| _ _ ____ _ |
| ___| | | | _ \| | |
| / __| | | | |_) | | |
| | (__| |_| | _ <| |___ |
| \___|\___/|_| \_\_____| |
| |
| Changelog |
| |
| Version 7.64.1 (27 Mar 2019) |
| |
| Daniel Stenberg (27 Mar 2019) |
| - RELEASE: 7.64.1 |
| |
| - Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set" |
| |
| This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00. |
| |
| Fixes #3708 |
| |
| - [Christian Schmitz brought this change] |
| |
| ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set |
| |
| Closes #3704 |
| |
| Jay Satiro (26 Mar 2019) |
| - tool_cb_wrt: fix writing to Windows null device NUL |
| |
| - Improve console detection. |
| |
| Prior to this change WriteConsole could be called to write to a handle |
| that may not be a console, which would cause an error. This issue is |
| limited to character devices that are not also consoles such as the null |
| device NUL. |
| |
| Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724 |
| Reported-by: Gisle Vanem |
| |
| - CURLMOPT_PIPELINING.3: fix typo |
| |
| Daniel Stenberg (25 Mar 2019) |
| - TODO: config file parsing |
| |
| Closes #3698 |
| |
| Jay Satiro (24 Mar 2019) |
| - os400: Disable Alt-Svc by default since it's experimental |
| |
| Follow-up to 520f0b4 which added Alt-Svc support and enabled it by |
| default for OS400. Since the feature is experimental, it should be |
| disabled by default. |
| |
| Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332 |
| Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html |
| |
| Closes https://github.com/curl/curl/pull/3688 |
| |
| Dan Fandrich (24 Mar 2019) |
| - tests: Fixed XML validation errors in some test files. |
| |
| - tests: Fix some incorrect precheck error messages. |
| |
| [ci skip] |
| |
| Daniel Stenberg (22 Mar 2019) |
| - curl_url.3: this is not experimental anymore |
| |
| - travis: bump the used wolfSSL version to 4.0.0 |
| |
| Test 311 is now fine, leaving only 313 (CRL) disabled. |
| |
| Test 313 details can be found here: |
| https://github.com/wolfSSL/wolfssl/issues/1546 |
| |
| Closes #3697 |
| |
| Daniel Gustafsson (22 Mar 2019) |
| - lib: Fix typos in comments |
| |
| David Woodhouse (20 Mar 2019) |
| - openssl: if cert type is ENG and no key specified, key is ENG too |
| |
| Fixes #3692 |
| Closes #3692 |
| |
| Daniel Stenberg (20 Mar 2019) |
| - sectransp: tvOS 11 is required for ALPN support |
| |
| Reported-by: nianxuejie on github |
| Assisted-by: Nick Zitzmann |
| Assisted-by: Jay Satiro |
| Fixes #3689 |
| Closes #3690 |
| |
| - test1541: threaded connection sharing |
| |
| The threaded-shared-conn.c example turned into test case. Only works if |
| pthread was detected. |
| |
| An attempt to detect future regressions such as e3a53e3efb942a5 |
| |
| Closes #3687 |
| |
| Patrick Monnerat (17 Mar 2019) |
| - os400: alt-svc support. |
| |
| Although experimental, enable it in the platform config file. |
| Upgrade ILE/RPG binding. |
| |
| Daniel Stenberg (17 Mar 2019) |
| - conncache: use conn->data to know if a transfer owns it |
| |
| - make sure an already "owned" connection isn't returned unless |
| multiplexed. |
| |
| - clear ->data when returning the connection to the cache again |
| |
| Regression since 7.62.0 (probably in commit 1b76c38904f0) |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html |
| |
| Closes #3686 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Chris Young brought this change] |
| |
| configure: add --with-amissl |
| |
| AmiSSL is an Amiga native library which provides a wrapper over OpenSSL. |
| It also requires all programs using it to use bsdsocket.library |
| directly, rather than accessing socket functions through clib, which |
| libcurl was not necessarily doing previously. Configure will now check |
| for the headers and ensure they are included if found. |
| |
| Closes #3677 |
| |
| - [Chris Young brought this change] |
| |
| vtls: rename some of the SSL functions |
| |
| ... in the SSL structure as AmiSSL is using macros for the socket API |
| functions. |
| |
| - [Chris Young brought this change] |
| |
| tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr |
| |
| - [Chris Young brought this change] |
| |
| tool_operate: build on AmigaOS |
| |
| - makefile: make checksrc and hugefile commands "silent" |
| |
| ... to match the style already used for compiling, linking |
| etc. Acknowledges 'make V=1' to enable verbose. |
| |
| Closes #3681 |
| |
| - curl.1: --user and --proxy-user are hidden from ps output |
| |
| Suggested-by: Eric Curtin |
| Improved-by: Dan Fandrich |
| Ref: #3680 |
| |
| Closes #3683 |
| |
| - curl.1: mark the argument to --cookie as <data|filename> |
| |
| From a discussion in #3676 |
| |
| Suggested-by: Tim Rühsen |
| |
| Closes #3682 |
| |
| Dan Fandrich (14 Mar 2019) |
| - fuzzer: Only clone the latest fuzzer code, for speed. |
| |
| Daniel Stenberg (14 Mar 2019) |
| - [Dominik Hölzl brought this change] |
| |
| Negotiate: fix for HTTP POST with Negotiate |
| |
| * Adjusted unit tests 2056, 2057 |
| * do not generally close connections with CURLAUTH_NEGOTIATE after every request |
| * moved negotiatedata from UrlState to connectdata |
| * Added stream rewind logic for CURLAUTH_NEGOTIATE |
| * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC |
| * Consider authproblem state for CURLAUTH_NEGOTIATE |
| * Consider reuse_forbid for CURLAUTH_NEGOTIATE |
| * moved and adjusted negotiate authentication state handling from |
| output_auth_headers into Curl_output_negotiate |
| * Curl_output_negotiate: ensure auth done is always set |
| * Curl_output_negotiate: Set auth done also if result code is |
| GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may |
| also indicate the last challenge request (only works with disabled |
| Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) |
| * Consider "Persistent-Auth" header, detect if not present; |
| Reset/Cleanup negotiate after authentication if no persistent |
| authentication |
| * apply changes introduced with #2546 for negotiate rewind logic |
| |
| Fixes #1261 |
| Closes #1975 |
| |
| - [Marc Schlatter brought this change] |
| |
| http: send payload when (proxy) authentication is done |
| |
| The check that prevents payload from sending in case of authentication |
| doesn't check properly if the authentication is done or not. |
| |
| They're cases where the proxy respond "200 OK" before sending |
| authentication challenge. This change takes care of that. |
| |
| Fixes #2431 |
| Closes #3669 |
| |
| - file: fix "Checking if unsigned variable 'readcount' is less than zero." |
| |
| Pointed out by codacy |
| |
| Closes #3672 |
| |
| - memdebug: log pointer before freeing its data |
| |
| Coverity warned for two potentional "Use after free" cases. Both are false |
| positives because the memory wasn't used, it was only the actual pointer |
| value that was logged. |
| |
| The fix still changes the order of execution to avoid the warnings. |
| |
| Coverity CID 1443033 and 1443034 |
| |
| Closes #3671 |
| |
| - RELEASE-NOTES: synced |
| |
| Marcel Raad (12 Mar 2019) |
| - travis: actually use updated compiler versions |
| |
| For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the |
| new GCC versions were only used for the coverage build and for building |
| nghttp2, while the new clang version was not used at all. |
| |
| BoringSSL needs to use the default GCC as it respects CC, but not CXX, |
| so it would otherwise pass gcc 8 options to g++ 4.8 and fail. |
| |
| Also remove GCC 7, it's not needed anymore. |
| |
| Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning |
| |
| Closes https://github.com/curl/curl/pull/3670 |
| |
| - travis: update clang to version 7 |
| |
| Closes https://github.com/curl/curl/pull/3670 |
| |
| Jay Satiro (11 Mar 2019) |
| - [Andre Guibert de Bruet brought this change] |
| |
| examples/externalsocket: add missing close socket calls |
| |
| .. and for Windows also call WSACleanup since we call WSAStartup. |
| |
| The example is to demonstrate handling the socket independently of |
| libcurl. In this case libcurl is not responsible for creating, opening |
| or closing the socket, it is handled by the application (our example). |
| |
| Fixes https://github.com/curl/curl/pull/3663 |
| |
| Daniel Stenberg (11 Mar 2019) |
| - multi: removed unused code for request retries |
| |
| This code was once used for the non multi-interface using code path, but |
| ever since easy_perform was turned into a wrapper around the multi |
| interface, this code path never runs. |
| |
| Closes #3666 |
| |
| Jay Satiro (11 Mar 2019) |
| - doh: inherit some SSL options from user's easy handle |
| |
| - Inherit SSL options for the doh handle but not SSL client certs, |
| SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert, |
| SSL pinned public key, SSL ciphers, SSL id cache setting, |
| SSL kerberos or SSL gss-api settings. |
| |
| - Fix inheritance of verbose setting. |
| |
| - Inherit NOSIGNAL. |
| |
| There is no way for the user to set options for the doh (DNS-over-HTTPS) |
| handles and instead we inherit some options from the user's easy handle. |
| |
| My thinking for the SSL options not inherited is they are most likely |
| not intended by the user for the DOH transfer. I did inherit insecure |
| because I think that should still be in control of the user. |
| |
| Prior to this change doh did not work for me because CAINFO was not |
| inherited. Also verbose was set always which AFAICT was a bug (#3660). |
| |
| Fixes https://github.com/curl/curl/issues/3660 |
| Closes https://github.com/curl/curl/pull/3661 |
| |
| Daniel Stenberg (9 Mar 2019) |
| - test331: verify set-cookie for dotless host name |
| |
| Reproduced bug #3649 |
| Closes #3659 |
| |
| - Revert "cookies: extend domain checks to non psl builds" |
| |
| This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0. |
| |
| Regression shipped in 7.64.0 |
| Fixes #3649 |
| |
| - memdebug: make debug-specific functions use curl_dbg_ prefix |
| |
| To not "collide" or use up the regular curl_ name space. Also makes them |
| easier to detect in helper scripts. |
| |
| Closes #3656 |
| |
| - cmdline-opts/proxytunnel.d: the option tunnnels all protocols |
| |
| Clarify the language and simplify. |
| |
| Reported-by: Daniel Lublin |
| Closes #3658 |
| |
| - KNOWN_BUGS: Client cert (MTLS) issues with Schannel |
| |
| Closes #3145 |
| |
| - ROADMAP: updated to some more current things to work on |
| |
| - tests: fix multiple may be used uninitialized warnings |
| |
| - RELEASE-NOTES: synced |
| |
| - source: fix two 'nread' may be used uninitialized warnings |
| |
| Both seem to be false positives but we don't like warnings. |
| |
| Closes #3646 |
| |
| - gopher: remove check for path == NULL |
| |
| Since it can't be NULL and it makes Coverity believe we lack proper NULL |
| checks. Verified by test 659, landed in commit 15401fa886b. |
| |
| Pointed out by Coverity CID 1442746. |
| |
| Assisted-by: Dan Fandrich |
| Fixes #3617 |
| Closes #3642 |
| |
| - examples: only include <curl/curl.h> |
| |
| That's the only public curl header we should encourage use of. |
| |
| Reviewed-by: Marcel Raad |
| Closes #3645 |
| |
| - ssh: loop the state machine if not done and not blocking |
| |
| If the state machine isn't complete, didn't fail and it didn't return |
| due to blocking it can just as well loop again. |
| |
| This addresses the problem with SFTP directory listings where we would |
| otherwise return back to the parent and as the multi state machine |
| doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the |
| doing phase isn't complete, it would return out when in reality there |
| was more data to deal with. |
| |
| Fixes #3506 |
| Closes #3644 |
| |
| Jay Satiro (5 Mar 2019) |
| - multi: support verbose conncache closure handle |
| |
| - Change closure handle to receive verbose setting from the easy handle |
| most recently added via curl_multi_add_handle. |
| |
| The closure handle is a special easy handle used for closing cached |
| connections. It receives limited settings from the easy handle most |
| recently added to the multi handle. Prior to this change that did not |
| include verbose which was a problem because on connection shutdown |
| verbose mode was not acknowledged. |
| |
| Ref: https://github.com/curl/curl/pull/3598 |
| |
| Co-authored-by: Daniel Stenberg |
| |
| Closes https://github.com/curl/curl/pull/3618 |
| |
| Daniel Stenberg (4 Mar 2019) |
| - CURLU: fix NULL dereference when used over proxy |
| |
| Test 659 verifies |
| |
| Also fixed the test 658 name |
| |
| Closes #3641 |
| |
| - altsvc_out: check the return code from Curl_gmtime |
| |
| Pointed out by Coverity, CID 1442956. |
| |
| Closes #3640 |
| |
| - docs/ALTSVC.md: docs describing the approach |
| |
| Closes #3498 |
| |
| - alt-svc: add a travis build |
| |
| - alt-svc: add test 355 and 356 to verify with command line curl |
| |
| - alt-svc: the curl command line bits |
| |
| - alt-svc: the libcurl bits |
| |
| - travis: add build using gnutls |
| |
| Closes #3637 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Simon Legner brought this change] |
| |
| scripts/completion.pl: also generate fish completion file |
| |
| This is the renamed script formerly known as zsh.pl |
| |
| Closes #3545 |
| |
| - gnutls: remove call to deprecated gnutls_compression_get_name |
| |
| It has been deprecated by GnuTLS since a year ago and now causes build |
| warnings. |
| |
| Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f |
| Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html |
| |
| Closes #3636 |
| |
| Jay Satiro (2 Mar 2019) |
| - system_win32: move win32_init here from easy.c |
| |
| .. since system_win32 is a more appropriate location for the functions |
| and to extern the globals. |
| |
| Ref: https://github.com/curl/curl/commit/ca597ad#r32446578 |
| Reported-by: Gisle Vanem |
| |
| Closes https://github.com/curl/curl/pull/3625 |
| |
| Daniel Stenberg (1 Mar 2019) |
| - curl_easy_duphandle.3: clarify that a duped handle has no shares |
| |
| Reported-by: Sara Golemon |
| |
| Fixes #3592 |
| Closes #3634 |
| |
| - 10-at-a-time.c: fix too long line |
| |
| - [Arnaud Rebillout brought this change] |
| |
| examples: various fixes in ephiperfifo.c |
| |
| The main change here is the timer value that was wrong, it was given in |
| usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 * |
| 1000). This resulted in the callback being invoked WAY TOO OFTEN. |
| |
| As a quick check you can run this command before and after applying this |
| commit: |
| |
| # shell 1 |
| ./ephiperfifo 2>&1 | tee ephiperfifo.log |
| # shell 2 |
| echo http://hacking.elboulangero.com > hiper.fifo |
| |
| Then just compare the size of the logs files. |
| |
| Closes #3633 |
| Fixes #3632 |
| Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com> |
| |
| - urldata: simplify bytecounters |
| |
| - no need to have them protocol specific |
| |
| - no need to set pointers to them with the Curl_setup_transfer() call |
| |
| - make Curl_setup_transfer() operate on a transfer pointer, not |
| connection |
| |
| - switch some counters from long to the more proper curl_off_t type |
| |
| Closes #3627 |
| |
| - examples/10-at-a-time.c: improve readability and simplify |
| |
| - use better variable names to explain their purposes |
| - convert logic to curl_multi_wait() |
| |
| - threaded-resolver: shutdown the resolver thread without error message |
| |
| When a transfer is done, the resolver thread will be brought down. That |
| could accidentally generate an error message in the error buffer even |
| though this is not an error situationand the transfer would still return |
| OK. An application that still reads the error buffer could find a |
| "Could not resolve host: [host name]" message there and get confused. |
| |
| Reported-by: Michael Schmid |
| Fixes #3629 |
| Closes #3630 |
| |
| - [Ԝеѕ brought this change] |
| |
| docs: update max-redirs.d phrasing |
| |
| clarify redir - "in absurdum" doesn't seem to make sense in this context |
| |
| Closes #3631 |
| |
| - ssh: fix Condition '!status' is always true |
| |
| in the same sftp_done function in both SSH backends. Simplify them |
| somewhat. |
| |
| Pointed out by Codacy. |
| |
| Closes #3628 |
| |
| - test578: make it read data from the correct test |
| |
| - Curl_easy: remove req.maxfd - never used! |
| |
| Introduced in 8b6314ccfb, but not used anymore in current code. Unclear |
| since when. |
| |
| Closes #3626 |
| |
| - http: set state.infilesize when sending formposts |
| |
| Without it set, we would unwillingly triger the "HTTP error before end |
| of send, stop sending" condition even if the entire POST body had been |
| sent (since it wouldn't know the expected size) which would |
| unnecessarily log that message and close the connection when it didn't |
| have to. |
| |
| Reported-by: Matt McClure |
| Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html |
| Closes #3624 |
| |
| - INSTALL: refer to the current TLS library names and configure options |
| |
| - FAQ: minor updates and spelling fixes |
| |
| - GOVERNANCE.md: minor spelling fixes |
| |
| - Secure Transport: no more "darwinssl" |
| |
| Everyone calls it Secure Transport, now we do too. |
| |
| Reviewed-by: Nick Zitzmann |
| |
| Closes #3619 |
| |
| Marcel Raad (27 Feb 2019) |
| - AppVeyor: add classic MinGW build |
| |
| But use the MSYS2 shell rather than the default MSYS shell because of |
| POSIX path conversion issues. Classic MinGW is only available on the |
| Visual Studio 2015 image. |
| |
| Closes https://github.com/curl/curl/pull/3623 |
| |
| - AppVeyor: add MinGW-w64 build |
| |
| Add a MinGW-w64 build using CMake's MSYS Makefiles generator. |
| Use the Visual Studio 2015 image as it has GCC 8, while the |
| Visual Studio 2017 image only has GCC 7.2. |
| |
| Closes https://github.com/curl/curl/pull/3623 |
| |
| Daniel Stenberg (27 Feb 2019) |
| - cookies: only save the cookie file if the engine is enabled |
| |
| Follow-up to 8eddb8f4259. |
| |
| If the cookieinfo pointer is NULL there really is nothing to save. |
| |
| Without this fix, we got a problem when a handle was using shared object |
| with cookies and is told to "FLUSH" it to file (which worked) and then |
| the share object was removed and when the easy handle was closed just |
| afterwards it has no cookieinfo and no cookies so it decided to save an |
| empty jar (overwriting the file just flushed). |
| |
| Test 1905 now verifies that this works. |
| |
| Assisted-by: Michael Wallner |
| Assisted-by: Marcel Raad |
| |
| Closes #3621 |
| |
| - [DaVieS brought this change] |
| |
| cacertinmem.c: use multiple certificates for loading CA-chain |
| |
| Closes #3421 |
| |
| - urldata: convert bools to bitfields and move to end |
| |
| This allows the compiler to pack and align the structs better in |
| memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 |
| makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. |
| |
| Removed an unused struct field. |
| |
| No functionality changes. |
| |
| Closes #3610 |
| |
| - [Don J Olmstead brought this change] |
| |
| curl.h: use __has_declspec_attribute for shared builds |
| |
| Closes #3616 |
| |
| - curl: display --version features sorted alphabetically |
| |
| Closes #3611 |
| |
| - runtests: detect "schannel" as an alias for "winssl" |
| |
| Follow-up to 180501cb02 |
| |
| Reported-by: Marcel Raad |
| Fixes #3609 |
| Closes #3620 |
| |
| Marcel Raad (26 Feb 2019) |
| - AppVeyor: update to Visual Studio 2017 |
| |
| Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a |
| moving target anymore as the last update, Update 9, has been released. |
| |
| Closes https://github.com/curl/curl/pull/3606 |
| |
| - AppVeyor: switch VS 2015 builds to VS 2017 image |
| |
| The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed. |
| |
| Closes https://github.com/curl/curl/pull/3606 |
| |
| - AppVeyor: explicitly select worker image |
| |
| Currently, we're using the default Visual Studio 2015 image for |
| everything. |
| |
| Closes https://github.com/curl/curl/pull/3606 |
| |
| Daniel Stenberg (26 Feb 2019) |
| - strerror: make the strerror function use local buffers |
| |
| Instead of using a fixed 256 byte buffer in the connectdata struct. |
| |
| In my build, this reduces the size of the connectdata struct by 11.8%, |
| from 2160 to 1904 bytes with no functionality or performance loss. |
| |
| This also fixes a bug in schannel's Curl_verify_certificate where it |
| called Curl_sspi_strerror when it should have called Curl_strerror for |
| string from GetLastError. the only effect would have been no text or the |
| wrong text being shown for the error. |
| |
| Co-authored-by: Jay Satiro |
| |
| Closes #3612 |
| |
| - [Michael Wallner brought this change] |
| |
| cookies: fix NULL dereference if flushing cookies with no CookieInfo set |
| |
| Regression brought by a52e46f3900fb0 (shipped in 7.63.0) |
| |
| Closes #3613 |
| |
| Marcel Raad (26 Feb 2019) |
| - AppVeyor: re-enable test 500 |
| |
| It's passing now. |
| |
| Closes https://github.com/curl/curl/pull/3615 |
| |
| - AppVeyor: remove redundant builds |
| |
| Remove the Visual Studio 2012 and 2013 builds as they add little value. |
| |
| Ref: https://github.com/curl/curl/pull/3606 |
| Closes https://github.com/curl/curl/pull/3614 |
| |
| Daniel Stenberg (25 Feb 2019) |
| - RELEASE-NOTES: synced |
| |
| - [Bernd Mueller brought this change] |
| |
| OpenSSL: add support for TLS ASYNC state |
| |
| Closes #3591 |
| |
| Jay Satiro (25 Feb 2019) |
| - [Michael Felt brought this change] |
| |
| acinclude: add additional libraries to check for LDAP support |
| |
| - Add an additional check for LDAP that also checks for OpenSSL since |
| on AIX those libraries may be required to link LDAP properly. |
| |
| Fixes https://github.com/curl/curl/issues/3595 |
| Closes https://github.com/curl/curl/pull/3596 |
| |
| - [georgeok brought this change] |
| |
| schannel: support CALG_ECDH_EPHEM algorithm |
| |
| Add support for Ephemeral elliptic curve Diffie-Hellman key exchange |
| algorithm option when selecting ciphers. This became available on the |
| Win10 SDK. |
| |
| Closes https://github.com/curl/curl/pull/3608 |
| |
| Daniel Stenberg (24 Feb 2019) |
| - multi: call multi_done on connect timeouts |
| |
| Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get |
| updated correctly and could end up getting reported to the application |
| completely wrong (way too small). |
| |
| Reported-by: accountantM on github |
| Fixes #3602 |
| Closes #3605 |
| |
| - examples: remove recursive calls to curl_multi_socket_action |
| |
| From within the timer callbacks. Recursive is problematic for several |
| reasons. They should still work, but this way the examples and the |
| documentation becomes simpler. I don't think we need to encourage |
| recursive calls. |
| |
| Discussed in #3537 |
| Closes #3601 |
| |
| Marcel Raad (23 Feb 2019) |
| - configure: remove CURL_CHECK_FUNC_FDOPEN call |
| |
| The macro itself has been removed in commit |
| 11974ac859c5d82def59e837e0db56fef7f6794e. |
| |
| Closes https://github.com/curl/curl/pull/3604 |
| |
| Daniel Stenberg (23 Feb 2019) |
| - wolfssl: stop custom-adding curves |
| |
| since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in |
| wolfSSL 3.10.2 and later) it sends these curves by default already. |
| |
| Pointed-out-by: David Garske |
| |
| Closes #3599 |
| |
| - configure: remove the unused fdopen macro |
| |
| and the two remaining #ifdefs for it |
| |
| Closes #3600 |
| |
| Jay Satiro (22 Feb 2019) |
| - url: change conn shutdown order to unlink data as last step |
| |
| - Split off connection shutdown procedure from Curl_disconnect into new |
| function conn_shutdown. |
| |
| - Change the shutdown procedure to close the sockets before |
| disassociating the transfer. |
| |
| Prior to this change the sockets were closed after disassociating the |
| transfer so SOCKETFUNCTION wasn't called since the transfer was already |
| disassociated. That likely came about from recent work started in |
| Jan 2019 (#3442) to separate transfers from connections. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html |
| Reported-by: Pavel Löbl |
| |
| Closes https://github.com/curl/curl/issues/3597 |
| Closes https://github.com/curl/curl/pull/3598 |
| |
| Marcel Raad (22 Feb 2019) |
| - Fix strict-prototypes GCC warning |
| |
| As seen in the MinGW autobuilds. Caused by commit |
| f26bc29cfec0be84c67cf74065cf8e5e78fd68b7. |
| |
| Dan Fandrich (21 Feb 2019) |
| - tests: Fixed XML validation errors in some test files. |
| |
| Daniel Stenberg (20 Feb 2019) |
| - TODO: Allow SAN names in HTTP/2 server push |
| |
| Suggested-by: Nicolas Grekas |
| |
| - RELEASE-NOTES: synced |
| |
| - curl: remove MANUAL from -M output |
| |
| ... and remove it from the dist tarball. It has served its time, it |
| barely gets updated anymore and "everything curl" is now convering all |
| this document once tried to include, and does it more and better. |
| |
| In the compressed scenario, this removes ~15K data from the binary, |
| which is 25% of the -M output. |
| |
| It remains in the git repo for now for as long as the web site builds a |
| page using that as source. It renders poorly on the site (especially for |
| mobile users) so its not even good there. |
| |
| Closes #3587 |
| |
| - http2: verify :athority in push promise requests |
| |
| RFC 7540 says we should verify that the push is for an "authoritative" |
| server. We make sure of this by only allowing push with an :athority |
| header that matches the host that was asked for in the URL. |
| |
| Fixes #3577 |
| Reported-by: Nicolas Grekas |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html |
| Closes #3581 |
| |
| - singlesocket: fix the 'sincebefore' placement |
| |
| The variable wasn't properly reset within the loop and thus could remain |
| set for sockets that hadn't been set before and miss notifying the app. |
| |
| This is a follow-up to 4c35574 (shipped in curl 7.64.0) |
| |
| Reported-by: buzo-ffm on github |
| Detected-by: Jan Alexander Steffens |
| Fixes #3585 |
| Closes #3589 |
| |
| - connection: never reuse CONNECT_ONLY conections |
| |
| and make CONNECT_ONLY conections never reuse any existing ones either. |
| |
| Reported-by: Pavel Löbl |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html |
| Closes #3586 |
| |
| Patrick Monnerat (19 Feb 2019) |
| - cli tool: fix mime post with --disable-libcurl-option configure option |
| |
| Reported-by: Marcel Raad |
| Fixes #3576 |
| Closes #3583 |
| |
| Daniel Stenberg (19 Feb 2019) |
| - x509asn1: cleanup and unify code layout |
| |
| - rename 'n' to buflen in functions, and use size_t for them. Don't pass |
| in negative buffer lengths. |
| |
| - move most function comments to above the function starts like we use |
| to |
| |
| - remove several unnecessary typecasts (especially of NULL) |
| |
| Reviewed-by: Patrick Monnerat |
| Closes #3582 |
| |
| - curl_multi_remove_handle.3: use at any time, just not from within callbacks |
| |
| [ci skip] |
| |
| - http: make adding a blank header thread-safe |
| |
| Previously the function would edit the provided header in-place when a |
| semicolon is used to signify an empty header. This made it impossible to |
| use the same set of custom headers in multiple threads simultaneously. |
| |
| This approach now makes a local copy when it needs to edit the string. |
| |
| Reported-by: d912e3 on github |
| Fixes #3578 |
| Closes #3579 |
| |
| - unit1651: survive curl_easy_init() fails |
| |
| - [Frank Gevaerts brought this change] |
| |
| rand: Fix a mismatch between comments in source and header. |
| |
| Reported-by: Björn Stenberg <bjorn@haxx.se> |
| Closes #3584 |
| |
| Patrick Monnerat (18 Feb 2019) |
| - x509asn1: replace single char with an array |
| |
| Although safe in this context, using a single char as an array may |
| cause invalid accesses to adjacent memory locations. |
| |
| Detected by Coverity. |
| |
| Daniel Stenberg (18 Feb 2019) |
| - examples/http2-serverpush: add some sensible error checks |
| |
| To avoid NULL pointer dereferences etc in the case of problems. |
| |
| Closes #3580 |
| |
| Jay Satiro (18 Feb 2019) |
| - easy: fix win32 init to work without CURL_GLOBAL_WIN32 |
| |
| - Change the behavior of win32_init so that the required initialization |
| procedures are not affected by CURL_GLOBAL_WIN32 flag. |
| |
| libcurl via curl_global_init supports initializing for win32 with an |
| optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop |
| Winsock initialization. It did so internally by skipping win32_init() |
| when that flag was set. Since then win32_init() has been expanded to |
| include required initialization routines that are separate from |
| Winsock and therefore must be called in all cases. This commit fixes |
| it so that CURL_GLOBAL_WIN32 only controls the optional win32 |
| initialization (which is Winsock initialization, according to our doc). |
| |
| The only users affected by this change are those that don't pass |
| CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the |
| risk of a potential crash. |
| |
| Ref: https://github.com/curl/curl/pull/3573 |
| |
| Fixes https://github.com/curl/curl/issues/3313 |
| Closes https://github.com/curl/curl/pull/3575 |
| |
| Daniel Gustafsson (17 Feb 2019) |
| - cookie: Add support for cookie prefixes |
| |
| The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes |
| and how they should affect cookie initialization, which has been |
| adopted by the major browsers. This adds support for the two prefixes |
| defined, __Host- and __Secure, and updates the testcase with the |
| supplied examples from the draft. |
| |
| Closes #3554 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - mbedtls: release sessionid resources on error |
| |
| If mbedtls_ssl_get_session() fails, it may still have allocated |
| memory that needs to be freed to avoid leaking. Call the library |
| API function to release session resources on this errorpath as |
| well as on Curl_ssl_addsessionid() errors. |
| |
| Closes: #3574 |
| Reported-by: Michał Antoniak <M.Antoniak@posnet.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Patrick Monnerat (16 Feb 2019) |
| - cli tool: refactor encoding conversion sequence for switch case fallthrough. |
| |
| - version.c: silent scan-build even when librtmp is not enabled |
| |
| Daniel Stenberg (15 Feb 2019) |
| - RELEASE-NOTES: synced |
| |
| - Curl_now: figure out windows version in win32_init |
| |
| ... and avoid use of static variables that aren't thread safe. |
| |
| Fixes regression from e9ababd4f5a (present in the 7.64.0 release) |
| |
| Reported-by: Paul Groke |
| Fixes #3572 |
| Closes #3573 |
| |
| Marcel Raad (15 Feb 2019) |
| - unit1307: just fail without FTP support |
| |
| I missed to check this in with commit |
| 71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test. |
| This fixes the actual linker error. |
| |
| Closes https://github.com/curl/curl/pull/3568 |
| |
| Daniel Stenberg (15 Feb 2019) |
| - travis: enable valgrind for the iconv tests too |
| |
| Closes #3571 |
| |
