| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Changelog |
| |
| Version 7.60.0 (15 May 2018) |
| |
| Daniel Stenberg (15 May 2018) |
| - RELEASE-NOTES: 7.60.0 release |
| |
| - THANKS: added people from the curl 7.60.0 release |
| |
| - docs/libcurl/index.html: removed |
| |
| The HTML files are long gone from the dist, now remove the last HTML |
| file pointing to those missing files. |
| |
| d |
| |
| - [steini2000 brought this change] |
| |
| http2: remove unused variable |
| |
| Closes #2570 |
| |
| - [steini2000 brought this change] |
| |
| http2: use easy handle of stream for logging |
| |
| - gcc: disable picky gcc-8 function pointer warnings in two places |
| |
| Reported-by: Rikard Falkeborn |
| Bug: #2560 |
| Closes #2569 |
| |
| - http2: use the correct function pointer typedef |
| |
| Fixes gcc-8 picky compiler warnings |
| Reported-by: Rikard Falkeborn |
| Bug: #2560 |
| Closes #2568 |
| |
| - CODE_STYLE: mention return w/o parens, but sizeof with |
| |
| ... and remove the github markdown syntax so that it renders better on |
| the web site. Also, don't use back-ticks inlined to allow the CSS to |
| highlight source code better. |
| |
| - [Rikard Falkeborn brought this change] |
| |
| examples: Fix format specifiers |
| |
| Closes #2561 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| tool: Fix format specifiers |
| |
| - [Rikard Falkeborn brought this change] |
| |
| ntlm: Fix format specifiers |
| |
| - [Rikard Falkeborn brought this change] |
| |
| tests: Fix format specifiers |
| |
| - [Rikard Falkeborn brought this change] |
| |
| lib: Fix format specifiers |
| |
| - contributors.sh: use "on github", not at |
| |
| - http2: getsock fix for uploads |
| |
| When there's an upload in progress, make sure to wait for the socket to |
| become writable. |
| |
| Detected-by: steini2000 on github |
| Bug: #2520 |
| Closes #2567 |
| |
| - pingpong: fix response cache memcpy overflow |
| |
| Response data for a handle with a large buffer might be cached and then |
| used with the "closure" handle when it has a smaller buffer and then the |
| larger cache will be copied and overflow the new smaller heap based |
| buffer. |
| |
| Reported-by: Dario Weisser |
| CVE: CVE-2018-1000300 |
| Bug: https://curl.haxx.se/docs/adv_2018-82c2.html |
| |
| - http: restore buffer pointer when bad response-line is parsed |
| |
| ... leaving the k->str could lead to buffer over-reads later on. |
| |
| CVE: CVE-2018-1000301 |
| Assisted-by: Max Dymond |
| |
| Detected by OSS-Fuzz. |
| Bug: https://curl.haxx.se/docs/adv_2018-b138.html |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105 |
| |
| Patrick Monnerat (13 May 2018) |
| - cookies: do not take cookie name as a parameter |
| |
| RFC 6265 section 4.2.1 does not set restrictions on cookie names. |
| This is a follow-up to commit 7f7fcd0. |
| Also explicitly check proper syntax of cookie name/value pair. |
| |
| New test 1155 checks that cookie names are not reserved words. |
| |
| Reported-By: anshnd at github |
| Fixes #2564 |
| Closes #2566 |
| |
| Daniel Stenberg (12 May 2018) |
| - smb: reject negative file sizes |
| |
| Assisted-by: Max Dymond |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245 |
| |
| - setup_transfer: deal with both sockets being -1 |
| |
| Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would |
| index the array with -1 if neither index was a socket. |
| |
| - travis: add build using NSS |
| |
| Closes #2558 |
| |
| - [Sunny Purushe brought this change] |
| |
| openssl: change FILE ops to BIO ops |
| |
| To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES |
| handling is causing problems. This fix changes the OpenSSL backend code |
| to use BIO functions instead of FILE I/O functions to circumvent those |
| problems. |
| |
| Closes #2512 |
| |
| - travis: add a build using WolfSSL |
| |
| Assisted-by: Dan Fandrich |
| |
| Closes #2528 |
| |
| - RELEASE-NOTES: typo |
| |
| - RELEASE-NOTES: synced |
| |
| - [Daniel Gustafsson brought this change] |
| |
| URLs: fix one more http url |
| |
| This file wasn't included in commit 4af40b3646d3b09 which updated all |
| haxx.se http urls to https. The file was committed prior to that update, |
| but may have been merged after it and hence didn't get updated. |
| |
| Closes #2550 |
| |
| - github/lock: auto-lock closed issues after 90 days of inactivity |
| |
| - vtls: fix missing commas |
| |
| follow-up to e66cca046cef |
| |
| - vtls: use unified "supports" bitfield member in backends |
| |
| ... instead of previous separate struct fields, to make it easier to |
| extend and change individual backends without having to modify them all. |
| |
| closes #2547 |
| |
| - transfer: don't unset writesockfd on setup of multiplexed conns |
| |
| Curl_setup_transfer() can be called to setup a new individual transfer |
| over a multiplexed connection so it shouldn't unset writesockfd. |
| |
| Bug: #2520 |
| Closes #2549 |
| |
| - [Frank Gevaerts brought this change] |
| |
| configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h |
| |
| They are removed from the compiler flags. |
| |
| This ensures that make dependency tracking will force a rebuild whenever |
| configure --enable-debug or --enable-curldebug changes. |
| |
| Closes #2548 |
| |
| - http: don't set the "rewind" flag when not uploading anything |
| |
| It triggers an assert. |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144 |
| Closes #2546 |
| |
| - travis: add an mbedtls build |
| |
| Closes #2531 |
| |
| - configure: only check for CA bundle for file-using SSL backends |
| |
| When only building with SSL backends that don't use the CA bundle file |
| (by default), skip the check. |
| |
| Fixes #2543 |
| Fixes #2180 |
| Closes #2545 |
| |
| - ssh-libssh.c: fix left shift compiler warning |
| |
| ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to |
| represent, but 'int' only has 32 bits [-Wshift-overflow=] |
| |
| 'len' will never be that big anyway so I converted the run-time check to |
| a regular assert. |
| |
| - [Stephan Mühlstrasser brought this change] |
| |
| URL: fix ASCII dependency in strcpy_url and strlen_url |
| |
| Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the |
| changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of |
| the problem that strcpy_url() was modified unilaterally without also |
| modifying strlen_url(). As a consequence strcpy_url() was again |
| depending on ASCII encoding. |
| |
| This change fixes strlen_url() and strcpy_url() in parallel to use a |
| common host-encoding independent criterion for deciding whether an URL |
| character must be %-escaped. |
| |
| Closes #2535 |
| |
| - [Denis Ollier brought this change] |
| |
| docs: remove extraneous commas in man pages |
| |
| Closes #2544 |
| |
| - RELEASE-NOTES: synced |
| |
| - Revert "TODO: remove configure --disable-pthreads" |
| |
| This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3. |
| |
| --disable-pthreads can be used to disable pthreads and get the threaded |
| resolver to use the windows threading when building with mingw. |
| |
| - vtls: don't define MD5_DIGEST_LENGTH for wolfssl |
| |
| ... as it defines it (too) |
| |
| - TODO: remove configure --disable-pthreads |
| |
| Jay Satiro (2 May 2018) |
| - [David Garske brought this change] |
| |
| wolfssl: Fix non-blocking connect |
| |
| Closes https://github.com/curl/curl/pull/2542 |
| |
| Daniel Stenberg (30 Apr 2018) |
| - CURLOPT_URL.3: add ENCODING section [ci skip] |
| |
| Feedback-by: Michael Kilburn |
| |
| - KNOWN_BUGS: Client cert with Issuer DN differs between backends |
| |
| Closes #1411 |
| |
| - KNOWN_BUGS: Passive transfer tries only one IP address |
| |
| Closes #1508 |
| |
| - KNOWN_BUGS: --upload-file . hang if delay in STDIN |
| |
| Closes #2051 |
| |
| - KNOWN_BUGS: Connection information when using TCP Fast Open |
| |
| Closes #1332 |
| |
| - travis: enable libssh2 on both macos and Linux |
| |
| It seems to not be detected by default anymore (which is a bug I |
| believe) |
| |
| Closes #2541 |
| |
| - TODO: Support the clienthello extension |
| |
| Closes #2299 |
| |
| - TODO: CLOEXEC |
| |
| Closes #2252 |
| |
| - tests: provide 'manual' as a feature to optionally require |
| |
| ... and make test 1026 rely on that feature so that --disable-manual |
| builds don't cause test failures. |
| |
| Reported-by: Max Dymond and Anders Roxell |
| Fixes #2533 |
| Closes #2540 |
| |
| - CURLINFO_PROTOCOL.3: mention the existing defined names |
| |
| Jay Satiro (27 Apr 2018) |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: remove unused macro |
| |
| Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, |
| so remove as it's not part of the published API. |
| |
| Closes https://github.com/curl/curl/pull/2537 |
| |
| Daniel Stenberg (27 Apr 2018) |
| - [Daniel Gustafsson brought this change] |
| |
| checksrc: force indentation of lines after an else |
| |
| This extends the INDENTATION case to also handle 'else' statements |
| and require proper indentation on the following line. Also fixes the |
| offending cases found in the codebase. |
| |
| Closes #2532 |
| |
| - http2: fix null pointer dereference in http2_connisdead |
| |
| This function can get called on a connection that isn't setup enough to |
| have the 'recv_underlying' function pointer initialized so it would try |
| to call the NULL pointer. |
| |
| Reported-by: Dario Weisser |
| |
| Follow-up to db1b2c7fe9b093f8 (never shipped in a release) |
| Closes #2536 |
| |
| - http2: get rid of another strstr() |
| |
| Follow-up to 1514c44655e12e: replace another strstr() call done on a |
| buffer that might not be zero terminated - with a memchr() call, even if |
| we know the substring will be found. |
| |
| Assisted-by: Max Dymond |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 |
| |
| Closes #2534 |
| |
| - cyassl: adapt to libraries without TLS 1.0 support built-in |
| |
| WolfSSL doesn't enable it by default anymore |
| |
| - configure: provide --with-wolfssl as an alias for --with-cyassl |
| |
| - RELEASE-NOTES: synced |
| |
| - [Daniel Gustafsson brought this change] |
| |
| os400.c: fix ASSIGNWITHINCONDITION checksrc warnings |
| |
| All occurrences of assignment within conditional expression in |
| os400sys.c rewritten into two steps: first assignment and then the check |
| on the success of the assignment. Also adjust related incorrect brace |
| positions to match project indentation style. |
| |
| This was spurred by seeing "if((inp = input_token))", but while in there |
| all warnings were fixed. |
| |
| There should be no functional change from these changes. |
| |
| Closes #2525 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: ensure that we have cookies before writing jar |
| |
| The jar should be written iff there are cookies, so ensure that we still |
| have cookies after expiration to avoid creating an empty file. |
| |
| Closes #2529 |
| |
| - strcpy_url: only %-encode values >= 0x80 |
| |
| OSS-Fuzz detected |
| |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 |
| |
| Broke in dd7521bcc1b7 |
| |
| - mime: avoid NULL pointer dereference risk |
| |
| Coverity detected, CID 1435120 |
| |
| Closes #2527 |
| |
| - [Stephan Mühlstrasser brought this change] |
| |
| ctype: restore character classification for non-ASCII platforms |
| |
| With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic |
| character classification macros and functions were introduced in |
| curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on |
| non-ASCII, e.g. EBCDIC platforms. This change restores the previous set |
| of character classification macros when CURL_DOES_CONVERSIONS is |
| defined. |
| |
| Closes #2494 |
| |
| - ftplistparser: keep state between invokes |
| |
| Fixes FTP wildcard parsing when done over a number of read buffers. |
| |
| Regression from f786d1f14 |
| |
| Reported-by: wncboy on github |
| Fixes #2445 |
| Closes #2526 |
| |
| - examples/http2-upload: expand buffer to avoid silly warning |
| |
| http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated |
| writing between 2 and 11 bytes into a region of size between 8 and 17 |
| |
| - examples/sftpuploadresume: typecast fseek argument to long |
| |
| /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long |
| int' from 'curl_off_t {aka long long int}' may alter its value |
| |
| - Revert "ftplistparser: keep state between invokes" |
| |
| This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. |
| |
| Caused fuzzer problems on travis not seen when this was a PR! |
| |
| - Curl_memchr: zero length input can't match |
| |
| Avoids undefined behavior. |
| |
| Reported-by: Geeknik Labs |
| |
| - ftplistparser: keep state between invokes |
| |
| Fixes FTP wildcard parsing when doing over a number of read buffers. |
| |
| Regression from f786d1f14 |
| |
| Reported-by: wncboy on github |
| Fixes #2445 |
| Closes #2519 |
| |
| - ftplistparser: renamed some members and variables |
| |
| ... to make them better spell out what they're for. |
| |
| - RELEASE-NOTES: synced |
| |
| - [Christian Schmitz brought this change] |
| |
| curl_global_sslset: always provide available backends |
| |
| Closes #2499 |
| |
| - http2: convert an assert to run-time check |
| |
| Fuzzing has proven we can reach code in on_frame_recv with status_code |
| not having been set, so let's detect that in run-time (instead of with |
| assert) and error error accordingly. |
| |
| (This should no longer happen with the latest nghttp2) |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 |
| Closes #2514 |
| |
| - curl.1: clarify that options and URLs can be mixed |
| |
| Fixes #2515 |
| Closes #2517 |
| |
| Jay Satiro (23 Apr 2018) |
| - [Archangel_SDY brought this change] |
| |
| CURLOPT_SSLCERT.3: improve WinSSL-specific usage info |
| |
| Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780 |
| |
| Closes https://github.com/curl/curl/pull/2504 |
| |
| - [Archangel_SDY brought this change] |
| |
| schannel: fix build error on targets <= XP |
| |
| - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't |
| support the latter. |
| |
| Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 |
| |
| Closes https://github.com/curl/curl/pull/2504 |
| |
| Daniel Stenberg (23 Apr 2018) |
| - Revert "ftplistparser: keep state between invokes" |
| |
| This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9. |
| |
| Unfortunately this fix introduces memory leaks I've not been able to fix |
| in several days. Reverting this for now to get the leaks fixed. |
| |
| Jay Satiro (21 Apr 2018) |
| - tool_help: clarify --max-time unit of time is seconds |
| |
| Before: |
| -m, --max-time <time> Maximum time allowed for the transfer |
| |
| After: |
| -m, --max-time <seconds> Maximum time allowed for the transfer |
| |
| Daniel Stenberg (20 Apr 2018) |
| - http2: handle GOAWAY properly |
| |
| When receiving REFUSED_STREAM, mark the connection for close and retry |
| streams accordingly on another/fresh connection. |
| |
| Reported-by: Terry Wu |
| Fixes #2416 |
| Fixes #1618 |
| Closes #2510 |
| |
| - http2: clear the "drain counter" when a stream is closed |
| |
| This fixes the notorious "httpc->drain_total >= data->state.drain" |
| assert. |
| |
| Reported-by: Anders Bakken |
| |
| Fixes #1680 |
| Closes #2509 |
| |
| - http2: avoid strstr() on data not zero terminated |
| |
| It's not strictly clear if the API contract allows us to call strstr() |
| on a string that isn't zero terminated even when we know it will find |
| the substring, and clang's ASAN check dislikes us for it. |
| |
| Also added a check of the return code in case it fails, even if I can't |
| think of a situation how that can trigger. |
| |
| Detected by OSS-Fuzz |
| Closes #2513 |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760 |
| |
| - [Stephan Mühlstrasser brought this change] |
| |
| openssl: fix subjectAltName check on non-ASCII platforms |
| |
| Curl_cert_hostcheck operates with the host character set, therefore the |
| ASCII subjectAltName string retrieved with OpenSSL must be converted to |
| the host encoding before comparison. |
| |
| Closes #2493 |
| |
| Jay Satiro (20 Apr 2018) |
| - openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages |
| |
| - Support handling verbose-mode trace messages of type |
| SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, |
| SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, |
| SSL3_MT_MESSAGE_HASH |
| |
| Reported-by: iz8mbw@users.noreply.github.com |
| |
| Fixes https://github.com/curl/curl/issues/2403 |
| |
| Daniel Stenberg (19 Apr 2018) |
| - ftplistparser: keep state between invokes |
| |
| Regression from f786d1f14 |
| |
| Reported-by: wncboy on github |
| Fixes #2445 |
| Closes #2508 |
| |
| - detect_proxy: only show proxy use if it had contents |
| |
| - http2: handle on_begin_headers() called more than once |
| |
| This triggered an assert if called more than once in debug mode (and a |
| memory leak if not debug build). With the right sequence of HTTP/2 |
| headers incoming it can happen. |
| |
| Detected by OSS-Fuzz |
| |
| Closes #2507 |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764 |
| |
| Jay Satiro (18 Apr 2018) |
| - [Dan McNulty brought this change] |
| |
| schannel: add support for CURLOPT_CAINFO |
| |
| - Move verify_certificate functionality in schannel.c into a new |
| file called schannel_verify.c. Additionally, some structure defintions |
| from schannel.c have been moved to schannel.h to allow them to be |
| used in schannel_verify.c. |
| |
| - Make verify_certificate functionality for Schannel available on |
| all versions of Windows instead of just Windows CE. verify_certificate |
| will be invoked on Windows CE or when the user specifies |
| CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. |
| |
| - In verify_certificate, create a custom certificate chain engine that |
| exclusively trusts the certificate store backed by the CURLOPT_CAINFO |
| file. |
| |
| - doc updates of --cacert/CAINFO support for schannel |
| |
| - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString |
| when available. This implements a TODO in schannel.c to improve |
| handling of multiple SANs in a certificate. In particular, all SANs |
| will now be searched instead of just the first name. |
| |
| - Update tool_operate.c to not search for the curl-ca-bundle.crt file |
| when using Schannel to maintain backward compatibility. Previously, |
| any curl-ca-bundle.crt file found in that search would have been |
| ignored by Schannel. But, with CAINFO support, the file found by |
| that search would have been used as the certificate store and |
| could cause issues for any users that have curl-ca-bundle.crt in |
| the search path. |
| |
| - Update url.c to not set the build time CURL_CA_BUNDLE if the selected |
| SSL backend is Schannel. We allow setting CA location for schannel |
| only when explicitly specified by the user via CURLOPT_CAINFO / |
| --cacert. |
| |
| - Add new test cases 3000 and 3001. These test cases check that the first |
| and last SAN, respectively, matches the connection hostname. New test |
| certificates have been added for these cases. For 3000, the certificate |
| prefix is Server-localhost-firstSAN and for 3001, the certificate |
| prefix is Server-localhost-secondSAN. |
| |
| - Remove TODO 15.2 (Add support for custom server certificate |
| validation), this commit addresses it. |
| |
| Closes https://github.com/curl/curl/pull/1325 |
| |
| - schannel: fix warning |
| |
| - Fix warning 'integer from pointer without a cast' on 3rd arg in |
| CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer |
| type of the same size. |
| |
| Follow-up to e35b025. |
| |
| Caught by Marc's CI builds. |
| |
| - [Jakub Wilk brought this change] |
| |
| docs: fix typos |
| |
| Closes https://github.com/curl/curl/pull/2503 |
| |
| Daniel Stenberg (17 Apr 2018) |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (17 Apr 2018) |
| - [Kees Dekker brought this change] |
| |
| winbuild: Support custom devel paths for each dependency |
| |
| - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2, |
| OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH, |
| NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH. |
| |
| - Use lib.exe for making the static library instead of link.exe /lib. |
| The latter is undocumented and could cause problems as noted in the |
| comments. |
| |
| - Remove a dangling URL that no longer worked. (I was not able to find |
| the IDN download at MSDN/microsoft.com, so it seems to be removed.) |
| |
| - Remove custom override for release-ssh2-ssl-dll-zlib configuration. |
| Nobody knows why it was there and as far as we can see is unnecessary. |
| |
| Closes https://github.com/curl/curl/pull/2474 |
| |
| Daniel Stenberg (17 Apr 2018) |
| - [Jess brought this change] |
| |
| README.md: add backers and sponsors |
| |
| Closes #2484 |
| |
| - [Archangel_SDY brought this change] |
| |
| schannel: add client certificate authentication |
| |
| Users can now specify a client certificate in system certificates store |
| explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` |
| |
| Closes #2376 |
| |
| Marcel Raad (16 Apr 2018) |
| - [toughengineer brought this change] |
| |
| ntlm_sspi: fix authentication using Credential Manager |
| |
| If you pass empty user/pass asking curl to use Windows Credential |
| Storage (as stated in the docs) and it has valid credentials for the |
| domain, e.g. |
| curl -v -u : --ntlm example.com |
| currently authentication fails. |
| This change fixes it by providing proper SPN string to the SSPI API |
| calls. |
| |
| Fixes https://github.com/curl/curl/issues/1622 |
| Closes https://github.com/curl/curl/pull/1660 |
| |
| Daniel Stenberg (16 Apr 2018) |
| - configure: keep LD_LIBRARY_PATH changes local |
| |
| ... only set it when we actually have to run tests to reduce its impact |
| on for example build commands etc. |
| |
| Fixes #2490 |
| Closes #2492 |
| |
| Reported-by: Dmitry Mikhirev |
| |
| Marcel Raad (16 Apr 2018) |
| - urldata: make service names unconditional |
| |
| The ifdefs have become quite long. Also, the condition for the |
| definition of CURLOPT_SERVICE_NAME and for setting it from |
| CURLOPT_SERVICE_NAME have diverged. We will soon also need the two |
| options for NTLM, at least when using SSPI, for |
| https://github.com/curl/curl/pull/1660. |
| Just make the definitions unconditional to make that easier. |
| |
| Closes https://github.com/curl/curl/pull/2479 |
| |
| Daniel Stenberg (16 Apr 2018) |
| - test1148: tolerate progress updates better |
| |
| Fixes #2446 |
| Closes #2488 |
| |
| - [Christian Schmitz brought this change] |
| |
| ssh: show libSSH2 error code when closing fails |
| |
| Closes #2500 |
| |
| Jay Satiro (15 Apr 2018) |
| - [Daniel Gustafsson brought this change] |
| |
| vauth: Fix typo |
| |
| Address various spellings of "credentials". |
| |
| Closes https://github.com/curl/curl/pull/2496 |
| |
| - [Dagobert Michelsen brought this change] |
| |
| system.h: Add sparcv8plus to oracle/sunpro 32-bit detection |
| |
| With specific compiler options selecting the arch like -xarch=sparc on |
| newer compilers like Oracle Studio 12.4 there is no definition of |
| __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the |
| 32ÎíÎñbit subset defined by the V8plus ISA specification, without the |
| Visual Instruction Set (VIS), and without other implementation-specific |
| ISA extensions. So it should be the same as __sparcv8. |
| |
| Closes https://github.com/curl/curl/pull/2491 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| checksrc: Fix typo |
| |
| Fix typo in "semicolon" spelling and remove stray tab character. |
| |
| Closes https://github.com/curl/curl/pull/2498 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| all: Refactor malloc+memset to use calloc |
| |
| When a zeroed out allocation is required, use calloc() rather than |
| malloc() followed by an explicit memset(). The result will be the |
| same, but using calloc() everywhere increases consistency in the |
| codebase and avoids the risk of subtle bugs when code is injected |
| between malloc and memset by accident. |
| |
| Closes https://github.com/curl/curl/pull/2497 |
| |
| Daniel Stenberg (12 Apr 2018) |
| - duphandle: make sure CURLOPT_RESOLVE is duplicated fine too |
| |
| Verified in test 1502 now |
| |
| Fixes #2485 |
| Closes #2486 |
| Reported-by: Ernst Sjöstrand |
| |
| - mailmap: add a monnerat fixup [ci skip] |
| |
| - proxy: show getenv proxy use in verbose output |
| |
| ... to aid debugging etc as it sometimes isn't immediately obvious why |
| curl uses or doesn't use a proxy. |
| |
| Inspired by #2477 |
| |
| Closes #2480 |
| |
| - travis: build libpsl and make builds use it |
| |
| closes #2471 |
| |
| - travis: bump to clang 6 and gcc 7 |
| |
| Extra-eye-on-this-by: Marcel Raad |
| |
| Closes #2478 |
| |
| Marcel Raad (10 Apr 2018) |
| - travis: use trusty for coverage build |
| |
| This works now and precise is in the process of being decommissioned. |
| |
| Closes https://github.com/curl/curl/pull/2476 |
| |
| - lib: silence null-dereference warnings |
| |
| In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings |
| when dereferencing pointers after DEBUGASSERT-ing that they are not |
| NULL. |
| Fix this by removing the DEBUGASSERTs. |
| |
| Suggested-by: Daniel Stenberg |
| Ref: https://github.com/curl/curl/pull/2463 |
| |
| - [Kees Dekker brought this change] |
| |
| winbuild: fix URL |
| |
| Follow up on https://github.com/curl/curl/pull/2472. |
| Now using en-us instead of nl-nl as language code in the URL. |
| |
| Closes https://github.com/curl/curl/pull/2475 |
| |
| Daniel Stenberg (9 Apr 2018) |
| - [Kees Dekker brought this change] |
| |
| winbuild: updated the documentation |
| |
| The setenv command no longer exists and visual studio build prompts got |
| changed. Used Visual Studio 2015/2017 as reference. |
| |
| Closes #2472 |
| |
| - test1136: fix cookie order after commit c990eadd1277 |
| |
| - build: cleanup to fix clang warnings/errors |
| |
| unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a |
| cast from integer to pointer is a GNU extension |
| |
| Reported-by: Rikard Falkeborn |
| |
| Fixes #2466 |
| Closes #2468 |
| |
| Jay Satiro (7 Apr 2018) |
| - examples/sftpuploadresmue: Fix Windows large file seek |
| |
| - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows. |
| |
| - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print |
| curl_off_t. |
| |
| Caught by Marc's CI builds. |
| |
| Daniel Stenberg (7 Apr 2018) |
| - curl_setup: provide a CURL_SA_FAMILY_T type if none exists |
| |
| ... and use this type instead of 'sa_family_t' in the code since several |
| platforms don't have it. |
| |
| Closes #2463 |
| |
| - [Eric Gallager brought this change] |
| |
| build: add picky compiler warning flags for gcc 6 and 7 |
| |
| - configure: detect sa_family_t |
| |
| Jay Satiro (7 Apr 2018) |
| - [Stefan Agner brought this change] |
| |
| tool_operate: Fix retry on FTP 4xx to ignore other protocols |
| |
| Only treat response code as FTP response codes in case the |
| protocol type is FTP. |
| |
| This fixes an issue where an HTTP download was treated as FTP |
| in case libcurl returned with 33. This happens when the |
| download has already finished and the server responses 416: |
