Elliott Hughes | 82be86d | 2017-09-20 17:00:17 -0700 | [diff] [blame] | 1 | _ _ ____ _ |
| 2 | ___| | | | _ \| | |
| 3 | / __| | | | |_) | | |
| 4 | | (__| |_| | _ <| |___ |
| 5 | \___|\___/|_| \_\_____| |
Lucas Eckels | 9bd90e6 | 2012-08-06 15:07:02 -0700 | [diff] [blame] | 6 | |
Elliott Hughes | 82be86d | 2017-09-20 17:00:17 -0700 | [diff] [blame] | 7 | Changelog |
Lucas Eckels | 9bd90e6 | 2012-08-06 15:07:02 -0700 | [diff] [blame] | 8 | |
Elliott Hughes | 1ef06ba | 2018-05-30 15:43:58 -0700 | [diff] [blame] | 9 | Version 7.60.0 (15 May 2018) |
| 10 | |
| 11 | Daniel Stenberg (15 May 2018) |
| 12 | - RELEASE-NOTES: 7.60.0 release |
| 13 | |
| 14 | - THANKS: added people from the curl 7.60.0 release |
| 15 | |
| 16 | - docs/libcurl/index.html: removed |
| 17 | |
| 18 | The HTML files are long gone from the dist, now remove the last HTML |
| 19 | file pointing to those missing files. |
| 20 | |
| 21 | d |
| 22 | |
| 23 | - [steini2000 brought this change] |
| 24 | |
| 25 | http2: remove unused variable |
| 26 | |
| 27 | Closes #2570 |
| 28 | |
| 29 | - [steini2000 brought this change] |
| 30 | |
| 31 | http2: use easy handle of stream for logging |
| 32 | |
| 33 | - gcc: disable picky gcc-8 function pointer warnings in two places |
| 34 | |
| 35 | Reported-by: Rikard Falkeborn |
| 36 | Bug: #2560 |
| 37 | Closes #2569 |
| 38 | |
| 39 | - http2: use the correct function pointer typedef |
| 40 | |
| 41 | Fixes gcc-8 picky compiler warnings |
| 42 | Reported-by: Rikard Falkeborn |
| 43 | Bug: #2560 |
| 44 | Closes #2568 |
| 45 | |
| 46 | - CODE_STYLE: mention return w/o parens, but sizeof with |
| 47 | |
| 48 | ... and remove the github markdown syntax so that it renders better on |
| 49 | the web site. Also, don't use back-ticks inlined to allow the CSS to |
| 50 | highlight source code better. |
| 51 | |
| 52 | - [Rikard Falkeborn brought this change] |
| 53 | |
| 54 | examples: Fix format specifiers |
| 55 | |
| 56 | Closes #2561 |
| 57 | |
| 58 | - [Rikard Falkeborn brought this change] |
| 59 | |
| 60 | tool: Fix format specifiers |
| 61 | |
| 62 | - [Rikard Falkeborn brought this change] |
| 63 | |
| 64 | ntlm: Fix format specifiers |
| 65 | |
| 66 | - [Rikard Falkeborn brought this change] |
| 67 | |
| 68 | tests: Fix format specifiers |
| 69 | |
| 70 | - [Rikard Falkeborn brought this change] |
| 71 | |
| 72 | lib: Fix format specifiers |
| 73 | |
| 74 | - contributors.sh: use "on github", not at |
| 75 | |
| 76 | - http2: getsock fix for uploads |
| 77 | |
| 78 | When there's an upload in progress, make sure to wait for the socket to |
| 79 | become writable. |
| 80 | |
| 81 | Detected-by: steini2000 on github |
| 82 | Bug: #2520 |
| 83 | Closes #2567 |
| 84 | |
| 85 | - pingpong: fix response cache memcpy overflow |
| 86 | |
| 87 | Response data for a handle with a large buffer might be cached and then |
| 88 | used with the "closure" handle when it has a smaller buffer and then the |
| 89 | larger cache will be copied and overflow the new smaller heap based |
| 90 | buffer. |
| 91 | |
| 92 | Reported-by: Dario Weisser |
| 93 | CVE: CVE-2018-1000300 |
| 94 | Bug: https://curl.haxx.se/docs/adv_2018-82c2.html |
| 95 | |
| 96 | - http: restore buffer pointer when bad response-line is parsed |
| 97 | |
| 98 | ... leaving the k->str could lead to buffer over-reads later on. |
| 99 | |
| 100 | CVE: CVE-2018-1000301 |
| 101 | Assisted-by: Max Dymond |
| 102 | |
| 103 | Detected by OSS-Fuzz. |
| 104 | Bug: https://curl.haxx.se/docs/adv_2018-b138.html |
| 105 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105 |
| 106 | |
| 107 | Patrick Monnerat (13 May 2018) |
| 108 | - cookies: do not take cookie name as a parameter |
| 109 | |
| 110 | RFC 6265 section 4.2.1 does not set restrictions on cookie names. |
| 111 | This is a follow-up to commit 7f7fcd0. |
| 112 | Also explicitly check proper syntax of cookie name/value pair. |
| 113 | |
| 114 | New test 1155 checks that cookie names are not reserved words. |
| 115 | |
| 116 | Reported-By: anshnd at github |
| 117 | Fixes #2564 |
| 118 | Closes #2566 |
| 119 | |
| 120 | Daniel Stenberg (12 May 2018) |
| 121 | - smb: reject negative file sizes |
| 122 | |
| 123 | Assisted-by: Max Dymond |
| 124 | |
| 125 | Detected by OSS-Fuzz |
| 126 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245 |
| 127 | |
| 128 | - setup_transfer: deal with both sockets being -1 |
| 129 | |
| 130 | Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would |
| 131 | index the array with -1 if neither index was a socket. |
| 132 | |
| 133 | - travis: add build using NSS |
| 134 | |
| 135 | Closes #2558 |
| 136 | |
| 137 | - [Sunny Purushe brought this change] |
| 138 | |
| 139 | openssl: change FILE ops to BIO ops |
| 140 | |
| 141 | To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES |
| 142 | handling is causing problems. This fix changes the OpenSSL backend code |
| 143 | to use BIO functions instead of FILE I/O functions to circumvent those |
| 144 | problems. |
| 145 | |
| 146 | Closes #2512 |
| 147 | |
| 148 | - travis: add a build using WolfSSL |
| 149 | |
| 150 | Assisted-by: Dan Fandrich |
| 151 | |
| 152 | Closes #2528 |
| 153 | |
| 154 | - RELEASE-NOTES: typo |
| 155 | |
| 156 | - RELEASE-NOTES: synced |
| 157 | |
| 158 | - [Daniel Gustafsson brought this change] |
| 159 | |
| 160 | URLs: fix one more http url |
| 161 | |
| 162 | This file wasn't included in commit 4af40b3646d3b09 which updated all |
| 163 | haxx.se http urls to https. The file was committed prior to that update, |
| 164 | but may have been merged after it and hence didn't get updated. |
| 165 | |
| 166 | Closes #2550 |
| 167 | |
| 168 | - github/lock: auto-lock closed issues after 90 days of inactivity |
| 169 | |
| 170 | - vtls: fix missing commas |
| 171 | |
| 172 | follow-up to e66cca046cef |
| 173 | |
| 174 | - vtls: use unified "supports" bitfield member in backends |
| 175 | |
| 176 | ... instead of previous separate struct fields, to make it easier to |
| 177 | extend and change individual backends without having to modify them all. |
| 178 | |
| 179 | closes #2547 |
| 180 | |
| 181 | - transfer: don't unset writesockfd on setup of multiplexed conns |
| 182 | |
| 183 | Curl_setup_transfer() can be called to setup a new individual transfer |
| 184 | over a multiplexed connection so it shouldn't unset writesockfd. |
| 185 | |
| 186 | Bug: #2520 |
| 187 | Closes #2549 |
| 188 | |
| 189 | - [Frank Gevaerts brought this change] |
| 190 | |
| 191 | configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h |
| 192 | |
| 193 | They are removed from the compiler flags. |
| 194 | |
| 195 | This ensures that make dependency tracking will force a rebuild whenever |
| 196 | configure --enable-debug or --enable-curldebug changes. |
| 197 | |
| 198 | Closes #2548 |
| 199 | |
| 200 | - http: don't set the "rewind" flag when not uploading anything |
| 201 | |
| 202 | It triggers an assert. |
| 203 | |
| 204 | Detected by OSS-Fuzz |
| 205 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8144 |
| 206 | Closes #2546 |
| 207 | |
| 208 | - travis: add an mbedtls build |
| 209 | |
| 210 | Closes #2531 |
| 211 | |
| 212 | - configure: only check for CA bundle for file-using SSL backends |
| 213 | |
| 214 | When only building with SSL backends that don't use the CA bundle file |
| 215 | (by default), skip the check. |
| 216 | |
| 217 | Fixes #2543 |
| 218 | Fixes #2180 |
| 219 | Closes #2545 |
| 220 | |
| 221 | - ssh-libssh.c: fix left shift compiler warning |
| 222 | |
| 223 | ssh-libssh.c:2429:21: warning: result of '1 << 31' requires 33 bits to |
| 224 | represent, but 'int' only has 32 bits [-Wshift-overflow=] |
| 225 | |
| 226 | 'len' will never be that big anyway so I converted the run-time check to |
| 227 | a regular assert. |
| 228 | |
| 229 | - [Stephan Mühlstrasser brought this change] |
| 230 | |
| 231 | URL: fix ASCII dependency in strcpy_url and strlen_url |
| 232 | |
| 233 | Commit 3c630f9b0af097663a64e5c875c580aa9808a92b partially reverted the |
| 234 | changes from commit dd7521bcc1b7a6fcb53c31f9bd1192fcc884bd56 because of |
| 235 | the problem that strcpy_url() was modified unilaterally without also |
| 236 | modifying strlen_url(). As a consequence strcpy_url() was again |
| 237 | depending on ASCII encoding. |
| 238 | |
| 239 | This change fixes strlen_url() and strcpy_url() in parallel to use a |
| 240 | common host-encoding independent criterion for deciding whether an URL |
| 241 | character must be %-escaped. |
| 242 | |
| 243 | Closes #2535 |
| 244 | |
| 245 | - [Denis Ollier brought this change] |
| 246 | |
| 247 | docs: remove extraneous commas in man pages |
| 248 | |
| 249 | Closes #2544 |
| 250 | |
| 251 | - RELEASE-NOTES: synced |
| 252 | |
| 253 | - Revert "TODO: remove configure --disable-pthreads" |
| 254 | |
| 255 | This reverts commit d5d683a97f9765bddfd964fe32e137aa6e703ed3. |
| 256 | |
| 257 | --disable-pthreads can be used to disable pthreads and get the threaded |
| 258 | resolver to use the windows threading when building with mingw. |
| 259 | |
| 260 | - vtls: don't define MD5_DIGEST_LENGTH for wolfssl |
| 261 | |
| 262 | ... as it defines it (too) |
| 263 | |
| 264 | - TODO: remove configure --disable-pthreads |
| 265 | |
| 266 | Jay Satiro (2 May 2018) |
| 267 | - [David Garske brought this change] |
| 268 | |
| 269 | wolfssl: Fix non-blocking connect |
| 270 | |
| 271 | Closes https://github.com/curl/curl/pull/2542 |
| 272 | |
| 273 | Daniel Stenberg (30 Apr 2018) |
| 274 | - CURLOPT_URL.3: add ENCODING section [ci skip] |
| 275 | |
| 276 | Feedback-by: Michael Kilburn |
| 277 | |
| 278 | - KNOWN_BUGS: Client cert with Issuer DN differs between backends |
| 279 | |
| 280 | Closes #1411 |
| 281 | |
| 282 | - KNOWN_BUGS: Passive transfer tries only one IP address |
| 283 | |
| 284 | Closes #1508 |
| 285 | |
| 286 | - KNOWN_BUGS: --upload-file . hang if delay in STDIN |
| 287 | |
| 288 | Closes #2051 |
| 289 | |
| 290 | - KNOWN_BUGS: Connection information when using TCP Fast Open |
| 291 | |
| 292 | Closes #1332 |
| 293 | |
| 294 | - travis: enable libssh2 on both macos and Linux |
| 295 | |
| 296 | It seems to not be detected by default anymore (which is a bug I |
| 297 | believe) |
| 298 | |
| 299 | Closes #2541 |
| 300 | |
| 301 | - TODO: Support the clienthello extension |
| 302 | |
| 303 | Closes #2299 |
| 304 | |
| 305 | - TODO: CLOEXEC |
| 306 | |
| 307 | Closes #2252 |
| 308 | |
| 309 | - tests: provide 'manual' as a feature to optionally require |
| 310 | |
| 311 | ... and make test 1026 rely on that feature so that --disable-manual |
| 312 | builds don't cause test failures. |
| 313 | |
| 314 | Reported-by: Max Dymond and Anders Roxell |
| 315 | Fixes #2533 |
| 316 | Closes #2540 |
| 317 | |
| 318 | - CURLINFO_PROTOCOL.3: mention the existing defined names |
| 319 | |
| 320 | Jay Satiro (27 Apr 2018) |
| 321 | - [Daniel Gustafsson brought this change] |
| 322 | |
| 323 | cookies: remove unused macro |
| 324 | |
| 325 | Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, |
| 326 | so remove as it's not part of the published API. |
| 327 | |
| 328 | Closes https://github.com/curl/curl/pull/2537 |
| 329 | |
| 330 | Daniel Stenberg (27 Apr 2018) |
| 331 | - [Daniel Gustafsson brought this change] |
| 332 | |
| 333 | checksrc: force indentation of lines after an else |
| 334 | |
| 335 | This extends the INDENTATION case to also handle 'else' statements |
| 336 | and require proper indentation on the following line. Also fixes the |
| 337 | offending cases found in the codebase. |
| 338 | |
| 339 | Closes #2532 |
| 340 | |
| 341 | - http2: fix null pointer dereference in http2_connisdead |
| 342 | |
| 343 | This function can get called on a connection that isn't setup enough to |
| 344 | have the 'recv_underlying' function pointer initialized so it would try |
| 345 | to call the NULL pointer. |
| 346 | |
| 347 | Reported-by: Dario Weisser |
| 348 | |
| 349 | Follow-up to db1b2c7fe9b093f8 (never shipped in a release) |
| 350 | Closes #2536 |
| 351 | |
| 352 | - http2: get rid of another strstr() |
| 353 | |
| 354 | Follow-up to 1514c44655e12e: replace another strstr() call done on a |
| 355 | buffer that might not be zero terminated - with a memchr() call, even if |
| 356 | we know the substring will be found. |
| 357 | |
| 358 | Assisted-by: Max Dymond |
| 359 | |
| 360 | Detected by OSS-Fuzz |
| 361 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8021 |
| 362 | |
| 363 | Closes #2534 |
| 364 | |
| 365 | - cyassl: adapt to libraries without TLS 1.0 support built-in |
| 366 | |
| 367 | WolfSSL doesn't enable it by default anymore |
| 368 | |
| 369 | - configure: provide --with-wolfssl as an alias for --with-cyassl |
| 370 | |
| 371 | - RELEASE-NOTES: synced |
| 372 | |
| 373 | - [Daniel Gustafsson brought this change] |
| 374 | |
| 375 | os400.c: fix ASSIGNWITHINCONDITION checksrc warnings |
| 376 | |
| 377 | All occurrences of assignment within conditional expression in |
| 378 | os400sys.c rewritten into two steps: first assignment and then the check |
| 379 | on the success of the assignment. Also adjust related incorrect brace |
| 380 | positions to match project indentation style. |
| 381 | |
| 382 | This was spurred by seeing "if((inp = input_token))", but while in there |
| 383 | all warnings were fixed. |
| 384 | |
| 385 | There should be no functional change from these changes. |
| 386 | |
| 387 | Closes #2525 |
| 388 | |
| 389 | - [Daniel Gustafsson brought this change] |
| 390 | |
| 391 | cookies: ensure that we have cookies before writing jar |
| 392 | |
| 393 | The jar should be written iff there are cookies, so ensure that we still |
| 394 | have cookies after expiration to avoid creating an empty file. |
| 395 | |
| 396 | Closes #2529 |
| 397 | |
| 398 | - strcpy_url: only %-encode values >= 0x80 |
| 399 | |
| 400 | OSS-Fuzz detected |
| 401 | |
| 402 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8000 |
| 403 | |
| 404 | Broke in dd7521bcc1b7 |
| 405 | |
| 406 | - mime: avoid NULL pointer dereference risk |
| 407 | |
| 408 | Coverity detected, CID 1435120 |
| 409 | |
| 410 | Closes #2527 |
| 411 | |
| 412 | - [Stephan Mühlstrasser brought this change] |
| 413 | |
| 414 | ctype: restore character classification for non-ASCII platforms |
| 415 | |
| 416 | With commit 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2 curl-speficic |
| 417 | character classification macros and functions were introduced in |
| 418 | curl_ctype.[ch] to avoid dependencies on the locale. This broke curl on |
| 419 | non-ASCII, e.g. EBCDIC platforms. This change restores the previous set |
| 420 | of character classification macros when CURL_DOES_CONVERSIONS is |
| 421 | defined. |
| 422 | |
| 423 | Closes #2494 |
| 424 | |
| 425 | - ftplistparser: keep state between invokes |
| 426 | |
| 427 | Fixes FTP wildcard parsing when done over a number of read buffers. |
| 428 | |
| 429 | Regression from f786d1f14 |
| 430 | |
| 431 | Reported-by: wncboy on github |
| 432 | Fixes #2445 |
| 433 | Closes #2526 |
| 434 | |
| 435 | - examples/http2-upload: expand buffer to avoid silly warning |
| 436 | |
| 437 | http2-upload.c:135:44: error: ‘%02d’ directive output may be truncated |
| 438 | writing between 2 and 11 bytes into a region of size between 8 and 17 |
| 439 | |
| 440 | - examples/sftpuploadresume: typecast fseek argument to long |
| 441 | |
| 442 | /docs/examples/sftpuploadresume.c:102:12: warning: conversion to 'long |
| 443 | int' from 'curl_off_t {aka long long int}' may alter its value |
| 444 | |
| 445 | - Revert "ftplistparser: keep state between invokes" |
| 446 | |
| 447 | This reverts commit abbc8457d85aca74b7cfda1d394b0844932b2934. |
| 448 | |
| 449 | Caused fuzzer problems on travis not seen when this was a PR! |
| 450 | |
| 451 | - Curl_memchr: zero length input can't match |
| 452 | |
| 453 | Avoids undefined behavior. |
| 454 | |
| 455 | Reported-by: Geeknik Labs |
| 456 | |
| 457 | - ftplistparser: keep state between invokes |
| 458 | |
| 459 | Fixes FTP wildcard parsing when doing over a number of read buffers. |
| 460 | |
| 461 | Regression from f786d1f14 |
| 462 | |
| 463 | Reported-by: wncboy on github |
| 464 | Fixes #2445 |
| 465 | Closes #2519 |
| 466 | |
| 467 | - ftplistparser: renamed some members and variables |
| 468 | |
| 469 | ... to make them better spell out what they're for. |
| 470 | |
| 471 | - RELEASE-NOTES: synced |
| 472 | |
| 473 | - [Christian Schmitz brought this change] |
| 474 | |
| 475 | curl_global_sslset: always provide available backends |
| 476 | |
| 477 | Closes #2499 |
| 478 | |
| 479 | - http2: convert an assert to run-time check |
| 480 | |
| 481 | Fuzzing has proven we can reach code in on_frame_recv with status_code |
| 482 | not having been set, so let's detect that in run-time (instead of with |
| 483 | assert) and error error accordingly. |
| 484 | |
| 485 | (This should no longer happen with the latest nghttp2) |
| 486 | |
| 487 | Detected by OSS-Fuzz |
| 488 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903 |
| 489 | Closes #2514 |
| 490 | |
| 491 | - curl.1: clarify that options and URLs can be mixed |
| 492 | |
| 493 | Fixes #2515 |
| 494 | Closes #2517 |
| 495 | |
| 496 | Jay Satiro (23 Apr 2018) |
| 497 | - [Archangel_SDY brought this change] |
| 498 | |
| 499 | CURLOPT_SSLCERT.3: improve WinSSL-specific usage info |
| 500 | |
| 501 | Ref: https://github.com/curl/curl/pull/2376#issuecomment-381858780 |
| 502 | |
| 503 | Closes https://github.com/curl/curl/pull/2504 |
| 504 | |
| 505 | - [Archangel_SDY brought this change] |
| 506 | |
| 507 | schannel: fix build error on targets <= XP |
| 508 | |
| 509 | - Use CRYPT_STRING_HEX instead of CRYPT_STRING_HEXRAW since XP doesn't |
| 510 | support the latter. |
| 511 | |
| 512 | Ref: https://github.com/curl/curl/pull/2376#issuecomment-382153668 |
| 513 | |
| 514 | Closes https://github.com/curl/curl/pull/2504 |
| 515 | |
| 516 | Daniel Stenberg (23 Apr 2018) |
| 517 | - Revert "ftplistparser: keep state between invokes" |
| 518 | |
| 519 | This reverts commit 8fb78f9ddc6d858d630600059b8ad84a80892fd9. |
| 520 | |
| 521 | Unfortunately this fix introduces memory leaks I've not been able to fix |
| 522 | in several days. Reverting this for now to get the leaks fixed. |
| 523 | |
| 524 | Jay Satiro (21 Apr 2018) |
| 525 | - tool_help: clarify --max-time unit of time is seconds |
| 526 | |
| 527 | Before: |
| 528 | -m, --max-time <time> Maximum time allowed for the transfer |
| 529 | |
| 530 | After: |
| 531 | -m, --max-time <seconds> Maximum time allowed for the transfer |
| 532 | |
| 533 | Daniel Stenberg (20 Apr 2018) |
| 534 | - http2: handle GOAWAY properly |
| 535 | |
| 536 | When receiving REFUSED_STREAM, mark the connection for close and retry |
| 537 | streams accordingly on another/fresh connection. |
| 538 | |
| 539 | Reported-by: Terry Wu |
| 540 | Fixes #2416 |
| 541 | Fixes #1618 |
| 542 | Closes #2510 |
| 543 | |
| 544 | - http2: clear the "drain counter" when a stream is closed |
| 545 | |
| 546 | This fixes the notorious "httpc->drain_total >= data->state.drain" |
| 547 | assert. |
| 548 | |
| 549 | Reported-by: Anders Bakken |
| 550 | |
| 551 | Fixes #1680 |
| 552 | Closes #2509 |
| 553 | |
| 554 | - http2: avoid strstr() on data not zero terminated |
| 555 | |
| 556 | It's not strictly clear if the API contract allows us to call strstr() |
| 557 | on a string that isn't zero terminated even when we know it will find |
| 558 | the substring, and clang's ASAN check dislikes us for it. |
| 559 | |
| 560 | Also added a check of the return code in case it fails, even if I can't |
| 561 | think of a situation how that can trigger. |
| 562 | |
| 563 | Detected by OSS-Fuzz |
| 564 | Closes #2513 |
| 565 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7760 |
| 566 | |
| 567 | - [Stephan Mühlstrasser brought this change] |
| 568 | |
| 569 | openssl: fix subjectAltName check on non-ASCII platforms |
| 570 | |
| 571 | Curl_cert_hostcheck operates with the host character set, therefore the |
| 572 | ASCII subjectAltName string retrieved with OpenSSL must be converted to |
| 573 | the host encoding before comparison. |
| 574 | |
| 575 | Closes #2493 |
| 576 | |
| 577 | Jay Satiro (20 Apr 2018) |
| 578 | - openssl: Add support for OpenSSL 1.1.1 verbose-mode trace messages |
| 579 | |
| 580 | - Support handling verbose-mode trace messages of type |
| 581 | SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, |
| 582 | SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, |
| 583 | SSL3_MT_MESSAGE_HASH |
| 584 | |
| 585 | Reported-by: iz8mbw@users.noreply.github.com |
| 586 | |
| 587 | Fixes https://github.com/curl/curl/issues/2403 |
| 588 | |
| 589 | Daniel Stenberg (19 Apr 2018) |
| 590 | - ftplistparser: keep state between invokes |
| 591 | |
| 592 | Regression from f786d1f14 |
| 593 | |
| 594 | Reported-by: wncboy on github |
| 595 | Fixes #2445 |
| 596 | Closes #2508 |
| 597 | |
| 598 | - detect_proxy: only show proxy use if it had contents |
| 599 | |
| 600 | - http2: handle on_begin_headers() called more than once |
| 601 | |
| 602 | This triggered an assert if called more than once in debug mode (and a |
| 603 | memory leak if not debug build). With the right sequence of HTTP/2 |
| 604 | headers incoming it can happen. |
| 605 | |
| 606 | Detected by OSS-Fuzz |
| 607 | |
| 608 | Closes #2507 |
| 609 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764 |
| 610 | |
| 611 | Jay Satiro (18 Apr 2018) |
| 612 | - [Dan McNulty brought this change] |
| 613 | |
| 614 | schannel: add support for CURLOPT_CAINFO |
| 615 | |
| 616 | - Move verify_certificate functionality in schannel.c into a new |
| 617 | file called schannel_verify.c. Additionally, some structure defintions |
| 618 | from schannel.c have been moved to schannel.h to allow them to be |
| 619 | used in schannel_verify.c. |
| 620 | |
| 621 | - Make verify_certificate functionality for Schannel available on |
| 622 | all versions of Windows instead of just Windows CE. verify_certificate |
| 623 | will be invoked on Windows CE or when the user specifies |
| 624 | CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. |
| 625 | |
| 626 | - In verify_certificate, create a custom certificate chain engine that |
| 627 | exclusively trusts the certificate store backed by the CURLOPT_CAINFO |
| 628 | file. |
| 629 | |
| 630 | - doc updates of --cacert/CAINFO support for schannel |
| 631 | |
| 632 | - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString |
| 633 | when available. This implements a TODO in schannel.c to improve |
| 634 | handling of multiple SANs in a certificate. In particular, all SANs |
| 635 | will now be searched instead of just the first name. |
| 636 | |
| 637 | - Update tool_operate.c to not search for the curl-ca-bundle.crt file |
| 638 | when using Schannel to maintain backward compatibility. Previously, |
| 639 | any curl-ca-bundle.crt file found in that search would have been |
| 640 | ignored by Schannel. But, with CAINFO support, the file found by |
| 641 | that search would have been used as the certificate store and |
| 642 | could cause issues for any users that have curl-ca-bundle.crt in |
| 643 | the search path. |
| 644 | |
| 645 | - Update url.c to not set the build time CURL_CA_BUNDLE if the selected |
| 646 | SSL backend is Schannel. We allow setting CA location for schannel |
| 647 | only when explicitly specified by the user via CURLOPT_CAINFO / |
| 648 | --cacert. |
| 649 | |
| 650 | - Add new test cases 3000 and 3001. These test cases check that the first |
| 651 | and last SAN, respectively, matches the connection hostname. New test |
| 652 | certificates have been added for these cases. For 3000, the certificate |
| 653 | prefix is Server-localhost-firstSAN and for 3001, the certificate |
| 654 | prefix is Server-localhost-secondSAN. |
| 655 | |
| 656 | - Remove TODO 15.2 (Add support for custom server certificate |
| 657 | validation), this commit addresses it. |
| 658 | |
| 659 | Closes https://github.com/curl/curl/pull/1325 |
| 660 | |
| 661 | - schannel: fix warning |
| 662 | |
| 663 | - Fix warning 'integer from pointer without a cast' on 3rd arg in |
| 664 | CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer |
| 665 | type of the same size. |
| 666 | |
| 667 | Follow-up to e35b025. |
| 668 | |
| 669 | Caught by Marc's CI builds. |
| 670 | |
| 671 | - [Jakub Wilk brought this change] |
| 672 | |
| 673 | docs: fix typos |
| 674 | |
| 675 | Closes https://github.com/curl/curl/pull/2503 |
| 676 | |
| 677 | Daniel Stenberg (17 Apr 2018) |
| 678 | - RELEASE-NOTES: synced |
| 679 | |
| 680 | Jay Satiro (17 Apr 2018) |
| 681 | - [Kees Dekker brought this change] |
| 682 | |
| 683 | winbuild: Support custom devel paths for each dependency |
| 684 | |
| 685 | - Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2, |
| 686 | OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH, |
| 687 | NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH. |
| 688 | |
| 689 | - Use lib.exe for making the static library instead of link.exe /lib. |
| 690 | The latter is undocumented and could cause problems as noted in the |
| 691 | comments. |
| 692 | |
| 693 | - Remove a dangling URL that no longer worked. (I was not able to find |
| 694 | the IDN download at MSDN/microsoft.com, so it seems to be removed.) |
| 695 | |
| 696 | - Remove custom override for release-ssh2-ssl-dll-zlib configuration. |
| 697 | Nobody knows why it was there and as far as we can see is unnecessary. |
| 698 | |
| 699 | Closes https://github.com/curl/curl/pull/2474 |
| 700 | |
| 701 | Daniel Stenberg (17 Apr 2018) |
| 702 | - [Jess brought this change] |
| 703 | |
| 704 | README.md: add backers and sponsors |
| 705 | |
| 706 | Closes #2484 |
| 707 | |
| 708 | - [Archangel_SDY brought this change] |
| 709 | |
| 710 | schannel: add client certificate authentication |
| 711 | |
| 712 | Users can now specify a client certificate in system certificates store |
| 713 | explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` |
| 714 | |
| 715 | Closes #2376 |
| 716 | |
| 717 | Marcel Raad (16 Apr 2018) |
| 718 | - [toughengineer brought this change] |
| 719 | |
| 720 | ntlm_sspi: fix authentication using Credential Manager |
| 721 | |
| 722 | If you pass empty user/pass asking curl to use Windows Credential |
| 723 | Storage (as stated in the docs) and it has valid credentials for the |
| 724 | domain, e.g. |
| 725 | curl -v -u : --ntlm example.com |
| 726 | currently authentication fails. |
| 727 | This change fixes it by providing proper SPN string to the SSPI API |
| 728 | calls. |
| 729 | |
| 730 | Fixes https://github.com/curl/curl/issues/1622 |
| 731 | Closes https://github.com/curl/curl/pull/1660 |
| 732 | |
| 733 | Daniel Stenberg (16 Apr 2018) |
| 734 | - configure: keep LD_LIBRARY_PATH changes local |
| 735 | |
| 736 | ... only set it when we actually have to run tests to reduce its impact |
| 737 | on for example build commands etc. |
| 738 | |
| 739 | Fixes #2490 |
| 740 | Closes #2492 |
| 741 | |
| 742 | Reported-by: Dmitry Mikhirev |
| 743 | |
| 744 | Marcel Raad (16 Apr 2018) |
| 745 | - urldata: make service names unconditional |
| 746 | |
| 747 | The ifdefs have become quite long. Also, the condition for the |
| 748 | definition of CURLOPT_SERVICE_NAME and for setting it from |
| 749 | CURLOPT_SERVICE_NAME have diverged. We will soon also need the two |
| 750 | options for NTLM, at least when using SSPI, for |
| 751 | https://github.com/curl/curl/pull/1660. |
| 752 | Just make the definitions unconditional to make that easier. |
| 753 | |
| 754 | Closes https://github.com/curl/curl/pull/2479 |
| 755 | |
| 756 | Daniel Stenberg (16 Apr 2018) |
| 757 | - test1148: tolerate progress updates better |
| 758 | |
| 759 | Fixes #2446 |
| 760 | Closes #2488 |
| 761 | |
| 762 | - [Christian Schmitz brought this change] |
| 763 | |
| 764 | ssh: show libSSH2 error code when closing fails |
| 765 | |
| 766 | Closes #2500 |
| 767 | |
| 768 | Jay Satiro (15 Apr 2018) |
| 769 | - [Daniel Gustafsson brought this change] |
| 770 | |
| 771 | vauth: Fix typo |
| 772 | |
| 773 | Address various spellings of "credentials". |
| 774 | |
| 775 | Closes https://github.com/curl/curl/pull/2496 |
| 776 | |
| 777 | - [Dagobert Michelsen brought this change] |
| 778 | |
| 779 | system.h: Add sparcv8plus to oracle/sunpro 32-bit detection |
| 780 | |
| 781 | With specific compiler options selecting the arch like -xarch=sparc on |
| 782 | newer compilers like Oracle Studio 12.4 there is no definition of |
| 783 | __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the |
| 784 | 32ÎíÎñbit subset defined by the V8plus ISA specification, without the |
| 785 | Visual Instruction Set (VIS), and without other implementation-specific |
| 786 | ISA extensions. So it should be the same as __sparcv8. |
| 787 | |
| 788 | Closes https://github.com/curl/curl/pull/2491 |
| 789 | |
| 790 | - [Daniel Gustafsson brought this change] |
| 791 | |
| 792 | checksrc: Fix typo |
| 793 | |
| 794 | Fix typo in "semicolon" spelling and remove stray tab character. |
| 795 | |
| 796 | Closes https://github.com/curl/curl/pull/2498 |
| 797 | |
| 798 | - [Daniel Gustafsson brought this change] |
| 799 | |
| 800 | all: Refactor malloc+memset to use calloc |
| 801 | |
| 802 | When a zeroed out allocation is required, use calloc() rather than |
| 803 | malloc() followed by an explicit memset(). The result will be the |
| 804 | same, but using calloc() everywhere increases consistency in the |
| 805 | codebase and avoids the risk of subtle bugs when code is injected |
| 806 | between malloc and memset by accident. |
| 807 | |
| 808 | Closes https://github.com/curl/curl/pull/2497 |
| 809 | |
| 810 | Daniel Stenberg (12 Apr 2018) |
| 811 | - duphandle: make sure CURLOPT_RESOLVE is duplicated fine too |
| 812 | |
| 813 | Verified in test 1502 now |
| 814 | |
| 815 | Fixes #2485 |
| 816 | Closes #2486 |
| 817 | Reported-by: Ernst Sjöstrand |
| 818 | |
| 819 | - mailmap: add a monnerat fixup [ci skip] |
| 820 | |
| 821 | - proxy: show getenv proxy use in verbose output |
| 822 | |
| 823 | ... to aid debugging etc as it sometimes isn't immediately obvious why |
| 824 | curl uses or doesn't use a proxy. |
| 825 | |
| 826 | Inspired by #2477 |
| 827 | |
| 828 | Closes #2480 |
| 829 | |
| 830 | - travis: build libpsl and make builds use it |
| 831 | |
| 832 | closes #2471 |
| 833 | |
| 834 | - travis: bump to clang 6 and gcc 7 |
| 835 | |
| 836 | Extra-eye-on-this-by: Marcel Raad |
| 837 | |
| 838 | Closes #2478 |
| 839 | |
| 840 | Marcel Raad (10 Apr 2018) |
| 841 | - travis: use trusty for coverage build |
| 842 | |
| 843 | This works now and precise is in the process of being decommissioned. |
| 844 | |
| 845 | Closes https://github.com/curl/curl/pull/2476 |
| 846 | |
| 847 | - lib: silence null-dereference warnings |
| 848 | |
| 849 | In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings |
| 850 | when dereferencing pointers after DEBUGASSERT-ing that they are not |
| 851 | NULL. |
| 852 | Fix this by removing the DEBUGASSERTs. |
| 853 | |
| 854 | Suggested-by: Daniel Stenberg |
| 855 | Ref: https://github.com/curl/curl/pull/2463 |
| 856 | |
| 857 | - [Kees Dekker brought this change] |
| 858 | |
| 859 | winbuild: fix URL |
| 860 | |
| 861 | Follow up on https://github.com/curl/curl/pull/2472. |
| 862 | Now using en-us instead of nl-nl as language code in the URL. |
| 863 | |
| 864 | Closes https://github.com/curl/curl/pull/2475 |
| 865 | |
| 866 | Daniel Stenberg (9 Apr 2018) |
| 867 | - [Kees Dekker brought this change] |
| 868 | |
| 869 | winbuild: updated the documentation |
| 870 | |
| 871 | The setenv command no longer exists and visual studio build prompts got |
| 872 | changed. Used Visual Studio 2015/2017 as reference. |
| 873 | |
| 874 | Closes #2472 |
| 875 | |
| 876 | - test1136: fix cookie order after commit c990eadd1277 |
| 877 | |
| 878 | - build: cleanup to fix clang warnings/errors |
| 879 | |
| 880 | unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a |
| 881 | cast from integer to pointer is a GNU extension |
| 882 | |
| 883 | Reported-by: Rikard Falkeborn |
| 884 | |
| 885 | Fixes #2466 |
| 886 | Closes #2468 |
| 887 | |
| 888 | Jay Satiro (7 Apr 2018) |
| 889 | - examples/sftpuploadresmue: Fix Windows large file seek |
| 890 | |