| - travis: add scan-build |
| |
| Closes #3564 |
| |
| - examples/sftpuploadresume: Value stored to 'result' is never read |
| |
| Detected by scan-build |
| |
| - examples/http2-upload: cleaned up |
| |
| Fix scan-build warnings, no globals, no silly handle scan. Also remove |
| handles from the multi before cleaning up. |
| |
| - examples/http2-download: cleaned up |
| |
| To avoid scan-build warnings and global variables. |
| |
| - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory' |
| |
| Detected by scan-build |
| |
| - examples/httpcustomheader: Value stored to 'res' is never read |
| |
| Detected by scan-build |
| |
| - examples: remove superfluous null-pointer checks |
| |
| in ftpget, ftpsget and sftpget, so that scan-build stops warning for |
| potential NULL pointer dereference below! |
| |
| Detected by scan-build |
| |
| - strip_trailing_dot: make sure NULL is never used for strlen |
| |
| scan-build warning: Null pointer passed as an argument to a 'nonnull' |
| parameter |
| |
| - [Jay Satiro brought this change] |
| |
| connection_check: restore original conn->data after the check |
| |
| - Save the original conn->data before it's changed to the specified |
| data transfer for the connection check and then restore it afterwards. |
| |
| This is a follow-up to 38d8e1b 2019-02-11. |
| |
| History: |
| |
| It was discovered a month ago that before checking whether to extract a |
| dead connection that that connection should be associated with a "live" |
| transfer for the check (ie original conn->data ignored and set to the |
| passed in data). A fix was landed in 54b201b which did that and also |
| cleared conn->data after the check. The original conn->data was not |
| restored, so presumably it was thought that a valid conn->data was no |
| longer needed. |
| |
| Several days later it was discovered that a valid conn->data was needed |
| after the check and follow-up fix was landed in bbae24c which partially |
| reverted the original fix and attempted to limit the scope of when |
| conn->data was changed to only when pruning dead connections. In that |
| case conn->data was not cleared and the original conn->data not |
| restored. |
| |
| A month later it was discovered that the original fix was somewhat |
| correct; a "live" transfer is needed for the check in all cases |
| because original conn->data could be null which could cause a bad deref |
| at arbitrary points in the check. A fix was landed in 38d8e1b which |
| expanded the scope to all cases. conn->data was not cleared and the |
| original conn->data not restored. |
| |
| A day later it was discovered that not restoring the original conn->data |
| may lead to busy loops in applications that use the event interface, and |
| given this observation it's a pretty safe assumption that there is some |
| code path that still needs the original conn->data. This commit is the |
| follow-up fix for that, it restores the original conn->data after the |
| connection check. |
| |
| Assisted-by: tholin@users.noreply.github.com |
| Reported-by: tholin@users.noreply.github.com |
| |
| Fixes https://github.com/curl/curl/issues/3542 |
| Closes #3559 |
| |
| - memdebug: bring back curl_mark_sclose |
| |
| Used by debug builds with NSS. |
| |
| Reverted from 05b100aee247bb |
| |
| Patrick Monnerat (14 Feb 2019) |
| - transfer.c: do not compute length of undefined hex buffer. |
| |
| On non-ascii platforms, the chunked hex header was measured for char code |
| conversion length, even for chunked trailers that do not have an hex header. |
| In addition, the efective length is already known: use it. |
| Since the hex length can be zero, only convert if needed. |
| |
| Reported by valgrind. |
| |
| Daniel Stenberg (14 Feb 2019) |
| - KNOWN_BUGS: Cannot compile against a static build of OpenLDAP |
| |
| Closes #2367 |
| |
| Patrick Monnerat (14 Feb 2019) |
| - x509asn1: "Dereference of null pointer" |
| |
| Detected by scan-build (false positive). |
| |
| Daniel Stenberg (14 Feb 2019) |
| - configure: show features as well in the final summary |
| |
| Closes #3569 |
| |
| - KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10 |
| |
| Closes #2905 |
| |
| - KNOWN_BUGS: Deflate error after all content was received |
| |
| Closes #2719 |
| |
| - gssapi: fix deprecated header warnings |
| |
| Heimdal includes on FreeBSD spewed out lots of them. Less so now. |
| |
| Closes #3566 |
| |
| - TODO: Upgrade to websockets |
| |
| Closes #3523 |
| |
| - TODO: cmake test suite improvements |
| |
| Closes #3109 |
| |
| Patrick Monnerat (13 Feb 2019) |
| - curl: "Dereference of null pointer" |
| |
| Rephrase to satisfy scan-build. |
| |
| Marcel Raad (13 Feb 2019) |
| - unit1307: require FTP support |
| |
| This test doesn't link without FTP support after |
| fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch |
| unavailable without FTP support. |
| |
| Closes https://github.com/curl/curl/pull/3565 |
| |
| Daniel Stenberg (13 Feb 2019) |
| - TODO: TFO support on Windows |
| |
| Nobody works on this now. |
| |
| Closes #3378 |
| |
| - multi: Dereference of null pointer |
| |
| Mostly a false positive, but this makes the code easier to read anyway. |
| |
| Detected by scan-build. |
| |
| Closes #3563 |
| |
| - urlglob: Argument with 'nonnull' attribute passed null |
| |
| Detected by scan-build. |
| |
| Jay Satiro (12 Feb 2019) |
| - schannel: restore some debug output but only for debug builds |
| |
| Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy |
| debug output in DEBUGF but omitted a few lines. |
| |
| Ref: https://github.com/curl/curl/commit/84c10dc#r32292900 |
| |
| - examples/crawler: Fix the Accept-Encoding setting |
| |
| - Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default |
| supported encodings. |
| |
| Prior to this change the specific encodings of gzip and deflate were set |
| but there's no guarantee they'd be supported by the user's libcurl. |
| |
| Daniel Stenberg (12 Feb 2019) |
| - mime: put the boundary buffer into the curl_mime struct |
| |
| ... instead of allocating it separately and point to it. It is |
| fixed-size and always used for each part. |
| |
| Closes #3561 |
| |
| - schannel: be quiet |
| |
| Convert numerous infof() calls into debug-build only messages since they |
| are annoyingly verbose for regular applications. Removed a few. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html |
| Reported-by: Volker Schmid |
| Closes #3552 |
| |
| - [Romain Geissler brought this change] |
| |
| Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning |
| |
| Closes #3562 |
| |
| - http2: multi_connchanged() moved from multi.c, only used for h2 |
| |
| Closes #3557 |
| |
| - curl: "Function call argument is an uninitialized value" |
| |
| Follow-up to cac0e4a6ad14b42471eb |
| |
| Detected by scan-build |
| Closes #3560 |
| |
| - pretransfer: don't strlen() POSTFIELDS set for GET requests |
| |
| ... since that data won't be used in the request anyway. |
| |
| Fixes #3548 |
| Reported-by: Renaud Allard |
| Close #3549 |
| |
| - multi: remove verbose "Expire in" ... messages |
| |
| Reported-by: James Brown |
| Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html |
| Closes #3558 |
| |
| - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set |
| |
| Reported-by: MAntoniak on github |
| Fixes #3553 |
| Closes #3556 |
| |
| Daniel Gustafsson (12 Feb 2019) |
| - non-ascii.c: fix typos in comments |
| |
| Fix two occurrences of s/convers/converts/ spotted while reading code. |
| |
| Daniel Stenberg (12 Feb 2019) |
| - fnmatch: disable if FTP is disabled |
| |
| Closes #3551 |
| |
| - curl_path: only enabled for SSH builds |
| |
| - [Frank Gevaerts brought this change] |
| |
| tests: add stderr comparison to the test suite |
| |
| The code is more or less copied from the stdout comparison code, maybe |
| some better reuse is possible. |
| |
| test 1457 is adjusted to make the output actually match (by using --silent) |
| test 506 used <stderr> without actually needing it, so that <stderr> block is removed |
| |
| Closes #3536 |
| |
| Patrick Monnerat (11 Feb 2019) |
| - cli tool: do not use mime.h private structures. |
| |
| Option -F generates an intermediate representation of the mime structure |
| that is used later to create the libcurl mime structure and generate |
| the --libcurl statements. |
| |
| Reported-by: Daniel Stenberg |
| Fixes #3532 |
| Closes #3546 |
| |
| Daniel Stenberg (11 Feb 2019) |
| - curlver: bump to 7.64.1-dev |
| |
| - RELEASE-NOTES: synced |
| |
| and bump the version in progress to 7.64.1. If we merge any "change" |
| before the cut-off date, we update again. |
| |
| Daniel Gustafsson (11 Feb 2019) |
| - curl: follow-up to 3f16990ec84 |
| |
| Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was |
| inadvertently introducing a new bug in the ternary expression. |
| |
| Close #3555 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - dns: release sharelock as soon as possible |
| |
| There is no benefit to holding the data sharelock when freeing the |
| addrinfo in case it fails, so ensure releaseing it as soon as we can |
| rather than holding on to it. This also aligns the code with other |
| consumers of sharelocks. |
| |
| Closes #3516 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (11 Feb 2019) |
| - curl: follow-up to b49652ac66cc0 |
| |
| On FreeBSD, return non-zero on error otherwise zero. |
| |
| Reported-by: Marcel Raad |
| |
| - multi: (void)-prefix when ignoring return values |
| |
| ... and added braces to two function calls which fixes warnings if they |
| are replace by empty macros at build-time. |
| |
| - curl: fix FreeBSD compiler warning in the --xattr code |
| |
| Closes #3550 |
| |
| - connection_check: set ->data to the transfer doing the check |
| |
| The http2 code for connection checking needs a transfer to use. Make |
| sure a working one is set before handler->connection_check() is called. |
| |
| Reported-by: jnbr on github |
| Fixes #3541 |
| Closes #3547 |
| |
| - hostip: make create_hostcache_id avoid alloc + free |
| |
| Closes #3544 |
| |
| - scripts/singleuse: script to use to track single-use functions |
| |
| That is functions that are declared global but are not used from outside |
| of the file in which it is declared. Such functions should be made |
| static or even at times be removed. |
| |
| It also verifies that all used curl_ prefixed functions are "blessed" |
| |
| Closes #3538 |
| |
| - cleanup: make local functions static |
| |
| urlapi: turn three local-only functions into statics |
| |
| conncache: make conncache_find_first_connection static |
| |
| multi: make detach_connnection static |
| |
| connect: make getaddressinfo static |
| |
| curl_ntlm_core: make hmac_md5 static |
| |
| http2: make two functions static |
| |
| http: make http_setup_conn static |
| |
| connect: make tcpnodelay static |
| |
| tests: make UNITTEST a thing to mark functions with, so they can be static for |
| normal builds and non-static for unit test builds |
| |
| ... and mark Curl_shuffle_addr accordingly. |
| |
| url: make up_free static |
| |
| setopt: make vsetopt static |
| |
| curl_endian: make write32_le static |
| |
| rtsp: make rtsp_connisdead static |
| |
| warnless: remove unused functions |
| |
| memdebug: remove one unused function, made another static |
| |
| Dan Fandrich (10 Feb 2019) |
| - cirrus: Added FreeBSD builds using Cirrus CI. |
| |
| The build logs will be at https://cirrus-ci.com/github/curl/curl |
| |
| Some tests are currently failing and so disabled for now. The SSH server |
| isn't starting for the SSH tests due to unsupported options used in its |
| config file. The DICT server also is failing on startup. |
| |
| Daniel Stenberg (9 Feb 2019) |
| - url/idnconvert: remove scan for <= 32 ascii values |
| |
| The check was added back in fa939220df before the URL parser would catch |
| these problems and therefore these will never trigger now. |
| |
| Closes #3539 |
| |
| - urlapi: reduce variable scope, remove unreachable 'break' |
| |
| Both nits pointed out by codacy.com |
| |
| Closes #3540 |
| |
| Alessandro Ghedini (7 Feb 2019) |
| - zsh.pl: escape ':' character |
| |
| ':' is interpreted as separator by zsh, so if used as part of the argument |
| or option's description it needs to be escaped. |
| |
| The problem can be reproduced as follows: |
| |
| % curl --reso<TAB> |
| % curl -E <TAB> |
| |
| Bug: https://bugs.debian.org/921452 |
| |
| - zsh.pl: update regex to better match curl -h output |
| |
| The current regex fails to match '<...>' arguments properly (e.g. those |
| with spaces in them), which causes an completion script with wrong |
| descriptions for some options. |
| |
| Here's a diff of the generated completion script, comparing the previous |
| version to the one with this fix: |
| |
| --- /usr/share/zsh/vendor-completions/_curl 2019-01-15 20:47:40.000000000 +0000 |
| +++ _curl 2019-02-05 20:57:29.453349040 +0000 |
| @@ -9,48 +9,48 @@ |
| |
| _arguments -C -S \ |
| --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \ |
| + --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \ |
| {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \ |
| {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \ |
| {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \ |
| --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \ |
| - --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \ |
| + --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \ |
| {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \ |
| --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \ |
| --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \ |
| - --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \ |
| --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \ |
| --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \ |
| - --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \ |
| - --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \ |
| + --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \ |
| --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \ |
| --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \ |
| + --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \ |
| --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \ |
| + --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \ |
| {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \ |
| --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \ |
| --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \ |
| - --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \ |
| + --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \ |
| --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \ |
| --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \ |
| - --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \ |
| {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \ |
| --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \ |
| --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \ |
| {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \ |
| - --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \ |
| - --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \ |
| - {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \ |
| - --location-trusted'[--location, and send auth to other hosts]':'Like' \ |
| + --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \ |
| --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \ |
| {-O,--remote-name}'[Write output to a file named as the remote file]' \ |
| + --retry-connrefused'[Retry on connection refused (use with --retry)]' \ |
| + --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \ |
| --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \ |
| --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \ |
| --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \ |
| {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \ |
| + {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \ |
| {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \ |
| --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \ |
| --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \ |
| - --ignore-content-length'[the size of the remote resource]':'Ignore' \ |
| {-k,--insecure}'[Allow insecure server connections when using SSL]' \ |
| + --location-trusted'[Like --location, and send auth to other hosts]' \ |
| --mail-auth'[Originator address of the original email]':'<address>' \ |
| --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \ |
| --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \ |
| @@ -62,18 +62,19 @@ |
| --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \ |
| --cacert'[CA certificate to verify peer against]':'<file>':_files \ |
| {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \ |
| + --ignore-content-length'[Ignore the size of the remote resource]' \ |
| {-i,--include}'[Include protocol response headers in the output]' \ |
| --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \ |
| --unix-socket'[Connect through this Unix domain socket]':'<path>' \ |
| {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \ |
| - --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \ |
| {-o,--output}'[Write to file instead of stdout]':'<file>':_files \ |
| - {-J,--remote-header-name}'[the header-provided filename]':'Use' \ |
| + --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \ |
| --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \ |
| {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \ |
| {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \ |
| --capath'[CA directory to verify peer against]':'<dir>':_files \ |
| {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \ |
| + --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \ |
| --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \ |
| {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \ |
| --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \ |
| @@ -81,52 +82,49 @@ |
| {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \ |
| --egd-file'[EGD socket path for random data]':'<file>':_files \ |
| --fail-early'[Fail on first transfer error, do not continue]' \ |
| - --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \ |
| - --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \ |
| + {-J,--remote-header-name}'[Use the header-provided filename]' \ |
| --retry-max-time'[Retry only within this period]':'<seconds>' \ |
| --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \ |
| --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \ |
| - --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \ |
| - --ssl-allow-beast'[security flaw to improve interop]':'Allow' \ |
| --cert-status'[Verify the status of the server certificate]' \ |
| - --ftp-create-dirs'[the remote dirs if not present]':'Create' \ |
| {-:,--next}'[Make next URL use its separate set of options]' \ |
| --proxy-key-type'[Private key file type for proxy]':'<type>' \ |
| - --remote-name-all'[the remote file name for all URLs]':'Use' \ |
| {-X,--request}'[Specify request command to use]':'<command>' \ |
| --retry'[Retry request if transient problems occur]':'<num>' \ |
| - --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \ |
| --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \ |
| --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \ |
| --create-dirs'[Create necessary local directory hierarchy]' \ |
| + --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \ |
| --max-redirs'[Maximum number of redirects allowed]':'<num>' \ |
| {-n,--netrc}'[Must read .netrc for user name and password]' \ |
| + {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \ |
| --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \ |
| --sasl-ir'[Enable initial response in SASL authentication]' \ |
| - --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \ |
| + --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \ |
| + --ssl-allow-beast'[Allow security flaw to improve interop]' \ |
| + --ftp-create-dirs'[Create the remote dirs if not present]' \ |
| --interface'[Use network INTERFACE (or address)]':'<name>' \ |
| --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \ |
| --netrc-file'[Specify FILE for netrc]':'<filename>':_files \ |
| {-N,--no-buffer}'[Disable buffering of the output stream]' \ |
| --proxy-service-name'[SPNEGO proxy service name]':'<name>' \ |
| - --styled-output'[styled output for HTTP headers]':'Enable' \ |
| + --remote-name-all'[Use the remote file name for all URLs]' \ |
| + --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \ |
| --max-filesize'[Maximum file size to download]':'<bytes>' \ |
| --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \ |
| --no-keepalive'[Disable TCP keepalive on the connection]' \ |
| {-#,--progress-bar}'[Display transfer progress as a bar]' \ |
| - {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \ |
| - --proxy-anyauth'[any proxy authentication method]':'Pick' \ |
| {-Q,--quote}'[Send command(s) to server before transfer]' \ |
| - --request-target'[the target for this request]':'Specify' \ |
| + --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \ |
| {-u,--user}'[Server user and password]':'<user:password>' \ |
| {-K,--config}'[Read config from a file]':'<file>':_files \ |
| {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \ |
| --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \ |
| - --disallow-username-in-url'[username in url]':'Disallow' \ |
| --krb'[Enable Kerberos with security <level>]':'<level>' \ |
| --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \ |
| --proxy-digest'[Use Digest authentication on the proxy]' \ |
| --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \ |
| + --styled-output'[Enable styled output for HTTP headers]' \ |
| {-b,--cookie}'[Send cookies from string/file]':'<data>' \ |
| --data-urlencode'[HTTP POST data url encoded]':'<data>' \ |
| --delegation'[GSS-API delegation permission]':'<LEVEL>' \ |
| @@ -134,7 +132,10 @@ |
| --post301'[Do not switch to GET after following a 301]' \ |
| --post302'[Do not switch to GET after following a 302]' \ |
| --post303'[Do not switch to GET after following a 303]' \ |
| + --proxy-anyauth'[Pick any proxy authentication method]' \ |
| + --request-target'[Specify the target for this request]' \ |
| --trace-time'[Add time stamps to trace/verbose output]' \ |
| + --disallow-username-in-url'[Disallow username in url]' \ |
| --dns-servers'[DNS server addrs to use]':'<addresses>' \ |
| {-G,--get}'[Put the post data in the URL and use GET]' \ |
| --limit-rate'[Limit transfer speed to RATE]':'<speed>' \ |
| @@ -148,21 +149,21 @@ |
| --metalink'[Process given URLs as metalink XML file]' \ |
| --tr-encoding'[Request compressed transfer encoding]' \ |
| --xattr'[Store metadata in extended file attributes]' \ |
| - --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \ |
| --pass'[Pass phrase for the private key]':'<phrase>' \ |
| --proxy-ntlm'[Use NTLM authentication on the proxy]' \ |
| {-S,--show-error}'[Show error even when -s is used]' \ |
| - --ciphers'[of ciphers> SSL ciphers to use]':'<list' \ |
| + --ciphers'[SSL ciphers to use]':'<list of ciphers>' \ |
| --form-string'[Specify multipart MIME data]':'<name=string>' \ |
| --login-options'[Server login options]':'<options>' \ |
| --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \ |
| - --tftp-no-options'[not send any TFTP options]':'Do' \ |
| {-v,--verbose}'[Make the operation more talkative]' \ |
| + --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \ |
| --proxy-key'[Private key for HTTPS proxy]':'<key>' \ |
| {-F,--form}'[Specify multipart MIME data]':'<name=content>' \ |
| --mail-from'[Mail from this address]':'<address>' \ |
| --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \ |
| --proto'[Enable/disable PROTOCOLS]':'<protocols>' \ |
| + --tftp-no-options'[Do not send any TFTP options]' \ |
| --tlsauthtype'[TLS authentication type]':'<type>' \ |
| --doh-url'[Resolve host names over DOH]':'<URL>' \ |
| --no-sessionid'[Disable SSL session-ID reusing]' \ |
| @@ -173,14 +174,13 @@ |
| --ftp-ssl-ccc'[Send CCC after authenticating]' \ |
| {-4,--ipv4}'[Resolve names to IPv4 addresses]' \ |
| {-6,--ipv6}'[Resolve names to IPv6 addresses]' \ |
| - --netrc-optional'[either .netrc or URL]':'Use' \ |
| --service-name'[SPNEGO service name]':'<name>' \ |
| {-V,--version}'[Show version number and quit]' \ |
| --data-ascii'[HTTP POST ASCII data]':'<data>' \ |
| --ftp-account'[Account data string]':'<data>' \ |
| - --compressed-ssh'[SSH compression]':'Enable' \ |
| --disable-eprt'[Inhibit using EPRT or LPRT]' \ |
| --ftp-method'[Control CWD usage]':'<method>' \ |
| + --netrc-optional'[Use either .netrc or URL]' \ |
| --pubkey'[SSH Public key file name]':'<key>' \ |
| --raw'[Do HTTP "raw"; no transfer decoding]' \ |
| --anyauth'[Pick any authentication method]' \ |
| @@ -189,6 +189,7 @@ |
| --no-alpn'[Disable the ALPN TLS extension]' \ |
| --tcp-nodelay'[Use the TCP_NODELAY option]' \ |
| {-B,--use-ascii}'[Use ASCII/text transfer]' \ |
| + --compressed-ssh'[Enable SSH compression]' \ |
| --digest'[Use HTTP Digest Authentication]' \ |
| --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \ |
| --engine'[Crypto engine to use]':'<name>' \ |
| |
| Marcel Raad (7 Feb 2019) |
| - tool_operate: fix typecheck warning |
| |
| Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning: |
| tool_operate.c: In function 'operate_do': |
| ../include/curl/typecheck-gcc.h:47:9: error: call to |
| '_curl_easy_setopt_err_long' declared with attribute warning: |
| curl_easy_setopt expects a long argument for this option [-Werror] |
| |
| Closes https://github.com/curl/curl/pull/3534 |
| |
| Jay Satiro (6 Feb 2019) |
| - [Chris Araman brought this change] |
| |
| url: close TLS before removing conn from cache |
| |
| - Fix potential crashes in schannel shutdown. |
| |
| Ensure any TLS shutdown messages are sent before removing the |
| association between the connection and the easy handle. Reverts |
| @bagder's previous partial fix for #3412. |
| |
| Fixes https://github.com/curl/curl/issues/3412 |
| Fixes https://github.com/curl/curl/issues/3505 |
| Closes https://github.com/curl/curl/pull/3531 |
| |
| Daniel Gustafsson (6 Feb 2019) |
| - INTERNALS.md: fix subsection depth and link |
| |
| The Kerberos subsection was mistakenly a subsubsection under FTP, and |
| the curlx subsection was missing an anchor for the TOC link. |
| |
| Closes #3529 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Version 7.64.0 (6 Feb 2019) |
| |
| Daniel Stenberg (6 Feb 2019) |
| - RELEASE-NOTES: 7.64.0 |
| |
| - RELEASE-PROCEDURE: update the release calendar |
| |
| - THANKS: 7.64.0 status |
| |
| Daniel Gustafsson (5 Feb 2019) |
| - ROADMAP: remove already performed item |
| |
| Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support |
| for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while |
| the entry was removed from the TODO it was mistakenly left here. |
| Fix by removing and rewording the entry slightly. |
| |
| Closes #3530 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - [Etienne Simard brought this change] |
| |
| CONTRIBUTE.md: Fix grammatical errors |
| |
| Fix grammatical errors making the document read better. Also fixes |
| a typo. |
| |
| Closes #3525 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (4 Feb 2019) |
| - [Julian Z brought this change] |
| |
| docs: use $(INSTALL_DATA) to install man page |
| |
| Fixes #3518 |
| Closes #3522 |
| |
| Jay Satiro (4 Feb 2019) |
| - [Ladar Levison brought this change] |
| |
| runtests.pl: Fix perl call to include srcdir |
| |
| - Use explicit include opt for perl calls. |
| |
| Prior to this change some scripts couldn't find their dependencies. |
| |
| At the top, perl is called using with the "-Isrcdir" option, and it |
| works: |
| |
| https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183 |
| |
| But on line 3868, that option is omitted. This caused problems for me, |
| as the symbol-scan.pl script in particular couldn't find its |
| dependencies properly: |
| |
| https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868 |
| |
| This patch fixes that oversight by making calls to perl sub-shells |
| uniform. |
| |
| Closes https://github.com/curl/curl/pull/3496 |
| |
| Daniel Stenberg (4 Feb 2019) |
| - [Daniel Gustafsson brought this change] |
| |
| smtp: avoid risk of buffer overflow in strtol |
| |
| If the incoming len 5, but the buffer does not have a termination |
| after 5 bytes, the strtol() call may keep reading through the line |
| buffer until is exceeds its boundary. Fix by ensuring that we are |
| using a bounded read with a temporary buffer on the stack. |
| |
| Bug: https://curl.haxx.se/docs/CVE-2019-3823.html |
| Reported-by: Brian Carpenter (Geeknik Labs) |
| CVE-2019-3823 |
| |
| - ntlm: fix *_type3_message size check to avoid buffer overflow |
| |
| Bug: https://curl.haxx.se/docs/CVE-2019-3822.html |
| Reported-by: Wenxiang Qian |
| CVE-2019-3822 |
| |
| - NTLM: fix size check condition for type2 received data |
| |
| Bug: https://curl.haxx.se/docs/CVE-2018-16890.html |
| Reported-by: Wenxiang Qian |
| CVE-2018-16890 |
| |
| Marcel Raad (1 Feb 2019) |
| - [georgeok brought this change] |
| |
| spnego_sspi: add support for channel binding |
| |
| Attempt to add support for Secure Channel binding when negotiate |
| authentication is used. The problem to solve is that by default IIS |
| accepts channel binding and curl doesn't utilise them. The result was a |
| 401 response. Scope affects only the Schannel(winssl)-SSPI combination. |
| |
| Fixes https://github.com/curl/curl/issues/3503 |
| Closes https://github.com/curl/curl/pull/3509 |
| |
| Daniel Stenberg (1 Feb 2019) |
| - RELEASE-NOTES: synced |
| |
| - schannel: stop calling it "winssl" |
| |
| Stick to "Schannel" everywhere. The configure option --with-winssl is |
| kept to allow existing builds to work but --with-schannel is added as an |
| alias. |
| |
| Closes #3504 |
| |
| - multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time |
| |
| To make sure Curl_timeleft() also thinks the timeout has been reached |
| when one of the EXPIRE_*TIMEOUTs expires. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html |
| Reported-by: Zhao Yisha |
| Closes #3501 |
| |
| - [John Marshall brought this change] |
| |
| doc: use meaningless port number in CURLOPT_LOCALPORT example |
| |
| Use an ephemeral port number here; previously the example had 8080 |
| which could be confusing as the common web server port number might |
| be misinterpreted as suggesting this option affects the remote port. |
| |
| URL: https://curl.haxx.se/mail/lib-2019-01/0084.html |
| Closes #3513 |
| |
| GitHub (29 Jan 2019) |
| - [Gisle Vanem brought this change] |
| |
| Escape the '\' |
| |
| A backslash should be escaped in Roff / Troff. |
| |
| Jay Satiro (29 Jan 2019) |
| - TODO: WinSSL: 'Add option to disable client cert auto-send' |
| |
| By default WinSSL selects and send a client certificate automatically, |
| but for privacy and consistency we should offer an option to disable the |
| default auto-send behavior. |