| HTTP/1.1 416 Requested Range Not Satisfiable |
| |
| This should not be treated as an FTP error. |
| |
| Fixes #2464 |
| Closes #2465 |
| |
| Daniel Stenberg (6 Apr 2018) |
| - hash: calculate sizes with size_t instead of longs |
| |
| ... since they return size_t anyway! |
| |
| closes #2462 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Jay Satiro brought this change] |
| |
| build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 |
| |
| .. and do the same for build-wolfssl.bat. |
| |
| Because MS calls it VC14.1. |
| |
| Closes https://github.com/curl/curl/pull/2189 |
| |
| - [Kees Dekker brought this change] |
| |
| winbuild: make the clean target work without build-type |
| |
| Due to the check in Makefile.vc and MakefileBuild.vc, no make call can |
| be invoked unless a build-type was specified. However, a clean target |
| only existed when a build type was specified. As a result, the clean |
| target was unreachable. Made clean target unconditional. |
| |
| Closes #2455 |
| |
| - [patelvivekv1993 brought this change] |
| |
| build-openssl.bat: allow custom paths for VS and perl |
| |
| Fixes #2430 |
| Closes #2457 |
| |
| - [Laurie Clark-Michalek brought this change] |
| |
| FTP: allow PASV on IPv6 connections when a proxy is being used |
| |
| In the situation of a client connecting to an FTP server using an IPv6 |
| tunnel proxy, the connection info will indicate that the connection is |
| IPv6. However, because the server behing the proxy is IPv4, it is |
| permissable to attempt PSV mode. In the case of the FTP server being |
| IPv4 only, EPSV will always fail, and with the current logic curl will |
| be unable to connect to the server, as the IPv6 fwdproxy causes curl to |
| think that EPSV is impossible. |
| |
| Closes #2432 |
| |
| - [Jon DeVree brought this change] |
| |
| file: restore old behavior for file:////foo/bar URLs |
| |
| curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC |
| 8089 but then returns an error saying this is unimplemented. This is |
| actually a regression in behavior on both Windows and Unix. |
| |
| Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and |
| then passed to the relevant OS API. This means that the behavior of this |
| case is actually OS dependent. |
| |
| The Unix path resolution rules say that the OS must handle swallowing |
| the extra "/" and so this path is the same as "/foo/bar" |
| |
| The Windows path resolution rules say that this is a UNC path and |
| automatically handles the SMB access for the program. So curl on Windows |
| was already doing Appendix E.3.2 without any special code in curl. |
| |
| Regression |
| |
| Closes #2438 |
| |
| - [Gaurav Malhotra brought this change] |
| |
| Revert "openssl: Don't add verify locations when verifypeer==0" |
| |
| This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. |
| |
| libcurl (with the OpenSSL backend) performs server certificate verification |
| even if verifypeer == 0 and the verification result is available using |
| CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the |
| CURLINFO_SSL_VERIFYRESULT to not have useful information for the |
| verifypeer == 0 use case (it would always have |
| X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). |
| |
| Closes #2451 |
| |
| - [Wyatt O'Day brought this change] |
| |
| tls: fix mbedTLS 2.7.0 build + handle sha256 failures |
| |
| (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) |
| |
| Closes #2453 |
| |
| - [Lauri Kasanen brought this change] |
| |
| cookie: case-insensitive hashing for the domains |
| |
| closes #2458 |
| |
| Patrick Monnerat (4 Apr 2018) |
| - cookie: fix and optimize 2nd top level domain name extraction |
| |
| This fixes a segfault occurring when a name of the (invalid) form "domain..tld" |
| is processed. |
| |
| test46 updated to cover this case. |
| |
| Follow-up to commit c990ead. |
| |
| Ref: https://github.com/curl/curl/pull/2440 |
| |
| Daniel Stenberg (4 Apr 2018) |
| - openssl: provide defines for argument typecasts to build warning-free |
| |
| ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types. |
| |
| - [Bernard Spil brought this change] |
| |
| openssl: fix build with LibreSSL 2.7 |
| |
| - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API |
| |
| Fixes #2319 |
| Closes #2447 |
| Closes #2448 |
| |
| Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> |
| |
| - [Lauri Kasanen brought this change] |
| |
| cookie: store cookies per top-level-domain-specific hash table |
| |
| This makes libcurl handle thousands of cookies much better and speedier. |
| |
| Closes #2440 |
| |
| - [Lauri Kasanen brought this change] |
| |
| cookies: when reading from a file, only remove_expired once |
| |
| This drops the cookie load time for 8k cookies from 178ms to 15ms. |
| |
| Closes #2441 |
| |
| - test1148: set a fixed locale for the test |
| |
| ...as otherwise it might use a different decimal sign. |
| |
| Bug: #2436 |
| Reported-by: Oumph on github |
| |
| Jay Satiro (31 Mar 2018) |
| - docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T |
| |
| - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. |
| |
| For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html |
| Reported-by: David L. |
| |
| Sergei Nikulov (27 Mar 2018) |
| - [Michał Janiszewski brought this change] |
| |
| cmake: Add advapi32 as explicit link library for win32 |
| |
| ARM targets need advapi32 explicitly. |
| |
| Closes #2363 |
| |
| Daniel Stenberg (27 Mar 2018) |
| - TODO: connection cache sharing is now supporte |
| |
| Jay Satiro (26 Mar 2018) |
| - travis: enable apt retry on fail |
| |
| This is a workaround for an unsolved travis issue that is causing CI |
| instances to sporadically fail due to 'unable to connect' issues during |
| apt stage. |
| |
| Ref: https://github.com/travis-ci/travis-ci/issues/8507 |
| Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909 |
| |
| Michael Kaufmann (26 Mar 2018) |
| - runtests.pl: fix warning 'use of uninitialized value' |
| |
| follow-up to a9a7b60 |
| |
| Closes #2428 |
| |
| Daniel Stenberg (24 Mar 2018) |
| - gitignore: ignore more generated files |
| |
| - threaded resolver: track resolver time and set suitable timeout values |
| |
| In order to make curl_multi_timeout() return suitable "sleep" times even |
| when there's no socket to wait for while the name is being resolved in a |
| helper thread. |
| |
| It will increases the timeouts as time passes. |
| |
| Closes #2419 |
| |
| - [Howard Chu brought this change] |
| |
| openldap: fix for NULL return from ldap_get_attribute_ber() |
| |
| Closes #2399 |
| |
| GitHub (22 Mar 2018) |
| - [Sergei Nikulov brought this change] |
| |
| travis-ci: enable -Werror for CMake builds (#2418) |
| |
| - [Sergei Nikulov brought this change] |
| |
| cmake: avoid warn-as-error during config checks (#2411) |
| |
| - Move the CURL_WERROR option processing after the configuration checks |
| to avoid failures in case of warnings during the configuration checks. |
| |
| This is a partial fix for #2358 |
| |
| - [Sergei Nikulov brought this change] |
| |
| timeval: remove compilation warning by casting (#2417) |
| |
| This is fixes #2358 |
| |
| Daniel Stenberg (22 Mar 2018) |
| - http2: read pending frames (including GOAWAY) in connection-check |
| |
| If a connection has received a GOAWAY frame while not being used, the |
| function now reads frames off the connection before trying to reuse it |
| to avoid reusing connections the server has told us not to use. |
| |
| Reported-by: Alex Baines |
| Fixes #1967 |
| Closes #2402 |
| |
| - [Bas van Schaik brought this change] |
| |
| CI: add lgtm.yml for tweaking lgtm.com analysis |
| |
| Closes #2414 |
| |
| - CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text |
| |
| Reported-by: Michal Trybus |
| |
| Fixes #2400 |
| |
| - TODO: expand ~/ in config files |
| |
| Closes #2317 |
| |
| - cookie.d: mention that "-" as filename means stdin |
| |
| Reported-by: Dongliang Mu |
| Fixes #2410 |
| |
| - CURLINFO_COOKIELIST.3: made the example not leak memory |
| |
| Reported-by: Muz Dima |
| |
| - vauth/cleartext: fix integer overflow check |
| |
| Make the integer overflow check not rely on the undefined behavior that |
| a size_t wraps around on overflow. |
| |
| Detected by lgtm.com |
| Closes #2408 |
| |
| - lib/curl_path.h: add #ifdef header guard |
| |
| Detected by lgtm.com |
| |
| - vauth/ntlm.h: fix the #ifdef header guard |
| |
| Detected by lgtm.com |
| |
| Jay Satiro (20 Mar 2018) |
| - examples/hiperfifo: checksrc compliance |
| |
| Daniel Stenberg (19 Mar 2018) |
| - [Nikos Tsipinakis brought this change] |
| |
| parsedate: support UT timezone |
| |
| RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with |
| GMT. |
| |
| Closes #2401 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Don brought this change] |
| |
| cmake: add support for brotli |
| |
| Currently CMake cannot detect Brotli support. This adds detection of the |
| libraries and associated header files. It also adds this to the |
| generated config. |
| |
| Closes #2392 |
| |
| - [Chris Araman brought this change] |
| |
| darwinssl: fix iOS build |
| |
| Patrick Monnerat (18 Mar 2018) |
| - ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES |
| |
| Daniel Stenberg (17 Mar 2018) |
| - [Rick Deist brought this change] |
| |
| resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES |
| |
| This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request |
| shuffling of IP addresses returned for a hostname when there is more |
| than one. This is useful when the application knows that a round robin |
| approach is appropriate and is willing to accept the consequences of |
| potentially discarding some preference order returned by the system's |
| implementation. |
| |
| Closes #1694 |
| |
| - add_handle/easy_perform: clear errorbuffer on start if set |
| |
| To offer applications a more defined behavior, we clear the buffer as |
| early as possible. |
| |
| Assisted-by: Jay Satiro |
| |
| Fixes #2190 |
| Closes #2377 |
| |
| - [Lawrence Matthews brought this change] |
| |
| CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol |
| |
| Add --haproxy-protocol for the command line tool |
| |
| Closes #2162 |
| |
| - curl_version_info.3: fix ssl_version description |
| |
| Reported-by: Vincas Razma |
| Fixes #2364 |
| |
| - multi: improved pending transfers handling => improved performance |
| |
| When a transfer is requested to get done and it is put in the pending |
| queue when limited by number of connections, total or per-host, libcurl |
| would previously very aggressively retry *ALL* pending transfers to get |
| them transferring. That was very time consuming. |
| |
| By reducing the aggressiveness in how pending are being retried, we |
| waste MUCH less time on putting transfers back into pending again. |
| |
| Some test cases got a factor 30(!) speed improvement with this change. |
| |
| Reported-by: Cyril B |
| Fixes #2369 |
| Closes #2383 |
| |
| - pause: when changing pause state, update socket state |
| |
| Especially unpausing a transfer might have to move the socket back to the |
| "currently used sockets" hash to get monitored. Otherwise it would never get |
| any more data and get stuck. Easily triggered with pausing using the |
| multi_socket API. |
| |
| Reported-by: Philip Prindeville |
| Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html |
| Fixes #2393 |
| Closes #2391 |
| |
| - [Philip Prindeville brought this change] |
| |
| examples/hiperfifo.c: improved |
| |
| * use member struct event’s instead of pointers to alloc’d struct |
| events |
| |
| * simplify the cases for the mcode_or_die() function via macros; |
| |
| * make multi_timer_cb() actually do what the block comment says it |
| should; |
| |
| * accept a “stop” command on the FIFO to shut down the service; |
| |
| * use cleaner notation for unused variables than the (void) hack; |
| |
| * allow following redirections (304’s); |
| |
| - rate-limit: use three second window to better handle high speeds |
| |
| Due to very frequent updates of the rate limit "window", it could |
| attempt to rate limit within the same milliseconds and that then made |
| the calculations wrong, leading to it not behaving correctly on very |
| fast transfers. |
| |
| This new logic updates the rate limit "window" to be no shorter than the |
| last three seconds and only updating the timestamps for this when |
| switching between the states TOOFAST/PERFORM. |
| |
| Reported-by: 刘佩东 |
| Fixes #2386 |
| Closes #2388 |
| |
| - [luz.paz brought this change] |
| |
| cleanup: misc typos in strings and comments |
| |
| Found via `codespell` |
| |
| Closes #2389 |
| |
| - RELEASE-NOTES: toward 7.60.0 |
| |
| - [Kobi Gurkan brought this change] |
| |
| http2: fixes typo |
| |
| Closes #2387 |
| |
| - user-agent.d:: mention --proxy-header as well |
| |
| Bug: https://github.com/curl/curl/issues/2381 |
| |
| - transfer: make HTTP without headers count correct body size |
| |
| This is what "HTTP/0.9" basically looks like. |
| |
| Reported on IRC |
| |
| Closes #2382 |
| |
| - test1208: marked flaky |
| |
| It fails somewhere between every 3rd to 10th travis-CI run |
| |
| - SECURITY-PROCESS: mention how we write/add advisories |
| |
| - [dasimx brought this change] |
| |
| FTP: fix typo in recursive callback detection for seeking |
| |
| Fixes #2380 |
| |
| Version 7.59.0 (13 Mar 2018) |
| |
| Daniel Stenberg (13 Mar 2018) |
| - release: 7.59.0 |
| |
| Kamil Dudka (13 Mar 2018) |
| - tests/.../spnego.py: fix identifier typo |
| |
| Detected by Coverity Analysis: |
| |
| Error: IDENTIFIER_TYPO: |
| curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo: |
| * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code. |
| * Identifier "SupportedMech" is referenced elsewhere at least 4 times. |
| curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech". |
| curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech". |
| curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function). |
| curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"? |
| |
| Closes #2379 |
| |
| Daniel Stenberg (13 Mar 2018) |
| - CURLOPT_COOKIEFILE.3: "-" as file name means stdin |
| |
| Reported-by: Aron Bergman |
| Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html |
| |
| [ci skip] |
| |
| - Revert "hostip: fix compiler warning: 'variable set but not used'" |
| |
| This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. |
| |
| The assignment really needs to be there or we risk working with an |
| uninitialized pointer. |
| |
| Michael Kaufmann (12 Mar 2018) |
| - limit-rate: fix compiler warning |
| |
| follow-up to 72a0f62 |
| |
| Viktor Szakats (12 Mar 2018) |
| - checksrc.pl: add -i and -m options |
| |
| To sync it with changes made for the libssh2 project. |
| Also cleanup some whitespace. |
| |
| - curl-openssl.m4: fix spelling [ci skip] |
| |
| - FAQ: fix a broken URL [ci skip] |
| |
| Daniel Stenberg (12 Mar 2018) |
| - http2: mark the connection for close on GOAWAY |
| |
| ... don't consider it an error! |
| |
| Assisted-by: Jay Satiro |
| Reported-by: Łukasz Domeradzki |
| Fixes #2365 |
| Closes #2375 |
| |
| - credits: Viktor prefers without accent |
| |
| - openldap: white space changes, fixed up the copyright years |
| |
| - openldap: check ldap_get_attribute_ber() results for NULL before using |
| |
| CVE-2018-1000121 |
| Reported-by: Dario Weisser |
| Bug: https://curl.haxx.se/docs/adv_2018-97a2.html |
| |
| - FTP: reject path components with control codes |
| |
| Refuse to operate when given path components featuring byte values lower |
| than 32. |
| |
| Previously, inserting a %00 sequence early in the directory part when |
| using the 'singlecwd' ftp method could make curl write a zero byte |
| outside of the allocated buffer. |
| |
| Test case 340 verifies. |
| |
| CVE-2018-1000120 |
| Reported-by: Duy Phan Thanh |
| Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html |
| |
| - readwrite: make sure excess reads don't go beyond buffer end |
| |
| CVE-2018-1000122 |
| Bug: https://curl.haxx.se/docs/adv_2018-b047.html |
| |
| Detected by OSS-fuzz |
| |
| - BUGS: updated link to security process |
| |
| - limit-rate: kick in even before "limit" data has been received |
| |
| ... and make sure to avoid integer overflows with really large values. |
| |
| Reported-by: 刘佩东 |
| Fixes #2371 |
| Closes #2373 |
| |
| - docs/SECURITY.md -> docs/SECURITY-PROCESS.md |
| |
| - SECURITY.md: call it the security process |
| |
| Michael Kaufmann (11 Mar 2018) |
| - Curl_range: fix FTP-only and FILE-only builds |
| |
| follow-up to e04417d |
| |
| - hostip: fix compiler warning: 'variable set but not used' |
| |
| Daniel Stenberg (11 Mar 2018) |
| - HTTP: allow "header;" to replace an internal header with a blank one |
| |
| Reported-by: Michael Kaufmann |
| Fixes #2357 |
| Closes #2362 |
| |
| - http2: verbose output new MAX_CONCURRENT_STREAMS values |
| |
| ... as it is interesting for many users. |
| |
| - SECURITY: distros' max embargo time is 14 days now |
| |
| Patrick Monnerat (8 Mar 2018) |
| - curl tool: accept --compressed also if Brotli is enabled and zlib is not. |
| |
| Daniel Stenberg (5 Mar 2018) |
| - THANKS + mailmap: remove duplicates, fixup full names |
| |
| - [sergii.kavunenko brought this change] |
| |
| WolfSSL: adding TLSv1.3 |
| |
| Closes #2349 |
| |
| - RELEASE-NOTES/THANKS: synced with cc1d4c505 |
| |
| - [Richard Alcock brought this change] |
| |
| winbuild: prefer documented zlib library names |
| |
| Check for existence of import and static libraries with documented names |
| and use them if they do. Fallback to previous names. |
| |
| According to |
| https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on |
| Windows, the names of the import library is "zdll.lib" and static |
| library is "zlib.lib". |
| |
| closes #2354 |
| |
| Marcel Raad (4 Mar 2018) |
| - krb5: use nondeprecated functions |
| |
| gss_seal/gss_unseal have been deprecated in favor of |
| gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first |
| version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June |
| 1996 already says "GSS_Wrap() (formerly GSS_Seal())" and |
| "GSS_Unwrap() (formerly GSS_Unseal())". |
| |
| Use the nondeprecated functions to avoid deprecation warnings. |
| |
| [1] https://tools.ietf.org/html/rfc2078 |
| [2] https://tools.ietf.org/html/rfc1964 |
| |
| Closes https://github.com/curl/curl/pull/2356 |
| |
| Daniel Stenberg (4 Mar 2018) |
| - curl.1: mention how to add numerical IP addresses in NO_PROXY |
| |
| - CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addresses |
| |
| - NO_PROXY: fix for IPv6 numericals in the URL |
| |
| Added test 1265 that verifies. |
| |
| Reported-by: steelman on github |
| Fixes #2353 |
| Closes #2355 |
| |
| - build: get CFLAGS (including -werror) used for examples and tests |
| |
| ... so that the CI and more detects compiler warnings/errors properly! |
| |
| Closes #2337 |
| |
| Marcel Raad (3 Mar 2018) |
| - curl_ctype: fix macro redefinition warnings |
| |
| On MinGW and Cygwin, GCC and clang have been complaining about macro |
| redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this |
| by undefining the macros before redefining them as suggested in |
| https://github.com/curl/curl/pull/2269. |
| |
| Suggested-by: Daniel Stenberg |
| |
| Dan Fandrich (2 Mar 2018) |
| - unit1307: proper cleanup on OOM to fix torture tests |
| |
| Marcel Raad (28 Feb 2018) |
| - unit1309: fix warning on Windows x64 |
| |
| When targeting x64, MinGW-w64 complains about conversions between |
| 32-bit long and 64-bit pointers. Fix this by reusing the |
| GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic |
| from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST / |
| CURLX_INTEGER_TO_POINTER_CAST. |
| |
| Closes https://github.com/curl/curl/pull/2341 |
| |
| - travis: update compiler versions |
| |
| Update clang to version 3.9 and GCC to version 6. |
| |
| Closes https://github.com/curl/curl/pull/2345 |
| |
| Daniel Stenberg (26 Feb 2018) |
| - docs/MANUAL: formfind.pl is not accessible on the site anymore |
| |
| Fixes #2342 |
| |
| Jay Satiro (24 Feb 2018) |
| - curl-openssl.m4: Fix version check for OpenSSL 1.1.1 |
| |
| - Add OpenSSL 1.1.1 to the header/library version lists. |
| |
| - Detect OpenSSL 1.1.1 library using its function ERR_clear_last_mark, |
| which was added in that version. |
| |
| Prior to this change an erroneous header/library mismatch was caused by |
| lack of OpenSSL 1.1.1 detection. I tested using openssl-1.1.1-pre1. |
| |
| Viktor Szakats (23 Feb 2018) |
| - lib655: silence compiler warning |
| |
| Closes https://github.com/curl/curl/pull/2335 |
| |
| - spelling fixes |
| |
| Detected using the `codespell` tool. |
| |
| Also contains one URL protocol upgrade. |
| |
| Closes https://github.com/curl/curl/pull/2334 |
| |
| Daniel Stenberg (24 Feb 2018) |
| - projects/README: remove reference to dead IDN link/package |
| |
| Reported-by: Stefan Kanthak and Rod Widdowson |
| |
| Fixes #2325 |
| |
| Jay Satiro (23 Feb 2018) |
| - [Rod Widdowson brought this change] |
| |
| winbuild: Use macros for the names of some build utilities |
| |
| - Add macros to the top of the makefile for rc and mt utilities so that |
| it is easier to change their locations. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-02/0075.html |
| Reported-by: Stefan Kanthak |
| |
| Closes https://github.com/curl/curl/issues/2329 |
| |
| Daniel Stenberg (23 Feb 2018) |
| - TODO: remove "sha-256 digest", added in 2b5b37cb9109e7c2 |
| |
| - curl_share_setopt.3: connection cache is shared within multi handles |
| |
| Jay Satiro (22 Feb 2018) |
| - [Rod Widdowson brought this change] |
| |
| winbuild: Use CALL to run batch scripts |
| |
| Co-authored-by: Stefan Kanthak |
| |
| Closes https://github.com/curl/curl/issues/2330 |
| Closes https://github.com/curl/curl/pull/2331 |
| |
| Patrick Monnerat (22 Feb 2018) |
| - os400: add curl_resolver_start_callback type to ILE/RPG binding |
| |
| Daniel Stenberg (22 Feb 2018) |
| - form.d: rephrased somewhat, added two example command lines |
| |
| Jay Satiro (21 Feb 2018) |
| - [Francisco Sedano brought this change] |
| |
| url: Add option CURLOPT_RESOLVER_START_FUNCTION |
| |
| - Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that |
| will be called every time before a new resolve request is started |
| (ie before a host is resolved) with a pointer to backend-specific |
| resolver data. Currently this is only useful for ares. |
| |
| - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to |
| pass to the resolver start callback. |
| |
| Closes https://github.com/curl/curl/pull/2311 |
| |
| - lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS |
| |
| - In keeping with the naming of our other connect timeout options rename |
| CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. |
| |
| This change adds the _MS suffix since the option expects milliseconds. |
| This is more intuitive for our users since other connect timeout options |
| that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, |
| CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. |
| |
| The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. |
| |
| Follow-up to 2427d94 which added the lib and tool option yesterday. |
| |
| Ref: https://github.com/curl/curl/pull/2260 |
| |
| Patrick Monnerat (21 Feb 2018) |
| - sasl: prefer PLAIN mechanism over LOGIN |
| |
| SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says |
| PLAIN should be used instead if available. |
| |
| Daniel Stenberg (21 Feb 2018) |
| - RELEASE-NOTES: synced with 2427d94c6 |
| |
| Jay Satiro (20 Feb 2018) |
| - [Anders Bakken brought this change] |
| |
| url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT |
| |
| - Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy |
| eyeball timeout value. |
| |
| - Add new optval macro CURL_HET_DEFAULT to represent the default happy |
| eyeballs timeout value (currently 200 ms). |
| |
| - Add new tool option --happy-eyeballs-timeout-ms to expose |
| CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the |
| other -timeout options in the tool expect seconds not milliseconds. |
| |
| Closes https://github.com/curl/curl/pull/2260 |
| |
| - hostip: fix 'potentially uninitialized variable' warning |
| |
| Follow-up to 50d1b33. |
| |
| Caught by AppVeyor. |
| |
| Daniel Stenberg (20 Feb 2018) |
| - TODO: warning if curl version is not in sync with libcurl version |
| |
| Jay Satiro (20 Feb 2018) |
| - [Anders Bakken brought this change] |
| |
| CURLOPT_RESOLVE: Add support for multiple IP addresses per entry |
| |
| This enables users to preresolve but still take advantage of happy |
| eyeballs and trying multiple addresses if some are not connecting. |
| |
| Ref: https://github.com/curl/curl/pull/2260 |
| |
| Daniel Stenberg (20 Feb 2018) |
| - [Sergio Borghese brought this change] |
| |
| examples/sftpuploadresume: resume upload via CURLOPT_APPEND |
| |
| URL: https://curl.haxx.se/mail/lib-2018-02/0072.html |
| |
| - curl --version: show PSL if the run-time lib has it enabled |
| |
| ... not of the #define was set at build-time! |
| |
| - TODO: "Support in-memory certs/ca certs/keys" |
| |
| removed SSLKEYLOGFILE support (fixed) |
| |
| removed "consider SSL patches" (outdated) |
| |
| Closes #2310 |
| |
| - CURLOPT_HEADER.3: clarify problems with different data sizes |
| |
| - test1556: verify >16KB headers to the header callback |
| |
| - header callback: don't chop headers into smaller pieces |
| |
| Reported-by: Guido Berhoerster |
| Fixes #2314 |
| Closes #2316 |
| |
| - test1154: verify that long HTTP headers get rejected |
| |
| - http: fix the max header length detection logic |
| |
| Previously, it would only check for max length if the existing alloc |
| buffer was to small to fit it, which often would make the header still |
| get used. |
| |
| Reported-by: Guido Berhoerster |
| Bug: https://curl.haxx.se/mail/lib-2018-02/0056.html |
| |
| Closes #2315 |
| |
| - CURLOPT_HEADERFUNCTION.3: fix typo from d939226813 |
| |
| Reported-by: Erik Johansson |
| Bug: https://github.com/curl/curl/commit/d9392268131c1b8d18dec3fa30e0bded833a5db7#commitcomment-27607495 |
| |
| - CURLOPT_HEADERFUNCTION.3: mention folded headers |
| |
| - TODO: 1.1 Option to refuse usernames in URLs |
| |
| Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas. |
| |
| - TODO: 1.7 Support HTTP/2 for HTTP(S) proxies |
| |
| - ssh: add two missing state names |
| |
| The list of state names (used in debug builds) was out of sync in |
| relation to the list of states (used in all builds). |
| |
| I now added an assert to make sure the sizes of the two lists match, to |
| aid in detecting this mistake better in the future. |
| |
| Regression since c92d2e14cf, shipped in 7.58.0. |
| |
| Reported-by: Somnath Kundu |
| |
| Fixes #2312 |
| Closes #2313 |
| |
| - Revert "KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy" |
| |
| This reverts commit de9fac00c40db321d44fa6fbab6eb62ec4c83998. |
| |
| Reported-by: Jay Satiro |
| |
| Jay Satiro (15 Feb 2018) |
| - non-ascii: fix implicit declaration warning |
| |
| Follow-up to b46cfbc. |
| |
| Caught by Travis CI. |
| |
| Daniel Stenberg (15 Feb 2018) |
| - travis: add build with iconv enabled |
| |
| ... to verify it builds and works fine. |
| |