| 891 | - Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows. |
| 892 | |
| 893 | - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print |
| 894 | curl_off_t. |
| 895 | |
| 896 | Caught by Marc's CI builds. |
| 897 | |
| 898 | Daniel Stenberg (7 Apr 2018) |
| 899 | - curl_setup: provide a CURL_SA_FAMILY_T type if none exists |
| 900 | |
| 901 | ... and use this type instead of 'sa_family_t' in the code since several |
| 902 | platforms don't have it. |
| 903 | |
| 904 | Closes #2463 |
| 905 | |
| 906 | - [Eric Gallager brought this change] |
| 907 | |
| 908 | build: add picky compiler warning flags for gcc 6 and 7 |
| 909 | |
| 910 | - configure: detect sa_family_t |
| 911 | |
| 912 | Jay Satiro (7 Apr 2018) |
| 913 | - [Stefan Agner brought this change] |
| 914 | |
| 915 | tool_operate: Fix retry on FTP 4xx to ignore other protocols |
| 916 | |
| 917 | Only treat response code as FTP response codes in case the |
| 918 | protocol type is FTP. |
| 919 | |
| 920 | This fixes an issue where an HTTP download was treated as FTP |
| 921 | in case libcurl returned with 33. This happens when the |
| 922 | download has already finished and the server responses 416: |
| 923 | HTTP/1.1 416 Requested Range Not Satisfiable |
| 924 | |
| 925 | This should not be treated as an FTP error. |
| 926 | |
| 927 | Fixes #2464 |
| 928 | Closes #2465 |
| 929 | |
| 930 | Daniel Stenberg (6 Apr 2018) |
| 931 | - hash: calculate sizes with size_t instead of longs |
| 932 | |
| 933 | ... since they return size_t anyway! |
| 934 | |
| 935 | closes #2462 |
| 936 | |
| 937 | - RELEASE-NOTES: synced |
| 938 | |
| 939 | - [Jay Satiro brought this change] |
| 940 | |
| 941 | build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15 |
| 942 | |
| 943 | .. and do the same for build-wolfssl.bat. |
| 944 | |
| 945 | Because MS calls it VC14.1. |
| 946 | |
| 947 | Closes https://github.com/curl/curl/pull/2189 |
| 948 | |
| 949 | - [Kees Dekker brought this change] |
| 950 | |
| 951 | winbuild: make the clean target work without build-type |
| 952 | |
| 953 | Due to the check in Makefile.vc and MakefileBuild.vc, no make call can |
| 954 | be invoked unless a build-type was specified. However, a clean target |
| 955 | only existed when a build type was specified. As a result, the clean |
| 956 | target was unreachable. Made clean target unconditional. |
| 957 | |
| 958 | Closes #2455 |
| 959 | |
| 960 | - [patelvivekv1993 brought this change] |
| 961 | |
| 962 | build-openssl.bat: allow custom paths for VS and perl |
| 963 | |
| 964 | Fixes #2430 |
| 965 | Closes #2457 |
| 966 | |
| 967 | - [Laurie Clark-Michalek brought this change] |
| 968 | |
| 969 | FTP: allow PASV on IPv6 connections when a proxy is being used |
| 970 | |
| 971 | In the situation of a client connecting to an FTP server using an IPv6 |
| 972 | tunnel proxy, the connection info will indicate that the connection is |
| 973 | IPv6. However, because the server behing the proxy is IPv4, it is |
| 974 | permissable to attempt PSV mode. In the case of the FTP server being |
| 975 | IPv4 only, EPSV will always fail, and with the current logic curl will |
| 976 | be unable to connect to the server, as the IPv6 fwdproxy causes curl to |
| 977 | think that EPSV is impossible. |
| 978 | |
| 979 | Closes #2432 |
| 980 | |
| 981 | - [Jon DeVree brought this change] |
| 982 | |
| 983 | file: restore old behavior for file:////foo/bar URLs |
| 984 | |
| 985 | curl 7.57.0 and up interpret this according to Appendix E.3.2 of RFC |
| 986 | 8089 but then returns an error saying this is unimplemented. This is |
| 987 | actually a regression in behavior on both Windows and Unix. |
| 988 | |
| 989 | Before curl 7.57.0 this URL was treated as a path of "//foo/bar" and |
| 990 | then passed to the relevant OS API. This means that the behavior of this |
| 991 | case is actually OS dependent. |
| 992 | |
| 993 | The Unix path resolution rules say that the OS must handle swallowing |
| 994 | the extra "/" and so this path is the same as "/foo/bar" |
| 995 | |
| 996 | The Windows path resolution rules say that this is a UNC path and |
| 997 | automatically handles the SMB access for the program. So curl on Windows |
| 998 | was already doing Appendix E.3.2 without any special code in curl. |
| 999 | |
| 1000 | Regression |
| 1001 | |
| 1002 | Closes #2438 |
| 1003 | |
| 1004 | - [Gaurav Malhotra brought this change] |
| 1005 | |
| 1006 | Revert "openssl: Don't add verify locations when verifypeer==0" |
| 1007 | |
| 1008 | This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. |
| 1009 | |
| 1010 | libcurl (with the OpenSSL backend) performs server certificate verification |
| 1011 | even if verifypeer == 0 and the verification result is available using |
| 1012 | CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the |
| 1013 | CURLINFO_SSL_VERIFYRESULT to not have useful information for the |
| 1014 | verifypeer == 0 use case (it would always have |
| 1015 | X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). |
| 1016 | |
| 1017 | Closes #2451 |
| 1018 | |
| 1019 | - [Wyatt O'Day brought this change] |
| 1020 | |
| 1021 | tls: fix mbedTLS 2.7.0 build + handle sha256 failures |
| 1022 | |
| 1023 | (mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) |
| 1024 | |
| 1025 | Closes #2453 |
| 1026 | |
| 1027 | - [Lauri Kasanen brought this change] |
| 1028 | |
| 1029 | cookie: case-insensitive hashing for the domains |
| 1030 | |
| 1031 | closes #2458 |
| 1032 | |
| 1033 | Patrick Monnerat (4 Apr 2018) |
| 1034 | - cookie: fix and optimize 2nd top level domain name extraction |
| 1035 | |
| 1036 | This fixes a segfault occurring when a name of the (invalid) form "domain..tld" |
| 1037 | is processed. |
| 1038 | |
| 1039 | test46 updated to cover this case. |
| 1040 | |
| 1041 | Follow-up to commit c990ead. |
| 1042 | |
| 1043 | Ref: https://github.com/curl/curl/pull/2440 |
| 1044 | |
| 1045 | Daniel Stenberg (4 Apr 2018) |
| 1046 | - openssl: provide defines for argument typecasts to build warning-free |
| 1047 | |
| 1048 | ... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types. |
| 1049 | |
| 1050 | - [Bernard Spil brought this change] |
| 1051 | |
| 1052 | openssl: fix build with LibreSSL 2.7 |
| 1053 | |
| 1054 | - LibreSSL 2.7 implements (most of) OpenSSL 1.1 API |
| 1055 | |
| 1056 | Fixes #2319 |
| 1057 | Closes #2447 |
| 1058 | Closes #2448 |
| 1059 | |
| 1060 | Signed-off-by: Bernard Spil <brnrd@FreeBSD.org> |
| 1061 | |
| 1062 | - [Lauri Kasanen brought this change] |
| 1063 | |
| 1064 | cookie: store cookies per top-level-domain-specific hash table |
| 1065 | |
| 1066 | This makes libcurl handle thousands of cookies much better and speedier. |
| 1067 | |
| 1068 | Closes #2440 |
| 1069 | |
| 1070 | - [Lauri Kasanen brought this change] |
| 1071 | |
| 1072 | cookies: when reading from a file, only remove_expired once |
| 1073 | |
| 1074 | This drops the cookie load time for 8k cookies from 178ms to 15ms. |
| 1075 | |
| 1076 | Closes #2441 |
| 1077 | |
| 1078 | - test1148: set a fixed locale for the test |
| 1079 | |
| 1080 | ...as otherwise it might use a different decimal sign. |
| 1081 | |
| 1082 | Bug: #2436 |
| 1083 | Reported-by: Oumph on github |
| 1084 | |
| 1085 | Jay Satiro (31 Mar 2018) |
| 1086 | - docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T |
| 1087 | |
| 1088 | - Put a percent sign before each CURL_FORMAT_CURL_OFF_T in printf. |
| 1089 | |
| 1090 | For example "%" CURL_FORMAT_CURL_OFF_T becomes %lld or similar. |
| 1091 | |
| 1092 | Bug: https://curl.haxx.se/mail/lib-2018-03/0140.html |
| 1093 | Reported-by: David L. |
| 1094 | |
| 1095 | Sergei Nikulov (27 Mar 2018) |
| 1096 | - [Michał Janiszewski brought this change] |
| 1097 | |
| 1098 | cmake: Add advapi32 as explicit link library for win32 |
| 1099 | |
| 1100 | ARM targets need advapi32 explicitly. |
| 1101 | |
| 1102 | Closes #2363 |
| 1103 | |
| 1104 | Daniel Stenberg (27 Mar 2018) |
| 1105 | - TODO: connection cache sharing is now supporte |
| 1106 | |
| 1107 | Jay Satiro (26 Mar 2018) |
| 1108 | - travis: enable apt retry on fail |
| 1109 | |
| 1110 | This is a workaround for an unsolved travis issue that is causing CI |
| 1111 | instances to sporadically fail due to 'unable to connect' issues during |
| 1112 | apt stage. |
| 1113 | |
| 1114 | Ref: https://github.com/travis-ci/travis-ci/issues/8507 |
| 1115 | Ref: https://github.com/travis-ci/travis-ci/issues/9112#issuecomment-376305909 |
| 1116 | |
| 1117 | Michael Kaufmann (26 Mar 2018) |
| 1118 | - runtests.pl: fix warning 'use of uninitialized value' |
| 1119 | |
| 1120 | follow-up to a9a7b60 |
| 1121 | |
| 1122 | Closes #2428 |
| 1123 | |
| 1124 | Daniel Stenberg (24 Mar 2018) |
| 1125 | - gitignore: ignore more generated files |
| 1126 | |
| 1127 | - threaded resolver: track resolver time and set suitable timeout values |
| 1128 | |
| 1129 | In order to make curl_multi_timeout() return suitable "sleep" times even |
| 1130 | when there's no socket to wait for while the name is being resolved in a |
| 1131 | helper thread. |
| 1132 | |
| 1133 | It will increases the timeouts as time passes. |
| 1134 | |
| 1135 | Closes #2419 |
| 1136 | |
| 1137 | - [Howard Chu brought this change] |
| 1138 | |
| 1139 | openldap: fix for NULL return from ldap_get_attribute_ber() |
| 1140 | |
| 1141 | Closes #2399 |
| 1142 | |
| 1143 | GitHub (22 Mar 2018) |
| 1144 | - [Sergei Nikulov brought this change] |
| 1145 | |
| 1146 | travis-ci: enable -Werror for CMake builds (#2418) |
| 1147 | |
| 1148 | - [Sergei Nikulov brought this change] |
| 1149 | |
| 1150 | cmake: avoid warn-as-error during config checks (#2411) |
| 1151 | |
| 1152 | - Move the CURL_WERROR option processing after the configuration checks |
| 1153 | to avoid failures in case of warnings during the configuration checks. |
| 1154 | |
| 1155 | This is a partial fix for #2358 |
| 1156 | |
| 1157 | - [Sergei Nikulov brought this change] |
| 1158 | |
| 1159 | timeval: remove compilation warning by casting (#2417) |
| 1160 | |
| 1161 | This is fixes #2358 |
| 1162 | |
| 1163 | Daniel Stenberg (22 Mar 2018) |
| 1164 | - http2: read pending frames (including GOAWAY) in connection-check |
| 1165 | |
| 1166 | If a connection has received a GOAWAY frame while not being used, the |
| 1167 | function now reads frames off the connection before trying to reuse it |
| 1168 | to avoid reusing connections the server has told us not to use. |
| 1169 | |
| 1170 | Reported-by: Alex Baines |
| 1171 | Fixes #1967 |
| 1172 | Closes #2402 |
| 1173 | |
| 1174 | - [Bas van Schaik brought this change] |
| 1175 | |
| 1176 | CI: add lgtm.yml for tweaking lgtm.com analysis |
| 1177 | |
| 1178 | Closes #2414 |
| 1179 | |
| 1180 | - CURLINFO_SSL_VERIFYRESULT.3: fix the example, add some text |
| 1181 | |
| 1182 | Reported-by: Michal Trybus |
| 1183 | |
| 1184 | Fixes #2400 |
| 1185 | |
| 1186 | - TODO: expand ~/ in config files |
| 1187 | |
| 1188 | Closes #2317 |
| 1189 | |
| 1190 | - cookie.d: mention that "-" as filename means stdin |
| 1191 | |
| 1192 | Reported-by: Dongliang Mu |
| 1193 | Fixes #2410 |
| 1194 | |
| 1195 | - CURLINFO_COOKIELIST.3: made the example not leak memory |
| 1196 | |
| 1197 | Reported-by: Muz Dima |
| 1198 | |
| 1199 | - vauth/cleartext: fix integer overflow check |
| 1200 | |
| 1201 | Make the integer overflow check not rely on the undefined behavior that |
| 1202 | a size_t wraps around on overflow. |
| 1203 | |
| 1204 | Detected by lgtm.com |
| 1205 | Closes #2408 |
| 1206 | |
| 1207 | - lib/curl_path.h: add #ifdef header guard |
| 1208 | |
| 1209 | Detected by lgtm.com |
| 1210 | |
| 1211 | - vauth/ntlm.h: fix the #ifdef header guard |
| 1212 | |
| 1213 | Detected by lgtm.com |
| 1214 | |
| 1215 | Jay Satiro (20 Mar 2018) |
| 1216 | - examples/hiperfifo: checksrc compliance |
| 1217 | |
| 1218 | Daniel Stenberg (19 Mar 2018) |
| 1219 | - [Nikos Tsipinakis brought this change] |
| 1220 | |
| 1221 | parsedate: support UT timezone |
| 1222 | |
| 1223 | RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with |
| 1224 | GMT. |
| 1225 | |
| 1226 | Closes #2401 |
| 1227 | |
| 1228 | - RELEASE-NOTES: synced |
| 1229 | |
| 1230 | - [Don brought this change] |
| 1231 | |
| 1232 | cmake: add support for brotli |
| 1233 | |
| 1234 | Currently CMake cannot detect Brotli support. This adds detection of the |
| 1235 | libraries and associated header files. It also adds this to the |
| 1236 | generated config. |
| 1237 | |
| 1238 | Closes #2392 |
| 1239 | |
| 1240 | - [Chris Araman brought this change] |
| 1241 | |
| 1242 | darwinssl: fix iOS build |
| 1243 | |
| 1244 | Patrick Monnerat (18 Mar 2018) |
| 1245 | - ILE/RPG binding: Add CURLOPT_HAPROXYPROTOCOL/Fix CURLOPT_DNS_SHUFFLE_ADDRESSES |
| 1246 | |
| 1247 | Daniel Stenberg (17 Mar 2018) |
| 1248 | - [Rick Deist brought this change] |
| 1249 | |
| 1250 | resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSES |
| 1251 | |
| 1252 | This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request |
| 1253 | shuffling of IP addresses returned for a hostname when there is more |
| 1254 | than one. This is useful when the application knows that a round robin |
| 1255 | approach is appropriate and is willing to accept the consequences of |
| 1256 | potentially discarding some preference order returned by the system's |
| 1257 | implementation. |
| 1258 | |
| 1259 | Closes #1694 |
| 1260 | |
| 1261 | - add_handle/easy_perform: clear errorbuffer on start if set |
| 1262 | |
| 1263 | To offer applications a more defined behavior, we clear the buffer as |
| 1264 | early as possible. |
| 1265 | |
| 1266 | Assisted-by: Jay Satiro |
| 1267 | |
| 1268 | Fixes #2190 |
| 1269 | Closes #2377 |
| 1270 | |
| 1271 | - [Lawrence Matthews brought this change] |
| 1272 | |
| 1273 | CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol |
| 1274 | |
| 1275 | Add --haproxy-protocol for the command line tool |
| 1276 | |
| 1277 | Closes #2162 |
| 1278 | |
| 1279 | - curl_version_info.3: fix ssl_version description |
| 1280 | |
| 1281 | Reported-by: Vincas Razma |
| 1282 | Fixes #2364 |
| 1283 | |
| 1284 | - multi: improved pending transfers handling => improved performance |
| 1285 | |
| 1286 | When a transfer is requested to get done and it is put in the pending |
| 1287 | queue when limited by number of connections, total or per-host, libcurl |
| 1288 | would previously very aggressively retry *ALL* pending transfers to get |
| 1289 | them transferring. That was very time consuming. |
| 1290 | |
| 1291 | By reducing the aggressiveness in how pending are being retried, we |
| 1292 | waste MUCH less time on putting transfers back into pending again. |
| 1293 | |
| 1294 | Some test cases got a factor 30(!) speed improvement with this change. |
| 1295 | |
| 1296 | Reported-by: Cyril B |
| 1297 | Fixes #2369 |
| 1298 | Closes #2383 |
| 1299 | |
| 1300 | - pause: when changing pause state, update socket state |
| 1301 | |
| 1302 | Especially unpausing a transfer might have to move the socket back to the |
| 1303 | "currently used sockets" hash to get monitored. Otherwise it would never get |
| 1304 | any more data and get stuck. Easily triggered with pausing using the |
| 1305 | multi_socket API. |
| 1306 | |
| 1307 | Reported-by: Philip Prindeville |
| 1308 | Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html |
| 1309 | Fixes #2393 |
| 1310 | Closes #2391 |
| 1311 | |
| 1312 | - [Philip Prindeville brought this change] |
| 1313 | |
| 1314 | examples/hiperfifo.c: improved |
| 1315 | |
| 1316 | * use member struct event’s instead of pointers to alloc’d struct |
| 1317 | events |
| 1318 | |
| 1319 | * simplify the cases for the mcode_or_die() function via macros; |
| 1320 | |
| 1321 | * make multi_timer_cb() actually do what the block comment says it |
| 1322 | should; |
| 1323 | |
| 1324 | * accept a “stop” command on the FIFO to shut down the service; |
| 1325 | |
| 1326 | * use cleaner notation for unused variables than the (void) hack; |
| 1327 | |
| 1328 | * allow following redirections (304’s); |
| 1329 | |
| 1330 | - rate-limit: use three second window to better handle high speeds |
| 1331 | |
| 1332 | Due to very frequent updates of the rate limit "window", it could |
| 1333 | attempt to rate limit within the same milliseconds and that then made |
| 1334 | the calculations wrong, leading to it not behaving correctly on very |
| 1335 | fast transfers. |
| 1336 | |
| 1337 | This new logic updates the rate limit "window" to be no shorter than the |
| 1338 | last three seconds and only updating the timestamps for this when |
| 1339 | switching between the states TOOFAST/PERFORM. |
| 1340 | |
| 1341 | Reported-by: 刘佩东 |
| 1342 | Fixes #2386 |
| 1343 | Closes #2388 |
| 1344 | |
| 1345 | - [luz.paz brought this change] |
| 1346 | |
| 1347 | cleanup: misc typos in strings and comments |
| 1348 | |
| 1349 | Found via `codespell` |
| 1350 | |
| 1351 | Closes #2389 |
| 1352 | |
| 1353 | - RELEASE-NOTES: toward 7.60.0 |
| 1354 | |
| 1355 | - [Kobi Gurkan brought this change] |
| 1356 | |
| 1357 | http2: fixes typo |
| 1358 | |
| 1359 | Closes #2387 |
| 1360 | |
| 1361 | - user-agent.d:: mention --proxy-header as well |
| 1362 | |
| 1363 | Bug: https://github.com/curl/curl/issues/2381 |
| 1364 | |
| 1365 | - transfer: make HTTP without headers count correct body size |
| 1366 | |
| 1367 | This is what "HTTP/0.9" basically looks like. |
| 1368 | |
| 1369 | Reported on IRC |
| 1370 | |
| 1371 | Closes #2382 |
| 1372 | |
| 1373 | - test1208: marked flaky |
| 1374 | |
| 1375 | It fails somewhere between every 3rd to 10th travis-CI run |
| 1376 | |
| 1377 | - SECURITY-PROCESS: mention how we write/add advisories |
| 1378 | |
| 1379 | - [dasimx brought this change] |
| 1380 | |
| 1381 | FTP: fix typo in recursive callback detection for seeking |
| 1382 | |
| 1383 | Fixes #2380 |
| 1384 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 1385 | Version 7.59.0 (13 Mar 2018) |
| 1386 | |
| 1387 | Daniel Stenberg (13 Mar 2018) |
| 1388 | - release: 7.59.0 |
| 1389 | |
| 1390 | Kamil Dudka (13 Mar 2018) |
| 1391 | - tests/.../spnego.py: fix identifier typo |
| 1392 | |
| 1393 | Detected by Coverity Analysis: |
| 1394 | |
| 1395 | Error: IDENTIFIER_TYPO: |
| 1396 | curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo: |
| 1397 | * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code. |
| 1398 | * Identifier "SupportedMech" is referenced elsewhere at least 4 times. |
| 1399 | curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech". |
| 1400 | curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech". |
| 1401 | curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function). |
| 1402 | curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"? |
| 1403 | |
| 1404 | Closes #2379 |
| 1405 | |
| 1406 | Daniel Stenberg (13 Mar 2018) |
| 1407 | - CURLOPT_COOKIEFILE.3: "-" as file name means stdin |
| 1408 | |
| 1409 | Reported-by: Aron Bergman |
| 1410 | Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html |
| 1411 | |
| 1412 | [ci skip] |
| 1413 | |
| 1414 | - Revert "hostip: fix compiler warning: 'variable set but not used'" |
| 1415 | |
| 1416 | This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. |
| 1417 | |
| 1418 | The assignment really needs to be there or we risk working with an |
| 1419 | uninitialized pointer. |
| 1420 | |
| 1421 | Michael Kaufmann (12 Mar 2018) |
| 1422 | - limit-rate: fix compiler warning |
| 1423 | |
| 1424 | follow-up to 72a0f62 |
| 1425 | |
| 1426 | Viktor Szakats (12 Mar 2018) |
| 1427 | - checksrc.pl: add -i and -m options |
| 1428 | |
| 1429 | To sync it with changes made for the libssh2 project. |
| 1430 | Also cleanup some whitespace. |
| 1431 | |
| 1432 | - curl-openssl.m4: fix spelling [ci skip] |
| 1433 | |
| 1434 | - FAQ: fix a broken URL [ci skip] |
| 1435 | |
| 1436 | Daniel Stenberg (12 Mar 2018) |
| 1437 | - http2: mark the connection for close on GOAWAY |
| 1438 | |
| 1439 | ... don't consider it an error! |
| 1440 | |
| 1441 | Assisted-by: Jay Satiro |
| 1442 | Reported-by: Łukasz Domeradzki |
| 1443 | Fixes #2365 |
| 1444 | Closes #2375 |
| 1445 | |
| 1446 | - credits: Viktor prefers without accent |
| 1447 | |
| 1448 | - openldap: white space changes, fixed up the copyright years |
| 1449 | |
| 1450 | - openldap: check ldap_get_attribute_ber() results for NULL before using |
| 1451 | |
| 1452 | CVE-2018-1000121 |
| 1453 | Reported-by: Dario Weisser |
| 1454 | Bug: https://curl.haxx.se/docs/adv_2018-97a2.html |
| 1455 | |
| 1456 | - FTP: reject path components with control codes |
| 1457 | |
| 1458 | Refuse to operate when given path components featuring byte values lower |
| 1459 | than 32. |
| 1460 | |
| 1461 | Previously, inserting a %00 sequence early in the directory part when |
| 1462 | using the 'singlecwd' ftp method could make curl write a zero byte |
| 1463 | outside of the allocated buffer. |
| 1464 | |
| 1465 | Test case 340 verifies. |
| 1466 | |
| 1467 | CVE-2018-1000120 |
| 1468 | Reported-by: Duy Phan Thanh |
| 1469 | Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html |
| 1470 | |
| 1471 | - readwrite: make sure excess reads don't go beyond buffer end |
| 1472 | |
| 1473 | CVE-2018-1000122 |
| 1474 | Bug: https://curl.haxx.se/docs/adv_2018-b047.html |
| 1475 | |
| 1476 | Detected by OSS-fuzz |
| 1477 | |
| 1478 | - BUGS: updated link to security process |
| 1479 | |
| 1480 | - limit-rate: kick in even before "limit" data has been received |
| 1481 | |
| 1482 | ... and make sure to avoid integer overflows with really large values. |
| 1483 | |
| 1484 | Reported-by: 刘佩东 |
| 1485 | Fixes #2371 |
| 1486 | Closes #2373 |
| 1487 | |
| 1488 | - docs/SECURITY.md -> docs/SECURITY-PROCESS.md |
| 1489 | |
| 1490 | - SECURITY.md: call it the security process |
| 1491 | |
| 1492 | Michael Kaufmann (11 Mar 2018) |
| 1493 | - Curl_range: fix FTP-only and FILE-only builds |
| 1494 | |
| 1495 | follow-up to e04417d |
| 1496 | |
| 1497 | - hostip: fix compiler warning: 'variable set but not used' |
| 1498 | |
| 1499 | Daniel Stenberg (11 Mar 2018) |
| 1500 | - HTTP: allow "header;" to replace an internal header with a blank one |
| 1501 | |
| 1502 | Reported-by: Michael Kaufmann |
| 1503 | Fixes #2357 |
| 1504 | Closes #2362 |
| 1505 | |
| 1506 | - http2: verbose output new MAX_CONCURRENT_STREAMS values |
| 1507 | |
| 1508 | ... as it is interesting for many users. |
| 1509 | |
| 1510 | - SECURITY: distros' max embargo time is 14 days now |
| 1511 | |
| 1512 | Patrick Monnerat (8 Mar 2018) |
| 1513 | - curl tool: accept --compressed also if Brotli is enabled and zlib is not. |
| 1514 | |
| 1515 | Daniel Stenberg (5 Mar 2018) |
| 1516 | - THANKS + mailmap: remove duplicates, fixup full names |
| 1517 | |
| 1518 | - [sergii.kavunenko brought this change] |
| 1519 | |
| 1520 | WolfSSL: adding TLSv1.3 |
| 1521 | |
| 1522 | Closes #2349 |
| 1523 | |
| 1524 | - RELEASE-NOTES/THANKS: synced with cc1d4c505 |
| 1525 | |
| 1526 | - [Richard Alcock brought this change] |
| 1527 | |
| 1528 | winbuild: prefer documented zlib library names |
| 1529 | |
| 1530 | Check for existence of import and static libraries with documented names |
| 1531 | and use them if they do. Fallback to previous names. |
| 1532 | |
| 1533 | According to |
| 1534 | https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on |
| 1535 | Windows, the names of the import library is "zdll.lib" and static |
| 1536 | library is "zlib.lib". |
| 1537 | |
| 1538 | closes #2354 |
| 1539 | |
| 1540 | Marcel Raad (4 Mar 2018) |
| 1541 | - krb5: use nondeprecated functions |
| 1542 | |
| 1543 | gss_seal/gss_unseal have been deprecated in favor of |
| 1544 | gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first |
| 1545 | version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June |
| 1546 | 1996 already says "GSS_Wrap() (formerly GSS_Seal())" and |
| 1547 | "GSS_Unwrap() (formerly GSS_Unseal())". |
| 1548 | |
| 1549 | Use the nondeprecated functions to avoid deprecation warnings. |
| 1550 | |
| 1551 | [1] https://tools.ietf.org/html/rfc2078 |
| 1552 | [2] https://tools.ietf.org/html/rfc1964 |
| 1553 | |
| 1554 | Closes https://github.com/curl/curl/pull/2356 |
| 1555 | |
| 1556 | Daniel Stenberg (4 Mar 2018) |
| 1557 | - curl.1: mention how to add numerical IP addresses in NO_PROXY |
| 1558 | |
| 1559 | - CURLOPT_NOPROXY.3: mention how to list numerical IPv6 addresses |
| 1560 | |
| 1561 | - NO_PROXY: fix for IPv6 numericals in the URL |
| 1562 | |
| 1563 | Added test 1265 that verifies. |
| 1564 | |
| 1565 | Reported-by: steelman on github |
| 1566 | Fixes #2353 |
| 1567 | Closes #2355 |
| 1568 | |
| 1569 | - build: get CFLAGS (including -werror) used for examples and tests |
| 1570 | |
| 1571 | ... so that the CI and more detects compiler warnings/errors properly! |
| 1572 | |
| 1573 | Closes #2337 |
| 1574 | |
| 1575 | Marcel Raad (3 Mar 2018) |
| 1576 | - curl_ctype: fix macro redefinition warnings |
| 1577 | |
| 1578 | On MinGW and Cygwin, GCC and clang have been complaining about macro |
| 1579 | redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this |
| 1580 | by undefining the macros before redefining them as suggested in |
| 1581 | https://github.com/curl/curl/pull/2269. |
| 1582 | |
| 1583 | Suggested-by: Daniel Stenberg |
| 1584 | |
| 1585 | Dan Fandrich (2 Mar 2018) |
| 1586 | - unit1307: proper cleanup on OOM to fix torture tests |
| 1587 | |
| 1588 | Marcel Raad (28 Feb 2018) |
| 1589 | - unit1309: fix warning on Windows x64 |
| 1590 | |
| 1591 | When targeting x64, MinGW-w64 complains about conversions between |
| 1592 | 32-bit long and 64-bit pointers. Fix this by reusing the |
| 1593 | GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic |
| 1594 | from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST / |
| 1595 | CURLX_INTEGER_TO_POINTER_CAST. |
| 1596 | |
| 1597 | Closes https://github.com/curl/curl/pull/2341 |
| 1598 | |
| 1599 | - travis: update compiler versions |
| 1600 | |
| 1601 | Update clang to version 3.9 and GCC to version 6. |
| 1602 | |
| 1603 | Closes https://github.com/curl/curl/pull/2345 |
| 1604 | |
| 1605 | Daniel Stenberg (26 Feb 2018) |
| 1606 | - docs/MANUAL: formfind.pl is not accessible on the site anymore |
| 1607 | |
| 1608 | Fixes #2342 |
| 1609 | |
| 1610 | Jay Satiro (24 Feb 2018) |
| 1611 | - curl-openssl.m4: Fix version check for OpenSSL 1.1.1 |
| 1612 | |
| 1613 | - Add OpenSSL 1.1.1 to the header/library version lists. |
| 1614 | |
| 1615 | - Detect OpenSSL 1.1.1 library using its function ERR_clear_last_mark, |
| 1616 | which was added in that version. |
| 1617 | |
| 1618 | Prior to this change an erroneous header/library mismatch was caused by |
| 1619 | lack of OpenSSL 1.1.1 detection. I tested using openssl-1.1.1-pre1. |
| 1620 | |
| 1621 | Viktor Szakats (23 Feb 2018) |
| 1622 | - lib655: silence compiler warning |
| 1623 | |
| 1624 | Closes https://github.com/curl/curl/pull/2335 |
| 1625 | |
| 1626 | - spelling fixes |
| 1627 | |
| 1628 | Detected using the `codespell` tool. |
| 1629 | |
| 1630 | Also contains one URL protocol upgrade. |
| 1631 | |
| 1632 | Closes https://github.com/curl/curl/pull/2334 |
| 1633 | |
| 1634 | Daniel Stenberg (24 Feb 2018) |
| 1635 | - projects/README: remove reference to dead IDN link/package |
| 1636 | |
| 1637 | Reported-by: Stefan Kanthak and Rod Widdowson |
| 1638 | |
| 1639 | Fixes #2325 |
| 1640 | |
| 1641 | Jay Satiro (23 Feb 2018) |
| 1642 | - [Rod Widdowson brought this change] |
| 1643 | |
| 1644 | winbuild: Use macros for the names of some build utilities |
| 1645 | |
| 1646 | - Add macros to the top of the makefile for rc and mt utilities so that |
| 1647 | it is easier to change their locations. |
| 1648 | |
| 1649 | Bug: https://curl.haxx.se/mail/lib-2018-02/0075.html |
| 1650 | Reported-by: Stefan Kanthak |
| 1651 | |
| 1652 | Closes https://github.com/curl/curl/issues/2329 |
| 1653 | |
| 1654 | Daniel Stenberg (23 Feb 2018) |
| 1655 | - TODO: remove "sha-256 digest", added in 2b5b37cb9109e7c2 |
| 1656 | |
| 1657 | - curl_share_setopt.3: connection cache is shared within multi handles |
| 1658 | |
| 1659 | Jay Satiro (22 Feb 2018) |
| 1660 | - [Rod Widdowson brought this change] |
| 1661 | |
| 1662 | winbuild: Use CALL to run batch scripts |
| 1663 | |
| 1664 | Co-authored-by: Stefan Kanthak |
| 1665 | |
| 1666 | Closes https://github.com/curl/curl/issues/2330 |
| 1667 | Closes https://github.com/curl/curl/pull/2331 |
| 1668 | |
| 1669 | Patrick Monnerat (22 Feb 2018) |
| 1670 | - os400: add curl_resolver_start_callback type to ILE/RPG binding |
| 1671 | |
| 1672 | Daniel Stenberg (22 Feb 2018) |
| 1673 | - form.d: rephrased somewhat, added two example command lines |
| 1674 | |
| 1675 | Jay Satiro (21 Feb 2018) |
| 1676 | - [Francisco Sedano brought this change] |
| 1677 | |
| 1678 | url: Add option CURLOPT_RESOLVER_START_FUNCTION |
| 1679 | |
| 1680 | - Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that |
| 1681 | will be called every time before a new resolve request is started |
| 1682 | (ie before a host is resolved) with a pointer to backend-specific |
| 1683 | resolver data. Currently this is only useful for ares. |
| 1684 | |
| 1685 | - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to |
| 1686 | pass to the resolver start callback. |
| 1687 | |
| 1688 | Closes https://github.com/curl/curl/pull/2311 |
| 1689 | |
| 1690 | - lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS |
| 1691 | |
| 1692 | - In keeping with the naming of our other connect timeout options rename |
| 1693 | CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. |
| 1694 | |
| 1695 | This change adds the _MS suffix since the option expects milliseconds. |
| 1696 | This is more intuitive for our users since other connect timeout options |
| 1697 | that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, |
| 1698 | CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. |
| 1699 | |
| 1700 | The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. |
| 1701 | |
| 1702 | Follow-up to 2427d94 which added the lib and tool option yesterday. |
| 1703 | |
| 1704 | Ref: https://github.com/curl/curl/pull/2260 |
| 1705 | |
| 1706 | Patrick Monnerat (21 Feb 2018) |
| 1707 | - sasl: prefer PLAIN mechanism over LOGIN |
| 1708 | |
| 1709 | SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says |
| 1710 | PLAIN should be used instead if available. |
| 1711 | |
| 1712 | Daniel Stenberg (21 Feb 2018) |
| 1713 | - RELEASE-NOTES: synced with 2427d94c6 |
| 1714 | |
| 1715 | Jay Satiro (20 Feb 2018) |
| 1716 | - [Anders Bakken brought this change] |
| 1717 | |
| 1718 | url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT |
| 1719 | |
| 1720 | - Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy |
| 1721 | eyeball timeout value. |
| 1722 | |
| 1723 | - Add new optval macro CURL_HET_DEFAULT to represent the default happy |
| 1724 | eyeballs timeout value (currently 200 ms). |
| 1725 | |
| 1726 | - Add new tool option --happy-eyeballs-timeout-ms to expose |
| 1727 | CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the |
| 1728 | other -timeout options in the tool expect seconds not milliseconds. |
| 1729 | |
| 1730 | Closes https://github.com/curl/curl/pull/2260 |
| 1731 | |
| 1732 | - hostip: fix 'potentially uninitialized variable' warning |
| 1733 | |
| 1734 | Follow-up to 50d1b33. |
| 1735 | |
| 1736 | Caught by AppVeyor. |
| 1737 | |
| 1738 | Daniel Stenberg (20 Feb 2018) |
| 1739 | - TODO: warning if curl version is not in sync with libcurl version |
| 1740 | |
| 1741 | Jay Satiro (20 Feb 2018) |
| 1742 | - [Anders Bakken brought this change] |
| 1743 | |
| 1744 | CURLOPT_RESOLVE: Add support for multiple IP addresses per entry |
| 1745 | |
| 1746 | This enables users to preresolve but still take advantage of happy |
| 1747 | eyeballs and trying multiple addresses if some are not connecting. |
| 1748 | |
| 1749 | Ref: https://github.com/curl/curl/pull/2260 |
| 1750 | |
| 1751 | Daniel Stenberg (20 Feb 2018) |
| 1752 | - [Sergio Borghese brought this change] |
| 1753 | |
| 1754 | examples/sftpuploadresume: resume upload via CURLOPT_APPEND |
| 1755 | |
| 1756 | URL: https://curl.haxx.se/mail/lib-2018-02/0072.html |
| 1757 | |
| 1758 | - curl --version: show PSL if the run-time lib has it enabled |
| 1759 | |
| 1760 | ... not of the #define was set at build-time! |
| 1761 | |
| 1762 | - TODO: "Support in-memory certs/ca certs/keys" |