| |
| Reported-by: Jeroen Ooms |
| |
| Closes https://github.com/curl/curl/issues/2262 |
| |
| Daniel Stenberg (28 Jan 2019) |
| - [Jeremie Rapin brought this change] |
| |
| sigpipe: if mbedTLS is used, ignore SIGPIPE |
| |
| mbedTLS doesn't have a sigpipe management. If a write/read occurs when |
| the remote closes the socket, the signal is raised and kills the |
| application. Use the curl mecanisms fix this behavior. |
| |
| Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com> |
| |
| Closes #3502 |
| |
| - unit1653: make it survive torture tests |
| |
| Jay Satiro (28 Jan 2019) |
| - [Michael Kujawa brought this change] |
| |
| timeval: Disable MSVC Analyzer GetTickCount warning |
| |
| Compiling with msvc /analyze and a recent Windows SDK warns against |
| using GetTickCount (Suggests to use GetTickCount64 instead.) |
| |
| Since GetTickCount is only being used when GetTickCount64 isn't |
| available, I am disabling that warning. |
| |
| Fixes https://github.com/curl/curl/issues/3437 |
| Closes https://github.com/curl/curl/pull/3440 |
| |
| Daniel Stenberg (26 Jan 2019) |
| - configure: rewrite --enable-code-coverage |
| |
| The previously used ax_code_coverage.m4 is not license compatible and |
| must not be used. |
| |
| Reported-by: William A. Rowe Jr |
| Fixes #3497 |
| Closes #3499 |
| |
| - [Felix Hädicke brought this change] |
| |
| setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh |
| |
| CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for |
| libssh as well. So accepting these options only when compiling with |
| libssh2 is wrong here. |
| |
| Fixes #3493 |
| Closes #3494 |
| |
| - [Felix Hädicke brought this change] |
| |
| libssh: do not let libssh create socket |
| |
| By default, libssh creates a new socket, instead of using the socket |
| created by curl for SSH connections. |
| |
| Pass the socket created by curl to libssh using ssh_options_set() with |
| SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket |
| instead of creating a new one. |
| |
| This approach is very similar to what is done in the libssh2 code, where |
| the socket created by curl is passed to libssh2 when |
| libssh2_session_startup() is called. |
| |
| Fixes #3491 |
| Closes #3495 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Archangel_SDY brought this change] |
| |
| schannel: preserve original certificate path parameter |
| |
| Fixes #3480 |
| Closes #3487 |
| |
| - KNOWN_BUGS: tests not compatible with python3 |
| |
| Closes #3289 |
| [skip ci] |
| |
| Daniel Gustafsson (20 Jan 2019) |
| - memcmp: avoid doing single char memcmp |
| |
| There is no real gain in performing memcmp() comparisons on single |
| characters, so change these to array subscript inspections which |
| saves a call and makes the code clearer. |
| |
| Closes #3486 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| |
| Daniel Stenberg (19 Jan 2019) |
| - COPYING: it's 2019 |
| |
| [skip ci] |
| |
| - [hhb brought this change] |
| |
| configure: fix recv/send/select detection on Android |
| |
| This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9. |
| |
| The overloadable attribute is removed again starting from |
| NDK17. Actually they only exist in two NDK versions (15 and 16). With |
| overloadable, the first condition tried will succeed. Results in wrong |
| detection result. |
| |
| Closes #3484 |
| |
| Marcel Raad (19 Jan 2019) |
| - [georgeok brought this change] |
| |
| ntlm_sspi: add support for channel binding |
| |
| Windows extended potection (aka ssl channel binding) is required |
| to login to ntlm IIS endpoint, otherwise the server returns 401 |
| responses. |
| |
| Fixes #3280 |
| Closes #3321 |
| |
| Daniel Stenberg (18 Jan 2019) |
| - schannel: on connection close there might not be a transfer |
| |
| Reported-by: Marcel Raad |
| Fixes #3412 |
| Closes #3483 |
| |
| - [Joel Depooter brought this change] |
| |
| ssh: log the libssh2 error message when ssh session startup fails |
| |
| When a ssh session startup fails, it is useful to know why it has |
| failed. This commit changes the message from: |
| "Failure establishing ssh session" |
| to something like this, for example: |
| "Failure establishing ssh session: -5, Unable to exchange encryption keys" |
| |
| Closes #3481 |
| |
| Alessandro Ghedini (16 Jan 2019) |
| - Fix typo in manpage |
| |
| Daniel Stenberg (16 Jan 2019) |
| - RELEASE-NOTES: synced |
| |
| Sergei Nikulov (16 Jan 2019) |
| - cmake: updated check for HAVE_POLL_FINE to match autotools |
| |
| Daniel Stenberg (16 Jan 2019) |
| - curl-compilers.m4: check for __ibmxl__ to detect xlclang |
| |
| Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a |
| particular flag is used for legacy macros. |
| |
| Fixes #3474 |
| Closes #3479 |
| |
| - openssl: fix the SSL_get_tlsext_status_ocsp_resp call |
| |
| .... to not pass in a const in the second argument as that's not how it |
| is supposed to be used and might cause compiler warnings. |
| |
| Reported-by: Pavel Pavlov |
| Fixes #3477 |
| Closes #3478 |
| |
| - curl-compilers.m4: detect xlclang |
| |
| Since it isn't totally clang compatible, we detect this IBM clang |
| front-end and if detected, avoids some clang specific magic. |
| |
| Reported-by: Kees Dekker |
| Fixes #3474 |
| Closes #3476 |
| |
| - README: add codacy code quality badge |
| |
| [skip ci] |
| |
| - extract_if_dead: follow-up to 54b201b48c90a |
| |
| extract_if_dead() dead is called from two functions, and only one of |
| them should get conn->data updated and now neither call path clears it. |
| |
| scan-build found a case where conn->data would be NULL dereferenced in |
| ConnectionExists() otherwise. |
| |
| Closes #3473 |
| |
| - multi: remove "Dead assignment" |
| |
| Found by scan-build. Follow-up to 4c35574bb785ce. |
| |
| Closes #3471 |
| |
| - tests: move objnames-* from lib into tests |
| |
| Since they're used purely for testing purposes, I think they should |
| rather be stored there. |
| |
| Closes #3470 |
| |
| Sergei Nikulov (15 Jan 2019) |
| - travis: added cmake build for osx |
| |
| Daniel Stenberg (14 Jan 2019) |
| - [Frank Gevaerts brought this change] |
| |
| cookie: fix comment typo (url_path_len -> uri_path_len) |
| |
| Closes #3469 |
| |
| Marcel Raad (14 Jan 2019) |
| - winbuild: conditionally use /DZLIB_WINAPI |
| |
| zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have |
| the ZLIB_WINAPI define set by default. Using them requires that define |
| too. |
| |
| Ref: https://zlib.net/DLL_FAQ.txt |
| |
| Fixes https://github.com/curl/curl/issues/3133 |
| Closes https://github.com/curl/curl/pull/3460 |
| |
| Daniel Stenberg (14 Jan 2019) |
| - src/Makefile: make 'tidy' target work for metalink builds |
| |
| - extract_if_dead: use a known working transfer when checking connections |
| |
| Make sure that this function sets a proper "live" transfer for the |
| connection before calling the protocol-specific connection check |
| function, and then clear it again afterward as a non-used connection has |
| no current transfer. |
| |
| Reported-by: Jeroen Ooms |
| Reviewed-by: Marcel Raad |
| Reviewed-by: Daniel Gustafsson |
| Fixes #3463 |
| Closes #3464 |
| |
| - openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated |
| |
| OpenSSL_version() replaces OpenSSL_version_num() |
| |
| Closes #3462 |
| |
| Sergei Nikulov (11 Jan 2019) |
| - cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC |
| |
| Daniel Stenberg (11 Jan 2019) |
| - urldata: rename easy_conn to just conn |
| |
| We use "conn" everywhere to be a pointer to the connection. |
| |
| Introduces two functions that "attaches" and "detaches" the connection |
| to and from the transfer. |
| |
| Going forward, we should favour using "data->conn" (since a transfer |
| always only has a single connection or none at all) to "conn->data" |
| (since a connection can have none, one or many transfers associated with |
| it and updating conn->data to be correct is error prone and a frequent |
| reason for internal issues). |
| |
| Closes #3442 |
| |
| - tool_cb_prg: avoid integer overflow |
| |
| When calculating the progress bar width. |
| |
| Reported-by: Peng Li |
| Fixes #3456 |
| Closes #3458 |
| |
| Daniel Gustafsson (11 Jan 2019) |
| - travis: turn off copyright year checks in checksrc |
| |
| Invoking the maintainer intended COPYRIGHTYEAR check for everyone |
| in the PR pipeline is too invasive, especially at the turn of the |
| year when many files get affected. Remove and leave it as a tool |
| for maintainers to verify patches before commits. |
| |
| This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41. |
| |
| After discussion with: Daniel Stenberg |
| |
| Daniel Stenberg (10 Jan 2019) |
| - KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW |
| |
| Closes #3125 |
| |
| - KNOWN_BUGS: Improve --data-urlencode space encoding |
| |
| Closes #3229 |
| |
| Patrick Monnerat (10 Jan 2019) |
| - os400: add a missing closing bracket |
| |
| See https://github.com/curl/curl/issues/3453#issuecomment-453054458 |
| |
| Reported-by: jonrumsey on github |
| |
| - os400: fix extra parameter syntax error. |
| |
| Reported-by: jonrumsey on github |
| Closes #3453 |
| |
| Daniel Stenberg (10 Jan 2019) |
| - test1558: verify CURLINFO_PROTOCOL on file:// transfer |
| |
| Attempt to reproduce issue #3444. |
| |
| Closes #3447 |
| |
| - RELEASE-NOTES: synced |
| |
| - xattr: strip credentials from any URL that is stored |
| |
| Both user and password are cleared uncondtitionally. |
| |
| Added unit test 1621 to verify. |
| |
| Fixes #3423 |
| Closes #3433 |
| |
| - cookies: allow secure override when done over HTTPS |
| |
| Added test 1562 to verify. |
| |
| Reported-by: Jeroen Ooms |
| Fixes #3445 |
| Closes #3450 |
| |
| - multi: multiplexing improvements |
| |
| Fixes #3436 |
| Closes #3448 |
| |
| Problem 1 |
| |
| After LOTS of scratching my head, I eventually realized that even when doing |
| 10 uploads in parallel, sometimes the socket callback to the application that |
| tells it what to wait for on the socket, looked like it would reflect the |
| status of just the single transfer that just changed state. |
| |
| Digging into the code revealed that this was indeed the truth. When multiple |
| transfers are using the same connection, the application did not correctly get |
| the *combined* flags for all transfers which then could make it switch to READ |
| (only) when in fact most transfers wanted to get told when the socket was |
| WRITEABLE. |
| |
| Problem 1b |
| |
| A separate but related regression had also been introduced by me when I |
| cleared connection/transfer association better a while ago, as now the logic |
| couldn't find the connection and see if that was marked as used by more |
| transfers and then it would also prematurely remove the socket from the socket |
| hash table even in times other transfers were still using it! |
| |
| Fix 1 |
| |
| Make sure that each socket stored in the socket hash has a "combined" action |
| field of what to ask the application to wait for, that is potentially the ORed |
| action of multiple parallel transfers. And remove that socket hash entry only |
| if there are no transfers left using it. |
| |
| Problem 2 |
| |
| The socket hash entry stored an association to a single transfer using that |
| socket - and when curl_multi_socket_action() was called to tell libcurl about |
| activities on that specific socket only that transfer was "handled". |
| |
| This was WRONG, as a single socket/connection can be used by numerous parallel |
| transfers and not necessarily a single one. |
| |
| Fix 2 |
| |
| We now store a list of handles in the socket hashtable entry and when libcurl |
| is told there's traffic for a particular socket, it now iterates over all |
| known transfers using that single socket. |
| |
| - test1561: improve test name |
| |
| [skip ci] |
| |
| - [Katsuhiko YOSHIDA brought this change] |
| |
| cookies: skip custom cookies when redirecting cross-site |
| |
| Closes #3417 |
| |
| - THANKS: fixups and a dedupe |
| |
| [skip ci] |
| |
| - timediff: fix math for unsigned time_t |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html |
| |
| Closes #3449 |
| |
| - [Bernhard M. Wiedemann brought this change] |
| |
| tests: allow tests to pass by 2037-02-12 |
| |
| similar to commit f508d29f3902104018 |
| |
| Closes #3443 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Brad Spencer brought this change] |
| |
| curl_multi_remove_handle() don't block terminating c-ares requests |
| |
| Added Curl_resolver_kill() for all three resolver modes, which only |
| blocks when necessary, along with test 1592 to confirm |
| curl_multi_remove_handle() doesn't block unless it must. |
| |
| Closes #3428 |
| Fixes #3371 |
| |
| - Revert "http_negotiate: do not close connection until negotiation is completed" |
| |
| This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47. |
| |
| This also reopens PR #3275 which brought the change now reverted. |
| |
| Fixes #3384 |
| Closes #3439 |
| |
| - curl/urlapi.h: include "curl.h" first |
| |
| This allows programs to include curl/urlapi.h directly. |
| |
| Reviewed-by: Daniel Gustafsson |
| Reported-by: Ben Kohler |
| Fixes #3438 |
| Closes #3441 |
| |
| Marcel Raad (6 Jan 2019) |
| - VS projects: fix build warning |
| |
| Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like |
| the MinimalRebuild option anymore and warns: |
| |
| cl : Command line warning D9035: option 'Gm' has been deprecated and |
| will be removed in a future release |
| |
| The option can be safely removed so that the default is used. |
| |
| Closes https://github.com/curl/curl/pull/3425 |
| |
| - schannel: fix compiler warning |
| |
| When building with Unicode on MSVC, the compiler warns about freeing a |
| pointer to const in Curl_unicodefree. Fix this by declaring it as |
| non-const and casting the argument to Curl_convert_UTF8_to_tchar to |
| non-const too, like we do in all other places. |
| |
| Closes https://github.com/curl/curl/pull/3435 |
| |
| Daniel Stenberg (4 Jan 2019) |
| - [Rikard Falkeborn brought this change] |
| |
| printf: introduce CURL_FORMAT_TIMEDIFF_T |
| |
| - [Rikard Falkeborn brought this change] |
| |
| printf: fix format specifiers |
| |
| Closes #3426 |
| |
| - libtest/stub_gssapi: use "real" snprintf |
| |
| ... since it doesn't link with libcurl. |
| |
| Reverts the commit dcd6f81025 changes from this file. |
| |
| Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html |
| Reported-by: Shlomi Fish |
| Reviewed-by: Daniel Gustafsson |
| Reviewed-by: Kamil Dudka |
| |
| Closes #3434 |
| |
| - INTERNALS: correct some outdated function names |
| |
| Closes #3431 |
| |
| - docs/version.d: mention MultiSSL |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #3432 |
| |
| Daniel Gustafsson (2 Jan 2019) |
| - [Rikard Falkeborn brought this change] |
| |
| examples: Update .gitignore |
| |
| Add a few missing examples to make `make examples` not leave the |
| workspace in a dirty state. |
| |
| Closes #3427 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| - THANKS: add more missing names |
| |
| Add Adrian Burcea who made the artwork for the curl://up 2018 event |
| which was held in Stockholm, Sweden. |
| |
| - docs: mention potential leak in curl_slist_append |
| |
| When a non-empty list is appended to, and used as the returnvalue, |
| the list pointer can leak in case of an allocation failure in the |
| curl_slist_append() call. This is correctly handled in curl code |
| usage but we weren't explicitly pointing it out in the API call |
| documentation. Fix by extending the RETURNVALUE manpage section |
| and example code. |
| |
| Closes #3424 |
| Reported-by: dnivras on github |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marcel Raad (1 Jan 2019) |
| - tvnow: silence conversion warnings |
| |
| MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is |
| used and the milliseconds are represented as unsigned long long, |
| leading to a compiler warning when implicitly converting them to long. |
| |
| Daniel Stenberg (1 Jan 2019) |
| - THANKS: dedupe more names |
| |
| Researched-by: Tae Wong |
| |
| Marcel Raad (1 Jan 2019) |
| - [Markus Moeller brought this change] |
| |
| ntlm: update selection of type 3 response |
| |
| NTLM2 did not work i.e. no NTLMv2 response was created. Changing the |
| check seems to work. |
| |
| Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf |
| |
| Fixes https://github.com/curl/curl/issues/3286 |
| Closes https://github.com/curl/curl/pull/3287 |
| Closes https://github.com/curl/curl/pull/3415 |
| |
| Daniel Stenberg (31 Dec 2018) |
| - THANKS: added missing names from year <= 2000 |
| |
| Due to a report of a missing name in THANKS I manually went through an |
| old CHANGES.0 file and added many previously missing names here. |
| |
| Daniel Gustafsson (30 Dec 2018) |
| - urlapi: fix parsing ipv6 with zone index |
| |
| The previous fix for parsing IPv6 URLs with a zone index was a paddle |
| short for URLs without an explicit port. This patch fixes that case |
| and adds a unit test case. |
| |
| This bug was highlighted by issue #3408, and while it's not the full |
| fix for the problem there it is an isolated bug that should be fixed |
| regardless. |
| |
| Closes #3411 |
| Reported-by: GitYuanQu on github |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (30 Dec 2018) |
| - THANKS: dedupe Guenter Knauf |
| |
| Reported-by: Tae Wong |
| |
| - THANKS: missing name from the 6.3.1 release! |
| |
| Daniel Gustafsson (27 Dec 2018) |
| - RELEASE-NOTES: synced |
| |
| - [Claes Jakobsson brought this change] |
| |
| hostip: support wildcard hosts |
| |
| This adds support for wildcard hosts in CURLOPT_RESOLVE. These are |
| try-last so any non-wildcard entry is resolved first. If specified, |
| any host not matched by another CURLOPT_RESOLVE config will use this |
| as fallback. |
| |
| Example send a.com to 10.0.0.1 and everything else to 10.0.0.2: |
| curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \ |
| https://a.com https://b.com |
| |
| This is probably quite similar to using: |
| --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443 |
| |
| Closes #3406 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - url: fix incorrect indentation |
| |
| Patrick Monnerat (26 Dec 2018) |
| - os400: upgrade ILE/RPG binding. |
| |
| - Trailer function support. |
| - http 0.9 option. |
| - curl_easy_upkeep. |
| |
| Daniel Gustafsson (25 Dec 2018) |
| - FAQ: remove mention of sourceforge for github |
| |
| The project bug tracker is no longer hosted at sourceforge but is now |
| hosted on the curl Github page. Update the FAQ to reflect. |
| |
| Closes #3410 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - openvms: fix typos in documentation |
| |
| - openvms: fix OpenSSL discovery on VAX |
| |
| The DCL code had a typo in one of the commands which would make the |
| OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT. |
| |
| Closes #3407 |
| Reviewed-by: Viktor Szakats <commit@vszakats.net> |
| |
| Daniel Stenberg (24 Dec 2018) |
| - [Ruslan Baratov brought this change] |
| |
| cmake: use lowercase for function name like the rest of the code |
| |
| Reviewed-by: Sergei Nikulov |
| |
| closes #3196 |
| |
| - Revert "libssh: no data pointer == nothing to do" |
| |
| This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the |
| problem in a more generic way. |
| |
| - disconnect: set conn->data for protocol disconnect |
| |
| Follow-up to fb445a1e18d: Set conn->data explicitly to point out the |
| current transfer when invoking the protocol-specific disconnect function |
| so that it can work correctly. |
| |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173 |
| |
| Jay Satiro (23 Dec 2018) |
| - [Pavel Pavlov brought this change] |
| |
| timeval: Use high resolution timestamps on Windows |
| |
| - Use QueryPerformanceCounter on Windows Vista+ |
| |
| There is confusing info floating around that QueryPerformanceCounter |
| can leap etc, which might have been true long time ago, but no longer |
| the case nowadays (perhaps starting from WinXP?). Also, boost and |
| std::chrono::steady_clock use QueryPerformanceCounter in a similar way. |
| |
| Prior to this change GetTickCount or GetTickCount64 was used, which has |
| lower resolution. That is still the case for <= XP. |
| |
| Fixes https://github.com/curl/curl/issues/3309 |
| Closes https://github.com/curl/curl/pull/3318 |
| |
| Daniel Stenberg (22 Dec 2018) |
| - libssh: no data pointer == nothing to do |
| |
| - conncache_unlock: avoid indirection by changing input argument type |
| |
| - disconnect: separate connections and easy handles better |
| |
| Do not assume/store assocation between a given easy handle and the |
| connection if it can be avoided. |
| |
| Long-term, the 'conn->data' pointer should probably be removed as it is a |
| little too error-prone. Still used very widely though. |
| |
| Reported-by: masbug on github |
| Fixes #3391 |
| Closes #3400 |
| |
| - libssh: free sftp_canonicalize_path() data correctly |
| |
| Assisted-by: Harry Sintonen |
| |
| Fixes #3402 |
| Closes #3403 |
| |
| - RELEASE-NOTES: synced |
| |
| - http: added options for allowing HTTP/0.9 responses |
| |
| Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. |
| |
| For now, both the tool and library allow HTTP/0.9 by default. |
| docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 |
| months after the 7.64.0 release. The options are added already now so |
| that applications/scripts can start using them already now. |
| |
| Fixes #2873 |
| Closes #3383 |
| |
| - if2ip: remove unused function Curl_if_is_interface_name |
| |
| Closes #3401 |
| |
| - http2: clear pause stream id if it gets closed |
| |
| Reported-by: Florian Pritz |
| |
| Fixes #3392 |
| Closes #3399 |
| |
| Daniel Gustafsson (20 Dec 2018) |
| - [David Garske brought this change] |
| |
| wolfssl: Perform cleanup |
| |
| This adds a cleanup callback for cyassl. Resolves possible memory leak |
| when using ECC fixed point cache. |
| |
| Closes #3395 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| |
| Daniel Stenberg (20 Dec 2018) |
| - mbedtls: follow-up VERIFYHOST fix from f097669248 |
| |
| Fix-by: Eric Rosenquist |
| |
| Fixes #3376 |
| Closes #3390 |
| |
| - curlver: bump to 7.64.0 for next release |
| |
| Daniel Gustafsson (19 Dec 2018) |
| - cookies: extend domain checks to non psl builds |
| |
| Ensure to perform the checks we have to enforce a sane domain in |
| the cookie request. The check for non-PSL enabled builds is quite |
| basic but it's better than nothing. |
| |
| Closes #2964 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (19 Dec 2018) |
| - [Matus Uzak brought this change] |
| |
| smb: fix incorrect path in request if connection reused |
| |
| Follow-up to 09e401e01bf9. If connection gets reused, then data member |
| will be copied, but not the proto member. As a result, in smb_do(), |
| path has been set from the original proto.share data. |
| |
| Closes #3388 |
| |
| - curl -J: do not append to the destination file |
| |
| Reported-by: Kamil Dudka |
| Fixes #3380 |
| Closes #3381 |
| |
| - mbedtls: use VERIFYHOST |
| |
| Previously, VERIFYPEER would enable/disable all checks. |
| |
| Reported-by: Eric Rosenquist |
| Fixes #3376 |
| Closes #3380 |
| |
| - pingpong: change default response timeout to 120 seconds |
| |
| Previously it was 30 minutes |
| |
| - pingpong: ignore regular timeout in disconnect phase |
| |
| The timeout set with CURLOPT_TIMEOUT is no longer used when |
| disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP, |
| POP3). |
| |
| Reported-by: jasal82 on github |
| |
| Fixes #3264 |
| Closes #3374 |
| |
| - TODO: Windows: set attribute 'archive' for completed downloads |
| |
| Closes #3354 |
| |
| - RELEASE-NOTES: synced |
| |
| - http: minor whitespace cleanup from f464535b |
| |
| - [Ayoub Boudhar brought this change] |
| |
| http: Implement trailing headers for chunked transfers |
| |
| This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION |
| options that allow a callback based approach to sending trailing headers |
| with chunked transfers. |
| |
| The test server (sws) was updated to take into account the detection of the |
| end of transfer in the case of trailing headers presence. |
| |
| Test 1591 checks that trailing headers can be sent using libcurl. |
| |
| Closes #3350 |
| |
| - darwinssl: accept setting max-tls with default min-tls |
| |
| Reported-by: Andrei Neculau |
| Fixes #3367 |
| Closes #3373 |
| |
| - gopher: fix memory leak from 9026083ddb2a9 |
| |
| - [Leonardo Taccari brought this change] |
| |
| test1201: Add a trailing `?' to the selector |
| |
| This verify that the `?' in the selector is kept as is. |
| |
| Verifies the fix in #3370 |
| |
| - [Leonardo Taccari brought this change] |
| |
| gopher: always include the entire gopher-path in request |
| |
| After the migration to URL API all octets in the selector after the |
| first `?' were interpreted as query and accidentally discarded and not |
| passed to the server. |
| |
| Add a gopherpath to always concatenate possible path and query URL |
| pieces. |
| |
| Fixes #3369 |
| Closes #3370 |
| |
| - [Leonardo Taccari brought this change] |
| |
| urlapi: distinguish possibly empty query |
| |
| If just a `?' to indicate the query is passed always store a zero length |
| query instead of having a NULL query. |
| |
| This permits to distinguish URL with trailing `?'. |
| |
| Fixes #3369 |
| Closes #3370 |
| |
| Daniel Gustafsson (13 Dec 2018) |
| - OS400: handle memory error in list conversion |
| |
| Curl_slist_append_nodup() returns NULL when it fails to create a new |
| item for the specified list, and since the coding here reassigned the |
| new list on top of the old list it would result in a dangling pointer |
| and lost memory. Also, in case we hit an allocation failure at some |
| point during the conversion, with allocation succeeding again on the |
| subsequent call(s) we will return a truncated list around the malloc |
| failure point. Fix by assigning to a temporary list pointer, which can |
| be checked (which is the common pattern for slist appending), and free |
| all the resources on allocation failure. |
| |
| Closes #3372 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - cookies: leave secure cookies alone |
| |
| Only allow secure origins to be able to write cookies with the |
| 'secure' flag set. This reduces the risk of non-secure origins |
| to influence the state of secure origins. This implements IETF |
| Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates |
| RFC6265. |
| |
| Closes #2956 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (13 Dec 2018) |
| - docs: fix the --tls-max description |
| |
| Reported-by: Tobias Lindgren |
| Pointed out in #3367 |
| |
| Closes #3368 |
| |
| Daniel Gustafsson (12 Dec 2018) |
| - urlapi: Fix port parsing of eol colon |
| |
| A URL with a single colon without a portnumber should use the default |
| port, discarding the colon. Fix, add a testcase and also do little bit |
| of comment wordsmithing. |
| |
| Closes #3365 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Version 7.63.0 (12 Dec 2018) |
| |
| Daniel Stenberg (12 Dec 2018) |
| - RELEASE-NOTES: 7.63.0 |
| |
| - THANKS: from the curl 7.62.0 cycle |
| |
| - test1519: use lib1518 and test CURLINFO_REDIRECT_URL more |
| |
| - Curl_follow: extract the Location: header field unvalidated |
| |
| ... when not actually following the redirect. Otherwise we return error |
| for this and an application can't extract the value. |
| |
| Test 1518 added to verify. |
| |
| Reported-by: Pavel Pavlov |
| Fixes #3340 |
| Closes #3364 |
| |
| - multi: convert two timeout variables to timediff_t |
| |
| The time_t type is unsigned on some systems and these variables are used |
| to hold return values from functions that return timediff_t |
| already. timediff_t is always a signed type. |
| |
| Closes #3363 |
| |
| - delta: use --diff-filter on the git diff-tree invokes |
| |
| Suggested-by: Dave Reisner |
| |
| Patrick Monnerat (11 Dec 2018) |
| - documentation: curl_formadd field and file names are now escaped |
| |
| Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition |
| header without special processing: this may lead to invalid RFC 822 |
| quoted-strings. |
| 7.56.0 introduces escaping of backslashes and double quotes in these names: |
| mention it in the documentation. |
| |
| Reported-by: daboul on github |
| Closes #3361 |
| |
| Daniel Stenberg (11 Dec 2018) |
| - scripts/delta: show repo delta info from last release |
| |
| ... where "last release" should be the git tag in the repo. |
| |
| Daniel Gustafsson (11 Dec 2018) |
| - tests: add urlapi unittest |
| |
| This adds a new unittest intended to cover the internal functions in |
| the urlapi code, starting with parse_port(). In order to avoid name |
| collisions in debug builds, parse_port() is renamed Curl_parse_port() |
| since it will be exported. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| - urlapi: fix portnumber parsing for ipv6 zone index |
| |
| An IPv6 URL which contains a zone index includes a '%%25<zode id>' |
| string before the ending ']' bracket. The parsing logic wasn't set |
| up to cope with the zone index however, resulting in a malformed url |
| error being returned. Fix by breaking the parsing into two stages |
| to correctly handle the zone index. |
| |
| Closes #3355 |
| Closes #3319 |
| Reported-by: tonystz on Github |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Daniel Stenberg (11 Dec 2018) |
| - [Jay Satiro brought this change] |
| |
| http: fix HTTP auth to include query in URI |
| |
| - Include query in the path passed to generate HTTP auth. |
| |
| Recent changes to use the URL API internally (46e1640, 7.62.0) |
| inadvertently broke authentication URIs by omitting the query. |
| |
| Fixes https://github.com/curl/curl/issues/3353 |
| Closes #3356 |
| |
| - [Michael Kaufmann brought this change] |
| |
| http: don't set CURLINFO_CONDITION_UNMET for http status code 204 |
| |
| The http status code 204 (No Content) should not change the "condition |
| unmet" flag. Only the http status code 304 (Not Modified) should do |
| this. |
| |
| Closes #359 |
| |
| - [Samuel Surtees brought this change] |
| |
| ldap: fix LDAP URL parsing regressions |
| |
| - Match URL scheme with LDAP and LDAPS |
| - Retrieve attributes, scope and filter from URL query instead |
| |
| Regression brought in 46e164069d1a5230 (7.62.0) |
| |
| Closes #3362 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Stefan Kanthak brought this change] |
| |
| (lib)curl.rc: fixup for minor bugs |
| |
| All resources defined in lib/libcurl.rc and curl.rc are language |
| neutral. |
| |
| winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the |
| ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong. |
| |
| Replace the hard-coded constants in both *.rc files with #define'd |
| values. |
| |
| Thumbs-uped-by: Rod Widdowson, Johannes Schindelin |
| URL: https://curl.haxx.se/mail/lib-2018-11/0000.html |
| Closes #3348 |
