"; then
dnl when the brotli shared libs were found in a path that the run-time
- dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
+ dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
dnl to prevent further configure tests to fail due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_BROTLI"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $DIR_BROTLI to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_BROTLI"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $DIR_BROTLI to CURL_LIBRARY_PATH])
fi
fi
else
@@ -1230,13 +1230,11 @@
dnl **********************************************************************
AC_MSG_CHECKING([if argv can be written to])
-AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
+CURL_RUN_IFELSE([
int main(int argc, char ** argv) {
argv[0][0] = ' ';
return (argv[0][0] == ' ')?0:1;
}
- ]])
],[
curl_cv_writable_argv=yes
],[
@@ -1811,15 +1809,16 @@
if test "$OPENSSL_ENABLED" = "1"; then
if test -n "$LIB_OPENSSL"; then
dnl when the ssl shared libs were found in a path that the run-time
- dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
+ dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
dnl to prevent further configure tests to fail due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_OPENSSL"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH])
fi
fi
CURL_CHECK_OPENSSL_API
+ check_for_ca_bundle=1
fi
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
@@ -1969,16 +1968,16 @@
if test "x$USE_GNUTLS" = "xyes"; then
AC_MSG_NOTICE([detected GnuTLS version $version])
-
+ check_for_ca_bundle=1
if test -n "$gtlslib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlslib"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$gtlslib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $gtlslib to CURL_LIBRARY_PATH])
fi
fi
AC_CHECK_FUNCS([gnutls_certificate_set_x509_key_file2 gnutls_alpn_set_protocols gnutls_ocsp_req_init])
@@ -2103,18 +2102,18 @@
if test "x$USE_POLARSSL" = "xyes"; then
AC_MSG_NOTICE([detected PolarSSL])
-
+ check_for_ca_bundle=1
LIBS="-lpolarssl $LIBS"
if test -n "$polarssllib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$polarssllib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $polarssllib to CURL_LIBRARY_PATH])
fi
fi
fi
@@ -2194,18 +2193,19 @@
if test "x$USE_MBEDTLS" = "xyes"; then
AC_MSG_NOTICE([detected mbedTLS])
+ check_for_ca_bundle=1
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
if test -n "$mbedtlslib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mbedtlslib"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $mbedtlslib to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$mbedtlslib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $mbedtlslib to CURL_LIBRARY_PATH])
fi
fi
fi
@@ -2229,6 +2229,12 @@
AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
OPT_CYASSL=$withval)
+dnl provide --with-wolfssl as an alias for --with-cyassl
+AC_ARG_WITH(wolfssl,dnl
+AC_HELP_STRING([--with-wolfssl=PATH],[where to look for WolfSSL, PATH points to the installation root (default: system lib default)])
+AC_HELP_STRING([--without-wolfssl], [disable WolfSSL detection]),
+ OPT_CYASSL=$withval)
+
if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then
ssl_msg=
@@ -2339,6 +2345,7 @@
if test "x$USE_CYASSL" = "xyes"; then
AC_MSG_NOTICE([detected $cyassllibname])
+ check_for_ca_bundle=1
dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
AC_CHECK_SIZEOF(long long)
@@ -2367,12 +2374,12 @@
if test -n "$cyassllib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$cyassllib"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $cyassllib to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$cyassllib"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $cyassllib to CURL_LIBRARY_PATH])
fi
fi
@@ -2498,12 +2505,12 @@
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
- dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+ dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$nssprefix/lib$libsuff"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to CURL_LIBRARY_PATH])
fi
fi dnl NSS found
@@ -2554,14 +2561,15 @@
AC_DEFINE(USE_AXTLS, 1, [if axTLS is enabled])
AC_SUBST(USE_AXTLS, [1])
AXTLS_ENABLED=1
+ check_for_ca_bundle=1
USE_AXTLS="yes"
ssl_msg="axTLS"
test axtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $LIB_AXTLS to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_AXTLS"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $LIB_AXTLS to CURL_LIBRARY_PATH])
fi
],[
LDFLAGS="$CLEANLDFLAGS"
@@ -2615,7 +2623,9 @@
dnl Check for the CA bundle
dnl **********************************************************************
-CURL_CHECK_CA_BUNDLE
+if test "$check_for_ca_bundle" -gt 0; then
+ CURL_CHECK_CA_BUNDLE
+fi
dnl **********************************************************************
dnl Check for libpsl
@@ -2802,13 +2812,13 @@
if test "$LIBSSH2_ENABLED" = "1"; then
if test -n "$DIR_SSH2"; then
dnl when the libssh2 shared libs were found in a path that the run-time
- dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
+ dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
dnl to prevent further configure tests to fail due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH2"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $DIR_SSH2 to CURL_LIBRARY_PATH])
fi
fi
else
@@ -2875,13 +2885,13 @@
if test "$LIBSSH_ENABLED" = "1"; then
if test -n "$DIR_SSH"; then
dnl when the libssh shared libs were found in a path that the run-time
- dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
+ dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
dnl to prevent further configure tests to fail due to this
if test "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $DIR_SSH to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $DIR_SSH to CURL_LIBRARY_PATH])
fi
fi
else
@@ -3217,9 +3227,9 @@
AC_SUBST([IDN_ENABLED], [1])
curl_idn_msg="enabled (libidn2)"
if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
- export LD_LIBRARY_PATH
- AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
+ CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$IDN_DIR"
+ export CURL_LIBRARY_PATH
+ AC_MSG_NOTICE([Added $IDN_DIR to CURL_LIBRARY_PATH])
fi
else
AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
@@ -3492,14 +3502,34 @@
#endif
])
+# check for sa_family_t
+AC_CHECK_TYPE(sa_family_t,
+ AC_DEFINE(CURL_SA_FAMILY_T, sa_family_t, [IP address type in sockaddr]),
+ [
+ # The windows name?
+ AC_CHECK_TYPE(ADDRESS_FAMILY,
+ AC_DEFINE(CURL_SA_FAMILY_T, ADDRESS_FAMILY, [IP address type in sockaddr]),
+ AC_DEFINE(CURL_SA_FAMILY_T, unsigned short, [IP address type in sockaddr]),
+ [
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+ ])
+ ],
+[
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+])
+
AC_MSG_CHECKING([if time_t is unsigned])
-AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
+CURL_RUN_IFELSE(
+ [
#include <time.h>
#include <limits.h>
time_t t = -1;
return (t > 0);
- ]])] ,[
+ ],[
AC_MSG_RESULT([yes])
AC_DEFINE(HAVE_TIME_T_UNSIGNED, 1, [Define this if time_t is unsigned])
],[