| 1763 | |
| 1764 | removed SSLKEYLOGFILE support (fixed) |
| 1765 | |
| 1766 | removed "consider SSL patches" (outdated) |
| 1767 | |
| 1768 | Closes #2310 |
| 1769 | |
| 1770 | - CURLOPT_HEADER.3: clarify problems with different data sizes |
| 1771 | |
| 1772 | - test1556: verify >16KB headers to the header callback |
| 1773 | |
| 1774 | - header callback: don't chop headers into smaller pieces |
| 1775 | |
| 1776 | Reported-by: Guido Berhoerster |
| 1777 | Fixes #2314 |
| 1778 | Closes #2316 |
| 1779 | |
| 1780 | - test1154: verify that long HTTP headers get rejected |
| 1781 | |
| 1782 | - http: fix the max header length detection logic |
| 1783 | |
| 1784 | Previously, it would only check for max length if the existing alloc |
| 1785 | buffer was to small to fit it, which often would make the header still |
| 1786 | get used. |
| 1787 | |
| 1788 | Reported-by: Guido Berhoerster |
| 1789 | Bug: https://curl.haxx.se/mail/lib-2018-02/0056.html |
| 1790 | |
| 1791 | Closes #2315 |
| 1792 | |
| 1793 | - CURLOPT_HEADERFUNCTION.3: fix typo from d939226813 |
| 1794 | |
| 1795 | Reported-by: Erik Johansson |
| 1796 | Bug: https://github.com/curl/curl/commit/d9392268131c1b8d18dec3fa30e0bded833a5db7#commitcomment-27607495 |
| 1797 | |
| 1798 | - CURLOPT_HEADERFUNCTION.3: mention folded headers |
| 1799 | |
| 1800 | - TODO: 1.1 Option to refuse usernames in URLs |
| 1801 | |
| 1802 | Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas. |
| 1803 | |
| 1804 | - TODO: 1.7 Support HTTP/2 for HTTP(S) proxies |
| 1805 | |
| 1806 | - ssh: add two missing state names |
| 1807 | |
| 1808 | The list of state names (used in debug builds) was out of sync in |
| 1809 | relation to the list of states (used in all builds). |
| 1810 | |
| 1811 | I now added an assert to make sure the sizes of the two lists match, to |
| 1812 | aid in detecting this mistake better in the future. |
| 1813 | |
| 1814 | Regression since c92d2e14cf, shipped in 7.58.0. |
| 1815 | |
| 1816 | Reported-by: Somnath Kundu |
| 1817 | |
| 1818 | Fixes #2312 |
| 1819 | Closes #2313 |
| 1820 | |
| 1821 | - Revert "KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy" |
| 1822 | |
| 1823 | This reverts commit de9fac00c40db321d44fa6fbab6eb62ec4c83998. |
| 1824 | |
| 1825 | Reported-by: Jay Satiro |
| 1826 | |
| 1827 | Jay Satiro (15 Feb 2018) |
| 1828 | - non-ascii: fix implicit declaration warning |
| 1829 | |
| 1830 | Follow-up to b46cfbc. |
| 1831 | |
| 1832 | Caught by Travis CI. |
| 1833 | |
| 1834 | Daniel Stenberg (15 Feb 2018) |
| 1835 | - travis: add build with iconv enabled |
| 1836 | |
| 1837 | ... to verify it builds and works fine. |
| 1838 | |
| 1839 | Ref: https://curl.haxx.se/mail/lib-2017-09/0031.html |
| 1840 | |
| 1841 | Closes #1872 |
| 1842 | |
| 1843 | - TODO: 18.18 retry on network is unreachable |
| 1844 | |
| 1845 | Closes #1603 |
| 1846 | |
| 1847 | - KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy |
| 1848 | |
| 1849 | Closes #1254 |
| 1850 | |
| 1851 | Kamil Dudka (15 Feb 2018) |
| 1852 | - nss: use PK11_CreateManagedGenericObject() if available |
| 1853 | |
| 1854 | ... so that the memory allocated by applications using libcurl does not |
| 1855 | grow per each TLS connection. |
| 1856 | |
| 1857 | Bug: https://bugzilla.redhat.com/1510247 |
| 1858 | |
| 1859 | Closes #2297 |
| 1860 | |
| 1861 | Daniel Stenberg (15 Feb 2018) |
| 1862 | - [Björn Stenberg brought this change] |
| 1863 | |
| 1864 | TODO fixed: Detect when called from within callbacks |
| 1865 | |
| 1866 | Closes #2302 |
| 1867 | |
| 1868 | - BINDINGS: fix curb link (and remove ruby-curl-multi) |
| 1869 | |
| 1870 | Reported-by: Klaus Stein |
| 1871 | |
| 1872 | - curl_gssapi: make sure this file too uses our *printf() |
| 1873 | |
| 1874 | - libcurl-security.3: separate file:// section |
| 1875 | |
| 1876 | ... just to make it more apparent. Even if it repeats |
| 1877 | some pieces of information. |
| 1878 | |
| 1879 | - libcurl-security.3: the http://192.168.0.1/my_router_config case |
| 1880 | |
| 1881 | Mentioned-By: Rich Moore |
| 1882 | |
| 1883 | - libcurl-security.3: mention the URL standards problems too |
| 1884 | |
| 1885 | - libcurl-security.3: split out from libcurl-tutorial.3 |
| 1886 | |
| 1887 | To make more accessible. |
| 1888 | |
| 1889 | Merged in some new language from "URLs are dangerous things" as discussed on |
| 1890 | the mailing list a few days ago: |
| 1891 | |
| 1892 | Bug: https://curl.haxx.se/mail/lib-2018-02/0013.html |
| 1893 | |
| 1894 | - RELEASE-NOTES: synced with e551910f8 |
| 1895 | |
| 1896 | Patrick Monnerat (13 Feb 2018) |
| 1897 | - tests: new tests for http raw mode |
| 1898 | |
| 1899 | Test 319 checks proper raw mode data with non-chunked gzip |
| 1900 | transfer-encoded server data. |
| 1901 | Test 326 checks raw mode with chunked server data. |
| 1902 | |
| 1903 | Bug: #2303 |
| 1904 | Closes #2308 |
| 1905 | |
| 1906 | Kamil Dudka (12 Feb 2018) |
| 1907 | - tlsauthtype.d: works only if libcurl is built with TLS-SRP support |
| 1908 | |
| 1909 | Bug: https://bugzilla.redhat.com/1542256 |
| 1910 | |
| 1911 | Closes #2306 |
| 1912 | |
| 1913 | Patrick Monnerat (12 Feb 2018) |
| 1914 | - smtp: fix processing of initial dot in data |
| 1915 | |
| 1916 | RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command |
| 1917 | should be taken into account when chasing the <CRLF>.<CRLF> end marker. |
| 1918 | Thus a leading dot character in data is also subject to escaping. |
| 1919 | |
| 1920 | Tests 911 and test server are adapted to this situation. |
| 1921 | New tests 951 and 952 check proper handling of initial dot in data. |
| 1922 | |
| 1923 | Closes #2304 |
| 1924 | |
| 1925 | Daniel Stenberg (12 Feb 2018) |
| 1926 | - sha256: avoid redefine |
| 1927 | |
| 1928 | - [Douglas Mencken brought this change] |
| 1929 | |
| 1930 | sha256: build with OpenSSL < 0.9.8 too |
| 1931 | |
| 1932 | support for SHA-2 was introduced in OpenSSL 0.9.8 |
| 1933 | |
| 1934 | Closes #2305 |
| 1935 | |
| 1936 | - [Bruno Grasselli brought this change] |
| 1937 | |
| 1938 | README: language fix |
| 1939 | |
| 1940 | s/off/from |
| 1941 | |
| 1942 | Closes #2300 |
| 1943 | |
| 1944 | Patrick Monnerat (12 Feb 2018) |
| 1945 | - http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING on |
| 1946 | |
| 1947 | Bug: #2303 |
| 1948 | Reported-By: Henry Roeland |
| 1949 | |
| 1950 | Daniel Stenberg (9 Feb 2018) |
| 1951 | - get_posix_time: only check for overflows if they can happen! |
| 1952 | |
| 1953 | Michael Kaufmann (9 Feb 2018) |
| 1954 | - schannel: fix "no previous prototype" compiler warning |
| 1955 | |
| 1956 | Jay Satiro (9 Feb 2018) |
| 1957 | - [Mohammad AlSaleh brought this change] |
| 1958 | |
| 1959 | content_encoding: Add "none" alias to "identity" |
| 1960 | |
| 1961 | Some servers return a "content-encoding" header with a non-standard |
| 1962 | "none" value. |
| 1963 | |
| 1964 | Add "none" as an alias to "identity" as a work-around, to avoid |
| 1965 | unrecognised content encoding type errors. |
| 1966 | |
| 1967 | Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com> |
| 1968 | |
| 1969 | Closes https://github.com/curl/curl/pull/2298 |
| 1970 | |
| 1971 | Steve Holme (8 Feb 2018) |
| 1972 | - build-openssl.bat: Follow up to 648679ab8e to suppress copy/move output |
| 1973 | |
| 1974 | - build-openssl.bat: Fixed incorrect move if destination build folder exists |
| 1975 | |
| 1976 | Michael Kaufmann (8 Feb 2018) |
| 1977 | - schannel: fix compiler warnings |
| 1978 | |
| 1979 | Closes #2296 |
| 1980 | |
| 1981 | Steve Holme (7 Feb 2018) |
| 1982 | - curl_addrinfo.c: Allow Unix Domain Sockets to compile under Windows |
| 1983 | |
| 1984 | Windows 10.0.17061 SDK introduces support for Unix Domain Sockets. |
| 1985 | Added the necessary include file to curl_addrinfo.c. |
| 1986 | |
| 1987 | Note: The SDK (which is considered beta) has to be installed, VS 2017 |
| 1988 | project file has to be re-targeted for Windows 10.0.17061 and #define |
| 1989 | enabled in config-win32.h. |
| 1990 | |
| 1991 | Patrick Monnerat (7 Feb 2018) |
| 1992 | - fnmatch: optimize processing of consecutive *s and ?s pattern characters |
| 1993 | |
| 1994 | Reported-By: Daniel Stenberg |
| 1995 | Fixes #2291 |
| 1996 | Closes #2293 |
| 1997 | |
| 1998 | Steve Holme (6 Feb 2018) |
| 1999 | - build-openssl.bat/build-wolfssl.bat: Build platform is optional |
| 2000 | |
| 2001 | Whilst the compiler parameter is mandatory, platform is optional as it |
| 2002 | is automatically calculated by the :configure section. |
| 2003 | |
| 2004 | This partially reverts commit 6d62d2c55d. |
| 2005 | |
| 2006 | Daniel Stenberg (6 Feb 2018) |
| 2007 | - [Patrick Schlangen brought this change] |
| 2008 | |
| 2009 | openssl: Don't add verify locations when verifypeer==0 |
| 2010 | |
| 2011 | When peer verification is disabled, calling |
| 2012 | SSL_CTX_load_verify_locations is not necessary. Only call it when |
| 2013 | verification is enabled to save resources and increase performance. |
| 2014 | |
| 2015 | Closes #2290 |
| 2016 | |
| 2017 | Steve Holme (5 Feb 2018) |
| 2018 | - build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional |
| 2019 | |
| 2020 | ...and not just the Community Edition. |
| 2021 | |
| 2022 | - build-openssl.bat: Extend VC15 support to include Enterprise and Professional |
| 2023 | |
| 2024 | ...and not just the Community Edition. |
| 2025 | |
| 2026 | Michael Kaufmann (5 Feb 2018) |
| 2027 | - time-cond: fix reading the file modification time on Windows |
| 2028 | |
| 2029 | On Windows, stat() may adjust the unix file time by a daylight saving time |
| 2030 | offset. Avoid this by calling GetFileTime() instead. |
| 2031 | |
| 2032 | Fixes #2164 |
| 2033 | Closes #2204 |
| 2034 | |
| 2035 | Daniel Stenberg (5 Feb 2018) |
| 2036 | - formdata: use the mime-content type function |
| 2037 | |
| 2038 | Reduce code duplication by making Curl_mime_contenttype available and |
| 2039 | used by the formdata function. This also makes the formdata function |
| 2040 | recognize a set of more file extensions by default. |
| 2041 | |
| 2042 | PR #2280 brought this to my attention. |
| 2043 | |
| 2044 | Closes #2282 |
| 2045 | |
| 2046 | - getdate: return -1 for out of range |
| 2047 | |
| 2048 | ...as that's how the function is documented to work. |
| 2049 | |
| 2050 | Reported-by: Michael Kaufmann |
| 2051 | Bug found in an autobuild with 32 bit time_t |
| 2052 | |
| 2053 | Closes #2278 |
| 2054 | |
| 2055 | - [Ben Greear brought this change] |
| 2056 | |
| 2057 | build: fix termios issue on android cross-compile |
| 2058 | |
| 2059 | Bug: https://curl.haxx.se/mail/lib-2018-01/0122.html |
| 2060 | Signed-off-by: Ben Greear <greearb@candelatech.com> |
| 2061 | |
| 2062 | - time_t-fixes: remove typecasts to 'long' for info.filetime |
| 2063 | |
| 2064 | They're now wrong. |
| 2065 | |
| 2066 | Reported-by: Michael Kaufmann |
| 2067 | |
| 2068 | Closes #2277 |
| 2069 | |
| 2070 | - curl_setup: move the precautionary define of SIZEOF_TIME_T |
| 2071 | |
| 2072 | ... up to before it may be used for the TIME_T_MAX/MIN logic. |
| 2073 | |
| 2074 | Reported-by: Michael Kaufmann |
| 2075 | |
| 2076 | - parsedate: s/#if/#ifdef |
| 2077 | |
| 2078 | Reported-by: Michael Kaufmann |
| 2079 | Bug: https://github.com/curl/curl/commit/1c39128d974666107fc6d9ea15f294036851f224#commitcomment-27246479 |
| 2080 | |
| 2081 | Patrick Monnerat (31 Jan 2018) |
| 2082 | - fnmatch: pattern syntax can no longer fail |
| 2083 | |
| 2084 | Whenever an expected pattern syntax rule cannot be matched, the |
| 2085 | character starting the rule loses its special meaning and the parsing |
| 2086 | is resumed: |
| 2087 | - backslash at the end of pattern string matches itself. |
| 2088 | - Error in [:keyword:] results in set containing :\[dekorwy. |
| 2089 | |
| 2090 | Unit test 1307 updated for this new situation. |
| 2091 | |
| 2092 | Closes #2273 |
| 2093 | |
| 2094 | - fnmatch: accept an alphanum to be followed by a non-alphanum in char set |
| 2095 | |
| 2096 | Also be more tolerant about set pattern syntax. |
| 2097 | Update unit test 1307 accordingly. |
| 2098 | |
| 2099 | Bug: https://curl.haxx.se/mail/lib-2018-01/0114.html |
| 2100 | |
| 2101 | - fnmatch: do not match the empty string with a character set |
| 2102 | |
| 2103 | Jay Satiro (30 Jan 2018) |
| 2104 | - build: fix windows build methods for curl_ctype.c |
| 2105 | |
| 2106 | - Fix winbuild and the VS project generator to treat curl_ctype.{c,h} as |
| 2107 | curlx files since they are required by both src and lib. |
| 2108 | |
| 2109 | Follow-up to 4272a0b which added curl_ctype. |
| 2110 | |
| 2111 | Daniel Stenberg (30 Jan 2018) |
| 2112 | - progress-bar.d: update to match implementation |
| 2113 | |
| 2114 | ... since commit 993dd5651a6 |
| 2115 | |
| 2116 | Reported-by: Martin Dreher |
| 2117 | Bug: https://github.com/curl/curl/pull/2242#issuecomment-361059228 |
| 2118 | |
| 2119 | Closes #2271 |
| 2120 | |
| 2121 | - http2: set DEBUG_HTTP2 to enable more HTTP/2 logging |
| 2122 | |
| 2123 | ... instead of doing it unconditionally in debug builds. It cluttered up |
| 2124 | the output a little too much. |
| 2125 | |
| 2126 | - [Max Dymond brought this change] |
| 2127 | |
| 2128 | file: Check the return code from Curl_range and bail out on error |
| 2129 | |
| 2130 | - [Max Dymond brought this change] |
| 2131 | |
| 2132 | Curl_range: add check to ensure "from <= to" |
| 2133 | |
| 2134 | - [Max Dymond brought this change] |
| 2135 | |
| 2136 | Curl_range: commonize FTP and FILE range handling |
| 2137 | |
| 2138 | Closes #2205 |
| 2139 | |
| 2140 | - RELEASE-NOTES: synced with 811beab9f |
| 2141 | |
| 2142 | - curlver: next release will be 7.59.0 |
| 2143 | |
| 2144 | - [Michał Janiszewski brought this change] |
| 2145 | |
| 2146 | curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 |
| 2147 | |
| 2148 | Closes #2275 |
| 2149 | |
| 2150 | - time: support > year 2038 time stamps for system with 32bit long |
| 2151 | |
| 2152 | ... with the introduction of CURLOPT_TIMEVALUE_LARGE and |
| 2153 | CURLINFO_FILETIME_T. |
| 2154 | |
| 2155 | Fixes #2238 |
| 2156 | Closes #2264 |
| 2157 | |
| 2158 | - curl_easy_reset: clear digest auth state |
| 2159 | |
| 2160 | Bug: https://curl.haxx.se/mail/lib-2018-01/0074.html |
| 2161 | Reported-by: Ruurd Beerstra |
| 2162 | Fixes #2255 |
| 2163 | Closes #2272 |
| 2164 | |
| 2165 | - [Adam Marcionek brought this change] |
| 2166 | |
| 2167 | winbuild: make linker generate proper PDB |
| 2168 | |
| 2169 | Link.exe requires /DEBUG to properly generate a full pdb file on release |
| 2170 | builds. |
| 2171 | |
| 2172 | Closes #2274 |
| 2173 | |
| 2174 | - curl: add --proxy-pinnedpubkey |
| 2175 | |
| 2176 | To verify a proxy's public key. For when using HTTPS proxies. |
| 2177 | |
| 2178 | Fixes #2192 |
| 2179 | Closes #2268 |
| 2180 | |
| 2181 | - configure: set PATH_SEPARATOR to colon for PATH w/o separator |
| 2182 | |
| 2183 | The logic tries to figure out what the path separator in the $PATH |
| 2184 | variable is, but if there's only one directory in the $PATH it |
| 2185 | fails. This change make configure *guess* on colon instead of erroring |
| 2186 | out, simply because that is probably the more common character. |
| 2187 | |
| 2188 | PATH_SEPARATOR can always be set by the user to override the guessing. |
| 2189 | |
| 2190 | (tricky bug to reproduce, as in my case for example the configure script |
| 2191 | requires binaries in more than one directory so passing in a PATH with a |
| 2192 | single dir fails.) |
| 2193 | |
| 2194 | Reported-by: Earnestly on github |
| 2195 | Fixes #2202 |
| 2196 | Closes #2265 |
| 2197 | |
| 2198 | - curl_ctype: private is*() type macros and functions |
| 2199 | |
| 2200 | ... since the libc provided one are locale dependent in a way we don't |
| 2201 | want. Also, the "native" isalnum() (for example) works differently on |
| 2202 | different platforms which caused test 1307 failures on macos only. |
| 2203 | |
| 2204 | Closes #2269 |
| 2205 | |
| 2206 | Marcel Raad (29 Jan 2018) |
| 2207 | - build: open VC15 projects with VS 2017 |
| 2208 | |
| 2209 | Previously, they were opened with Visual Studio 2015 by default, which |
| 2210 | cannot build them. |
| 2211 | |
| 2212 | Daniel Stenberg (29 Jan 2018) |
| 2213 | - RELEASE-NOTES: synced with 094647fca |
| 2214 | |
| 2215 | - TODO: UTF-8 filenames in Content-Disposition |
| 2216 | |
| 2217 | Closes #1888 |
| 2218 | |
| 2219 | - KNOWN_BUGS: DICT responses show the underlying protocol |
| 2220 | |
| 2221 | Closes #1809 |
| 2222 | |
| 2223 | Jay Satiro (27 Jan 2018) |
| 2224 | - [Alessandro Ghedini brought this change] |
| 2225 | |
| 2226 | docs: fix typos in man pages |
| 2227 | |
| 2228 | Closes https://github.com/curl/curl/pull/2266 |
| 2229 | |
| 2230 | Patrick Monnerat (26 Jan 2018) |
| 2231 | - lib555: drop text conversion and encode data as ascii codes |
| 2232 | |
| 2233 | If CURL_DOES_CONVERSION is enabled, uploaded LFs are mapped to CRLFs, |
| 2234 | giving a result that is different from what is expected. |
| 2235 | This commit avoids using CURLOPT_TRANSFERTEXT and directly encodes data |
| 2236 | to upload in ascii. |
| 2237 | |
| 2238 | Bug: https://github.com/curl/curl/pull/1872 |
| 2239 | |
| 2240 | Daniel Stenberg (26 Jan 2018) |
| 2241 | - lib517: make variable static to avoid compiler warning |
| 2242 | |
| 2243 | ... with clang on macos |
| 2244 | |
| 2245 | Patrick Monnerat (26 Jan 2018) |
| 2246 | - lib544: sync ascii code data with textual data |
| 2247 | |
| 2248 | Data mismatch caused test 545 to fail when character encoding |
| 2249 | conversion is enabled. |
| 2250 | |
| 2251 | Bug: https://github.com/curl/curl/pull/1872 |
| 2252 | |
| 2253 | Daniel Stenberg (25 Jan 2018) |
| 2254 | - [Travis Burtrum brought this change] |
| 2255 | |
| 2256 | GSKit: restore pinnedpubkey functionality |
| 2257 | |
| 2258 | inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 |
| 2259 | |
| 2260 | Closes #2263 |
| 2261 | |
| 2262 | - [Dair Grant brought this change] |
| 2263 | |
| 2264 | darwinssl: Don't import client certificates into Keychain on macOS |
| 2265 | |
| 2266 | Closes #2085 |
| 2267 | |
| 2268 | - configure: fix the check for unsigned time_t |
| 2269 | |
| 2270 | Assign the time_t variable negative value and then check if it is |
| 2271 | greater than zero, which will evaluate true for unsigned time_t but |
| 2272 | false for signed time_t. |
| 2273 | |
| 2274 | - parsedate: fix date parsing for systems with 32 bit long |
| 2275 | |
| 2276 | Make curl_getdate() handle dates before 1970 as well (returning negative |
| 2277 | values). |
| 2278 | |
| 2279 | Make test 517 test dates for 64 bit time_t. |
| 2280 | |
| 2281 | This fixes bug (3) mentioned in #2238 |
| 2282 | |
| 2283 | Closes #2250 |
| 2284 | |
| 2285 | - [McDonough, Tim brought this change] |
| 2286 | |
| 2287 | openssl: fix pinned public key build error in FIPS mode |
| 2288 | |
| 2289 | Here is a version that should work with all versions of openssl 0.9.7 |
| 2290 | through 1.1.0. |
| 2291 | |
| 2292 | Links to the docs: |
| 2293 | https://www.openssl.org/docs/man1.0.2/crypto/EVP_DigestInit.html |
| 2294 | https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestInit.html |
| 2295 | |
| 2296 | At the very bottom of the 1.1.0 documentation there is a history section |
| 2297 | that states, " stack allocated EVP_MD_CTXs are no longer supported." |
| 2298 | |
| 2299 | If EVP_MD_CTX_create and EVP_MD_CTX_destroy are not defined, then a |
| 2300 | simple mapping can be used as described here: |
| 2301 | https://wiki.openssl.org/index.php/Talk:OpenSSL_1.1.0_Changes |
| 2302 | |
| 2303 | Closes #2258 |
| 2304 | |
| 2305 | - [Travis Burtrum brought this change] |
| 2306 | |
| 2307 | SChannel/WinSSL: Replace Curl_none_md5sum with Curl_schannel_md5sum |
| 2308 | |
| 2309 | - [Travis Burtrum brought this change] |
| 2310 | |
| 2311 | SChannel/WinSSL: Implement public key pinning |
| 2312 | |
| 2313 | Closes #1429 |
| 2314 | |
| 2315 | - bump: towards 7.58.1 |
| 2316 | |
| 2317 | - cookies: remove verbose "cookie size:" output |
| 2318 | |
| 2319 | It was once used for some debugging/verifying logic but should never have |
| 2320 | ended up in git! |
| 2321 | |
| 2322 | - TODO: hardcode the "localhost" addresses |
| 2323 | |
| 2324 | - TODO: CURL_REFUSE_CLEARTEXT |
| 2325 | |
| 2326 | An idea that popped up in discussions on twitter. |
| 2327 | |
| 2328 | - progress-bar: don't use stderr explicitly, use bar->out |
| 2329 | |
| 2330 | Reported-By: Gisle Vanem |
| 2331 | Bug: https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080 |
| 2332 | |
| 2333 | GitHub (24 Jan 2018) |
| 2334 | - [Gisle Vanem brought this change] |
| 2335 | |
| 2336 | Fixes for MSDOS etc. |
| 2337 | |
| 2338 | djgpp do have 'mkdir(dir, mode)'. Other DOS-compilers does not |
| 2339 | But djgpp seems the only choice for MSDOS anyway. |
| 2340 | |
| 2341 | PellesC do have a 'F_OK' defined in it's <unistd.h>. |
| 2342 | |
| 2343 | Update year in Copyright. |
| 2344 | |
| 2345 | - [Gisle Vanem brought this change] |
| 2346 | |
| 2347 | Fix small typo. |
| 2348 | |
Elliott Hughes | 0128fe4 | 2018-02-27 14:57:55 -0800 | [diff] [blame] | 2349 | Version 7.58.0 (23 Jan 2018) |
| 2350 | |
| 2351 | Daniel Stenberg (23 Jan 2018) |
| 2352 | - RELEASE: 7.58.0 |
| 2353 | |
| 2354 | - [Gisle Vanem brought this change] |
| 2355 | |
| 2356 | progress-bar: get screen width on windows |
| 2357 | |
| 2358 | - test1454: --connect-to with IPv6 address w/o IPv6 support! |
| 2359 | |
| 2360 | - CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support |
| 2361 | |
| 2362 | Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html |
| 2363 | Reported-by: John Hascall |
| 2364 | |
| 2365 | Closes #2257 |
| 2366 | |
| 2367 | - docs: fix man page syntax to make test 1140 OK again |
| 2368 | |
| 2369 | - http: prevent custom Authorization headers in redirects |
| 2370 | |
| 2371 | ... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how |
| 2372 | curl already handles Authorization headers created internally. |
| 2373 | |
| 2374 | Note: this changes behavior slightly, for the sake of reducing mistakes. |
| 2375 | |
| 2376 | Added test 317 and 318 to verify. |
| 2377 | |
| 2378 | Reported-by: Craig de Stigter |
| 2379 | Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html |
| 2380 | |
| 2381 | - curl: progress bar refresh, get width using ioctl() |
| 2382 | |
| 2383 | Get screen width from the environment variable COLUMNS first, if set. If |
| 2384 | not, use ioctl(). If nether works, assume 79. |
| 2385 | |
| 2386 | Closes #2242 |
| 2387 | |
| 2388 | The "refresh" is for the -# output when no total transfer size is |
| 2389 | known. It will now only use a single updated line even for this case: |
| 2390 | |
| 2391 | The "-=O=-" ship moves when data is transferred. The four flying |
| 2392 | "hashes" move (on a sine wave) on each refresh, independent of data. |
| 2393 | |
| 2394 | - RELEASE-NOTES: synced with bb0ffcc36 |
| 2395 | |
| 2396 | - libcurl-env.3: first take |
| 2397 | |
| 2398 | - TODO: two possible name resolver improvements |
| 2399 | |
| 2400 | - [Kartik Mahajan brought this change] |
| 2401 | |
| 2402 | http2: don't close connection when single transfer is stopped |
| 2403 | |
| 2404 | Fixes #2237 |
| 2405 | Closes #2249 |
| 2406 | |
| 2407 | - test558: fix for multissl builds |
| 2408 | |
| 2409 | vtls.c:multissl_init() might do a curl_free() call so strip that out to |
| 2410 | make this work with more builds. We just want to verify that |
| 2411 | memorytracking works so skipping one line is no harm. |
| 2412 | |
| 2413 | - examples/url2file.c: add missing curl_global_cleanup() call |
| 2414 | |
| 2415 | Reported-by: XhstormR on github |
| 2416 | Fixes #2245 |
| 2417 | |
| 2418 | - [Michael Gmelin brought this change] |
| 2419 | |
| 2420 | SSH: Fix state machine for ssh-agent authentication |
| 2421 | |
| 2422 | In case an identity didn't match[0], the state machine would fail in |
| 2423 | state SSH_AUTH_AGENT instead of progressing to the next identity in |
| 2424 | ssh-agent. As a result, ssh-agent authentication only worked if the |
| 2425 | identity required happened to be the first added to ssh-agent. |
| 2426 | |
| 2427 | This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which |
| 2428 | stated that the "else" statement was required to prevent getting stuck |
| 2429 | in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's |
| 2430 | interface I couldn't see how this could happen or reproduce it and I |
| 2431 | also couldn't find a more detailed description of the problem which |
| 2432 | would explain a test case to reproduce the problem this was supposed to |
| 2433 | fix. |
| 2434 | |
| 2435 | [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED |
| 2436 | |
| 2437 | Closes #2248 |
| 2438 | |
| 2439 | - openssl: fix potential memory leak in SSLKEYLOGFILE logic |
| 2440 | |
| 2441 | Coverity CID 1427646. |
| 2442 | |
| 2443 | - openssl: fix the libressl build again |
| 2444 | |
| 2445 | Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is |
| 2446 | late OpenSSL version... |
| 2447 | |
| 2448 | Fixes #2246 |
| 2449 | Closes #2247 |
| 2450 | |
| 2451 | Reported-by: jungle-boogie on github |
| 2452 | |
| 2453 | - unit1307: test many wildcards too |
| 2454 | |
| 2455 | - curl_fnmatch: only allow 5 '*' sections in a single pattern |
| 2456 | |
| 2457 | ... to avoid excessive recursive calls. The number 5 is totally |
| 2458 | arbitrary and could be modified if someone has a good motivation. |
| 2459 | |
| 2460 | - ftp-wildcard: fix matching an empty string with "*[^a]" |
| 2461 | |
| 2462 | .... and avoid advancing the pointer to trigger an out of buffer read. |
| 2463 | |
| 2464 | Detected by OSS-fuzz |
| 2465 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251 |
| 2466 | Assisted-by: Max Dymond |
| 2467 | |
| 2468 | - SMB: fix numeric constant suffix and variable types |
| 2469 | |
| 2470 | 1. don't use "ULL" suffix since unsupported in older MSVC |
| 2471 | 2. use curl_off_t instead of custom long long ifdefs |
| 2472 | 3. make get_posix_time() not do unaligned data access |
| 2473 | |
| 2474 | Fixes #2211 |
| 2475 | Closes #2240 |
| 2476 | Reported-by: Chester Liu |
| 2477 | |
| 2478 | - [rouzier brought this change] |
| 2479 | |
| 2480 | CURLOPT_TCP_NODELAY.3: fix typo |
| 2481 | |
| 2482 | Closes #2239 |
| 2483 | |
| 2484 | - smtp/pop3/imap_get_message: decrease the data length too... |
| 2485 | |
| 2486 | Follow-up commit to 615edc1f73 which was incomplete. |
| 2487 | |
| 2488 | Assisted-by: Max Dymond |
| 2489 | Detected by OSS-fuzz |
| 2490 | Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206 |
| 2491 | |
| 2492 | - openssl: enable SSLKEYLOGFILE support by default |
| 2493 | |
| 2494 | Fixes #2210 |
| 2495 | Closes #2236 |
| 2496 | |
| 2497 | Patrick Monnerat (14 Jan 2018) |
| 2498 | - mime: clone mime tree upon easy handle duplication. |
| 2499 | |
| 2500 | A mime tree attached to an easy handle using CURLOPT_MIMEPOST is |
| 2501 | strongly bound to the handle: there is a pointer to the easy handle in |
| 2502 | each item of the mime tree and following the parent pointer list |
| 2503 | of mime items ends in a dummy part stored within the handle. |
| 2504 | |
| 2505 | Because of this binding, a mime tree cannot be shared between different |
| 2506 | easy handles, thus it needs to be cloned upon easy handle duplication. |
| 2507 | |
| 2508 | There is no way for the caller to get the duplicated mime tree |
| 2509 | handle: it is then set to be automatically destroyed upon freeing the |
| 2510 | new easy handle. |
| 2511 | |
| 2512 | New test 654 checks proper mime structure duplication/release. |
| 2513 | |
| 2514 | Add a warning note in curl_mime_data_cb() documentation about sharing |
| 2515 | user data between duplicated handles. |
| 2516 | |
| 2517 | Closes #2235 |
| 2518 | |
| 2519 | - docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata |
| 2520 | |
| 2521 | Daniel Stenberg (13 Jan 2018) |
| 2522 | - test395: HTTP with overflow Content-Length value |
| 2523 | |
| 2524 | - test394: verify abort of rubbish in Content-Length: value |
| 2525 | |
| 2526 | - test393: verify --max-filesize with excessive Content-Length |
| 2527 | |
| 2528 | - HTTP: bail out on negative Content-Length: values |
| 2529 | |
| 2530 | ... and make the max filesize check trigger if the value is too big. |
| 2531 | |
| 2532 | Updates test 178. |
| 2533 | |
| 2534 | Reported-by: Brad Spencer |
| 2535 | Fixes #2212 |
| 2536 | Closes #2223 |
| 2537 | |
| 2538 | Marcel Raad (13 Jan 2018) |
| 2539 | - [Dan Johnson brought this change] |
| 2540 | |
| 2541 | configure.ac: append extra linker flags instead of prepending them. |
| 2542 | |
| 2543 | Link order should list libraries after the libraries that use them, |
| 2544 | so when we're guessing that we might also need to add -ldl in order |
| 2545 | to use -lssl, we should add -ldl after -lssl. |
| 2546 | |
| 2547 | Closes https://github.com/curl/curl/pull/2234 |
| 2548 | |
| 2549 | Daniel Stenberg (13 Jan 2018) |
| 2550 | - RELEASE-NOTES: synced with 6fa10c8fa |
| 2551 | |
| 2552 | Jay Satiro (13 Jan 2018) |
| 2553 | - setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values |
| 2554 | |
| 2555 | Broken since f121575 (precedes 7.56.1). |
| 2556 | |
| 2557 | Bug: https://github.com/curl/curl/issues/2225 |
| 2558 | Reported-by: cmfrolick@users.noreply.github.com |
| 2559 | |
| 2560 | Closes https://github.com/curl/curl/pull/2227 |
| 2561 | |
| 2562 | Patrick Monnerat (13 Jan 2018) |
| 2563 | - setopt: reintroduce non-static Curl_vsetopt() for OS400 support |
| 2564 | |
| 2565 | This also upgrades ILE/RPG bindings with latest setopt options. |
| 2566 | |
| 2567 | Reported-By: jonrumsey on github |
| 2568 | Fixes #2230 |
| 2569 | Closes #2233 |
| 2570 | |
| 2571 | Jay Satiro (11 Jan 2018) |
| 2572 | - [Zhouyihai Ding brought this change] |
| 2573 | |
| 2574 | http2: fix incorrect trailer buffer size |
| 2575 | |
| 2576 | Prior to this change the stored byte count of each trailer was |
| 2577 | miscalculated and 1 less than required. It appears any trailer |
| 2578 | after the first that was passed to Curl_client_write would be truncated |
| 2579 | or corrupted as well as the size. Potentially the size of some |
| 2580 | subsequent trailer could be erroneously extracted from the contents of |
| 2581 | that trailer, and since that size is used by client write an |
| 2582 | out-of-bounds read could occur and cause a crash or be otherwise |
| 2583 | processed by client write. |
| 2584 | |
| 2585 | The bug appears to have been born in 0761a51 (precedes 7.49.0). |
| 2586 | |
| 2587 | Closes https://github.com/curl/curl/pull/2231 |
| 2588 | |
| 2589 | - [Basuke Suzuki brought this change] |
| 2590 | |
| 2591 | easy: fix connection ownership in curl_easy_pause |
| 2592 | |
| 2593 | Before calling Curl_client_chop_write(), change the owner of connection |
| 2594 | to the current Curl_easy handle. This will fix the issue #2217. |
| 2595 | |
| 2596 | Fixes https://github.com/curl/curl/issues/2217 |
| 2597 | Closes https://github.com/curl/curl/pull/2221 |
| 2598 | |
| 2599 | Daniel Stenberg (9 Jan 2018) |
| 2600 | - [Dimitrios Apostolou brought this change] |
| 2601 | |
| 2602 | system.h: Additionally check __LONG_MAX__ for defining curl_off_t |
| 2603 | |
| 2604 | __SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced |
| 2605 | in GCC 3.3. |
| 2606 | |
| 2607 | Closes #2216 |
| 2608 | |
| 2609 | - COPYING: it's 2018! |
| 2610 | |
| 2611 | - progress: calculate transfer speed on milliseconds if possible |
| 2612 | |
| 2613 | to increase accuracy for quick transfers |
| 2614 | |
| 2615 | Fixes #2200 |
| 2616 | Closes #2206 |
| 2617 | |
| 2618 | Jay Satiro (7 Jan 2018) |
| 2619 | - scripts: allow all perl scripts to be run directly |
| 2620 | |
| 2621 | - Enable execute permission (chmod +x) |
| 2622 | |
| 2623 | - Change interpreter to /usr/bin/env perl |
| 2624 | |
| 2625 | Closes https://github.com/curl/curl/pull/2222 |
| 2626 | |
| 2627 | - mail-rcpt.d: fix short-text description |
| 2628 | |
| 2629 | - build: remove HAVE_LIMITS_H check |
| 2630 | |
| 2631 | .. because limits.h presence isn't optional, it's required by C89. |
| 2632 | |
| 2633 | Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2 |
| 2634 | |