| |
| - test329: verify cookie max-age=0 immediate expiry |
| |
| - cookies: expire "Max-Age=0" immediately |
| |
| Reported-by: Jeroen Ooms |
| Fixes #3351 |
| Closes #3352 |
| |
| - [Johannes Schindelin brought this change] |
| |
| Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 |
| |
| This is a companion patch to cbea2fd2c (NTLM: force the connection to |
| HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1 |
| preemptively. However, with other (Negotiate) authentication it is not |
| clear to this developer whether there is a way to make it work with |
| HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the |
| error HTTP_1_1_REQUIRED. |
| |
| Note: we will still keep the NTLM workaround, as it avoids an extra |
| round trip. |
| |
| Daniel Stenberg helped a lot with this patch, in particular by |
| suggesting to introduce the Curl_h2_http_1_1_error() function. |
| |
| Closes #3349 |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Ben Greear brought this change] |
| |
| openssl: fix unused variable compiler warning with old openssl |
| |
| URL: https://curl.haxx.se/mail/lib-2018-11/0055.html |
| |
| Closes #3347 |
| |
| - [Johannes Schindelin brought this change] |
| |
| NTLM: force the connection to HTTP/1.1 |
| |
| Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces |
| the capability. However, NTLM authentication only works with HTTP/1.1, |
| and will likely remain in that boat (for details, see |
| https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). |
| |
| When we just found out that we want to use NTLM, and when the current |
| connection runs in HTTP/2 mode, let's force the connection to be closed |
| and to be re-opened using HTTP/1.1. |
| |
| Fixes https://github.com/curl/curl/issues/3341. |
| Closes #3345 |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| - [Johannes Schindelin brought this change] |
| |
| curl_global_sslset(): id == -1 is not necessarily an error |
| |
| It is allowed to call that function with id set to -1, specifying the |
| backend by the name instead. We should imitate what is done further down |
| in that function to allow for that. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| Closes #3346 |
| |
| Johannes Schindelin (6 Dec 2018) |
| - .gitattributes: make tabs in indentation a visible error |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| Daniel Stenberg (6 Dec 2018) |
| - RELEASE-NOTES: synced |
| |
| - doh: fix memory leak in OOM situation |
| |
| Reviewed-by: Daniel Gustafsson |
| Closes #3342 |
| |
| - doh: make it work for h2-disabled builds too |
| |
| Reported-by: dtmsecurity at github |
| Fixes #3325 |
| Closes #3336 |
| |
| - packages: remove old leftover files and dirs |
| |
| This subdir has mostly become an attic of never-used cruft from the |
| past. |
| |
| Closes #3331 |
| |
| - [Gergely Nagy brought this change] |
| |
| openssl: do not use file BIOs if not requested |
| |
| Moves the file handling BIO calls to the branch of the code where they |
| are actually used. |
| |
| Closes #3339 |
| |
| - [Paul Howarth brought this change] |
| |
| nss: Fix compatibility with nss versions 3.14 to 3.15 |
| |
| - [Paul Howarth brought this change] |
| |
| nss: Improve info message when falling back SSL protocol |
| |
| Use descriptive text strings rather than decimal numbers. |
| |
| - [Paul Howarth brought this change] |
| |
| nss: Fall back to latest supported SSL version |
| |
| NSS may be built without support for the latest SSL/TLS versions, |
| leading to "SSL version range is not valid" errors when the library |
| code supports a recent version (e.g. TLS v1.3) but it has explicitly |
| been disabled. |
| |
| This change adjusts the maximum SSL version requested by libcurl to |
| be the maximum supported version at runtime, as long as that version |
| is at least as high as the minimum version required by libcurl. |
| |
| Fixes #3261 |
| |
| Daniel Gustafsson (3 Dec 2018) |
| - travis: enable COPYRIGHTYEAR extended warning |
| |
| The extended warning for checking incorrect COPYRIGHTYEAR is quite |
| expensive to run, so rather than expecting every developer to do it |
| we ensure it's turned on locally for Travis. |
| |
| - checksrc: add COPYRIGHTYEAR check |
| |
| Forgetting to bump the year in the copyright clause when hacking has |
| been quite common among curl developers, but a traditional checksrc |
| check isn't a good fit as it would penalize anyone hacking on January |
| 1st (among other things). This adds a more selective COPYRIGHTYEAR |
| check which intends to only cover the currently hacked on changeset. |
| |
| The check for updated copyright year is currently not enforced on all |
| files but only on files edited and/or committed locally. This is due to |
| the amount of files which aren't updated with their correct copyright |
| year at the time of their respective commit. |
| |
| To further avoid running this expensive check for every developer, it |
| adds a new local override mode for checksrc where a .checksrc file can |
| be used to turn on extended warnings locally. |
| |
| Closes #3303 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (3 Dec 2018) |
| - CHECKSRC.md: document more warnings |
| |
| Closes #3335 |
| [ci skip] |
| |
| - RELEASE-NOTES: synced |
| |
| - SECURITY-PROCESS: bountygraph shuts down |
| |
| This backpedals back the documents to the state before bountygraph. |
| |
| Closes #3311 |
| |
| - curl: fix memory leak reading --writeout from file |
| |
| If another string had been set first, the writout function for reading |
| the syntax from file would leak the previously allocated memory. |
| |
| Reported-by: Brian Carpenter |
| Fixes #3322 |
| Closes #3330 |
| |
| - tool_main: rename function to make it unique and better |
| |
| ... there's already another function in the curl tool named |
| free_config_fields! |
| |
| Daniel Gustafsson (29 Nov 2018) |
| - TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry |
| |
| Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option |
| making it a manual code-edit operation to turn it back on. The removal |
| process has thus started and is now documented in docs/DEPRECATE.md so |
| remove from the TODO to avoid anyone looking for something to pick up |
| spend cycles on an already in-progress entry. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Jay Satiro (29 Nov 2018) |
| - [Sevan Janiyan brought this change] |
| |
| connect: fix building for recent versions of Minix |
| |
| EBADIOCTL doesn't exist on more recent Minix. |
| There have also been substantial changes to the network stack. |
| Fixes build on Minix 3.4rc |
| |
| Closes https://github.com/curl/curl/pull/3323 |
| |
| - [Konstantin Kushnir brought this change] |
| |
| CMake: fix MIT/Heimdal Kerberos detection |
| |
| - fix syntax error in FindGSS.cmake |
| - correct krb5 include directory. FindGSS exports |
| "GSS_INCLUDE_DIR" variable. |
| |
| Closes https://github.com/curl/curl/pull/3316 |
| |
| Daniel Stenberg (28 Nov 2018) |
| - test328: verify Content-Encoding: none |
| |
| Because of issue #3315 |
| |
| Closes #3317 |
| |
| - [James Knight brought this change] |
| |
| configure: include all libraries in ssl-libs fetch |
| |
| When compiling a collection of SSL libraries to link against (SSL_LIBS), |
| ensure all libraries are included. The call `--libs-only-l` can produce |
| only a subset of found in a `--libs` call (e.x. pthread may be excluded). |
| Adding `--libs-only-other` ensures other libraries are also included in |
| the list. This corrects select build environments compiling against a |
| static version of OpenSSL. Before the change, the following could be |
| observed: |
| |
| checking for openssl options with pkg-config... found |
| configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl " |
| configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " |
| configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " |
| checking for HMAC_Update in -lcrypto... no |
| checking for HMAC_Init_ex in -lcrypto... no |
| checking OpenSSL linking with -ldl... no |
| checking OpenSSL linking with -ldl and -lpthread... no |
| configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more. |
| configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this. |
| ... |
| SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} ) |
| ... |
| |
| And include the other libraries when compiling SSL_LIBS succeeds with: |
| |
| checking for openssl options with pkg-config... found |
| configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread " |
| configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " |
| configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " |
| checking for HMAC_Update in -lcrypto... yes |
| checking for SSL_connect in -lssl... yes |
| ... |
| SSL support: enabled (OpenSSL) |
| ... |
| |
| Signed-off-by: James Knight <james.d.knight@live.com> |
| Closes #3193 |
| |
| Daniel Gustafsson (26 Nov 2018) |
| - doh: fix typo in infof call |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - cmdline-opts/gen.pl: define the correct varname |
| |
| The variable definition had a small typo making it declare another |
| variable then the intended. |
| |
| Closes #3304 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (25 Nov 2018) |
| - RELEASE-NOTES: synced |
| |
| - curl_easy_perform: fix timeout handling |
| |
| curl_multi_wait() was erroneously used from within |
| curl_easy_perform(). It could lead to it believing there was no socket |
| to wait for and then instead sleep for a while instead of monitoring the |
| socket and then miss acting on that activity as swiftly as it should |
| (causing an up to 1000 ms delay). |
| |
| Reported-by: Antoni Villalonga |
| Fixes #3305 |
| Closes #3306 |
| Closes #3308 |
| |
| - CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times |
| |
| - cookies: create the cookiejar even if no cookies to save |
| |
| Important for when the file is going to be read again and thus must not |
| contain old contents! |
| |
| Adds test 327 to verify. |
| |
| Reported-by: daboul on github |
| Fixes #3299 |
| Closes #3300 |
| |
| - checksrc: ban snprintf use, add command line flag to override warns |
| |
| - snprintf: renamed and we now only use msnprintf() |
| |
| The function does not return the same value as snprintf() normally does, |
| so readers may be mislead into thinking the code works differently than |
| it actually does. A different function name makes this easier to detect. |
| |
| Reported-by: Tomas Hoger |
| Assisted-by: Daniel Gustafsson |
| Fixes #3296 |
| Closes #3297 |
| |
| - [Tobias Hintze brought this change] |
| |
| test: update test20/1322 for eglibc bug workaround |
| |
| The tests 20 and 1322 are using getaddrinfo of libc for resolving. In |
| eglibc-2.19 there is a memory leakage and invalid free bug which |
| surfaces in some special circumstances (PF_UNSPEC hint with invalid or |
| non-existent names). The valgrind runs in testing fail in these |
| situations. |
| |
| As the tests 20/1322 are not specific on either protocol (IPv4/IPv6) |
| this commit changes the hints to IPv4 protocol by passing `--ipv4` flag |
| on the tests' command line. This prevents the valgrind failures. |
| |
| - [Tobias Hintze brought this change] |
| |
| host names: allow trailing dot in name resolve, then strip it |
| |
| Delays stripping of trailing dots to after resolving the hostname. |
| |
| Fixes #3022 |
| Closes #3222 |
| |
| - [UnknownShadow200 brought this change] |
| |
| CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description |
| |
| Closes #3295 |
| |
| Daniel Gustafsson (21 Nov 2018) |
| - configure: Fix typo in comment |
| |
| Michael Kaufmann (21 Nov 2018) |
| - openssl: support session resume with TLS 1.3 |
| |
| Session resumption information is not available immediately after a TLS 1.3 |
| handshake. The client must wait until the server has sent a session ticket. |
| |
| Use OpenSSL's "new session" callback to get the session information and put it |
| into curl's session cache. For TLS 1.3 sessions, this callback will be invoked |
| after the server has sent a session ticket. |
| |
| The "new session" callback is invoked only if OpenSSL's session cache is |
| enabled, so enable it and use the "external storage" mode which lets curl manage |
| the contents of the session cache. |
| |
| A pointer to the connection data and the sockindex are now saved as "SSL extra |
| data" to make them available to the callback. |
| |
| This approach also works for old SSL/TLS versions and old OpenSSL versions. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Fixes #3202 |
| Closes #3271 |
| |
| - ssl: fix compilation with OpenSSL 0.9.7 |
| |
| - ENGINE_cleanup() was used without including "openssl/engine.h" |
| - enable engine support for OpenSSL 0.9.7 |
| |
| Closes #3266 |
| |
| Daniel Stenberg (21 Nov 2018) |
| - openssl: disable TLS renegotiation with BoringSSL |
| |
| Since we're close to feature freeze, this change disables this feature |
| with an #ifdef. Define ALLOW_RENEG at build-time to enable. |
| |
| This could be converted to a bit for CURLOPT_SSL_OPTIONS to let |
| applications opt-in this. |
| |
| Concern-raised-by: David Benjamin |
| Fixes #3283 |
| Closes #3293 |
| |
| - [Romain Fliedel brought this change] |
| |
| ares: remove fd from multi fd set when ares is about to close the fd |
| |
| When using c-ares for asyn dns, the dns socket fd was silently closed |
| by c-ares without curl being aware. curl would then 'realize' the fd |
| has been removed at next call of Curl_resolver_getsock, and only then |
| notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with |
| CURL_POLL_REMOVE. At this point the fd is already closed. |
| |
| By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this |
| patch allows curl to be notified that the fd is not longer needed |
| for neither for write nor read. At this point by calling |
| Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE |
| before the fd is actually closed by ares. |
| |
| In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore |
| since it does not allow passing a different sock_state_cb_data |
| |
| Closes #3238 |
| |
| - [Romain Fliedel brought this change] |
| |
| examples/ephiperfifo: report error when epoll_ctl fails |
| |
| Daniel Gustafsson (20 Nov 2018) |
| - [pkubaj brought this change] |
| |
| ntlm: Remove redundant ifdef USE_OPENSSL |
| |
| lib/curl_ntlm.c had code that read as follows: |
| |
| #ifdef USE_OPENSSL |
| # ifdef USE_OPENSSL |
| # else |
| # .. |
| # endif |
| #endif |
| |
| Remove the redundant USE_OPENSSL along with #else (it's not possible to |
| reach it anyway). The removed construction is a leftover from when the |
| SSLeay support was removed. |
| |
| Closes #3269 |
| Reviewed-by: Daniel Gustafsson <daniel@yesql.se> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (20 Nov 2018) |
| - [Han Han brought this change] |
| |
| ssl: replace all internal uses of CURLE_SSL_CACERT |
| |
| Closes #3291 |
| |
| Han Han (19 Nov 2018) |
| - docs: add more description to unified ssl error codes |
| |
| - curle: move deprecated error code to ifndef block |
| |
| Patrick Monnerat (19 Nov 2018) |
| - os400: add CURLOPT_CURLU to ILE/RPG binding. |
| |
| - os400: Add curl_easy_conn_upkeep() to ILE/RPG binding. |
| |
| - os400: fix return type of curl_easy_pause() in ILE/RPG binding. |
| |
| Daniel Stenberg (19 Nov 2018) |
| - RELEASE-NOTES: synced |
| |
| - impacket: add LICENSE |
| |
| The license for the impacket package was not in our tree. |
| |
| Imported now from upstream's |
| https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE |
| |
| Reported-by: infinnovation-dev on github |
| Fixes #3276 |
| Closes #3277 |
| |
| Daniel Gustafsson (18 Nov 2018) |
| - tool_doswin: Fix uninitialized field warning |
| |
| The partial struct initialization in 397664a065abffb7c3445ca9 caused |
| a warning on uninitialized MODULEENTRY32 struct members: |
| |
| /src/tool_doswin.c:681:3: warning: missing initializer for field |
| 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}' |
| [-Wmissing-field-initializers] |
| |
| This is sort of a bogus warning as the remaining members will be set |
| to zero by the compiler, as all omitted members are. Nevertheless, |
| remove the warning by omitting all members and setting the dwSize |
| members explicitly. |
| |
| Closes #3254 |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| |
| - openssl: Remove SSLEAY leftovers |
| |
| Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't |
| compatible with the SSLeay library. This removes the few leftovers that |
| were omitted in the less frequently used platform targets. |
| |
| Closes #3270 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (16 Nov 2018) |
| - [Elia Tufarolo brought this change] |
| |
| http_negotiate: do not close connection until negotiation is completed |
| |
| Fix HTTP POST using CURLAUTH_NEGOTIATE. |
| |
| Closes #3275 |
| |
| - pop3: only do APOP with a valid timestamp |
| |
| Brought-by: bobmitchell1956 on github |
| Fixes #3278 |
| Closes #3279 |
| |
| Jay Satiro (16 Nov 2018) |
| - [Peter Wu brought this change] |
| |
| openssl: do not log excess "TLS app data" lines for TLS 1.3 |
| |
| The SSL_CTX_set_msg_callback callback is not just called for the |
| Handshake or Alert protocols, but also for the raw record header |
| (SSL3_RT_HEADER) and the decrypted inner record type |
| (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid |
| excess debug spam when using `curl -v` against a TLSv1.3-enabled server: |
| |
| * TLSv1.3 (IN), TLS app data, [no content] (0): |
| |
| (Following this message, another callback for the decrypted |
| handshake/alert messages will be be present anyway.) |
| |
| Closes https://github.com/curl/curl/pull/3281 |
| |
| Marc Hoersken (15 Nov 2018) |
| - tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows |
| |
| SO_EXCLUSIVEADDRUSE is on by default on Vista or newer, |
| but does not work together with SO_REUSEADDR being on. |
| |
| The default changes were made with stunnel 5.34 and 5.35. |
| |
| Daniel Stenberg (13 Nov 2018) |
| - [Kamil Dudka brought this change] |
| |
| nss: remove version selecting dead code |
| |
| Closes #3262 |
| |
| - nss: set default max-tls to 1.3/1.2 |
| |
| Fixes #3261 |
| |
| Daniel Gustafsson (13 Nov 2018) |
| - tool_cb_wrt: Silence function cast compiler warning |
| |
| Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new |
| compiler warning on Windows cross compilation with GCC. See below |
| for an example of the warning from the autobuild logs (whitespace |
| edited to fit): |
| |
| /src/tool_cb_wrt.c:175:9: warning: cast from function call of type |
| 'intptr_t {aka long long int}' to non-matching type 'void *' |
| [-Wbad-function-cast] |
| (HANDLE) _get_osfhandle(fileno(outs->stream)), |
| ^ |
| |
| Store the return value from _get_osfhandle() in an intermediate |
| variable and cast the variable in WriteConsoleW() rather than the |
| function call directly to avoid a compiler warning. |
| |
| In passing, also add inspection of the MultiByteToWideChar() return |
| value and return failure in case an error is reported. |
| |
| Closes #3263 |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| Reviewed-by: Viktor Szakats <commit@vszakats.net> |
| |
| Daniel Stenberg (12 Nov 2018) |
| - nss: fix fallthrough comment to fix picky compiler warning |
| |
| - docs: expanded on some CURLU details |
| |
| - [Tim Rühsen brought this change] |
| |
| ftp: avoid two unsigned int overflows in FTP listing parser |
| |
| Curl_ftp_parselist: avoid unsigned integer overflows |
| |
| The overflow has no real world impact, just avoid it for "best |
| practice". |
| |
| Closes #3225 |
| |
| - curl: --local-port range was not "including" |
| |
| The end port number in a given range was not included in the range used, |
| as it is documented to be. |
| |
| Reported-by: infinnovation-dev on github |
| Fixes #3251 |
| Closes #3255 |
| |
| - [Jérémy Rocher brought this change] |
| |
| openssl: support BoringSSL TLS renegotiation |
| |
| As per BoringSSL porting documentation [1], BoringSSL rejects peer |
| renegotiations by default. |
| |
| curl fails when trying to authenticate to server through client |
| certificate if it is requested by server after the initial TLS |
| handshake. |
| |
| Enable renegotiation by default with BoringSSL to get same behavior as |
| with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2] |
| which was introduced in commit 1d5ef3bb1eb9 [3]. |
| |
| 1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation |
| 2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482 |
| 3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86 |
| |
| Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com> |
| Fixes #3258 |
| Closes #3259 |
| |
| - HISTORY: add some milestones |
| |
| Added a few of the more notable milestones in curl history that were |
| missing. Primarily more recent ones but I also noted some older that |
| could be worth mentioning. |
| |
| [ci skip] |
| Closes #3257 |
| |
| Daniel Gustafsson (9 Nov 2018) |
| - KNOWN_BUGS: add --proxy-any connection issue |
| |
| Add the identified issue with --proxy-any and proxy servers which |
| advertise authentication schemes other than the supported one. |
| |
| Closes #876 |
| Closes #3250 |
| Reported-by: NTMan on Github |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (9 Nov 2018) |
| - [Jim Fuller brought this change] |
| |
| setopt: add CURLOPT_CURLU |
| |
| Allows an application to pass in a pre-parsed URL via a URL handle. |
| |
| Closes #3227 |
| |
| - [Gisle Vanem brought this change] |
| |
| docs: ESCape "\n" codes |
| |
| Groff / Troff will display a: |
| printaf("Errno: %ld\n", error); |
| as: |
| printf("Errno: %ld0, error); |
| |
| when a "\n" is not escaped. Use "\\n" instead. |
| |
| Closes #3246 |
| |
| - curl: --local-port fix followup |
| |
| Regression by 52db54869e6. |
| |
| Reported-by: infinnovation-dev on github |
| Fixes #3248 |
| Closes #3249 |
| |
| GitHub (7 Nov 2018) |
| - [Gisle Vanem brought this change] |
| |
| More "\n" ESCaping |
| |
| Daniel Stenberg (7 Nov 2018) |
| - RELEASE-NOTES: synced |
| |
| - curl: fix --local-port integer overflow |
| |
| The tool's local port command line range parser didn't check for integer |
| overflows and could pass "weird" data to libcurl for this option. |
| libcurl however, has a strict range check for the values so it rejects |
| anything outside of the accepted range. |
| |
| Reported-by: Brian Carpenter |
| Closes #3242 |
| |
| - curl: correct the switch() logic in ourWriteOut |
| |
| Follow-up to e431daf013, as I did the wrong correction for a compiler |
| warning. It should be a break and not a fall-through. |
| |
| Pointed-out-by: Frank Gevaerts |
| |
| - [Frank Gevaerts brought this change] |
| |
| curl: add %{stderr} and %{stdout} for --write-out |
| |
| Closes #3115 |
| |
| Daniel Gustafsson (7 Nov 2018) |
| - winssl: be consistent in Schannel capitalization |
| |
| The productname from Microsoft is "Schannel", but in infof/failf |
| reporting we use "schannel". This removes different versions. |
| |
| Closes #3243 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (7 Nov 2018) |
| - TODO: Have the URL API offer IDN decoding |
| |
| Similar to how URL decoding/encoding is done, we could have URL |
| functions to convert IDN host names to punycode. |
| |
| Suggested-by: Alexey Melnichuk |
| Closes #3232 |
| |
| - urlapi: only skip encoding the first '=' with APPENDQUERY set |
| |
| APPENDQUERY + URLENCODE would skip all equals signs but now it only skip |
| encoding the first to better allow "name=content" for any content. |
| |
| Reported-by: Alexey Melnichuk |
| Fixes #3231 |
| Closes #3231 |
| |
| - url: a short host name + port is not a scheme |
| |
| The function identifying a leading "scheme" part of the URL considered a |
| few letters ending with a colon to be a scheme, making something like |
| "short:80" to become an unknown scheme instead of a short host name and |
| a port number. |
| |
| Extended test 1560 to verify. |
| |
| Also fixed test203 to use file_pwd to make it get the correct path on |
| windows. Removed test 2070 since it was a duplicate of 203. |
| |
| Assisted-by: Marcel Raad |
| Reported-by: Hagai Auro |
| Fixes #3220 |
| Fixes #3233 |
| Closes #3223 |
| Closes #3235 |
| |
| - [Sangamkar brought this change] |
| |
| libcurl: stop reading from paused transfers |
| |
| In the transfer loop it would previously not acknwledge the pause bit |
| and continue until drained or loop ended. |
| |
| Closes #3240 |
| |
| Jay Satiro (6 Nov 2018) |
| - tool: add undocumented option --dump-module-paths for win32 |
| |
| - Add an undocumented diagnostic option for Windows to show the full |
| paths of all loaded modules regardless of whether or not libcurl |
| initialization succeeds. |
| |
| This is needed so that in the CI we can get a list of all DLL |
| dependencies after initialization (when they're most likely to have |
| finished loading) and then package them as artifacts so that a |
| functioning build can be downloaded. Also I imagine it may have some use |
| as a diagnostic for help requests. |
| |
| Ref: https://github.com/curl/curl/pull/3103 |
| |
| Closes https://github.com/curl/curl/pull/3208 |
| |
| - curl_multibyte: fix a malloc overcalculation |
| |
| Prior to this change twice as many bytes as necessary were malloc'd when |
| converting wchar to UTF8. To allay confusion in the future I also |
| changed the variable name for the amount of bytes from len to bytes. |
| |
| Closes https://github.com/curl/curl/pull/3209 |
| |
| Michael Kaufmann (5 Nov 2018) |
| - netrc: don't ignore the login name specified with "--user" |
| |
| - for "--netrc", don't ignore the login/password specified with "--user", |
| only ignore the login/password in the URL. |
| This restores the netrc behaviour of curl 7.61.1 and earlier. |
| - fix the documentation of CURL_NETRC_REQUIRED |
| - improve the detection of login/password changes when reading .netrc |
| - don't read .netrc if both login and password are already set |
| |
| Fixes #3213 |
| Closes #3224 |
| |
| Patrick Monnerat (5 Nov 2018) |
| - OS400: add URL API ccsid wrappers and sync ILE/RPG bindings |
| |
| Daniel Stenberg (5 Nov 2018) |
| - [Yasuhiro Matsumoto brought this change] |
| |
| curl: fixed UTF-8 in current console code page (Windows) |
| |
| Fixes #3211 |
| Fixes #3175 |
| Closes #3212 |
| |
| - TODO: 2.6 multi upkeep |
| |
| Closes #3199 |
| |
| Daniel Gustafsson (5 Nov 2018) |
| - unittest: make 1652 stable across collations |
| |
| The previous coding used a format string whose output depended on the |
| current locale of the environment running the test. Since the gist of |
| the test is to have a format string, with the actual formatting being |
| less important, switch to a more stable formatstring with decimals. |
| |
| Reported-by: Marcel Raad |
| Closes #3234 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Daniel Stenberg (5 Nov 2018) |
| - Revert "url: a short host name + port is not a scheme" |
| |
| This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2. |
| |
| This commit caused test failures on appveyor/windows. Work on fixing them is |
| in #3235. |
| |
| - symbols-in-versions: add missing CURLU_ symbols |
| |
| ...and fix symbol-scan.pl to also scan urlapi.h |
| |
| Reported-by: Alexey Melnichuk |
| Fixes #3226 |
| Closes #3230 |
| |
| Daniel Gustafsson (3 Nov 2018) |
| - infof: clearly indicate truncation |
| |
| The internal buffer in infof() is limited to 2048 bytes of payload plus |
| an additional byte for NULL termination. Servers with very long error |
| messages can however cause truncation of the string, which currently |
| isn't very clear, and leads to badly formatted output. |
| |
| This appends a "...\n" (or just "..." in case the format didn't with a |
| newline char) marker to the end of the string to clearly show |
| that it has been truncated. |
| |
| Also include a unittest covering infof() to try and catch any bugs |
| introduced in this quite important function. |
| |
| Closes #3216 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Michael Kaufmann (3 Nov 2018) |
| - tool_getparam: fix some comments |
| |
| Daniel Stenberg (3 Nov 2018) |
| - url: a short host name + port is not a scheme |
| |
| The function identifying a leading "scheme" part of the URL considered a few |
| letters ending with a colon to be a scheme, making something like "short:80" |
| to become an unknown scheme instead of a short host name and a port number. |
| |
| Extended test 1560 to verify. |
| |
| Reported-by: Hagai Auro |
| Fixes #3220 |
| Closes #3223 |
| |
| - URL: fix IPv6 numeral address parser |
| |
| Regression from 46e164069d1a52. Extended test 1560 to verify. |
| |
| Reported-by: tpaukrt on github |
| Fixes #3218 |
| Closes #3219 |
| |
| - travis: remove curl before a normal build |
| |
| on Linux. To make sure the test suite runs with its newly build tool and |
| doesn't require an external one present. |
| |
| Bug: #3198 |
| Closes #3200 |
| |
| - [Tim Rühsen brought this change] |
| |
| mprintf: avoid unsigned integer overflow warning |
| |
| The overflow has no real world impact. |
| Just avoid it for "best practice". |
| |
| Code change suggested by "The Infinnovation Team" and Daniel Stenberg. |
| Closes #3184 |
| |
| - Curl_follow: accept non-supported schemes for "fake" redirects |
| |
| When not actually following the redirect and the target URL is only |
| stored for later retrieval, curl always accepted "non-supported" |
| schemes. This was a regression from 46e164069d1a5230. |
| |
| Reported-by: Brad King |
| Fixes #3210 |
| Closes #3215 |
| |
| Daniel Gustafsson (2 Nov 2018) |
| - openvms: fix example name |
| |
| Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to |
| fix the typo in the name, but missed to update the OpenVMS package |
| files which still looked for the old name. |
| |
| Closes #3217 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Viktor Szakats <commit@vszakats.net> |
| |
| Daniel Stenberg (1 Nov 2018) |
| - configure: show CFLAGS, LDFLAGS etc in summary |
| |
| To make it easier to understand other people's and remote builds etc. |
| |
| Closes #3207 |
| |
| - version: bump for next cycle |
| |
| - axtls: removed |
| |
| As has been outlined in the DEPRECATE.md document, the axTLS code has |
| been disabled for 6 months and is hereby removed. |
| |
| Use a better supported TLS library! |
| |
| Assisted-by: Daniel Gustafsson |
| Closes #3194 |
| |
| - [marcosdiazr brought this change] |
| |
| schannel: make CURLOPT_CERTINFO support using Issuer chain |
| |
| Closes #3197 |
| |
| - travis: build with sanitize=address,undefined,signed-integer-overflow |
| |
| ... using clang |
| |
| Closes #3190 |
| |
| - schannel: use Curl_ prefix for global private symbols |
| |
| Curl_verify_certificate() must use the Curl_ prefix since it is globally |
| available in the lib and otherwise steps outside of our namespace! |
| |
| Closes #3201 |
| |
| Kamil Dudka (1 Nov 2018) |