| Ref: https://curl.haxx.se/mail/lib-2017-09/0031.html |
| |
| Closes #1872 |
| |
| - TODO: 18.18 retry on network is unreachable |
| |
| Closes #1603 |
| |
| - KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy |
| |
| Closes #1254 |
| |
| Kamil Dudka (15 Feb 2018) |
| - nss: use PK11_CreateManagedGenericObject() if available |
| |
| ... so that the memory allocated by applications using libcurl does not |
| grow per each TLS connection. |
| |
| Bug: https://bugzilla.redhat.com/1510247 |
| |
| Closes #2297 |
| |
| Daniel Stenberg (15 Feb 2018) |
| - [Björn Stenberg brought this change] |
| |
| TODO fixed: Detect when called from within callbacks |
| |
| Closes #2302 |
| |
| - BINDINGS: fix curb link (and remove ruby-curl-multi) |
| |
| Reported-by: Klaus Stein |
| |
| - curl_gssapi: make sure this file too uses our *printf() |
| |
| - libcurl-security.3: separate file:// section |
| |
| ... just to make it more apparent. Even if it repeats |
| some pieces of information. |
| |
| - libcurl-security.3: the http://192.168.0.1/my_router_config case |
| |
| Mentioned-By: Rich Moore |
| |
| - libcurl-security.3: mention the URL standards problems too |
| |
| - libcurl-security.3: split out from libcurl-tutorial.3 |
| |
| To make more accessible. |
| |
| Merged in some new language from "URLs are dangerous things" as discussed on |
| the mailing list a few days ago: |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-02/0013.html |
| |
| - RELEASE-NOTES: synced with e551910f8 |
| |
| Patrick Monnerat (13 Feb 2018) |
| - tests: new tests for http raw mode |
| |
| Test 319 checks proper raw mode data with non-chunked gzip |
| transfer-encoded server data. |
| Test 326 checks raw mode with chunked server data. |
| |
| Bug: #2303 |
| Closes #2308 |
| |
| Kamil Dudka (12 Feb 2018) |
| - tlsauthtype.d: works only if libcurl is built with TLS-SRP support |
| |
| Bug: https://bugzilla.redhat.com/1542256 |
| |
| Closes #2306 |
| |
| Patrick Monnerat (12 Feb 2018) |
| - smtp: fix processing of initial dot in data |
| |
| RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command |
| should be taken into account when chasing the <CRLF>.<CRLF> end marker. |
| Thus a leading dot character in data is also subject to escaping. |
| |
| Tests 911 and test server are adapted to this situation. |
| New tests 951 and 952 check proper handling of initial dot in data. |
| |
| Closes #2304 |
| |
| Daniel Stenberg (12 Feb 2018) |
| - sha256: avoid redefine |
| |
| - [Douglas Mencken brought this change] |
| |
| sha256: build with OpenSSL < 0.9.8 too |
| |
| support for SHA-2 was introduced in OpenSSL 0.9.8 |
| |
| Closes #2305 |
| |
| - [Bruno Grasselli brought this change] |
| |
| README: language fix |
| |
| s/off/from |
| |
| Closes #2300 |
| |
| Patrick Monnerat (12 Feb 2018) |
| - http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING on |
| |
| Bug: #2303 |
| Reported-By: Henry Roeland |
| |
| Daniel Stenberg (9 Feb 2018) |
| - get_posix_time: only check for overflows if they can happen! |
| |
| Michael Kaufmann (9 Feb 2018) |
| - schannel: fix "no previous prototype" compiler warning |
| |
| Jay Satiro (9 Feb 2018) |
| - [Mohammad AlSaleh brought this change] |
| |
| content_encoding: Add "none" alias to "identity" |
| |
| Some servers return a "content-encoding" header with a non-standard |
| "none" value. |
| |
| Add "none" as an alias to "identity" as a work-around, to avoid |
| unrecognised content encoding type errors. |
| |
| Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com> |
| |
| Closes https://github.com/curl/curl/pull/2298 |
| |
| Steve Holme (8 Feb 2018) |
| - build-openssl.bat: Follow up to 648679ab8e to suppress copy/move output |
| |
| - build-openssl.bat: Fixed incorrect move if destination build folder exists |
| |
| Michael Kaufmann (8 Feb 2018) |
| - schannel: fix compiler warnings |
| |
| Closes #2296 |
| |
| Steve Holme (7 Feb 2018) |
| - curl_addrinfo.c: Allow Unix Domain Sockets to compile under Windows |
| |
| Windows 10.0.17061 SDK introduces support for Unix Domain Sockets. |
| Added the necessary include file to curl_addrinfo.c. |
| |
| Note: The SDK (which is considered beta) has to be installed, VS 2017 |
| project file has to be re-targeted for Windows 10.0.17061 and #define |
| enabled in config-win32.h. |
| |
| Patrick Monnerat (7 Feb 2018) |
| - fnmatch: optimize processing of consecutive *s and ?s pattern characters |
| |
| Reported-By: Daniel Stenberg |
| Fixes #2291 |
| Closes #2293 |
| |
| Steve Holme (6 Feb 2018) |
| - build-openssl.bat/build-wolfssl.bat: Build platform is optional |
| |
| Whilst the compiler parameter is mandatory, platform is optional as it |
| is automatically calculated by the :configure section. |
| |
| This partially reverts commit 6d62d2c55d. |
| |
| Daniel Stenberg (6 Feb 2018) |
| - [Patrick Schlangen brought this change] |
| |
| openssl: Don't add verify locations when verifypeer==0 |
| |
| When peer verification is disabled, calling |
| SSL_CTX_load_verify_locations is not necessary. Only call it when |
| verification is enabled to save resources and increase performance. |
| |
| Closes #2290 |
| |
| Steve Holme (5 Feb 2018) |
| - build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional |
| |
| ...and not just the Community Edition. |
| |
| - build-openssl.bat: Extend VC15 support to include Enterprise and Professional |
| |
| ...and not just the Community Edition. |
| |
| Michael Kaufmann (5 Feb 2018) |
| - time-cond: fix reading the file modification time on Windows |
| |
| On Windows, stat() may adjust the unix file time by a daylight saving time |
| offset. Avoid this by calling GetFileTime() instead. |
| |
| Fixes #2164 |
| Closes #2204 |
| |
| Daniel Stenberg (5 Feb 2018) |
| - formdata: use the mime-content type function |
| |
| Reduce code duplication by making Curl_mime_contenttype available and |
| used by the formdata function. This also makes the formdata function |
| recognize a set of more file extensions by default. |
| |
| PR #2280 brought this to my attention. |
| |
| Closes #2282 |
| |
| - getdate: return -1 for out of range |
| |
| ...as that's how the function is documented to work. |
| |
| Reported-by: Michael Kaufmann |
| Bug found in an autobuild with 32 bit time_t |
| |
| Closes #2278 |
| |
| - [Ben Greear brought this change] |
| |
| build: fix termios issue on android cross-compile |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-01/0122.html |
| Signed-off-by: Ben Greear <greearb@candelatech.com> |
| |
| - time_t-fixes: remove typecasts to 'long' for info.filetime |
| |
| They're now wrong. |
| |
| Reported-by: Michael Kaufmann |
| |
| Closes #2277 |
| |
| - curl_setup: move the precautionary define of SIZEOF_TIME_T |
| |
| ... up to before it may be used for the TIME_T_MAX/MIN logic. |
| |
| Reported-by: Michael Kaufmann |
| |
| - parsedate: s/#if/#ifdef |
| |
| Reported-by: Michael Kaufmann |
| Bug: https://github.com/curl/curl/commit/1c39128d974666107fc6d9ea15f294036851f224#commitcomment-27246479 |
| |
| Patrick Monnerat (31 Jan 2018) |
| - fnmatch: pattern syntax can no longer fail |
| |
| Whenever an expected pattern syntax rule cannot be matched, the |
| character starting the rule loses its special meaning and the parsing |
| is resumed: |
| - backslash at the end of pattern string matches itself. |
| - Error in [:keyword:] results in set containing :\[dekorwy. |
| |
| Unit test 1307 updated for this new situation. |
| |
| Closes #2273 |
| |
| - fnmatch: accept an alphanum to be followed by a non-alphanum in char set |
| |
| Also be more tolerant about set pattern syntax. |
| Update unit test 1307 accordingly. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-01/0114.html |
| |
| - fnmatch: do not match the empty string with a character set |
| |
| Jay Satiro (30 Jan 2018) |
| - build: fix windows build methods for curl_ctype.c |
| |
| - Fix winbuild and the VS project generator to treat curl_ctype.{c,h} as |
| curlx files since they are required by both src and lib. |
| |
| Follow-up to 4272a0b which added curl_ctype. |
| |
| Daniel Stenberg (30 Jan 2018) |
| - progress-bar.d: update to match implementation |
| |
| ... since commit 993dd5651a6 |
| |
| Reported-by: Martin Dreher |
| Bug: https://github.com/curl/curl/pull/2242#issuecomment-361059228 |
| |
| Closes #2271 |
| |
| - http2: set DEBUG_HTTP2 to enable more HTTP/2 logging |
| |
| ... instead of doing it unconditionally in debug builds. It cluttered up |
| the output a little too much. |
| |
| - [Max Dymond brought this change] |
| |
| file: Check the return code from Curl_range and bail out on error |
| |
| - [Max Dymond brought this change] |
| |
| Curl_range: add check to ensure "from <= to" |
| |
| - [Max Dymond brought this change] |
| |
| Curl_range: commonize FTP and FILE range handling |
| |
| Closes #2205 |
| |
| - RELEASE-NOTES: synced with 811beab9f |
| |
| - curlver: next release will be 7.59.0 |
| |
| - [Michał Janiszewski brought this change] |
| |
| curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 |
| |
| Closes #2275 |
| |
| - time: support > year 2038 time stamps for system with 32bit long |
| |
| ... with the introduction of CURLOPT_TIMEVALUE_LARGE and |
| CURLINFO_FILETIME_T. |
| |
| Fixes #2238 |
| Closes #2264 |
| |
| - curl_easy_reset: clear digest auth state |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-01/0074.html |
| Reported-by: Ruurd Beerstra |
| Fixes #2255 |
| Closes #2272 |
| |
| - [Adam Marcionek brought this change] |
| |
| winbuild: make linker generate proper PDB |
| |
| Link.exe requires /DEBUG to properly generate a full pdb file on release |
| builds. |
| |
| Closes #2274 |
| |
| - curl: add --proxy-pinnedpubkey |
| |
| To verify a proxy's public key. For when using HTTPS proxies. |
| |
| Fixes #2192 |
| Closes #2268 |
| |
| - configure: set PATH_SEPARATOR to colon for PATH w/o separator |
| |
| The logic tries to figure out what the path separator in the $PATH |
| variable is, but if there's only one directory in the $PATH it |
| fails. This change make configure *guess* on colon instead of erroring |
| out, simply because that is probably the more common character. |
| |
| PATH_SEPARATOR can always be set by the user to override the guessing. |
| |
| (tricky bug to reproduce, as in my case for example the configure script |
| requires binaries in more than one directory so passing in a PATH with a |
| single dir fails.) |
| |
| Reported-by: Earnestly on github |
| Fixes #2202 |
| Closes #2265 |
| |
| - curl_ctype: private is*() type macros and functions |
| |
| ... since the libc provided one are locale dependent in a way we don't |
| want. Also, the "native" isalnum() (for example) works differently on |
| different platforms which caused test 1307 failures on macos only. |
| |
| Closes #2269 |
| |
| Marcel Raad (29 Jan 2018) |
| - build: open VC15 projects with VS 2017 |
| |
| Previously, they were opened with Visual Studio 2015 by default, which |
| cannot build them. |
| |
| Daniel Stenberg (29 Jan 2018) |
| - RELEASE-NOTES: synced with 094647fca |
| |
| - TODO: UTF-8 filenames in Content-Disposition |
| |
| Closes #1888 |
| |
| - KNOWN_BUGS: DICT responses show the underlying protocol |
| |
| Closes #1809 |
| |
| Jay Satiro (27 Jan 2018) |
| - [Alessandro Ghedini brought this change] |
| |
| docs: fix typos in man pages |
| |
| Closes https://github.com/curl/curl/pull/2266 |
| |
| Patrick Monnerat (26 Jan 2018) |
| - lib555: drop text conversion and encode data as ascii codes |
| |
| If CURL_DOES_CONVERSION is enabled, uploaded LFs are mapped to CRLFs, |
| giving a result that is different from what is expected. |
| This commit avoids using CURLOPT_TRANSFERTEXT and directly encodes data |
| to upload in ascii. |
| |
| Bug: https://github.com/curl/curl/pull/1872 |
| |
| Daniel Stenberg (26 Jan 2018) |
| - lib517: make variable static to avoid compiler warning |
| |
| ... with clang on macos |
| |
| Patrick Monnerat (26 Jan 2018) |
| - lib544: sync ascii code data with textual data |
| |
| Data mismatch caused test 545 to fail when character encoding |
| conversion is enabled. |
| |
| Bug: https://github.com/curl/curl/pull/1872 |
| |
| Daniel Stenberg (25 Jan 2018) |
| - [Travis Burtrum brought this change] |
| |
| GSKit: restore pinnedpubkey functionality |
| |
| inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 |
| |
| Closes #2263 |
| |
| - [Dair Grant brought this change] |
| |
| darwinssl: Don't import client certificates into Keychain on macOS |
| |
| Closes #2085 |
| |
| - configure: fix the check for unsigned time_t |
| |
| Assign the time_t variable negative value and then check if it is |
| greater than zero, which will evaluate true for unsigned time_t but |
| false for signed time_t. |
| |
| - parsedate: fix date parsing for systems with 32 bit long |
| |
| Make curl_getdate() handle dates before 1970 as well (returning negative |
| values). |
| |
| Make test 517 test dates for 64 bit time_t. |
| |
| This fixes bug (3) mentioned in #2238 |
| |
| Closes #2250 |
| |
| - [McDonough, Tim brought this change] |
| |
| openssl: fix pinned public key build error in FIPS mode |
| |
| Here is a version that should work with all versions of openssl 0.9.7 |
| through 1.1.0. |
| |
| Links to the docs: |
| https://www.openssl.org/docs/man1.0.2/crypto/EVP_DigestInit.html |
| https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestInit.html |
| |
| At the very bottom of the 1.1.0 documentation there is a history section |
| that states, " stack allocated EVP_MD_CTXs are no longer supported." |
| |
| If EVP_MD_CTX_create and EVP_MD_CTX_destroy are not defined, then a |
| simple mapping can be used as described here: |
| https://wiki.openssl.org/index.php/Talk:OpenSSL_1.1.0_Changes |
| |
| Closes #2258 |
| |
| - [Travis Burtrum brought this change] |
| |
| SChannel/WinSSL: Replace Curl_none_md5sum with Curl_schannel_md5sum |
| |
| - [Travis Burtrum brought this change] |
| |
| SChannel/WinSSL: Implement public key pinning |
| |
| Closes #1429 |
| |
| - bump: towards 7.58.1 |
| |
| - cookies: remove verbose "cookie size:" output |
| |
| It was once used for some debugging/verifying logic but should never have |
| ended up in git! |
| |
| - TODO: hardcode the "localhost" addresses |
| |
| - TODO: CURL_REFUSE_CLEARTEXT |
| |
| An idea that popped up in discussions on twitter. |
| |
| - progress-bar: don't use stderr explicitly, use bar->out |
| |
| Reported-By: Gisle Vanem |
| Bug: https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080 |
| |
| GitHub (24 Jan 2018) |
| - [Gisle Vanem brought this change] |
| |
| Fixes for MSDOS etc. |
| |
| djgpp do have 'mkdir(dir, mode)'. Other DOS-compilers does not |
| But djgpp seems the only choice for MSDOS anyway. |
| |
| PellesC do have a 'F_OK' defined in it's <unistd.h>. |
| |
| Update year in Copyright. |
| |
| - [Gisle Vanem brought this change] |
| |
| Fix small typo. |
| |
| Version 7.58.0 (23 Jan 2018) |
| |
| Daniel Stenberg (23 Jan 2018) |
| - RELEASE: 7.58.0 |
| |
| - [Gisle Vanem brought this change] |
| |
| progress-bar: get screen width on windows |
| |
| - test1454: --connect-to with IPv6 address w/o IPv6 support! |
| |
| - CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html |
| Reported-by: John Hascall |
| |
| Closes #2257 |
| |
| - docs: fix man page syntax to make test 1140 OK again |
| |
| - http: prevent custom Authorization headers in redirects |
| |
| ... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how |
| curl already handles Authorization headers created internally. |
| |
| Note: this changes behavior slightly, for the sake of reducing mistakes. |
| |
| Added test 317 and 318 to verify. |
| |
| Reported-by: Craig de Stigter |
| Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html |
| |
| - curl: progress bar refresh, get width using ioctl() |
| |
| Get screen width from the environment variable COLUMNS first, if set. If |
| not, use ioctl(). If nether works, assume 79. |
| |
| Closes #2242 |
| |
| The "refresh" is for the -# output when no total transfer size is |
| known. It will now only use a single updated line even for this case: |
| |
| The "-=O=-" ship moves when data is transferred. The four flying |
| "hashes" move (on a sine wave) on each refresh, independent of data. |
| |
| - RELEASE-NOTES: synced with bb0ffcc36 |
| |
| - libcurl-env.3: first take |
| |
| - TODO: two possible name resolver improvements |
| |
| - [Kartik Mahajan brought this change] |
| |
| http2: don't close connection when single transfer is stopped |
| |
| Fixes #2237 |
| Closes #2249 |
| |
| - test558: fix for multissl builds |
| |
| vtls.c:multissl_init() might do a curl_free() call so strip that out to |
| make this work with more builds. We just want to verify that |
| memorytracking works so skipping one line is no harm. |
| |
| - examples/url2file.c: add missing curl_global_cleanup() call |
| |
| Reported-by: XhstormR on github |
| Fixes #2245 |
| |
| - [Michael Gmelin brought this change] |
| |
| SSH: Fix state machine for ssh-agent authentication |
| |
| In case an identity didn't match[0], the state machine would fail in |
| state SSH_AUTH_AGENT instead of progressing to the next identity in |
| ssh-agent. As a result, ssh-agent authentication only worked if the |
| identity required happened to be the first added to ssh-agent. |
| |
| This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which |
| stated that the "else" statement was required to prevent getting stuck |
| in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's |
| interface I couldn't see how this could happen or reproduce it and I |
| also couldn't find a more detailed description of the problem which |
| would explain a test case to reproduce the problem this was supposed to |
| fix. |
| |
| [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED |
| |
| Closes #2248 |
| |
| - openssl: fix potential memory leak in SSLKEYLOGFILE logic |
| |
| Coverity CID 1427646. |
| |
| - openssl: fix the libressl build again |
| |
| Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is |
| late OpenSSL version... |
| |
| Fixes #2246 |
| Closes #2247 |
| |
| Reported-by: jungle-boogie on github |
| |
| - unit1307: test many wildcards too |
| |
| - curl_fnmatch: only allow 5 '*' sections in a single pattern |
| |
| ... to avoid excessive recursive calls. The number 5 is totally |
| arbitrary and could be modified if someone has a good motivation. |
| |
| - ftp-wildcard: fix matching an empty string with "*[^a]" |
| |
| .... and avoid advancing the pointer to trigger an out of buffer read. |
| |
| Detected by OSS-fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251 |
| Assisted-by: Max Dymond |
| |
| - SMB: fix numeric constant suffix and variable types |
| |
| 1. don't use "ULL" suffix since unsupported in older MSVC |
| 2. use curl_off_t instead of custom long long ifdefs |
| 3. make get_posix_time() not do unaligned data access |
| |
| Fixes #2211 |
| Closes #2240 |
| Reported-by: Chester Liu |
| |
| - [rouzier brought this change] |
| |
| CURLOPT_TCP_NODELAY.3: fix typo |
| |
| Closes #2239 |
| |
| - smtp/pop3/imap_get_message: decrease the data length too... |
| |
| Follow-up commit to 615edc1f73 which was incomplete. |
| |
| Assisted-by: Max Dymond |
| Detected by OSS-fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206 |
| |
| - openssl: enable SSLKEYLOGFILE support by default |
| |
| Fixes #2210 |
| Closes #2236 |
| |
| Patrick Monnerat (14 Jan 2018) |
| - mime: clone mime tree upon easy handle duplication. |
| |
| A mime tree attached to an easy handle using CURLOPT_MIMEPOST is |
| strongly bound to the handle: there is a pointer to the easy handle in |
| each item of the mime tree and following the parent pointer list |
| of mime items ends in a dummy part stored within the handle. |
| |
| Because of this binding, a mime tree cannot be shared between different |
| easy handles, thus it needs to be cloned upon easy handle duplication. |
| |
| There is no way for the caller to get the duplicated mime tree |
| handle: it is then set to be automatically destroyed upon freeing the |
| new easy handle. |
| |
| New test 654 checks proper mime structure duplication/release. |
| |
| Add a warning note in curl_mime_data_cb() documentation about sharing |
| user data between duplicated handles. |
| |
| Closes #2235 |
| |
| - docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata |
| |
| Daniel Stenberg (13 Jan 2018) |
| - test395: HTTP with overflow Content-Length value |
| |
| - test394: verify abort of rubbish in Content-Length: value |
| |
| - test393: verify --max-filesize with excessive Content-Length |
| |
| - HTTP: bail out on negative Content-Length: values |
| |
| ... and make the max filesize check trigger if the value is too big. |
| |
| Updates test 178. |
| |
| Reported-by: Brad Spencer |
| Fixes #2212 |
| Closes #2223 |
| |
| Marcel Raad (13 Jan 2018) |
| - [Dan Johnson brought this change] |
| |
| configure.ac: append extra linker flags instead of prepending them. |
| |
| Link order should list libraries after the libraries that use them, |
| so when we're guessing that we might also need to add -ldl in order |
| to use -lssl, we should add -ldl after -lssl. |
| |
| Closes https://github.com/curl/curl/pull/2234 |
| |
| Daniel Stenberg (13 Jan 2018) |
| - RELEASE-NOTES: synced with 6fa10c8fa |
| |
| Jay Satiro (13 Jan 2018) |
| - setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values |
| |
| Broken since f121575 (precedes 7.56.1). |
| |
| Bug: https://github.com/curl/curl/issues/2225 |
| Reported-by: cmfrolick@users.noreply.github.com |
| |
| Closes https://github.com/curl/curl/pull/2227 |
| |
| Patrick Monnerat (13 Jan 2018) |
| - setopt: reintroduce non-static Curl_vsetopt() for OS400 support |
| |
| This also upgrades ILE/RPG bindings with latest setopt options. |
| |
| Reported-By: jonrumsey on github |
| Fixes #2230 |
| Closes #2233 |
| |
| Jay Satiro (11 Jan 2018) |
| - [Zhouyihai Ding brought this change] |
| |
| http2: fix incorrect trailer buffer size |
| |
| Prior to this change the stored byte count of each trailer was |
| miscalculated and 1 less than required. It appears any trailer |
| after the first that was passed to Curl_client_write would be truncated |
| or corrupted as well as the size. Potentially the size of some |
| subsequent trailer could be erroneously extracted from the contents of |
| that trailer, and since that size is used by client write an |
| out-of-bounds read could occur and cause a crash or be otherwise |
| processed by client write. |
| |
| The bug appears to have been born in 0761a51 (precedes 7.49.0). |
| |
| Closes https://github.com/curl/curl/pull/2231 |
| |
| - [Basuke Suzuki brought this change] |
| |
| easy: fix connection ownership in curl_easy_pause |
| |
| Before calling Curl_client_chop_write(), change the owner of connection |
| to the current Curl_easy handle. This will fix the issue #2217. |
| |
| Fixes https://github.com/curl/curl/issues/2217 |
| Closes https://github.com/curl/curl/pull/2221 |
| |
| Daniel Stenberg (9 Jan 2018) |
| - [Dimitrios Apostolou brought this change] |
| |
| system.h: Additionally check __LONG_MAX__ for defining curl_off_t |
| |
| __SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced |
| in GCC 3.3. |
| |
| Closes #2216 |
| |
| - COPYING: it's 2018! |
| |
| - progress: calculate transfer speed on milliseconds if possible |
| |
| to increase accuracy for quick transfers |
| |
| Fixes #2200 |
| Closes #2206 |
| |
| Jay Satiro (7 Jan 2018) |
| - scripts: allow all perl scripts to be run directly |
| |
| - Enable execute permission (chmod +x) |
| |
| - Change interpreter to /usr/bin/env perl |
| |
| Closes https://github.com/curl/curl/pull/2222 |
| |
| - mail-rcpt.d: fix short-text description |
| |
| - build: remove HAVE_LIMITS_H check |
| |
| .. because limits.h presence isn't optional, it's required by C89. |
| |
| Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2 |
| |
| Closes https://github.com/curl/curl/pull/2215 |
| |
| - openssl: fix memory leak of SSLKEYLOGFILE filename |
| |
| - Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl |
| initialization. |
| |
| Caught by ASAN. |
| |
| - Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX" |
| |
| This reverts commit c97648b55080343bb371522bf4233e94a2a13a99. |
| |
| SIZEOF_LONG should not be checked in system.h since that macro is only |
| defined when building libcurl. |
| |
| Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080 |
| Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html |
| |
| Michael Kaufmann (30 Dec 2017) |
| - test1554: improve the error handling |
| |
| - test1554: add global initialization and cleanup |
| |
| Daniel Stenberg (29 Dec 2017) |
| - curl_version_info.3: call the argument 'age' |
| |
| Reported-by: Pete Lomax |
| Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html |
| |
| Patrick Monnerat (27 Dec 2017) |
| - [Mikalai Ananenka brought this change] |
| |
| brotli: data at the end of content can be lost |
| |
| Decoding loop implementation did not concern the case when all |
| received data is consumed by Brotli decoder and the size of decoded |
| data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE. |
| For content with unencoded length greater than CURL_MAX_WRITE_SIZE this |
| can result in the loss of data at the end of content. |
| |
| Closes #2194 |
| |
| Jay Satiro (26 Dec 2017) |
| - examples/cacertinmem: ignore cert-already-exists error |
| |
| - Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback |
| since it's possible the cert may have already been loaded by libcurl. |
| |
| - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc. |
| Instead have it direct the reader to this cacertinmem.c example. |
| |
| - Fix the CA certificate to use the right CA for example.com, Digicert. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html |
| Reported-by: Thomas van Hesteren |
| |
| Closes https://github.com/curl/curl/pull/2182 |
| |
| - [Gisle Vanem brought this change] |
| |
| tool_getparam: Support size modifiers for --max-filesize |
| |
| - Move the size modifier detection code from limit-rate to its own |
| function so that it can also be used with max-filesize. |
| |
| Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc. |
| |
| For example --max-filesize 1G |
| |
| Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html |
| |
| Closes https://github.com/curl/curl/pull/2179 |
| |
| Steve Holme (22 Dec 2017) |
| - build: Fixed incorrect script termination from commit ad1dc10e61 |
| |
| - Makefile.vc: Added our standard copyright header |
| |
| - winbuild: Added support for VC15 |
| |
| - build: Added Visual Studio 2017 project files |
| |
| - build-wolfssl.bat: Added support for VC15 |
| |
| - build-openssl.bat: Added support for VC15 |
| |
| Jay Satiro (22 Dec 2017) |
| - [Dimitrios Apostolou brought this change] |
| |
| curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX |
| |
| Closes https://github.com/curl/curl/pull/2186 |
| |
| - [Mattias Fornander brought this change] |
| |
| examples/rtsp: fix error handling macros |
| |
| Closes https://github.com/curl/curl/pull/2185 |
| |
| Patrick Monnerat (20 Dec 2017) |
| - curl_easy_reset: release mime-related data. |
| |
| Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level |
| functions dealing with UserDefined structure contents. |