| 2635 | Closes https://github.com/curl/curl/pull/2215 |
| 2636 | |
| 2637 | - openssl: fix memory leak of SSLKEYLOGFILE filename |
| 2638 | |
| 2639 | - Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl |
| 2640 | initialization. |
| 2641 | |
| 2642 | Caught by ASAN. |
| 2643 | |
| 2644 | - Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX" |
| 2645 | |
| 2646 | This reverts commit c97648b55080343bb371522bf4233e94a2a13a99. |
| 2647 | |
| 2648 | SIZEOF_LONG should not be checked in system.h since that macro is only |
| 2649 | defined when building libcurl. |
| 2650 | |
| 2651 | Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080 |
| 2652 | Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html |
| 2653 | |
| 2654 | Michael Kaufmann (30 Dec 2017) |
| 2655 | - test1554: improve the error handling |
| 2656 | |
| 2657 | - test1554: add global initialization and cleanup |
| 2658 | |
| 2659 | Daniel Stenberg (29 Dec 2017) |
| 2660 | - curl_version_info.3: call the argument 'age' |
| 2661 | |
| 2662 | Reported-by: Pete Lomax |
| 2663 | Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html |
| 2664 | |
| 2665 | Patrick Monnerat (27 Dec 2017) |
| 2666 | - [Mikalai Ananenka brought this change] |
| 2667 | |
| 2668 | brotli: data at the end of content can be lost |
| 2669 | |
| 2670 | Decoding loop implementation did not concern the case when all |
| 2671 | received data is consumed by Brotli decoder and the size of decoded |
| 2672 | data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE. |
| 2673 | For content with unencoded length greater than CURL_MAX_WRITE_SIZE this |
| 2674 | can result in the loss of data at the end of content. |
| 2675 | |
| 2676 | Closes #2194 |
| 2677 | |
| 2678 | Jay Satiro (26 Dec 2017) |
| 2679 | - examples/cacertinmem: ignore cert-already-exists error |
| 2680 | |
| 2681 | - Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback |
| 2682 | since it's possible the cert may have already been loaded by libcurl. |
| 2683 | |
| 2684 | - Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc. |
| 2685 | Instead have it direct the reader to this cacertinmem.c example. |
| 2686 | |
| 2687 | - Fix the CA certificate to use the right CA for example.com, Digicert. |
| 2688 | |
| 2689 | Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html |
| 2690 | Reported-by: Thomas van Hesteren |
| 2691 | |
| 2692 | Closes https://github.com/curl/curl/pull/2182 |
| 2693 | |
| 2694 | - [Gisle Vanem brought this change] |
| 2695 | |
| 2696 | tool_getparam: Support size modifiers for --max-filesize |
| 2697 | |
| 2698 | - Move the size modifier detection code from limit-rate to its own |
| 2699 | function so that it can also be used with max-filesize. |
| 2700 | |
| 2701 | Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc. |
| 2702 | |
| 2703 | For example --max-filesize 1G |
| 2704 | |
| 2705 | Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html |
| 2706 | |
| 2707 | Closes https://github.com/curl/curl/pull/2179 |
| 2708 | |
| 2709 | Steve Holme (22 Dec 2017) |
| 2710 | - build: Fixed incorrect script termination from commit ad1dc10e61 |
| 2711 | |
| 2712 | - Makefile.vc: Added our standard copyright header |
| 2713 | |
| 2714 | - winbuild: Added support for VC15 |
| 2715 | |
| 2716 | - build: Added Visual Studio 2017 project files |
| 2717 | |
| 2718 | - build-wolfssl.bat: Added support for VC15 |
| 2719 | |
| 2720 | - build-openssl.bat: Added support for VC15 |
| 2721 | |
| 2722 | Jay Satiro (22 Dec 2017) |
| 2723 | - [Dimitrios Apostolou brought this change] |
| 2724 | |
| 2725 | curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX |
| 2726 | |
| 2727 | Closes https://github.com/curl/curl/pull/2186 |
| 2728 | |
| 2729 | - [Mattias Fornander brought this change] |
| 2730 | |
| 2731 | examples/rtsp: fix error handling macros |
| 2732 | |
| 2733 | Closes https://github.com/curl/curl/pull/2185 |
| 2734 | |
| 2735 | Patrick Monnerat (20 Dec 2017) |
| 2736 | - curl_easy_reset: release mime-related data. |
| 2737 | |
| 2738 | Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level |
| 2739 | functions dealing with UserDefined structure contents. |
| 2740 | This avoids memory leakages on curl-generated part mime headers. |
| 2741 | New test 2073 checks this using the cli tool --next option: it |
| 2742 | triggers a valgrind error if bug is present. |
| 2743 | |
| 2744 | Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html |
| 2745 | Reported-by: Martin Galvan |
| 2746 | |
| 2747 | - content_encoding: rework zlib_inflate |
| 2748 | |
| 2749 | - When zlib version is < 1.2.0.4, process gzip trailer before considering |
| 2750 | extra data as an error. |
| 2751 | - Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data |
| 2752 | and minimize corrupt data output. |
| 2753 | - Do not try to restart deflate decompression in raw mode if output has |
| 2754 | started or if the leading data is not available anymore. |
| 2755 | - New test 232 checks inflating raw-deflated content. |
| 2756 | |
| 2757 | Closes #2068 |
| 2758 | |
| 2759 | - brotli: allow compiling with version 0.6.0. |
| 2760 | |
| 2761 | Some error codes were not yet defined in brotli 0.6.0: do not issue code |
| 2762 | for them in this case. |
| 2763 | |
| 2764 | Daniel Stenberg (13 Dec 2017) |
| 2765 | - CURLOPT_READFUNCTION.3: refer to argument with correct name |
| 2766 | |
| 2767 | Bug: #2175 |
| 2768 | |
| 2769 | [ci skip] |
| 2770 | |
| 2771 | - rand: add a clang-analyzer work-around |
| 2772 | |
| 2773 | scan-build would warn on a potential access of an uninitialized |
| 2774 | buffer. I deem it a false positive and had to add this somewhat ugly |
| 2775 | work-around to silence it. |
| 2776 | |
| 2777 | - krb5: fix a potential access of uninitialized memory |
| 2778 | |
| 2779 | A scan-build warning. |
| 2780 | |
| 2781 | - conncache: fix a return code [regression] |
| 2782 | |
| 2783 | This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed |
| 2784 | out by scan-build! |
| 2785 | |
| 2786 | - curl: support >256 bytes warning messsages |
| 2787 | |
| 2788 | Bug: #2174 |
| 2789 | |
| 2790 | Michael Kaufmann (12 Dec 2017) |
| 2791 | - libssh: fix a syntax error in configure.ac |
| 2792 | |
| 2793 | Follow-up to c92d2e1 |
| 2794 | |
| 2795 | Closes #2172 |
| 2796 | |
| 2797 | Daniel Stenberg (12 Dec 2017) |
| 2798 | - examples/smtp-mail.c: use separate defines for options and mail |
| 2799 | |
| 2800 | ... to make it clearer that the options want address-only, while the |
| 2801 | headers in an email can also have the real name. |
| 2802 | |
| 2803 | Assisted-by: Sean MacLennan |
| 2804 | |
| 2805 | - THANKS: added missing names |
| 2806 | |
| 2807 | ... as I reran the contrithanks script after the mailmap name fixups. |
| 2808 | |
| 2809 | - mailmap: added/clarified several names |
| 2810 | |
| 2811 | - setopt: less *or equal* than INT_MAX/1000 should be fine |
| 2812 | |
| 2813 | ... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and |
| 2814 | CURLOPT_SERVER_RESPONSE_TIMEOUT range checks. |
| 2815 | |
| 2816 | Reported-by: Dominik Hölzl |
| 2817 | Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html |
| 2818 | |
| 2819 | Closes #2173 |
| 2820 | |
| 2821 | - [Dmitry Kostjuchenko brought this change] |
| 2822 | |
| 2823 | vtls: replaced getenv() with curl_getenv() |
| 2824 | |
| 2825 | Fixed undefined symbol of getenv() which does not exist when compiling |
| 2826 | for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with |
| 2827 | curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP |
| 2828 | is defined. |
| 2829 | |
| 2830 | Closes #2171 |
| 2831 | |
| 2832 | - RELEASE-NOTES: synced with 3b9ea70ee |
| 2833 | |
| 2834 | - TODO: Expose tried IP addresses that failed |
| 2835 | |
| 2836 | Suggested-by: Rainer Canavan |
| 2837 | |
| 2838 | Closes #2126 |
| 2839 | |
| 2840 | - curl.1: mention http:// and https:// as valid proxy prefixes |
| 2841 | |
| 2842 | - curl.1: documented two missing valid exit codes |
| 2843 | |
| 2844 | - CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference |
| 2845 | |
| 2846 | - Revert "curl: don't set CURLOPT_INTERLEAVEDATA" |
| 2847 | |
| 2848 | This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955. |
| 2849 | |
| 2850 | It was actually added rather recently in 8e8afa82cbb629 due to a crash |
| 2851 | that would otherwise happen in the RTSP code. As I don't think we've |
| 2852 | fixed that behavior yet, we better keep this work-around until we have |
| 2853 | fixed it better. |
| 2854 | |
| 2855 | Michael Kaufmann (10 Dec 2017) |
| 2856 | - tests: mark data files as non-executable in git |
| 2857 | |
| 2858 | - tests: update .gitignore for libtests |
| 2859 | |
| 2860 | Daniel Stenberg (10 Dec 2017) |
| 2861 | - multi_done: prune DNS cache |
| 2862 | |
| 2863 | Prune the DNS cache immediately after the dns entry is unlocked in |
| 2864 | multi_done. Timed out entries will then get discarded in a more orderly |
| 2865 | fashion. |
| 2866 | |
| 2867 | Test506 is updated |
| 2868 | |
| 2869 | Reported-by: Oleg Pudeyev |
| 2870 | |
| 2871 | Fixes #2169 |
| 2872 | Closes #2170 |
| 2873 | |
| 2874 | - mailmap: fixup two old git Author "aliases" |
| 2875 | |
| 2876 | Jay Satiro (10 Dec 2017) |
| 2877 | - openssl: Disable file buffering for Win32 SSLKEYLOGFILE |
| 2878 | |
| 2879 | Prior to this change SSLKEYLOGFILE used line buffering on WIN32 just |
| 2880 | like it does for other platforms. However, the Windows CRT does not |
| 2881 | actually support line buffering (_IOLBF) and will use full buffering |
| 2882 | (_IOFBF) instead. We can't use full buffering because multiple processes |
| 2883 | may be writing to the file and that could lead to corruption, and since |
| 2884 | full buffering is the only buffering available this commit disables |
| 2885 | buffering for Windows SSLKEYLOGFILE entirely (_IONBF). |
| 2886 | |
| 2887 | Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901 |
| 2888 | |
| 2889 | Daniel Stenberg (10 Dec 2017) |
| 2890 | - RESOLVE: output verbose text when trying to set a duplicate name |
| 2891 | |
| 2892 | ... to help users understand what is or isn't done! |
| 2893 | |
| 2894 | - CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE |
| 2895 | |
| 2896 | - [John DeHelian brought this change] |
| 2897 | |
| 2898 | sftp: allow quoted commands to use relative paths |
| 2899 | |
| 2900 | Closes #1900 |
| 2901 | |
| 2902 | Jay Satiro (8 Dec 2017) |
| 2903 | - [Richard Alcock brought this change] |
| 2904 | |
| 2905 | CURLOPT_PRIVATE.3: fix grammar |
| 2906 | |
| 2907 | - Change "never does nothing" double-negative to "never does anything". |
| 2908 | |
| 2909 | Closes https://github.com/curl/curl/pull/2168 |
| 2910 | |
| 2911 | Daniel Stenberg (8 Dec 2017) |
| 2912 | - curl: remove __EMX__ #ifdefs |
| 2913 | |
| 2914 | These are OS/2-specific things added to the code in the year 2000. They |
| 2915 | were always ugly. If there's any user left, they still don't need it |
| 2916 | done this way. |
| 2917 | |
| 2918 | Closes #2166 |
| 2919 | |
| 2920 | Jay Satiro (8 Dec 2017) |
| 2921 | - openssl: improve data-pending check for https proxy |
| 2922 | |
| 2923 | - Allow proxy_ssl to be checked for pending data even when connssl does |
| 2924 | not yet have an SSL handle. |
| 2925 | |
| 2926 | This change is for posterity. Currently there doesn't seem to be a code |
| 2927 | path that will cause a pending data check when proxyssl could have |
| 2928 | pending data and the connssl handle doesn't yet exist [1]. |
| 2929 | |
| 2930 | [1]: Recall that an https proxy connection starts out in connssl but if |
| 2931 | the destination is also https then the proxy SSL backend data is moved |
| 2932 | from connssl to proxyssl, which means connssl handle is temporarily |
| 2933 | empty until an SSL handle for the destination can be created. |
| 2934 | |
| 2935 | Ref: https://github.com/curl/curl/commit/f4a6238#commitcomment-24396542 |
| 2936 | |
| 2937 | Closes https://github.com/curl/curl/pull/1916 |
| 2938 | |
| 2939 | Daniel Stenberg (8 Dec 2017) |
| 2940 | - curl: don't set CURLOPT_INTERLEAVEDATA |
| 2941 | |
| 2942 | That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback |
| 2943 | and that option isn't set or used by the curl tool! |
| 2944 | |
| 2945 | Updates the 9 tests that verify --libcurl |
| 2946 | |
| 2947 | Closes #2167 |
| 2948 | |
| 2949 | - curl.h: remove incorrect comment about ERRORBUFFER |
| 2950 | |
| 2951 | ... error messages are _not_ sent to stderr if this is not set. |
| 2952 | |
| 2953 | - [Michael Felt brought this change] |
| 2954 | |
| 2955 | configure: add AX_CODE_COVERAGE only if using gcc |
| 2956 | |
| 2957 | Fixes #2076 |
| 2958 | Closes #2125 |
| 2959 | |
| 2960 | - curl: limit -# update frequency for unknown total size |
| 2961 | |
| 2962 | Make it use a max 10Hz update frequency for this case as well. Return |
| 2963 | early if the "point" hasn't moved since last invoke. |
| 2964 | |
| 2965 | Reported-by: Elliot Saba |
| 2966 | |
| 2967 | Fixes #2158 |
| 2968 | Closes #2163 |
| 2969 | |
| 2970 | - BINDINGS: another PostgreSQL client |
| 2971 | |
| 2972 | ...the former link is dead. |
| 2973 | |
| 2974 | Reported-by: Frank Gevaerts |
| 2975 | |
| 2976 | - [Zachary Seguin brought this change] |
| 2977 | |
| 2978 | CONNECT: keep close connection flag in http_connect_state struct |
| 2979 | |
| 2980 | Fixes #2088 |
| 2981 | Closes #2157 |
| 2982 | |
| 2983 | - [Per Malmberg brought this change] |
| 2984 | |
| 2985 | include: get netinet/in.h before linux/tcp.h |
| 2986 | |
| 2987 | ... to allow build on older Linux dists (specifically CentOS 4.8 on gcc |
| 2988 | 4.8.5) |
| 2989 | |
| 2990 | Closes #2160 |
| 2991 | |
| 2992 | - openldap: fix checksrc nits |
| 2993 | |
| 2994 | - [Stepan Broz brought this change] |
| 2995 | |
| 2996 | openldap: add commented out debug possibilities |
| 2997 | |
| 2998 | ... to aid debugging openldap library using its built-in debug messages. |
| 2999 | |
| 3000 | Closes #2159 |
| 3001 | |
| 3002 | - examples: move threaded-shared-conn.c to the "complicated" ones |
| 3003 | |
| 3004 | ... due it relying on pthreads to link. |
| 3005 | |
| 3006 | - RELEASE-NOTES: synced with b261c44e8 |
| 3007 | |
| 3008 | ... and bump next release version to 7.58.0 |
| 3009 | |
| 3010 | - [Jan Ehrhardt brought this change] |
| 3011 | |
| 3012 | URL: tolerate backslash after drive letter for FILE: |
| 3013 | |
| 3014 | ... as in "file://c:\some\path\curl.out" |
| 3015 | |
| 3016 | Reviewed-by: Matthew Kerwin |
| 3017 | Closes #2154 |
| 3018 | |
| 3019 | - [Randall S. Becker brought this change] |
| 3020 | |
| 3021 | tests: added netinet/in6.h includes in test servers |
| 3022 | |
| 3023 | - [Randall S. Becker brought this change] |
| 3024 | |
| 3025 | configure: check for netinet/in6.h |
| 3026 | |
| 3027 | Needed by HPE NonStop NSE and NSX systems |
| 3028 | |
| 3029 | Fixes #2146 |
| 3030 | Closes #2155 |
| 3031 | |
| 3032 | - curl-config: add --ssl-backends |
| 3033 | |
| 3034 | Lists all SSL backends that were enabled at build-time. |
| 3035 | |
| 3036 | Suggested-by: Oleg Pudeyev |
| 3037 | Fixes #2128 |
| 3038 | |
| 3039 | - conncache: only allow multiplexing within same multi handle |
| 3040 | |
| 3041 | Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing |
| 3042 | only get additional transfers added to them if the existing connection |
| 3043 | is held by the same multi or easy handle. libcurl does not support doing |
| 3044 | HTTP/2 streams in different threads using a shared connection. |
| 3045 | |
| 3046 | Closes #2152 |
| 3047 | |
| 3048 | - threaded-shared-conn.c: fixed typo in commenta |
| 3049 | |
| 3050 | - threaded-shared-conn.c: new example |
| 3051 | |
| 3052 | - conncache: fix several lock issues |
| 3053 | |
| 3054 | If the lock is released before the dealings with the bundle is over, it may |
| 3055 | have changed by another thread in the mean time. |
| 3056 | |
| 3057 | Fixes #2132 |
| 3058 | Fixes #2151 |
| 3059 | Closes #2139 |
| 3060 | |
| 3061 | - libssh: remove dead code in sftp_qoute |
| 3062 | |
| 3063 | ... by removing a superfluous NULL pointer check that also confuses |
| 3064 | Coverity. |
| 3065 | |
| 3066 | Fixes #2143 |
| 3067 | Closes #2153 |
| 3068 | |
| 3069 | - sasl_getmesssage: make sure we have a long enough string to pass |
| 3070 | |
| 3071 | For pop3/imap/smtp, added test 891 to somewhat verify the pop3 |
| 3072 | case. |
| 3073 | |
| 3074 | For this, I enhanced the pingpong test server to be able to send back |
| 3075 | responses with LF-only instead of always using CRLF. |
| 3076 | |
| 3077 | Closes #2150 |
| 3078 | |
| 3079 | - libssh2: remove dead code from SSH_SFTP_QUOTE |
| 3080 | |
| 3081 | Figured out while reviewing code in the libssh backend. The pointer was |
| 3082 | checked for NULL after having been dereferenced, so we know it would |
| 3083 | always equal true or it would've crashed. |
| 3084 | |
| 3085 | Pointed-out-by: Nikos Mavrogiannopoulos |
| 3086 | |
| 3087 | Bug #2143 |
| 3088 | Closes #2148 |
| 3089 | |
| 3090 | - ssh-libssh.c: please checksrc |
| 3091 | |
| 3092 | Nikos Mavrogiannopoulos (4 Dec 2017) |
| 3093 | - libssh: fixed dereference in statvfs access |
| 3094 | |
| 3095 | The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS |
| 3096 | handling fails. |
| 3097 | |
| 3098 | Fixes #2142 |
| 3099 | |
| 3100 | Daniel Stenberg (4 Dec 2017) |
| 3101 | - [Guitared brought this change] |
| 3102 | |
| 3103 | RESOURCES: update spec names |
| 3104 | |
| 3105 | Closes #2145 |
| 3106 | |
| 3107 | Nikos Mavrogiannopoulos (3 Dec 2017) |
| 3108 | - libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS |
| 3109 | |
| 3110 | The previous code was incorrectly following the libssh2 error detection |
| 3111 | for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs. |
| 3112 | |
| 3113 | Fixes #2142 |
| 3114 | |
| 3115 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| 3116 | |
| 3117 | - libssh: no need to call sftp_get_error as ssh_get_error is sufficient |
| 3118 | |
| 3119 | Fixes #2141 |
| 3120 | |
| 3121 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| 3122 | |
| 3123 | Daniel Stenberg (2 Dec 2017) |
| 3124 | - libssh: fix minor static code analyzer nits |
| 3125 | |
| 3126 | - remove superfluous NULL check which otherwise tricks the static code |
| 3127 | analyzers to assume NULL pointer dereferences. |
| 3128 | |
| 3129 | - fix fallthrough in switch() |
| 3130 | |
| 3131 | - indent mistake |
| 3132 | |
| 3133 | - openssl: pkcs12 is supported by boringssl |
| 3134 | |
| 3135 | Removes another #ifdef for BoringSSL |
| 3136 | |
| 3137 | Pointed-out-by: David Benjamin |
| 3138 | |
| 3139 | Closes #2134 |
| 3140 | |
| 3141 | - [Jay Satiro brought this change] |
| 3142 | |
| 3143 | travis: use pip2 instead of pip |
| 3144 | |
| 3145 | .. since now mac osx image expects pip2 or pip3, and doesn't know pip: |
| 3146 | |
| 3147 | 0.01s$ pip install --user cpp-coveralls |
| 3148 | /Users/travis/.travis/job_stages: line 57: pip: command not found |
| 3149 | |
| 3150 | Ref: https://github.com/travis-ci/travis-ci/issues/8829 |
| 3151 | |
| 3152 | Closes https://github.com/curl/curl/pull/2133 |
| 3153 | |
| 3154 | - [Nikos Mavrogiannopoulos brought this change] |
| 3155 | |
| 3156 | lib582: do not verify host for SFTP |
| 3157 | |
| 3158 | This SFTP test fails with libssh back-end due to failure to verify |
| 3159 | the peer. Disable peer verification in the test as there seems to |
| 3160 | be the intention of the test. |
| 3161 | |
| 3162 | Note that the libssh back-end automatically verifies the peer's |
| 3163 | host using the default known_hosts file. |
| 3164 | |
| 3165 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| 3166 | |
| 3167 | - [Nikos Mavrogiannopoulos brought this change] |
| 3168 | |
| 3169 | libssh: added SFTP support |
| 3170 | |
| 3171 | The SFTP back-end supports asynchronous reading only, limited |
| 3172 | to 32-bit file length. Writing is synchronous with no other |
| 3173 | limitations. |
| 3174 | |
| 3175 | This also brings keyboard-interactive authentication. |
| 3176 | |
| 3177 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| 3178 | |
| 3179 | - [Nikos Mavrogiannopoulos brought this change] |
| 3180 | |
| 3181 | symbols-in-versions: added new symbols with 7.56.3 version |
| 3182 | |
| 3183 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| 3184 | |
| 3185 | - [Nikos Mavrogiannopoulos brought this change] |
| 3186 | |
| 3187 | .travis.yml: added build --with-libssh |
| 3188 | |
| 3189 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| 3190 | |
| 3191 | - [Nikos Mavrogiannopoulos brought this change] |
| 3192 | |
| 3193 | libssh2: return CURLE_UPLOAD_FAILED on failure to upload |
| 3194 | |
| 3195 | This brings its in sync with the error code returned by the |
| 3196 | libssh backend. |
| 3197 | |
| 3198 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> |
| 3199 | |
| 3200 | - [Nikos Mavrogiannopoulos brought this change] |
| 3201 | |
| 3202 | libssh2: send the correct CURLE error code on scp file not found |
| 3203 | |
| 3204 | That also updates tests to expect the right error code |
| 3205 | |
| 3206 | libssh2 back-end returns CURLE_SSH error if the remote file |
| 3207 | is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND |
| 3208 | which is sent by the libssh backend. |
| 3209 | |
| 3210 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| 3211 | |
| 3212 | - [Nikos Mavrogiannopoulos brought this change] |
| 3213 | |
| 3214 | Added support for libssh SSH SCP back-end |
| 3215 | |
| 3216 | libssh is an alternative library to libssh2. |
| 3217 | https://www.libssh.org/ |
| 3218 | |
| 3219 | That patch set also introduces support for ECDSA |
| 3220 | ed25519 keys, as well as gssapi authentication. |
| 3221 | |
| 3222 | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> |
| 3223 | |
| 3224 | - RELEASE-NOTES: synced with af8cc7a69 |
| 3225 | |
| 3226 | - curlver: towards 7.57.1 |
| 3227 | |
| 3228 | - [W. Mark Kubacki brought this change] |
| 3229 | |
| 3230 | lib: don't export all symbols, just everything curl_* |
| 3231 | |
| 3232 | Absent any 'symbol map' or script to limit what gets exported, static |
| 3233 | linking of libraries previously resulted in a libcurl with curl's and |
| 3234 | those other symbols being (re-)exported. |
| 3235 | |
| 3236 | This did not happen if 'versioned symbols' were enabled (which is not |
| 3237 | the default) because then a version script is employed. |
| 3238 | |
| 3239 | This limits exports to everything starting in 'curl_*'., which is |
| 3240 | what "libcurl.vers" exports. |
| 3241 | |
| 3242 | This avoids strange side-effects such as with mixing methods |
| 3243 | from system libraries and those erroneously offered by libcurl. |
| 3244 | |
| 3245 | Closes #2127 |
| 3246 | |
| 3247 | - [Johannes Schindelin brought this change] |
| 3248 | |
| 3249 | SSL: Avoid magic allocation of SSL backend specific data |
| 3250 | |
| 3251 | Originally, my idea was to allocate the two structures (or more |
| 3252 | precisely, the connectdata structure and the four SSL backend-specific |
| 3253 | strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so |
| 3254 | that they all could be free()d together. |
| 3255 | |
| 3256 | However, getting the alignment right is tricky. Too tricky. |
| 3257 | |
| 3258 | So let's just bite the bullet and allocate the SSL backend-specific |
| 3259 | data separately. |
| 3260 | |
| 3261 | As a consequence, we now have to be very careful to release the memory |
| 3262 | allocated for the SSL backend-specific data whenever we release any |
| 3263 | connectdata. |
| 3264 | |
| 3265 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 3266 | |
| 3267 | Closes #2119 |
| 3268 | |
| 3269 | - examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL |
| 3270 | |
| 3271 | Reported-by: Dima Tisnek |
| 3272 | |
| 3273 | - travis: add boringssl build |
| 3274 | |
| 3275 | Uses a separate build without --enable-debug and no valgrind. |
| 3276 | |
| 3277 | The debug option causes far too many warnings in boringssl's headers |
| 3278 | (C++ comments, trailing commas etc). Valgrind triggers some false |
| 3279 | positive errors in thread-local data used by boringssl. |
| 3280 | |
| 3281 | Closes #2118 |
| 3282 | |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 3283 | Version 7.57.0 (29 Nov 2017) |
| 3284 | |
| 3285 | Daniel Stenberg (29 Nov 2017) |
| 3286 | - RELEASE-NOTES: curl 7.57.0 |
| 3287 | |
| 3288 | - THANKS: added contributors from 7.57.0 release |
| 3289 | |
| 3290 | - openssl: fix boringssl build again |
| 3291 | |
| 3292 | commit d3ab7c5a21e broke the boringssl build since it doesn't have |
| 3293 | RSA_flags(), so we disable that code block for boringssl builds. |
| 3294 | |
| 3295 | Reported-by: W. Mark Kubacki |
| 3296 | Fixes #2117 |
| 3297 | |
| 3298 | - curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided |
| 3299 | |
| 3300 | - libcurl-share.3: the connection cache is shareable now |
| 3301 | |
| 3302 | - global_init: ignore CURL_GLOBAL_SSL's absense |
| 3303 | |
| 3304 | This bit is no longer used. It is not clear what it meant for users to |
| 3305 | "init the TLS" in a world with different TLS backends and since the |
| 3306 | introduction of multissl, libcurl didn't properly work if inited without |
| 3307 | this bit set. |
| 3308 | |
| 3309 | Not a single user responded to the call for users of it: |
| 3310 | https://curl.haxx.se/mail/lib-2017-11/0072.html |
| 3311 | |
| 3312 | Reported-by: Evgeny Grin |
| 3313 | Assisted-by: Jay Satiro |
| 3314 | |
| 3315 | Fixes #2089 |
| 3316 | Fixes #2083 |
| 3317 | Closes #2107 |
| 3318 | |
| 3319 | - ntlm: avoid integer overflow for malloc size |
| 3320 | |
| 3321 | Reported-by: Alex Nichols |
| 3322 | Assisted-by: Kamil Dudka and Max Dymond |
| 3323 | |
| 3324 | CVE-2017-8816 |
| 3325 | |
| 3326 | Bug: https://curl.haxx.se/docs/adv_2017-11e7.html |
| 3327 | |
| 3328 | - wildcardmatch: fix heap buffer overflow in setcharset |
| 3329 | |
| 3330 | The code would previous read beyond the end of the pattern string if the |
| 3331 | match pattern ends with an open bracket when the default pattern |
| 3332 | matching function is used. |
| 3333 | |
| 3334 | Detected by OSS-Fuzz: |
| 3335 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 |
| 3336 | |
| 3337 | CVE-2017-8817 |
| 3338 | |
| 3339 | Bug: https://curl.haxx.se/docs/adv_2017-ae72.html |
| 3340 | |
| 3341 | - [Jay Satiro brought this change] |
| 3342 | |
| 3343 | url: fix alignment of ssl_backend_data struct |
| 3344 | |
| 3345 | - Align the array of ssl_backend_data on a max 32 byte boundary. |
| 3346 | |
| 3347 | 8 is likely to be ok but I went with 32 for posterity should one of |
| 3348 | the ssl_backend_data structs change to contain a larger sized variable |
| 3349 | in the future. |
| 3350 | |
| 3351 | Prior to this change (since dev 70f1db3, release 7.56) the connectdata |
| 3352 | structure was undersized by 4 bytes in 32-bit builds with ssl enabled |
| 3353 | because long long * was mistakenly used for alignment instead of |
| 3354 | long long, with the intention being an 8 byte boundary. Also long long |
| 3355 | may not be an available type. |
| 3356 | |
| 3357 | The undersized connectdata could lead to oob read/write past the end in |
| 3358 | what was expected to be the last 4 bytes of the connection's secondary |
| 3359 | socket https proxy ssl_backend_data struct (the secondary socket in a |
| 3360 | connection is used by ftp, others?). |
| 3361 | |
| 3362 | Closes https://github.com/curl/curl/issues/2093 |
| 3363 | |
| 3364 | CVE-2017-8818 |
| 3365 | |
| 3366 | Bug: https://curl.haxx.se/docs/adv_2017-af0a.html |
| 3367 | |
| 3368 | - ssh: remove check for a NULL pointer (!) |
| 3369 | |
| 3370 | With this check present, scan-build warns that we might dereference this |
| 3371 | point in other places where it isn't first checked for NULL. Thus, if it |
| 3372 | *can* be NULL we have a problem on a few places. However, this pointer |
| 3373 | should not be possible to be NULL here so I remove the check and thus |
| 3374 | also three different scan-build warnings. |
| 3375 | |
| 3376 | Closes #2111 |
| 3377 | |
| 3378 | - [Matthew Kerwin brought this change] |
| 3379 | |
| 3380 | test: add test for bad UNC/SMB path in file: URL |
| 3381 | |
| 3382 | - [Matthew Kerwin brought this change] |
| 3383 | |
| 3384 | test: add tests to ensure basic file: URLs |
| 3385 | |
| 3386 | - [Matthew Kerwin brought this change] |
| 3387 | |
| 3388 | URL: update "file:" URL handling |
| 3389 | |
| 3390 | * LOTS of comment updates |
| 3391 | * explicit error for SMB shares (e.g. "file:////share/path/file") |
| 3392 | * more strict handling of authority (i.e. "//localhost/") |
| 3393 | * now accepts dodgy old "C:|" drive letters |
| 3394 | * more precise handling of drive letters in and out of Windows |
| 3395 | (especially recognising both "file:c:/" and "file:/c:/") |
| 3396 | |
| 3397 | Closes #2110 |
| 3398 | |
| 3399 | - metalink: fix memory-leak and NULL pointer dereference |
| 3400 | |
| 3401 | Reported by scan-build |
| 3402 | |
| 3403 | Closes #2109 |
| 3404 | |
| 3405 | - [Alessandro Ghedini brought this change] |
| 3406 | |
| 3407 | connect: add support for new TCP Fast Open API on Linux |
| 3408 | |
| 3409 | The new API added in Linux 4.11 only requires setting a socket option |
| 3410 | before connecting, without the whole sento() machinery. |
| 3411 | |
| 3412 | Notably, this makes it possible to use TFO with SSL connections on Linux |
| 3413 | as well, without the need to mess around with OpenSSL (or whatever other |
| 3414 | SSL library) internals. |
| 3415 | |
| 3416 | Closes #2056 |
| 3417 | |
| 3418 | - make: fix "make distclean" |
| 3419 | |
| 3420 | Fixes #2097 |
| 3421 | Closes #2108 |
| 3422 | |
| 3423 | - RELEASE-NOTES: synced with 31f18d272 |
| 3424 | |
| 3425 | Jay Satiro (23 Nov 2017) |
| 3426 | - connect: improve the bind error message |
| 3427 | |
| 3428 | eg consider a non-existent interface eth8, curl --interface eth8 |
| 3429 | |
| 3430 | Before: curl: (45) Could not resolve host: eth8 |
| 3431 | After: curl: (45) Couldn't bind to 'eth8' |
| 3432 | |
| 3433 | Bug: https://github.com/curl/curl/issues/2104 |
| 3434 | Reported-by: Alfonso Martone |
| 3435 | |
| 3436 | Daniel Stenberg (23 Nov 2017) |
| 3437 | - examples/rtsp: clear RANGE again after use |
| 3438 | |
| 3439 | Fixes #2106 |
| 3440 | Reported-by: youngchopin on github |
| 3441 | |
| 3442 | - [Michael Kaufmann brought this change] |
| 3443 | |
| 3444 | test1264: verify URL with space in host name being rejected |
| 3445 | |
| 3446 | - url: reject ASCII control characters and space in host names |
| 3447 | |
| 3448 | Host names like "127.0.0.1 moo" would otherwise be accepted by some |
| 3449 | getaddrinfo() implementations. |
| 3450 | |
| 3451 | Updated test 1034 and 1035 accordingly. |
| 3452 | |
| 3453 | Fixes #2073 |
| 3454 | Closes #2092 |
| 3455 | |
| 3456 | - Curl_open: fix OOM return error correctly |
| 3457 | |
| 3458 | Closes #2098 |
| 3459 | |
| 3460 | - http2: fix "Value stored to 'end' is never read" scan-build error |
| 3461 | |
| 3462 | - http2: fix "Value stored to 'hdbuf' is never read" scan-build error |
| 3463 | |
| 3464 | - openssl: fix "Value stored to 'rc' is never read" scan-build error |
| 3465 | |
| 3466 | - mime: fix "Value stored to 'sz' is never read" scan-build error |
| 3467 | |
| 3468 | - Curl_llist_remove: fix potential NULL pointer deref |
| 3469 | |
| 3470 | Fixes a scan-build warning. |
| 3471 | |
| 3472 | - ntlm: remove unnecessary NULL-check to please scan-build |
| 3473 | |
| 3474 | - BUGS: spellchecked |
| 3475 | |
| 3476 | Jay Satiro (18 Nov 2017) |
| 3477 | - [fmmedeiros brought this change] |
| 3478 | |
| 3479 | examples/curlx: Fix code style |
| 3480 | |
| 3481 | - Add braces around multi-line if statement. |
| 3482 | |
| 3483 | Closes https://github.com/curl/curl/pull/2096 |
| 3484 | |
| 3485 | Daniel Stenberg (17 Nov 2017) |
| 3486 | - resolve: allow IP address within [] brackets |
| 3487 | |
| 3488 | ... so that IPv6 addresses can be passed like they can for connect-to |
| 3489 | and how they're used in URLs. |
| 3490 | |
| 3491 | Added test 1324 to verify |
| 3492 | Reported-by: Alex Malinovich |
| 3493 | |
| 3494 | Fixes #2087 |
| 3495 | Closes #2091 |
| 3496 | |
| 3497 | - [Pavol Markovic brought this change] |
| 3498 | |