| - tests: drop http_pipe.py script no longer used |
| |
| It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135. |
| |
| Closes #3204 |
| |
| Daniel Stenberg (31 Oct 2018) |
| - runtests: use the local curl for verifying |
| |
| ... revert the mistaken change brought in commit 8440616f53. |
| |
| Reported-by: Alessandro Ghedini |
| Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html |
| |
| Closes #3198 |
| |
| Version 7.62.0 (30 Oct 2018) |
| |
| Daniel Stenberg (30 Oct 2018) |
| - RELEASE-NOTES: 7.62.0 |
| |
| - THANKS: 7.62.0 status |
| |
| Daniel Gustafsson (30 Oct 2018) |
| - vtls: add MesaLink to curl_sslbackend enum |
| |
| MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the |
| backend was never added to the curl_sslbackend enum in curl/curl.h. |
| This adds the new backend to the enum and updates the relevant docs. |
| |
| Closes #3195 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (30 Oct 2018) |
| - [Ruslan Baratov brought this change] |
| |
| cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable |
| |
| Closes #3191 |
| |
| - test2080: verify the fix for CVE-2018-16842 |
| |
| - voutf: fix bad arethmetic when outputting warnings to stderr |
| |
| CVE-2018-16842 |
| Reported-by: Brian Carpenter |
| Bug: https://curl.haxx.se/docs/CVE-2018-16842.html |
| |
| - [Tuomo Rinne brought this change] |
| |
| cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in |
| |
| Closes #3123 |
| |
| - [Tuomo Rinne brought this change] |
| |
| cmake: add find_dependency call for ZLIB to CMake config file |
| |
| - [Tuomo Rinne brought this change] |
| |
| cmake: add support for transitive ZLIB target |
| |
| - unit1650: fix "null pointer passed as argument 1 to memcmp" |
| |
| Detected by UndefinedBehaviorSanitizer |
| |
| Closes #3187 |
| |
| - travis: add a "make tidy" build that runs clang-tidy |
| |
| Closes #3182 |
| |
| - unit1300: fix stack-use-after-scope AddressSanitizer warning |
| |
| Closes #3186 |
| |
| - Curl_auth_create_plain_message: fix too-large-input-check |
| |
| CVE-2018-16839 |
| Reported-by: Harry Sintonen |
| Bug: https://curl.haxx.se/docs/CVE-2018-16839.html |
| |
| - Curl_close: clear data->multi_easy on free to avoid use-after-free |
| |
| Regression from b46cfbc068 (7.59.0) |
| CVE-2018-16840 |
| Reported-by: Brian Carpenter (Geeknik Labs) |
| |
| Bug: https://curl.haxx.se/docs/CVE-2018-16840.html |
| |
| - [randomswdev brought this change] |
| |
| system.h: use proper setting with Sun C++ as well |
| |
| system.h selects the proper Sun settings when __SUNPRO_C is defined. The |
| Sun compiler does not define it when compiling C++ files. I'm adding a |
| check also on __SUNPRO_CC to allow curl to work properly also when used |
| in a C++ project on Sun Solaris. |
| |
| Closes #3181 |
| |
| - rand: add comment to skip a clang-tidy false positive |
| |
| - test1651: unit test Curl_extract_certinfo() |
| |
| The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel. |
| |
| - x509asn1: always check return code from getASN1Element() |
| |
| - Makefile: add 'tidy' target that runs clang-tidy |
| |
| Available in the root, src and lib dirs. |
| |
| Closes #3163 |
| |
| - RELEASE-PROCEDURE: adjust the release dates |
| |
| See: https://curl.haxx.se/mail/lib-2018-10/0107.html |
| |
| Patrick Monnerat (27 Oct 2018) |
| - x509asn1: suppress left shift on signed value |
| |
| Use an unsigned variable: as the signed operation behavior is undefined, |
| this change silents clang-tidy about it. |
| |
| Ref: https://github.com/curl/curl/pull/3163 |
| Reported-By: Daniel Stenberg |
| |
| Michael Kaufmann (27 Oct 2018) |
| - multi: Fix error handling in the SENDPROTOCONNECT state |
| |
| If Curl_protocol_connect() returns an error code, |
| handle the error instead of switching to the next state. |
| |
| Closes #3170 |
| |
| Daniel Stenberg (27 Oct 2018) |
| - RELEASE-NOTES: synced |
| |
| - openssl: output the correct cipher list on TLS 1.3 error |
| |
| When failing to set the 1.3 cipher suite, the wrong string pointer would |
| be used in the error message. Most often saying "(nil)". |
| |
| Reported-by: Ricky-Tigg on github |
| Fixes #3178 |
| Closes #3180 |
| |
| - docs/CIPHERS: fix the TLS 1.3 cipher names |
| |
| ... picked straight from the OpenSSL man page: |
| https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html |
| |
| Reported-by: Ricky-Tigg on github |
| Bug: #3178 |
| |
| Marcel Raad (27 Oct 2018) |
| - travis: install gnutls-bin package |
| |
| This is required for gnutls-serv, which enables a few more tests. |
| |
| Closes https://github.com/curl/curl/pull/2958 |
| |
| Daniel Gustafsson (26 Oct 2018) |
| - ssh: free the session on init failures |
| |
| Ensure to clear the session object in case the libssh2 initialization |
| fails. |
| |
| It could be argued that the libssh2 error function should be called to |
| get a proper error message in this case. But since the only error path |
| in libssh2_knownhost_init() is memory a allocation failure it's safest |
| to avoid since the libssh2 error handling allocates memory. |
| |
| Closes #3179 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (26 Oct 2018) |
| - docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date |
| |
| ... I'm moving it up one week due to travels. The rest stays. |
| |
| - [Daniel Gustafsson brought this change] |
| |
| openssl: make 'done' a proper boolean |
| |
| Closes #3176 |
| |
| - gtls: Values stored to but never read |
| |
| Detected by clang-tidy |
| |
| Closes #3176 |
| |
| - [Alexey Eremikhin brought this change] |
| |
| curl.1: --ipv6 mutexes ipv4 (fixed typo) |
| |
| Fixes #3171 |
| Closes #3172 |
| |
| - tool_main: make TerminalSettings static |
| |
| Reported-by: Gisle Vanem |
| Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819 |
| Closes #3161 |
| |
| - curl-config.in: remove dependency on bc |
| |
| Reported-by: Dima Pasechnik |
| Fixes #3143 |
| Closes #3174 |
| |
| - [Gisle Vanem brought this change] |
| |
| rtmp: fix for compiling with lwIP |
| |
| Compiling on _WIN32 and with USE_LWIPSOCK, causes this error: |
| curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt' |
| setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO, |
| ^ |
| curl_rtmp.c(41,32): note: expanded from macro 'setsockopt' |
| #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e) |
| ^ |
| Closes #3155 |
| |
| - configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T |
| |
| Follow-up to #3166 which did the cmake part of this. This type/define is |
| not used. |
| |
| Closes #3168 |
| |
| - [Ruslan Baratov brought this change] |
| |
| cmake: remove unused variables |
| |
| Remove variables: |
| * HAVE_SOCKLEN_T |
| * CURL_SIZEOF_CURL_SOCKLEN_T |
| * CURL_TYPEOF_CURL_SOCKLEN_T |
| |
| Closes #3166 |
| |
| Michael Kaufmann (25 Oct 2018) |
| - urldata: Fix comment in header |
| |
| The "connecting" function is used by multiple protocols, not only FTP |
| |
| - netrc: free temporary strings if memory allocation fails |
| |
| - Change the inout parameters after all needed memory has been |
| allocated. Do not change them if something goes wrong. |
| - Free the allocated temporary strings if strdup() fails. |
| |
| Closes #3122 |
| |
| Daniel Stenberg (24 Oct 2018) |
| - [Ruslan Baratov brought this change] |
| |
| config: Remove unused SIZEOF_VOIDP |
| |
| Closes #3162 |
| |
| - RELEASE-NOTES: synced |
| |
| GitHub (23 Oct 2018) |
| - [Gisle Vanem brought this change] |
| |
| Fix for compiling with lwIP (3) |
| |
| lwIP on Windows does not have a WSAIoctl() function. |
| But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing. |
| |
| Daniel Stenberg (23 Oct 2018) |
| - Curl_follow: return better errors on URL problems |
| |
| ... by making the converter function global and accessible. |
| |
| Closes #3153 |
| |
| - Curl_follow: remove remaining free(newurl) |
| |
| Follow-up to 05564e750e8f0c. This function no longer frees the passed-in |
| URL. |
| |
| Reported-by: Michael Kaufmann |
| Bug: https://github.com/curl/curl/commit/05564e750e8f0c79016c680f301ce251e6e86155#commitcomm |
| ent-30985666 |
| |
| Daniel Gustafsson (23 Oct 2018) |
| - headers: end all headers with guard comment |
| |
| Most headerfiles end with a /* <headerguard> */ comment, but it was |
| missing from some. The comment isn't the most important part of our |
| code documentation but consistency has an intrinsic value in itself. |
| This adds header guard comments to the files that were lacking it. |
| |
| Closes #3158 |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Jay Satiro (23 Oct 2018) |
| - CIPHERS.md: Mention the options used to set TLS 1.3 ciphers |
| |
| Closes https://github.com/curl/curl/pull/3159 |
| |
| Daniel Stenberg (20 Oct 2018) |
| - docs/BUG-BOUNTY: the sponsors actually decide the amount |
| |
| Retract the previous approach as the sponsors will be the ones to set the |
| final amounts. |
| |
| Closes #3152 |
| [ci skip] |
| |
| - multi: avoid double-free |
| |
| Curl_follow() no longer frees the string. Make sure it happens in the |
| caller function, like we normally handle allocations. |
| |
| This bug was introduced with the use of the URL API internally, it has |
| never been in a release version |
| |
| Reported-by: Dario Weißer |
| Closes #3149 |
| |
| - multi: make the closure handle "inherit" CURLOPT_NOSIGNAL |
| |
| Otherwise, closing that handle can still cause surprises! |
| |
| Reported-by: Martin Ankerl |
| Fixes #3138 |
| Closes #3147 |
| |
| Marcel Raad (19 Oct 2018) |
| - VS projects: add USE_IPV6 |
| |
| The Visual Studio builds didn't use IPv6. Add it to all projects since |
| Visual Studio 2008, which is verified to build via AppVeyor. |
| |
| Closes https://github.com/curl/curl/pull/3137 |
| |
| - config_win32: enable LDAPS |
| |
| As done in the autotools and CMake builds by default. |
| |
| Closes https://github.com/curl/curl/pull/3137 |
| |
| Daniel Stenberg (18 Oct 2018) |
| - travis: add build for "configure --disable-verbose" |
| |
| Closes #3144 |
| |
| Kamil Dudka (17 Oct 2018) |
| - tool_cb_hdr: handle failure of rename() |
| |
| Detected by Coverity. |
| |
| Closes #3140 |
| Reviewed-by: Jay Satiro |
| |
| Daniel Stenberg (17 Oct 2018) |
| - RELEASE-NOTES: synced |
| |
| - docs/SECURITY-PROCESS: the hackerone IBB program drops curl |
| |
| ... now there's only BountyGraph. |
| |
| Jay Satiro (16 Oct 2018) |
| - [Matthew Whitehead brought this change] |
| |
| x509asn1: Fix SAN IP address verification |
| |
| For IP addresses in the subject alternative name field, the length |
| of the IP address (and hence the number of bytes to perform a |
| memcmp on) is incorrectly calculated to be zero. The code previously |
| subtracted q from name.end. where in a successful case q = name.end |
| and therefore addrlen equalled 0. The change modifies the code to |
| subtract name.beg from name.end to calculate the length correctly. |
| |
| The issue only affects libcurl with GSKit SSL, not other SSL backends. |
| The issue is not a security issue as IP verification would always fail. |
| |
| Fixes #3102 |
| Closes #3141 |
| |
| Daniel Gustafsson (15 Oct 2018) |
| - INSTALL: mention mesalink in TLS section |
| |
| Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the |
| MesaLink vtls backend, but missed updating the TLS section containing |
| supported backends in the docs. |
| |
| Closes #3134 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marcel Raad (14 Oct 2018) |
| - nonblock: fix unused parameter warning |
| |
| If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not |
| used. |
| |
| Michael Kaufmann (13 Oct 2018) |
| - Curl_follow: Always free the passed new URL |
| |
| Closes #3124 |
| |
| Viktor Szakats (12 Oct 2018) |
| - replace rawgit links [ci skip] |
| |
| Ref: https://rawgit.com/ "RawGit has reached the end of its useful life" |
| Ref: https://news.ycombinator.com/item?id=18202481 |
| Closes https://github.com/curl/curl/pull/3131 |
| |
| Daniel Stenberg (12 Oct 2018) |
| - docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018 |
| |
| [ci skip] |
| |
| - travis: make distcheck scan for BOM markers |
| |
| and remove BOM from projects/wolfssl_override.props |
| |
| Closes #3126 |
| |
| Marcel Raad (11 Oct 2018) |
| - CMake: remove BOM |
| |
| Accidentally aded in commit 1bb86057ff07083deeb0b00f8ad35879ec4d03ea. |
| |
| Reported-by: Viktor Szakats |
| Ref: https://github.com/curl/curl/pull/3120#issuecomment-428673136 |
| |
| Daniel Gustafsson (10 Oct 2018) |
| - transfer: fix typo in comment |
| |
| Michael Kaufmann (10 Oct 2018) |
| - docs: add "see also" links for SSL options |
| |
| - link TLS 1.2 and TLS 1.3 options |
| - link proxy and non-proxy options |
| |
| Closes #3121 |
| |
| Marcel Raad (10 Oct 2018) |
| - AppVeyor: remove BDIR variable that sneaked in again |
| |
| Removed in ae762e1abebe3a5fe75658583c85059a0957ef6e, accidentally added |
| again in 9f3be5672dc4dda30ab43e0152e13d714a84d762. |
| |
| - CMake: disable -Wpedantic-ms-format |
| |
| As done in the autotools build. This is required for MinGW, which |
| supports only %I64 for printing 64-bit values, but warns about it. |
| |
| Closes https://github.com/curl/curl/pull/3120 |
| |
| Viktor Szakats (9 Oct 2018) |
| - ldap: show precise LDAP call in error message on Windows |
| |
| Also add a unique but common text ('bind via') to make it |
| easy to grep this specific failure regardless of platform. |
| |
| Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468 |
| Closes https://github.com/curl/curl/pull/3118 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Daniel Stenberg (9 Oct 2018) |
| - docs/DEPRECATE: minor reformat to render nicer on web |
| |
| Daniel Gustafsson (9 Oct 2018) |
| - CURLOPT_SSL_VERIFYSTATUS: Fix typo |
| |
| Changes s/OSCP/OCSP/ and bumps the copyright year due to the change. |
| |
| Marcel Raad (9 Oct 2018) |
| - curl_setup: define NOGDI on Windows |
| |
| This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h> |
| on MinGW. |
| |
| Closes https://github.com/curl/curl/pull/3113 |
| |
| - Windows: fixes for MinGW targeting Windows Vista |
| |
| Classic MinGW has neither InitializeCriticalSectionEx nor |
| GetTickCount64, independent of the target Windows version. |
| |
| Closes https://github.com/curl/curl/pull/3113 |
| |
| Daniel Stenberg (8 Oct 2018) |
| - TODO: fixed 'API for URL parsing/splitting' |
| |
| Daniel Gustafsson (8 Oct 2018) |
| - KNOWN_BUGS: Fix various typos |
| |
| Closes #3112 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Viktor Szakats (8 Oct 2018) |
| - spelling fixes [ci skip] |
| |
| as detected by codespell 1.14.0 |
| |
| Closes https://github.com/curl/curl/pull/3114 |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Daniel Stenberg (8 Oct 2018) |
| - RELEASE-NOTES: synced |
| |
| - curl_ntlm_wb: check aprintf() return codes |
| |
| ... when they return NULL we're out of memory and MUST return failure. |
| |
| closes #3111 |
| |
| - docs/BUG-BOUNTY: proposed additional docs |
| |
| Bug bounty explainer. See https://bountygraph.com/programs/curl |
| |
| Closes #3067 |
| |
| - [Rick Deist brought this change] |
| |
| hostip: fix check on Curl_shuffle_addr return value |
| |
| Closes #3110 |
| |
| - FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output |
| |
| Now FILE transfers send headers to the header callback like HTTP and |
| other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...) |
| work for FILE in the callbacks. |
| |
| Makes "curl -i file://.." and "curl -I file://.." work like before |
| again. Applied the bold header logic to them too. |
| |
| Regression from c1c2762 (7.61.0) |
| |
| Reported-by: Shaun Jackman |
| Fixes #3083 |
| Closes #3101 |
| |
| Daniel Gustafsson (7 Oct 2018) |
| - gskit: make sure to terminate version string |
| |
| In case a very small buffer was passed to the version function, it could |
| result in the buffer not being NULL-terminated since strncpy() doesn't |
| guarantee a terminator on an overflowed buffer. Rather than adding code |
| to terminate (and handle zero-sized buffers), move to using snprintf() |
| instead like all the other vtls backends. |
| |
| Closes #3105 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Viktor Szakats <commit@vszakats.net> |
| |
| - TODO: add LD_PRELOAD support on macOS |
| |
| Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394. |
| |
| - runtests: skip ld_preload tests on macOS |
| |
| The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests |
| requiring it. |
| |
| Fixes #2394 |
| Closes #3106 |
| Reported-by: Github user @jakirkham |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marcel Raad (7 Oct 2018) |
| - AppVeyor: use Debug builds to run tests |
| |
| This enables more tests. |
| |
| Closes https://github.com/curl/curl/pull/3104 |
| |
| - AppVeyor: add HTTP_ONLY build |
| |
| Closes https://github.com/curl/curl/pull/3104 |
| |
| - AppVeyor: add WinSSL builds |
| |
| Use the oldest and latest Windows SDKs for them. |
| Also, remove all but one OpenSSL build. |
| |
| Closes https://github.com/curl/curl/pull/3104 |
| |
| - AppVeyor: add remaining Visual Studio versions |
| |
| This adds Visual Studio 9 and 10 builds. |
| There's no 64-bit VC9 compiler on AppVeyor, so use it as the Win32 |
| build. Also, VC9 cannot be used for running the test suite. |
| |
| Closes https://github.com/curl/curl/pull/3104 |
| |
| - AppVeyor: break long line |
| |
| Closes https://github.com/curl/curl/pull/3104 |
| |
| - AppVeyor: remove unused BDIR variable |
| |
| Closes https://github.com/curl/curl/pull/3104 |
| |
| Daniel Stenberg (6 Oct 2018) |
| - test2100: test DoH using IPv4-only |
| |
| To make it only send one DoH request and avoid the race condition that |
| could lead to the requests getting sent in reversed order and thus |
| making it hard to compare in the test case. |
| |
| Fixes #3107 |
| Closes #3108 |
| |
| - tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too |
| |
| [ci skip] |
| |
| - RELEASE-NOTES: synced |
| |
| - [Dmitry Kostjuchenko brought this change] |
| |
| timeval: fix use of weak symbol clock_gettime() on Apple platforms |
| |
| Closes #3048 |
| |
| - doh: keep the IPv4 address in (original) network byte order |
| |
| Ideally this will fix the reversed order shown in SPARC tests: |
| |
| resp 8: Expected 127.0.0.1 got 1.0.0.127 |
| |
| Closes #3091 |
| |
| Jay Satiro (5 Oct 2018) |
| - INTERNALS.md: wrap lines longer than 79 |
| |
| Daniel Gustafsson (5 Oct 2018) |
| - INTERNALS: escape reference to parameter |
| |
| The parameter reference <string> was causing rendering issues in the |
| generated HTML page, as <string> isn't a valid HTML tag. Fix by back- |
| tick escaping it. |
| |
| Closes #3099 |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - checksrc: handle zero scoped ignore commands |
| |
| If a !checksrc! disable command specified to ignore zero errors, it was |
| still added to the ignore block even though nothing was ignored. While |
| there were no blocks ignored that shouldn't be ignored, the processing |
| ended with with a warning: |
| |
| <filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE) |
| /* !checksrc! disable LONGLINE 0 */ |
| ^ |
| Fix by instead treating a zero ignore as a a badcommand and throw a |
| warning for that one. |
| |
| Closes #3096 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - checksrc: enable strict mode and warnings |
| |
| Enable strict and warnings mode for checksrc to ensure we aren't missing |
| anything due to bugs in the checking code. This uncovered a few things |
| which are all fixed in this commit: |
| |
| * several variables were used uninitialized |
| * several variables were not defined in the correct scope |
| * the whitelist filehandle was read even if the file didn't exist |
| * the enable_warn() call when a disable counter had expired was passing |
| incorrect variables, but since the checkwarn() call is unlikely to hit |
| (the counter is only decremented to zero on actual ignores) it didn't |
| manifest a problem. |
| |
| Closes #3090 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| |
| Marcel Raad (5 Oct 2018) |
| - CMake: suppress MSVC warning C4127 for libtest |
| |
| It's issued by older Windows SDKs (prior to version 8.0). |
| |
| Sergei Nikulov (5 Oct 2018) |
| - Merge branch 'dmitrykos-fix_missing_CMake_defines' |
| |
| - [Dmitry Kostjuchenko brought this change] |
| |
| cmake: test and set missed defines during configuration |
| |
| Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC. |
| |
| Closes #3097 |
| |
| Marcel Raad (5 Oct 2018) |
| - AppVeyor: disable test 500 |
| |
| It almost always results in |
| "starttransfer vs total: 0.000001 0.000000". |
| I cannot reproduce this locally, so disable it for now. |
| |
| Closes https://github.com/curl/curl/pull/3100 |
| |
| - AppVeyor: set custom install prefix |
| |
| CMake's default has spaces and in 32-bit mode parentheses, which result |
| in syntax errors in curl-config. |
| |
| Closes https://github.com/curl/curl/pull/3100 |
| |
| - AppVeyor: Remove non-SSL non-test builds |
| |
| They don't add much value. |
| |
| Closes https://github.com/curl/curl/pull/3100 |
| |
| - AppVeyor: run test suite |
| |
| Use the preinstalled MSYS2 bash for that. |
| Disable test 1139 as the CMake build doesn't generate curl.1. |
| |
| Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224 |
| Closes https://github.com/curl/curl/pull/3100 |
| |
| - AppVeyor: use in-tree build |
| |
| Required to run the tests. |
| |
| Closes https://github.com/curl/curl/pull/3100 |
| |
| Daniel Stenberg (4 Oct 2018) |
| - doh: make sure TTL isn't re-inited by second (discarded?) response |
| |
| Closes #3092 |
| |
| - test320: strip out more HTML when comparing |
| |
| To make the test case work with different gnutls-serv versions better. |
| |
| Reported-by: Kamil Dudka |
| Fixes #3093 |
| Closes #3094 |
| |
| Marcel Raad (4 Oct 2018) |
| - runtests: use Windows paths for Windows curl |
| |
| curl generated by CMake's Visual Studio generator has "Windows" in the |
| version number. |
| |
| Daniel Stenberg (4 Oct 2018) |
| - [Colin Hogben brought this change] |
| |
| tests/negtelnetserver.py: fix Python2-ism in neg TELNET server |
| |
| Fix problems caused by differences in treatment of bytes objects between |
| python2 and python3. |
| |
| Fixes #2929 |
| Closes #3080 |
| |
| Daniel Gustafsson (3 Oct 2018) |
| - memory: ensure to check allocation results |
| |
| The result of a memory allocation should always be checked, as we may |
| run under memory pressure where even a small allocation can fail. This |
| adds checking and error handling to a few cases where the allocation |
| wasn't checked for success. In the ftp case, the freeing of the path |
| variable is moved ahead of the allocation since there is little point |
| in keeping it around across the strdup, and the separation makes for |
| more readable code. In nwlib, the lock is aslo freed in the error path. |
| |
| Also bumps the copyright years on affected files. |
| |
| Closes #3084 |
| Reviewed-by: Jay Satiro <raysatiro@yahoo.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - comment: Fix multiple typos in function parameters |
| |
| Ensure that the parameters in the comment match the actual names in the |
| prototype. |
| |
| Closes #3079 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - CURLOPT_SSLVERSION.3: fix typos and consistent spelling |
| |
| Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was |
| already done in all but a few cases. Also fix a few typos. |
| |
| Closes #3076 |
| Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - SECURITY-PROCESS: make links into hyperlinks |
| |
| Use proper Markdown hyperlink format for the Bountygraph links in order |
| for the generated website page to be more user friendly. Also link to |
| the sponsors to give them a little extra credit. |
| |
| Closes #3082 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Jay Satiro (3 Oct 2018) |
| - CURLOPT_HEADER.3: fix typo |
| |
| - nss: fix nssckbi module loading on Windows |
| |
| - Use .DLL extension instead of .so to load modules on Windows. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html |
| Reported-by: Maxime Legros |
| |
| Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442 |
| |
| Closes https://github.com/curl/curl/pull/3086 |
| |
| - data-binary.d: clarify default content-type is x-www-form-urlencoded |
| |
| - Advise user that --data-binary sends a default content type of |
| x-www-form-urlencoded, and to have the data treated as arbitrary |
| binary data by the server set the content-type header to octet-stream. |
| |
| Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094 |
| |
| Closes https://github.com/curl/curl/pull/3085 |
| |
| Marcel Raad (2 Oct 2018) |
| - test1299: use single quotes around asterisk |
| |
| Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580 |
| |
| Daniel Stenberg (2 Oct 2018) |
| - docs/CIPHERS: mention the colon separation for OpenSSL |
| |
| Bug: #3077 |
| |
| - runtests: ignore disabled even when ranges are given |
| |
| runtests.pl support running a range of tests, like "44 to 127". Starting |
| now, the code makes sure that even such given ranges will ignore tests |
| that are marked as disabled. |
| |
| Disabled tests can still be run by explictly specifying that test |
| number. |
| |
| Closes #3075 |
| |
| - urlapi: starting with a drive letter on win32 is not an abs url |
| |
| ... and libcurl doesn't support any single-letter URL schemes (if there |
| even exist any) so it should be fairly risk-free. |
| |
| Reported-by: Marcel Raad |
| |
| Fixes #3070 |
| Closes #3071 |
| |
| Marcel Raad (2 Oct 2018) |
| - doh: fix curl_easy_setopt argument type |
| |
| CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit |
| MinGW. |
| |
| Daniel Stenberg (2 Oct 2018) |
| - RELEASE-NOTES: synced |
| |
| Jay Satiro (1 Oct 2018) |
| - [Ruslan Baratov brought this change] |
| |
| CMake: Improve config installation |
| |
| Use 'GNUInstallDirs' standard module to set destinations of installed |
| files. |
| |
| Use uppercase "CURL" names instead of lowercase "curl" to match standard |
| 'FindCURL.cmake' CMake module: |
| * https://cmake.org/cmake/help/latest/module/FindCURL.html |
| |
| Meaning: |
| * Install 'CURLConfig.cmake' instead of 'curl-config.cmake' |
| * User should call 'find_package(CURL)' instead of 'find_package(curl)' |
| |
| Use 'configure_package_config_file' function to generate |
| 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template |
| file smaller and handle components better. E.g. current configuration |
| report no error if user specified unknown components (note: new |
| configuration expects no components, report error if user will try to |
| specify any). |
| |
| Closes https://github.com/curl/curl/pull/2849 |
| |
| Daniel Stenberg (1 Oct 2018) |
| - test1650: make it depend on http/2 |
| |
| Follow-up to 570008c99da0ccbb as it gets link errors. |
| |
| Reported-by: Michael Kaufmann |
| Closes #3068 |
| |
| - [Nate Prewitt brought this change] |
| |
| MANUAL: minor grammar fix |
| |
| Noticed a typo reading through the docs. |
| |
| Closes #3069 |
| |
| - doh: only build if h2 enabled |
| |
| The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version |
| of HTTP for use with DoH". |
| |
| Reported-by: Marcel Raad |
| Closes #3066 |
| |
| - test2100: require http2 to run |
| |
| Reported-by: Marcel Raad |
| Fixes #3064 |
| Closes #3065 |
| |
| - multi: fix memory leak in content encoding related error path |
| |
| ... a missing multi_done() call. |
| |
| Credit to OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728 |
| Closes #3063 |
| |
| - travis: bump the Secure Transport build to use xcode 10 |
| |
| Due to an issue with travis |
| (https://github.com/travis-ci/travis-ci/issues/9956) we've been using |
| Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as |
| an alternative and as it builds curl+darwinssl fine that seems like a |
| better choice. |
| |
| Closes #3062 |
| |
| - [Rich Turner brought this change] |
| |
| curl: enabled Windows VT Support and UTF-8 output |
| |
| Enabled Console VT support (if running OS supports VT) in tool_main.c. |
| |
| Fixes #3008 |
| Closes #3011 |
| |
| - multi: fix location URL memleak in error path |
| |
| Follow-up to #3044 - fix a leak OSS-Fuzz detected |
| Closes #3057 |
| |
| Sergei Nikulov (28 Sep 2018) |
| - cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...) |
| |
| - [Brad King brought this change] |
| |
| cmake: Backport to work with CMake 3.0 again |
| |
| Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets |
| instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake: |
| bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix |
| issue #2746. This broke support for users on older versions of CMake |
| even if they just want to build curl and do not care whether transitive |
| dependencies work. |
| |
| Backport the logic to work with CMake 3.0 again by implementing the |
| fix only when the version of CMake is at least 3.4. |
| |
| Marcel Raad (27 Sep 2018) |
| - curl_threads: fix classic MinGW compile break |
| |
| Classic MinGW still has _beginthreadex's return type as unsigned long |
| instead of uintptr_t [0]. uintptr_t is not even defined because of [1]. |
| |
| [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167 |
| [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90 |
| |
| Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807 |
| Closes https://github.com/curl/curl/pull/3051 |
| |
| Daniel Stenberg (26 Sep 2018) |
| - configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE |
| |
| fix a few leftovers |
| |
| Fixes #3006 |
| Closes #3049 |
| |
| - [Doron Behar brought this change] |
| |
| example/htmltidy: fix include paths of tidy libraries |
| |
| Closes #3050 |
| |
| - RELEASE-NOTES: synced |
| |
| - Curl_http2_done: fix memleak in error path |
| |
| Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for |
| early failures. |
| |
| Detected by OSS-Fuzz |
| |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669 |
| Closes #3046 |
| |
| - http: fix memleak in rewind error path |
| |
| If the rewind would fail, a strdup() would not get freed. |
| |
| Detected by OSS-Fuzz |
| |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 |
| Closes #3044 |
| |
| Viktor Szakats (24 Sep 2018) |
| - test320: fix regression in [ci skip] |
| |
| The value in question is coming directly from `gnutls-serv`, so it cannot |
| be modified freely. |
| |
| Reported-by: Marcel Raad |
| Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004 |
| |
| Daniel Stenberg (24 Sep 2018) |
| - Curl_retry_request: fix memory leak |
| |
| Detected by OSS-Fuzz |
| |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648 |
| Closes #3042 |
| |
| - openssl: load built-in engines too |
| |
| Regression since 38203f1 |
| |
| Reported-by: Jean Fabrice |
| Fixes #3023 |
| Closes #3040 |
| |
| - [Christian Heimes brought this change] |
| |
| OpenSSL: enable TLS 1.3 post-handshake auth |
| |
| OpenSSL 1.1.1 requires clients to opt-in for post-handshake |
| authentication. |
| |
| Fixes: https://github.com/curl/curl/issues/3026 |