| This avoids memory leakages on curl-generated part mime headers. |
| New test 2073 checks this using the cli tool --next option: it |
| triggers a valgrind error if bug is present. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html |
| Reported-by: Martin Galvan |
| |
| - content_encoding: rework zlib_inflate |
| |
| - When zlib version is < 1.2.0.4, process gzip trailer before considering |
| extra data as an error. |
| - Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data |
| and minimize corrupt data output. |
| - Do not try to restart deflate decompression in raw mode if output has |
| started or if the leading data is not available anymore. |
| - New test 232 checks inflating raw-deflated content. |
| |
| Closes #2068 |
| |
| - brotli: allow compiling with version 0.6.0. |
| |
| Some error codes were not yet defined in brotli 0.6.0: do not issue code |
| for them in this case. |
| |
| Daniel Stenberg (13 Dec 2017) |
| - CURLOPT_READFUNCTION.3: refer to argument with correct name |
| |
| Bug: #2175 |
| |
| [ci skip] |
| |
| - rand: add a clang-analyzer work-around |
| |
| scan-build would warn on a potential access of an uninitialized |
| buffer. I deem it a false positive and had to add this somewhat ugly |
| work-around to silence it. |
| |
| - krb5: fix a potential access of uninitialized memory |
| |
| A scan-build warning. |
| |
| - conncache: fix a return code [regression] |
| |
| This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed |
| out by scan-build! |
| |
| - curl: support >256 bytes warning messsages |
| |
| Bug: #2174 |
| |
| Michael Kaufmann (12 Dec 2017) |
| - libssh: fix a syntax error in configure.ac |
| |
| Follow-up to c92d2e1 |
| |
| Closes #2172 |
| |
| Daniel Stenberg (12 Dec 2017) |
| - examples/smtp-mail.c: use separate defines for options and mail |
| |
| ... to make it clearer that the options want address-only, while the |
| headers in an email can also have the real name. |
| |
| Assisted-by: Sean MacLennan |
| |
| - THANKS: added missing names |
| |
| ... as I reran the contrithanks script after the mailmap name fixups. |
| |
| - mailmap: added/clarified several names |
| |
| - setopt: less *or equal* than INT_MAX/1000 should be fine |
| |
| ... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and |
| CURLOPT_SERVER_RESPONSE_TIMEOUT range checks. |
| |
| Reported-by: Dominik Hölzl |
| Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html |
| |
| Closes #2173 |
| |
| - [Dmitry Kostjuchenko brought this change] |
| |
| vtls: replaced getenv() with curl_getenv() |
| |
| Fixed undefined symbol of getenv() which does not exist when compiling |
| for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with |
| curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP |
| is defined. |
| |
| Closes #2171 |
| |
| - RELEASE-NOTES: synced with 3b9ea70ee |
| |
| - TODO: Expose tried IP addresses that failed |
| |
| Suggested-by: Rainer Canavan |
| |
| Closes #2126 |
| |
| - curl.1: mention http:// and https:// as valid proxy prefixes |
| |
| - curl.1: documented two missing valid exit codes |
| |
| - CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference |
| |
| - Revert "curl: don't set CURLOPT_INTERLEAVEDATA" |
| |
| This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955. |
| |
| It was actually added rather recently in 8e8afa82cbb629 due to a crash |
| that would otherwise happen in the RTSP code. As I don't think we've |
| fixed that behavior yet, we better keep this work-around until we have |
| fixed it better. |
| |
| Michael Kaufmann (10 Dec 2017) |
| - tests: mark data files as non-executable in git |
| |
| - tests: update .gitignore for libtests |
| |
| Daniel Stenberg (10 Dec 2017) |
| - multi_done: prune DNS cache |
| |
| Prune the DNS cache immediately after the dns entry is unlocked in |
| multi_done. Timed out entries will then get discarded in a more orderly |
| fashion. |
| |
| Test506 is updated |
| |
| Reported-by: Oleg Pudeyev |
| |
| Fixes #2169 |
| Closes #2170 |
| |
| - mailmap: fixup two old git Author "aliases" |
| |
| Jay Satiro (10 Dec 2017) |
| - openssl: Disable file buffering for Win32 SSLKEYLOGFILE |
| |
| Prior to this change SSLKEYLOGFILE used line buffering on WIN32 just |
| like it does for other platforms. However, the Windows CRT does not |
| actually support line buffering (_IOLBF) and will use full buffering |
| (_IOFBF) instead. We can't use full buffering because multiple processes |
| may be writing to the file and that could lead to corruption, and since |
| full buffering is the only buffering available this commit disables |
| buffering for Windows SSLKEYLOGFILE entirely (_IONBF). |
| |
| Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901 |
| |
| Daniel Stenberg (10 Dec 2017) |
| - RESOLVE: output verbose text when trying to set a duplicate name |
| |
| ... to help users understand what is or isn't done! |
| |
| - CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE |
| |
| - [John DeHelian brought this change] |
| |
| sftp: allow quoted commands to use relative paths |
| |
| Closes #1900 |
| |
| Jay Satiro (8 Dec 2017) |
| - [Richard Alcock brought this change] |
| |
| CURLOPT_PRIVATE.3: fix grammar |
| |
| - Change "never does nothing" double-negative to "never does anything". |
| |
| Closes https://github.com/curl/curl/pull/2168 |
| |
| Daniel Stenberg (8 Dec 2017) |
| - curl: remove __EMX__ #ifdefs |
| |
| These are OS/2-specific things added to the code in the year 2000. They |
| were always ugly. If there's any user left, they still don't need it |
| done this way. |
| |
| Closes #2166 |
| |
| Jay Satiro (8 Dec 2017) |
| - openssl: improve data-pending check for https proxy |
| |
| - Allow proxy_ssl to be checked for pending data even when connssl does |
| not yet have an SSL handle. |
| |
| This change is for posterity. Currently there doesn't seem to be a code |
| path that will cause a pending data check when proxyssl could have |
| pending data and the connssl handle doesn't yet exist [1]. |
| |
| [1]: Recall that an https proxy connection starts out in connssl but if |
| the destination is also https then the proxy SSL backend data is moved |
| from connssl to proxyssl, which means connssl handle is temporarily |
| empty until an SSL handle for the destination can be created. |
| |
| Ref: https://github.com/curl/curl/commit/f4a6238#commitcomment-24396542 |
| |
| Closes https://github.com/curl/curl/pull/1916 |
| |
| Daniel Stenberg (8 Dec 2017) |
| - curl: don't set CURLOPT_INTERLEAVEDATA |
| |
| That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback |
| and that option isn't set or used by the curl tool! |
| |
| Updates the 9 tests that verify --libcurl |
| |
| Closes #2167 |
| |
| - curl.h: remove incorrect comment about ERRORBUFFER |
| |
| ... error messages are _not_ sent to stderr if this is not set. |
| |
| - [Michael Felt brought this change] |
| |
| configure: add AX_CODE_COVERAGE only if using gcc |
| |
| Fixes #2076 |
| Closes #2125 |
| |
| - curl: limit -# update frequency for unknown total size |
| |
| Make it use a max 10Hz update frequency for this case as well. Return |
| early if the "point" hasn't moved since last invoke. |
| |
| Reported-by: Elliot Saba |
| |
| Fixes #2158 |
| Closes #2163 |
| |
| - BINDINGS: another PostgreSQL client |
| |
| ...the former link is dead. |
| |
| Reported-by: Frank Gevaerts |
| |
| - [Zachary Seguin brought this change] |
| |
| CONNECT: keep close connection flag in http_connect_state struct |
| |
| Fixes #2088 |
| Closes #2157 |
| |
| - [Per Malmberg brought this change] |
| |
| include: get netinet/in.h before linux/tcp.h |
| |
| ... to allow build on older Linux dists (specifically CentOS 4.8 on gcc |
| 4.8.5) |
| |
| Closes #2160 |
| |
| - openldap: fix checksrc nits |
| |
| - [Stepan Broz brought this change] |
| |
| openldap: add commented out debug possibilities |
| |
| ... to aid debugging openldap library using its built-in debug messages. |
| |
| Closes #2159 |
| |
| - examples: move threaded-shared-conn.c to the "complicated" ones |
| |
| ... due it relying on pthreads to link. |
| |
| - RELEASE-NOTES: synced with b261c44e8 |
| |
| ... and bump next release version to 7.58.0 |
| |
| - [Jan Ehrhardt brought this change] |
| |
| URL: tolerate backslash after drive letter for FILE: |
| |
| ... as in "file://c:\some\path\curl.out" |
| |
| Reviewed-by: Matthew Kerwin |
| Closes #2154 |
| |
| - [Randall S. Becker brought this change] |
| |
| tests: added netinet/in6.h includes in test servers |
| |
| - [Randall S. Becker brought this change] |
| |
| configure: check for netinet/in6.h |
| |
| Needed by HPE NonStop NSE and NSX systems |
| |
| Fixes #2146 |
| Closes #2155 |
| |
| - curl-config: add --ssl-backends |
| |
| Lists all SSL backends that were enabled at build-time. |
| |
| Suggested-by: Oleg Pudeyev |
| Fixes #2128 |
| |
| - conncache: only allow multiplexing within same multi handle |
| |
| Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing |
| only get additional transfers added to them if the existing connection |
| is held by the same multi or easy handle. libcurl does not support doing |
| HTTP/2 streams in different threads using a shared connection. |
| |
| Closes #2152 |
| |
| - threaded-shared-conn.c: fixed typo in commenta |
| |
| - threaded-shared-conn.c: new example |
| |
| - conncache: fix several lock issues |
| |
| If the lock is released before the dealings with the bundle is over, it may |
| have changed by another thread in the mean time. |
| |
| Fixes #2132 |
| Fixes #2151 |
| Closes #2139 |
| |
| - libssh: remove dead code in sftp_qoute |
| |
| ... by removing a superfluous NULL pointer check that also confuses |
| Coverity. |
| |
| Fixes #2143 |
| Closes #2153 |
| |
| - sasl_getmesssage: make sure we have a long enough string to pass |
| |
| For pop3/imap/smtp, added test 891 to somewhat verify the pop3 |
| case. |
| |
| For this, I enhanced the pingpong test server to be able to send back |
| responses with LF-only instead of always using CRLF. |
| |
| Closes #2150 |
| |
| - libssh2: remove dead code from SSH_SFTP_QUOTE |
| |
| Figured out while reviewing code in the libssh backend. The pointer was |
| checked for NULL after having been dereferenced, so we know it would |
| always equal true or it would've crashed. |
| |
| Pointed-out-by: Nikos Mavrogiannopoulos |
| |
| Bug #2143 |
| Closes #2148 |
| |
| - ssh-libssh.c: please checksrc |
| |
| Nikos Mavrogiannopoulos (4 Dec 2017) |
| - libssh: fixed dereference in statvfs access |
| |
| The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS |
| handling fails. |
| |
| Fixes #2142 |
| |
| Daniel Stenberg (4 Dec 2017) |
| - [Guitared brought this change] |
| |
| RESOURCES: update spec names |
| |
| Closes #2145 |
| |
| Nikos Mavrogiannopoulos (3 Dec 2017) |
| - libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS |
| |
| The previous code was incorrectly following the libssh2 error detection |
| for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs. |
| |
| Fixes #2142 |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| |
| - libssh: no need to call sftp_get_error as ssh_get_error is sufficient |
| |
| Fixes #2141 |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| |
| Daniel Stenberg (2 Dec 2017) |
| - libssh: fix minor static code analyzer nits |
| |
| - remove superfluous NULL check which otherwise tricks the static code |
| analyzers to assume NULL pointer dereferences. |
| |
| - fix fallthrough in switch() |
| |
| - indent mistake |
| |
| - openssl: pkcs12 is supported by boringssl |
| |
| Removes another #ifdef for BoringSSL |
| |
| Pointed-out-by: David Benjamin |
| |
| Closes #2134 |
| |
| - [Jay Satiro brought this change] |
| |
| travis: use pip2 instead of pip |
| |
| .. since now mac osx image expects pip2 or pip3, and doesn't know pip: |
| |
| 0.01s$ pip install --user cpp-coveralls |
| /Users/travis/.travis/job_stages: line 57: pip: command not found |
| |
| Ref: https://github.com/travis-ci/travis-ci/issues/8829 |
| |
| Closes https://github.com/curl/curl/pull/2133 |
| |
| - [Nikos Mavrogiannopoulos brought this change] |
| |
| lib582: do not verify host for SFTP |
| |
| This SFTP test fails with libssh back-end due to failure to verify |
| the peer. Disable peer verification in the test as there seems to |
| be the intention of the test. |
| |
| Note that the libssh back-end automatically verifies the peer's |
| host using the default known_hosts file. |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| |
| - [Nikos Mavrogiannopoulos brought this change] |
| |
| libssh: added SFTP support |
| |
| The SFTP back-end supports asynchronous reading only, limited |
| to 32-bit file length. Writing is synchronous with no other |
| limitations. |
| |
| This also brings keyboard-interactive authentication. |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| |
| - [Nikos Mavrogiannopoulos brought this change] |
| |
| symbols-in-versions: added new symbols with 7.56.3 version |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| |
| - [Nikos Mavrogiannopoulos brought this change] |
| |
| .travis.yml: added build --with-libssh |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| |
| - [Nikos Mavrogiannopoulos brought this change] |
| |
| libssh2: return CURLE_UPLOAD_FAILED on failure to upload |
| |
| This brings its in sync with the error code returned by the |
| libssh backend. |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| |
| - [Nikos Mavrogiannopoulos brought this change] |
| |
| libssh2: send the correct CURLE error code on scp file not found |
| |
| That also updates tests to expect the right error code |
| |
| libssh2 back-end returns CURLE_SSH error if the remote file |
| is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND |
| which is sent by the libssh backend. |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| |
| - [Nikos Mavrogiannopoulos brought this change] |
| |
| Added support for libssh SSH SCP back-end |
| |
| libssh is an alternative library to libssh2. |
| https://www.libssh.org/ |
| |
| That patch set also introduces support for ECDSA |
| ed25519 keys, as well as gssapi authentication. |
| |
| Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| |
| - RELEASE-NOTES: synced with af8cc7a69 |
| |
| - curlver: towards 7.57.1 |
| |
| - [W. Mark Kubacki brought this change] |
| |
| lib: don't export all symbols, just everything curl_* |
| |
| Absent any 'symbol map' or script to limit what gets exported, static |
| linking of libraries previously resulted in a libcurl with curl's and |
| those other symbols being (re-)exported. |
| |
| This did not happen if 'versioned symbols' were enabled (which is not |
| the default) because then a version script is employed. |
| |
| This limits exports to everything starting in 'curl_*'., which is |
| what "libcurl.vers" exports. |
| |
| This avoids strange side-effects such as with mixing methods |
| from system libraries and those erroneously offered by libcurl. |
| |
| Closes #2127 |
| |
| - [Johannes Schindelin brought this change] |
| |
| SSL: Avoid magic allocation of SSL backend specific data |
| |
| Originally, my idea was to allocate the two structures (or more |
| precisely, the connectdata structure and the four SSL backend-specific |
| strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so |
| that they all could be free()d together. |
| |
| However, getting the alignment right is tricky. Too tricky. |
| |
| So let's just bite the bullet and allocate the SSL backend-specific |
| data separately. |
| |
| As a consequence, we now have to be very careful to release the memory |
| allocated for the SSL backend-specific data whenever we release any |
| connectdata. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| Closes #2119 |
| |
| - examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL |
| |
| Reported-by: Dima Tisnek |
| |
| - travis: add boringssl build |
| |
| Uses a separate build without --enable-debug and no valgrind. |
| |
| The debug option causes far too many warnings in boringssl's headers |
| (C++ comments, trailing commas etc). Valgrind triggers some false |
| positive errors in thread-local data used by boringssl. |
| |
| Closes #2118 |
| |
| Version 7.57.0 (29 Nov 2017) |
| |
| Daniel Stenberg (29 Nov 2017) |
| - RELEASE-NOTES: curl 7.57.0 |
| |
| - THANKS: added contributors from 7.57.0 release |
| |
| - openssl: fix boringssl build again |
| |
| commit d3ab7c5a21e broke the boringssl build since it doesn't have |
| RSA_flags(), so we disable that code block for boringssl builds. |
| |
| Reported-by: W. Mark Kubacki |
| Fixes #2117 |
| |
| - curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided |
| |
| - libcurl-share.3: the connection cache is shareable now |
| |
| - global_init: ignore CURL_GLOBAL_SSL's absense |
| |
| This bit is no longer used. It is not clear what it meant for users to |
| "init the TLS" in a world with different TLS backends and since the |
| introduction of multissl, libcurl didn't properly work if inited without |
| this bit set. |
| |
| Not a single user responded to the call for users of it: |
| https://curl.haxx.se/mail/lib-2017-11/0072.html |
| |
| Reported-by: Evgeny Grin |
| Assisted-by: Jay Satiro |
| |
| Fixes #2089 |
| Fixes #2083 |
| Closes #2107 |
| |
| - ntlm: avoid integer overflow for malloc size |
| |
| Reported-by: Alex Nichols |
| Assisted-by: Kamil Dudka and Max Dymond |
| |
| CVE-2017-8816 |
| |
| Bug: https://curl.haxx.se/docs/adv_2017-11e7.html |
| |
| - wildcardmatch: fix heap buffer overflow in setcharset |
| |
| The code would previous read beyond the end of the pattern string if the |
| match pattern ends with an open bracket when the default pattern |
| matching function is used. |
| |
| Detected by OSS-Fuzz: |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 |
| |
| CVE-2017-8817 |
| |
| Bug: https://curl.haxx.se/docs/adv_2017-ae72.html |
| |
| - [Jay Satiro brought this change] |
| |
| url: fix alignment of ssl_backend_data struct |
| |
| - Align the array of ssl_backend_data on a max 32 byte boundary. |
| |
| 8 is likely to be ok but I went with 32 for posterity should one of |
| the ssl_backend_data structs change to contain a larger sized variable |
| in the future. |
| |
| Prior to this change (since dev 70f1db3, release 7.56) the connectdata |
| structure was undersized by 4 bytes in 32-bit builds with ssl enabled |
| because long long * was mistakenly used for alignment instead of |
| long long, with the intention being an 8 byte boundary. Also long long |
| may not be an available type. |
| |
| The undersized connectdata could lead to oob read/write past the end in |
| what was expected to be the last 4 bytes of the connection's secondary |
| socket https proxy ssl_backend_data struct (the secondary socket in a |
| connection is used by ftp, others?). |
| |
| Closes https://github.com/curl/curl/issues/2093 |
| |
| CVE-2017-8818 |
| |
| Bug: https://curl.haxx.se/docs/adv_2017-af0a.html |
| |
| - ssh: remove check for a NULL pointer (!) |
| |
| With this check present, scan-build warns that we might dereference this |
| point in other places where it isn't first checked for NULL. Thus, if it |
| *can* be NULL we have a problem on a few places. However, this pointer |
| should not be possible to be NULL here so I remove the check and thus |
| also three different scan-build warnings. |
| |
| Closes #2111 |
| |
| - [Matthew Kerwin brought this change] |
| |
| test: add test for bad UNC/SMB path in file: URL |
| |
| - [Matthew Kerwin brought this change] |
| |
| test: add tests to ensure basic file: URLs |
| |
| - [Matthew Kerwin brought this change] |
| |
| URL: update "file:" URL handling |
| |
| * LOTS of comment updates |
| * explicit error for SMB shares (e.g. "file:////share/path/file") |
| * more strict handling of authority (i.e. "//localhost/") |
| * now accepts dodgy old "C:|" drive letters |
| * more precise handling of drive letters in and out of Windows |
| (especially recognising both "file:c:/" and "file:/c:/") |
| |
| Closes #2110 |
| |
| - metalink: fix memory-leak and NULL pointer dereference |
| |
| Reported by scan-build |
| |
| Closes #2109 |
| |
| - [Alessandro Ghedini brought this change] |
| |
| connect: add support for new TCP Fast Open API on Linux |
| |
| The new API added in Linux 4.11 only requires setting a socket option |
| before connecting, without the whole sento() machinery. |
| |
| Notably, this makes it possible to use TFO with SSL connections on Linux |
| as well, without the need to mess around with OpenSSL (or whatever other |
| SSL library) internals. |
| |
| Closes #2056 |
| |
| - make: fix "make distclean" |
| |
| Fixes #2097 |
| Closes #2108 |
| |
| - RELEASE-NOTES: synced with 31f18d272 |
| |
| Jay Satiro (23 Nov 2017) |
| - connect: improve the bind error message |
| |
| eg consider a non-existent interface eth8, curl --interface eth8 |
| |
| Before: curl: (45) Could not resolve host: eth8 |
| After: curl: (45) Couldn't bind to 'eth8' |
| |
| Bug: https://github.com/curl/curl/issues/2104 |
| Reported-by: Alfonso Martone |
| |
| Daniel Stenberg (23 Nov 2017) |
| - examples/rtsp: clear RANGE again after use |
| |
| Fixes #2106 |
| Reported-by: youngchopin on github |
| |
| - [Michael Kaufmann brought this change] |
| |
| test1264: verify URL with space in host name being rejected |
| |
| - url: reject ASCII control characters and space in host names |
| |
| Host names like "127.0.0.1 moo" would otherwise be accepted by some |
| getaddrinfo() implementations. |
| |
| Updated test 1034 and 1035 accordingly. |
| |
| Fixes #2073 |
| Closes #2092 |
| |
| - Curl_open: fix OOM return error correctly |
| |
| Closes #2098 |
| |
| - http2: fix "Value stored to 'end' is never read" scan-build error |
| |
| - http2: fix "Value stored to 'hdbuf' is never read" scan-build error |
| |
| - openssl: fix "Value stored to 'rc' is never read" scan-build error |
| |
| - mime: fix "Value stored to 'sz' is never read" scan-build error |
| |
| - Curl_llist_remove: fix potential NULL pointer deref |
| |
| Fixes a scan-build warning. |
| |
| - ntlm: remove unnecessary NULL-check to please scan-build |
| |
| - BUGS: spellchecked |
| |
| Jay Satiro (18 Nov 2017) |
| - [fmmedeiros brought this change] |
| |
| examples/curlx: Fix code style |
| |
| - Add braces around multi-line if statement. |
| |
| Closes https://github.com/curl/curl/pull/2096 |
| |
| Daniel Stenberg (17 Nov 2017) |
| - resolve: allow IP address within [] brackets |
| |
| ... so that IPv6 addresses can be passed like they can for connect-to |
| and how they're used in URLs. |
| |
| Added test 1324 to verify |
| Reported-by: Alex Malinovich |
| |
| Fixes #2087 |
| Closes #2091 |
| |
| - [Pavol Markovic brought this change] |
| |
| macOS: Fix missing connectx function with Xcode version older than 9.0 |
| |
| The previous fix https://github.com/curl/curl/pull/1788 worked just for |
| Xcode 9. This commit extends the fix to older Xcode versions effectively |
| by not using connectx function. |
| |
| Fixes https://github.com/curl/curl/issues/1330 |
| Fixes https://github.com/curl/curl/issues/2080 |
| Closes https://github.com/curl/curl/pull/1336 |
| Closes #2082 |
| |
| - [Dirk Feytons brought this change] |
| |
| openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY |
| |
| Fixes #2079 |
| Closes #2081 |
| |
| - TODO: ignore private IP addresses in PASV response |
| |
| Closes #1455 |
| |
| - RELEASE-NOTES: synced with ae7369b6d |
| |
| Michael Kaufmann (14 Nov 2017) |
| - URL: return error on malformed URLs with junk after IPv6 bracket |
| |
| Follow-up to aadb7c7. Verified by new test 1263. |
| |
| Closes #2072 |
| |
| Daniel Stenberg (14 Nov 2017) |
| - INTERNALS: we may use libidn2 now, not libidn |
| |
| Patrick Monnerat (13 Nov 2017) |
| - zlib/brotli: only include header files in modules needing them |
| |
| There is a conflict on symbol 'free_func' between openssl/crypto.h and |
| zlib.h on AIX. This is an attempt to resolve it. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html |
| Reported-By: Michael Felt |
| |
| Daniel Stenberg (13 Nov 2017) |
| - SMB: fix uninitialized local variable |
| |
| Reported-by: Brian Carpenter |
| |
| - [Orgad Shaneh brought this change] |
| |
| connect.c: remove executable bit on file |
| |
| Closes #2071 |
| |
| - [hsiao yi brought this change] |
| |
| README.md: fixed layout |
| |
| Closes #2069 |
| |
| - setopt: split out curl_easy_setopt() to its own file |
| |
| ... to make url.c smaller. |
| |
| Closes #1944 |
| |
| Jay Satiro (10 Nov 2017) |
| - [John Starks brought this change] |
| |
| cmake: Add missing setmode check |
| |
| Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this, |
| curl will corrupt binary files when writing them to stdout on Windows. |
| |
| Closes https://github.com/curl/curl/pull/2067 |
| |
| Daniel Stenberg (10 Nov 2017) |
| - curl_share_setopt: va_end was not called if conncache errors |
| |
| CID 984459, detected by Coverity |
| |
| Sergei Nikulov (10 Nov 2017) |
| - [John Starks brought this change] |
| |
| cmake: Correctly include curl.rc in Windows builds (#2064) |
| |
| Update CMakeLists.txt to add curl.rc to the correct list. |
| |
| Daniel Stenberg (9 Nov 2017) |
| - RELEASE-NOTES: synced with 32828cc4f |
| |
| - [Luca Boccassi brought this change] |
| |
| --interface: add support for Linux VRF |
| |
| The --interface command (CURLOPT_INTERFACE option) already uses |
| SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP |
| address first, which fails in case the user passes a VRF. |
| |
| Try to use the socket option immediately and parse it as a fallback |
| instead. Update the documentation to mention this feature, and that it |
| requires the binary to be ran by root or with CAP_NET_RAW capabilities |
| for this to work. |
| |
| Closes #2024 |
| |
| - curl_share_setopt.3: document CURL_LOCK_DATA_CONNECT |
| |
| Closes #2043 |
| |
| - examples: add shared-connection-cache |
| |
| - test1554: verify connection cache sharing |
| |
| - share: add support for sharing the connection cache |
| |
| - imap: deal with commands case insensitively |
| |
| As documented in RFC 3501 section 9: |
| https://tools.ietf.org/html/rfc3501#section-9 |
| |
| Closes #2061 |
| |
| - connect: store IPv6 connection status after valid connection |
| |
| ... previously it would store it already in the happy eyeballs stage |
| which could lead to the IPv6 bit being set for an IPv4 connection, |
| leading to curl not wanting to do EPSV=>PASV for FTP transfers. |
| |
| Closes #2053 |
| |
| - curl_multi_fdset.3: emphasize curl_multi_timeout |
| |
| ... even when there's no socket to wait for, the timeout can still be |
| very short. |
| |
| Jay Satiro (9 Nov 2017) |
| - content_encoding: fix inflate_stream for no bytes available |
| |
| - Don't call zlib's inflate() when avail_in stream bytes is 0. |
| |
| This is a follow up to the parent commit 19e66e5. Prior to that change |
| libcurl's inflate_stream could call zlib's inflate even when no bytes |
| were available, causing inflate to return Z_BUF_ERROR, and then |
| inflate_stream would treat that as a hard error and return |
| CURLE_BAD_CONTENT_ENCODING. |
| |
| According to the zlib FAQ, Z_BUF_ERROR is not fatal. |
| |
| This bug would happen randomly since packet sizes are arbitrary. A test |
| of 10,000 transfers had 55 fail (ie 0.55%). |