| 3499 | macOS: Fix missing connectx function with Xcode version older than 9.0 |
| 3500 | |
| 3501 | The previous fix https://github.com/curl/curl/pull/1788 worked just for |
| 3502 | Xcode 9. This commit extends the fix to older Xcode versions effectively |
| 3503 | by not using connectx function. |
| 3504 | |
| 3505 | Fixes https://github.com/curl/curl/issues/1330 |
| 3506 | Fixes https://github.com/curl/curl/issues/2080 |
| 3507 | Closes https://github.com/curl/curl/pull/1336 |
| 3508 | Closes #2082 |
| 3509 | |
| 3510 | - [Dirk Feytons brought this change] |
| 3511 | |
| 3512 | openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY |
| 3513 | |
| 3514 | Fixes #2079 |
| 3515 | Closes #2081 |
| 3516 | |
| 3517 | - TODO: ignore private IP addresses in PASV response |
| 3518 | |
| 3519 | Closes #1455 |
| 3520 | |
| 3521 | - RELEASE-NOTES: synced with ae7369b6d |
| 3522 | |
| 3523 | Michael Kaufmann (14 Nov 2017) |
| 3524 | - URL: return error on malformed URLs with junk after IPv6 bracket |
| 3525 | |
| 3526 | Follow-up to aadb7c7. Verified by new test 1263. |
| 3527 | |
| 3528 | Closes #2072 |
| 3529 | |
| 3530 | Daniel Stenberg (14 Nov 2017) |
| 3531 | - INTERNALS: we may use libidn2 now, not libidn |
| 3532 | |
| 3533 | Patrick Monnerat (13 Nov 2017) |
| 3534 | - zlib/brotli: only include header files in modules needing them |
| 3535 | |
| 3536 | There is a conflict on symbol 'free_func' between openssl/crypto.h and |
| 3537 | zlib.h on AIX. This is an attempt to resolve it. |
| 3538 | |
| 3539 | Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html |
| 3540 | Reported-By: Michael Felt |
| 3541 | |
| 3542 | Daniel Stenberg (13 Nov 2017) |
| 3543 | - SMB: fix uninitialized local variable |
| 3544 | |
| 3545 | Reported-by: Brian Carpenter |
| 3546 | |
| 3547 | - [Orgad Shaneh brought this change] |
| 3548 | |
| 3549 | connect.c: remove executable bit on file |
| 3550 | |
| 3551 | Closes #2071 |
| 3552 | |
| 3553 | - [hsiao yi brought this change] |
| 3554 | |
| 3555 | README.md: fixed layout |
| 3556 | |
| 3557 | Closes #2069 |
| 3558 | |
| 3559 | - setopt: split out curl_easy_setopt() to its own file |
| 3560 | |
| 3561 | ... to make url.c smaller. |
| 3562 | |
| 3563 | Closes #1944 |
| 3564 | |
| 3565 | Jay Satiro (10 Nov 2017) |
| 3566 | - [John Starks brought this change] |
| 3567 | |
| 3568 | cmake: Add missing setmode check |
| 3569 | |
| 3570 | Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this, |
| 3571 | curl will corrupt binary files when writing them to stdout on Windows. |
| 3572 | |
| 3573 | Closes https://github.com/curl/curl/pull/2067 |
| 3574 | |
| 3575 | Daniel Stenberg (10 Nov 2017) |
| 3576 | - curl_share_setopt: va_end was not called if conncache errors |
| 3577 | |
| 3578 | CID 984459, detected by Coverity |
| 3579 | |
| 3580 | Sergei Nikulov (10 Nov 2017) |
| 3581 | - [John Starks brought this change] |
| 3582 | |
| 3583 | cmake: Correctly include curl.rc in Windows builds (#2064) |
| 3584 | |
| 3585 | Update CMakeLists.txt to add curl.rc to the correct list. |
| 3586 | |
| 3587 | Daniel Stenberg (9 Nov 2017) |
| 3588 | - RELEASE-NOTES: synced with 32828cc4f |
| 3589 | |
| 3590 | - [Luca Boccassi brought this change] |
| 3591 | |
| 3592 | --interface: add support for Linux VRF |
| 3593 | |
| 3594 | The --interface command (CURLOPT_INTERFACE option) already uses |
| 3595 | SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP |
| 3596 | address first, which fails in case the user passes a VRF. |
| 3597 | |
| 3598 | Try to use the socket option immediately and parse it as a fallback |
| 3599 | instead. Update the documentation to mention this feature, and that it |
| 3600 | requires the binary to be ran by root or with CAP_NET_RAW capabilities |
| 3601 | for this to work. |
| 3602 | |
| 3603 | Closes #2024 |
| 3604 | |
| 3605 | - curl_share_setopt.3: document CURL_LOCK_DATA_CONNECT |
| 3606 | |
| 3607 | Closes #2043 |
| 3608 | |
| 3609 | - examples: add shared-connection-cache |
| 3610 | |
| 3611 | - test1554: verify connection cache sharing |
| 3612 | |
| 3613 | - share: add support for sharing the connection cache |
| 3614 | |
| 3615 | - imap: deal with commands case insensitively |
| 3616 | |
| 3617 | As documented in RFC 3501 section 9: |
| 3618 | https://tools.ietf.org/html/rfc3501#section-9 |
| 3619 | |
| 3620 | Closes #2061 |
| 3621 | |
| 3622 | - connect: store IPv6 connection status after valid connection |
| 3623 | |
| 3624 | ... previously it would store it already in the happy eyeballs stage |
| 3625 | which could lead to the IPv6 bit being set for an IPv4 connection, |
| 3626 | leading to curl not wanting to do EPSV=>PASV for FTP transfers. |
| 3627 | |
| 3628 | Closes #2053 |
| 3629 | |
| 3630 | - curl_multi_fdset.3: emphasize curl_multi_timeout |
| 3631 | |
| 3632 | ... even when there's no socket to wait for, the timeout can still be |
| 3633 | very short. |
| 3634 | |
| 3635 | Jay Satiro (9 Nov 2017) |
| 3636 | - content_encoding: fix inflate_stream for no bytes available |
| 3637 | |
| 3638 | - Don't call zlib's inflate() when avail_in stream bytes is 0. |
| 3639 | |
| 3640 | This is a follow up to the parent commit 19e66e5. Prior to that change |
| 3641 | libcurl's inflate_stream could call zlib's inflate even when no bytes |
| 3642 | were available, causing inflate to return Z_BUF_ERROR, and then |
| 3643 | inflate_stream would treat that as a hard error and return |
| 3644 | CURLE_BAD_CONTENT_ENCODING. |
| 3645 | |
| 3646 | According to the zlib FAQ, Z_BUF_ERROR is not fatal. |
| 3647 | |
| 3648 | This bug would happen randomly since packet sizes are arbitrary. A test |
| 3649 | of 10,000 transfers had 55 fail (ie 0.55%). |
| 3650 | |
| 3651 | Ref: https://zlib.net/zlib_faq.html#faq05 |
| 3652 | |
| 3653 | Closes https://github.com/curl/curl/pull/2060 |
| 3654 | |
| 3655 | Patrick Monnerat (7 Nov 2017) |
| 3656 | - content_encoding: do not write 0 length data |
| 3657 | |
| 3658 | Daniel Stenberg (6 Nov 2017) |
| 3659 | - fnmatch: remove dead code |
| 3660 | |
| 3661 | There was a duplicate check for backslashes in the setcharset() |
| 3662 | function. |
| 3663 | |
| 3664 | Coverity CID 1420611 |
| 3665 | |
| 3666 | - url: remove unncessary NULL-check |
| 3667 | |
| 3668 | Since 'conn' won't be NULL in there and we also access the pointer in |
| 3669 | there without the check. |
| 3670 | |
| 3671 | Coverity CID 1420610 |
| 3672 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 3673 | Viktor Szakats (6 Nov 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 3674 | - src/Makefile.m32: fix typo in brotli lib customization |
| 3675 | |
| 3676 | Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31 |
| 3677 | |
| 3678 | - Makefile.m32: allow to customize brotli libs |
| 3679 | |
| 3680 | It adds the ability to link against static brotli libs. |
| 3681 | |
| 3682 | Also fix brotli include path. |
| 3683 | |
| 3684 | Patrick Monnerat (5 Nov 2017) |
| 3685 | - travis: add a job with brotli enabled |
| 3686 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 3687 | - [Viktor Szakats brought this change] |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 3688 | |
| 3689 | Makefile.m32: add brotli support |
| 3690 | |
| 3691 | - HTTP: implement Brotli content encoding |
| 3692 | |
| 3693 | This uses the brotli external library (https://github.com/google/brotli). |
| 3694 | Brotli becomes a feature: additional curl_version_info() bit and |
| 3695 | structure fields are provided for it and CURLVERSION_NOW bumped. |
| 3696 | |
| 3697 | Tests 314 and 315 check Brotli content unencoding with correct and |
| 3698 | erroneous data. |
| 3699 | |
| 3700 | Some tests are updated to accomodate with the now configuration dependent |
| 3701 | parameters of the Accept-Encoding header. |
| 3702 | |
| 3703 | - HTTP: support multiple Content-Encodings |
| 3704 | |
| 3705 | This is implemented as an output streaming stack of unencoders, the last |
| 3706 | calling the client write procedure. |
| 3707 | |
| 3708 | New test 230 checks this feature. |
| 3709 | |
| 3710 | Bug: https://github.com/curl/curl/pull/2002 |
| 3711 | Reported-By: Daniel Bankhead |
| 3712 | |
| 3713 | Jay Satiro (4 Nov 2017) |
| 3714 | - url: remove arg value check from CURLOPT_SSH_AUTH_TYPES |
| 3715 | |
| 3716 | Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value |
| 3717 | check on this option is incorrect; we have to accept any value. |
| 3718 | |
| 3719 | Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES |
| 3720 | erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT. |
| 3721 | |
| 3722 | Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120 |
| 3723 | |
| 3724 | Daniel Stenberg (4 Nov 2017) |
| 3725 | - ntlm: avoid malloc(0) for zero length passwords |
| 3726 | |
| 3727 | It triggers an assert() when built with memdebug since malloc(0) may |
| 3728 | return NULL *or* a valid pointer. |
| 3729 | |
| 3730 | Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 |
| 3731 | |
| 3732 | Assisted-by: Max Dymond |
| 3733 | Closes #2054 |
| 3734 | |
| 3735 | - RELEASE-NOTES: synced with ee8016b3d |
| 3736 | |
| 3737 | - curl: speed up handling of many URLs |
| 3738 | |
| 3739 | By properly keeping track of the last entry in the list of URLs/uploads |
| 3740 | to handle, curl now avoids many meaningless traverses of the list which |
| 3741 | speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K |
| 3742 | URLs). |
| 3743 | |
| 3744 | Added test 1291, to verify that it doesn't take ages - but we don't have |
| 3745 | any detection of "too slow" command in the test suite. |
| 3746 | |
| 3747 | Reported-by: arainchik on github |
| 3748 | Fixes #1959 |
| 3749 | Closes #2052 |
| 3750 | |
| 3751 | - curl: pass through [] in URLs instead of calling globbing error |
| 3752 | |
| 3753 | Assisted-by: Per Lundberg |
| 3754 | Fixes #2044 |
| 3755 | Closes #2046 |
| 3756 | Closes #2048 |
| 3757 | |
| 3758 | - CURLOPT_INFILESIZE: accept -1 |
| 3759 | |
| 3760 | Regression since f121575 |
| 3761 | |
| 3762 | Reported-by: Petr Voytsik |
| 3763 | Fixes #2047 |
| 3764 | |
| 3765 | Jay Satiro (2 Nov 2017) |
| 3766 | - url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 |
| 3767 | |
| 3768 | Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT |
| 3769 | erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT. |
| 3770 | |
| 3771 | Dan Fandrich (1 Nov 2017) |
| 3772 | - http2: Fixed OOM handling in upgrade request |
| 3773 | |
| 3774 | This caused the torture tests on test 1800 to fail. |
| 3775 | |
| 3776 | - tests: Fixed torture tests on tests 556 and 650 |
| 3777 | |
| 3778 | Test cleanup after OOM wasn't being consistently performed. |
| 3779 | |
| 3780 | Daniel Stenberg (1 Nov 2017) |
| 3781 | - CURLOPT_MAXREDIRS: allow -1 as a value |
| 3782 | |
| 3783 | ... which is valid according to documentation. Regression since |
| 3784 | f121575c0b5f. |
| 3785 | |
| 3786 | Verified now in test 501. |
| 3787 | |
| 3788 | Reported-by: cbartl on github |
| 3789 | Fixes #2038 |
| 3790 | Closes #2039 |
| 3791 | |
| 3792 | - include: remove conncache.h inclusion from where its not needed |
| 3793 | |
| 3794 | Jay Satiro (1 Nov 2017) |
| 3795 | - url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 |
| 3796 | |
| 3797 | .. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE. |
| 3798 | |
| 3799 | Prior to this change since f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE |
| 3800 | erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT. |
| 3801 | |
| 3802 | Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html |
| 3803 | Reported-by: Andrew Lambert |
| 3804 | |
| 3805 | Daniel Stenberg (31 Oct 2017) |
| 3806 | - cookie: avoid NULL dereference |
| 3807 | |
| 3808 | ... when expiring old cookies. |
| 3809 | |
| 3810 | Reported-by: Pavel Gushchin |
| 3811 | Fixes #2032 |
| 3812 | Closes #2035 |
| 3813 | |
| 3814 | Marcel Raad (30 Oct 2017) |
| 3815 | - memdebug: use send/recv signature for curl_dosend/curl_dorecv |
| 3816 | |
| 3817 | This avoids build errors and warnings caused by implicit casts. |
| 3818 | |
| 3819 | Closes https://github.com/curl/curl/pull/2031 |
| 3820 | |
| 3821 | Daniel Stenberg (30 Oct 2017) |
| 3822 | - [Juro Bystricky brought this change] |
| 3823 | |
| 3824 | mkhelp.pl: support reproducible build |
| 3825 | |
| 3826 | Do not generate line with the current date, such as: |
| 3827 | |
| 3828 | * Generation time: Tue Oct-24 18:01:41 2017 |
| 3829 | |
| 3830 | This will improve reproducibility. The generated string is only |
| 3831 | part of a comment, so there should be no adverse consequences. |
| 3832 | |
| 3833 | Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> |
| 3834 | |
| 3835 | closes #2026 |
| 3836 | |
| 3837 | Dan Fandrich (30 Oct 2017) |
| 3838 | - runtests.pl: Fixed typo in message |
| 3839 | |
| 3840 | Daniel Stenberg (30 Oct 2017) |
| 3841 | - curlx: the timeval functions are no longer provided as curlx_* |
| 3842 | |
| 3843 | Pointed-out-by: Dmitri Tikhonov |
| 3844 | Bug: #2034 |
| 3845 | |
| 3846 | - select: update comments |
| 3847 | |
| 3848 | s/curlx_tvnow/Curl_now |
| 3849 | |
| 3850 | - INTERNALS: remove curlx_tv* functions no longer provided |
| 3851 | |
| 3852 | - [Dmitri Tikhonov brought this change] |
| 3853 | |
| 3854 | timeval: use mach time on MacOS |
| 3855 | |
| 3856 | If clock_gettime() is not supported, use mach_absolute_time() on MacOS. |
| 3857 | |
| 3858 | closes #2033 |
| 3859 | |
Elliott Hughes | 1ef06ba | 2018-05-30 15:43:58 -0700 | [diff] [blame] | 3860 | Patrick Monnerat (29 Oct 2017) |
| 3861 | - cli tool: improve ";type=" handling in -F option arguments |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 3862 | |
Elliott Hughes | 1ef06ba | 2018-05-30 15:43:58 -0700 | [diff] [blame] | 3863 | - cli tool: in -F option arg, comma is a delimiter for files only |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 3864 | |
| 3865 | Also upgrade test 1133 to cover this case and clarify man page about |
| 3866 | form data quoting. |
| 3867 | |
| 3868 | Bug: https://github.com/curl/curl/issues/2022 |
| 3869 | Reported-By: omau on github |
| 3870 | |
| 3871 | Daniel Stenberg (29 Oct 2017) |
| 3872 | - timeleft: made two more users of Curl_timeleft use timediff_t |
| 3873 | |
| 3874 | Jakub Zakrzewski (28 Oct 2017) |
| 3875 | - cmake: Export libcurl and curl targets to use by other cmake projects |
| 3876 | |
| 3877 | The config files define curl and libcurl targets as imported targets |
| 3878 | CURL::curl and CURL::libcurl. For backward compatibility with CMake- |
| 3879 | provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are |
| 3880 | also set. |
| 3881 | |
| 3882 | Closes #1879 |
| 3883 | |
| 3884 | Daniel Stenberg (28 Oct 2017) |
| 3885 | - RELEASE-NOTES: synced with f20cbac97 |
| 3886 | |
Elliott Hughes | 0128fe4 | 2018-02-27 14:57:55 -0800 | [diff] [blame] | 3887 | - [Florin Petriuc brought this change] |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 3888 | |
| 3889 | auth: Added test cases for RFC7616 |
| 3890 | |
| 3891 | Updated docs to include support for RFC7616 |
| 3892 | |
| 3893 | Signed-off-by: Florin <petriuc.florin@gmail.com> |
| 3894 | |
| 3895 | Closes #1934 |
| 3896 | |
Elliott Hughes | 0128fe4 | 2018-02-27 14:57:55 -0800 | [diff] [blame] | 3897 | - [Florin Petriuc brought this change] |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 3898 | |
| 3899 | auth: add support for RFC7616 - HTTP Digest access authentication |
| 3900 | |
| 3901 | Signed-off-by: Florin <petriuc.florin@gmail.com> |
| 3902 | |
| 3903 | - [Daniel Bankhead brought this change] |
| 3904 | |
| 3905 | TODO: support multiple Content-Encodings |
| 3906 | |
| 3907 | Closes #2002 |
| 3908 | |
| 3909 | - ROADMAP: cleanup |
| 3910 | |
| 3911 | Removed done stuff. Removed entries no longer considered for the near |
| 3912 | term. |
| 3913 | |
| 3914 | - [Magicansk brought this change] |
| 3915 | |
| 3916 | ROADMAP.md: spelling fixes |
| 3917 | |
| 3918 | Closes #2028 |
| 3919 | |
| 3920 | - Curl_timeleft: change return type to timediff_t |
| 3921 | |
| 3922 | returning 'time_t' is problematic when that type is unsigned and we |
| 3923 | return values less than zero to signal "already expired", used in |
| 3924 | several places in the code. |
| 3925 | |
| 3926 | Closes #2021 |
| 3927 | |
| 3928 | - appveyor: add a win32 build |
| 3929 | |
| 3930 | - setopt: fix CURLOPT_SSH_AUTH_TYPES option read |
| 3931 | |
| 3932 | Regression since f121575c0b5f |
| 3933 | |
| 3934 | Reported-by: Rob Cotrone |
| 3935 | |
| 3936 | Marcel Raad (27 Oct 2017) |
| 3937 | - resolvers: only include anything if needed |
| 3938 | |
| 3939 | This avoids warnings about unused stuff. |
| 3940 | |
| 3941 | Closes https://github.com/curl/curl/pull/2023 |
| 3942 | |
| 3943 | Daniel Stenberg (27 Oct 2017) |
| 3944 | - HELP-US: rename the subtitle too since the label is changed |
| 3945 | |
| 3946 | "PR-welcome" was the former name. |
| 3947 | |
| 3948 | - curl_setup.h: oops, shorten the too long line |
| 3949 | |
| 3950 | - [Martin Storsjo brought this change] |
| 3951 | |
| 3952 | curl_setup: Improve detection of CURL_WINDOWS_APP |
| 3953 | |
| 3954 | If WINAPI_FAMILY is defined, it should be safe to try to include |
| 3955 | winapifamily.h to check what the define evaluates to. |
| 3956 | |
| 3957 | This should fix detection of CURL_WINDOWS_APP if building with |
| 3958 | _WIN32_WINNT set to 0x0600. |
| 3959 | |
| 3960 | Closes #2025 |
| 3961 | |
| 3962 | Jay Satiro (26 Oct 2017) |
| 3963 | - transfer: Fix chunked-encoding upload bug |
| 3964 | |
| 3965 | - When uploading via chunked-encoding don't compare file size to bytes |
| 3966 | sent to determine whether the upload has finished. |
| 3967 | |
| 3968 | Chunked-encoding adds its own overhead which why the bytes sent is not |
| 3969 | equal to the file size. Prior to this change if a file was uploaded in |
| 3970 | chunked-encoding and its size was known it was possible that the upload |
| 3971 | could end prematurely without sending the final few chunks. That would |
| 3972 | result in a server hang waiting for the remaining data, likely followed |
| 3973 | by a disconnect. |
| 3974 | |
| 3975 | The scope of this bug is limited to some arbitrary file sizes which have |
| 3976 | not been determined. One size that triggers the bug is 475020. |
| 3977 | |
| 3978 | Bug: https://github.com/curl/curl/issues/2001 |
| 3979 | Reported-by: moohoorama@users.noreply.github.com |
| 3980 | |
| 3981 | Closes https://github.com/curl/curl/pull/2010 |
| 3982 | |
| 3983 | Daniel Stenberg (26 Oct 2017) |
| 3984 | - timeval: make timediff_t also work on 32bit windows |
| 3985 | |
| 3986 | ... by using curl_off_t for the typedef if time_t is larger than 4 |
| 3987 | bytes. |
| 3988 | |
| 3989 | Reported-by: Gisle Vanem |
| 3990 | Bug: https://github.com/curl/curl/commit/b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0#co |
| 3991 | mmitcomment-25205058 |
| 3992 | Closes #2019 |
| 3993 | |
| 3994 | - curl_fnmatch: return error on illegal wildcard pattern |
| 3995 | |
| 3996 | ... instead of doing an infinite loop! |
| 3997 | |
| 3998 | Added test 1162 to verify. |
| 3999 | |
| 4000 | Reported-by: Max Dymond |
| 4001 | Fixes #2015 |
| 4002 | Closes #2017 |
| 4003 | |
| 4004 | - [Max Dymond brought this change] |
| 4005 | |
| 4006 | wildcards: don't use with non-supported protocols |
| 4007 | |
| 4008 | Fixes timeouts in the fuzzing tests for non-FTP protocols. |
| 4009 | |
| 4010 | Closes #2016 |
| 4011 | |
| 4012 | - [Max Dymond brought this change] |
| 4013 | |
| 4014 | multi: allow table handle sizes to be overridden |
| 4015 | |
| 4016 | Allow users to specify their own hash define for |
| 4017 | CURL_CONNECTION_HASH_SIZE so that both values can be overridden. |
| 4018 | |
| 4019 | Closes #1982 |
| 4020 | |
| 4021 | - time: rename Curl_tvnow to Curl_now |
| 4022 | |
| 4023 | ... since the 'tv' stood for timeval and this function does not return a |
| 4024 | timeval struct anymore. |
| 4025 | |
| 4026 | Also, cleaned up the Curl_timediff*() functions to avoid typecasts and |
| 4027 | clean up the descriptive comments. |
| 4028 | |
| 4029 | Closes #2011 |
| 4030 | |
| 4031 | - ftplistparser: follow-up cleanup to remove PL_ERROR() |
| 4032 | |
| 4033 | - [Max Dymond brought this change] |
| 4034 | |
| 4035 | ftplistparser: free off temporary memory always |
| 4036 | |
| 4037 | When using the FTP list parser, ensure that the memory that's |
| 4038 | allocated is always freed. |
| 4039 | |
| 4040 | Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682 |
| 4041 | Closes #2013 |
| 4042 | |
| 4043 | - timediff: return timediff_t from the time diff functions |
| 4044 | |
| 4045 | ... to cater for systems with unsigned time_t variables. |
| 4046 | |
| 4047 | - Renamed the functions to curlx_timediff and Curl_timediff_us. |
| 4048 | |
| 4049 | - Added overflow protection for both of them in either direction for |
| 4050 | both 32 bit and 64 bit time_ts |
| 4051 | |
| 4052 | - Reprefixed the curlx_time functions to use Curl_* |
| 4053 | |
| 4054 | Reported-by: Peter Piekarski |
| 4055 | Fixes #2004 |
| 4056 | Closes #2005 |
| 4057 | |
| 4058 | - [Paul Howarth brought this change] |
| 4059 | |
| 4060 | libtest: Add required test libraries for lib1552 and lib1553 |
| 4061 | |
| 4062 | They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too. |
| 4063 | |
| 4064 | This fixes build failures on Fedora 13. |
| 4065 | |
| 4066 | Closes #2006 |
| 4067 | |
| 4068 | - [Alessandro Ghedini brought this change] |
| 4069 | |
| 4070 | libcurl-tutorial.3: fix typo |
| 4071 | |
| 4072 | closes #2008 |
| 4073 | |
| 4074 | Alessandro Ghedini (23 Oct 2017) |
| 4075 | - curl_mime_filedata.3: fix typos |
| 4076 | |
| 4077 | Daniel Stenberg (23 Oct 2017) |
| 4078 | - RELEASE-NOTES: clean slate towards 7.57.0 |
| 4079 | |
| 4080 | - [Max Dymond brought this change] |
| 4081 | |
| 4082 | travis: exit if any steps fail |
| 4083 | |
| 4084 | We don't expect any steps to fail in travis. Exit the script if they do. |
| 4085 | |
| 4086 | Closes #1966 |
| 4087 | |
| 4088 | Version 7.56.1 (23 Oct 2017) |
| 4089 | |
| 4090 | Daniel Stenberg (23 Oct 2017) |
| 4091 | - RELEASE-NOTES: 7.56.1 |
| 4092 | |
| 4093 | - THANKS: update at 7.56.1 release time |
| 4094 | |
| 4095 | - [Jon DeVree brought this change] |
| 4096 | |
| 4097 | mk-ca-bundle: Remove URL for aurora |
| 4098 | |
| 4099 | Aurora is no longer used by Mozilla |
| 4100 | https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/ |
| 4101 | |
| 4102 | - [Jon DeVree brought this change] |
| 4103 | |
| 4104 | mk-ca-bundle: Fix URL for NSS |
| 4105 | |
| 4106 | The 'tip' is the most recent branch committed to, this should be |
| 4107 | 'default' like the URLs for the browser are. |
| 4108 | |
| 4109 | Closes #1998 |
| 4110 | |
| 4111 | - imap: if a FETCH response has no size, don't call write callback |
| 4112 | |
| 4113 | CVE-2017-1000257 |
| 4114 | |
| 4115 | Reported-by: Brian Carpenter and 0xd34db347 |
| 4116 | Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586 |
| 4117 | |
| 4118 | - ftp: reject illegal IP/port in PASV 227 response |
| 4119 | |
| 4120 | ... by using range checks. Among other things, this avoids an undefined |
| 4121 | behavior for a left shift that could happen on negative or very large |
| 4122 | values. |
| 4123 | |
| 4124 | Closes #1997 |
| 4125 | |
| 4126 | Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694 |
| 4127 | |
| 4128 | Patrick Monnerat (20 Oct 2017) |
| 4129 | - test653: check reuse of easy handle after mime data change |
| 4130 | |
| 4131 | See issue #1999 |
| 4132 | |
| 4133 | - mime: do not reuse previously computed multipart size |
| 4134 | |
| 4135 | The contents might have changed: size must be recomputed. |
| 4136 | |
| 4137 | Reported-by: moteus on github |
| 4138 | Fixes #1999 |
| 4139 | |
| 4140 | - test308: disable if MultiSSL feature enabled |
| 4141 | |
| 4142 | Even if OpenSSL is enabled, it might not be the default backend when |
| 4143 | multi-ssl is enabled, causing the test to fail. |
| 4144 | |
| 4145 | - runtests: support MultiSSL client feature |
| 4146 | |
| 4147 | - vtls: change struct Curl_ssl `close' field name to `close_one'. |
| 4148 | |
| 4149 | On OS/400, `close' is an ASCII system macro that corrupts the code if |
| 4150 | not used in a context not targetting the close() system API. |
| 4151 | |
| 4152 | - os400: add missing symbols in config file. |
| 4153 | |
| 4154 | Also adjust makefile to renamed files and warn about installation dirs mix-up. |
| 4155 | |
| 4156 | - test652: curl_mime_data + base64 encoder with large contents |
| 4157 | |
| 4158 | - mime: limit bas64-encoded lines length to 76 characters |
| 4159 | |
| 4160 | Daniel Stenberg (16 Oct 2017) |
| 4161 | - RELEASE-NOTES: synced with f121575c0 |
| 4162 | |
| 4163 | - setopt: range check most long options |
| 4164 | |
| 4165 | ... filter early instead of risking "funny values" having to be dealt |
| 4166 | with elsewhere. |
| 4167 | |
| 4168 | - setopt: avoid integer overflows when setting millsecond values |
| 4169 | |
| 4170 | ... that are multiplied by 1000 when stored. |
| 4171 | |
| 4172 | For 32 bit long systems, the max value accepted (2147483 seconds) is > |
| 4173 | 596 hours which is unlikely to ever be set by a legitimate application - |
| 4174 | and previously it didn't work either, it just caused undefined behavior. |
| 4175 | |
| 4176 | Also updated the man pages for these timeout options to mention the |
| 4177 | return code. |
| 4178 | |
| 4179 | Closes #1938 |
| 4180 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 4181 | Viktor Szakats (15 Oct 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 4182 | - makefile.m32: allow to override gcc, ar and ranlib |
| 4183 | |
| 4184 | Allow to ovverride certain build tools, making it possible to |
| 4185 | use LLVM/Clang to build curl. The default behavior is unchanged. |
| 4186 | To build with clang (as offered by MSYS2), these settings can |
| 4187 | be used: |
| 4188 | |
| 4189 | CURL_CC=clang |
| 4190 | CURL_AR=llvm-ar |
| 4191 | CURL_RANLIB=llvm-ranlib |
| 4192 | |
| 4193 | Closes https://github.com/curl/curl/pull/1993 |
| 4194 | |
| 4195 | - ldap: silence clang warning |
| 4196 | |
| 4197 | Use memset() to initialize a structure to avoid LLVM/Clang warning: |
| 4198 | ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] |
| 4199 | |
| 4200 | Closes https://github.com/curl/curl/pull/1992 |
| 4201 | |
| 4202 | Daniel Stenberg (14 Oct 2017) |
| 4203 | - runtests: use valgrind for torture as well |
| 4204 | |
| 4205 | NOTE: it makes them terribly slow. I recommend only using valgrind for |
| 4206 | specific torture tests or using lots of patience. |
| 4207 | |
| 4208 | - memdebug: trace send, recv and socket |
| 4209 | |
| 4210 | ... to allow them to be included in torture tests too. |
| 4211 | |
| 4212 | closes #1980 |
| 4213 | |
| 4214 | - configure: remove the C++ compiler check |
| 4215 | |
| 4216 | ... we used it only for the fuzzer, which we now have in a separate git |
| 4217 | repo. |
| 4218 | |
| 4219 | Closes #1990 |
| 4220 | |
| 4221 | Patrick Monnerat (13 Oct 2017) |
| 4222 | - mime: do not call failf() if easy handle is NULL. |
| 4223 | |
| 4224 | Daniel Stenberg (13 Oct 2017) |
| 4225 | - test651: curl_formadd with huge COPYCONTENTS |
| 4226 | |
| 4227 | - mime: fix the content reader to handle >16K data properly |
| 4228 | |
| 4229 | Reported-by: Jeroen Ooms |
| 4230 | Closes #1988 |
| 4231 | |
| 4232 | Patrick Monnerat (12 Oct 2017) |
| 4233 | - mime: keep "text/plain" content type if user-specified. |
| 4234 | |
| 4235 | Include test cases in 554, 587, 650. |
| 4236 | |
| 4237 | Fixes https://github.com/curl/curl/issues/1986 |
| 4238 | |
| 4239 | - cli tool: use file2memory() to buffer stdin in -F option. |
| 4240 | |
| 4241 | Closes PR https://github.com/curl/curl/pull/1985 |
| 4242 | |
| 4243 | - cli tool: reimplement stdin buffering in -F option. |
| 4244 | |
| 4245 | If stdin is not a regular file, its content is memory-buffered to enable |
| 4246 | a possible data "rewind". |
| 4247 | In all cases, stdin data size is determined before real use to avoid |
| 4248 | having an unknown part's size. |
| 4249 | |
| 4250 | --libcurl generated code is left as an unbuffered stdin fread/fseek callback |
| 4251 | part with unknown data size. |
| 4252 | |
| 4253 | Buffering is not supported in deprecated curl_formadd() API. |
| 4254 | |
| 4255 | Daniel Stenberg (12 Oct 2017) |
| 4256 | - winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2 |
| 4257 | |
| 4258 | - HELP-US: the label "PR-welcome" is now renamed to "help wanted" |
| 4259 | |
| 4260 | following the new github "standard" |
| 4261 | |
| 4262 | - RELEASE-NOTES: synced with 5505df7d2 |
| 4263 | |
| 4264 | Jay Satiro (11 Oct 2017) |
| 4265 | - [Artak Galoyan brought this change] |
| 4266 | |
| 4267 | url: Update current connection SSL verify params in setopt |
| 4268 | |
| 4269 | Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active |
| 4270 | connection updates the current connection's (i.e.'connectdata' |
| 4271 | structure) appropriate ssl_config (and ssl_proxy_config) structures |
| 4272 | variables, making these options effective for ongoing connection. |
| 4273 | |
| 4274 | This functionality was available before and was broken by the |
| 4275 | following change: |
| 4276 | "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" |
| 4277 | CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. |
| 4278 | |
| 4279 | Bug: https://github.com/curl/curl/issues/1941 |
| 4280 | |
| 4281 | Closes https://github.com/curl/curl/pull/1951 |
| 4282 | |
| 4283 | Daniel Stenberg (11 Oct 2017) |
| 4284 | - [David Benjamin brought this change] |
| 4285 | |
| 4286 | openssl: don't use old BORINGSSL_YYYYMM macros |
| 4287 | |
| 4288 | Those were temporary things we'd add and remove for our own convenience |
| 4289 | long ago. The last few stayed around for too long as an oversight but |
| 4290 | have since been removed. These days we have a running |
| 4291 | BORINGSSL_API_VERSION counter which is bumped when we find it |
| 4292 | convenient, but 2015-11-19 was quite some time ago, so just check |
| 4293 | OPENSSL_IS_BORINGSSL. |
| 4294 | |
| 4295 | Closes #1979 |
| 4296 | |
| 4297 | - test950; verify SMTP with custom request |
| 4298 | |
| 4299 | - ftpserver: support case insensitive commands |
| 4300 | |
| 4301 | - smtp_done: free data before returning (on send failure) |
| 4302 | |
| 4303 | ... as otherwise it could leak that memory. |
| 4304 | |
| 4305 | Detected by OSS-fuzz: |
| 4306 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 |
| 4307 | |
| 4308 | Assisted-by: Max Dymond |
| 4309 | Closes #1977 |
| 4310 | |
| 4311 | - FTP: URL decode path for dir listing in nocwd mode |
| 4312 | |
| 4313 | Reported-by: Zenju on github |
| 4314 | |
| 4315 | Test 244 added to verify |
| 4316 | Fixes #1974 |
| 4317 | Closes #1976 |
| 4318 | |
| 4319 | - test298: verify --ftp-method nowcwd with URL encoded path |
| 4320 | |
| 4321 | Ref: #1974 |
| 4322 | |
| 4323 | - CURLOPT_XFERINFODATA.3: fix duplicate see also |
| 4324 | |
| 4325 | - CURLOPT_NOPROGRESS.3: also refer to xferinfofunction |
| 4326 | |
| 4327 | - FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION |
| 4328 | |
| 4329 | - openssl: enable PKCS12 support for !BoringSSL |
| 4330 | |
| 4331 | Enable PKCS12 for all non-boringssl builds without relying on configure |
| 4332 | or cmake checks. |
| 4333 | |
| 4334 | Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html |
| 4335 | Reported-by: Christian Schmitz |
| 4336 | Closes #1948 |
| 4337 | |
| 4338 | - [Kristiyan Tsaklev brought this change] |
| 4339 | |
| 4340 | curl: don't pass semicolons when parsing Content-Disposition |
| 4341 | |
| 4342 | Test 1422 updated to verify. |
| 4343 | |
| 4344 | Closes #1964 |
| 4345 | |
| 4346 | Patrick Monnerat (9 Oct 2017) |
| 4347 | - mime: properly unbind mime structure in curl_mime_free(). |
| 4348 | |
| 4349 | This allows freeing a mime structure bound to the easy handle before |
| 4350 | curl_easy_cleanup(). |
| 4351 | |
| 4352 | Fixes #1970. |
| 4353 | |
| 4354 | Daniel Stenberg (9 Oct 2017) |
| 4355 | - RTSP: avoid integer overflow on funny RTSP response |
| 4356 | |
| 4357 | ... like a very large non-existing RTSP version number. |
| 4358 | |
| 4359 | Added test 577 to verify. |
| 4360 | |
| 4361 | Detected by OSS-fuzz. |