| Signed-off-by: Christian Heimes <christian@python.org> |
| |
| Closes https://github.com/curl/curl/pull/3027 |
| |
| - [Even Rouault brought this change] |
| |
| Curl_dedotdotify(): always nul terminate returned string. |
| |
| This fixes potential out-of-buffer access on "file:./" URL |
| |
| $ valgrind curl "file:./" |
| ==24516== Memcheck, a memory error detector |
| ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. |
| ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info |
| ==24516== Command: /home/even/install-curl-git/bin/curl file:./ |
| ==24516== |
| ==24516== Conditional jump or move depends on uninitialised value(s) |
| ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| ==24516== by 0x4EBB315: seturl (urlapi.c:801) |
| ==24516== by 0x4EBB568: parseurl (urlapi.c:861) |
| ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) |
| ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) |
| ==24516== by 0x4E67AEF: create_conn (url.c:3613) |
| ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) |
| ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) |
| ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) |
| ==24516== by 0x4E7558C: easy_transfer (easy.c:686) |
| ==24516== by 0x4E75801: easy_perform (easy.c:779) |
| ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) |
| |
| Was originally spotted by |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 |
| Credit to OSS-Fuzz |
| |
| Closes #3039 |
| |
| Viktor Szakats (23 Sep 2018) |
| - update URLs in tests |
| |
| - and one in docs/MANUAL as well |
| |
| Closes https://github.com/curl/curl/pull/3038 |
| |
| - whitespace fixes |
| |
| - replace tabs with spaces where possible |
| - remove line ending spaces |
| - remove double/triple newlines at EOF |
| - fix a non-UTF-8 character |
| - cleanup a few indentations/line continuations |
| in manual examples |
| |
| Closes https://github.com/curl/curl/pull/3037 |
| |
| Daniel Stenberg (23 Sep 2018) |
| - http: add missing return code check |
| |
| Detected by Coverity. CID 1439610. |
| |
| Follow-up from 46e164069d1a523 |
| |
| Closes #3034 |
| |
| - ftp: don't access pointer before NULL check |
| |
| Detected by Coverity. CID 1439611. |
| |
| Follow-up from 46e164069d1a523 |
| |
| - unit1650: fix out of boundary access |
| |
| Fixes #2987 |
| Closes #3035 |
| |
| Viktor Szakats (23 Sep 2018) |
| - docs/examples: URL updates |
| |
| - also update two URLs outside of docs/examples |
| - fix spelling of filename persistant.c |
| - fix three long lines that started failing checksrc.pl |
| |
| Closes https://github.com/curl/curl/pull/3036 |
| |
| - examples/Makefile.m32: sync with core [ci skip] |
| |
| also: |
| - fix two warnings in synctime.c (one of them Windows-specific) |
| - upgrade URLs in synctime.c and remove a broken one |
| |
| Closes https://github.com/curl/curl/pull/3033 |
| |
| Daniel Stenberg (22 Sep 2018) |
| - examples/parseurl.c: show off the URL API a bit |
| |
| Closes #3030 |
| |
| - SECURITY-PROCESS: mention the bountygraph program [ci skip] |
| |
| Closes #3032 |
| |
| - url: use the URL API internally as well |
| |
| ... to make it a truly unified URL parser. |
| |
| Closes #3017 |
| |
| Viktor Szakats (22 Sep 2018) |
| - URL and mailmap updates, remove an obsolete directory [ci skip] |
| |
| Closes https://github.com/curl/curl/pull/3031 |
| |
| Daniel Stenberg (22 Sep 2018) |
| - RELEASE-NOTES: synced |
| |
| - configure: force-use -lpthreads on HPUX |
| |
| When trying to detect pthreads use on HPUX the checks will succeed |
| without the correct -l option but then end up failing at run-time. |
| |
| Reported-by: Eason-Yu on github |
| Fixes #2697 |
| Closes #3025 |
| |
| - [Erik Minekus brought this change] |
| |
| Curl_saferealloc: Fixed typo in docblock |
| |
| Closes #3029 |
| |
| - urlapi: fix support for address scope in IPv6 numerical addresses |
| |
| Closes #3024 |
| |
| - [Loganaden Velvindron brought this change] |
| |
| GnutTLS: TLS 1.3 support |
| |
| Closes #2971 |
| |
| - TODO: c-ares and CURLOPT_OPENSOCKETFUNCTION |
| |
| Removed DoH. |
| |
| Closes #2734 |
| |
| Jay Satiro (20 Sep 2018) |
| - vtls: fix ssl version "or later" behavior change for many backends |
| |
| - Treat CURL_SSLVERSION_MAX_NONE the same as |
| CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use |
| the minimum version also as the maximum. |
| |
| This is a follow-up to 6015cef which changed the behavior of setting |
| the SSL version so that the requested version would only be the minimum |
| and not the maximum. It appears it was (mostly) implemented in OpenSSL |
| but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to |
| mean use just TLS v1.0 and now it means use TLS v1.0 *or later*. |
| |
| - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL. |
| |
| Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was |
| erroneously treated as always TLS 1.3, and would cause an error if |
| OpenSSL was built without TLS 1.3 support. |
| |
| Co-authored-by: Daniel Gustafsson |
| |
| Fixes https://github.com/curl/curl/issues/2969 |
| Closes https://github.com/curl/curl/pull/3012 |
| |
| Daniel Stenberg (20 Sep 2018) |
| - certs: generate tests certs with sha256 digest algorithm |
| |
| As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs: |
| |
| "SSL certificate problem: CA signature digest algorithm too weak" |
| |
| Closes #3014 |
| |
| - urlapi: document the error codes, remove two unused ones |
| |
| Assisted-by: Daniel Gustafsson |
| Closes #3019 |
| |
| - urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance |
| |
| In order for this API to fully work for libcurl itself, it now offers a |
| CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host |
| name prefix just like libcurl always did. If there's no known prefix, it |
| will guess "http://". |
| |
| Separately, it relaxes the check of the host name so that IDN host names |
| can be passed in as well. |
| |
| Both these changes are necessary for libcurl itself to use this API. |
| |
| Assisted-by: Daniel Gustafsson |
| Closes #3018 |
| |
| Kamil Dudka (19 Sep 2018) |
| - nss: try to connect even if libnssckbi.so fails to load |
| |
| One can still use CA certificates stored in NSS database. |
| |
| Reported-by: Maxime Legros |
| Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html |
| |
| Closes #3016 |
| |
| Daniel Gustafsson (19 Sep 2018) |
| - urlapi: don't set value which is never read |
| |
| In the CURLUPART_URL case, there is no codepath which invokes url |
| decoding so remove the assignment of the urldecode variable. This |
| fixes the deadstore bug-report from clang static analysis. |
| |
| Closes #3015 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - todo: Update reference to already done item |
| |
| TODO item 1.1 was implemented in commit 946ce5b61f, update reference |
| to it with instead referencing the implemented option. |
| |
| Closes #3013 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (18 Sep 2018) |
| - RELEASE-NOTES: synced |
| |
| - [slodki brought this change] |
| |
| cmake: don't require OpenSSL if USE_OPENSSL=OFF |
| |
| User must have OpenSSL installed even if not used by libcurl at all |
| since 7.61.1 release. Broken at |
| 7867aaa9a01decf93711428462335be8cef70212 |
| |
| Reviewed-by: Sergei Nikulov |
| Closes #3001 |
| |
| - curl_multi_wait: call getsock before figuring out timeout |
| |
| .... since getsock may update the expiry timer. |
| |
| Fixes #2996 |
| Closes #3000 |
| |
| - examples/http2-pushinmemory: receive HTTP/2 pushed files in memory |
| |
| Closes #3004 |
| |
| Daniel Gustafsson (18 Sep 2018) |
| - darwinssl: Fix realloc memleak |
| |
| The reallocation was using the input pointer for the return value, which |
| leads to a memory leak on reallication failure. Fix by instead use the |
| safe internal API call Curl_saferealloc(). |
| |
| Closes #3005 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| Reviewed-by: Nick Zitzmann <nickzman@gmail.com> |
| |
| - [Kruzya brought this change] |
| |
| examples: Fix memory leaks from realloc errors |
| |
| Make sure to not overwrite the reallocated pointer in realloc() calls |
| to avoid a memleak on memory errors. |
| |
| - memory: add missing curl_printf header |
| |
| ftp_send_command() was using vsnprintf() without including the libcurl |
| *rintf() replacement header. Fix by including curl_printf.h and also |
| add curl_memory.h while at it since memdebug.h depends on it. |
| |
| Closes #2999 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (16 Sep 2018) |
| - [Si brought this change] |
| |
| curl: update --tlsv* descriptions in --help output |
| |
| Closes #2994 |
| |
| - http: made Curl_add_buffer functions take a pointer-pointer |
| |
| ... so that they can clear the original pointer on failure, which makes |
| the error-paths and their cleanups easier. |
| |
| Closes #2992 |
| |
| - http2: fix memory leaks on error-path |
| |
| - [Rikard Falkeborn brought this change] |
| |
| libtest: Add chkdecimalpoint to .gitignore |
| |
| Closes #2998 |
| |
| Viktor Szakats (14 Sep 2018) |
| - secure Openwall URLs |
| |
| Daniel Stenberg (14 Sep 2018) |
| - openssl: show "proper" version number for libressl builds |
| |
| Closes #2989 |
| |
| - [Rainer Jung brought this change] |
| |
| openssl: assume engine support in 0.9.8 or later |
| |
| Fixes #2983 |
| Closes #2988 |
| |
| Daniel Gustafsson (13 Sep 2018) |
| - sendf: use failf() rather than Curl_failf() |
| |
| The failf() macro is the name used for invoking Curl_failf(). While |
| there isn't a way to turn off failf like there is for infof, but it's |
| still a good idea to use the macro. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - sendf: Fix whitespace in infof/failf concatenation |
| |
| Strings broken on multiple rows in the .c file need to have appropriate |
| whitespace padding on either side of the concatenation point to render |
| a correct amalgamated string. Fix by adding a space at the occurrences |
| found. |
| |
| Closes #2986 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - krb5: fix memory leak in krb_auth |
| |
| The FTP command allocated by aprintf() must be freed after usage. |
| |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - ftp: include command in Curl_ftpsend sendbuffer |
| |
| Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed |
| the actual command to be sent from the send buffer in a refactoring. |
| Add back copying the command into the buffer. Also add more guards |
| against malformed input while at it. |
| |
| Closes #2985 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| - ntlm_wb: Fix memory leaks in ntlm_wb_response |
| |
| When erroring out on a request being too large, the existing buffer was |
| leaked. Fix by explicitly freeing on the way out. |
| |
| Closes #2966 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Daniel Stenberg (13 Sep 2018) |
| - [Yiming Jing brought this change] |
| |
| travis: build the MesaLink vtls backend with MesaLink 0.7.1 |
| |
| - [Yiming Jing brought this change] |
| |
| runtests.pl: run tests against the MesaLink vtls backend |
| |
| - [Yiming Jing brought this change] |
| |
| vtls: add a MesaLink vtls backend |
| |
| Closes #2984 |
| |
| - [Yiming Jing brought this change] |
| |
| configure.ac: add a MesaLink vtls backend |
| |
| - [Dave Reisner brought this change] |
| |
| curl_url_set.3: properly escape \n in example code |
| |
| This yields |
| |
| "the scheme is %s\n" |
| |
| instead of |
| |
| "the scheme is %s0 |
| |
| Closes #2970 |
| |
| - [Dave Reisner brought this change] |
| |
| curl_url_set.3: fix typo in reference to CURLU_APPENDQUERY |
| |
| - urlglob: improve error message |
| |
| to help user understand what the problem is |
| |
| Reported-by: Daniel Shahaf |
| |
| Fixes #2763 |
| Closes #2977 |
| |
| - [Yiming Jing brought this change] |
| |
| tests/certs: rebuild certs with 2048-bit RSA keys |
| |
| The previous test certificates contained RSA keys of only 1024 bits. |
| However, RSA claims that 1024-bit RSA keys are likely to become |
| crackable some time before 2010. The NIST recommends at least 2048-bit |
| keys for RSA for now. |
| |
| Better use full 2048 also for testing. |
| |
| Closes #2973 |
| |
| Daniel Gustafsson (12 Sep 2018) |
| - TODO: fix typo in item |
| |
| Closes #2968 |
| Reviewed-by: Daniel Stenberg <daniel@haxx.se> |
| |
| Marcel Raad (12 Sep 2018) |
| - anyauthput: fix compiler warning on 64-bit Windows |
| |
| On Windows, the read function from <io.h> is used, which has its byte |
| count parameter as unsigned int instead of size_t. |
| |
| Closes https://github.com/curl/curl/pull/2972 |
| |
| Viktor Szakats (12 Sep 2018) |
| - lib: fix gcc8 warning on Windows |
| |
| Closes https://github.com/curl/curl/pull/2979 |
| |
| Jay Satiro (12 Sep 2018) |
| - openssl: fix gcc8 warning |
| |
| - Use memcpy instead of strncpy to copy a string without termination, |
| since gcc8 warns about using strncpy to copy as many bytes from a |
| string as its length. |
| |
| Suggested-by: Viktor Szakats |
| |
| Closes https://github.com/curl/curl/issues/2980 |
| |
| Daniel Stenberg (10 Sep 2018) |
| - libcurl-url.3: overview man page for the URL API |
| |
| Closes #2967 |
| |
| - example/asiohiper: insert warning comment about its status |
| |
| This example is simply not working correctly but there's nobody around |
| with the skills and energy to fix it. |
| |
| Closes #2407 |
| |
| Kamil Dudka (10 Sep 2018) |
| - docs/cmdline-opts: update the documentation of --tlsv1.0 |
| |
| ... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9 |
| |
| Closes #2955 |
| |
| - docs/examples: do not wait when no transfers are running |
| |
| Closes #2948 |
| |
| Daniel Stenberg (10 Sep 2018) |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: Move failure case label to end of function |
| |
| Rather than jumping backwards to where failure cleanup happens |
| to be performed, move the failure case to end of the function |
| where it is expected per existing coding convention. |
| |
| Closes #2965 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| misc: fix typos in comments |
| |
| Closes #2963 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: fix leak when writing cookies to file |
| |
| If the formatting fails, we error out on a fatal error and |
| clean up on the way out. The array was however freed within |
| the wrong scope and was thus never freed in case the cookies |
| were written to a file instead of STDOUT. |
| |
| Closes #2957 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: Remove redundant expired check |
| |
| Expired cookies have already been purged at a later expiration time |
| before this check, so remove the redundant check. |
| |
| closes #2962 |
| |
| - ntlm_wb: bail out if the response gets overly large |
| |
| Exit the realloc() loop if the response turns out ridiculously large to |
| avoid worse problems. |
| |
| Reported-by: Harry Sintonen |
| Closes #2959 |
| |
| - [Daniel Gustafsson brought this change] |
| |
| url.c: fix comment typo and indentation |
| |
| Closes #2960 |
| |
| - urlapi: avoid derefencing a possible NULL pointer |
| |
| Coverity CID 1439134 |
| |
| - RELEASE-NOTES: synced |
| |
| Marcel Raad (8 Sep 2018) |
| - test324: fix after 3f3b26d6feb0667714902e836af608094235fca2 |
| |
| The expected error code is now 60. 51 is dead. |
| |
| Daniel Stenberg (8 Sep 2018) |
| - curl_url_set.3: correct description |
| |
| - curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0 |
| |
| - URL-API |
| |
| See header file and man pages for API. All documented API details work |
| and are tested in the 1560 test case. |
| |
| Closes #2842 |
| |
| - curl_easy_upkeep: removed 'conn' from the name |
| |
| ... including the associated option. |
| |
| Fixes #2951 |
| Closes #2952 |
| |
| - [Max Dymond brought this change] |
| |
| upkeep: add a connection upkeep API: curl_easy_conn_upkeep() |
| |
| Add functionality so that protocols can do custom keepalive on their |
| connections, when an external API function is called. |
| |
| Add docs for the new options in 7.62.0 |
| |
| Closes #1641 |
| |
| - [Philipp Waehnert brought this change] |
| |
| configure: add option to disable automatic OpenSSL config loading |
| |
| Sometimes it may be considered a security risk to load an external |
| OpenSSL configuration automatically inside curl_global_init(). The |
| configuration option --disable-ssl-auto-load-config disables this |
| automatism. The Windows build scripts winbuild/Makefile.vs provide a |
| corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean |
| value. |
| |
| Setting neither of these options corresponds to the previous behavior |
| loading the external OpenSSL configuration automatically. |
| |
| Fixes #2724 |
| Closes #2791 |
| |
| - doh: minor edits to please Coverity |
| |
| The gcc typecheck macros and coverity combined made it warn on the 2nd |
| argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it. |
| |
| Coverity CID 1439115 and CID 1439114. |
| |
| - schannel: avoid switch-cases that go to default anyway |
| |
| SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of |
| mingw and would require an ifdef otherwise. |
| |
| Reported-by: Thomas Glanzmann |
| Approved-by: Marc Hörsken |
| Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html |
| Closes #2950 |
| |
| - [Nicklas Avén brought this change] |
| |
| imap: change from "FETCH" to "UID FETCH" |
| |
| ... and add "MAILINDEX". |
| |
| As described in #2789, this is a suggested solution. Changing UID=xx to |
| actually get mail with UID xx and add "MAILINDEX" to get a mail with a |
| special index in the mail box (old behavior). So MAILINDEX=1 gives the |
| first non deleted mail in the mail box. |
| |
| Fixes #2789 |
| Closes #2815 |
| |
| - CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size |
| |
| This is step 3 of #2888. |
| |
| Fixes #2888 |
| Closes #2896 |
| |
| - travis: add the DOH tests to the torture testing |
| |
| - DOH: add test case 1650 and 2100 |
| |
| - curl: --doh-url added |
| |
| - setopt: add CURLOPT_DOH_URL |
| |
| Closes #2668 |
| |
| - [Han Han brought this change] |
| |
| ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code |
| |
| Long live CURLE_PEER_FAILED_VERIFICATION |
| |
| - [Han Han brought this change] |
| |
| x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert |
| |
| CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509 |
| does not allocate memory internally as its first argument is a pointer |
| to the certificate structure. The same error code is also returned by |
| Curl_verifyhost when its call to Curl_parseX509 fails so the change |
| makes error handling more consistent. |
| |
| - [Han Han brought this change] |
| |
| openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer |
| |
| Failure to extract the issuer name from the server certificate should |
| return a more specific error code like on other TLS backends. |
| |
| - [Han Han brought this change] |
| |
| schannel: unified error code handling |
| |
| Closes #2901 |
| |
| - [Han Han brought this change] |
| |
| darwinssl: more specific and unified error codes |
| |
| Closes #2901 |
| |
| - CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated |
| |
| Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for |
| deprecation and complete removal in six months. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html |
| Closes #2942 |
| |
| - url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled |
| |
| Closes #2709 |
| |
| - multiplex: enable by default |
| |
| Starting 7.62.0, multiplexing is enabled by default in multi handles. |
| |
| - [Jim Fuller brought this change] |
| |
| tests: add unit tests for url.c |
| |
| Approved-by: Daniel Gustafsson |
| Closes #2937 |
| |
| - test1452: mark as flaky |
| |
| makes it not run in the CI builds |
| |
| Closes #2941 |
| |
| - pipelining: deprecated |
| |
| Transparently. The related curl_multi_setopt() options all still returns |
| OK when pipelining is selected. |
| |
| To re-enable the support, the single line change in lib/multi.c needs to |
| be reverted. |
| |
| See docs/DEPRECATE.md |
| |
| Closes #2705 |
| |
| - RELEASE-NOTES: start working on 7.62.0 |
| |
| Version 7.61.1 (4 Sep 2018) |
| |
| Daniel Stenberg (4 Sep 2018) |
| - THANKS: 7.61.1 status |
| |
| - RELEASE-NOTES: 7.61.1 |
| |
| - Curl_getoff_all_pipelines: ignore unused return values |
| |
| Since scan-build would warn on the dead "Dead store/Dead increment" |
| |
| Viktor Szakats (4 Sep 2018) |
| - sftp: fix indentation |
| |
| Daniel Stenberg (4 Sep 2018) |
| - [Przemysław Tomaszewski brought this change] |
| |
| sftp: don't send post-qoute sequence when retrying a connection |
| |
| Fixes #2939 |
| Closes #2940 |
| |
| Kamil Dudka (3 Sep 2018) |
| - url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work |
| |
| This is a follow-up to PR #2607 and PR #2926. |
| |
| Closes #2936 |
| |
| Daniel Stenberg (3 Sep 2018) |
| - [Jay Satiro brought this change] |
| |
| tool_operate: Add http code 408 to transient list for --retry |
| |
| - Treat 408 request timeout as transient so that curl will retry the |
| request if --retry was used. |
| |
| Closes #2925 |
| |
| - [Jay Satiro brought this change] |
| |
| openssl: Fix setting TLS 1.3 cipher suites |
| |
| The flag indicating TLS 1.3 cipher support in the OpenSSL backend was |
| missing. |
| |
| Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187 |
| Reported-by: Kamil Dudka |
| |
| Closes #2926 |
| |
| - Curl_ntlm_core_mk_nt_hash: return error on too long password |
| |
| ... since it would cause an integer overflow if longer than (max size_t |
| / 2). |
| |
| This is CVE-2018-14618 |
| |
| Bug: https://curl.haxx.se/docs/CVE-2018-14618.html |
| Closes #2756 |
| Reported-by: Zhaoyang Wu |
| |
| - [Rikard Falkeborn brought this change] |
| |
| http2: Use correct format identifier for stream_id |
| |
| Closes #2928 |
| |
| Marcel Raad (2 Sep 2018) |
| - test1148: fix precheck output |
| |
| "precheck command error" is not very helpful. |
| |
| Daniel Stenberg (1 Sep 2018) |
| - all: s/int/size_t cleanup |
| |
| Assisted-by: Rikard Falkeborn |
| |
| Closes #2922 |
| |
| - ssh-libssh: use FALLTHROUGH to silence gcc8 |
| |
| Jay Satiro (31 Aug 2018) |
| - tool_operate: Fix setting proxy TLS 1.3 ciphers |
| |
| Daniel Stenberg (31 Aug 2018) |
| - [Daniel Gustafsson brought this change] |
| |
| cookies: support creation-time attribute for cookies |
| |
| According to RFC6265 section 5.4, cookies with equal path lengths |
| SHOULD be sorted by creation-time (earlier first). This adds a |
| creation-time record to the cookie struct in order to make cookie |
| sorting more deterministic. The creation-time is defined as the |
| order of the cookies in the jar, the first cookie read fro the |
| jar being the oldest. The creation-time is thus not serialized |
| into the jar. Also remove the strcmp() matching in the sorting as |
| there is no lexicographic ordering in RFC6265. Existing tests are |
| updated to match. |
| |
| Closes #2524 |
| |
| Marcel Raad (31 Aug 2018) |
| - Don't use Windows path %PWD for SSH tests |
| |
| All these tests failed on Windows because something like |
| sftp://%HOSTIP:%SSHPORT%PWD/ |
| expanded to |
| sftp://127.0.0.1:1234c:/msys64/home/bla/curl |
| and then curl complained about the port number ending with a letter. |
| |
| Use the original POSIX path instead of the Windows path created in |
| checksystem to fix this. |
| |
| Closes https://github.com/curl/curl/pull/2920 |
| |
| Jay Satiro (29 Aug 2018) |
| - CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning |
| |
| Reported-by: Daniel Stenberg |
| |
| Closes https://github.com/curl/curl/issues/2916 |
| |
| Daniel Stenberg (28 Aug 2018) |
| - THANKS-filter: dedup Daniel Jeliński |
| |
| - RELEASE-NOTES: synced |
| |
| - CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip] |
| |
| - CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip] |
| |
| Added a warning! |
| |
| Closes #2915 |
| |
| - curl: fix time-of-check, time-of-use race in dir creation |
| |
| Patch-by: Jay Satiro |
| Detected by Coverity |
| Fixes #2739 |
| Closes #2912 |
| |
| - cmdline-opts/page-footer: fix edit mistake |
| |
| There was a missing newline. |
| |
| follow-up to a7ba60bb7250 |
| |
| - docs: clarify NO_PROXY env variable functionality |
| |
| Reported-by: Kirill Marchuk |
| Fixes #2773 |
| Closes #2911 |
| |
| Marcel Raad (24 Aug 2018) |
| - lib1522: fix curl_easy_setopt argument type |
| |
| CURLOPT_POSTFIELDSIZE is a long option. |
| |
| - curl_threads: silence bad-function-cast warning |
| |
| As uintptr_t and HANDLE are always the same size, this warning is |
| harmless. Just silence it using an intermediate uintptr_t variable. |
| |
| Closes https://github.com/curl/curl/pull/2908 |
| |
| Daniel Stenberg (24 Aug 2018) |
| - README: add appveyor build badge [ci skip] |
| |
| Closes #2913 |
| |
| - [Ihor Karpenko brought this change] |
| |
| schannel: client certificate store opening fix |
| |
| 1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG ) |
| while opening certificate store would be sufficient in this scenario and |
| less-demanding in sense of required user credentials ( for example, |
| IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore |
| call without any of flags mentioned above ), |
| |
| 2) as 'cert_store_name' is a DWORD, attempt to format its value like a |
| string ( in "Failed to open cert store" error message ) will throw null |
| pointer exception |
| |
| 3) adding GetLastError(), in my opinion, will make error message more |
| useful. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html |
| |
| Closes #2909 |
| |
| - [Leonardo Taccari brought this change] |
| |
| gopher: Do not translate `?' to `%09' |
| |
| Since GOPHER support was added in curl `?' character was automatically |
| translated to `%09' (`\t'). |
| |
| However, this behaviour does not seems documented in RFC 4266 and for |
| search selectors it is documented to directly use `%09' in the URL. |
| Apart that several gopher servers in the current gopherspace have CGI |
| support where `?' is used as part of the selector and translating it to |
| `%09' often leads to surprising results. |
| |
| Closes #2910 |
| |
| Marcel Raad (23 Aug 2018) |
| - cookie tests: treat files as text |
| |
| Fixes test failures because of wrong line endings on Windows. |
| |
| Daniel Stenberg (23 Aug 2018) |
| - libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation |
| |
| Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to |
| avoid the risk of getting a SIGPIPE. |
| |
| Either way, a multi-threaded application that uses libcurl/openssl needs |
| to have a signhandler for or ignore SIGPIPE on its own. |
| |
| Based on discussions in #2800 |
| Closes #2904 |
| |
| - RELEASE-NOTES: synced |
| |
| Marcel Raad (22 Aug 2018) |
| - Tests: fixes for Windows |
| |
| - test 1268 requires unix sockets |
| - test 2072 must be disabled also for MSYS/MinGW |
| |
| Daniel Stenberg (22 Aug 2018) |
| - http2: abort the send_callback if not setup yet |
| |
| When Curl_http2_done() gets called before the http2 data is setup all |
| the way, we cannot send anything and this should just return an error. |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012 |
| |
| - http2: remove four unused nghttp2 callbacks |
| |
| Closes #2903 |
| |
| - x509asn1: use FALLTHROUGH |
| |
| ... as no other comments are accepted since 014ed7c22f51463 |
| |
| Marcel Raad (21 Aug 2018) |
| - test1148: disable if decimal separator is not point |
| |
| Modifying the locale with environment variables doesn't work for native |
| Windows applications. Just disable the test in this case if the decimal |
| separator is something different than a point. Use a precheck with a |
| small C program to achieve that. |
| |
| Closes https://github.com/curl/curl/pull/2786 |
| |
| - Enable more GCC warnings |
| |
| This enables the following additional warnings: |
| -Wold-style-definition |
| -Warray-bounds=2 instead of the default 1 |
| -Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not |
| respected for older versions |
| -Wunused-const-variable, which enables level 2 instead of the default 1 |
| -Warray-bounds also in debug mode through -ftree-vrp |
| -Wnull-dereference also in debug mode through |
| -fdelete-null-pointer-checks |
| |
| Closes https://github.com/curl/curl/pull/2747 |
| |
| - curl-compilers: enable -Wimplicit-fallthrough=4 for GCC |
| |
| This enables level 4 instead of the default level 3, which of the |
| currently used comments only allows /* FALLTHROUGH */ to silence the |
| warning. |
| |
| Closes https://github.com/curl/curl/pull/2747 |
| |
| - curl-compilers: enable -Wbad-function-cast on GCC |
| |
| This warning used to be enabled only for clang as it's a bit stricter |
| on GCC. Silence the remaining occurrences and enable it on GCC too. |
| |
| Closes https://github.com/curl/curl/pull/2747 |
| |
| - configure: conditionally enable pedantic-errors |
| |
| Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5, |
| pedantic-errors was synonymous to -Werror=pedantic [0], which is still |
| the case for clang [1]. With GCC 5, it became complementary [2]. |
| |
| Also fix a resulting error in acinclude.m4 as main's return type was |
| missing, which is illegal in C99. |
| |
| [0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html |
| [1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages |
| [2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html |
| |
| Closes https://github.com/curl/curl/pull/2747 |
| |
| - Remove unused definitions |
| |
| Closes https://github.com/curl/curl/pull/2747 |
| |
| Daniel Stenberg (21 Aug 2018) |
| - x509asn1: make several functions static |
| |
| and remove the private SIZE_T_MAX define and use the generic one. |
| |
| Closes #2902 |
| |
| - INTERNALS: require GnuTLS >= 2.11.3 |
| |
| Since the public pinning support was brought in e644866caf4. GnuTLS |
| 2.11.3 was released in October 2010. |
| |
| Figured out in #2890 |
| |
| - http2: avoid set_stream_user_data() before stream is assigned |
| |
| ... before the stream is started, we have it set to -1. |
| |
| Fixes #2894 |
| Closes #2898 |
| |
| - SSLCERTS: improve the openssl command line |
| |
| ... for extracting certs from a live HTTPS server to make a cacerts.pem |
| from them. |
| |
| - docs/SECURITY-PROCESS: now we name the files after the CVE id |
| |
| - RELEASE-NOTES: synced |
| |
| - upload: change default UPLOAD_BUFSIZE to 64KB |
| |
| To make uploads significantly faster in some circumstances. |
| |
| Part 2 of #2888 |
| Closes #2892 |
| |
| - upload: allocate upload buffer on-demand |
| |
| Saves 16KB on the easy handle for operations that don't need that |
| buffer. |
| |
| Part 1 of #2888 |
| |
| - [Laurent Bonnans brought this change] |
| |
| vtls: reinstantiate engine on duplicated handles |
| |
| Handles created with curl_easy_duphandle do not use the SSL engine set |
| up in the original handle. This fixes the issue by storing the engine |
| name in the internal url state and setting the engine from its name |