| |
| Ref: https://zlib.net/zlib_faq.html#faq05 |
| |
| Closes https://github.com/curl/curl/pull/2060 |
| |
| Patrick Monnerat (7 Nov 2017) |
| - content_encoding: do not write 0 length data |
| |
| Daniel Stenberg (6 Nov 2017) |
| - fnmatch: remove dead code |
| |
| There was a duplicate check for backslashes in the setcharset() |
| function. |
| |
| Coverity CID 1420611 |
| |
| - url: remove unncessary NULL-check |
| |
| Since 'conn' won't be NULL in there and we also access the pointer in |
| there without the check. |
| |
| Coverity CID 1420610 |
| |
| Viktor Szakats (6 Nov 2017) |
| - src/Makefile.m32: fix typo in brotli lib customization |
| |
| Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31 |
| |
| - Makefile.m32: allow to customize brotli libs |
| |
| It adds the ability to link against static brotli libs. |
| |
| Also fix brotli include path. |
| |
| Patrick Monnerat (5 Nov 2017) |
| - travis: add a job with brotli enabled |
| |
| - [Viktor Szakats brought this change] |
| |
| Makefile.m32: add brotli support |
| |
| - HTTP: implement Brotli content encoding |
| |
| This uses the brotli external library (https://github.com/google/brotli). |
| Brotli becomes a feature: additional curl_version_info() bit and |
| structure fields are provided for it and CURLVERSION_NOW bumped. |
| |
| Tests 314 and 315 check Brotli content unencoding with correct and |
| erroneous data. |
| |
| Some tests are updated to accomodate with the now configuration dependent |
| parameters of the Accept-Encoding header. |
| |
| - HTTP: support multiple Content-Encodings |
| |
| This is implemented as an output streaming stack of unencoders, the last |
| calling the client write procedure. |
| |
| New test 230 checks this feature. |
| |
| Bug: https://github.com/curl/curl/pull/2002 |
| Reported-By: Daniel Bankhead |
| |
| Jay Satiro (4 Nov 2017) |
| - url: remove arg value check from CURLOPT_SSH_AUTH_TYPES |
| |
| Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value |
| check on this option is incorrect; we have to accept any value. |
| |
| Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES |
| erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT. |
| |
| Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120 |
| |
| Daniel Stenberg (4 Nov 2017) |
| - ntlm: avoid malloc(0) for zero length passwords |
| |
| It triggers an assert() when built with memdebug since malloc(0) may |
| return NULL *or* a valid pointer. |
| |
| Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 |
| |
| Assisted-by: Max Dymond |
| Closes #2054 |
| |
| - RELEASE-NOTES: synced with ee8016b3d |
| |
| - curl: speed up handling of many URLs |
| |
| By properly keeping track of the last entry in the list of URLs/uploads |
| to handle, curl now avoids many meaningless traverses of the list which |
| speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K |
| URLs). |
| |
| Added test 1291, to verify that it doesn't take ages - but we don't have |
| any detection of "too slow" command in the test suite. |
| |
| Reported-by: arainchik on github |
| Fixes #1959 |
| Closes #2052 |
| |
| - curl: pass through [] in URLs instead of calling globbing error |
| |
| Assisted-by: Per Lundberg |
| Fixes #2044 |
| Closes #2046 |
| Closes #2048 |
| |
| - CURLOPT_INFILESIZE: accept -1 |
| |
| Regression since f121575 |
| |
| Reported-by: Petr Voytsik |
| Fixes #2047 |
| |
| Jay Satiro (2 Nov 2017) |
| - url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 |
| |
| Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT |
| erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT. |
| |
| Dan Fandrich (1 Nov 2017) |
| - http2: Fixed OOM handling in upgrade request |
| |
| This caused the torture tests on test 1800 to fail. |
| |
| - tests: Fixed torture tests on tests 556 and 650 |
| |
| Test cleanup after OOM wasn't being consistently performed. |
| |
| Daniel Stenberg (1 Nov 2017) |
| - CURLOPT_MAXREDIRS: allow -1 as a value |
| |
| ... which is valid according to documentation. Regression since |
| f121575c0b5f. |
| |
| Verified now in test 501. |
| |
| Reported-by: cbartl on github |
| Fixes #2038 |
| Closes #2039 |
| |
| - include: remove conncache.h inclusion from where its not needed |
| |
| Jay Satiro (1 Nov 2017) |
| - url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 |
| |
| .. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE. |
| |
| Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE |
| erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html |
| Reported-by: Andrew Lambert |
| |
| Daniel Stenberg (31 Oct 2017) |
| - cookie: avoid NULL dereference |
| |
| ... when expiring old cookies. |
| |
| Reported-by: Pavel Gushchin |
| Fixes #2032 |
| Closes #2035 |
| |
| Marcel Raad (30 Oct 2017) |
| - memdebug: use send/recv signature for curl_dosend/curl_dorecv |
| |
| This avoids build errors and warnings caused by implicit casts. |
| |
| Closes https://github.com/curl/curl/pull/2031 |
| |
| Daniel Stenberg (30 Oct 2017) |
| - [Juro Bystricky brought this change] |
| |
| mkhelp.pl: support reproducible build |
| |
| Do not generate line with the current date, such as: |
| |
| * Generation time: Tue Oct-24 18:01:41 2017 |
| |
| This will improve reproducibility. The generated string is only |
| part of a comment, so there should be no adverse consequences. |
| |
| Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> |
| |
| closes #2026 |
| |
| Dan Fandrich (30 Oct 2017) |
| - runtests.pl: Fixed typo in message |
| |
| Daniel Stenberg (30 Oct 2017) |
| - curlx: the timeval functions are no longer provided as curlx_* |
| |
| Pointed-out-by: Dmitri Tikhonov |
| Bug: #2034 |
| |
| - select: update comments |
| |
| s/curlx_tvnow/Curl_now |
| |
| - INTERNALS: remove curlx_tv* functions no longer provided |
| |
| - [Dmitri Tikhonov brought this change] |
| |
| timeval: use mach time on MacOS |
| |
| If clock_gettime() is not supported, use mach_absolute_time() on MacOS. |
| |
| closes #2033 |
| |
| Patrick Monnerat (29 Oct 2017) |
| - cli tool: improve ";type=" handling in -F option arguments |
| |
| - cli tool: in -F option arg, comma is a delimiter for files only |
| |
| Also upgrade test 1133 to cover this case and clarify man page about |
| form data quoting. |
| |
| Bug: https://github.com/curl/curl/issues/2022 |
| Reported-By: omau on github |
| |
| Daniel Stenberg (29 Oct 2017) |
| - timeleft: made two more users of Curl_timeleft use timediff_t |
| |
| Jakub Zakrzewski (28 Oct 2017) |
| - cmake: Export libcurl and curl targets to use by other cmake projects |
| |
| The config files define curl and libcurl targets as imported targets |
| CURL::curl and CURL::libcurl. For backward compatibility with CMake- |
| provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are |
| also set. |
| |
| Closes #1879 |
| |
| Daniel Stenberg (28 Oct 2017) |
| - RELEASE-NOTES: synced with f20cbac97 |
| |
| - [Florin Petriuc brought this change] |
| |
| auth: Added test cases for RFC7616 |
| |
| Updated docs to include support for RFC7616 |
| |
| Signed-off-by: Florin <petriuc.florin@gmail.com> |
| |
| Closes #1934 |
| |
| - [Florin Petriuc brought this change] |
| |
| auth: add support for RFC7616 - HTTP Digest access authentication |
| |
| Signed-off-by: Florin <petriuc.florin@gmail.com> |
| |
| - [Daniel Bankhead brought this change] |
| |
| TODO: support multiple Content-Encodings |
| |
| Closes #2002 |
| |
| - ROADMAP: cleanup |
| |
| Removed done stuff. Removed entries no longer considered for the near |
| term. |
| |
| - [Magicansk brought this change] |
| |
| ROADMAP.md: spelling fixes |
| |
| Closes #2028 |
| |
| - Curl_timeleft: change return type to timediff_t |
| |
| returning 'time_t' is problematic when that type is unsigned and we |
| return values less than zero to signal "already expired", used in |
| several places in the code. |
| |
| Closes #2021 |
| |
| - appveyor: add a win32 build |
| |
| - setopt: fix CURLOPT_SSH_AUTH_TYPES option read |
| |
| Regression since f121575c0b5f |
| |
| Reported-by: Rob Cotrone |
| |
| Marcel Raad (27 Oct 2017) |
| - resolvers: only include anything if needed |
| |
| This avoids warnings about unused stuff. |
| |
| Closes https://github.com/curl/curl/pull/2023 |
| |
| Daniel Stenberg (27 Oct 2017) |
| - HELP-US: rename the subtitle too since the label is changed |
| |
| "PR-welcome" was the former name. |
| |
| - curl_setup.h: oops, shorten the too long line |
| |
| - [Martin Storsjo brought this change] |
| |
| curl_setup: Improve detection of CURL_WINDOWS_APP |
| |
| If WINAPI_FAMILY is defined, it should be safe to try to include |
| winapifamily.h to check what the define evaluates to. |
| |
| This should fix detection of CURL_WINDOWS_APP if building with |
| _WIN32_WINNT set to 0x0600. |
| |
| Closes #2025 |
| |
| Jay Satiro (26 Oct 2017) |
| - transfer: Fix chunked-encoding upload bug |
| |
| - When uploading via chunked-encoding don't compare file size to bytes |
| sent to determine whether the upload has finished. |
| |
| Chunked-encoding adds its own overhead which why the bytes sent is not |
| equal to the file size. Prior to this change if a file was uploaded in |
| chunked-encoding and its size was known it was possible that the upload |
| could end prematurely without sending the final few chunks. That would |
| result in a server hang waiting for the remaining data, likely followed |
| by a disconnect. |
| |
| The scope of this bug is limited to some arbitrary file sizes which have |
| not been determined. One size that triggers the bug is 475020. |
| |
| Bug: https://github.com/curl/curl/issues/2001 |
| Reported-by: moohoorama@users.noreply.github.com |
| |
| Closes https://github.com/curl/curl/pull/2010 |
| |
| Daniel Stenberg (26 Oct 2017) |
| - timeval: make timediff_t also work on 32bit windows |
| |
| ... by using curl_off_t for the typedef if time_t is larger than 4 |
| bytes. |
| |
| Reported-by: Gisle Vanem |
| Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co |
| mmitcomment-25205058 |
| Closes #2019 |
| |
| - curl_fnmatch: return error on illegal wildcard pattern |
| |
| ... instead of doing an infinite loop! |
| |
| Added test 1162 to verify. |
| |
| Reported-by: Max Dymond |
| Fixes #2015 |
| Closes #2017 |
| |
| - [Max Dymond brought this change] |
| |
| wildcards: don't use with non-supported protocols |
| |
| Fixes timeouts in the fuzzing tests for non-FTP protocols. |
| |
| Closes #2016 |
| |
| - [Max Dymond brought this change] |
| |
| multi: allow table handle sizes to be overridden |
| |
| Allow users to specify their own hash define for |
| CURL_CONNECTION_HASH_SIZE so that both values can be overridden. |
| |
| Closes #1982 |
| |
| - time: rename Curl_tvnow to Curl_now |
| |
| ... since the 'tv' stood for timeval and this function does not return a |
| timeval struct anymore. |
| |
| Also, cleaned up the Curl_timediff*() functions to avoid typecasts and |
| clean up the descriptive comments. |
| |
| Closes #2011 |
| |
| - ftplistparser: follow-up cleanup to remove PL_ERROR() |
| |
| - [Max Dymond brought this change] |
| |
| ftplistparser: free off temporary memory always |
| |
| When using the FTP list parser, ensure that the memory that's |
| allocated is always freed. |
| |
| Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 |
| Closes #2013 |
| |
| - timediff: return timediff_t from the time diff functions |
| |
| ... to cater for systems with unsigned time_t variables. |
| |
| - Renamed the functions to curlx_timediff and Curl_timediff_us. |
| |
| - Added overflow protection for both of them in either direction for |
| both 32 bit and 64 bit time_ts |
| |
| - Reprefixed the curlx_time functions to use Curl_* |
| |
| Reported-by: Peter Piekarski |
| Fixes #2004 |
| Closes #2005 |
| |
| - [Paul Howarth brought this change] |
| |
| libtest: Add required test libraries for lib1552 and lib1553 |
| |
| They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too. |
| |
| This fixes build failures on Fedora 13. |
| |
| Closes #2006 |
| |
| - [Alessandro Ghedini brought this change] |
| |
| libcurl-tutorial.3: fix typo |
| |
| closes #2008 |
| |
| Alessandro Ghedini (23 Oct 2017) |
| - curl_mime_filedata.3: fix typos |
| |
| Daniel Stenberg (23 Oct 2017) |
| - RELEASE-NOTES: clean slate towards 7.57.0 |
| |
| - [Max Dymond brought this change] |
| |
| travis: exit if any steps fail |
| |
| We don't expect any steps to fail in travis. Exit the script if they do. |
| |
| Closes #1966 |
| |
| Version 7.56.1 (23 Oct 2017) |
| |
| Daniel Stenberg (23 Oct 2017) |
| - RELEASE-NOTES: 7.56.1 |
| |
| - THANKS: update at 7.56.1 release time |
| |
| - [Jon DeVree brought this change] |
| |
| mk-ca-bundle: Remove URL for aurora |
| |
| Aurora is no longer used by Mozilla |
| https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/ |
| |
| - [Jon DeVree brought this change] |
| |
| mk-ca-bundle: Fix URL for NSS |
| |
| The 'tip' is the most recent branch committed to, this should be |
| 'default' like the URLs for the browser are. |
| |
| Closes #1998 |
| |
| - imap: if a FETCH response has no size, don't call write callback |
| |
| CVE-2017-1000257 |
| |
| Reported-by: Brian Carpenter and 0xd34db347 |
| Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586 |
| |
| - ftp: reject illegal IP/port in PASV 227 response |
| |
| ... by using range checks. Among other things, this avoids an undefined |
| behavior for a left shift that could happen on negative or very large |
| values. |
| |
| Closes #1997 |
| |
| Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694 |
| |
| Patrick Monnerat (20 Oct 2017) |
| - test653: check reuse of easy handle after mime data change |
| |
| See issue #1999 |
| |
| - mime: do not reuse previously computed multipart size |
| |
| The contents might have changed: size must be recomputed. |
| |
| Reported-by: moteus on github |
| Fixes #1999 |
| |
| - test308: disable if MultiSSL feature enabled |
| |
| Even if OpenSSL is enabled, it might not be the default backend when |
| multi-ssl is enabled, causing the test to fail. |
| |
| - runtests: support MultiSSL client feature |
| |
| - vtls: change struct Curl_ssl `close' field name to `close_one'. |
| |
| On OS/400, `close' is an ASCII system macro that corrupts the code if |
| not used in a context not targetting the close() system API. |
| |
| - os400: add missing symbols in config file. |
| |
| Also adjust makefile to renamed files and warn about installation dirs mix-up. |
| |
| - test652: curl_mime_data + base64 encoder with large contents |
| |
| - mime: limit bas64-encoded lines length to 76 characters |
| |
| Daniel Stenberg (16 Oct 2017) |
| - RELEASE-NOTES: synced with f121575c0 |
| |
| - setopt: range check most long options |
| |
| ... filter early instead of risking "funny values" having to be dealt |
| with elsewhere. |
| |
| - setopt: avoid integer overflows when setting millsecond values |
| |
| ... that are multiplied by 1000 when stored. |
| |
| For 32 bit long systems, the max value accepted (2147483 seconds) is > |
| 596 hours which is unlikely to ever be set by a legitimate application - |
| and previously it didn't work either, it just caused undefined behavior. |
| |
| Also updated the man pages for these timeout options to mention the |
| return code. |
| |
| Closes #1938 |
| |
| Viktor Szakats (15 Oct 2017) |
| - makefile.m32: allow to override gcc, ar and ranlib |
| |
| Allow to ovverride certain build tools, making it possible to |
| use LLVM/Clang to build curl. The default behavior is unchanged. |
| To build with clang (as offered by MSYS2), these settings can |
| be used: |
| |
| CURL_CC=clang |
| CURL_AR=llvm-ar |
| CURL_RANLIB=llvm-ranlib |
| |
| Closes https://github.com/curl/curl/pull/1993 |
| |
| - ldap: silence clang warning |
| |
| Use memset() to initialize a structure to avoid LLVM/Clang warning: |
| ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] |
| |
| Closes https://github.com/curl/curl/pull/1992 |
| |
| Daniel Stenberg (14 Oct 2017) |
| - runtests: use valgrind for torture as well |
| |
| NOTE: it makes them terribly slow. I recommend only using valgrind for |
| specific torture tests or using lots of patience. |
| |
| - memdebug: trace send, recv and socket |
| |
| ... to allow them to be included in torture tests too. |
| |
| closes #1980 |
| |
| - configure: remove the C++ compiler check |
| |
| ... we used it only for the fuzzer, which we now have in a separate git |
| repo. |
| |
| Closes #1990 |
| |
| Patrick Monnerat (13 Oct 2017) |
| - mime: do not call failf() if easy handle is NULL. |
| |
| Daniel Stenberg (13 Oct 2017) |
| - test651: curl_formadd with huge COPYCONTENTS |
| |
| - mime: fix the content reader to handle >16K data properly |
| |
| Reported-by: Jeroen Ooms |
| Closes #1988 |
| |
| Patrick Monnerat (12 Oct 2017) |
| - mime: keep "text/plain" content type if user-specified. |
| |
| Include test cases in 554, 587, 650. |
| |
| Fixes https://github.com/curl/curl/issues/1986 |
| |
| - cli tool: use file2memory() to buffer stdin in -F option. |
| |
| Closes PR https://github.com/curl/curl/pull/1985 |
| |
| - cli tool: reimplement stdin buffering in -F option. |
| |
| If stdin is not a regular file, its content is memory-buffered to enable |
| a possible data "rewind". |
| In all cases, stdin data size is determined before real use to avoid |
| having an unknown part's size. |
| |
| --libcurl generated code is left as an unbuffered stdin fread/fseek callback |
| part with unknown data size. |
| |
| Buffering is not supported in deprecated curl_formadd() API. |
| |
| Daniel Stenberg (12 Oct 2017) |
| - winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2 |
| |
| - HELP-US: the label "PR-welcome" is now renamed to "help wanted" |
| |
| following the new github "standard" |
| |
| - RELEASE-NOTES: synced with 5505df7d2 |
| |
| Jay Satiro (11 Oct 2017) |
| - [Artak Galoyan brought this change] |
| |
| url: Update current connection SSL verify params in setopt |
| |
| Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active |
| connection updates the current connection's (i.e.'connectdata' |
| structure) appropriate ssl_config (and ssl_proxy_config) structures |
| variables, making these options effective for ongoing connection. |
| |
| This functionality was available before and was broken by the |
| following change: |
| "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" |
| CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. |
| |
| Bug: https://github.com/curl/curl/issues/1941 |
| |
| Closes https://github.com/curl/curl/pull/1951 |
| |
| Daniel Stenberg (11 Oct 2017) |
| - [David Benjamin brought this change] |
| |
| openssl: don't use old BORINGSSL_YYYYMM macros |
| |
| Those were temporary things we'd add and remove for our own convenience |
| long ago. The last few stayed around for too long as an oversight but |
| have since been removed. These days we have a running |
| BORINGSSL_API_VERSION counter which is bumped when we find it |
| convenient, but 2015-11-19 was quite some time ago, so just check |
| OPENSSL_IS_BORINGSSL. |
| |
| Closes #1979 |
| |
| - test950; verify SMTP with custom request |
| |
| - ftpserver: support case insensitive commands |
| |
| - smtp_done: free data before returning (on send failure) |
| |
| ... as otherwise it could leak that memory. |
| |
| Detected by OSS-fuzz: |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 |
| |
| Assisted-by: Max Dymond |
| Closes #1977 |
| |
| - FTP: URL decode path for dir listing in nocwd mode |
| |
| Reported-by: Zenju on github |
| |
| Test 244 added to verify |
| Fixes #1974 |
| Closes #1976 |
| |
| - test298: verify --ftp-method nowcwd with URL encoded path |
| |
| Ref: #1974 |
| |
| - CURLOPT_XFERINFODATA.3: fix duplicate see also |
| |
| - CURLOPT_NOPROGRESS.3: also refer to xferinfofunction |
| |
| - FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION |
| |
| - openssl: enable PKCS12 support for !BoringSSL |
| |
| Enable PKCS12 for all non-boringssl builds without relying on configure |
| or cmake checks. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html |
| Reported-by: Christian Schmitz |
| Closes #1948 |
| |
| - [Kristiyan Tsaklev brought this change] |
| |
| curl: don't pass semicolons when parsing Content-Disposition |
| |
| Test 1422 updated to verify. |
| |
| Closes #1964 |
| |
| Patrick Monnerat (9 Oct 2017) |
| - mime: properly unbind mime structure in curl_mime_free(). |
| |
| This allows freeing a mime structure bound to the easy handle before |
| curl_easy_cleanup(). |
| |
| Fixes #1970. |
| |
| Daniel Stenberg (9 Oct 2017) |
| - RTSP: avoid integer overflow on funny RTSP response |
| |
| ... like a very large non-existing RTSP version number. |
| |
| Added test 577 to verify. |
| |
| Detected by OSS-fuzz. |
| Closes #1969 |
| |
| Patrick Monnerat (8 Oct 2017) |
| - ftpserver: properly reset $ftptargetdir. |
| |
| - test643: verify curl_mime_subparts() rejects cyclic additions. |
| |
| - mime: refuse to add subparts to one of their own descendants. |
| |
| Reported-by: Alexey Melnichuk |
| Fixes #1962 |
| |
| - mime: avoid resetting a part's encoder when part's contents change. |
| |
| - mime: improve unbinding top multipart from easy handle. |
| |
| Also avoid dangling pointers in referencing parts. |
| |
| Daniel Stenberg (8 Oct 2017) |
| - RELEASE-NOTES: synced with a4c1c75da30af1 |
| |
| - curlver.h: next expected release is 7.57.0 |
| |
| Patrick Monnerat (8 Oct 2017) |
| - mime: be tolerant about setting twice the same header list in a part. |
| |
| - docs: clarify form/mime usage of non-regular data files. |
| |
| Daniel Stenberg (8 Oct 2017) |
| - Revert "multi_done: wait for name resolve to finish if still ongoing" |
| |
| This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe. |
| |
| Caused memory leaks in the fuzzer, needs to be done differently. |
| |
| Disable test 1553 for now too, as it causes memory leaks without this |
| commit! |
| |
| - remove_handle: call multi_done() first, then clear dns cache pointer |
| |
| Closes #1960 |
| |
| - multi_done: wait for name resolve to finish if still ongoing |
| |
| ... as we must clean up memory. |
| |
| - pingpong: return error when trying to send without connection |
| |
| When imap_done() got called before a connection is setup, it would try |
| to "finish up" and dereffed a NULL pointer. |
| |
| Test case 1553 managed to reproduce. I had to actually use a host name |
| to try to resolve to slow it down, as using the normal local server IP |
| will make libcurl get a connection in the first curl_multi_perform() |
| loop and then the bug doesn't trigger. |
| |
| Fixes #1953 |
| Assisted-by: Max Dymond |
| |
| Dan Fandrich (6 Oct 2017) |
| - tests: added flaky keyword to tests 587 and 644 |
| |
| These are around 5% flaky in my Linux x86 autobuilds. |
| |
| Marcel Raad (6 Oct 2017) |
| - vtls: fix warnings with --disable-crypto-auth |
| |
| When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters |
| are not used. |
| |
| Daniel Stenberg (6 Oct 2017) |
| - multi_cleanup: call DONE on handles that never got that |
| |
| ... fixes a memory leak with at least IMAP when remove_handle is never |
| called and the transfer is abruptly just abandoned early. |
| |
| Test 1552 added to verify |
| |
| Detected by OSS-fuzz |
| Assisted-by: Max Dymond |
| Closes #1954 |
| |
| - [Benbuck Nason brought this change] |
| |
| strtoofft: Remove extraneous null check |
| |
| Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str' |
| argument. |
| |
| Closes #1952 |
| |
| - openssl: fix build without HAVE_OPAQUE_EVP_PKEY |
| |
| Reported-by: Javier Sixto |
| Fixes #1955 |
| Closes #1956 |
| |
| Viktor Szakats (6 Oct 2017) |
| - lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS |
| |
| The source code is now prepared to handle the case when both |
| Win32 Crypto and OpenSSL/NSS crypto backends are enabled |
| at the same time, making it now possible to enable `USE_WIN32_CRYPTO` |
| whenever the targeted Windows version supports it. Since this |
| matches the minimum Windows version supported by curl |
| (Windows 2000), enable it unconditionally for the Win32 platform. |
| |
| This in turn enables SMB (and SMBS) protocol support whenever |
| Win32 Crypto is available, regardless of what other crypto backends |
| are enabled. |
| |
| Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052 |
| |
| Closes https://github.com/curl/curl/pull/1943 |
| |
| Daniel Stenberg (5 Oct 2017) |
| - build: fix --disable-crypto-auth |
| |
| Reported-by: Wyatt O'Day |
| Fixes #1945 |
| Closes #1947 |
| |
| Jay Satiro (5 Oct 2017) |
| - [Nick Zitzmann brought this change] |
| |
| darwinssl: add support for TLSv1.3 |
| |
| Closes https://github.com/curl/curl/pull/1794 |
| |
| Daniel Stenberg (4 Oct 2017) |
| - [Felix Kaiser brought this change] |
| |
| docs: fix typo in curl_mime_data_cb man page |
| |
| Closes #1946 |
| |
| Viktor Szakats (4 Oct 2017) |
| - lib/Makefile.m32: allow customizing dll suffixes |
| |
| - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated |
| libcurl dll name. Useful to add `-x64` to 64-bit builds so that |
| it can live in the same directory as the 32-bit one. By default |
| this is empty. |
| |
| - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the |
| generated import library (implib) for libcurl .dll. It defaults |
| to `dll`, and it's useful to modify that to `.dll` to have the |
| standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`. |
| |
| Closes https://github.com/curl/curl/pull/1942 |
| |
| Daniel Stenberg (4 Oct 2017) |
| - [Max Dymond brought this change] |
| |
| fuzzer: move to using external curl-fuzzer |
| |
| Use the external curl-fuzzer repository for fuzzing. |
| |
| Closes #1923 |
| |
| - failf: skip the sprintf() if there are no consumers |
| |
| Closes #1936 |
| |
| - ftp: UBsan fixup 'pointer index expression overflowed' |
| |
| Closes #1939 |
| |
| - RELEASE-PROCEDURE: update the release schedule |
| |
| Version 7.56.0 (4 Oct 2017) |
| |
| Daniel Stenberg (4 Oct 2017) |
| - RELEASE-NOTES: curl 7.56.0 |
| |
| - THANKS: added new 7.56.0 contributors |
| |
| Jay Satiro (4 Oct 2017) |
| - build-openssl.bat: Warn OpenSSL 1.1.0 not yet supported |
| |
| Ref: https://github.com/curl/curl/issues/1002 |
| |
| Michael Kaufmann (3 Oct 2017) |
| - idn: fix source code comment |
| |
| - vtls: compare and clone ssl configs properly |
| |
| Compare these settings in Curl_ssl_config_matches(): |
| - verifystatus (CURLOPT_SSL_VERIFYSTATUS) |
| - random_file (CURLOPT_RANDOM_FILE) |
| - egdsocket (CURLOPT_EGDSOCKET) |
| |
| Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(), |
| and copy the setting "sessionid" unconditionally. |
| |
| This means that reusing connections that are secured with a client |
| certificate is now possible, and the statement "TLS session resumption |
| is disabled when a client certificate is used" in the old advisory at |
| https://curl.haxx.se/docs/adv_20170419.html is obsolete. |
| |
| Reviewed-by: Daniel Stenberg |
| |
| Closes #1917 |
| |
| - proxy: read the "no_proxy" variable only if necessary |
| |
| Reviewed-by: Daniel Stenberg |
| |
| Closes #1919 |
| |
| Patrick Monnerat (3 Oct 2017) |
| - libcurl-tutorial: add casts in example to avoid compilation warnings. |
| |
| Daniel Stenberg (3 Oct 2017) |
| - examples: bring back curl_formadd-using examples |
| |