| 4362 | Closes #1969 |
| 4363 | |
| 4364 | Patrick Monnerat (8 Oct 2017) |
| 4365 | - ftpserver: properly reset $ftptargetdir. |
| 4366 | |
| 4367 | - test643: verify curl_mime_subparts() rejects cyclic additions. |
| 4368 | |
| 4369 | - mime: refuse to add subparts to one of their own descendants. |
| 4370 | |
| 4371 | Reported-by: Alexey Melnichuk |
| 4372 | Fixes #1962 |
| 4373 | |
| 4374 | - mime: avoid resetting a part's encoder when part's contents change. |
| 4375 | |
| 4376 | - mime: improve unbinding top multipart from easy handle. |
| 4377 | |
| 4378 | Also avoid dangling pointers in referencing parts. |
| 4379 | |
| 4380 | Daniel Stenberg (8 Oct 2017) |
| 4381 | - RELEASE-NOTES: synced with a4c1c75da30af1 |
| 4382 | |
| 4383 | - curlver.h: next expected release is 7.57.0 |
| 4384 | |
| 4385 | Patrick Monnerat (8 Oct 2017) |
| 4386 | - mime: be tolerant about setting twice the same header list in a part. |
| 4387 | |
| 4388 | - docs: clarify form/mime usage of non-regular data files. |
| 4389 | |
| 4390 | Daniel Stenberg (8 Oct 2017) |
| 4391 | - Revert "multi_done: wait for name resolve to finish if still ongoing" |
| 4392 | |
| 4393 | This reverts commit f3e03f6c0ac52a1bf396e03f7d7e9b5b3b7165fe. |
| 4394 | |
| 4395 | Caused memory leaks in the fuzzer, needs to be done differently. |
| 4396 | |
| 4397 | Disable test 1553 for now too, as it causes memory leaks without this |
| 4398 | commit! |
| 4399 | |
| 4400 | - remove_handle: call multi_done() first, then clear dns cache pointer |
| 4401 | |
| 4402 | Closes #1960 |
| 4403 | |
| 4404 | - multi_done: wait for name resolve to finish if still ongoing |
| 4405 | |
| 4406 | ... as we must clean up memory. |
| 4407 | |
| 4408 | - pingpong: return error when trying to send without connection |
| 4409 | |
| 4410 | When imap_done() got called before a connection is setup, it would try |
| 4411 | to "finish up" and dereffed a NULL pointer. |
| 4412 | |
| 4413 | Test case 1553 managed to reproduce. I had to actually use a host name |
| 4414 | to try to resolve to slow it down, as using the normal local server IP |
| 4415 | will make libcurl get a connection in the first curl_multi_perform() |
| 4416 | loop and then the bug doesn't trigger. |
| 4417 | |
| 4418 | Fixes #1953 |
| 4419 | Assisted-by: Max Dymond |
| 4420 | |
| 4421 | Dan Fandrich (6 Oct 2017) |
| 4422 | - tests: added flaky keyword to tests 587 and 644 |
| 4423 | |
| 4424 | These are around 5% flaky in my Linux x86 autobuilds. |
| 4425 | |
| 4426 | Marcel Raad (6 Oct 2017) |
| 4427 | - vtls: fix warnings with --disable-crypto-auth |
| 4428 | |
| 4429 | When CURL_DISABLE_CRYPTO_AUTH is defined, Curl_none_md5sum's parameters |
| 4430 | are not used. |
| 4431 | |
| 4432 | Daniel Stenberg (6 Oct 2017) |
| 4433 | - multi_cleanup: call DONE on handles that never got that |
| 4434 | |
| 4435 | ... fixes a memory leak with at least IMAP when remove_handle is never |
| 4436 | called and the transfer is abruptly just abandoned early. |
| 4437 | |
| 4438 | Test 1552 added to verify |
| 4439 | |
| 4440 | Detected by OSS-fuzz |
| 4441 | Assisted-by: Max Dymond |
| 4442 | Closes #1954 |
| 4443 | |
| 4444 | - [Benbuck Nason brought this change] |
| 4445 | |
| 4446 | strtoofft: Remove extraneous null check |
| 4447 | |
| 4448 | Fixes #1950: curlx_strtoofft() doesn't fully protect against null 'str' |
| 4449 | argument. |
| 4450 | |
| 4451 | Closes #1952 |
| 4452 | |
| 4453 | - openssl: fix build without HAVE_OPAQUE_EVP_PKEY |
| 4454 | |
| 4455 | Reported-by: Javier Sixto |
| 4456 | Fixes #1955 |
| 4457 | Closes #1956 |
| 4458 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 4459 | Viktor Szakats (6 Oct 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 4460 | - lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS |
| 4461 | |
| 4462 | The source code is now prepared to handle the case when both |
| 4463 | Win32 Crypto and OpenSSL/NSS crypto backends are enabled |
| 4464 | at the same time, making it now possible to enable `USE_WIN32_CRYPTO` |
| 4465 | whenever the targeted Windows version supports it. Since this |
| 4466 | matches the minimum Windows version supported by curl |
| 4467 | (Windows 2000), enable it unconditionally for the Win32 platform. |
| 4468 | |
| 4469 | This in turn enables SMB (and SMBS) protocol support whenever |
| 4470 | Win32 Crypto is available, regardless of what other crypto backends |
| 4471 | are enabled. |
| 4472 | |
| 4473 | Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052 |
| 4474 | |
| 4475 | Closes https://github.com/curl/curl/pull/1943 |
| 4476 | |
| 4477 | Daniel Stenberg (5 Oct 2017) |
| 4478 | - build: fix --disable-crypto-auth |
| 4479 | |
| 4480 | Reported-by: Wyatt O'Day |
| 4481 | Fixes #1945 |
| 4482 | Closes #1947 |
| 4483 | |
| 4484 | Jay Satiro (5 Oct 2017) |
| 4485 | - [Nick Zitzmann brought this change] |
| 4486 | |
| 4487 | darwinssl: add support for TLSv1.3 |
| 4488 | |
| 4489 | Closes https://github.com/curl/curl/pull/1794 |
| 4490 | |
| 4491 | Daniel Stenberg (4 Oct 2017) |
| 4492 | - [Felix Kaiser brought this change] |
| 4493 | |
| 4494 | docs: fix typo in curl_mime_data_cb man page |
| 4495 | |
| 4496 | Closes #1946 |
| 4497 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 4498 | Viktor Szakats (4 Oct 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 4499 | - lib/Makefile.m32: allow customizing dll suffixes |
| 4500 | |
| 4501 | - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated |
| 4502 | libcurl dll name. Useful to add `-x64` to 64-bit builds so that |
| 4503 | it can live in the same directory as the 32-bit one. By default |
| 4504 | this is empty. |
| 4505 | |
| 4506 | - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the |
| 4507 | generated import library (implib) for libcurl .dll. It defaults |
| 4508 | to `dll`, and it's useful to modify that to `.dll` to have the |
| 4509 | standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`. |
| 4510 | |
| 4511 | Closes https://github.com/curl/curl/pull/1942 |
| 4512 | |
| 4513 | Daniel Stenberg (4 Oct 2017) |
| 4514 | - [Max Dymond brought this change] |
| 4515 | |
| 4516 | fuzzer: move to using external curl-fuzzer |
| 4517 | |
| 4518 | Use the external curl-fuzzer repository for fuzzing. |
| 4519 | |
| 4520 | Closes #1923 |
| 4521 | |
| 4522 | - failf: skip the sprintf() if there are no consumers |
| 4523 | |
| 4524 | Closes #1936 |
| 4525 | |
| 4526 | - ftp: UBsan fixup 'pointer index expression overflowed' |
| 4527 | |
| 4528 | Closes #1939 |
| 4529 | |
| 4530 | - RELEASE-PROCEDURE: update the release schedule |
| 4531 | |
| 4532 | Version 7.56.0 (4 Oct 2017) |
| 4533 | |
| 4534 | Daniel Stenberg (4 Oct 2017) |
| 4535 | - RELEASE-NOTES: curl 7.56.0 |
| 4536 | |
| 4537 | - THANKS: added new 7.56.0 contributors |
| 4538 | |
| 4539 | Jay Satiro (4 Oct 2017) |
| 4540 | - build-openssl.bat: Warn OpenSSL 1.1.0 not yet supported |
| 4541 | |
| 4542 | Ref: https://github.com/curl/curl/issues/1002 |
| 4543 | |
| 4544 | Michael Kaufmann (3 Oct 2017) |
| 4545 | - idn: fix source code comment |
| 4546 | |
| 4547 | - vtls: compare and clone ssl configs properly |
| 4548 | |
| 4549 | Compare these settings in Curl_ssl_config_matches(): |
| 4550 | - verifystatus (CURLOPT_SSL_VERIFYSTATUS) |
| 4551 | - random_file (CURLOPT_RANDOM_FILE) |
| 4552 | - egdsocket (CURLOPT_EGDSOCKET) |
| 4553 | |
| 4554 | Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(), |
| 4555 | and copy the setting "sessionid" unconditionally. |
| 4556 | |
| 4557 | This means that reusing connections that are secured with a client |
| 4558 | certificate is now possible, and the statement "TLS session resumption |
| 4559 | is disabled when a client certificate is used" in the old advisory at |
| 4560 | https://curl.haxx.se/docs/adv_20170419.html is obsolete. |
| 4561 | |
| 4562 | Reviewed-by: Daniel Stenberg |
| 4563 | |
| 4564 | Closes #1917 |
| 4565 | |
| 4566 | - proxy: read the "no_proxy" variable only if necessary |
| 4567 | |
| 4568 | Reviewed-by: Daniel Stenberg |
| 4569 | |
| 4570 | Closes #1919 |
| 4571 | |
| 4572 | Patrick Monnerat (3 Oct 2017) |
| 4573 | - libcurl-tutorial: add casts in example to avoid compilation warnings. |
| 4574 | |
| 4575 | Daniel Stenberg (3 Oct 2017) |
| 4576 | - examples: bring back curl_formadd-using examples |
| 4577 | |
| 4578 | ... now with a -formadd suffix. While the new mime API is introduced in |
| 4579 | 7.56.0 we must acknowledge that lots of users can't upgrade their curl |
| 4580 | versions immediately. |
| 4581 | |
| 4582 | - test1153: verify quoted double-qoutes in PWD response |
| 4583 | |
| 4584 | - FTP: zero terminate the entry path even on bad input |
| 4585 | |
| 4586 | ... a single double quote could leave the entry path buffer without a zero |
| 4587 | terminating byte. CVE-2017-1000254 |
| 4588 | |
| 4589 | Test 1152 added to verify. |
| 4590 | |
| 4591 | Reported-by: Max Dymond |
| 4592 | Bug: https://curl.haxx.se/docs/adv_20171004.html |
| 4593 | |
| 4594 | Jay Satiro (2 Oct 2017) |
| 4595 | - [Sergei Nikulov brought this change] |
| 4596 | |
| 4597 | cmake: disable tests and man generation if perl/nroff not found |
| 4598 | |
| 4599 | Fixes https://github.com/curl/curl/issues/1500 |
| 4600 | Reported-by: Jay Satiro |
| 4601 | |
| 4602 | Fixes https://github.com/curl/curl/pull/1662 |
| 4603 | Assisted-by: Tom Seddon |
| 4604 | Assisted-by: dpull@users.noreply.github.com |
| 4605 | Assisted-by: elelel@users.noreply.github.com |
| 4606 | |
| 4607 | Closes https://github.com/curl/curl/pull/1924 |
| 4608 | |
| 4609 | Patrick Monnerat (2 Oct 2017) |
| 4610 | - libcurl-tutorial: fix two typos. |
| 4611 | |
| 4612 | - TODO: remove deprecated form API items. |
| 4613 | |
| 4614 | - libcurl-tutorial: describe MIME API and deprecate form API. |
| 4615 | |
| 4616 | Include a guide to form/mime API conversion. |
| 4617 | |
| 4618 | Daniel Stenberg (30 Sep 2017) |
| 4619 | - cookie: fix memory leak if path was set twice in header |
| 4620 | |
| 4621 | ... this will let the second occurance override the first. |
| 4622 | |
| 4623 | Added test 1161 to verify. |
| 4624 | |
| 4625 | Reported-by: Max Dymond |
| 4626 | Fixes #1932 |
| 4627 | Closes #1933 |
| 4628 | |
| 4629 | Dan Fandrich (30 Sep 2017) |
| 4630 | - test650: Use variable replacement to set the host address and port |
| 4631 | |
| 4632 | Otherwise, the test fails when the -b test option is used to set a |
| 4633 | different test port range. |
| 4634 | |
| 4635 | - Set and use more necessary options when some protocols are disabled |
| 4636 | |
| 4637 | When curl and libcurl are built with some protocols disabled, they stop |
| 4638 | setting and receiving some options that don't make sense with those |
| 4639 | protocols. In particular, when HTTP is disabled many options aren't set |
| 4640 | that are used only by HTTP. However, some options that appear to be |
| 4641 | HTTP-only are actually used by other protocols as well (some despite |
| 4642 | having HTTP in the name) and should be set, but weren't. This change now |
| 4643 | causes some of these options to be set and used for more (or for all) |
| 4644 | protocols. In particular, this fixes tests 646 through 649 in an |
| 4645 | HTTP-disabled build, which use the MIME API in the mail protocols. |
| 4646 | |
| 4647 | Daniel Stenberg (29 Sep 2017) |
| 4648 | - test1160: verifies cookie leak for large cookies |
| 4649 | |
| 4650 | The fix done in 20ea22ff735 |
| 4651 | |
| 4652 | - cookie: fix memory leak on oversized rejection |
| 4653 | |
| 4654 | Regression brought by 2bc230de63b |
| 4655 | |
| 4656 | Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513 |
| 4657 | Assisted-by: Max Dymond |
| 4658 | |
| 4659 | Closes #1930 |
| 4660 | |
| 4661 | - [Anders Bakken brought this change] |
| 4662 | |
| 4663 | connect: fix race condition with happy eyeballs timeout |
| 4664 | |
| 4665 | The timer should be started after conn->connecttime is set. Otherwise |
| 4666 | the timer could expire without this condition being true: |
| 4667 | |
| 4668 | /* should we try another protocol family? */ |
| 4669 | if(i == 0 && conn->tempaddr[1] == NULL && |
| 4670 | curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { |
| 4671 | |
| 4672 | Ref: #1928 |
| 4673 | |
| 4674 | Michael Kaufmann (28 Sep 2017) |
| 4675 | - docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS |
| 4676 | |
| 4677 | Closes #1922 |
| 4678 | |
| 4679 | - docs: clarify the use of environment variables for proxy |
| 4680 | |
| 4681 | Closes #1921 |
| 4682 | |
| 4683 | - http: add custom empty headers to repeated requests |
| 4684 | |
| 4685 | Closes #1920 |
| 4686 | |
| 4687 | - reuse_conn: don't copy flags that are known to be equal |
| 4688 | |
| 4689 | A connection can only be reused if the flags "conn_to_host" and |
| 4690 | "conn_to_port" match. Therefore it is not necessary to copy these flags |
| 4691 | in reuse_conn(). |
| 4692 | |
| 4693 | Closes #1918 |
| 4694 | |
| 4695 | Daniel Stenberg (27 Sep 2017) |
| 4696 | - curl.h: include <sys/select.h> on cygwin too |
| 4697 | |
| 4698 | When building with -std=c++14 on cygwin, this header won't be |
| 4699 | automatically included as it otherwise is. |
| 4700 | |
| 4701 | The <sys/select.h> include decision should ideally be reversed and be |
| 4702 | avoided where that header file doesn't exist. |
| 4703 | |
| 4704 | Reported-by: Ian Fette |
| 4705 | Fixes #1925 |
| 4706 | |
| 4707 | - RELEASE-NOTES: synced with d8ab5dc50 |
| 4708 | |
| 4709 | Michael Kaufmann (24 Sep 2017) |
| 4710 | - tests: adjust .gitignore for new tests |
| 4711 | |
| 4712 | Jay Satiro (23 Sep 2017) |
| 4713 | - ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM header |
| 4714 | |
| 4715 | .. and include the core NTLM header in all NTLM-related source files. |
| 4716 | |
| 4717 | Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT |
| 4718 | but did not include vtls.h where it was defined. |
| 4719 | |
| 4720 | Closes https://github.com/curl/curl/pull/1911 |
| 4721 | |
| 4722 | Daniel Stenberg (23 Sep 2017) |
| 4723 | - file_range: avoid integer overflow when figuring out byte range |
| 4724 | |
| 4725 | When trying to bump the value with one and the value is already at max, |
| 4726 | it causes an integer overflow. |
| 4727 | |
| 4728 | Closes #1908 |
| 4729 | Detected by oss-fuzz: |
| 4730 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 |
| 4731 | |
| 4732 | Assisted-by: Max Dymond |
| 4733 | |
| 4734 | Michael Kaufmann (23 Sep 2017) |
| 4735 | - tests: fix a compiler warning in test 643 |
| 4736 | |
| 4737 | Jay Satiro (23 Sep 2017) |
| 4738 | - symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entry |
| 4739 | |
| 4740 | - Use spaces instead of tabs as the delimiter. |
| 4741 | |
| 4742 | Follow up to 7c52b12 which added the entry. The entry had used tabs but |
| 4743 | the symbol-scan parser doesn't recognize tabs and would fail the symbol. |
| 4744 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 4745 | Viktor Szakats (22 Sep 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 4746 | - metalink: fix NSS issue in MultiSSL builds |
| 4747 | |
| 4748 | In MultiSSL mode (i.e. when more than one SSL backend is compiled |
| 4749 | in), we cannot use the compile time flag `USE_NSS` as indicator that |
| 4750 | the NSS backend is in use. As far as Metalink is concerned, the SSL |
| 4751 | backend is only used for MD5, SHA-1 and SHA-256 calculations, |
| 4752 | therefore one of the available SSL backends is selected at compile |
| 4753 | time, in a strict order of preference. |
| 4754 | |
| 4755 | Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used |
| 4756 | to determine whether the SSL backend used for Metalink is the NSS |
| 4757 | backend, and use that to guard the code that wants to de-initialize |
| 4758 | the NSS-specific data structure. |
| 4759 | |
| 4760 | Ref: https://github.com/curl/curl/pull/1848 |
| 4761 | |
| 4762 | - ntlm: use strict order for SSL backend #if branches |
| 4763 | |
| 4764 | With the recently introduced MultiSSL support multiple SSL backends |
| 4765 | can be compiled into cURL That means that now the order of the SSL |
| 4766 | |
| 4767 | One option would be to use the same SSL backend as was configured |
| 4768 | via `curl_global_sslset()`, however, NTLMv2 support would appear |
| 4769 | to be available only with some SSL backends. For example, when |
| 4770 | eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced |
| 4771 | support for NTLMv1 using Windows' Crypt API, it specifically did |
| 4772 | *not* introduce NTLMv2 support using Crypt API at the same time. |
| 4773 | |
| 4774 | So let's select one specific SSL backend for NTLM support when |
| 4775 | compiled with multiple SSL backends, using a priority order such |
| 4776 | that we support NTLMv2 even if only one compiled-in SSL backend can |
| 4777 | be used for that. |
| 4778 | |
| 4779 | Ref: https://github.com/curl/curl/pull/1848 |
| 4780 | |
| 4781 | Daniel Stenberg (22 Sep 2017) |
| 4782 | - symbols-in-versions: add CURLSSLSET_NO_BACKENDS |
| 4783 | |
| 4784 | ...fixup from b8e0fe19ec |
| 4785 | |
| 4786 | - imap: quote atoms properly when escaping characters |
| 4787 | |
| 4788 | Updates test 800 to verify |
| 4789 | |
| 4790 | Fixes #1902 |
| 4791 | Closes #1903 |
| 4792 | |
| 4793 | - tests: make the imap server not verify user+password |
| 4794 | |
| 4795 | ... as the test cases themselves do that and it makes it easier to add |
| 4796 | crazy test cases. |
| 4797 | |
| 4798 | Test 800 updated to use user name + password that need quoting. |
| 4799 | |
| 4800 | Test 856 updated to trigger an auth fail differently. |
| 4801 | |
| 4802 | Ref: #1902 |
| 4803 | |
| 4804 | - vtls: provide curl_global_sslset() even in non-SSL builds |
| 4805 | |
| 4806 | ... it just returns error: |
| 4807 | |
| 4808 | Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367 |
| 4809 | Reported-by: Marcel Raad |
| 4810 | |
| 4811 | Closes #1906 |
| 4812 | |
| 4813 | Patrick Monnerat (22 Sep 2017) |
| 4814 | - form/mime: field names are not allowed to contain zero-valued bytes. |
| 4815 | |
| 4816 | Also suppress length argument of curl_mime_name() (names are always |
| 4817 | zero-terminated). |
| 4818 | |
| 4819 | Daniel Stenberg (21 Sep 2017) |
| 4820 | - [Dirk Feytons brought this change] |
| 4821 | |
| 4822 | openssl: only verify RSA private key if supported |
| 4823 | |
| 4824 | In some cases the RSA key does not support verifying it because it's |
| 4825 | located on a smart card, an engine wants to hide it, ... |
| 4826 | Check the flags on the key before trying to verify it. |
| 4827 | OpenSSL does the same thing internally; see ssl/ssl_rsa.c |
| 4828 | |
| 4829 | Closes #1904 |
| 4830 | |
| 4831 | Marcel Raad (21 Sep 2017) |
| 4832 | - examples/post-callback: use long for CURLOPT_POSTFIELDSIZE |
| 4833 | |
| 4834 | Otherwise, typecheck-gcc.h warns on MinGW-w64. |
| 4835 | |
| 4836 | Patrick Monnerat (20 Sep 2017) |
| 4837 | - mime: rephrase the multipart output state machine (#1898) ... |
| 4838 | |
| 4839 | ... in hope coverity will like it much. |
| 4840 | |
| 4841 | - mime: fix an explicit null dereference (#1899) |
| 4842 | |
| 4843 | Daniel Stenberg (20 Sep 2017) |
| 4844 | - curl: check fseek() return code and bail on error |
| 4845 | |
| 4846 | Detected by coverity. CID 1418137. |
| 4847 | |
| 4848 | - smtp: fix memory leak in OOM |
| 4849 | |
| 4850 | Regression since ce0881edee |
| 4851 | |
| 4852 | Coverity CID 1418139 and CID 1418136 found it, but it was also seen in |
| 4853 | torture testing. |
| 4854 | |
| 4855 | - RELEASE-NOTES: synced with 5fe85587c |
| 4856 | |
Elliott Hughes | 0128fe4 | 2018-02-27 14:57:55 -0800 | [diff] [blame] | 4857 | - [Pavel Pavlov brought this change] |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 4858 | |
| 4859 | cookies: use lock when using CURLINFO_COOKIELIST |
| 4860 | |
| 4861 | Closes #1896 |
| 4862 | |
| 4863 | - [Max Dymond brought this change] |
| 4864 | |
| 4865 | ossfuzz: changes before merging the generated corpora |
| 4866 | |
| 4867 | Before merging in the oss-fuzz corpora from Google, there are some changes |
| 4868 | to the fuzzer. |
| 4869 | - Add a read corpus script, to display corpus files nicely. |
| 4870 | - Change the behaviour of the fuzzer so that TLV parse failures all now |
| 4871 | go down the same execution paths, which should reduce the size of the |
| 4872 | corpora. |
| 4873 | - Make unknown TLVs a failure to parse, which should decrease the size |
| 4874 | of the corpora as well. |
| 4875 | |
| 4876 | Closes #1881 |
| 4877 | |
| 4878 | - mime:escape_string minor clarification change |
| 4879 | |
| 4880 | ... as it also removes a warning with old gcc versions. |
| 4881 | |
| 4882 | Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html |
| 4883 | Reported-by: Ben Greear |
| 4884 | |
| 4885 | - [Max Dymond brought this change] |
| 4886 | |
| 4887 | ossfuzz: don't write out to stdout |
| 4888 | |
| 4889 | Don't make the fuzzer write out to stdout - instead write some of the |
| 4890 | contents to a memory block so we exercise the data output code but |
| 4891 | quietly. |
| 4892 | |
| 4893 | Closes #1885 |
| 4894 | |
| 4895 | - cookies: reject oversized cookies |
| 4896 | |
| 4897 | ... instead of truncating them. |
| 4898 | |
| 4899 | There's no fixed limit for acceptable cookie names in RFC 6265, but the |
| 4900 | entire cookie is said to be less than 4096 bytes (section 6.1). This is |
| 4901 | also what browsers seem to implement. |
| 4902 | |
| 4903 | We now allow max 5000 bytes cookie header. Max 4095 bytes length per |
| 4904 | cookie name and value. Name + value together may not exceed 4096 bytes. |
| 4905 | |
| 4906 | Added test 1151 to verify |
| 4907 | |
| 4908 | Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html |
| 4909 | Reported-by: Kevin Smith |
| 4910 | |
| 4911 | Closes #1894 |
| 4912 | |
| 4913 | - travis: on mac, don't install openssl or libidn |
| 4914 | |
| 4915 | - openssl is already installed and causes warnings when trying to |
| 4916 | install again |
| 4917 | |
| 4918 | - libidn isn't used these days, and homebrew doesn't seem to have a |
| 4919 | libidn2 package to replace with easily |
| 4920 | |
| 4921 | Closes #1895 |
| 4922 | |
| 4923 | - curl: make str2udouble not return values on error |
| 4924 | |
| 4925 | ... previously it would store a return value even when it returned |
| 4926 | error, which could make the value get used anyway! |
| 4927 | |
| 4928 | Reported-by: Brian Carpenter |
| 4929 | Closes #1893 |
| 4930 | |
| 4931 | Jay Satiro (18 Sep 2017) |
| 4932 | - socks: fix incorrect port number in SOCKS4 error message |
| 4933 | |
| 4934 | Prior to this change it appears the SOCKS5 port parsing was erroneously |
| 4935 | used for the SOCKS4 error message, and as a result an incorrect port |
| 4936 | would be shown in the error message. |
| 4937 | |
| 4938 | Bug: https://github.com/curl/curl/issues/1892 |
| 4939 | Reported-by: Jackarain@users.noreply.github.com |
| 4940 | |
| 4941 | - [Marc Aldorasi brought this change] |
| 4942 | |
| 4943 | schannel: Support partial send for when data is too large |
| 4944 | |
| 4945 | Schannel can only encrypt a certain amount of data at once. Instead of |
| 4946 | failing when too much data is to be sent at once, send as much data as |
| 4947 | we can and let the caller send the remaining data by calling send again. |
| 4948 | |
| 4949 | Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html |
| 4950 | |
| 4951 | Closes https://github.com/curl/curl/pull/1890 |
| 4952 | |
| 4953 | - [David Benjamin brought this change] |
| 4954 | |
| 4955 | openssl: add missing includes |
| 4956 | |
| 4957 | lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include |
| 4958 | their headers directly rather than relying on other OpenSSL headers |
| 4959 | including things. |
| 4960 | |
| 4961 | Closes https://github.com/curl/curl/pull/1891 |
| 4962 | |
| 4963 | Daniel Stenberg (15 Sep 2017) |
| 4964 | - conversions: fix several compiler warnings |
| 4965 | |
| 4966 | - server/getpart: provide dummy function to build conversion enabled |
| 4967 | |
| 4968 | - non-ascii: use iconv() with 'char **' argument |
| 4969 | |
| 4970 | Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html |
| 4971 | |
| 4972 | - escape.c: error: pointer targets differ in signedness |
| 4973 | |
| 4974 | - docs: clarify the CURLOPT_INTERLEAVE* options behavior |
| 4975 | |
| 4976 | - [Max Dymond brought this change] |
| 4977 | |
| 4978 | rtsp: Segfault in rtsp.c when using WRITEDATA |
| 4979 | |
| 4980 | If the INTERLEAVEFUNCTION is defined, then use that plus the |
| 4981 | INTERLEAVEDATA information when writing RTP. Otherwise, use |
| 4982 | WRITEFUNCTION and WRITEDATA. |
| 4983 | |
| 4984 | Fixes #1880 |
| 4985 | Closes #1884 |
| 4986 | |
| 4987 | Marcel Raad (15 Sep 2017) |
| 4988 | - [Isaac Boukris brought this change] |
| 4989 | |
| 4990 | tests: enable gssapi in travis-ci linux build |
| 4991 | |
| 4992 | Closes https://github.com/curl/curl/pull/1687 |
| 4993 | |
| 4994 | - [Isaac Boukris brought this change] |
| 4995 | |
| 4996 | tests: add initial gssapi test using stub implementation |
| 4997 | |
| 4998 | The stub implementation is pre-loaded using LD_PRELOAD |
| 4999 | and emulates common gssapi uses (only builds if curl is |
| 5000 | initially built with gssapi support). |
| 5001 | |
| 5002 | The initial tests are currently disabled for debug builds |
| 5003 | as LD_PRELOAD is not used then. |
| 5004 | |
| 5005 | Ref: https://github.com/curl/curl/pull/1687 |
| 5006 | |
| 5007 | Daniel Stenberg (15 Sep 2017) |
| 5008 | - test1150: verify same host fetch using different ports over proxy |
| 5009 | |
| 5010 | Closes #1889 |
| 5011 | |
| 5012 | - URL: on connection re-use, still pick the new remote port |
| 5013 | |
| 5014 | ... as when a proxy connection is being re-used, it can still get a |
| 5015 | different remote port. |
| 5016 | |
| 5017 | Fixes #1887 |
| 5018 | Reported-by: Oli Kingshott |
| 5019 | |
| 5020 | - RELEASE-NOTES: synced with 87501e57f |
| 5021 | |
| 5022 | - code style: remove wrong uses of multiple spaces |
| 5023 | |
| 5024 | Closes #1878 |
| 5025 | |
| 5026 | - checksrc: detect and warn for multiple spaces |
| 5027 | |
| 5028 | - code style: use space after semicolon |
| 5029 | |
| 5030 | - checksrc: verify space after semicolons |
| 5031 | |
| 5032 | - code style: use spaces around pluses |
| 5033 | |
| 5034 | - checksrc: detect and warn for lack of spaces next to plus signs |
| 5035 | |
| 5036 | - code style: use spaces around equals signs |
| 5037 | |
| 5038 | - checksrc: verify spaces around equals signs |
| 5039 | |
| 5040 | ... as the code style mandates. |
| 5041 | |
| 5042 | - Curl_checkheaders: make it available for IMAP and SMTP too |
| 5043 | |
| 5044 | ... not only HTTP uses this now. |
| 5045 | |
| 5046 | Closes #1875 |
| 5047 | |
| 5048 | - travis: add build without HTTP/SMTP/IMAP |
| 5049 | |
| 5050 | Jay Satiro (10 Sep 2017) |
| 5051 | - mbedtls: enable CA path processing |
| 5052 | |
| 5053 | CA path processing was implemented when mbedtls.c was added to libcurl |
| 5054 | in fe7590f, but it was never enabled. |
| 5055 | |
| 5056 | Bug: https://github.com/curl/curl/issues/1877 |
| 5057 | Reported-by: SBKarr@users.noreply.github.com |
| 5058 | |
| 5059 | Daniel Stenberg (8 Sep 2017) |
| 5060 | - rtsp: do not call fwrite() with NULL pointer FILE * |
| 5061 | |
| 5062 | If the default write callback is used and no destination has been set, a |
| 5063 | NULL pointer would be passed to fwrite()'s 4th argument. |
| 5064 | |
| 5065 | OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327 |
| 5066 | (not publicly open yet) |
| 5067 | |
| 5068 | Detected by OSS-fuzz |
| 5069 | Closes #1874 |
| 5070 | |
| 5071 | - configure: use -Wno-varargs on clang 3.9[.X] debug builds |
| 5072 | |
| 5073 | ... to avoid a clang bug |
| 5074 | |
| 5075 | - [Max Dymond brought this change] |
| 5076 | |
| 5077 | ossfuzz: add some more handled CURL options |
| 5078 | |
| 5079 | Add support for HEADER, COOKIE, RANGE, CUSTOMREQUEST, MAIL_RECIPIENT, |
| 5080 | MAIL_FROM and uploading data. |
| 5081 | |
| 5082 | - configure: check for C++ compiler after C, to make it non-fatal |
| 5083 | |
| 5084 | The tests for object file/executable file extensions are presumably only |
| 5085 | done for the first of these macros in the configure file. |
| 5086 | |
| 5087 | Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515 |
| 5088 | Reported-by: Marcel Raad |
| 5089 | Closes #1873 |
| 5090 | |
| 5091 | Patrick Monnerat (7 Sep 2017) |
| 5092 | - form API: add new test 650. |
| 5093 | |
| 5094 | Now that the form API is deprecated and not used anymore in curl tool, |
| 5095 | a lot of its features left untested. Test 650 attempts to check all these |
| 5096 | features not tested elsewhere. |
| 5097 | |
| 5098 | Jay Satiro (7 Sep 2017) |
| 5099 | - configure: fix curl_off_t check's include order |
| 5100 | |
| 5101 | - Prepend srcdir include path instead of append. |
| 5102 | |
| 5103 | Prior to this change it was possible that during the check for the size |
| 5104 | of curl_off_t the include path of a user's already installed curl could |
| 5105 | come before the include path of the to-be-built curl, resulting in the |
| 5106 | system.h of the former being incorrectly included for that check. |
| 5107 | |
| 5108 | Closes https://github.com/curl/curl/pull/1870 |
| 5109 | |
| 5110 | Daniel Stenberg (7 Sep 2017) |
| 5111 | - [Jakub Zakrzewski brought this change] |
| 5112 | |
| 5113 | KNOWN_BUGS: Remove CMake symbol hiding issue |
| 5114 | |
| 5115 | It has already been fixed in 6140dfc |
| 5116 | |
| 5117 | - http-proxy: when not doing CONNECT, that phase is done immediately |
| 5118 | |
| 5119 | `conn->connect_state` is NULL when doing a regular non-CONNECT request |
| 5120 | over the proxy and should therefor be considered complete at once. |
| 5121 | |
| 5122 | Fixes #1853 |
| 5123 | Closes #1862 |
| 5124 | Reported-by: Lawrence Wagerfield |
| 5125 | |
| 5126 | - [Johannes Schindelin brought this change] |
| 5127 | |
| 5128 | OpenSSL: fix yet another mistake while encapsulating SSL backend data |
| 5129 | |
| 5130 | Another mistake in my manual fixups of the largely mechanical |
| 5131 | search-and-replace ("connssl->" -> "BACKEND->"), just like the previous |
| 5132 | commit concerning HTTPS proxies (and hence not caught during my |
| 5133 | earlier testing). |
| 5134 | |
| 5135 | Fixes #1855 |
| 5136 | Closes #1871 |
| 5137 | |
| 5138 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5139 | |
| 5140 | - [Johannes Schindelin brought this change] |
| 5141 | |
| 5142 | OpenSSL: fix erroneous SSL backend encapsulation |
| 5143 | |
| 5144 | In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private |
| 5145 | data, 2017-06-21), this developer prepared for a separation of the |
| 5146 | private data of the SSL backends from the general connection data. |
| 5147 | |
| 5148 | This conversion was partially automated (search-and-replace) and |
| 5149 | partially manual (e.g. proxy_ssl's backend data). |
| 5150 | |
| 5151 | Sadly, there was a crucial error in the manual part, where the wrong |
| 5152 | handle was used: rather than connecting ssl[sockindex]' BIO to the |
| 5153 | proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason |
| 5154 | was an incorrect location to paste "BACKEND->"... d'oh. |
| 5155 | |
| 5156 | Reported by Jay Satiro in https://github.com/curl/curl/issues/1855. |
| 5157 | |
| 5158 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5159 | |
| 5160 | - [Jay Satiro brought this change] |
| 5161 | |
| 5162 | vtls: fix memory corruption |
| 5163 | |
| 5164 | Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data, |
| 5165 | 2017-07-28), the code handling HTTPS proxies was broken because the |
| 5166 | pointer to the SSL backend data was not swapped between |
| 5167 | conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but |
| 5168 | instead set to NULL (causing segmentation faults). |
| 5169 | |
| 5170 | [jes: provided the commit message, tested and verified the patch] |
| 5171 | |
| 5172 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5173 | |
| 5174 | - vtls: switch to CURL_SHA256_DIGEST_LENGTH define |
| 5175 | |
| 5176 | ... instead of the prefix-less version since WolfSSL 3.12 now uses an |
| 5177 | enum with that name that causes build failures for us. |