| inside curl_easy_duphandle. |
| |
| Reported-by: Anton Gerasimov |
| Signed-of-by: Laurent Bonnans |
| Fixes #2829 |
| Closes #2833 |
| |
| - http2: make sure to send after RST_STREAM |
| |
| If this is the last stream on this connection, the RST_STREAM might not |
| get pushed to the wire otherwise. |
| |
| Fixes #2882 |
| Closes #2887 |
| Researched-by: Michael Kaufmann |
| |
| - test1268: check the stderr output as "text" |
| |
| Follow-up to 099f37e9c57 |
| |
| Pointed-out-by: Marcel Raad |
| |
| - urldata: remove unused pipe_broke struct field |
| |
| This struct field is never set TRUE in any existing code path. This |
| change removes the field completely. |
| |
| Closes #2871 |
| |
| - curl: warn the user if a given file name looks like an option |
| |
| ... simply because this is usually a sign of the user having omitted the |
| file name and the next option is instead "eaten" by the parser as a file |
| name. |
| |
| Add test1268 to verify |
| |
| Closes #2885 |
| |
| - http2: check nghttp2_session_set_stream_user_data return code |
| |
| Might help bug #2688 debugging |
| |
| Closes #2880 |
| |
| - travis: revert back to gcc-7 for coverage builds |
| |
| ... since the gcc-8 ones seem to fail frequently. |
| |
| Follow-up from b85207199544ca |
| |
| Closes #2886 |
| |
| - RELEASE-NOTES: synced |
| |
| ... and now listed in alphabetical order! |
| |
| - [Adrien brought this change] |
| |
| CMake: CMake config files are defining CURL_STATICLIB for static builds |
| |
| This change allows to use the CMake config files generated by Curl's |
| CMake scripts for static builds of the library. |
| The symbol CURL_STATIC lib must be defined to compile downstream, |
| thus the config package is the perfect place to do so. |
| |
| Fixes #2817 |
| Closes #2823 |
| Reported-by: adnn on github |
| Reviewed-by: Sergei Nikulov |
| |
| - TODO: host name sections in config files |
| |
| Kamil Dudka (14 Aug 2018) |
| - ssh-libssh: fix infinite connect loop on invalid private key |
| |
| Added test 656 (based on test 604) to verify the fix. |
| |
| Bug: https://bugzilla.redhat.com/1595135 |
| |
| Closes #2879 |
| |
| - ssh-libssh: reduce excessive verbose output about pubkey auth |
| |
| The verbose message "Authentication using SSH public key file" was |
| printed each time the ssh_userauth_publickey_auto() was called, which |
| meant each time a packet was transferred over network because the API |
| operates in non-blocking mode. |
| |
| This patch makes sure that the verbose message is printed just once |
| (when the authentication state is entered by the SSH state machine). |
| |
| Daniel Stenberg (14 Aug 2018) |
| - travis: disable h2 torture tests for "coverage" |
| |
| Since they started to fail almost 100% since a few days. |
| |
| Closes #2876 |
| |
| Marcel Raad (14 Aug 2018) |
| - travis: update to GCC 8 |
| |
| Closes https://github.com/curl/curl/pull/2869 |
| |
| Daniel Stenberg (13 Aug 2018) |
| - http: fix for tiny "HTTP/0.9" response |
| |
| Deal with tiny "HTTP/0.9" (header-less) responses by checking the |
| status-line early, even before a full "HTTP/" is received to allow |
| detecting 0.9 properly. |
| |
| Test 1266 and 1267 added to verify. |
| |
| Fixes #2420 |
| Closes #2872 |
| |
| Kamil Dudka (13 Aug 2018) |
| - docs: add disallow-username-in-url.d and haproxy-protocol.d on the list |
| |
| ... to make make the files appear in distribution tarballs |
| |
| Closes #2856 |
| |
| - .travis.yml: verify that man pages can be regenerated |
| |
| ... when curl is built from distribution tarball |
| |
| Closes #2856 |
| |
| Marcel Raad (11 Aug 2018) |
| - Split non-portable part off test 1133 |
| |
| Split off testing file names with double quotes into new test 1158. |
| Disable it for MSYS using a precheck as it doesn't support file names |
| with double quotes (but Cygwin does, for example). |
| |
| Fixes https://github.com/curl/curl/issues/2796 |
| Closes https://github.com/curl/curl/pull/2854 |
| |
| Jay Satiro (11 Aug 2018) |
| - projects: Improve Windows perl detection in batch scripts |
| |
| - Determine if perl is in the user's PATH by running perl.exe. |
| |
| Prior to this change detection was done by checking the PATH for perl/ |
| but that did not work in all cases (eg git install includes perl but |
| not in perl/ path). |
| |
| Bug: https://github.com/curl/curl/pull/2865 |
| Reported-by: Daniel Jeliński |
| |
| - [Michael Kaufmann brought this change] |
| |
| docs: Improve the manual pages of some callbacks |
| |
| - CURLOPT_HEADERFUNCTION: add newlines |
| - CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata' |
| - CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA |
| - CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain |
| how to set it |
| |
| Closes https://github.com/curl/curl/pull/2868 |
| |
| Marcel Raad (11 Aug 2018) |
| - GCC: silence -Wcast-function-type uniformly |
| |
| Pointed-out-by: Rikard Falkeborn |
| Closes https://github.com/curl/curl/pull/2860 |
| |
| - Silence GCC 8 cast-function-type warnings |
| |
| On Windows, casting between unrelated function types is fine and |
| sometimes even necessary, so just use an intermediate cast to |
| (void (*) (void)) to silence the warning as described in [0]. |
| |
| [0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html |
| |
| Closes https://github.com/curl/curl/pull/2860 |
| |
| Daniel Stenberg (11 Aug 2018) |
| - CURLINFO_SIZE_UPLOAD: fix missing counter update |
| |
| Adds test 1522 for verification. |
| |
| Reported-by: cjmsoregan |
| Fixes #2847 |
| Closes #2864 |
| |
| - [Daniel Jelinski brought this change] |
| |
| Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug |
| |
| Closes #2867 |
| |
| - RELEASE-NOTES: synced |
| |
| - openssl: fix potential NULL pointer deref in is_pkcs11_uri |
| |
| Follow-up to 298d2565e |
| Coverity CID 1438387 |
| |
| Marcel Raad (10 Aug 2018) |
| - travis: execute "set -eo pipefail" for coverage build |
| |
| Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and |
| 0b87c963252d3504552ee0c8cf4402bd65a80af5. |
| |
| Closes https://github.com/curl/curl/pull/2862 |
| |
| Daniel Stenberg (10 Aug 2018) |
| - lib1502: fix memory leak in torture test |
| |
| Reported-by: Marcel Raad |
| Fixes #2861 |
| Closes #2863 |
| |
| - docs: mention NULL is fine input to several functions |
| |
| Fixes #2837 |
| Closes #2858 |
| Reported-by: Markus Elfring |
| |
| - [Bas van Schaik brought this change] |
| |
| README.md: add LGTM.com code quality grade for C/C++ |
| |
| Closes #2857 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| test1531: Add timeout |
| |
| Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is |
| looping going on, we might as well add timing instead of removing it. |
| |
| Closes #2853 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| test1540: Remove unused macro TEST_HANG_TIMEOUT |
| |
| The macro has never been used, and it there is not really any place |
| where it would make sense to add timing checks. |
| |
| Closes #2852 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| asyn-thread: Remove unused macro |
| |
| The macro seems to never have been used. |
| |
| Closes #2852 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| http_proxy: Remove unused macro SELECT_TIMEOUT |
| |
| Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22. |
| |
| Closes #2852 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT |
| |
| Its usage was removed in |
| 84ad1fd3047815f9c6e78728bb351b828eac10b1. |
| |
| Closes #2852 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| telnet: Remove unused macros TELOPTS and TELCMDS |
| |
| Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51. |
| |
| Closes #2852 |
| |
| - [Daniel Jelinski brought this change] |
| |
| openssl: fix debug messages |
| |
| Fixes #2806 |
| Closes #2843 |
| |
| - configure: fix for -lpthread detection with OpenSSL and pkg-config |
| |
| ... by making sure it uses the -I provided by pkg-config! |
| |
| Reported-by: pszemus on github |
| Fixes #2848 |
| Closes #2850 |
| |
| - RELEASE-NOTES: synced |
| |
| - windows: follow up to the buffer-tuning 1ba1dba7 |
| |
| Somehow I didn't include the amended version of the previous fix. This |
| is the missing piece. |
| |
| Pointed-out-by: Viktor Szakats |
| |
| - [Daniel Jelinski brought this change] |
| |
| windows: implement send buffer tuning |
| |
| Significantly enhances upload performance on modern Windows versions. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html |
| Closes #2762 |
| Fixes #2224 |
| |
| - [Anderson Toshiyuki Sasaki brought this change] |
| |
| ssl: set engine implicitly when a PKCS#11 URI is provided |
| |
| This allows the use of PKCS#11 URI for certificates and keys without |
| setting the corresponding type as "ENG" and the engine as "pkcs11" |
| explicitly. If a PKCS#11 URI is provided for certificate, key, |
| proxy_certificate or proxy_key, the corresponding type is set as "ENG" |
| if not provided and the engine is set to "pkcs11" if not provided. |
| |
| Acked-by: Nikos Mavrogiannopoulos |
| Closes #2333 |
| |
| - [Ruslan Baratov brought this change] |
| |
| CMake: Respect BUILD_SHARED_LIBS |
| |
| Use standard CMake variable BUILD_SHARED_LIBS instead of introducing |
| custom option CURL_STATICLIB. |
| |
| Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml. |
| |
| Reviewed-by: Sergei Nikulov |
| Closes #2755 |
| |
| - [John Butterfield brought this change] |
| |
| cmake: bumped minimum version to 3.4 |
| |
| Closes #2753 |
| |
| - [John Butterfield brought this change] |
| |
| cmake: link curl to the OpenSSL targets instead of lib absolute paths |
| |
| Reviewed-by: Jakub Zakrzewski |
| Reviewed-by: Sergei Nikulov |
| Closes #2753 |
| |
| - travis: build darwinssl on macos 10.12 |
| |
| ... as building on 10.13.x before 10.13.4 leads to link errors. |
| |
| Assisted-by: Nick Zitzmann |
| Fixes #2835 |
| Closes #2845 |
| |
| - DEPRECATE: remove release date from 7.62.0 |
| |
| Since it will slip and the version is the important part there, not the |
| date. |
| |
| - lib/Makefile: only do symbol hiding if told to |
| |
| This restores the ability to build a static lib with |
| --disable-symbol-hiding to keep non-curl_ symbols. |
| |
| Researched-by: Dan Fandrich |
| Reported-by: Ran Mozes |
| Fixes #2830 |
| Closes #2831 |
| |
| Marcel Raad (2 Aug 2018) |
| - hostip: fix unused variable warning |
| |
| addresses is only used in an infof call, which is a macro expanding to |
| nothing if CURL_DISABLE_VERBOSE_STRINGS is set. |
| |
| Daniel Stenberg (2 Aug 2018) |
| - test1307: disabled |
| |
| Turns out that since we're using the native fnmatch function now when |
| available, and they simply disagree on a huge number of test patterns |
| that make it hard to test this function like this... |
| |
| Fixes #2825 |
| |
| - smb: don't mark it done in smb_do |
| |
| Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its |
| doing function too, which requires smb_do() to not mark itself as |
| done... |
| |
| Closes #2822 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| general: fix printf specifiers |
| |
| Closes #2818 |
| |
| - RELEASE-NOTES: synced |
| |
| - mailmap: Daniel Jelinski |
| |
| - [Harry Sintonen brought this change] |
| |
| HTTP: Don't attempt to needlessly decompress redirect body |
| |
| This change fixes a regression where redirect body would needlessly be |
| decompressed even though it was to be ignored anyway. As it happens this |
| causes secondary issues since there appears to be a bug in apache2 that |
| it in certain conditions generates a corrupt zlib response. The |
| regression was created by commit: |
| dbcced8e32b50c068ac297106f0502ee200a1ebd |
| |
| Discovered-by: Harry Sintonen |
| Closes #2798 |
| |
| - curl: use Content-Disposition before the "URL end" for -OJ |
| |
| Regression introduced in 7.61.0 |
| |
| Reported-by: Thomas Klausner |
| Fixes #2783 |
| Closes #2813 |
| |
| - [Daniel Jelinski brought this change] |
| |
| retry: return error if rewind was necessary but didn't happen |
| |
| Fixes #2801 |
| Closes #2812 |
| |
| - http2: clear the drain counter in Curl_http2_done |
| |
| Reported-by: Andrei Virtosu |
| Fixes #2800 |
| Closes #2809 |
| |
| - smb: fix memory leak on early failure |
| |
| ... by making sure connection related data (->share) is stored in the |
| connection and not in the easy handle. |
| |
| Detected by OSS-fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369 |
| Fixes #2769 |
| Closes #2810 |
| |
| - travis: run a 'make checksrc' too |
| |
| ... to make sure the examples are all checked. |
| |
| Closes #2811 |
| |
| Jay Satiro (29 Jul 2018) |
| - examples/ephiperfifo: checksrc compliance |
| |
| - [Michael Kaufmann brought this change] |
| |
| sws: handle EINTR when calling select() |
| |
| Closes https://github.com/curl/curl/pull/2808 |
| |
| Daniel Stenberg (29 Jul 2018) |
| - test1157: follow-up to 35ecffb9 |
| |
| Ignore the user-agent line. |
| Pointed-out-by: Marcel Raad |
| |
| Michael Kaufmann (29 Jul 2018) |
| - tests/http_pipe.py: Use /usr/bin/env to find python |
| |
| Daniel Stenberg (28 Jul 2018) |
| - TODO: Support Authority Information Access certificate extension (AIA) |
| |
| Closes #2793 |
| |
| - conn_free: updated comment to clarify |
| |
| Let's call it disassociate instead of disconnect since the latter term |
| is used so much for (TCP) connections already. |
| |
| - test1157: test -H from empty file |
| |
| Verifies bugfix #2797 |
| |
| - [Tobias Blomberg brought this change] |
| |
| curl: Fix segfault when -H @headerfile is empty |
| |
| The curl binary would crash if the -H command line option was given a |
| filename to read using the @filename syntax but that file was empty. |
| |
| Closes #2797 |
| |
| - mime: check Curl_rand_hex's return code |
| |
| Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html |
| Reported-by: Jeffrey Walton |
| Closes #2795 |
| |
| - [Josh Bialkowski brought this change] |
| |
| docs/examples: add hiperfifo example using linux epoll/timerfd |
| |
| Closes #2804 |
| |
| - [Darío Hereñú brought this change] |
| |
| docs/INSTALL.md: minor formatting fixes |
| |
| Closes #2794 |
| |
| - [Christopher Head brought this change] |
| |
| docs/CURLOPT_URL: fix indentation |
| |
| The statement, “The application does not have to keep the string around |
| after setting this option,” appears to be indented under the RTMP |
| paragraph. It actually applies to all protocols, not just RTMP. |
| Eliminate the extra indentation. |
| |
| Closes #2788 |
| |
| - [Christopher Head brought this change] |
| |
| docs/CURLOPT_WRITEFUNCTION: size is always 1 |
| |
| For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is |
| passed two `size_t` parameters which, when multiplied, designate the |
| number of bytes of data passed in. In practice, CURL always sets the |
| first parameter (`size`) to 1. |
| |
| This practice is also enshrined in documentation and cannot be changed |
| in future. The documentation states that the default callback is |
| `fwrite`, which means `fwrite` must be a suitable function for this |
| purpose. However, the documentation also states that the callback must |
| return the number of *bytes* it successfully handled, whereas ISO C |
| `fwrite` returns the number of items (each of size `size`) which it |
| wrote. The only way these numbers can be equal is if `size` is 1. |
| |
| Since `size` is 1 and can never be changed in future anyway, document |
| that fact explicitly and let users rely on it. |
| |
| Closes #2787 |
| |
| - [Carie Pointer brought this change] |
| |
| wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random |
| |
| RNG structure must be freed by call to FreeRng after its use in |
| Curl_cyassl_random. This call fixes Valgrind failures when running the |
| test suite with wolfSSL. |
| |
| Closes #2784 |
| |
| - [Even Rouault brought this change] |
| |
| reuse_conn(): free old_conn->options |
| |
| This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with |
| connection reuse. |
| |
| I found this with oss-fuzz on GDAL and curl master: |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582 |
| I couldn't reproduce with the oss-fuzz original test case, but looking |
| at curl source code pointed to this well reproducable leak. |
| |
| Closes #2790 |
| |
| Marcel Raad (25 Jul 2018) |
| - [Daniel Jelinski brought this change] |
| |
| system_win32: fix version checking |
| |
| In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false |
| when run on windows 10.0. This patch addresses that error. |
| |
| Closes https://github.com/curl/curl/pull/2792 |
| |
| Daniel Stenberg (24 Jul 2018) |
| - [Johannes Schindelin brought this change] |
| |
| auth: pick Bearer authentication whenever a token is available |
| |
| So far, the code tries to pick an authentication method only if |
| user/password credentials are available, which is not the case for |
| Bearer authentictation... |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| Closes #2754 |
| |
| - [Johannes Schindelin brought this change] |
| |
| auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token |
| |
| The Bearer authentication was added to cURL 7.61.0, but there is a |
| problem: if CURLAUTH_ANY is selected, and the server supports multiple |
| authentication methods including the Bearer method, we strongly prefer |
| that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer |
| authentication fails, we will never even try to attempt any other |
| method. |
| |
| This is particularly unfortunate when we already know that we do not |
| have any Bearer token to work with. |
| |
| Such a scenario happens e.g. when using Git to push to Visual Studio |
| Team Services (which supports Basic and Bearer authentication among |
| other methods) and specifying the Personal Access Token directly in the |
| URL (this aproach is frequently taken by automated builds). |
| |
| Let's make sure that we have a Bearer token to work with before we |
| select the Bearer authentication among the available authentication |
| methods. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| Closes #2754 |
| |
| Marcel Raad (22 Jul 2018) |
| - test320: treat curl320.out file as binary |
| |
| Otherwise, LF line endings are converted to CRLF on Windows, |
| but no conversion is done for the reply, so the test case fails. |
| |
| Closes https://github.com/curl/curl/pull/2776 |
| |
| Daniel Stenberg (22 Jul 2018) |
| - vtls: set conn->data when closing TLS |
| |
| Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS |
| layer for a connection still needs a Curl_easy handle for the session_id |
| cache etc. |
| |
| Fixes #2764 |
| Closes #2771 |
| |
| Marcel Raad (21 Jul 2018) |
| - tests: fixes for Windows line endlings |
| |
| Set mode="text" when line endings depend on the system representation. |
| |
| Closes https://github.com/curl/curl/pull/2772 |
| |
| - test214: disable MSYS2's POSIX path conversion for URL |
| |
| By default, the MSYS2 bash converts all backslashes to forward slashes |
| in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass. |
| |
| Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces |
| |
| Daniel Stenberg (20 Jul 2018) |
| - http2: several cleanups |
| |
| - separate easy handle from connections better |
| - added asserts on a number of places |
| - added sanity check of pipelines for debug builds |
| |
| Closes #2751 |
| |
| - smb_getsock: always wait for write socket too |
| |
| ... the protocol is doing read/write a lot, so it needs to write often |
| even when downloading. A more proper fix could check for eactly when it |
| wants to write and only ask for it then. |
| |
| Without this fix, an SMB download could easily get stuck when the event-driven |
| API was used. |
| |
| Closes #2768 |
| |
| Marcel Raad (20 Jul 2018) |
| - test1143: disable MSYS2's POSIX path conversion |
| |
| By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143 |
| as a POSIX file list and converts it to a Windows file list. |
| Disable this with MSYS2_ARG_CONV_EXCL for the test to pass. |
| |
| Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces |
| Closes https://github.com/curl/curl/pull/2765 |
| |
| Daniel Stenberg (18 Jul 2018) |
| - RELEASE-NOTES: sync |
| |
| ... and work toward 7.61.1 |
| |
| - [Ruslan Baratov brought this change] |
| |
| CMake: Update scripts to use consistent style |
| |
| Closes #2727 |
| Reviewed-by: Sergei Nikulov |
| |
| - header output: switch off all styles, not just unbold |
| |
| ... the "unbold" sequence doesn't work on the mac Terminal. |
| |
| Reported-by: Zero King |
| Fixes #2736 |
| Closes #2738 |
| |
| Nick Zitzmann (14 Jul 2018) |
| - [Rodger Combs brought this change] |
| |
| darwinssl: add support for ALPN negotiation |
| |
| Marcel Raad (14 Jul 2018) |
| - test1422: add required file feature |
| |
| curl configured with --enable-debug --disable-file currently complains |
| on test1422: |
| Info: Protocol "file" not supported or disabled in libcurl |
| |
| Make test1422 dependend on enabled FILE protocol to fix this. |
| |
| Fixes https://github.com/curl/curl/issues/2741 |
| Closes https://github.com/curl/curl/pull/2742 |
| |
| Patrick Monnerat (12 Jul 2018) |
| - content_encoding: accept up to 4 unknown trailer bytes after raw deflate data |
| |
| Some servers issue raw deflate data that may be followed by an undocumented |
| trailer. This commit makes curl tolerate such a trailer of up to 4 bytes |
| before considering the data is in error. |
| |
| Reported-by: clbr on github |
| Fixes #2719 |
| |
| Daniel Stenberg (12 Jul 2018) |
| - smb: fix memory-leak in URL parse error path |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369 |
| Closes #2740 |
| |
| Marcel Raad (12 Jul 2018) |
| - schannel: enable CALG_TLS1PRF for w32api >= 5.1 |
| |
| The definition of CALG_TLS1PRF has been fixed in the 5.1 branch: |
| https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5 |
| |
| Daniel Stenberg (12 Jul 2018) |
| - docs/SECURITY-PROCESS: mention bounty, drop pre-notify |
| |
| + The hackerone bounty and its process |
| |
| - We don't and can't handle pre-notification |
| |
| - multi: always do the COMPLETED procedure/state |
| |
| It was previously erroneously skipped in some situations. |
| |
| libtest/libntlmconnect.c wrongly depended on wrong behavior (that it |
| would get a zero timeout) when no handles are "running" in a multi |
| handle. That behavior is no longer present with this fix. Now libcurl |
| will always return a -1 timeout when all handles are completed. |
| |
| Closes #2733 |
| |
| - Curl_getoff_all_pipelines: improved for multiplexed |
| |
| On multiplexed connections, transfers can be removed from anywhere not |
| just at the head as for pipelines. |
| |
| - ares: check for NULL in completed-callback |
| |
| - conn: remove the boolean 'inuse' field |
| |
| ... as the usage needs to be counted. |
| |
| - [Paul Howarth brought this change] |
| |
| openssl: assume engine support in 1.0.0 or later |
| |
| Commit 38203f1585da changed engine detection to be version-based, |
| with a baseline of openssl 1.0.1. This does in fact break builds |
| with openssl 1.0.0, which has engine support - the configure script |
| detects that ENGINE_cleanup() is available - but <openssl/engine.h> |
| doesn't get included to declare it. |
| |
| According to upstream documentation, engine support was added to |
| mainstream openssl builds as of version 0.9.7: |
| https://github.com/openssl/openssl/blob/master/README.ENGINE |
| |
| This commit drops the version test down to 1.0.0 as version 1.0.0d |
| is the oldest version I have to test with. |
| |
| Closes #2732 |
| |
| Marcel Raad (11 Jul 2018) |
| - schannel: fix MinGW compile break |
| |
| Original MinGW's w32api has a sytax error in its definition of |
| CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF |
| until this bug [1] is fixed. |
| |
| [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h |
| [1] https://osdn.net/projects/mingw/ticket/38391 |
| |
| Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043 |
| Closes https://github.com/curl/curl/pull/2728 |
| |
| Daniel Stenberg (11 Jul 2018) |
| - examples/crawler.c: move #ifdef to column 0 |
| |
| Apparently the C => HTML converter on the web site doesn't quite like it |
| otherwise. |
| |
| Reported-by: Jeroen Ooms |
| |
| Version 7.61.0 (11 Jul 2018) |
| |
| Daniel Stenberg (11 Jul 2018) |
| - release: 7.61.0 |
| |
| - TODO: Configurable loading of OpenSSL configuration file |
| |
| Closes #2724 |
| |
| - post303.d: clarify that this is an RFC violation |
| |
| ... and not the other way around, which this previously said. |
| |
| Reported-by: Vasiliy Faronov |
| Fixes #2723 |
| Closes #2726 |
| |
| - [Ruslan Baratov brought this change] |
| |
| CMake: remove redundant and old end-of-block syntax |
| |
| Reviewed-by: Jakub Zakrzewski |
| Closes #2715 |
| |
| Jay Satiro (9 Jul 2018) |
| - lib/curl_setup.h: remove unicode character |
| |
| Follow-up to 82ce416. |
| |
| Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818 |
| |
| Daniel Stenberg (9 Jul 2018) |
| - lib/curl_setup.h: remove unicode bom from 8272ec50f02 |
| |
| Marcel Raad (9 Jul 2018) |
| - schannel: fix -Wsign-compare warning |
| |
| MinGW warns: |
| /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in |
| conditional expression [-Wsign-compare] |
| |
| Fix this by casting the ptrdiff_t to size_t as we know it's positive. |
| |
| Closes https://github.com/curl/curl/pull/2721 |
| |
| - schannel: workaround for wrong function signature in w32api |
| |
| Original MinGW's w32api has CryptHashData's second parameter as BYTE * |
| instead of const BYTE *. |
| |
| Closes https://github.com/curl/curl/pull/2721 |
| |
| - schannel: make more cipher options conditional |
| |
| They are not defined in the original MinGW's <wincrypt.h>. |
| |
| Closes https://github.com/curl/curl/pull/2721 |
| |
| - curl_setup: include <winerror.h> before <windows.h> |
| |
| Otherwise, only part of it gets pulled in through <windows.h> on |
| original MinGW. |
| |
| Fixes https://github.com/curl/curl/issues/2361 |
| Closes https://github.com/curl/curl/pull/2721 |
| |
| - examples: fix -Wformat warnings |
| |
| When size_t is not a typedef for unsigned long (as usually the case on |
| Windows), GCC emits -Wformat warnings when using lu and lx format |
| specifiers with size_t. Silence them with explicit casts to |
| unsigned long. |
| |
| Closes https://github.com/curl/curl/pull/2721 |
| |
| Daniel Stenberg (9 Jul 2018) |
| - smtp: use the upload buffer size for scratch buffer malloc |
| |
| ... not the read buffer size, as that can be set smaller and thus cause |
| a buffer overflow! CVE-2018-0500 |
| |
| Reported-by: Peter Wu |
| Bug: https://curl.haxx.se/docs/adv_2018-70a2.html |
| |
| - [Dave Reisner brought this change] |
| |
| scripts: include _curl as part of CLEANFILES |
| |
| Closes #2718 |
| |
| - [Nick Zitzmann brought this change] |
| |
| darwinssl: allow High Sierra users to build the code using GCC |
| |
| ...but GCC users lose out on TLS 1.3 support, since we can't weak-link |
| enumeration constants. |
| |
| Fixes #2656 |
| Closes #2703 |
| |
| - [Ruslan Baratov brought this change] |
| |
| CMake: Remove unused 'output_var' from 'collect_true' |
| |
| Variable 'output_var' is not used and can be removed. |
| Function 'collect_true' renamed to 'count_true'. |
| |
| - [Ruslan Baratov brought this change] |
| |
| CMake: Remove unused functions |
| |
| Closes #2711 |
| |
| - KNOWN_BUGS: Stick to same family over SOCKS proxy |
| |
| - libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE |
| |
| ... because otherwise not everything get closed down correctly. |
| |
| Fixes #2708 |
| Closes #2712 |
| |
| - libssh: include line number in state change debug messages |
| |
| Closes #2713 |
| |
| - KNOWN_BUGS: Borland support is dropped, AIX problem is too old |
| |
| - [Jeroen Ooms brought this change] |
| |
| example/crawler.c: simple crawler based on libxml2 |
| |
| Closes #2706 |
| |
| - RELEASE-NOTES: synced |
| |
| - DEPRECATE: include year when specifying date |
| |
| - DEPRECATE: linkified |
| |
| - DEPRECATE: mention the PR that disabled axTLS |
| |
| - docs/DEPRECATE.md: spelling and minor formatting |
| |
| - DEPRECATE: new doc describing planned item removals |
| |
| Closes #2704 |
| |
| - [Gisle Vanem brought this change] |
| |
| telnet: fix clang warnings |
| |
| telnet.c(1401,28): warning: cast from function call of type 'int' to |
| non-matching type 'HANDLE' (aka 'void *') [-Wbad-function-cast] |
| |
| Fixes #2696 |
| Closes #2700 |
| |
| - docs: fix missed option name markups |
| |
| - [Gaurav Malhotra brought this change] |
| |
| openssl: Remove some dead code |
| |
| Closes #2698 |
| |
| - openssl: make the requested TLS version the *minimum* wanted |
| |
| The code treated the set version as the *exact* version to require in |
| the TLS handshake, which is not what other TLS backends do and probably |
| not what most people expect either. |
| |
| Reported-by: Andreas Olsson |
| Assisted-by: Gaurav Malhotra |
| Fixes #2691 |
| Closes #2694 |
| |
| - RELEASE-NOTES: synced |
| |
| - openssl: allow TLS 1.3 by default |
| |
| Reported-by: Andreas Olsson |
| Fixes #2692 |
| Closes #2693 |
| |
| - [Adrian Peniak brought this change] |
| |
| CURLINFO_TLS_SSL_PTR.3: improve the example |
| |
| The previous example was a little bit confusing, because SSL* structure |
| (or other "in use" SSL connection pointer) is not accessible after the |
| transfer is completed, therefore working with the raw TLS library |
| specific pointer needs to be done during transfer. |
| |
| Closes #2690 |
| |
| - travis: add a build using the synchronous name resolver |
| |
| ... since default uses the threaded one and we test the c-ares build |
| already. |
| |
| Closes #2689 |
| |
| - configure: remove CURL_CHECK_NI_WITHSCOPEID too |
| |
| Since it isn't used either and requires the getnameinfo check |
| |
| Follow-up to 0aeca41702d2 |
| |
| - getnameinfo: not used |
| |
| Closes #2687 |
| |
| - easy_perform: use *multi_timeout() to get wait times |
| |
| ... and trim the threaded Curl_resolver_getsock() to return zero |
| millisecond wait times during the first three milliseconds so that |
| localhost or names in the OS resolver cache gets detected and used |
| faster. |
| |
| Closes #2685 |
| |
| Max Dymond (27 Jun 2018) |
| - configure: Add dependent libraries after crypto |
| |
| The linker is pretty dumb and processes things left to right, keeping a |
| tally of symbols it hasn't resolved yet. So, we need -ldl to appear |
| after -lcrypto otherwise the linker won't find the dl functions. |
| |
| Closes #2684 |
| |
| Daniel Stenberg (27 Jun 2018) |
| - GOVERNANCE: linkify, changed some titles |
| |
| - GOVERNANCE: add maintainer details/duties |
| |
| - url: check Curl_conncache_add_conn return code |
| |
| ... it was previously unchecked in two places and thus errors could |
| remain undetected and cause trouble. |
| |
| Closes #2681 |
| |
| - include/README: remove "hacking" advice, not the right place |
| |