| ... now with a -formadd suffix. While the new mime API is introduced in |
| 7.56.0 we must acknowledge that lots of users can't upgrade their curl |
| versions immediately. |
| |
| - test1153: verify quoted double-qoutes in PWD response |
| |
| - FTP: zero terminate the entry path even on bad input |
| |
| ... a single double quote could leave the entry path buffer without a zero |
| terminating byte. CVE-2017-1000254 |
| |
| Test 1152 added to verify. |
| |
| Reported-by: Max Dymond |
| Bug: https://curl.haxx.se/docs/adv_20171004.html |
| |
| Jay Satiro (2 Oct 2017) |
| - [Sergei Nikulov brought this change] |
| |
| cmake: disable tests and man generation if perl/nroff not found |
| |
| Fixes https://github.com/curl/curl/issues/1500 |
| Reported-by: Jay Satiro |
| |
| Fixes https://github.com/curl/curl/pull/1662 |
| Assisted-by: Tom Seddon |
| Assisted-by: dpull@users.noreply.github.com |
| Assisted-by: elelel@users.noreply.github.com |
| |
| Closes https://github.com/curl/curl/pull/1924 |
| |
| Patrick Monnerat (2 Oct 2017) |
| - libcurl-tutorial: fix two typos. |
| |
| - TODO: remove deprecated form API items. |
| |
| - libcurl-tutorial: describe MIME API and deprecate form API. |
| |
| Include a guide to form/mime API conversion. |
| |
| Daniel Stenberg (30 Sep 2017) |
| - cookie: fix memory leak if path was set twice in header |
| |
| ... this will let the second occurance override the first. |
| |
| Added test 1161 to verify. |
| |
| Reported-by: Max Dymond |
| Fixes #1932 |
| Closes #1933 |
| |
| Dan Fandrich (30 Sep 2017) |
| - test650: Use variable replacement to set the host address and port |
| |
| Otherwise, the test fails when the -b test option is used to set a |
| different test port range. |
| |
| - Set and use more necessary options when some protocols are disabled |
| |
| When curl and libcurl are built with some protocols disabled, they stop |
| setting and receiving some options that don't make sense with those |
| protocols. In particular, when HTTP is disabled many options aren't set |
| that are used only by HTTP. However, some options that appear to be |
| HTTP-only are actually used by other protocols as well (some despite |
| having HTTP in the name) and should be set, but weren't. This change now |
| causes some of these options to be set and used for more (or for all) |
| protocols. In particular, this fixes tests 646 through 649 in an |
| HTTP-disabled build, which use the MIME API in the mail protocols. |
| |
| Daniel Stenberg (29 Sep 2017) |
| - test1160: verifies cookie leak for large cookies |
| |
| The fix done in 20ea22ff735 |
| |
| - cookie: fix memory leak on oversized rejection |
| |
| Regression brought by 2bc230de63b |
| |
| Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513 |
| Assisted-by: Max Dymond |
| |
| Closes #1930 |
| |
| - [Anders Bakken brought this change] |
| |
| connect: fix race condition with happy eyeballs timeout |
| |
| The timer should be started after conn->connecttime is set. Otherwise |
| the timer could expire without this condition being true: |
| |
| /* should we try another protocol family? */ |
| if(i == 0 && conn->tempaddr[1] == NULL && |
| curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { |
| |
| Ref: #1928 |
| |
| Michael Kaufmann (28 Sep 2017) |
| - docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS |
| |
| Closes #1922 |
| |
| - docs: clarify the use of environment variables for proxy |
| |
| Closes #1921 |
| |
| - http: add custom empty headers to repeated requests |
| |
| Closes #1920 |
| |
| - reuse_conn: don't copy flags that are known to be equal |
| |
| A connection can only be reused if the flags "conn_to_host" and |
| "conn_to_port" match. Therefore it is not necessary to copy these flags |
| in reuse_conn(). |
| |
| Closes #1918 |
| |
| Daniel Stenberg (27 Sep 2017) |
| - curl.h: include <sys/select.h> on cygwin too |
| |
| When building with -std=c++14 on cygwin, this header won't be |
| automatically included as it otherwise is. |
| |
| The <sys/select.h> include decision should ideally be reversed and be |
| avoided where that header file doesn't exist. |
| |
| Reported-by: Ian Fette |
| Fixes #1925 |
| |
| - RELEASE-NOTES: synced with d8ab5dc50 |
| |
| Michael Kaufmann (24 Sep 2017) |
| - tests: adjust .gitignore for new tests |
| |
| Jay Satiro (23 Sep 2017) |
| - ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header |
| |
| .. and include the core NTLM header in all NTLM-related source files. |
| |
| Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT |
| but did not include vtls.h where it was defined. |
| |
| Closes https://github.com/curl/curl/pull/1911 |
| |
| Daniel Stenberg (23 Sep 2017) |
| - file_range: avoid integer overflow when figuring out byte range |
| |
| When trying to bump the value with one and the value is already at max, |
| it causes an integer overflow. |
| |
| Closes #1908 |
| Detected by oss-fuzz: |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 |
| |
| Assisted-by: Max Dymond |
| |
| Michael Kaufmann (23 Sep 2017) |
| - tests: fix a compiler warning in test 643 |
| |
| Jay Satiro (23 Sep 2017) |
| - symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entry |
| |
| - Use spaces instead of tabs as the delimiter. |
| |
| Follow up to 7c52b12 which added the entry. The entry had used tabs but |
| the symbol-scan parser doesn't recognize tabs and would fail the symbol. |
| |
| Viktor Szakats (22 Sep 2017) |
| - metalink: fix NSS issue in MultiSSL builds |
| |
| In MultiSSL mode (i.e. when more than one SSL backend is compiled |
| in), we cannot use the compile time flag `USE_NSS` as indicator that |
| the NSS backend is in use. As far as Metalink is concerned, the SSL |
| backend is only used for MD5, SHA-1 and SHA-256 calculations, |
| therefore one of the available SSL backends is selected at compile |
| time, in a strict order of preference. |
| |
| Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used |
| to determine whether the SSL backend used for Metalink is the NSS |
| backend, and use that to guard the code that wants to de-initialize |
| the NSS-specific data structure. |
| |
| Ref: https://github.com/curl/curl/pull/1848 |
| |
| - ntlm: use strict order for SSL backend #if branches |
| |
| With the recently introduced MultiSSL support multiple SSL backends |
| can be compiled into cURL That means that now the order of the SSL |
| |
| One option would be to use the same SSL backend as was configured |
| via `curl_global_sslset()`, however, NTLMv2 support would appear |
| to be available only with some SSL backends. For example, when |
| eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced |
| support for NTLMv1 using Windows' Crypt API, it specifically did |
| *not* introduce NTLMv2 support using Crypt API at the same time. |
| |
| So let's select one specific SSL backend for NTLM support when |
| compiled with multiple SSL backends, using a priority order such |
| that we support NTLMv2 even if only one compiled-in SSL backend can |
| be used for that. |
| |
| Ref: https://github.com/curl/curl/pull/1848 |
| |
| Daniel Stenberg (22 Sep 2017) |
| - symbols-in-versions: add CURLSSLSET_NO_BACKENDS |
| |
| ...fixup from b8e0fe19ec |
| |
| - imap: quote atoms properly when escaping characters |
| |
| Updates test 800 to verify |
| |
| Fixes #1902 |
| Closes #1903 |
| |
| - tests: make the imap server not verify user+password |
| |
| ... as the test cases themselves do that and it makes it easier to add |
| crazy test cases. |
| |
| Test 800 updated to use user name + password that need quoting. |
| |
| Test 856 updated to trigger an auth fail differently. |
| |
| Ref: #1902 |
| |
| - vtls: provide curl_global_sslset() even in non-SSL builds |
| |
| ... it just returns error: |
| |
| Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367 |
| Reported-by: Marcel Raad |
| |
| Closes #1906 |
| |
| Patrick Monnerat (22 Sep 2017) |
| - form/mime: field names are not allowed to contain zero-valued bytes. |
| |
| Also suppress length argument of curl_mime_name() (names are always |
| zero-terminated). |
| |
| Daniel Stenberg (21 Sep 2017) |
| - [Dirk Feytons brought this change] |
| |
| openssl: only verify RSA private key if supported |
| |
| In some cases the RSA key does not support verifying it because it's |
| located on a smart card, an engine wants to hide it, ... |
| Check the flags on the key before trying to verify it. |
| OpenSSL does the same thing internally; see ssl/ssl_rsa.c |
| |
| Closes #1904 |
| |
| Marcel Raad (21 Sep 2017) |
| - examples/post-callback: use long for CURLOPT_POSTFIELDSIZE |
| |
| Otherwise, typecheck-gcc.h warns on MinGW-w64. |
| |
| Patrick Monnerat (20 Sep 2017) |
| - mime: rephrase the multipart output state machine (#1898) ... |
| |
| ... in hope coverity will like it much. |
| |
| - mime: fix an explicit null dereference (#1899) |
| |
| Daniel Stenberg (20 Sep 2017) |
| - curl: check fseek() return code and bail on error |
| |
| Detected by coverity. CID 1418137. |
| |
| - smtp: fix memory leak in OOM |
| |
| Regression since ce0881edee |
| |
| Coverity CID 1418139 and CID 1418136 found it, but it was also seen in |
| torture testing. |
| |
| - RELEASE-NOTES: synced with 5fe85587c |
| |
| - [Pavel Pavlov brought this change] |
| |
| cookies: use lock when using CURLINFO_COOKIELIST |
| |
| Closes #1896 |
| |
| - [Max Dymond brought this change] |
| |
| ossfuzz: changes before merging the generated corpora |
| |
| Before merging in the oss-fuzz corpora from Google, there are some changes |
| to the fuzzer. |
| - Add a read corpus script, to display corpus files nicely. |
| - Change the behaviour of the fuzzer so that TLV parse failures all now |
| go down the same execution paths, which should reduce the size of the |
| corpora. |
| - Make unknown TLVs a failure to parse, which should decrease the size |
| of the corpora as well. |
| |
| Closes #1881 |
| |
| - mime:escape_string minor clarification change |
| |
| ... as it also removes a warning with old gcc versions. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html |
| Reported-by: Ben Greear |
| |
| - [Max Dymond brought this change] |
| |
| ossfuzz: don't write out to stdout |
| |
| Don't make the fuzzer write out to stdout - instead write some of the |
| contents to a memory block so we exercise the data output code but |
| quietly. |
| |
| Closes #1885 |
| |
| - cookies: reject oversized cookies |
| |
| ... instead of truncating them. |
| |
| There's no fixed limit for acceptable cookie names in RFC 6265, but the |
| entire cookie is said to be less than 4096 bytes (section 6.1). This is |
| also what browsers seem to implement. |
| |
| We now allow max 5000 bytes cookie header. Max 4095 bytes length per |
| cookie name and value. Name + value together may not exceed 4096 bytes. |
| |
| Added test 1151 to verify |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html |
| Reported-by: Kevin Smith |
| |
| Closes #1894 |
| |
| - travis: on mac, don't install openssl or libidn |
| |
| - openssl is already installed and causes warnings when trying to |
| install again |
| |
| - libidn isn't used these days, and homebrew doesn't seem to have a |
| libidn2 package to replace with easily |
| |
| Closes #1895 |
| |
| - curl: make str2udouble not return values on error |
| |
| ... previously it would store a return value even when it returned |
| error, which could make the value get used anyway! |
| |
| Reported-by: Brian Carpenter |
| Closes #1893 |
| |
| Jay Satiro (18 Sep 2017) |
| - socks: fix incorrect port number in SOCKS4 error message |
| |
| Prior to this change it appears the SOCKS5 port parsing was erroneously |
| used for the SOCKS4 error message, and as a result an incorrect port |
| would be shown in the error message. |
| |
| Bug: https://github.com/curl/curl/issues/1892 |
| Reported-by: Jackarain@users.noreply.github.com |
| |
| - [Marc Aldorasi brought this change] |
| |
| schannel: Support partial send for when data is too large |
| |
| Schannel can only encrypt a certain amount of data at once. Instead of |
| failing when too much data is to be sent at once, send as much data as |
| we can and let the caller send the remaining data by calling send again. |
| |
| Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html |
| |
| Closes https://github.com/curl/curl/pull/1890 |
| |
| - [David Benjamin brought this change] |
| |
| openssl: add missing includes |
| |
| lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include |
| their headers directly rather than relying on other OpenSSL headers |
| including things. |
| |
| Closes https://github.com/curl/curl/pull/1891 |
| |
| Daniel Stenberg (15 Sep 2017) |
| - conversions: fix several compiler warnings |
| |
| - server/getpart: provide dummy function to build conversion enabled |
| |
| - non-ascii: use iconv() with 'char **' argument |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html |
| |
| - escape.c: error: pointer targets differ in signedness |
| |
| - docs: clarify the CURLOPT_INTERLEAVE* options behavior |
| |
| - [Max Dymond brought this change] |
| |
| rtsp: Segfault in rtsp.c when using WRITEDATA |
| |
| If the INTERLEAVEFUNCTION is defined, then use that plus the |
| INTERLEAVEDATA information when writing RTP. Otherwise, use |
| WRITEFUNCTION and WRITEDATA. |
| |
| Fixes #1880 |
| Closes #1884 |
| |
| Marcel Raad (15 Sep 2017) |
| - [Isaac Boukris brought this change] |
| |
| tests: enable gssapi in travis-ci linux build |
| |
| Closes https://github.com/curl/curl/pull/1687 |
| |
| - [Isaac Boukris brought this change] |
| |
| tests: add initial gssapi test using stub implementation |
| |
| The stub implementation is pre-loaded using LD_PRELOAD |
| and emulates common gssapi uses (only builds if curl is |
| initially built with gssapi support). |
| |
| The initial tests are currently disabled for debug builds |
| as LD_PRELOAD is not used then. |
| |
| Ref: https://github.com/curl/curl/pull/1687 |
| |
| Daniel Stenberg (15 Sep 2017) |
| - test1150: verify same host fetch using different ports over proxy |
| |
| Closes #1889 |
| |
| - URL: on connection re-use, still pick the new remote port |
| |
| ... as when a proxy connection is being re-used, it can still get a |
| different remote port. |
| |
| Fixes #1887 |
| Reported-by: Oli Kingshott |
| |
| - RELEASE-NOTES: synced with 87501e57f |
| |
| - code style: remove wrong uses of multiple spaces |
| |
| Closes #1878 |
| |
| - checksrc: detect and warn for multiple spaces |
| |
| - code style: use space after semicolon |
| |
| - checksrc: verify space after semicolons |
| |
| - code style: use spaces around pluses |
| |
| - checksrc: detect and warn for lack of spaces next to plus signs |
| |
| - code style: use spaces around equals signs |
| |
| - checksrc: verify spaces around equals signs |
| |
| ... as the code style mandates. |
| |
| - Curl_checkheaders: make it available for IMAP and SMTP too |
| |
| ... not only HTTP uses this now. |
| |
| Closes #1875 |
| |
| - travis: add build without HTTP/SMTP/IMAP |
| |
| Jay Satiro (10 Sep 2017) |
| - mbedtls: enable CA path processing |
| |
| CA path processing was implemented when mbedtls.c was added to libcurl |
| in fe7590f, but it was never enabled. |
| |
| Bug: https://github.com/curl/curl/issues/1877 |
| Reported-by: SBKarr@users.noreply.github.com |
| |
| Daniel Stenberg (8 Sep 2017) |
| - rtsp: do not call fwrite() with NULL pointer FILE * |
| |
| If the default write callback is used and no destination has been set, a |
| NULL pointer would be passed to fwrite()'s 4th argument. |
| |
| OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327 |
| (not publicly open yet) |
| |
| Detected by OSS-fuzz |
| Closes #1874 |
| |
| - configure: use -Wno-varargs on clang 3.9[.X] debug builds |
| |
| ... to avoid a clang bug |
| |
| - [Max Dymond brought this change] |
| |
| ossfuzz: add some more handled CURL options |
| |
| Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT, |
| MAIL_FROM and uploading data. |
| |
| - configure: check for C++ compiler after C, to make it non-fatal |
| |
| The tests for object file/executable file extensions are presumably only |
| done for the first of these macros in the configure file. |
| |
| Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515 |
| Reported-by: Marcel Raad |
| Closes #1873 |
| |
| Patrick Monnerat (7 Sep 2017) |
| - form API: add new test 650. |
| |
| Now that the form API is deprecated and not used anymore in curl tool, |
| a lot of its features left untested. Test 650 attempts to check all these |
| features not tested elsewhere. |
| |
| Jay Satiro (7 Sep 2017) |
| - configure: fix curl_off_t check's include order |
| |
| - Prepend srcdir include path instead of append. |
| |
| Prior to this change it was possible that during the check for the size |
| of curl_off_t the include path of a user's already installed curl could |
| come before the include path of the to-be-built curl, resulting in the |
| system.h of the former being incorrectly included for that check. |
| |
| Closes https://github.com/curl/curl/pull/1870 |
| |
| Daniel Stenberg (7 Sep 2017) |
| - [Jakub Zakrzewski brought this change] |
| |
| KNOWN_BUGS: Remove CMake symbol hiding issue |
| |
| It has already been fixed in 6140dfc |
| |
| - http-proxy: when not doing CONNECT, that phase is done immediately |
| |
| `conn->connect_state` is NULL when doing a regular non-CONNECT request |
| over the proxy and should therefor be considered complete at once. |
| |
| Fixes #1853 |
| Closes #1862 |
| Reported-by: Lawrence Wagerfield |
| |
| - [Johannes Schindelin brought this change] |
| |
| OpenSSL: fix yet another mistake while encapsulating SSL backend data |
| |
| Another mistake in my manual fixups of the largely mechanical |
| search-and-replace ("connssl->" -> "BACKEND->"), just like the previous |
| commit concerning HTTPS proxies (and hence not caught during my |
| earlier testing). |
| |
| Fixes #1855 |
| Closes #1871 |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| OpenSSL: fix erroneous SSL backend encapsulation |
| |
| In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private |
| data, 2017-06-21), this developer prepared for a separation of the |
| private data of the SSL backends from the general connection data. |
| |
| This conversion was partially automated (search-and-replace) and |
| partially manual (e.g. proxy_ssl's backend data). |
| |
| Sadly, there was a crucial error in the manual part, where the wrong |
| handle was used: rather than connecting ssl[sockindex]' BIO to the |
| proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason |
| was an incorrect location to paste "BACKEND->"... d'oh. |
| |
| Reported by Jay Satiro in https://github.com/curl/curl/issues/1855. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Jay Satiro brought this change] |
| |
| vtls: fix memory corruption |
| |
| Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data, |
| 2017-07-28), the code handling HTTPS proxies was broken because the |
| pointer to the SSL backend data was not swapped between |
| conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but |
| instead set to NULL (causing segmentation faults). |
| |
| [jes: provided the commit message, tested and verified the patch] |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - vtls: switch to CURL_SHA256_DIGEST_LENGTH define |
| |
| ... instead of the prefix-less version since WolfSSL 3.12 now uses an |
| enum with that name that causes build failures for us. |
| |
| Fixes #1865 |
| Closes #1867 |
| Reported-by: Gisle Vanem |
| |
| - travis: add c-ares enabled builds linux + osx |
| |
| Closes #1868 |
| |
| - HISTORY: added some recent items |
| |
| Jay Satiro (6 Sep 2017) |
| - SSL: fix unused parameter warnings |
| |
| Patrick Monnerat (6 Sep 2017) |
| - mime: drop internal FILE * support. |
| |
| - The part kind MIMEKIND_FILE and associated code are suppressed. |
| - Seek data origin offset not used anymore: suppressed. |
| - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions |
| renamed accordingly. |
| - Curl_getformdata() processes stdin via a callback. |
| |
| Daniel Stenberg (6 Sep 2017) |
| - configure: remove --enable-soname-bump and SONAME_BUMP |
| |
| Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we |
| determine the native type for `curl_off_t`. To really make sure we |
| didn't break ABI without bumping SONAME, we introduced logic that |
| attempted to detect that it would use a different size and thus not be |
| compatible. We also provided a manual switch that allowed users to tell |
| configure to bump SONAME by force. |
| |
| Today, we know of no one who ever got a SONAME bump auto-detected and we |
| don't know of anyone who's using the manual bump feature. The auto- |
| detection is also no longer working since we introduced defining |
| curl_off_t in system.h (7.55.0). |
| |
| Finally, this bumping logic is not present in the cmake build. |
| |
| Closes #1861 |
| |
| Jay Satiro (6 Sep 2017) |
| - [Gisle Vanem brought this change] |
| |
| vtls: select ssl backend case-insensitive (follow-up) |
| |
| - Do a case-insensitive comparison of CURL_SSL_BACKEND env as well. |
| |
| - Change Curl_strcasecompare calls to strcasecompare |
| (maps to the former but shorter). |
| |
| Follow-up to c290b8f. |
| |
| Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313 |
| |
| Co-authored-by: Jay Satiro |
| |
| - openssl: Integrate Peter Wu's SSLKEYLOGFILE implementation |
| |
| This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations. |
| |
| The first one, written for old OpenSSL versions: |
| https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c |
| |
| The second one, written for BoringSSL and new OpenSSL versions: |
| https://github.com/curl/curl/pull/1346 |
| |
| Note the first one is GPL licensed but the author gave permission to |
| waive that license for libcurl. |
| |
| As of right now this feature is disabled by default, and does not have |
| a configure option to enable it. To enable this feature define |
| ENABLE_SSLKEYLOGFILE when building libcurl and set environment |
| variable SSLKEYLOGFILE to a pathname that will receive the keys. |
| |
| And in Wireshark change your preferences to point to that key file: |
| Edit > Preferences > Protocols > SSL > Master-Secret |
| |
| Co-authored-by: Peter Wu |
| |
| Ref: https://github.com/curl/curl/pull/1030 |
| Ref: https://github.com/curl/curl/pull/1346 |
| |
| Closes https://github.com/curl/curl/pull/1866 |
| |
| Patrick Monnerat (5 Sep 2017) |
| - mime: fix a trivial warning. |
| |
| - mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code. |
| |
| mime_state is now a typedef. |
| |
| - mime: implement encoders. |
| |
| curl_mime_encoder() is operational and documented. |
| curl tool -F option is extended with ";encoder=". |
| curl tool --libcurl option generates calls to curl_mime_encoder(). |
| New encoder tests 648 & 649. |
| Test 1404 extended with an encoder specification. |
| |
| - runtests.pl: support attribute "nonewline" in part verify/upload. |
| |
| - [Daniel Stenberg brought this change] |
| |
| fixup data/test1135 |
| |
| - [Daniel Stenberg brought this change] |
| |
| mime: unified to use the typedef'd mime structs everywhere |
| |
| ... and slightly edited to follow our code style better. |
| |
| - [Daniel Stenberg brought this change] |
| |
| curl.h: use lower case curl_mime* as for all public symbols |
| |
| - [Daniel Stenberg brought this change] |
| |
| docs/curl_mime_*.3: use correct variable types in examples |
| |
| Kamil Dudka (5 Sep 2017) |
| - openssl: use OpenSSL's default ciphers by default |
| |
| Up2date versions of OpenSSL maintain the default reasonably secure |
| without breaking compatibility, so it is better not to override the |
| default by curl. Suggested at https://bugzilla.redhat.com/1483972 |
| |
| Closes #1846 |
| |
| Viktor Szakats (5 Sep 2017) |
| - examples/mime: minor example code fixes |
| |
| Daniel Stenberg (5 Sep 2017) |
| - docs/curl_mime_*.3: added examples |
| |
| - configure: add MultiSSL to FEATURES when enabled |
| |
| ...for curl-config and its corresponding test 1014 |
| |
| - http-proxy: treat all 2xx as CONNECT success |
| |
| Added test 1904 to verify. |
| |
| Reported-by: Lawrence Wagerfield |
| Fixes #1859 |
| Closes #1860 |
| |
| - MAIL-ETIQUETTE: added "1.9 Your emails are public" |
| |
| - curl.h: fix "unused checksrc ignore", remove dangling reference |
| |
| ... to a README file that doesn't exist anymore |
| |
| Viktor Szakats (4 Sep 2017) |
| - docs: Update to secure URL versions |
| |
| - mime: use CURL_ZERO_TERMINATED in examples |
| |
| and some minor whitespace fixes |
| |
| Daniel Stenberg (4 Sep 2017) |
| - schannel: return CURLE_SSL_CACERT on failed verification |
| |
| ... not *CACERT_BADFILE as it isn't really because of a bad file. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html |
| Closes #1858 |
| |
| - test1135: fixed after bd8070085f9 |
| |
| - examples/post-callback: stop returning one byte at a time |
| |
| ... since people copy and paste code from this example and thus they get |
| an inefficient POST operation without a good reason and sometimes |
| without understanding why. |
| |
| Instead this now returns as much data as possible. |
| |
| - RELEASE-NOTES: fixed the function counter script |
| |
| - curl.h: make the curl_strequal() protos use the same style |
| |
| ... as the other functions. Makes it easier to machine-parse! |
| |
| - docs: curl_mime_*.3 man page formatting edits |
| |
| - RELEASE-NOTES: synced with 1ab9e9b50 |
| |
| Patrick Monnerat (4 Sep 2017) |
| - lib: bump version info (soname). Adapt and reenable test 1135. |
| |
| Daniel Stenberg (3 Sep 2017) |
| - headers: move the global_sslset() proto from multi.h to curl.h |
| |
| As it was added to multi.h simply to not break test 1135, which now has |
| been disabled due to the mime API addition anyway and su we can now move |
| the sslset stuff to where the other curl_global_* prototypes are. |
| |
| Patrick Monnerat (3 Sep 2017) |
| - mime: fix signed/unsigned conversions. |
| |
| Use and generate CURL_ZERO_TERMINATED in curl tool and tests. |
| |
| Jay Satiro (3 Sep 2017) |
| - tool_formparse: fix some trivial warnings |
| |
| Patrick Monnerat (3 Sep 2017) |
| - mime: use size_t instead of ssize_t in public API interface. |
| |
| To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED |
| has been introduced. |
| |
| Documentation updated accordingly. |
| |
| symbols in versions updated. Added form API symbols deprecation info. |
| |
| - mime: remove support "-" stdin pseudo-file name in curl_mime_filedata(). |
| |
| This feature is badly supported in Windows: as a replacement, a caller has |
| to use curl_mime_data_cb() with fread, fseek and possibly fclose |
| callbacks to process opened files. |
| |
| The cli tool and documentation are updated accordingly. |
| |
| The feature is however kept internally for form API compatibility, with |
| the known caveats it always had. |
| |
| As a side effect, stdin size is not determined by the cli tool even if |
| possible and this results in a chunked transfer encoding. Test 173 is |
| updated accordingly. |
| |
| - mime: fix some implicit curl_off_t --> size_t conversion warnings. |
| |
| - mime: tests and examples. |
| |
| Additional mime-specific tests. |