| 5178 | |
| 5179 | Fixes #1865 |
| 5180 | Closes #1867 |
| 5181 | Reported-by: Gisle Vanem |
| 5182 | |
| 5183 | - travis: add c-ares enabled builds linux + osx |
| 5184 | |
| 5185 | Closes #1868 |
| 5186 | |
| 5187 | - HISTORY: added some recent items |
| 5188 | |
| 5189 | Jay Satiro (6 Sep 2017) |
| 5190 | - SSL: fix unused parameter warnings |
| 5191 | |
| 5192 | Patrick Monnerat (6 Sep 2017) |
| 5193 | - mime: drop internal FILE * support. |
| 5194 | |
| 5195 | - The part kind MIMEKIND_FILE and associated code are suppressed. |
| 5196 | - Seek data origin offset not used anymore: suppressed. |
| 5197 | - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions |
| 5198 | renamed accordingly. |
| 5199 | - Curl_getformdata() processes stdin via a callback. |
| 5200 | |
| 5201 | Daniel Stenberg (6 Sep 2017) |
| 5202 | - configure: remove --enable-soname-bump and SONAME_BUMP |
| 5203 | |
| 5204 | Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we |
| 5205 | determine the native type for `curl_off_t`. To really make sure we |
| 5206 | didn't break ABI without bumping SONAME, we introduced logic that |
| 5207 | attempted to detect that it would use a different size and thus not be |
| 5208 | compatible. We also provided a manual switch that allowed users to tell |
| 5209 | configure to bump SONAME by force. |
| 5210 | |
| 5211 | Today, we know of no one who ever got a SONAME bump auto-detected and we |
| 5212 | don't know of anyone who's using the manual bump feature. The auto- |
| 5213 | detection is also no longer working since we introduced defining |
| 5214 | curl_off_t in system.h (7.55.0). |
| 5215 | |
| 5216 | Finally, this bumping logic is not present in the cmake build. |
| 5217 | |
| 5218 | Closes #1861 |
| 5219 | |
| 5220 | Jay Satiro (6 Sep 2017) |
| 5221 | - [Gisle Vanem brought this change] |
| 5222 | |
| 5223 | vtls: select ssl backend case-insensitive (follow-up) |
| 5224 | |
| 5225 | - Do a case-insensitive comparison of CURL_SSL_BACKEND env as well. |
| 5226 | |
| 5227 | - Change Curl_strcasecompare calls to strcasecompare |
| 5228 | (maps to the former but shorter). |
| 5229 | |
| 5230 | Follow-up to c290b8f. |
| 5231 | |
| 5232 | Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313 |
| 5233 | |
| 5234 | Co-authored-by: Jay Satiro |
| 5235 | |
| 5236 | - openssl: Integrate Peter Wu's SSLKEYLOGFILE implementation |
| 5237 | |
| 5238 | This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations. |
| 5239 | |
| 5240 | The first one, written for old OpenSSL versions: |
| 5241 | https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c |
| 5242 | |
| 5243 | The second one, written for BoringSSL and new OpenSSL versions: |
| 5244 | https://github.com/curl/curl/pull/1346 |
| 5245 | |
| 5246 | Note the first one is GPL licensed but the author gave permission to |
| 5247 | waive that license for libcurl. |
| 5248 | |
| 5249 | As of right now this feature is disabled by default, and does not have |
| 5250 | a configure option to enable it. To enable this feature define |
| 5251 | ENABLE_SSLKEYLOGFILE when building libcurl and set environment |
| 5252 | variable SSLKEYLOGFILE to a pathname that will receive the keys. |
| 5253 | |
| 5254 | And in Wireshark change your preferences to point to that key file: |
| 5255 | Edit > Preferences > Protocols > SSL > Master-Secret |
| 5256 | |
| 5257 | Co-authored-by: Peter Wu |
| 5258 | |
| 5259 | Ref: https://github.com/curl/curl/pull/1030 |
| 5260 | Ref: https://github.com/curl/curl/pull/1346 |
| 5261 | |
| 5262 | Closes https://github.com/curl/curl/pull/1866 |
| 5263 | |
| 5264 | Patrick Monnerat (5 Sep 2017) |
| 5265 | - mime: fix a trivial warning. |
| 5266 | |
| 5267 | - mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code. |
| 5268 | |
| 5269 | mime_state is now a typedef. |
| 5270 | |
| 5271 | - mime: implement encoders. |
| 5272 | |
| 5273 | curl_mime_encoder() is operational and documented. |
| 5274 | curl tool -F option is extended with ";encoder=". |
| 5275 | curl tool --libcurl option generates calls to curl_mime_encoder(). |
| 5276 | New encoder tests 648 & 649. |
| 5277 | Test 1404 extended with an encoder specification. |
| 5278 | |
| 5279 | - runtests.pl: support attribute "nonewline" in part verify/upload. |
| 5280 | |
| 5281 | - [Daniel Stenberg brought this change] |
| 5282 | |
| 5283 | fixup data/test1135 |
| 5284 | |
| 5285 | - [Daniel Stenberg brought this change] |
| 5286 | |
| 5287 | mime: unified to use the typedef'd mime structs everywhere |
| 5288 | |
| 5289 | ... and slightly edited to follow our code style better. |
| 5290 | |
| 5291 | - [Daniel Stenberg brought this change] |
| 5292 | |
| 5293 | curl.h: use lower case curl_mime* as for all public symbols |
| 5294 | |
| 5295 | - [Daniel Stenberg brought this change] |
| 5296 | |
| 5297 | docs/curl_mime_*.3: use correct variable types in examples |
| 5298 | |
| 5299 | Kamil Dudka (5 Sep 2017) |
| 5300 | - openssl: use OpenSSL's default ciphers by default |
| 5301 | |
| 5302 | Up2date versions of OpenSSL maintain the default reasonably secure |
| 5303 | without breaking compatibility, so it is better not to override the |
| 5304 | default by curl. Suggested at https://bugzilla.redhat.com/1483972 |
| 5305 | |
| 5306 | Closes #1846 |
| 5307 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 5308 | Viktor Szakats (5 Sep 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 5309 | - examples/mime: minor example code fixes |
| 5310 | |
| 5311 | Daniel Stenberg (5 Sep 2017) |
| 5312 | - docs/curl_mime_*.3: added examples |
| 5313 | |
| 5314 | - configure: add MultiSSL to FEATURES when enabled |
| 5315 | |
| 5316 | ...for curl-config and its corresponding test 1014 |
| 5317 | |
| 5318 | - http-proxy: treat all 2xx as CONNECT success |
| 5319 | |
| 5320 | Added test 1904 to verify. |
| 5321 | |
| 5322 | Reported-by: Lawrence Wagerfield |
| 5323 | Fixes #1859 |
| 5324 | Closes #1860 |
| 5325 | |
| 5326 | - MAIL-ETIQUETTE: added "1.9 Your emails are public" |
| 5327 | |
| 5328 | - curl.h: fix "unused checksrc ignore", remove dangling reference |
| 5329 | |
| 5330 | ... to a README file that doesn't exist anymore |
| 5331 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 5332 | Viktor Szakats (4 Sep 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 5333 | - docs: Update to secure URL versions |
| 5334 | |
| 5335 | - mime: use CURL_ZERO_TERMINATED in examples |
| 5336 | |
| 5337 | and some minor whitespace fixes |
| 5338 | |
| 5339 | Daniel Stenberg (4 Sep 2017) |
| 5340 | - schannel: return CURLE_SSL_CACERT on failed verification |
| 5341 | |
| 5342 | ... not *CACERT_BADFILE as it isn't really because of a bad file. |
| 5343 | |
| 5344 | Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html |
| 5345 | Closes #1858 |
| 5346 | |
| 5347 | - test1135: fixed after bd8070085f9 |
| 5348 | |
| 5349 | - examples/post-callback: stop returning one byte at a time |
| 5350 | |
| 5351 | ... since people copy and paste code from this example and thus they get |
| 5352 | an inefficient POST operation without a good reason and sometimes |
| 5353 | without understanding why. |
| 5354 | |
| 5355 | Instead this now returns as much data as possible. |
| 5356 | |
| 5357 | - RELEASE-NOTES: fixed the function counter script |
| 5358 | |
| 5359 | - curl.h: make the curl_strequal() protos use the same style |
| 5360 | |
| 5361 | ... as the other functions. Makes it easier to machine-parse! |
| 5362 | |
| 5363 | - docs: curl_mime_*.3 man page formatting edits |
| 5364 | |
| 5365 | - RELEASE-NOTES: synced with 1ab9e9b50 |
| 5366 | |
| 5367 | Patrick Monnerat (4 Sep 2017) |
| 5368 | - lib: bump version info (soname). Adapt and reenable test 1135. |
| 5369 | |
| 5370 | Daniel Stenberg (3 Sep 2017) |
| 5371 | - headers: move the global_sslset() proto from multi.h to curl.h |
| 5372 | |
| 5373 | As it was added to multi.h simply to not break test 1135, which now has |
| 5374 | been disabled due to the mime API addition anyway and su we can now move |
| 5375 | the sslset stuff to where the other curl_global_* prototypes are. |
| 5376 | |
| 5377 | Patrick Monnerat (3 Sep 2017) |
| 5378 | - mime: fix signed/unsigned conversions. |
| 5379 | |
| 5380 | Use and generate CURL_ZERO_TERMINATED in curl tool and tests. |
| 5381 | |
| 5382 | Jay Satiro (3 Sep 2017) |
| 5383 | - tool_formparse: fix some trivial warnings |
| 5384 | |
| 5385 | Patrick Monnerat (3 Sep 2017) |
| 5386 | - mime: use size_t instead of ssize_t in public API interface. |
| 5387 | |
| 5388 | To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED |
| 5389 | has been introduced. |
| 5390 | |
| 5391 | Documentation updated accordingly. |
| 5392 | |
| 5393 | symbols in versions updated. Added form API symbols deprecation info. |
| 5394 | |
| 5395 | - mime: remove support "-" stdin pseudo-file name in curl_mime_filedata(). |
| 5396 | |
| 5397 | This feature is badly supported in Windows: as a replacement, a caller has |
| 5398 | to use curl_mime_data_cb() with fread, fseek and possibly fclose |
| 5399 | callbacks to process opened files. |
| 5400 | |
| 5401 | The cli tool and documentation are updated accordingly. |
| 5402 | |
| 5403 | The feature is however kept internally for form API compatibility, with |
| 5404 | the known caveats it always had. |
| 5405 | |
| 5406 | As a side effect, stdin size is not determined by the cli tool even if |
| 5407 | possible and this results in a chunked transfer encoding. Test 173 is |
| 5408 | updated accordingly. |
| 5409 | |
| 5410 | - mime: fix some implicit curl_off_t --> size_t conversion warnings. |
| 5411 | |
| 5412 | - mime: tests and examples. |
| 5413 | |
| 5414 | Additional mime-specific tests. |
| 5415 | Existing tests updated to reflect small differences (Expect: 100-continue, |
| 5416 | data size change due to empty lines, etc). |
| 5417 | Option -F headers= keyword added to tests. |
| 5418 | test1135 disabled until the entry point order change is resolved. |
| 5419 | New example smtp-mime. |
| 5420 | Examples postit2 and multi-post converted from form API to mime API. |
| 5421 | |
| 5422 | - mime: use in curl cli tool instead of form API. |
| 5423 | |
| 5424 | Extended -F option syntax to support multipart mail messages. |
| 5425 | -F keyword headers= added to include custom headers in parts. |
| 5426 | Documentation upgraded. |
| 5427 | |
| 5428 | - mime: new MIME API. |
| 5429 | |
| 5430 | Available in HTTP, SMTP and IMAP. |
| 5431 | Deprecates the FORM API. |
| 5432 | See CURLOPT_MIMEPOST. |
| 5433 | Lib code and associated documentation. |
| 5434 | |
| 5435 | - test564: Add a warning comment about shell profile output. |
| 5436 | |
| 5437 | Shell profile output makes the SSH server failing and this problem reason |
| 5438 | is not easy to find when no hint is given. |
| 5439 | |
| 5440 | - checksrc: disable SPACEBEFOREPAREN for case statement. |
| 5441 | |
| 5442 | The case keyword may be followed by a constant expression and thus should |
| 5443 | allow it to start with an open parenthesis. |
| 5444 | |
| 5445 | - runtests.pl: allow <file[1-4]> tags in client section. |
| 5446 | |
| 5447 | This enables tests to create more than one file on the client side. |
| 5448 | |
| 5449 | - runtests.pl: Apply strippart to upload too. |
| 5450 | |
| 5451 | This will allow substitution of boundaries in mail messages. |
| 5452 | |
| 5453 | - Curl_base64_encode: always call with a real data handle. |
| 5454 | |
| 5455 | Some calls in different modules were setting the data handle to NULL, causing |
| 5456 | segmentation faults when using builds that enable character code conversions. |
| 5457 | |
| 5458 | - non-ascii: allow conversion functions to be called with a NULL data handle. |
| 5459 | |
| 5460 | - http: fix a memory leakage in checkrtspprefix(). |
| 5461 | |
| 5462 | Daniel Stenberg (2 Sep 2017) |
| 5463 | - [Max Dymond brought this change] |
| 5464 | |
| 5465 | ossfuzz: Move to C++ for curl_fuzzer. |
| 5466 | |
| 5467 | Automake gets confused if you want to use C++ static libraries with C |
| 5468 | code - basically we need to involve the clang++ linker. The easiest way |
| 5469 | of achieving this is to rename the C code as C++ code. This gets us a |
| 5470 | bit further along the path and ought to be compatible with Google's |
| 5471 | version of clang. |
| 5472 | |
| 5473 | - curl_global_sslset: select backend by name case insensitively |
| 5474 | |
| 5475 | Closes #1849 |
| 5476 | |
| 5477 | - [Max Dymond brought this change] |
| 5478 | |
| 5479 | ossfuzz: additional seed corpora |
| 5480 | |
| 5481 | Create simple seed corpora for: |
| 5482 | - FTP |
| 5483 | - telnet |
| 5484 | - dict |
| 5485 | - tftp |
| 5486 | - imap |
| 5487 | - pop3 |
| 5488 | |
| 5489 | based off the tests of the same number. |
| 5490 | |
| 5491 | Closes #1842 |
| 5492 | |
| 5493 | - [Max Dymond brought this change] |
| 5494 | |
| 5495 | ossfuzz: moving towards the ideal integration |
| 5496 | |
| 5497 | - Start with the basic code from the ossfuzz project. |
| 5498 | - Rewrite fuzz corpora to be binary files full of Type-Length-Value |
| 5499 | data, and write a glue layer in the fuzzing function to convert |
| 5500 | corpora into CURL options. |
| 5501 | - Have supporting functions to generate corpora from existing tests |
| 5502 | - Integrate with Makefile.am |
| 5503 | |
| 5504 | - strcase: corrected comment header for Curl_strcasecompare() |
| 5505 | |
| 5506 | - unit1301: fix error message on first test |
| 5507 | |
| 5508 | - curl_global_sslset.3: show the struct and enum too |
| 5509 | |
| 5510 | ... so that users can actually write code based on the man page alone, |
| 5511 | not having to read the header file. |
| 5512 | |
| 5513 | Jay Satiro (31 Aug 2017) |
| 5514 | - darwinssl: handle long strings in TLS certs (follow-up) |
| 5515 | |
| 5516 | - Fix handling certificate subjects that are already UTF-8 encoded. |
| 5517 | |
| 5518 | Follow-up to b3b75d1 from two days ago. Since then a copy would be |
| 5519 | skipped if the subject was already UTF-8, possibly resulting in a NULL |
| 5520 | deref later on. |
| 5521 | |
| 5522 | Ref: https://github.com/curl/curl/issues/1823 |
| 5523 | Ref: https://github.com/curl/curl/pull/1831 |
| 5524 | |
| 5525 | Closes https://github.com/curl/curl/pull/1836 |
| 5526 | |
| 5527 | Daniel Stenberg (31 Aug 2017) |
| 5528 | - cyassl: call it the "WolfSSL" backend |
| 5529 | |
| 5530 | ... instead of cyassl, as this is the current name for it. |
| 5531 | |
| 5532 | Closes #1844 |
| 5533 | |
| 5534 | - polarssl: fix multissl breakage |
| 5535 | |
| 5536 | Reported-by: Dan Fandrich |
| 5537 | Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html |
| 5538 | Closes #1843 |
| 5539 | |
| 5540 | - configure: remove the leading comma from the backends list |
| 5541 | |
| 5542 | ... when darwinssl is used. |
| 5543 | |
| 5544 | Reported-by: Viktor Szakats |
| 5545 | Bug: https://github.com/curl/curl/commit/b0989cd3abaff4f9a0717b4875022fa79e33b481#commitcomment-23943493 |
| 5546 | |
| 5547 | Closes #1845 |
| 5548 | |
| 5549 | Kamil Dudka (30 Aug 2017) |
| 5550 | - examples/sslbackend.c: fix failure of 'make checksrc' |
| 5551 | |
| 5552 | ./sslbackend.c:58:3: warning: else after closing brace on same line (BRACEELSE) |
| 5553 | } else if(isdigit(*name)) { |
| 5554 | ^ |
| 5555 | ./sslbackend.c:62:3: warning: else after closing brace on same line (BRACEELSE) |
| 5556 | } else |
| 5557 | ^ |
| 5558 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 5559 | Viktor Szakats (30 Aug 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 5560 | - makefile.m32: add multissl support |
| 5561 | |
| 5562 | Closes https://github.com/curl/curl/pull/1840 |
| 5563 | |
| 5564 | Daniel Stenberg (30 Aug 2017) |
| 5565 | - curl.h: CURLSSLBACKEND_WOLFSSL used wrong value |
| 5566 | |
| 5567 | The CURLSSLBACKEND_WOLFSSL is supposed to be an alias for |
| 5568 | CURLSSLBACKEND_CYASSL, but used an erronous value. To reduce the risk |
| 5569 | for a similar mistake, define the backend aliases to use the enum values |
| 5570 | instead. |
| 5571 | |
| 5572 | Reported-by: Gisle Vanem |
| 5573 | Bug: https://curl.haxx.se/mail/lib-2017-08/0120.html |
| 5574 | |
| 5575 | - curl_global_sslset.3: clarify |
| 5576 | |
| 5577 | it is a one time *set*, not necessarily a one time use... it can be |
| 5578 | called again if the first call failed or just listed the alternatives. |
| 5579 | |
| 5580 | clarify that the available backends are the ones this build supports |
| 5581 | |
| 5582 | plus add some formatting |
| 5583 | |
| 5584 | Reported-by: Rich Gray |
| 5585 | Bug: https://curl.haxx.se/mail/lib-2017-08/0119.html |
| 5586 | |
| 5587 | - curl/multi.h: remove duplicated closing c++ brace |
| 5588 | |
| 5589 | Regression since 1328f69d53f2f2e93 |
| 5590 | |
| 5591 | Fixes #1841 |
| 5592 | Reported-by: Andrei Karas |
| 5593 | |
| 5594 | - RELEASE-NOTES: synced with 8c33c963a |
| 5595 | |
| 5596 | - HELP-US.md: spelling |
| 5597 | |
| 5598 | - HELP-US.md: "How to get started helping out in the curl project" |
| 5599 | |
| 5600 | Closes #1837 |
| 5601 | |
| 5602 | Dan Fandrich (29 Aug 2017) |
| 5603 | - asyn-thread: Fixed cleanup after OOM |
| 5604 | |
| 5605 | destroy_async_data() assumes that if the flag "done" is not set yet, the |
| 5606 | thread itself will clean up once the request is complete. But if an |
| 5607 | error (generally OOM) occurs before the thread even has a chance to |
| 5608 | start, it will never get a chance to clean up and memory will be leaked. |
| 5609 | By clearing "done" only just before starting the thread, the correct |
| 5610 | cleanup sequence will happen in all cases. |
| 5611 | |
| 5612 | Daniel Stenberg (28 Aug 2017) |
| 5613 | - curl_global_init.3: mention curl_global_sslset(3) |
| 5614 | |
| 5615 | Dan Fandrich (28 Aug 2017) |
| 5616 | - unit1606: Fixed shadowed variable warning |
| 5617 | |
| 5618 | - asyn-thread: Improved cleanup after OOM situations |
| 5619 | |
| 5620 | - asyn-thread: Set errno to the proper value ENOMEM in OOM situation |
| 5621 | |
| 5622 | This used to be set in some configurations to EAI_MEMORY which is not a |
| 5623 | valid value for errno and caused Curl_strerror to fail an assertion. |
| 5624 | |
| 5625 | Daniel Stenberg (28 Aug 2017) |
| 5626 | - [Johannes Schindelin brought this change] |
| 5627 | |
| 5628 | configure: Handle "MultiSSL" specially When versioning symbols |
| 5629 | |
| 5630 | There is a mode in which libcurl is compiled with versioned symbols, |
| 5631 | depending on the active SSL backend. |
| 5632 | |
| 5633 | When multiple SSL backends are active, it does not make sense to favor |
| 5634 | one over the others, so let's not: introduce a new prefix for the case |
| 5635 | where multiple SSL backends are compiled into cURL. |
| 5636 | |
| 5637 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5638 | |
| 5639 | - [Johannes Schindelin brought this change] |
| 5640 | |
| 5641 | configure: allow setting the default SSL backend |
| 5642 | |
| 5643 | Previously, we used as default SSL backend whatever was first in the |
| 5644 | `available_backends` array. |
| 5645 | |
| 5646 | However, some users may want to override that default without patching |
| 5647 | the source code. |
| 5648 | |
| 5649 | Now they can: with the --with-default-ssl-backend=<backend> option of |
| 5650 | the ./configure script. |
| 5651 | |
| 5652 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5653 | |
| 5654 | - [Johannes Schindelin brought this change] |
| 5655 | |
| 5656 | vtls: use Curl_ssl_multi pseudo backend only when needed |
| 5657 | |
| 5658 | When only one SSL backend is configured, it is totally unnecessary to |
| 5659 | let multissl_init() configure the backend at runtime, we can select the |
| 5660 | correct backend at build time already. |
| 5661 | |
| 5662 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5663 | |
| 5664 | - [Johannes Schindelin brought this change] |
| 5665 | |
| 5666 | version: if built with more than one SSL backend, report all of them |
| 5667 | |
| 5668 | To discern the active one from the inactive ones, put the latter into |
| 5669 | parentheses. |
| 5670 | |
| 5671 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5672 | |
| 5673 | - [Johannes Schindelin brought this change] |
| 5674 | |
| 5675 | version: add the CURL_VERSION_MULTI_SSL feature flag |
| 5676 | |
| 5677 | This new feature flag reports When cURL was built with multiple SSL |
| 5678 | backends. |
| 5679 | |
| 5680 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5681 | |
| 5682 | - [Johannes Schindelin brought this change] |
| 5683 | |
| 5684 | metalink: allow compiling with multiple SSL backends |
| 5685 | |
| 5686 | Previously, the code assumed that at most one of the SSL backends would |
| 5687 | be compiled in, emulating OpenSSL's functions if the configured backend |
| 5688 | was not OpenSSL itself. |
| 5689 | |
| 5690 | However, now we allow building with multiple SSL backends and choosing |
| 5691 | one at runtime. Therefore, metalink needs to be adjusted to handle this |
| 5692 | scenario, too. |
| 5693 | |
| 5694 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5695 | |
| 5696 | - [Johannes Schindelin brought this change] |
| 5697 | |
| 5698 | docs/examples: demonstrate how to select SSL backends |
| 5699 | |
| 5700 | The newly-introduced curl_global_sslset() function deserves to be |
| 5701 | show-cased. |
| 5702 | |
| 5703 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5704 | |
| 5705 | - [Johannes Schindelin brought this change] |
| 5706 | |
| 5707 | Add a man page for curl_global_sslset() |
| 5708 | |
| 5709 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5710 | |
| 5711 | - [Johannes Schindelin brought this change] |
| 5712 | |
| 5713 | vtls: introduce curl_global_sslset() |
| 5714 | |
| 5715 | Let's add a compile time safe API to select an SSL backend. This |
| 5716 | function needs to be called *before* curl_global_init(), and can be |
| 5717 | called only once. |
| 5718 | |
| 5719 | Side note: we do not explicitly test that it is called before |
| 5720 | curl_global_init(), but we do verify that it is not called multiple times |
| 5721 | (even implicitly). |
| 5722 | |
| 5723 | If SSL is used before the function was called, it will use whatever the |
| 5724 | CURL_SSL_BACKEND environment variable says (or default to the first |
| 5725 | available SSL backend), and if a subsequent call to |
| 5726 | curl_global_sslset() disagrees with the previous choice, it will fail |
| 5727 | with CURLSSLSET_TOO_LATE. |
| 5728 | |
| 5729 | The function also accepts an "avail" parameter to point to a (read-only) |
| 5730 | NULL-terminated list of available backends. This comes in real handy if |
| 5731 | an application wants to let the user choose between whatever SSL backends |
| 5732 | the currently available libcurl has to offer: simply call |
| 5733 | |
| 5734 | curl_global_sslset(-1, NULL, &avail); |
| 5735 | |
| 5736 | which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail |
| 5737 | variable to point to the relevant information to present to the user. |
| 5738 | |
| 5739 | Just like with the HTTP/2 push functions, we have to add the function |
| 5740 | declaration of curl_global_sslset() function to the header file |
| 5741 | *multi.h* because VMS and OS/400 require a stable order of functions |
| 5742 | declared in include/curl/*.h (where the header files are sorted |
| 5743 | alphabetically). This looks a bit funny, but it cannot be helped. |
| 5744 | |
| 5745 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5746 | |
| 5747 | - [Johannes Schindelin brought this change] |
| 5748 | |
| 5749 | vtls: refactor out essential information about the SSL backends |
| 5750 | |
| 5751 | There is information about the compiled-in SSL backends that is really |
| 5752 | no concern of any code other than the SSL backend itself, such as which |
| 5753 | function (if any) implements SHA-256 summing. |
| 5754 | |
| 5755 | And there is information that is really interesting to the user, such as |
| 5756 | the name, or the curl_sslbackend value. |
| 5757 | |
| 5758 | Let's factor out the latter into a publicly visible struct. This |
| 5759 | information will be used in the upcoming API to set the SSL backend |
| 5760 | globally. |
| 5761 | |
| 5762 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5763 | |
| 5764 | - [Johannes Schindelin brought this change] |
| 5765 | |
| 5766 | vtls: allow selecting which SSL backend to use at runtime |
| 5767 | |
| 5768 | When building software for the masses, it is sometimes not possible to |
| 5769 | decide for all users which SSL backend is appropriate. |
| 5770 | |
| 5771 | Git for Windows, for example, uses cURL to perform clones, fetches and |
| 5772 | pushes via HTTPS, and some users strongly prefer OpenSSL, while other |
| 5773 | users really need to use Secure Channel because it offers |
| 5774 | enterprise-ready tools to manage credentials via Windows' Credential |
| 5775 | Store. |
| 5776 | |
| 5777 | The current Git for Windows versions use the ugly work-around of |
| 5778 | building libcurl once with OpenSSL support and once with Secure Channel |
| 5779 | support, and switching out the binaries in the installer depending on |
| 5780 | the user's choice. |
| 5781 | |
| 5782 | Needless to say, this is a super ugly workaround that actually only |
| 5783 | works in some cases: Git for Windows also comes in a portable form, and |
| 5784 | in a form intended for third-party applications requiring Git |
| 5785 | functionality, in which cases this "swap out libcurl-4.dll" simply is |
| 5786 | not an option. |
| 5787 | |
| 5788 | Therefore, the Git for Windows project has a vested interest in teaching |
| 5789 | cURL to make the SSL backend a *runtime* option. |
| 5790 | |
| 5791 | This patch makes that possible. |
| 5792 | |
| 5793 | By running ./configure with multiple --with-<backend> options, cURL will |
| 5794 | be built with multiple backends. |
| 5795 | |
| 5796 | For the moment, the backend can be configured using the environment |
| 5797 | variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and |
| 5798 | "schannel"). |
| 5799 | |
| 5800 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5801 | |
| 5802 | - [Johannes Schindelin brought this change] |
| 5803 | |
| 5804 | vtls: fold the backend ID into the Curl_ssl structure |
| 5805 | |
| 5806 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5807 | |
| 5808 | - [Johannes Schindelin brought this change] |
| 5809 | |
| 5810 | curl_ntlm_core: don't complain but #include OpenSSL header if needed |
| 5811 | |
| 5812 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5813 | |
| 5814 | - [Johannes Schindelin brought this change] |
| 5815 | |
| 5816 | vtls: encapsulate SSL backend-specific data |
| 5817 | |
| 5818 | So far, all of the SSL backends' private data has been declared as |
| 5819 | part of the ssl_connect_data struct, in one big #if .. #elif .. #endif |
| 5820 | block. |
| 5821 | |
| 5822 | This can only work as long as the SSL backend is a compile-time option, |
| 5823 | something we want to change in the next commits. |
| 5824 | |
| 5825 | Therefore, let's encapsulate the exact data needed by each SSL backend |
| 5826 | into a private struct, and let's avoid bleeding any SSL backend-specific |
| 5827 | information into urldata.h. This is also necessary to allow multiple SSL |
| 5828 | backends to be compiled in at the same time, as e.g. OpenSSL's and |
| 5829 | CyaSSL's headers cannot be included in the same .c file. |
| 5830 | |
| 5831 | To avoid too many malloc() calls, we simply append the private structs |
| 5832 | to the connectdata struct in allocate_conn(). |
| 5833 | |
| 5834 | This requires us to take extra care of alignment issues: struct fields |
| 5835 | often need to be aligned on certain boundaries e.g. 32-bit values need to |
| 5836 | be stored at addresses that divide evenly by 4 (= 32 bit / 8 |
| 5837 | bit-per-byte). |
| 5838 | |
| 5839 | We do that by assuming that no SSL backend's private data contains any |
| 5840 | fields that need to be aligned on boundaries larger than `long long` |
| 5841 | (typically 64-bit) would need. Under this assumption, we simply add a |
| 5842 | dummy field of type `long long` to the `struct connectdata` struct. This |
| 5843 | field will never be accessed but acts as a placeholder for the four |
| 5844 | instances of ssl_backend_data instead. the size of each ssl_backend_data |
| 5845 | struct is stored in the SSL backend-specific metadata, to allow |
| 5846 | allocate_conn() to know how much extra space to allocate, and how to |
| 5847 | initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend |
| 5848 | pointers. |
| 5849 | |
| 5850 | This would appear to be a little complicated at first, but is really |
| 5851 | necessary to encapsulate the private data of each SSL backend correctly. |
| 5852 | And we need to encapsulate thusly if we ever want to allow selecting |
| 5853 | CyaSSL and OpenSSL at runtime, as their headers cannot be included within |
| 5854 | the same .c file (there are just too many conflicting definitions and |
| 5855 | declarations for that). |
| 5856 | |
| 5857 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5858 | |
| 5859 | - [Johannes Schindelin brought this change] |
| 5860 | |
| 5861 | vtls: prepare the SSL backends for encapsulated private data |
| 5862 | |
| 5863 | At the moment, cURL's SSL backend needs to be configured at build time. |
| 5864 | As such, it is totally okay for them to hard-code their backend-specific |
| 5865 | data in the ssl_connect_data struct. |
| 5866 | |
| 5867 | In preparation for making the SSL backend a runtime option, let's make |
| 5868 | the access of said private data a bit more abstract so that it can be |
| 5869 | adjusted later in an easy manner. |
| 5870 | |
| 5871 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5872 | |
| 5873 | - [Johannes Schindelin brought this change] |
| 5874 | |
| 5875 | urldata.h: move SSPI-specific #include to correct location |
| 5876 | |
| 5877 | In 86b889485 (sasl_gssapi: Added GSS-API based Kerberos V5 variables, |
| 5878 | 2014-12-03), an SSPI-specific field was added to the kerberos5data |
| 5879 | struct without moving the #include "curl_sspi.h" later in the same file. |
| 5880 | |
| 5881 | This broke the build when SSPI was enabled, unless Secure Channel was |
| 5882 | used as SSL backend, because it just so happens that Secure Channel also |
| 5883 | requires "curl_sspi.h" to be #included. |
| 5884 | |
| 5885 | In f4739f639 (urldata: include curl_sspi.h when Windows SSPI is enabled, |
| 5886 | 2017-02-21), this bug was fixed incorrectly: Instead of moving the |
| 5887 | appropriate conditional #include, the Secure Channel-conditional part |
| 5888 | was now also SSPI-conditional. |
| 5889 | |
| 5890 | Fix this problem by moving the correct #include instead. |
| 5891 | |
| 5892 | This is also required for an upcoming patch that moves all the Secure |
| 5893 | Channel-specific stuff out of urldata.h and encapsulates it properly in |
| 5894 | vtls/schannel.c instead. |
| 5895 | |
| 5896 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5897 | |
| 5898 | - [Johannes Schindelin brought this change] |
| 5899 | |
| 5900 | urldata.h: remove support for obsolete PolarSSL version |
| 5901 | |
| 5902 | Since 5017d5ada (polarssl: now require 1.3.0+, 2014-03-17), we require |
| 5903 | a newer PolarSSL version. No need to keep code trying to support any |
| 5904 | older version. |
| 5905 | |
| 5906 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5907 | |
| 5908 | - [Johannes Schindelin brought this change] |
| 5909 | |
| 5910 | getinfo: access SSL internals via Curl_ssl |
| 5911 | |
| 5912 | In the ongoing endeavor to abstract out all SSL backend-specific |
| 5913 | functionality, this is the next step: Instead of hard-coding how the |
| 5914 | different SSL backends access their internal data in getinfo.c, let's |
| 5915 | implement backend-specific functions to do that task. |
| 5916 | |
| 5917 | This will also allow for switching SSL backends as a runtime option. |
| 5918 | |
| 5919 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5920 | |
| 5921 | - [Johannes Schindelin brought this change] |
| 5922 | |
| 5923 | vtls: move SSL backends' private constants out of their header files |
| 5924 | |