| - RELEASE-NOTES: synced |
| |
| - CURLOPT_SSL_VERIFYPEER.3: fix syntax mistake |
| |
| Follow-up to b6a16afa0aa5 |
| |
| - netrc: use a larger buffer |
| |
| ... to work with longer passwords etc. Grow it from a 256 to a 4096 |
| bytes buffer. |
| |
| Reported-by: Dario Nieuwenhuis |
| Fixes #2676 |
| Closes #2680 |
| |
| - [Patrick Schlangen brought this change] |
| |
| CURLOPT_SSL_VERIFYPEER.3: Add performance note |
| |
| Closes #2673 |
| |
| - [Javier Blazquez brought this change] |
| |
| multi: fix crash due to dangling entry in connect-pending list |
| |
| Fixes #2677 |
| Closes #2679 |
| |
| - ConnectionExists: make sure conn->data is set when "taking" a connection |
| |
| Follow-up to 2c15693. |
| |
| Bug #2674 |
| Closes #2675 |
| |
| - [Kevin R. Bulgrien brought this change] |
| |
| system.h: fix for gcc on 32 bit OpenServer |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-06/0100.html |
| |
| - [Raphael Gozzo brought this change] |
| |
| cmake: allow multiple SSL backends |
| |
| This will make possible to select the SSL backend (using |
| curl_global_sslset()) even when the libcurl is built using CMake |
| |
| Closes #2665 |
| |
| - url: fix dangling conn->data pointer |
| |
| By masking sure to use the *current* easy handle with extracted |
| connections from the cache, and make sure to NULLify the ->data pointer |
| when the connection is put into the cache to make this mistake easier to |
| detect in the future. |
| |
| Reported-by: Will Dietz |
| Fixes #2669 |
| Closes #2672 |
| |
| - CURLOPT_INTERFACE.3: interface names not supported on Windows |
| |
| - travis: run more tests for coverage check |
| |
| ... run a few more tortured based and run all tests event-based. |
| |
| Closes #2664 |
| |
| - multi: fix memory leak when stopped during name resolve |
| |
| When the application just started the transfer and then stops it while |
| the name resolve in the background thread hasn't completed, we need to |
| wait for the resolve to complete and then cleanup data accordingly. |
| |
| Enabled test 1553 again and added test 1590 to also check when the host |
| name resolves successfully. |
| |
| Detected by OSS-fuzz. |
| Closes #1968 |
| |
| Viktor Szakats (15 Jun 2018) |
| - maketgz: delete .bak files, fix indentation |
| |
| Ref: https://github.com/curl/curl/pull/2660 |
| |
| Closes https://github.com/curl/curl/pull/2662 |
| |
| Daniel Stenberg (15 Jun 2018) |
| - runtests.pl: remove debug leftover from bb9a340c73f3 |
| |
| - curl-confopts.m4: fix typo from ed224f23d5beb |
| |
| Fixes my local configure to detect a custom installed c-ares without |
| pkgconfig. |
| |
| - docs/RELEASE-PROCEDURE.md: renamed to use .md extension |
| |
| Closes #2663 |
| |
| - RELEASE-PROCEDURE: gpg sign the tags |
| |
| - RELEASE-NOTES: synced |
| |
| - CURLOPT_HTTPAUTH.3: CURLAUTH_BEARER was added in 7.61.0 |
| |
| - [Mamta Upadhyay brought this change] |
| |
| maketgz: fix sed issues on OSX |
| |
| maketgz creates release tarballs and removes the -DEV string in curl |
| version (e.g. 7.58.0-DEV), else -DEV shows up on command line when curl |
| is run. maketgz works fine on linux but fails on OSX. Problem is with |
| the sed commands that use option -i without an extension. Maketgz |
| expects GNU sed instead of BSD and this simply won't work on OSX. Adding |
| a backup extension .bak after -i fixes this issue |
| |
| Running the script as if on OSX gives this error: |
| |
| sed: -e: No such file or directory |
| |
| Adding a .bak extension resolves it |
| |
| Closes #2660 |
| |
| - configure: enhance ability to detect/build with static openssl |
| |
| Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for |
| building with static libs without pkg-config. |
| |
| Reported-by: Marcel Raad |
| Fixes #2199 |
| Closes #2659 |
| |
| - configure: use pkg-config for c-ares detection |
| |
| First check if there's c-ares information given as pkg-config info and use |
| that as first preference. |
| |
| Reported-by: pszemus on github |
| Fixes #2203 |
| Closes #2658 |
| |
| - GOVERNANCE.md: explains how this project is run |
| |
| Closes #2657 |
| |
| - KNOWN_BUGS: NTLM doen't support password with § character |
| |
| Closes #2120 |
| |
| - KNOWN_BUGS: slow connect to localhost on Windows |
| |
| Closes #2281 |
| |
| - [Matteo Bignotti brought this change] |
| |
| mk-ca-bundle.pl: make -u delete certdata.txt if found not changed |
| |
| certdata.txt should be deleted also when the process is interrupted by |
| "same certificate downloaded, exiting" |
| |
| The certdata.txt is currently kept on disk even if you give the -u |
| option |
| |
| Closes #2655 |
| |
| - progress: remove a set of unused defines |
| |
| Reported-by: Peter Wu |
| Closes #2654 |
| |
| - TODO: "Option to refuse usernames in URLs" done |
| |
| Implemented by Björn in 946ce5b61f |
| |
| - [Lyman Epp brought this change] |
| |
| Curl_init_do: handle NULL connection pointer passed in |
| |
| Closes #2653 |
| |
| - runtests: support variables in <strippart> |
| |
| ... and make use of that to make 1455 work better without using a fixed |
| local port number. |
| |
| Fixes #2649 |
| Closes #2650 |
| |
| - Curl_debug: remove dead printhost code |
| |
| The struct field is never set (since 5e0d9aea3) so remove the use of it |
| and remove the connectdata pointer from the prototype. |
| |
| Reported-by: Tejas |
| Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html |
| Closes #2647 |
| |
| Viktor Szakats (12 Jun 2018) |
| - schannel: avoid incompatible pointer warning |
| |
| with clang-6.0: |
| ``` |
| vtls/schannel_verify.c: In function 'add_certs_to_store': |
| vtls/schannel_verify.c:212:30: warning: passing argument 11 of 'CryptQueryObject' from incompatible pointer type [-Wincompatible-pointer-types] |
| &cert_context)) { |
| ^ |
| In file included from /usr/share/mingw-w64/include/schannel.h:10:0, |
| from /usr/share/mingw-w64/include/schnlsp.h:9, |
| from vtls/schannel.h:29, |
| from vtls/schannel_verify.c:40: |
| /usr/share/mingw-w64/include/wincrypt.h:4437:26: note: expected 'const void **' but argument is of type 'CERT_CONTEXT ** {aka struct _CERT_CONTEXT **}' |
| WINIMPM WINBOOL WINAPI CryptQueryObject (DWORD dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, |
| ^~~~~~~~~~~~~~~~ |
| ``` |
| Ref: https://msdn.microsoft.com/library/windows/desktop/aa380264 |
| |
| Closes https://github.com/curl/curl/pull/2648 |
| |
| Daniel Stenberg (12 Jun 2018) |
| - [Robert Prag brought this change] |
| |
| schannel: support selecting ciphers |
| |
| Given the contstraints of SChannel, I'm exposing these as the algorithms |
| themselves instead; while replicating the ciphersuite as specified by |
| OpenSSL would have been preferable, I found no way in the SChannel API |
| to do so. |
| |
| To use this from the commandline, you need to pass the names of contants |
| defining the desired algorithms. For example, curl --ciphers |
| "CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM" |
| https://github.com The specific names come from wincrypt.h |
| |
| Closes #2630 |
| |
| - [Bernhard M. Wiedemann brought this change] |
| |
| test 46: make test pass after 2025 |
| |
| shifting the expiry date to 2037 for now |
| to be before the possibly problematic year 2038 |
| |
| similar in spirit to commit e6293cf8764e9eecb |
| |
| Closes #2646 |
| |
| - [Marian Klymov brought this change] |
| |
| cppcheck: fix warnings |
| |
| - Get rid of variable that was generating false positive warning |
| (unitialized) |
| |
| - Fix issues in tests |
| |
| - Reduce scope of several variables all over |
| |
| etc |
| |
| Closes #2631 |
| |
| - openssl: assume engine support in 1.0.1 or later |
| |
| Previously it was checked for in configure/cmake, but that would then |
| leave other build systems built without engine support. |
| |
| While engine support probably existed prior to 1.0.1, I decided to play |
| safe. If someone experience a problem with this, we can widen the |
| version check. |
| |
| Fixes #2641 |
| Closes #2644 |
| |
| - RELEASE-NOTES: synced |
| |
| - RELEASE-PROCEDURE: update the release calendar for 2019 |
| |
| - [Gisle Vanem brought this change] |
| |
| boringssl + schannel: undef X509_NAME in lib/schannel.h |
| |
| Fixes the build problem when both boringssl and schannel are enabled. |
| |
| Fixes #2634 |
| Closes #2643 |
| |
| - [Vladimir Kotal brought this change] |
| |
| mk-ca-bundle.pl: leave certificate name untouched in decode() |
| |
| Closes #2640 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| tests/libtests/Makefile.am: Add lib1521.c to CLEANFILES |
| |
| This removes the generated lib1521.c when running make clean. |
| |
| Closes #2633 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| tests/libtest: Add lib1521 to nodist_SOURCES |
| |
| Since 467da3af0, lib1521.c is generated instead of checked in. According |
| to the commit message, the intention was to remove it from the tarball |
| as well. However, it is still present when running make dist. To remove |
| it, add it to nodist_lib1521_SOURCES. This also means there is no need |
| for the manually added dist-rule in the Makefile. |
| |
| Also update CMakelists.txt to handle the fact that we now may have |
| nodist_SOURCES. |
| |
| - [Stephan Mühlstrasser brought this change] |
| |
| system.h: add support for IBM xlc C compiler |
| |
| Added a section to system.h guarded with __xlc__ for the IBM xml C |
| compiler. Before this change the section titled 'generic "safe guess" on |
| old 32 bit style' was used, which resulted in a wrong definition of |
| CURL_TYPEOF_CURL_SOCKLEN_T, and for 64-bit also CURL_TYPEOF_CURL_OFF_T |
| was wrong. |
| |
| Compilation warnings fixed with this change: |
| |
| CC libcurl_la-ftp.lo |
| "ftp.c", line 290.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| "ftp.c", line 293.48: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| "ftp.c", line 1070.49: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| "ftp.c", line 1154.53: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| "ftp.c", line 1187.51: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| CC libcurl_la-connect.lo |
| "connect.c", line 448.56: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| "connect.c", line 516.66: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| "connect.c", line 687.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| "connect.c", line 696.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| CC libcurl_la-tftp.lo |
| "tftp.c", line 1115.33: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed. |
| |
| Closes #2637 |
| |
| - cmdline-opts/cert-type.d: mention "p12" as a recognized type as well |
| |
| Viktor Szakats (3 Jun 2018) |
| - spelling fixes |
| |
| Detected using the `codespell` tool (version 1.13.0). |
| |
| Also secure and fix an URL. |
| |
| Daniel Stenberg (2 Jun 2018) |
| - axtls: follow-up spell fix of comment |
| |
| - axTLS: not considered fit for use |
| |
| URL: https://curl.haxx.se/mail/lib-2018-06/0000.html |
| |
| This is step one. It adds #error statements that require source edits to |
| make curl build again if asked to use axTLS. At a later stage we might |
| remove the axTLS specific code completely. |
| |
| Closes #2628 |
| |
| - build: remove the Borland specific makefiles |
| |
| According to the user survey 2018, not even one out of 670 users use |
| them. Nobody on the mailing list spoke up for them either. |
| |
| Closes #2629 |
| |
| - curl_addrinfo: use same #ifdef conditions in source as header |
| |
| ... for curl_dofreeaddrinfo |
| |
| - multi: remove a DEBUGF() |
| |
| ... it might call infof() with a NULL first argument that isn't harmful |
| but makes it not do anything. The infof() line is not very useful |
| anymore, it has served it purpose. Good riddance! |
| |
| Fixes #2627 |
| |
| - [Alibek.Jorajev brought this change] |
| |
| CURLOPT_RESOLVE: always purge old entry first |
| |
| If there's an existing entry using the selected name. |
| |
| Closes #2622 |
| |
| - fnmatch: use the system one if available |
| |
| If configure detects fnmatch to be available, use that instead of our |
| custom one for FTP wildcard pattern matching. For standard compliance, |
| to reduce our footprint and to use already well tested and well |
| exercised code. |
| |
| A POSIX fnmatch behaves slightly different than the internal function |
| for a few test patterns currently and the macOS one yet slightly |
| different. Test case 1307 is adjusted for these differences. |
| |
| Closes #2626 |
| |
| Patrick Monnerat (31 May 2018) |
| - os400: add new option in ILE/RPG binding |
| |
| Follow-up to commit 946ce5b |
| |
| Daniel Stenberg (31 May 2018) |
| - tests/libtest/.gitignore: follow-up fix to ignore lib5* too |
| |
| - KNOWN_BUGS: CURL_GLOBAL_SSL |
| |
| Closes #2276 |
| |
| - [Bernhard Walle brought this change] |
| |
| configure: check for declaration of getpwuid_r |
| |
| On our x86 Android toolchain, getpwuid_r is implemented but the header |
| is missing: |
| |
| netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration] |
| |
| Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved |
| the prototype to curl_setup.h. |
| |
| Signed-off-by: Bernhard Walle <bernhard@bwalle.de> |
| Closes #2609 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| tests: update .gitignore for libtests |
| |
| Closes #2624 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| strictness: correct {infof, failf} format specifiers |
| |
| Closes #2623 |
| |
| - [Björn Stenberg brought this change] |
| |
| option: disallow username in URL |
| |
| Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes |
| libcurl reject URLs with a username in them. |
| |
| Closes #2340 |
| |
| - libcurl-security.3: improved layout for two rememdy lists |
| |
| - libcurl-security.3: refer to URL instead of in-source markdown file |
| |
| Viktor Szakats (30 May 2018) |
| - curl.rc: embed manifest for correct Windows version detection |
| |
| * enable it in `src/Makefile.m32` |
| * enable it in `winbuild/MakefileBuild.vc` if a custom manifest is |
| _not_ enabled via the existing `EMBED_MANIFEST` option |
| * enable it for all Windows CMake builds (also disable the built-in |
| minimal manifest, added by CMake by default.) |
| |
| For other build systems, add the `-DCURL_EMBED_MANIFEST` option to |
| the list of RC (Resource Compiler) flags to enable the manifest |
| included in `src/curl.rc`. This may require to disable whatever |
| automatic or other means in which way another manifest is added to |
| `curl.exe`. |
| |
| Notice that Borland C doesn't support this method due to a |
| long-pending resource compiler bug. Watcom C may also not handle |
| it correctly when the `-zm` `wrc` option is used (this option may |
| be unnecessary though) and regardless of options in certain earlier |
| revisions of the 2.0 beta version. |
| |
| Closes https://github.com/curl/curl/pull/1221 |
| Fixes https://github.com/curl/curl/issues/2591 |
| |
| Patrick Monnerat (30 May 2018) |
| - os400: sync EBCDIC wrappers and ILE/RPG binding with latest options |
| |
| - os400: implement mime api EBCDIC wrappers |
| |
| Also sync ILE/RPG binding to define the new functions. |
| |
| Daniel Stenberg (29 May 2018) |
| - setopt: add TLS 1.3 ciphersuites |
| |
| Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. |
| |
| curl: added --tls13-ciphers and --proxy-tls13-ciphers |
| |
| Fixes #2435 |
| Reported-by: zzq1015 on github |
| Closes #2607 |
| |
| - configure: override AR_FLAGS to silence warning |
| |
| The automake default ar flags are 'cru', but the 'u' flag in there |
| causes warnings on many modern Linux distros. Removing 'u' may have a |
| minor performance impact on older distros but should not cause harm. |
| |
| Explained on the automake mailing list already back in April 2015: |
| |
| https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html |
| |
| Reported-by: elephoenix on github |
| Fixes #2617 |
| Closes #2619 |
| |
| Sergei Nikulov (29 May 2018) |
| - cmake: fixed comments in compile checks code |
| |
| Daniel Stenberg (29 May 2018) |
| - INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib |
| |
| ... the older description doesn't work |
| |
| Reported-by: Peter Varga |
| Fixes #2615 |
| Closes #2616 |
| |
| - [Will Dietz brought this change] |
| |
| KNOWN_BUGS: restore text regarding #2101. |
| |
| This was added earlier but appears to have been removed accidentally. |
| |
| AFAICT this is very much still an issue. |
| |
| ----- |
| |
| I say "accidentally" because the text seems to have harmlessly snuck |
| into [1] (which makes no mention of it). [1] was later reverted for |
| unspecified reasons in [2], presumably because the mentioned issue was |
| fixed or invalid. |
| |
| [1] de9fac00c40db321d44fa6fbab6eb62ec4c83998 |
| [2] 16d1f369403cbb04bd7b085eabbeebf159473fc2 |
| |
| Closes #2618 |
| |
| - fnmatch: insist on escaped bracket to match |
| |
| A non-escaped bracket ([) is for a character group - as documented. It |
| will *not* match an individual bracket anymore. Test case 1307 updated |
| accordingly to match. |
| |
| Problem detected by OSS-Fuzz, although this fix is probably not a final |
| fix for the notorious timeout issues. |
| |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525 |
| Closes #2614 |
| |
| Patrick Monnerat (28 May 2018) |
| - psl: use latest psl and refresh it periodically |
| |
| The latest psl is cached in the multi or share handle. It is refreshed |
| before use after 72 hours. |
| New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing. |
| If the latest psl is not available, the builtin psl is used. |
| |
| Reported-by: Yaakov Selkowitz |
| Fixes #2553 |
| Closes #2601 |
| |
| Daniel Stenberg (28 May 2018) |
| - [Fabrice Fontaine brought this change] |
| |
| configure: fix ssh2 linking when built with a static mbedtls |
| |
| The ssh2 pkg-config file could contain the following lines when build |
| with a static version of mbedtls: |
| Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a |
| Libs.private: /xxx/libmbedcrypto.a |
| |
| This static mbedtls library must be used to correctly detect ssh2 |
| support and this library must be copied in libcurl.pc otherwise |
| compilation of any application (such as upmpdcli) with libcurl will fail |
| when trying to found mbedtls functions included in libssh2. So, replace |
| pkg-config --libs-only-l by pkg-config --libs. |
| |
| Fixes: |
| - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a |
| |
| Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> |
| Closes #2613 |
| |
| - RELEASE-NOTES: synced |
| |
| - [Bernhard Walle brought this change] |
| |
| cmake: check for getpwuid_r |
| |
| The autotools-based build system does it, so we do it also in CMake. |
| |
| Bug: #2609 |
| Signed-off-by: Bernhard Walle <bernhard@bwalle.de> |
| |
| - cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options |
| |
| - [Frank Gevaerts brought this change] |
| |
| curl.1: Fix cmdline-opts reference errors. |
| |
| --data, --form, and --ntlm were declared to be mutually exclusive with |
| non-existing options. --data and --form referred to --upload (which is |
| short for --upload-file and therefore did work, so this one was merely |
| a bit confusing), --ntlm referred to --negotiated instead of --negotiate. |
| |
| Closes #2612 |
| |
| - [Frank Gevaerts brought this change] |
| |
| docs: fix cmdline-opts metadata headers case consistency. |
| |
| Almost all headers start with an uppercase letter, but some didn't. |
| |
| - mailmap: Max Savenkov |
| |
| Sergei Nikulov (28 May 2018) |
| - [Max Savenkov brought this change] |
| |
| Fix the test for fsetxattr and strerror_r tests in CMake to work without compiling |
| |
| Daniel Stenberg (27 May 2018) |
| - mailmap: a Richard Alcock fixup |
| |
| - [Richard Alcock brought this change] |
| |
| schannel: add failf calls for client certificate failures |
| |
| Closes #2604 |
| |
| - [Richard Alcock brought this change] |
| |
| winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST |
| |
| Change requirement from $(DISTDIR) to $(DIRDIST) |
| |
| closes #2603 |
| |
| - [Richard Alcock brought this change] |
| |
| winbuild: only delete OUTFILE if it exists |
| |
| This removes the slightly annoying "Could not file LIBCURL_OBJS.inc" and |
| "Could not find CURL_OBJS.inc.inc" message when building into a clean |
| folder. |
| |
| closes #2602 |
| |
| - [Alejandro R. Sedeño brought this change] |
| |
| content_encoding: handle zlib versions too old for Z_BLOCK |
| |
| Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available. |
| |
| Fixes #2606 |
| Closes #2608 |
| |
| - multi: provide a socket to wait for in Curl_protocol_getsock |
| |
| ... even when there's no protocol specific handler setup. |
| |
| Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html |
| Reported-by: Sean Miller |
| Closes #2600 |
| |
| - [Linus Lewandowski brought this change] |
| |
| httpauth: add support for Bearer tokens |
| |
| Closes #2102 |
| |
| - TODO: CURLINFO_PAUSE_STATE |
| |
| Closes #2588 |
| |
| Sergei Nikulov (24 May 2018) |
| - cmake: set -d postfix for debug builds if not specified |
| using -DCMAKE_DEBUG_POSTFIX explicitly |
| |
| fixes #2121, obsoletes #2384 |
| |
| Daniel Stenberg (23 May 2018) |
| - configure: add basic test of --with-ssl prefix |
| |
| When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or |
| $PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an |
| error. Helps users detect when giving configure the wrong path. |
| |
| Reported-by: Oleg Pudeyev |
| Assisted-by: Per Malmberg |
| Fixes #2580 |
| |
| Patrick Monnerat (22 May 2018) |
| - http resume: skip body if http code 416 (range error) is ignored. |
| |
| This avoids appending error data to already existing good data. |
| |
| Test 92 is updated to match this change. |
| New test 1156 checks all combinations of --range/--resume, --fail, |
| Content-Range header and http status code 200/416. |
| |
| Fixes #1163 |
| Reported-By: Ithubg on github |
| Closes #2578 |
| |
| Daniel Stenberg (22 May 2018) |
| - tftp: make sure error is zero terminated before printfing it |
| |
| - configure: add missing m4/ax_compile_check_sizeof.m4 |
| |
| follow-up to mistake in 6876ccf90b4 |
| |
| Jay Satiro (22 May 2018) |
| - [Johannes Schindelin brought this change] |
| |
| schannel: make CAinfo parsing resilient to CR/LF |
| |
| OpenSSL has supported --cacert for ages, always accepting LF-only line |
| endings ("Unix line endings") as well as CR/LF line endings ("Windows |
| line endings"). |
| |
| When we introduced support for --cacert also with Secure Channel (or in |
| cURL speak: "WinSSL"), we did not take care to support CR/LF line |
| endings, too, even if we are much more likely to receive input in that |
| form when using Windows. |
| |
| Let's fix that. |
| |
| Happily, CryptQueryObject(), the function we use to parse the ca-bundle, |
| accepts CR/LF input already, and the trailing LF before the END |
| CERTIFICATE marker catches naturally any CR/LF line ending, too. So all |
| we need to care about is the BEGIN CERTIFICATE marker. We do not |
| actually need to verify here that the line ending is CR/LF. Just |
| checking for a CR or an LF is really plenty enough. |
| |
| Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| |
| Closes https://github.com/curl/curl/pull/2592 |
| |
| Daniel Stenberg (22 May 2018) |
| - CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit |
| |
| - RELEASE-NOTES: synced |
| |
| - KNOWN_BUGS: mention the -O with %-encoded file names |
| |
| Closes #2573 |
| |
| - checksrc: make sure sizeof() is used *with* parentheses |
| |
| ... and unify the source code to adhere. |
| |
| Closes #2563 |
| |
| - curl: added --styled-output |
| |
| It is enabled by default, so --no-styled-output will switch off the |
| detection/use of bold headers. |
| |
| Closes #2538 |
| |
| - curl: show headers in bold |
| |
| The feature is only enabled if the output is believed to be a tty. |
| |
| -J: There's some minor differences and improvements in -J handling, as |
| now J should work with -i and it actually creates a file first using the |
| initial name and then *renames* that to the one found in |
| Content-Disposition (if any). |
| |
| -i: only shows headers for HTTP transfers now (as documented). |
| Previously it would also show for pieces of the transfer that were HTTP |
| (for example when doing FTP over a HTTP proxy). |
| |
| -i: now shows trailers as well. Previously they were not shown at all. |
| |
| --libcurl: the CURLOPT_HEADER is no longer set, as the header output is |
| now done in the header callback. |
| |
| - configure: compile-time SIZEOF checks |
| |
| ... instead of exeucting code to get the size. Removes the use of |
| LD_LIBRARY_PATH for this. |
| |
| Fixes #2586 |
| Closes #2589 |
| Reported-by: Bernhard Walle |
| |
| - configure: replace AC_TRY_RUN with CURL_RUN_IFELSE |
| |
| ... and export LD_LIBRARY_PATH properly. This is a follow-up from |
| 2d4c215. |
| |
| Fixes #2586 |
| Reported-by: Bernhard Walle |
| |
| - docs: clarify CURLOPT_HTTPGET somewhat |
| |
| Reported-by: bsammon on github |
| Fixes #2590 |
| |
| - curl_fnmatch: only allow two asterisks for matching |
| |
| The previous limit of 5 can still end up in situation that takes a very |
| long time and consumes a lot of CPU. |
| |
| If there is still a rare use case for this, a user can provide their own |
| fnmatch callback for a version that allows a larger set of wildcards. |
| |
| This commit was triggered by yet another OSS-Fuzz timeout due to this. |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369 |
| |
| Closes #2587 |
| |
| - checksrc: fix too long line |
| |
| follow-up to e05ad5d |
| |
| - [Aleks brought this change] |
| |
| docs: mention HAproxy protocol "version 1" |
| |
| ...as there's also a version 2. |
| |
| Closes #2579 |
| |
| - examples/progressfunc: make it build on older libcurls |
| |
| This example was changed in ce2140a8c1 to use the new microsecond based |
| getinfo option. This change makes it conditionally keep using the older |
| option so that the example still builds with older libcurl versions. |
| |
| Closes #2584 |
| |
| - stub_gssapi: fix numerous 'unused parameter' warnings |
| |
| follow-up to d9e92fd9fd1d |
| |
| - [Philip Prindeville brought this change] |
| |
| getinfo: add microsecond precise timers for various intervals |
| |
| Provide a set of new timers that return the time intervals using integer |
| number of microseconds instead of floats. |
| |
| The new info names are as following: |
| |
| CURLINFO_APPCONNECT_TIME_T |
| CURLINFO_CONNECT_TIME_T |
| CURLINFO_NAMELOOKUP_TIME_T |
| CURLINFO_PRETRANSFER_TIME_T |
| CURLINFO_REDIRECT_TIME_T |
| CURLINFO_STARTTRANSFER_TIME_T |
| CURLINFO_TOTAL_TIME_T |
| |
| Closes #2495 |
| |
| - openssl: acknowledge --tls-max for default version too |
| |
| ... previously it only used the max setting if a TLS version was also |
| explicitly asked for. |
| |
| Reported-by: byte_bucket |
| Fixes #2571 |
| Closes #2572 |
| |
| - bump: start working on the pending 7.61.0 |
| |
| - [Dagobert Michelsen brought this change] |
| |
| tests/libtest/Makefile: Do not unconditionally add gcc-specific flags |
| |
| The warning flag leads e.g. Sun Studio compiler to bail out. |
| |
| Closes #2576 |
| |
| - schannel_verify: fix build for non-schannel |
| |
| Jay Satiro (16 May 2018) |
| - rand: fix typo |
| |
| - schannel: disable manual verify if APIs not available |
| |
| .. because original MinGW and old compilers do not have the Windows API |
| definitions needed to support manual verification. |
| |
| - [Archangel_SDY brought this change] |
| |
| schannel: disable client cert option if APIs not available |
| |
| Original MinGW targets Windows 2000 by default, which lacks some APIs and |
| definitions for this feature. Disable it if these APIs are not available. |
| |
| Closes https://github.com/curl/curl/pull/2522 |
| |
| Version 7.60.0 (15 May 2018) |
| |
| Daniel Stenberg (15 May 2018) |
| - RELEASE-NOTES: 7.60.0 release |
| |
| - THANKS: added people from the curl 7.60.0 release |
| |
| - docs/libcurl/index.html: removed |
| |
| The HTML files are long gone from the dist, now remove the last HTML |
| file pointing to those missing files. |
| |
| d |
| |
| - [steini2000 brought this change] |
| |
| http2: remove unused variable |
| |
| Closes #2570 |
| |
| - [steini2000 brought this change] |
| |
| http2: use easy handle of stream for logging |
| |
| - gcc: disable picky gcc-8 function pointer warnings in two places |
| |
| Reported-by: Rikard Falkeborn |
| Bug: #2560 |
| Closes #2569 |
| |
| - http2: use the correct function pointer typedef |
| |
| Fixes gcc-8 picky compiler warnings |
| Reported-by: Rikard Falkeborn |
| Bug: #2560 |
| Closes #2568 |
| |
| - CODE_STYLE: mention return w/o parens, but sizeof with |
| |
| ... and remove the github markdown syntax so that it renders better on |
| the web site. Also, don't use back-ticks inlined to allow the CSS to |
| highlight source code better. |
| |
| - [Rikard Falkeborn brought this change] |
| |
| examples: Fix format specifiers |
| |
| Closes #2561 |
| |
| - [Rikard Falkeborn brought this change] |
| |
| tool: Fix format specifiers |
| |
| - [Rikard Falkeborn brought this change] |
| |
| ntlm: Fix format specifiers |
| |
| - [Rikard Falkeborn brought this change] |
| |
| tests: Fix format specifiers |
| |
| - [Rikard Falkeborn brought this change] |
| |
| lib: Fix format specifiers |
| |
| - contributors.sh: use "on github", not at |
| |
| - http2: getsock fix for uploads |
| |
| When there's an upload in progress, make sure to wait for the socket to |
| become writable. |
| |
| Detected-by: steini2000 on github |
| Bug: #2520 |
| Closes #2567 |
| |
| - pingpong: fix response cache memcpy overflow |
| |
| Response data for a handle with a large buffer might be cached and then |
| used with the "closure" handle when it has a smaller buffer and then the |
| larger cache will be copied and overflow the new smaller heap based |
| buffer. |
| |
| Reported-by: Dario Weisser |
| CVE: CVE-2018-1000300 |
| Bug: https://curl.haxx.se/docs/adv_2018-82c2.html |
| |
| - http: restore buffer pointer when bad response-line is parsed |
| |
| ... leaving the k->str could lead to buffer over-reads later on. |
| |
| CVE: CVE-2018-1000301 |
| Assisted-by: Max Dymond |
| |
| Detected by OSS-Fuzz. |
| Bug: https://curl.haxx.se/docs/adv_2018-b138.html |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105 |
| |
| Patrick Monnerat (13 May 2018) |
| - cookies: do not take cookie name as a parameter |
| |
| RFC 6265 section 4.2.1 does not set restrictions on cookie names. |
| This is a follow-up to commit 7f7fcd0. |
| Also explicitly check proper syntax of cookie name/value pair. |
| |
| New test 1155 checks that cookie names are not reserved words. |
| |
| Reported-By: anshnd at github |
| Fixes #2564 |
| Closes #2566 |
| |
| Daniel Stenberg (12 May 2018) |
| - smb: reject negative file sizes |
| |
| Assisted-by: Max Dymond |
| |
| Detected by OSS-Fuzz |
| Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245 |