| Existing tests updated to reflect small differences (Expect: 100-continue, |
| data size change due to empty lines, etc). |
| Option -F headers= keyword added to tests. |
| test1135 disabled until the entry point order change is resolved. |
| New example smtp-mime. |
| Examples postit2 and multi-post converted from form API to mime API. |
| |
| - mime: use in curl cli tool instead of form API. |
| |
| Extended -F option syntax to support multipart mail messages. |
| -F keyword headers= added to include custom headers in parts. |
| Documentation upgraded. |
| |
| - mime: new MIME API. |
| |
| Available in HTTP, SMTP and IMAP. |
| Deprecates the FORM API. |
| See CURLOPT_MIMEPOST. |
| Lib code and associated documentation. |
| |
| - test564: Add a warning comment about shell profile output. |
| |
| Shell profile output makes the SSH server failing and this problem reason |
| is not easy to find when no hint is given. |
| |
| - checksrc: disable SPACEBEFOREPAREN for case statement. |
| |
| The case keyword may be followed by a constant expression and thus should |
| allow it to start with an open parenthesis. |
| |
| - runtests.pl: allow <file[1-4]> tags in client section. |
| |
| This enables tests to create more than one file on the client side. |
| |
| - runtests.pl: Apply strippart to upload too. |
| |
| This will allow substitution of boundaries in mail messages. |
| |
| - Curl_base64_encode: always call with a real data handle. |
| |
| Some calls in different modules were setting the data handle to NULL, causing |
| segmentation faults when using builds that enable character code conversions. |
| |
| - non-ascii: allow conversion functions to be called with a NULL data handle. |
| |
| - http: fix a memory leakage in checkrtspprefix(). |
| |
| Daniel Stenberg (2 Sep 2017) |
| - [Max Dymond brought this change] |
| |
| ossfuzz: Move to C++ for curl_fuzzer. |
| |
| Automake gets confused if you want to use C++ static libraries with C |
| code - basically we need to involve the clang++ linker. The easiest way |
| of achieving this is to rename the C code as C++ code. This gets us a |
| bit further along the path and ought to be compatible with Google's |
| version of clang. |
| |
| - curl_global_sslset: select backend by name case insensitively |
| |
| Closes #1849 |
| |
| - [Max Dymond brought this change] |
| |
| ossfuzz: additional seed corpora |
| |
| Create simple seed corpora for: |
| - FTP |
| - telnet |
| - dict |
| - tftp |
| - imap |
| - pop3 |
| |
| based off the tests of the same number. |
| |
| Closes #1842 |
| |
| - [Max Dymond brought this change] |
| |
| ossfuzz: moving towards the ideal integration |
| |
| - Start with the basic code from the ossfuzz project. |
| - Rewrite fuzz corpora to be binary files full of Type-Length-Value |
| data, and write a glue layer in the fuzzing function to convert |
| corpora into CURL options. |
| - Have supporting functions to generate corpora from existing tests |
| - Integrate with Makefile.am |
| |
| - strcase: corrected comment header for Curl_strcasecompare() |
| |
| - unit1301: fix error message on first test |
| |
| - curl_global_sslset.3: show the struct and enum too |
| |
| ... so that users can actually write code based on the man page alone, |
| not having to read the header file. |
| |
| Jay Satiro (31 Aug 2017) |
| - darwinssl: handle long strings in TLS certs (follow-up) |
| |
| - Fix handling certificate subjects that are already UTF-8 encoded. |
| |
| Follow-up to b3b75d1 from two days ago. Since then a copy would be |
| skipped if the subject was already UTF-8, possibly resulting in a NULL |
| deref later on. |
| |
| Ref: https://github.com/curl/curl/issues/1823 |
| Ref: https://github.com/curl/curl/pull/1831 |
| |
| Closes https://github.com/curl/curl/pull/1836 |
| |
| Daniel Stenberg (31 Aug 2017) |
| - cyassl: call it the "WolfSSL" backend |
| |
| ... instead of cyassl, as this is the current name for it. |
| |
| Closes #1844 |
| |
| - polarssl: fix multissl breakage |
| |
| Reported-by: Dan Fandrich |
| Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html |
| Closes #1843 |
| |
| - configure: remove the leading comma from the backends list |
| |
| ... when darwinssl is used. |
| |
| Reported-by: Viktor Szakats |
| Bug: https://github.com/curl/curl/commit/b0989cd3abaff4f9a0717b4875022fa79e33b481#commitcomment-23943493 |
| |
| Closes #1845 |
| |
| Kamil Dudka (30 Aug 2017) |
| - examples/sslbackend.c: fix failure of 'make checksrc' |
| |
| ./sslbackend.c:58:3: warning: else after closing brace on same line (BRACEELSE) |
| } else if(isdigit(*name)) { |
| ^ |
| ./sslbackend.c:62:3: warning: else after closing brace on same line (BRACEELSE) |
| } else |
| ^ |
| |
| Viktor Szakats (30 Aug 2017) |
| - makefile.m32: add multissl support |
| |
| Closes https://github.com/curl/curl/pull/1840 |
| |
| Daniel Stenberg (30 Aug 2017) |
| - curl.h: CURLSSLBACKEND_WOLFSSL used wrong value |
| |
| The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for |
| CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk |
| for a similar mistake, define the backend aliases to use the enum values |
| instead. |
| |
| Reported-by: Gisle Vanem |
| Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html |
| |
| - curl_global_sslset.3: clarify |
| |
| it is a one time *set*, not necessarily a one time use... it can be |
| called again if the first call failed or just listed the alternatives. |
| |
| clarify that the available backends are the ones this build supports |
| |
| plus add some formatting |
| |
| Reported-by: Rich Gray |
| Bug: https://curl.haxx.se/mail/lib-2017-08/0119.html |
| |
| - curl/multi.h: remove duplicated closing c++ brace |
| |
| Regression since 1328f69d53f2f2e93 |
| |
| Fixes #1841 |
| Reported-by: Andrei Karas |
| |
| - RELEASE-NOTES: synced with 8c33c963a |
| |
| - HELP-US.md: spelling |
| |
| - HELP-US.md: "How to get started helping out in the curl project" |
| |
| Closes #1837 |
| |
| Dan Fandrich (29 Aug 2017) |
| - asyn-thread: Fixed cleanup after OOM |
| |
| destroy_async_data() assumes that if the flag "done" is not set yet, the |
| thread itself will clean up once the request is complete. But if an |
| error (generally OOM) occurs before the thread even has a chance to |
| start, it will never get a chance to clean up and memory will be leaked. |
| By clearing "done" only just before starting the thread, the correct |
| cleanup sequence will happen in all cases. |
| |
| Daniel Stenberg (28 Aug 2017) |
| - curl_global_init.3: mention curl_global_sslset(3) |
| |
| Dan Fandrich (28 Aug 2017) |
| - unit1606: Fixed shadowed variable warning |
| |
| - asyn-thread: Improved cleanup after OOM situations |
| |
| - asyn-thread: Set errno to the proper value ENOMEM in OOM situation |
| |
| This used to be set in some configurations to EAI_MEMORY which is not a |
| valid value for errno and caused Curl_strerror to fail an assertion. |
| |
| Daniel Stenberg (28 Aug 2017) |
| - [Johannes Schindelin brought this change] |
| |
| configure: Handle "MultiSSL" specially When versioning symbols |
| |
| There is a mode in which libcurl is compiled with versioned symbols, |
| depending on the active SSL backend. |
| |
| When multiple SSL backends are active, it does not make sense to favor |
| one over the others, so let's not: introduce a new prefix for the case |
| where multiple SSL backends are compiled into cURL. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| configure: allow setting the default SSL backend |
| |
| Previously, we used as default SSL backend whatever was first in the |
| `available_backends` array. |
| |
| However, some users may want to override that default without patching |
| the source code. |
| |
| Now they can: with the --with-default-ssl-backend=<backend> option of |
| the ./configure script. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: use Curl_ssl_multi pseudo backend only when needed |
| |
| When only one SSL backend is configured, it is totally unnecessary to |
| let multissl_init() configure the backend at runtime, we can select the |
| correct backend at build time already. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| version: if built with more than one SSL backend, report all of them |
| |
| To discern the active one from the inactive ones, put the latter into |
| parentheses. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| version: add the CURL_VERSION_MULTI_SSL feature flag |
| |
| This new feature flag reports When cURL was built with multiple SSL |
| backends. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| metalink: allow compiling with multiple SSL backends |
| |
| Previously, the code assumed that at most one of the SSL backends would |
| be compiled in, emulating OpenSSL's functions if the configured backend |
| was not OpenSSL itself. |
| |
| However, now we allow building with multiple SSL backends and choosing |
| one at runtime. Therefore, metalink needs to be adjusted to handle this |
| scenario, too. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| docs/examples: demonstrate how to select SSL backends |
| |
| The newly-introduced curl_global_sslset() function deserves to be |
| show-cased. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| Add a man page for curl_global_sslset() |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: introduce curl_global_sslset() |
| |
| Let's add a compile time safe API to select an SSL backend. This |
| function needs to be called *before* curl_global_init(), and can be |
| called only once. |
| |
| Side note: we do not explicitly test that it is called before |
| curl_global_init(), but we do verify that it is not called multiple times |
| (even implicitly). |
| |
| If SSL is used before the function was called, it will use whatever the |
| CURL_SSL_BACKEND environment variable says (or default to the first |
| available SSL backend), and if a subsequent call to |
| curl_global_sslset() disagrees with the previous choice, it will fail |
| with CURLSSLSET_TOO_LATE. |
| |
| The function also accepts an "avail" parameter to point to a (read-only) |
| NULL-terminated list of available backends. This comes in real handy if |
| an application wants to let the user choose between whatever SSL backends |
| the currently available libcurl has to offer: simply call |
| |
| curl_global_sslset(-1, NULL, &avail); |
| |
| which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail |
| variable to point to the relevant information to present to the user. |
| |
| Just like with the HTTP/2 push functions, we have to add the function |
| declaration of curl_global_sslset() function to the header file |
| *multi.h* because VMS and OS/400 require a stable order of functions |
| declared in include/curl/*.h (where the header files are sorted |
| alphabetically). This looks a bit funny, but it cannot be helped. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: refactor out essential information about the SSL backends |
| |
| There is information about the compiled-in SSL backends that is really |
| no concern of any code other than the SSL backend itself, such as which |
| function (if any) implements SHA-256 summing. |
| |
| And there is information that is really interesting to the user, such as |
| the name, or the curl_sslbackend value. |
| |
| Let's factor out the latter into a publicly visible struct. This |
| information will be used in the upcoming API to set the SSL backend |
| globally. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: allow selecting which SSL backend to use at runtime |
| |
| When building software for the masses, it is sometimes not possible to |
| decide for all users which SSL backend is appropriate. |
| |
| Git for Windows, for example, uses cURL to perform clones, fetches and |
| pushes via HTTPS, and some users strongly prefer OpenSSL, while other |
| users really need to use Secure Channel because it offers |
| enterprise-ready tools to manage credentials via Windows' Credential |
| Store. |
| |
| The current Git for Windows versions use the ugly work-around of |
| building libcurl once with OpenSSL support and once with Secure Channel |
| support, and switching out the binaries in the installer depending on |
| the user's choice. |
| |
| Needless to say, this is a super ugly workaround that actually only |
| works in some cases: Git for Windows also comes in a portable form, and |
| in a form intended for third-party applications requiring Git |
| functionality, in which cases this "swap out libcurl-4.dll" simply is |
| not an option. |
| |
| Therefore, the Git for Windows project has a vested interest in teaching |
| cURL to make the SSL backend a *runtime* option. |
| |
| This patch makes that possible. |
| |
| By running ./configure with multiple --with-<backend> options, cURL will |
| be built with multiple backends. |
| |
| For the moment, the backend can be configured using the environment |
| variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and |
| "schannel"). |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: fold the backend ID into the Curl_ssl structure |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| curl_ntlm_core: don't complain but #include OpenSSL header if needed |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: encapsulate SSL backend-specific data |
| |
| So far, all of the SSL backends' private data has been declared as |
| part of the ssl_connect_data struct, in one big #if .. #elif .. #endif |
| block. |
| |
| This can only work as long as the SSL backend is a compile-time option, |
| something we want to change in the next commits. |
| |
| Therefore, let's encapsulate the exact data needed by each SSL backend |
| into a private struct, and let's avoid bleeding any SSL backend-specific |
| information into urldata.h. This is also necessary to allow multiple SSL |
| backends to be compiled in at the same time, as e.g. OpenSSL's and |
| CyaSSL's headers cannot be included in the same .c file. |
| |
| To avoid too many malloc() calls, we simply append the private structs |
| to the connectdata struct in allocate_conn(). |
| |
| This requires us to take extra care of alignment issues: struct fields |
| often need to be aligned on certain boundaries e.g. 32-bit values need to |
| be stored at addresses that divide evenly by 4 (= 32 bit / 8 |
| bit-per-byte). |
| |
| We do that by assuming that no SSL backend's private data contains any |
| fields that need to be aligned on boundaries larger than `long long` |
| (typically 64-bit) would need. Under this assumption, we simply add a |
| dummy field of type `long long` to the `struct connectdata` struct. This |
| field will never be accessed but acts as a placeholder for the four |
| instances of ssl_backend_data instead. the size of each ssl_backend_data |
| struct is stored in the SSL backend-specific metadata, to allow |
| allocate_conn() to know how much extra space to allocate, and how to |
| initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend |
| pointers. |
| |
| This would appear to be a little complicated at first, but is really |
| necessary to encapsulate the private data of each SSL backend correctly. |
| And we need to encapsulate thusly if we ever want to allow selecting |
| CyaSSL and OpenSSL at runtime, as their headers cannot be included within |
| the same .c file (there are just too many conflicting definitions and |
| declarations for that). |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: prepare the SSL backends for encapsulated private data |
| |
| At the moment, cURL's SSL backend needs to be configured at build time. |
| As such, it is totally okay for them to hard-code their backend-specific |
| data in the ssl_connect_data struct. |
| |
| In preparation for making the SSL backend a runtime option, let's make |
| the access of said private data a bit more abstract so that it can be |
| adjusted later in an easy manner. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| urldata.h: move SSPI-specific #include to correct location |
| |
| In 86b889485 (sasl_gssapi: Added GSS-API based Kerberos V5 variables, |
| 2014-12-03), an SSPI-specific field was added to the kerberos5data |
| struct without moving the #include "curl_sspi.h" later in the same file. |
| |
| This broke the build when SSPI was enabled, unless Secure Channel was |
| used as SSL backend, because it just so happens that Secure Channel also |
| requires "curl_sspi.h" to be #included. |
| |
| In f4739f639 (urldata: include curl_sspi.h when Windows SSPI is enabled, |
| 2017-02-21), this bug was fixed incorrectly: Instead of moving the |
| appropriate conditional #include, the Secure Channel-conditional part |
| was now also SSPI-conditional. |
| |
| Fix this problem by moving the correct #include instead. |
| |
| This is also required for an upcoming patch that moves all the Secure |
| Channel-specific stuff out of urldata.h and encapsulates it properly in |
| vtls/schannel.c instead. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| urldata.h: remove support for obsolete PolarSSL version |
| |
| Since 5017d5ada (polarssl: now require 1.3.0+, 2014-03-17), we require |
| a newer PolarSSL version. No need to keep code trying to support any |
| older version. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| getinfo: access SSL internals via Curl_ssl |
| |
| In the ongoing endeavor to abstract out all SSL backend-specific |
| functionality, this is the next step: Instead of hard-coding how the |
| different SSL backends access their internal data in getinfo.c, let's |
| implement backend-specific functions to do that task. |
| |
| This will also allow for switching SSL backends as a runtime option. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: move SSL backends' private constants out of their header files |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| axtls: use Curl_none_* versions of init() and cleanup() |
| |
| There are convenient no-op versions of the init/cleanup functions now, |
| no need to define private ones for axTLS. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: remove obsolete declarations of SSL backend functionality |
| |
| These functions are all available via the Curl_ssl struct now, no need |
| to declare them separately anymore. |
| |
| As the global declarations are removed, the corresponding function |
| definitions are marked as file-local. The only two exceptions here are |
| Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the |
| declarations were removed, there are no function definitions to mark |
| file-local. |
| |
| Please note that Curl_nss_force_init() is *still* declared globally, as |
| the only SSL backend-specific function, because it was introduced |
| specifically for the use case where cURL was compiled with |
| `--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add |
| support for NSS, 2010-06-27). |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| schannel: reorder functions topologically |
| |
| The _shutdown() function calls the _session_free() function; While this |
| is not a problem now (because schannel.h declares both functions), a |
| patch looming in the immediate future with make all of these functions |
| file-local. |
| |
| So let's just move the _session_free() function's definition before it |
| is called. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| axtls: reorder functions topologically |
| |
| The connect_finish() function (like many other functions after it) calls |
| the Curl_axtls_close() function; While this is not a problem now |
| (because axtls.h declares the latter function), a patch looming in the |
| immediate future with make all of these functions file-local. |
| |
| So let's just move the Curl_axtls_close() function's definition before |
| it is called. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: move the SUPPORT_HTTPS_PROXY flag into the Curl_ssl struct |
| |
| That will allow us to choose the SSL backend at runtime. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: convert the have_curlssl_* constants to runtime flags |
| |
| The entire idea of introducing the Curl_ssl struct to describe SSL |
| backends is to prepare for choosing the SSL backend at runtime. |
| |
| To that end, convert all the #ifdef have_curlssl_* style conditionals |
| to use bit flags instead. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: move sha256sum into the Curl_ssl struct |
| |
| The SHA-256 checksumming is also an SSL backend-specific function. |
| Let's include it in the struct declaring the functionality of SSL |
| backends. |
| |
| In contrast to MD5, there is no fall-back code. To indicate this, the |
| respective entries are NULL for those backends that offer no support for |
| SHA-256 checksumming. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: move md5sum into the Curl_ssl struct |
| |
| The MD5 summing is also an SSL backend-specific function. So let's |
| include it, offering the previous fall-back code as a separate function |
| now: Curl_none_md5sum(). To allow for that, the signature had to be |
| changed so that an error could be returned from the implementation |
| (Curl_none_md5sum() can run out of memory). |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: use the Curl_ssl struct to access all SSL backends' functionality |
| |
| This is the first step to unify the SSL backend handling. Now all the |
| SSL backend-specific functionality is accessed via a global instance of |
| the Curl_ssl struct. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: declare Curl_ssl structs for every SSL backend |
| |
| The idea of introducing the Curl_ssl struct was to unify how the SSL |
| backends are declared and called. To this end, we now provide an |
| instance of the Curl_ssl struct for each and every SSL backend. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: introduce a new struct for SSL backends |
| |
| This new struct is similar in nature to Curl_handler: it will define the |
| functions and capabilities of all the SSL backends (where Curl_handler |
| defines the functions and capabilities of protocol handlers). |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: make sure every _sha256sum()'s first arg is const |
| |
| This patch makes the signature of the _sha256sum() functions consistent |
| among the SSL backends, in preparation for unifying the way all SSL |
| backends are accessed. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: make sure all _data_pending() functions return bool |
| |
| This patch makes the signature of the _data_pending() functions |
| consistent among the SSL backends, in preparation for unifying the way |
| all SSL backends are accessed. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: make sure all _cleanup() functions return void |
| |
| This patch makes the signature of the _cleanup() functions consistent |
| among the SSL backends, in preparation for unifying the way all SSL |
| backends are accessed. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| vtls: use consistent signature for _random() implementations |
| |
| This will make the upcoming multissl backend much easier to implement. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - strtooff: fix build for systems with long long but no strtoll option |
| |
| Closes #1829 |
| |
| Reported-by: Dan Fandrich |
| Bug: https://github.com/curl/curl/pull/1758#issuecomment-324861615 |
| |
| - darwinssl: handle long strings in TLS certs |
| |
| ... as the previous fixed length 128 bytes buffer was sometimes too |
| small. |
| |
| Fixes #1823 |
| Closes #1831 |
| |
| Reported-by: Benjamin Sergeant |
| Assisted-by: Bill Pyne, Ray Satiro, Nick Zitzmann |
| |
| - system.h: include sys/poll.h for AIX |
| |
| ... to get the event/revent defines that might be used for the poll |
| struct. |
| |
| Reported-by: Michael Smith |
| Fixes #1828 |
| Closes #1833 |
| |
| Dan Fandrich (26 Aug 2017) |
| - tests: Make sure libtests & unittests call curl_global_cleanup() |
| |
| These were missed in commit c468c27b. |
| |
| Jay Satiro (26 Aug 2017) |
| - [theantigod brought this change] |
| |
| winbuild: fix embedded manifest option |
| |
| Embedded manifest option didn't work due to incorrect path. |
| |
| Fixes https://github.com/curl/curl/issues/1832 |
| |
| Daniel Stenberg (25 Aug 2017) |
| - fuzz/Makefile.am: remove curlbuild.h leftovers |
| |
| - examples/threaded-ssl: mention that this is for openssl before 1.1 |
| |
| - imap: use defined names for response codes |
| |
| When working on this code I found the previous setup a bit weird while |
| using proper defines increases readability. |
| |
| Closes #1824 |
| |
| - CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD |
| |
| - imap: support PREAUTH |
| |
| It is a defined possible greeting at server startup that means the |
| connection is already authenticated. See |
| https://tools.ietf.org/html/rfc3501#section-7.1.4 |
| |
| Test 846 added to verify. |
| |
| Fixes #1818 |
| Closes #1820 |
| |
| Jay Satiro (23 Aug 2017) |
| - config-tpf: define SIZEOF_LONG |
| |
| Recent changes that replaced CURL_SIZEOF_LONG in the source with |
| SIZEOF_LONG broke builds that use the premade configuration files and |
| don't have SIZEOF_LONG defined. |
| |
| Bug: https://github.com/curl/curl/issues/1816 |
| |
| Dan Fandrich (23 Aug 2017) |
| - test1453: Fixed <features> |
| |
| Daniel Stenberg (22 Aug 2017) |
| - [Gisle Vanem brought this change] |
| |
| config-dos: add missing defines, SIZEOF_* and two others |
| |
| Bug: #1816 |
| |
| - curl: shorten and clean up CA cert verification error message |
| |
| The previous message was just too long for ordinary people and it was |
| encouraging users to use `--insecure` a little too easy. |
| |
| Based-on-work-by: Frank Denis |
| |
| Closes #1810 |
| Closes #1817 |
| |
| - request-target.d: mention added in 7.55.0 |
| |
| Marcel Raad (22 Aug 2017) |
| - tool_main: turn off MinGW CRT's globbing |
| |
| By default, the MinGW CRT globs command-line arguments. This prevents |
| getting a single asterisk into an argument as test 1299 does. Turn off |
| globbing by setting the global variable _CRT_glob to 0 for MinGW. |
| |
| Fixes https://github.com/curl/curl/issues/1751 |
| Closes https://github.com/curl/curl/pull/1813 |
| |
| Viktor Szakats (22 Aug 2017) |
| - makefile.m32: add support for libidn2 |
| |
| libidn was replaced with libidn2 last year in configure. |
| Caveat: libidn2 may depend on a list of further libs. |
| These can be manually specified via CURL_LDFLAG_EXTRAS. |
| |
| Closes https://github.com/curl/curl/pull/1815 |
| |
| Jay Satiro (22 Aug 2017) |
| - [Viktor Szakats brought this change] |
| |
| config-win32: define SIZEOF_LONG |
| |
| Recent changes that replaced CURL_SIZEOF_LONG in the source with |
| SIZEOF_LONG broke builds that use the premade configuration files and |
| don't have SIZEOF_LONG defined. |
| |
| Closes https://github.com/curl/curl/pull/1814 |
| |
| Daniel Stenberg (20 Aug 2017) |
| - cmake: enable picky compiler options with clang and gcc |
| |
| closes #1799 |
| |
| - curl/system.h: fix build for hppa |
| |
| Reported-by: John David Anglin |
| Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10 |
| |
| - [Even Rouault brought this change] |
| |
| tftp: fix memory leak on too long filename |
| |
| Fixes |
| |
| $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz |
| |
| ==9752== Memcheck, a memory error detector |
| ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. |
| ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info |
| ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz |
| ==9752== |
| curl: (71) TFTP file name too long |
| |
| ==9752== |
| ==9752== HEAP SUMMARY: |
| ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11 |
| ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl) |
| ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl) |
| ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl) |
| |
| Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568 |
| Credit to OSS Fuzz |
| |
| Closes #1808 |
| |
| Dan Fandrich (19 Aug 2017) |
| - runtests: fixed case insensitive matching of keywords |
| |
| Commit 5c2aac71 didn't work in the case of mixed-case keywords given on |
| the command-line. |
| |
| - tests: Make sure libtests call curl_global_cleanup() |
| |
| This ensures that global data allocations are freed so Valgrind stays |
| happy. This was a problem with at least PolarSSL and mbedTLS. |
| |
| Daniel Stenberg (18 Aug 2017) |
| - RELEASE-NOTES: synced with 8baead425 |
| |
| - scripts/contri*sh: use "git log --use-mailmap" |
| |
| - mailmap: de-duplify some git authors |
| |
| - http2_recv: return error better on fatal h2 errors |
| |
| Ref #1012 |
| Figured-out-by: Tatsuhiro Tsujikawa |
| |
| - KNOWN_BUGS: HTTP test server 'connection-monitor' problems |
| |
| Closes #868 |
| |
| - curl/system.h: check for __ppc__ as well |
| |
| ... regression since issue #1774 (commit 10b3df10596a) since obviously |
| some older gcc doesn't know __powerpc__ while some newer doesn't know |
| __ppc__ ... |
| |
| Fixes #1797 |
| Closes #1798 |
| Reported-by: Ryan Schmidt |
| |
| - [Jan Alexander Steffens (heftig) brought this change] |
| |
| http: Don't wait on CONNECT when there is no proxy |
| |
| Since curl 7.55.0, NetworkManager almost always failed its connectivity |
| check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP |
| CONNECT process entirely non-blocking). |
| |
| This patch replaces !Curl_connect_complete with Curl_connect_ongoing, |
| which returns false if the CONNECT state was left uninitialized and lets |
| the connection continue. |
| |
| Closes #1803 |
| Fixes #1804 |
| |
| Also-fixed-by: Gergely Nagy |
| |
| - [Johannes Schindelin brought this change] |
| |
| metalink: adjust source code style |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG |
| |
| - lib557: no longer use CURL_SIZEOF_* defines |
| |
| - config-win32: define SIZEOF_CURL_OFF_T |
| |
| - cmake: sizeof curl_off_t, remove unused detections |
| |
| - system.h: remove all CURL_SIZEOF_* defines |
| |
| ... as they're not used externally and internally we check for the sizes |
| already in configure etc. |
| |
| Closes #1767 |
| |
| - ftp: fix CWD when doing multicwd then nocwd on same connection |
| |
| Fixes #1782 |
| Closes #1787 |
| Reported-by: Peter Lamare |
| |
| - CURLOPT_SSH_COMPRESSION.3: enable with 1L |
| |
| (leaves other values reserved for the future) |
| |
| - compressed-ssh.d: "Added: 7.56.0" |
| |
| - curl/system.h: checksrc compliance |
| |
| Jay Satiro (17 Aug 2017) |
| - [Viktor Szakats brought this change] |
| |
| ssh: add the ability to enable compression (for SCP/SFTP) |
| |
| The required low-level logic was already available as part of |
| `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] |
| option.) |
| |
| This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` |
| (boolean) and the new `curl` command-line option `--compressed-ssh` |
| to request this `libssh2` feature. To have compression enabled, it |
| is required that the SSH server supports a (zlib) compatible |
| compression method and that `libssh2` was built with `zlib` support |
| enabled. |
| |
| [1] https://www.libssh2.org/libssh2_session_flag.html |
| |
| Ref: https://github.com/curl/curl/issues/1732 |
| Closes https://github.com/curl/curl/pull/1735 |
| |
| - examples/ftpuploadresume: checksrc compliance |
| |
| - [Maksim Stsepanenka brought this change] |
| |
| http_proxy: fix build error for CURL_DOES_CONVERSIONS |
| |
| Closes https://github.com/curl/curl/pull/1793 |
| |
| GitHub (16 Aug 2017) |
| - [Nick Zitzmann brought this change] |
| |
| configure: check for __builtin_available() availability (#1788) |
| |
| This change does two things: |
| 1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently |
| failing trying to compile connectx() in lib/connect.c.) |
| 2. It finally weak-links the connectx() function, and falls back on |
| connect() when run on older operating systems. |
| |
| Daniel Stenberg (16 Aug 2017) |
| - travis: add metalink to some osx builds |
| |
| Closes #1790 |
| |
| - [Max Dymond brought this change] |
| |
| coverage: Use two coveralls commands to get lib/vtls results |
| |
| closes #1747 |
| |
| - darwinssi: fix error: variable length array used |
| |
| - m4/curl-compilers.m4: use proper quotes around string, not backticks |
| |
| ... when setting clang version to assume 3.7 |
| |
| Caused a lot of "integer expression expected" warnings by configure. |
| |
| - [Benbuck Nason brought this change] |
| |
| cmake: remove dead code for DISABLED_THREADSAFE |
| |
| Closes #1786 |
| |
| Jay Satiro (15 Aug 2017) |
| - [Jakub Zakrzewski brought this change] |
| |
| curl-confopts.m4: fix --disable-threaded-resolver |
| |
| Closes https://github.com/curl/curl/issues/1784 |
| |
| Daniel Stenberg (15 Aug 2017) |
| - [Ryan Winograd brought this change] |
| |
| progress: Track total times following redirects |
| |
| Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`, |
| `t_pretransfer`, and `t_starttransfer` to track the total times for |
| these activities when a redirect is followed. Previously, only the times |
| for the most recent request would be tracked. |
| |
| Related changes: |
| |
| - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes` |
| now that the function only resets transfer sizes and no longer |
| modifies any of the progress timers. |
| |
| - Add a bool to the `Progress` struct that is used to prevent |
| double-counting `t_starttransfer` times. |
| |
| Added test case 1399. |
| |
| Fixes #522 and Known Bug 1.8 |
| Closes #1602 |
| Reported-by: joshhe on github |
| |
| - [Benbuck Nason brought this change] |
| |
| cmake: remove dead code for CURL_DISABLE_RTMP |
| |
| Closes #1785 |
| |
| Kamil Dudka (15 Aug 2017) |
| - zsh.pl: produce a working completion script again |
| |
| Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help |
| to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to |
| produce a broken completion script: |
| |
| % curl --<TAB> |
| _curl:10: no such file or directory: seconds |
| |
| Closes #1779 |
| |
| Daniel Stenberg (15 Aug 2017) |
| - curlver: toward 7.56.0? |
| |
| - RELEASE-NOTES: synced with 91c46dc44 |
| |
| - test1449: FTP download range with an too large size |
| |
| - strtoofft: reduce integer overflow risks globally |
| |
| ... make sure we bail out on overflows. |
| |
| Reported-by: Brian Carpenter |
| Closes #1758 |
| |
| - travis: build the examples too |
| |
| to make sure they keep building warning-free |
| |
| Closes #1777 |
| |
| - runtests: match keywords case insensitively |
| |
| - examples/ftpuploadresume.c: use portable code |
| |
| ... converted from the MS specific _snscanf() |
| |
| Version 7.55.1 (13 Aug 2017) |
| |
| Daniel Stenberg (13 Aug 2017) |
| - RELEASE-NOTES/THANKS: curl 7.55.1 release time |
| |
| - gitignore: ignore .xz now instead of .lzma |
| |
| - [Sergei Nikulov brought this change] |
| |
| cmake: Threads detection update. ref: #1702 |
| |
| Closes #1719 |
| |
| - ipv6_scope: support unique local addresses |
| |
| Fixes #1764 |
| Closes #1773 |
| Reported-by: James Slaughter |
| |
| - [Alex Potapenko brought this change] |
| |
| curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__ |
| |
| Closes #1774 |
| |
| - test1448: verify redirect to IDN using URL |
| |
| Closes #1772 |
| |
| - [Salah-Eddin Shaban brought this change] |
| |
| redirect: skip URL encoding for host names |
| |
| This fixes redirects to IDN URLs |
| |
| Fixes #1441 |
| Closes #1762 |
| Reported by: David Lord |
| |
| - test2032: mark as flaky (again) |
| |
| - travis: test cmake build on tarball too |
| |
| Could've prevented #1755 |
| |
| - [Simon Warta brought this change] |
| |
| cmake: allow user to override CMAKE_DEBUG_POSTFIX |
| |
| Closes #1763 |
| |
| - connect-to.d: better language |
| |
| - connect-to.d: clarified |
| |
| - bagder/Curl_tvdiff_us: fix the math |
| |
| Regression since adef394ac5 (released in 7.55.0) |
| |
| Reported-by: Han Qiao |
| Fixes #1769 |
| Closes #1771 |
| |
| - curl/system.h: add Oracle Solaris Studio |
| |
| Fixes #1752 |
| |
| - [Alessandro Ghedini brought this change] |
| |
| docs: fix typo funtion -> function |
| |
| Closes #1770 |
| |
| Alessandro Ghedini (12 Aug 2017) |
| - docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description |
| |
| - docs: fix typo stuct -> struct |
| |
| Dan Fandrich (12 Aug 2017) |
| - test1447: require a curl with http support |
| |
| Daniel Stenberg (11 Aug 2017) |
| - [Thomas Petazzoni brought this change] |
| |
| curl/system.h: support more architectures |
| |
| The long list of architectures in include/curl/system.h is annoying to |
| maintain, and needs to be extended for each and every architecture to |
| support. |
| |
| Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler |
| (we are in the GNUC condition anyway), which tells us if long is 4 |
| bytes or 8 bytes. |
| |
| This fixes the build of libcurl 7.55.0 on architectures such as |
| OpenRISC or ARC. |
| |
| Closes #1766 |
| |
| Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> |
| |
| - test2033: this went flaky again |
| |
| Suspicion: when we enabled the threaded resolver by default. |
| |
| - test1447: verifies the parse proxy fix in 6e0e152ce5c |
| |
| - [Even Rouault brought this change] |
| |
| parse_proxy(): fix memory leak in case of invalid proxy server name |
| |
| Fixes the below leak: |
| |
| $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1 |
| curl: (5) Couldn't resolve proxy name |
| ==5048== |
| ==5048== HEAP SUMMARY: |
| ==5048== in use at exit: 532 bytes in 12 blocks |
| ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated |
| ==5048== |
| ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12 |
| ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| ==5048== by 0x4E6CB79: parse_login_details (url.c:5614) |
| ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) |
| ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) |
| ==5048== by 0x4E6EA18: create_conn (url.c:6498) |
| ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) |
| ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) |
| ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) |
| ==5048== by 0x4E7C515: easy_transfer (easy.c:708) |
| ==5048== by 0x4E7C74A: easy_perform (easy.c:794) |
| ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) |
| ==5048== by 0x414025: operate_do (tool_operate.c:1563) |
| ==5048== |
| ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12 |
| ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621) |
| ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) |
| ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) |
| ==5048== by 0x4E6EA18: create_conn (url.c:6498) |
| ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) |
| ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) |
| ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) |
| ==5048== by 0x4E7C515: easy_transfer (easy.c:708) |
| ==5048== by 0x4E7C74A: easy_perform (easy.c:794) |
| ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) |
| ==5048== by 0x414025: operate_do (tool_operate.c:1563) |
| |
| Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984 |
| Credit to OSS Fuzz for discovery |
| |
| Closes #1761 |
| |
| - RELEASE-NOTES: synced with 37f2195a9 |
| |
| - curlver: bump to 7.55.1 |
| |
| - openssl: fix "error: this statement may fall through" |
| |
| A gcc7 warning. |
| |
| - [David Benjamin brought this change] |
| |
| openssl: remove CONST_ASN1_BIT_STRING. |
| |
| Just making the pointer as const works for the pre-1.1.0 path too. |
| |
| Closes #1759 |
| |
| - maketgz: remove old *.dist files before making the tarball |
| |
| To avoid "old crap" unintentionally getting shipped. |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html |
| Reported-by: Christian Weisgerber |
| |
| Jay Satiro (10 Aug 2017) |
| - mkhelp.pl: allow executing this script directly |
| |
| - Enable execute permission (chmod +x) |
| |
| - Change interpreter to /usr/bin/env perl |
| |
| Ref: https://github.com/curl/curl/issues/1743 |
| |
| Daniel Stenberg (10 Aug 2017) |
| - configure: use the threaded resolver backend by default if possible |
| |
| Closes #1647 |
| |
| - cmake: move cmake_uninstall.cmake to CMake/ |
| |
| Closes #1756 |
| |
| - metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead |
| |
| - dist: fix the cmake build by shipping cmake_uninstall.cmake.in too |
| |
| Fixes #1755 |
| |
| - travis: verify "make install" |
| |
| Help-by: Jay Satiro |
| Closes #1753 |
| |
| Marcel Raad (10 Aug 2017) |
| - build: check out *.sln files with Windows line endings |
| |
| Visual Studio doesn't like LF line endings in solution files and always |
| converts them to CRLF when doing changes to the solution. Notably, this |
| affects the solutions in the release archive. |
| |
| Closes https://github.com/curl/curl/pull/1746 |
| |
| - gitignore: ignore top-level .vs folder |
| |
| This folder is generated when using the CMake build system from within |
| Visual Studio. |
| |
| Closes https://github.com/curl/curl/pull/1746 |
| |
| Jay Satiro (10 Aug 2017) |
| - digest_sspi: Don't reuse context if the user/passwd has changed |
| |
| Bug: https://github.com/curl/curl/issues/1685 |
| Reported-by: paulharris@users.noreply.github.com |
| |
| Assisted-by: Isaac Boukris |
| |
| Closes https://github.com/curl/curl/pull/1742 |
| |
| Daniel Stenberg (9 Aug 2017) |
| - [Adam Sampson brought this change] |
| |
| dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST |
| |
| These weren't included in the 7.55.0 release, but are required in order |
| to run the full test suite. |
| |
| Closes #1744 |
| |
| - [Adam Sampson brought this change] |
| |
| curl: do bounds check using a double comparison |
| |
| The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't |
| complete: if the parsed number in num is larger than will fit in a long, |
| the conversion is undefined behaviour (causing test1427 to fail for me |
| on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting |
| rid of the cast means the comparison will be done using doubles. |
| |
| It might make more sense for the max argument to also be a double... |
| |
| Fixes #1750 |
| Closes #1749 |
| |
| - make install: add 8 missing man pages to the installation |
| |
| - build: fix 'make install' with configure, install docs/libcurl/* too |
| |
| Broken since d24838d4da9faa |
| |
| Reported-by: Bernard Spil |
| |
| Version 7.55.0 (9 Aug 2017) |
| |
| Daniel Stenberg (9 Aug 2017) |
| - RELEASE-NOTES: curl 7.55.0 |
| |
| - THANKS: 20 new contributors in 7.55.0 |
| |
| - [Viktor Szakats brought this change] |
| |
| docs/comments: Update to secure URL versions |
| |
| Closes #1741 |
| |
| - configure: fix recv/send/select detection on Android |
| |
| ... since they now provide several functions as |
| __attribute__((overloadable)), the argument detection logic need |
| updates. |
| |
| Patched-by: destman at github |
| |
| Fixes #1738 |
| Closes #1739 |
| |
| Marcel Raad (8 Aug 2017) |
| - ax_code_coverage.m4: update to latest version |
| |
| This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d |
| from August 01, 2017. Notably, this removes the lconv version whitelist. |
| |
| Closes https://github.com/curl/curl/pull/1716 |
| |
| Daniel Stenberg (7 Aug 2017) |
| - test1427: verify command line parser integer overflow detection |
| |
| - curl: detect and bail out early on parameter integer overflows |
| |
| Make the number parser aware of the maximum limit curl accepts for a |
| value and return an error immediately if larger, instead of running an |
| integer overflow later. |
| |
| Fixes #1730 |
| Closes #1736 |
| |
| - glob: do not continue parsing after a strtoul() overflow range |
| |
| Added test 1289 to verify. |
| |
| CVE-2017-1000101 |
| |
| Bug: https://curl.haxx.se/docs/adv_20170809A.html |
| Reported-by: Brian Carpenter |
| |
| - tftp: reject file name lengths that don't fit |
| |
| ... and thereby avoid telling send() to send off more bytes than the |
| size of the buffer! |
| |
| CVE-2017-1000100 |
| |
| Bug: https://curl.haxx.se/docs/adv_20170809B.html |
| Reported-by: Even Rouault |
| |
| Credit to OSS-Fuzz for the discovery |
| |
| - [Even Rouault brought this change] |
| |
| file: output the correct buffer to the user |
| |
| Regression brought by 7c312f84ea930d8 (April 2017) |
| |
| CVE-2017-1000099 |
| |
| Bug: https://curl.haxx.se/docs/adv_20170809C.html |
| |
| Credit to OSS-Fuzz for the discovery |
| |
| - easy_events: make event data static |
| |
| First: this function is only used in debug-builds and not in |
| release/real builds. It is used to drive tests using the event-based |
| API. |
| |
| A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the |
| CURLMOPT_TIMERFUNCTION calback can in fact be called even after this |
| funtion returns, namely when curl_multi_remove_handle() is called. |
| |
| Reported-by: Brian Carpenter |
| |
| - getparameter: avoid returning uninitialized 'usedarg' |
| |
| Fixes #1728 |
| |
| Marcel Raad (5 Aug 2017) |
| - [Isaac Boukris brought this change] |
| |
| gssapi: fix memory leak of output token in multi round context |
| |
| When multiple rounds are needed to establish a security context |
| (usually ntlm), we overwrite old token with a new one without free. |
| Found by proposed gss tests using stub a gss implementation (by |
| valgrind error), though I have confirmed the leak with a real |
| gssapi implementation as well. |
| |
| Closes https://github.com/curl/curl/pull/1733 |
| |
| - darwinssl: fix compiler warning |
| |
| clang complains: |
| vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive |
| [-Werror,-Wextra-tokens] |
| |
| This breaks the darwinssl build on Travis. Fix it by making this token |
| a comment. |
| |
| Closes https://github.com/curl/curl/pull/1734 |
| |
| - CMake: fix CURL_WERROR for MSVC |
| |
| When using CURL_WERROR in MSVC builds, the debug flags were overridden |
| by the release flags and /WX got added twice in debug mode. |
| |
| Closes https://github.com/curl/curl/pull/1715 |
| |
| Daniel Stenberg (4 Aug 2017) |
| - RELEASE-NOTES: synced with 561e9217c |
| |
| - test1010: verify that #1718 is fixed |
| |
| ... by doing two transfers in nocwd mode and check that there's no |
| superfluous CWD command. |
| |
| - FTP: skip unnecessary CWD when in nocwd mode |
| |
| ... when reusing a connection. If it didn't do any CWD previously. |
| |
| Fixes #1718 |
| |
| Marcel Raad (4 Aug 2017) |
| - travis: explicitly specify dist |
| |
| This makes the builds more reproducible as travis is currently rolling |
| out trusty as default dist [1]. Specifically, this avoids coverage |
| check failures when trusty is used as seen in [2] until we figure out |
| what's wrong. |
| |
| [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming |
| [2] https://github.com/curl/curl/pull/1692 |
| |
| Closes https://github.com/curl/curl/pull/1725 |
| |
| Daniel Stenberg (4 Aug 2017) |
| - travis: BUILD_TYPE => T |
| |
| (to make the full line appear nicer on travis web UI) |
| |
| - travis: add osx build with darwinssl |
| |
| Closes #1706 |
| |
| - darwin: silence compiler warnings |
| |
| With a clang pragma and three type fixes |
| |
| Fixes #1722 |
| |
| - BUILD.WINDOWS: mention buildconf.bat for builds off git |
| |
| - darwinssl: fix curlssl_sha256sum() compiler warnings on first argument |
| |
| - test130: verify comments in .netrc |
| |
| - [Gisle Vanem brought this change] |
| |
| netrc: skip lines starting with '#' |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html |
| |
| Marcel Raad (3 Aug 2017) |
| - CMake: set MSVC warning level to 4 |
| |
| The MSVC warning level defaults to 3 in CMake. Change it to 4, which is |
| consistent with the Visual Studio and NMake builds. Disable level 4 |
| warning C4127 for the library and additionally C4306 for the test |
| servers to get a clean CURL_WERROR build as that warning is raised in |
| some macros in older Visual Studio versions. |
| |
| Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 |
| Closes https://github.com/curl/curl/pull/1711 |
| |
| Daniel Stenberg (2 Aug 2017) |
| - CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2 |
| |
| Reported-by: Viktor Szakats |
| |
| - CURLOPT_NETRC.3: mention the file name on windows |
| |
| ... and CURLOPT_NETRC_FILE(3). |
| |
| - travis: build osx with libressl too |
| |
| - travis: build osx with openssl too |
| |
| - tests/server/util: fix curltime mistake from 4dee50b9c80f9 |
| |
| Marcel Raad (1 Aug 2017) |
| - curl_threads: fix MSVC compiler warning |
| |
| Use LongToHandle to convert from long to HANDLE in the Win32 |
| implementation. |
| This should fix the following warning when compiling with |
| MSVC 11 (2012) in 64-bit mode: |
| lib\curl_threads.c(113): warning C4306: |
| 'type cast' : conversion from 'long' to 'HANDLE' of greater size |
| |
| Closes https://github.com/curl/curl/pull/1717 |
| |
| Daniel Stenberg (1 Aug 2017) |
| - BUGS: improved phrasing about security bugs |
| |
| Reported-by: Max Dymond |
| |
| - BUGS: clarify how to report security related bugs |
| |
| - [Brad Spencer brought this change] |
| |
| multi: fix request timer management |
| |
| There are some bugs in how timers are managed for a single easy handle |
| that causes the wrong "next timeout" value to be reported to the |
| application when a new minimum needs to be recomputed and that new |
| minimum should be an existing timer that isn't currently set for the |
| easy handle. When the application drives a set of easy handles via the |
| `curl_multi_socket_action()` API (for example), it gets told to wait the |
| wrong amount of time before the next call, which causes requests to |
| linger for a long time (or, it is my guess, possibly forever). |
| |
| Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html |
| |
| Jay Satiro (1 Aug 2017) |
| - curl_setup: Define CURL_NO_OLDIES for building libcurl |
| |
| .. to catch accidental use of deprecated error codes. |
| |
| Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237 |
| |
| Daniel Stenberg (1 Aug 2017) |
| - [Jeremy Tan brought this change] |
| |
| configure: fix the check for IdnToUnicode |
| |
| Fixes #1669 |
| Closes #1713 |
| |
| - http: fix response code parser to avoid integer overflow |
| |
| test 1429 and 1433 were updated to work with the stricter HTTP status line |
| parser. |
| |
| Closes #1714 |
| Reported-by: Brian Carpenter |
| |
| Jay Satiro (31 Jul 2017) |
| - [Dwarakanath Yadavalli brought this change] |
| |
| libcurl: Stop using error codes defined under CURL_NO_OLDIES |
| |
| Fixes https://github.com/curl/curl/issues/1688 |
| Closes https://github.com/curl/curl/pull/1712 |
| |
| - include.d: clarify --include is only for response headers |
| |
| Follow-up to 171f8de and de6de94. |
| |
| Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851 |
| Reported-by: Daniel Stenberg |
| |
| Daniel Stenberg (30 Jul 2017) |
| - [Jason Juang brought this change] |
| |
| cmake: support make uninstall |
| |
| Closes #1674 |
| |
| - RELEASE-NOTES: synced with 001701c47 |
| |
| Marcel Raad (29 Jul 2017) |
| - AppVeyor: now really use CURL_WERROR |
| |
| It was misspelled as CURL_ERROR in commit |
| 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4. |
| |
| Closes https://github.com/curl/curl/pull/1686 |
| |
| Jay Satiro (29 Jul 2017) |
| - tool_help: clarify --include is only for response headers |
| |
| Follow-up to 171f8de. |
| |
| Ref: https://github.com/curl/curl/issues/1704 |
| |
| - splay: fix signed/unsigned mismatch warning |
| |
| Follow-up to 4dee50b. |
| |
| Ref: https://github.com/curl/curl/pull/1693 |
| |
| Daniel Stenberg (28 Jul 2017) |
| - include.d: clarify that it concerns the response headers |
| |
| Reported-by: olesteban at github |
| Fixes #1704 |
| |
| - [Johannes Schindelin brought this change] |
| |
| curl_rtmp: fix a compiler warning |
| |
| The headers of librtmp declare the socket as `int`, and on Windows, that |
| disagrees with curl_socket_t. |
| |
| Bug: #1652 |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - test1323: verify curlx_tvdiff |
| |
| - timeval: struct curltime is a struct timeval replacement |
| |
| ... to make all libcurl internals able to use the same data types for |
| the struct members. The timeval struct differs subtly on several |
| platforms so it makes it cumbersome to use everywhere. |
| |
| Ref: #1652 |
| Closes #1693 |
| |
| - darwinssl: fix variable type mistake (regression) |
| |
| ... which made --tlsv1.2 not work because it would blank the max tls |
| version variable. |
| |
| Reported-by: Nick Miyake |
| Bug: #1703 |
| |
| - multi: mention integer overflow risk if using > 500 million sockets |
| |
| Reported-by: ovidiu-benea@users.noreply.github.com |
| |
| Closes #1675 |
| Closes #1683 |
| |
| - checksrc: escape open brace in regex |
| |
| ... to silence warning. |
| |
| Kamil Dudka (20 Jul 2017) |
| - nss: fix a possible use-after-free in SelectClientCert() |
| |
| ... causing a SIGSEGV in showit() in case the handle used to initiate |
| the connection has already been freed. |
| |
| This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. |
| |
| Reported-by: Rob Sanders |
| Bug: https://bugzilla.redhat.com/1436158 |
| |
| - nss: unify the coding style of nss_send() and nss_recv() |
| |
| No changes in behavior intended by this commit. |
| |
| Marcel Raad (18 Jul 2017) |
| - tests/server/resolve.c: fix deprecation warning |
| |
| MSVC warns that gethostbyname is deprecated. Always use getaddrinfo |
| instead to fix this when IPv6 is enabled, also for IPv4 resolves. This |
| is also consistent with what libcurl does. |
| |
| Closes https://github.com/curl/curl/pull/1682 |
| |
| Jay Satiro (17 Jul 2017) |
| - darwinssl: fix pinnedpubkey build error |
| |
| - s/SessionHandle/Curl_easy/ |
| |
| Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 |
| Reported-by: Gisle Vanem |
| |
| Marcel Raad (16 Jul 2017) |
| - rtspd: fix GCC warning after MSVC warning fix |
| |
| Older GCC warns: |
| /tests/server/rtspd.c:1194:10: warning: missing braces around |
| initializer [-Wmissing-braces] |
| |
| Fix this by using memset instead of an initializer. |
| |
| - libtest: fix MSVC warning C4706 |
| |
| With warning level 4, MSVC warns about assignments within conditional |
| expressions. Change the while loop to a do-while loop to fix this. This |
| change is also consistent with CODE_STYLE.md. |
| |
| - sockfilt: suppress conversion warning with explicit cast |
| |
| MSVC warns when implicitly casting -1 to unsigned long. |
| |
| - rtspd: fix MSVC level 4 warning |
| |
| warning C4701: potentially uninitialized local variable 'req' used |