| 5925 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5926 | |
| 5927 | - [Johannes Schindelin brought this change] |
| 5928 | |
| 5929 | axtls: use Curl_none_* versions of init() and cleanup() |
| 5930 | |
| 5931 | There are convenient no-op versions of the init/cleanup functions now, |
| 5932 | no need to define private ones for axTLS. |
| 5933 | |
| 5934 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5935 | |
| 5936 | - [Johannes Schindelin brought this change] |
| 5937 | |
| 5938 | vtls: remove obsolete declarations of SSL backend functionality |
| 5939 | |
| 5940 | These functions are all available via the Curl_ssl struct now, no need |
| 5941 | to declare them separately anymore. |
| 5942 | |
| 5943 | As the global declarations are removed, the corresponding function |
| 5944 | definitions are marked as file-local. The only two exceptions here are |
| 5945 | Curl_mbedtls_shutdown() and Curl_polarssl_shutdown(): only the |
| 5946 | declarations were removed, there are no function definitions to mark |
| 5947 | file-local. |
| 5948 | |
| 5949 | Please note that Curl_nss_force_init() is *still* declared globally, as |
| 5950 | the only SSL backend-specific function, because it was introduced |
| 5951 | specifically for the use case where cURL was compiled with |
| 5952 | `--without-ssl --with-nss`. For details, see f3b77e561 (http_ntlm: add |
| 5953 | support for NSS, 2010-06-27). |
| 5954 | |
| 5955 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5956 | |
| 5957 | - [Johannes Schindelin brought this change] |
| 5958 | |
| 5959 | schannel: reorder functions topologically |
| 5960 | |
| 5961 | The _shutdown() function calls the _session_free() function; While this |
| 5962 | is not a problem now (because schannel.h declares both functions), a |
| 5963 | patch looming in the immediate future with make all of these functions |
| 5964 | file-local. |
| 5965 | |
| 5966 | So let's just move the _session_free() function's definition before it |
| 5967 | is called. |
| 5968 | |
| 5969 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5970 | |
| 5971 | - [Johannes Schindelin brought this change] |
| 5972 | |
| 5973 | axtls: reorder functions topologically |
| 5974 | |
| 5975 | The connect_finish() function (like many other functions after it) calls |
| 5976 | the Curl_axtls_close() function; While this is not a problem now |
| 5977 | (because axtls.h declares the latter function), a patch looming in the |
| 5978 | immediate future with make all of these functions file-local. |
| 5979 | |
| 5980 | So let's just move the Curl_axtls_close() function's definition before |
| 5981 | it is called. |
| 5982 | |
| 5983 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5984 | |
| 5985 | - [Johannes Schindelin brought this change] |
| 5986 | |
| 5987 | vtls: move the SUPPORT_HTTPS_PROXY flag into the Curl_ssl struct |
| 5988 | |
| 5989 | That will allow us to choose the SSL backend at runtime. |
| 5990 | |
| 5991 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 5992 | |
| 5993 | - [Johannes Schindelin brought this change] |
| 5994 | |
| 5995 | vtls: convert the have_curlssl_* constants to runtime flags |
| 5996 | |
| 5997 | The entire idea of introducing the Curl_ssl struct to describe SSL |
| 5998 | backends is to prepare for choosing the SSL backend at runtime. |
| 5999 | |
| 6000 | To that end, convert all the #ifdef have_curlssl_* style conditionals |
| 6001 | to use bit flags instead. |
| 6002 | |
| 6003 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6004 | |
| 6005 | - [Johannes Schindelin brought this change] |
| 6006 | |
| 6007 | vtls: move sha256sum into the Curl_ssl struct |
| 6008 | |
| 6009 | The SHA-256 checksumming is also an SSL backend-specific function. |
| 6010 | Let's include it in the struct declaring the functionality of SSL |
| 6011 | backends. |
| 6012 | |
| 6013 | In contrast to MD5, there is no fall-back code. To indicate this, the |
| 6014 | respective entries are NULL for those backends that offer no support for |
| 6015 | SHA-256 checksumming. |
| 6016 | |
| 6017 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6018 | |
| 6019 | - [Johannes Schindelin brought this change] |
| 6020 | |
| 6021 | vtls: move md5sum into the Curl_ssl struct |
| 6022 | |
| 6023 | The MD5 summing is also an SSL backend-specific function. So let's |
| 6024 | include it, offering the previous fall-back code as a separate function |
| 6025 | now: Curl_none_md5sum(). To allow for that, the signature had to be |
| 6026 | changed so that an error could be returned from the implementation |
| 6027 | (Curl_none_md5sum() can run out of memory). |
| 6028 | |
| 6029 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6030 | |
| 6031 | - [Johannes Schindelin brought this change] |
| 6032 | |
| 6033 | vtls: use the Curl_ssl struct to access all SSL backends' functionality |
| 6034 | |
| 6035 | This is the first step to unify the SSL backend handling. Now all the |
| 6036 | SSL backend-specific functionality is accessed via a global instance of |
| 6037 | the Curl_ssl struct. |
| 6038 | |
| 6039 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6040 | |
| 6041 | - [Johannes Schindelin brought this change] |
| 6042 | |
| 6043 | vtls: declare Curl_ssl structs for every SSL backend |
| 6044 | |
| 6045 | The idea of introducing the Curl_ssl struct was to unify how the SSL |
| 6046 | backends are declared and called. To this end, we now provide an |
| 6047 | instance of the Curl_ssl struct for each and every SSL backend. |
| 6048 | |
| 6049 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6050 | |
| 6051 | - [Johannes Schindelin brought this change] |
| 6052 | |
| 6053 | vtls: introduce a new struct for SSL backends |
| 6054 | |
| 6055 | This new struct is similar in nature to Curl_handler: it will define the |
| 6056 | functions and capabilities of all the SSL backends (where Curl_handler |
| 6057 | defines the functions and capabilities of protocol handlers). |
| 6058 | |
| 6059 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6060 | |
| 6061 | - [Johannes Schindelin brought this change] |
| 6062 | |
| 6063 | vtls: make sure every _sha256sum()'s first arg is const |
| 6064 | |
| 6065 | This patch makes the signature of the _sha256sum() functions consistent |
| 6066 | among the SSL backends, in preparation for unifying the way all SSL |
| 6067 | backends are accessed. |
| 6068 | |
| 6069 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6070 | |
| 6071 | - [Johannes Schindelin brought this change] |
| 6072 | |
| 6073 | vtls: make sure all _data_pending() functions return bool |
| 6074 | |
| 6075 | This patch makes the signature of the _data_pending() functions |
| 6076 | consistent among the SSL backends, in preparation for unifying the way |
| 6077 | all SSL backends are accessed. |
| 6078 | |
| 6079 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6080 | |
| 6081 | - [Johannes Schindelin brought this change] |
| 6082 | |
| 6083 | vtls: make sure all _cleanup() functions return void |
| 6084 | |
| 6085 | This patch makes the signature of the _cleanup() functions consistent |
| 6086 | among the SSL backends, in preparation for unifying the way all SSL |
| 6087 | backends are accessed. |
| 6088 | |
| 6089 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6090 | |
| 6091 | - [Johannes Schindelin brought this change] |
| 6092 | |
| 6093 | vtls: use consistent signature for _random() implementations |
| 6094 | |
| 6095 | This will make the upcoming multissl backend much easier to implement. |
| 6096 | |
| 6097 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6098 | |
| 6099 | - strtooff: fix build for systems with long long but no strtoll option |
| 6100 | |
| 6101 | Closes #1829 |
| 6102 | |
| 6103 | Reported-by: Dan Fandrich |
| 6104 | Bug: https://github.com/curl/curl/pull/1758#issuecomment-324861615 |
| 6105 | |
| 6106 | - darwinssl: handle long strings in TLS certs |
| 6107 | |
| 6108 | ... as the previous fixed length 128 bytes buffer was sometimes too |
| 6109 | small. |
| 6110 | |
| 6111 | Fixes #1823 |
| 6112 | Closes #1831 |
| 6113 | |
| 6114 | Reported-by: Benjamin Sergeant |
| 6115 | Assisted-by: Bill Pyne, Ray Satiro, Nick Zitzmann |
| 6116 | |
| 6117 | - system.h: include sys/poll.h for AIX |
| 6118 | |
| 6119 | ... to get the event/revent defines that might be used for the poll |
| 6120 | struct. |
| 6121 | |
| 6122 | Reported-by: Michael Smith |
| 6123 | Fixes #1828 |
| 6124 | Closes #1833 |
| 6125 | |
| 6126 | Dan Fandrich (26 Aug 2017) |
| 6127 | - tests: Make sure libtests & unittests call curl_global_cleanup() |
| 6128 | |
| 6129 | These were missed in commit c468c27b. |
| 6130 | |
| 6131 | Jay Satiro (26 Aug 2017) |
| 6132 | - [theantigod brought this change] |
| 6133 | |
| 6134 | winbuild: fix embedded manifest option |
| 6135 | |
| 6136 | Embedded manifest option didn't work due to incorrect path. |
| 6137 | |
| 6138 | Fixes https://github.com/curl/curl/issues/1832 |
| 6139 | |
| 6140 | Daniel Stenberg (25 Aug 2017) |
| 6141 | - fuzz/Makefile.am: remove curlbuild.h leftovers |
| 6142 | |
| 6143 | - examples/threaded-ssl: mention that this is for openssl before 1.1 |
| 6144 | |
| 6145 | - imap: use defined names for response codes |
| 6146 | |
| 6147 | When working on this code I found the previous setup a bit weird while |
| 6148 | using proper defines increases readability. |
| 6149 | |
| 6150 | Closes #1824 |
| 6151 | |
| 6152 | - CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD |
| 6153 | |
| 6154 | - imap: support PREAUTH |
| 6155 | |
| 6156 | It is a defined possible greeting at server startup that means the |
| 6157 | connection is already authenticated. See |
| 6158 | https://tools.ietf.org/html/rfc3501#section-7.1.4 |
| 6159 | |
| 6160 | Test 846 added to verify. |
| 6161 | |
| 6162 | Fixes #1818 |
| 6163 | Closes #1820 |
| 6164 | |
| 6165 | Jay Satiro (23 Aug 2017) |
| 6166 | - config-tpf: define SIZEOF_LONG |
| 6167 | |
| 6168 | Recent changes that replaced CURL_SIZEOF_LONG in the source with |
| 6169 | SIZEOF_LONG broke builds that use the premade configuration files and |
| 6170 | don't have SIZEOF_LONG defined. |
| 6171 | |
| 6172 | Bug: https://github.com/curl/curl/issues/1816 |
| 6173 | |
| 6174 | Dan Fandrich (23 Aug 2017) |
| 6175 | - test1453: Fixed <features> |
| 6176 | |
| 6177 | Daniel Stenberg (22 Aug 2017) |
| 6178 | - [Gisle Vanem brought this change] |
| 6179 | |
| 6180 | config-dos: add missing defines, SIZEOF_* and two others |
| 6181 | |
| 6182 | Bug: #1816 |
| 6183 | |
| 6184 | - curl: shorten and clean up CA cert verification error message |
| 6185 | |
| 6186 | The previous message was just too long for ordinary people and it was |
| 6187 | encouraging users to use `--insecure` a little too easy. |
| 6188 | |
| 6189 | Based-on-work-by: Frank Denis |
| 6190 | |
| 6191 | Closes #1810 |
| 6192 | Closes #1817 |
| 6193 | |
| 6194 | - request-target.d: mention added in 7.55.0 |
| 6195 | |
| 6196 | Marcel Raad (22 Aug 2017) |
| 6197 | - tool_main: turn off MinGW CRT's globbing |
| 6198 | |
| 6199 | By default, the MinGW CRT globs command-line arguments. This prevents |
| 6200 | getting a single asterisk into an argument as test 1299 does. Turn off |
| 6201 | globbing by setting the global variable _CRT_glob to 0 for MinGW. |
| 6202 | |
| 6203 | Fixes https://github.com/curl/curl/issues/1751 |
| 6204 | Closes https://github.com/curl/curl/pull/1813 |
| 6205 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 6206 | Viktor Szakats (22 Aug 2017) |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 6207 | - makefile.m32: add support for libidn2 |
| 6208 | |
| 6209 | libidn was replaced with libidn2 last year in configure. |
| 6210 | Caveat: libidn2 may depend on a list of further libs. |
| 6211 | These can be manually specified via CURL_LDFLAG_EXTRAS. |
| 6212 | |
| 6213 | Closes https://github.com/curl/curl/pull/1815 |
| 6214 | |
| 6215 | Jay Satiro (22 Aug 2017) |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 6216 | - [Viktor Szakats brought this change] |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 6217 | |
| 6218 | config-win32: define SIZEOF_LONG |
| 6219 | |
| 6220 | Recent changes that replaced CURL_SIZEOF_LONG in the source with |
| 6221 | SIZEOF_LONG broke builds that use the premade configuration files and |
| 6222 | don't have SIZEOF_LONG defined. |
| 6223 | |
| 6224 | Closes https://github.com/curl/curl/pull/1814 |
| 6225 | |
| 6226 | Daniel Stenberg (20 Aug 2017) |
| 6227 | - cmake: enable picky compiler options with clang and gcc |
| 6228 | |
| 6229 | closes #1799 |
| 6230 | |
| 6231 | - curl/system.h: fix build for hppa |
| 6232 | |
| 6233 | Reported-by: John David Anglin |
| 6234 | Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872502#10 |
| 6235 | |
| 6236 | - [Even Rouault brought this change] |
| 6237 | |
| 6238 | tftp: fix memory leak on too long filename |
| 6239 | |
| 6240 | Fixes |
| 6241 | |
| 6242 | $ valgrind --leak-check=full ~/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz |
| 6243 | |
| 6244 | ==9752== Memcheck, a memory error detector |
| 6245 | ==9752== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. |
| 6246 | ==9752== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info |
| 6247 | ==9752== Command: /home/even/install-curl-git/bin/curl tftp://localhost/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaz |
| 6248 | ==9752== |
| 6249 | curl: (71) TFTP file name too long |
| 6250 | |
| 6251 | ==9752== |
| 6252 | ==9752== HEAP SUMMARY: |
| 6253 | ==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11 |
| 6254 | ==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| 6255 | ==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| 6256 | ==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| 6257 | ==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| 6258 | ==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| 6259 | ==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| 6260 | ==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-git/lib/libcurl.so.4.4.0) |
| 6261 | ==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl) |
| 6262 | ==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl) |
| 6263 | ==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl) |
| 6264 | |
| 6265 | Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568 |
| 6266 | Credit to OSS Fuzz |
| 6267 | |
| 6268 | Closes #1808 |
| 6269 | |
| 6270 | Dan Fandrich (19 Aug 2017) |
| 6271 | - runtests: fixed case insensitive matching of keywords |
| 6272 | |
| 6273 | Commit 5c2aac71 didn't work in the case of mixed-case keywords given on |
| 6274 | the command-line. |
| 6275 | |
| 6276 | - tests: Make sure libtests call curl_global_cleanup() |
| 6277 | |
| 6278 | This ensures that global data allocations are freed so Valgrind stays |
| 6279 | happy. This was a problem with at least PolarSSL and mbedTLS. |
| 6280 | |
| 6281 | Daniel Stenberg (18 Aug 2017) |
| 6282 | - RELEASE-NOTES: synced with 8baead425 |
| 6283 | |
| 6284 | - scripts/contri*sh: use "git log --use-mailmap" |
| 6285 | |
| 6286 | - mailmap: de-duplify some git authors |
| 6287 | |
| 6288 | - http2_recv: return error better on fatal h2 errors |
| 6289 | |
| 6290 | Ref #1012 |
| 6291 | Figured-out-by: Tatsuhiro Tsujikawa |
| 6292 | |
| 6293 | - KNOWN_BUGS: HTTP test server 'connection-monitor' problems |
| 6294 | |
| 6295 | Closes #868 |
| 6296 | |
| 6297 | - curl/system.h: check for __ppc__ as well |
| 6298 | |
| 6299 | ... regression since issue #1774 (commit 10b3df10596a) since obviously |
| 6300 | some older gcc doesn't know __powerpc__ while some newer doesn't know |
| 6301 | __ppc__ ... |
| 6302 | |
| 6303 | Fixes #1797 |
| 6304 | Closes #1798 |
| 6305 | Reported-by: Ryan Schmidt |
| 6306 | |
| 6307 | - [Jan Alexander Steffens (heftig) brought this change] |
| 6308 | |
| 6309 | http: Don't wait on CONNECT when there is no proxy |
| 6310 | |
| 6311 | Since curl 7.55.0, NetworkManager almost always failed its connectivity |
| 6312 | check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP |
| 6313 | CONNECT process entirely non-blocking). |
| 6314 | |
| 6315 | This patch replaces !Curl_connect_complete with Curl_connect_ongoing, |
| 6316 | which returns false if the CONNECT state was left uninitialized and lets |
| 6317 | the connection continue. |
| 6318 | |
| 6319 | Closes #1803 |
| 6320 | Fixes #1804 |
| 6321 | |
| 6322 | Also-fixed-by: Gergely Nagy |
| 6323 | |
| 6324 | - [Johannes Schindelin brought this change] |
| 6325 | |
| 6326 | metalink: adjust source code style |
| 6327 | |
| 6328 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 6329 | |
| 6330 | - CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG |
| 6331 | |
| 6332 | - lib557: no longer use CURL_SIZEOF_* defines |
| 6333 | |
| 6334 | - config-win32: define SIZEOF_CURL_OFF_T |
| 6335 | |
| 6336 | - cmake: sizeof curl_off_t, remove unused detections |
| 6337 | |
| 6338 | - system.h: remove all CURL_SIZEOF_* defines |
| 6339 | |
| 6340 | ... as they're not used externally and internally we check for the sizes |
| 6341 | already in configure etc. |
| 6342 | |
| 6343 | Closes #1767 |
| 6344 | |
| 6345 | - ftp: fix CWD when doing multicwd then nocwd on same connection |
| 6346 | |
| 6347 | Fixes #1782 |
| 6348 | Closes #1787 |
| 6349 | Reported-by: Peter Lamare |
| 6350 | |
| 6351 | - CURLOPT_SSH_COMPRESSION.3: enable with 1L |
| 6352 | |
| 6353 | (leaves other values reserved for the future) |
| 6354 | |
| 6355 | - compressed-ssh.d: "Added: 7.56.0" |
| 6356 | |
| 6357 | - curl/system.h: checksrc compliance |
| 6358 | |
| 6359 | Jay Satiro (17 Aug 2017) |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 6360 | - [Viktor Szakats brought this change] |
Alex Deymo | 486467e | 2017-12-19 19:04:07 +0100 | [diff] [blame] | 6361 | |
| 6362 | ssh: add the ability to enable compression (for SCP/SFTP) |
| 6363 | |
| 6364 | The required low-level logic was already available as part of |
| 6365 | `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] |
| 6366 | option.) |
| 6367 | |
| 6368 | This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` |
| 6369 | (boolean) and the new `curl` command-line option `--compressed-ssh` |
| 6370 | to request this `libssh2` feature. To have compression enabled, it |
| 6371 | is required that the SSH server supports a (zlib) compatible |
| 6372 | compression method and that `libssh2` was built with `zlib` support |
| 6373 | enabled. |
| 6374 | |
| 6375 | [1] https://www.libssh2.org/libssh2_session_flag.html |
| 6376 | |
| 6377 | Ref: https://github.com/curl/curl/issues/1732 |
| 6378 | Closes https://github.com/curl/curl/pull/1735 |
| 6379 | |
| 6380 | - examples/ftpuploadresume: checksrc compliance |
| 6381 | |
| 6382 | - [Maksim Stsepanenka brought this change] |
| 6383 | |
| 6384 | http_proxy: fix build error for CURL_DOES_CONVERSIONS |
| 6385 | |
| 6386 | Closes https://github.com/curl/curl/pull/1793 |
| 6387 | |
| 6388 | GitHub (16 Aug 2017) |
| 6389 | - [Nick Zitzmann brought this change] |
| 6390 | |
| 6391 | configure: check for __builtin_available() availability (#1788) |
| 6392 | |
| 6393 | This change does two things: |
| 6394 | 1. It un-breaks the build in Xcode 9.0. (Xcode 9.0 is currently |
| 6395 | failing trying to compile connectx() in lib/connect.c.) |
| 6396 | 2. It finally weak-links the connectx() function, and falls back on |
| 6397 | connect() when run on older operating systems. |
| 6398 | |
| 6399 | Daniel Stenberg (16 Aug 2017) |
| 6400 | - travis: add metalink to some osx builds |
| 6401 | |
| 6402 | Closes #1790 |
| 6403 | |
| 6404 | - [Max Dymond brought this change] |
| 6405 | |
| 6406 | coverage: Use two coveralls commands to get lib/vtls results |
| 6407 | |
| 6408 | closes #1747 |
| 6409 | |
| 6410 | - darwinssi: fix error: variable length array used |
| 6411 | |
| 6412 | - m4/curl-compilers.m4: use proper quotes around string, not backticks |
| 6413 | |
| 6414 | ... when setting clang version to assume 3.7 |
| 6415 | |
| 6416 | Caused a lot of "integer expression expected" warnings by configure. |
| 6417 | |
| 6418 | - [Benbuck Nason brought this change] |
| 6419 | |
| 6420 | cmake: remove dead code for DISABLED_THREADSAFE |
| 6421 | |
| 6422 | Closes #1786 |
| 6423 | |
| 6424 | Jay Satiro (15 Aug 2017) |
| 6425 | - [Jakub Zakrzewski brought this change] |
| 6426 | |
| 6427 | curl-confopts.m4: fix --disable-threaded-resolver |
| 6428 | |
| 6429 | Closes https://github.com/curl/curl/issues/1784 |
| 6430 | |
| 6431 | Daniel Stenberg (15 Aug 2017) |
| 6432 | - [Ryan Winograd brought this change] |
| 6433 | |
| 6434 | progress: Track total times following redirects |
| 6435 | |
| 6436 | Update the progress timers `t_nslookup`, `t_connect`, `t_appconnect`, |
| 6437 | `t_pretransfer`, and `t_starttransfer` to track the total times for |
| 6438 | these activities when a redirect is followed. Previously, only the times |
| 6439 | for the most recent request would be tracked. |
| 6440 | |
| 6441 | Related changes: |
| 6442 | |
| 6443 | - Rename `Curl_pgrsResetTimesSizes` to `Curl_pgrsResetTransferSizes` |
| 6444 | now that the function only resets transfer sizes and no longer |
| 6445 | modifies any of the progress timers. |
| 6446 | |
| 6447 | - Add a bool to the `Progress` struct that is used to prevent |
| 6448 | double-counting `t_starttransfer` times. |
| 6449 | |
| 6450 | Added test case 1399. |
| 6451 | |
| 6452 | Fixes #522 and Known Bug 1.8 |
| 6453 | Closes #1602 |
| 6454 | Reported-by: joshhe on github |
| 6455 | |
| 6456 | - [Benbuck Nason brought this change] |
| 6457 | |
| 6458 | cmake: remove dead code for CURL_DISABLE_RTMP |
| 6459 | |
| 6460 | Closes #1785 |
| 6461 | |
| 6462 | Kamil Dudka (15 Aug 2017) |
| 6463 | - zsh.pl: produce a working completion script again |
| 6464 | |
| 6465 | Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help |
| 6466 | to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to |
| 6467 | produce a broken completion script: |
| 6468 | |
| 6469 | % curl --<TAB> |
| 6470 | _curl:10: no such file or directory: seconds |
| 6471 | |
| 6472 | Closes #1779 |
| 6473 | |
| 6474 | Daniel Stenberg (15 Aug 2017) |
| 6475 | - curlver: toward 7.56.0? |
| 6476 | |
| 6477 | - RELEASE-NOTES: synced with 91c46dc44 |
| 6478 | |
| 6479 | - test1449: FTP download range with an too large size |
| 6480 | |
| 6481 | - strtoofft: reduce integer overflow risks globally |
| 6482 | |
| 6483 | ... make sure we bail out on overflows. |
| 6484 | |
| 6485 | Reported-by: Brian Carpenter |
| 6486 | Closes #1758 |
| 6487 | |
| 6488 | - travis: build the examples too |
| 6489 | |
| 6490 | to make sure they keep building warning-free |
| 6491 | |
| 6492 | Closes #1777 |
| 6493 | |
| 6494 | - runtests: match keywords case insensitively |
| 6495 | |
| 6496 | - examples/ftpuploadresume.c: use portable code |
| 6497 | |
| 6498 | ... converted from the MS specific _snscanf() |
| 6499 | |
Elliott Hughes | 82be86d | 2017-09-20 17:00:17 -0700 | [diff] [blame] | 6500 | Version 7.55.1 (13 Aug 2017) |
| 6501 | |
| 6502 | Daniel Stenberg (13 Aug 2017) |
| 6503 | - RELEASE-NOTES/THANKS: curl 7.55.1 release time |
| 6504 | |
| 6505 | - gitignore: ignore .xz now instead of .lzma |
| 6506 | |
| 6507 | - [Sergei Nikulov brought this change] |
| 6508 | |
| 6509 | cmake: Threads detection update. ref: #1702 |
| 6510 | |
| 6511 | Closes #1719 |
| 6512 | |
| 6513 | - ipv6_scope: support unique local addresses |
| 6514 | |
| 6515 | Fixes #1764 |
| 6516 | Closes #1773 |
| 6517 | Reported-by: James Slaughter |
| 6518 | |
| 6519 | - [Alex Potapenko brought this change] |
| 6520 | |
| 6521 | curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__ |
| 6522 | |
| 6523 | Closes #1774 |
| 6524 | |
| 6525 | - test1448: verify redirect to IDN using URL |
| 6526 | |
| 6527 | Closes #1772 |
| 6528 | |
| 6529 | - [Salah-Eddin Shaban brought this change] |
| 6530 | |
| 6531 | redirect: skip URL encoding for host names |
| 6532 | |
| 6533 | This fixes redirects to IDN URLs |
| 6534 | |
| 6535 | Fixes #1441 |
| 6536 | Closes #1762 |
| 6537 | Reported by: David Lord |
| 6538 | |
| 6539 | - test2032: mark as flaky (again) |
| 6540 | |
| 6541 | - travis: test cmake build on tarball too |
| 6542 | |
| 6543 | Could've prevented #1755 |
| 6544 | |
| 6545 | - [Simon Warta brought this change] |
| 6546 | |
| 6547 | cmake: allow user to override CMAKE_DEBUG_POSTFIX |
| 6548 | |
| 6549 | Closes #1763 |
| 6550 | |
| 6551 | - connect-to.d: better language |
| 6552 | |
| 6553 | - connect-to.d: clarified |
| 6554 | |
| 6555 | - bagder/Curl_tvdiff_us: fix the math |
| 6556 | |
| 6557 | Regression since adef394ac5 (released in 7.55.0) |
| 6558 | |
| 6559 | Reported-by: Han Qiao |
| 6560 | Fixes #1769 |
| 6561 | Closes #1771 |
| 6562 | |
| 6563 | - curl/system.h: add Oracle Solaris Studio |
| 6564 | |
| 6565 | Fixes #1752 |
| 6566 | |
| 6567 | - [Alessandro Ghedini brought this change] |
| 6568 | |
| 6569 | docs: fix typo funtion -> function |
| 6570 | |
| 6571 | Closes #1770 |
| 6572 | |
| 6573 | Alessandro Ghedini (12 Aug 2017) |
| 6574 | - docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description |
| 6575 | |
| 6576 | - docs: fix typo stuct -> struct |
| 6577 | |
| 6578 | Dan Fandrich (12 Aug 2017) |
| 6579 | - test1447: require a curl with http support |
| 6580 | |
| 6581 | Daniel Stenberg (11 Aug 2017) |
| 6582 | - [Thomas Petazzoni brought this change] |
| 6583 | |
| 6584 | curl/system.h: support more architectures |
| 6585 | |
| 6586 | The long list of architectures in include/curl/system.h is annoying to |
| 6587 | maintain, and needs to be extended for each and every architecture to |
| 6588 | support. |
| 6589 | |
| 6590 | Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler |
| 6591 | (we are in the GNUC condition anyway), which tells us if long is 4 |
| 6592 | bytes or 8 bytes. |
| 6593 | |
| 6594 | This fixes the build of libcurl 7.55.0 on architectures such as |
| 6595 | OpenRISC or ARC. |
| 6596 | |
| 6597 | Closes #1766 |
| 6598 | |
| 6599 | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> |
| 6600 | |
| 6601 | - test2033: this went flaky again |
| 6602 | |
| 6603 | Suspicion: when we enabled the threaded resolver by default. |
| 6604 | |
| 6605 | - test1447: verifies the parse proxy fix in 6e0e152ce5c |
| 6606 | |
| 6607 | - [Even Rouault brought this change] |
| 6608 | |
| 6609 | parse_proxy(): fix memory leak in case of invalid proxy server name |
| 6610 | |
| 6611 | Fixes the below leak: |
| 6612 | |
| 6613 | $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1 |
| 6614 | curl: (5) Couldn't resolve proxy name |
| 6615 | ==5048== |
| 6616 | ==5048== HEAP SUMMARY: |
| 6617 | ==5048== in use at exit: 532 bytes in 12 blocks |
| 6618 | ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated |
| 6619 | ==5048== |
| 6620 | ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12 |
| 6621 | ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| 6622 | ==5048== by 0x4E6CB79: parse_login_details (url.c:5614) |
| 6623 | ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) |
| 6624 | ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) |
| 6625 | ==5048== by 0x4E6EA18: create_conn (url.c:6498) |
| 6626 | ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) |
| 6627 | ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) |
| 6628 | ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) |
| 6629 | ==5048== by 0x4E7C515: easy_transfer (easy.c:708) |
| 6630 | ==5048== by 0x4E7C74A: easy_perform (easy.c:794) |
| 6631 | ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) |
| 6632 | ==5048== by 0x414025: operate_do (tool_operate.c:1563) |
| 6633 | ==5048== |
| 6634 | ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12 |
| 6635 | ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) |
| 6636 | ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621) |
| 6637 | ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) |
| 6638 | ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) |
| 6639 | ==5048== by 0x4E6EA18: create_conn (url.c:6498) |
| 6640 | ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) |
| 6641 | ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) |
| 6642 | ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) |
| 6643 | ==5048== by 0x4E7C515: easy_transfer (easy.c:708) |
| 6644 | ==5048== by 0x4E7C74A: easy_perform (easy.c:794) |
| 6645 | ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) |
| 6646 | ==5048== by 0x414025: operate_do (tool_operate.c:1563) |
| 6647 | |
| 6648 | Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984 |
| 6649 | Credit to OSS Fuzz for discovery |
| 6650 | |
| 6651 | Closes #1761 |
| 6652 | |
| 6653 | - RELEASE-NOTES: synced with 37f2195a9 |
| 6654 | |
| 6655 | - curlver: bump to 7.55.1 |
| 6656 | |
| 6657 | - openssl: fix "error: this statement may fall through" |
| 6658 | |
| 6659 | A gcc7 warning. |
| 6660 | |
| 6661 | - [David Benjamin brought this change] |
| 6662 | |
| 6663 | openssl: remove CONST_ASN1_BIT_STRING. |
| 6664 | |
| 6665 | Just making the pointer as const works for the pre-1.1.0 path too. |
| 6666 | |
| 6667 | Closes #1759 |
| 6668 | |
| 6669 | - maketgz: remove old *.dist files before making the tarball |
| 6670 | |
| 6671 | To avoid "old crap" unintentionally getting shipped. |
| 6672 | |
| 6673 | Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html |
| 6674 | Reported-by: Christian Weisgerber |
| 6675 | |
| 6676 | Jay Satiro (10 Aug 2017) |
| 6677 | - mkhelp.pl: allow executing this script directly |
| 6678 | |
| 6679 | - Enable execute permission (chmod +x) |
| 6680 | |
| 6681 | - Change interpreter to /usr/bin/env perl |
| 6682 | |
| 6683 | Ref: https://github.com/curl/curl/issues/1743 |
| 6684 | |
| 6685 | Daniel Stenberg (10 Aug 2017) |
| 6686 | - configure: use the threaded resolver backend by default if possible |
| 6687 | |
| 6688 | Closes #1647 |
| 6689 | |
| 6690 | - cmake: move cmake_uninstall.cmake to CMake/ |
| 6691 | |
| 6692 | Closes #1756 |
| 6693 | |
| 6694 | - metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead |
| 6695 | |
| 6696 | - dist: fix the cmake build by shipping cmake_uninstall.cmake.in too |
| 6697 | |
| 6698 | Fixes #1755 |
| 6699 | |
| 6700 | - travis: verify "make install" |
| 6701 | |
| 6702 | Help-by: Jay Satiro |
| 6703 | Closes #1753 |
| 6704 | |
| 6705 | Marcel Raad (10 Aug 2017) |
| 6706 | - build: check out *.sln files with Windows line endings |
| 6707 | |
| 6708 | Visual Studio doesn't like LF line endings in solution files and always |
| 6709 | converts them to CRLF when doing changes to the solution. Notably, this |
| 6710 | affects the solutions in the release archive. |
| 6711 | |
| 6712 | Closes https://github.com/curl/curl/pull/1746 |
| 6713 | |
| 6714 | - gitignore: ignore top-level .vs folder |
| 6715 | |
| 6716 | This folder is generated when using the CMake build system from within |
| 6717 | Visual Studio. |
| 6718 | |
| 6719 | Closes https://github.com/curl/curl/pull/1746 |
| 6720 | |
| 6721 | Jay Satiro (10 Aug 2017) |
| 6722 | - digest_sspi: Don't reuse context if the user/passwd has changed |
| 6723 | |
| 6724 | Bug: https://github.com/curl/curl/issues/1685 |
| 6725 | Reported-by: paulharris@users.noreply.github.com |
| 6726 | |
| 6727 | Assisted-by: Isaac Boukris |
| 6728 | |
| 6729 | Closes https://github.com/curl/curl/pull/1742 |
| 6730 | |
| 6731 | Daniel Stenberg (9 Aug 2017) |
| 6732 | - [Adam Sampson brought this change] |
| 6733 | |
| 6734 | dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST |
| 6735 | |
| 6736 | These weren't included in the 7.55.0 release, but are required in order |
| 6737 | to run the full test suite. |
| 6738 | |
| 6739 | Closes #1744 |
| 6740 | |
| 6741 | - [Adam Sampson brought this change] |
| 6742 | |
| 6743 | curl: do bounds check using a double comparison |
| 6744 | |
| 6745 | The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't |
| 6746 | complete: if the parsed number in num is larger than will fit in a long, |
| 6747 | the conversion is undefined behaviour (causing test1427 to fail for me |
| 6748 | on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting |
| 6749 | rid of the cast means the comparison will be done using doubles. |
| 6750 | |
| 6751 | It might make more sense for the max argument to also be a double... |
| 6752 | |
| 6753 | Fixes #1750 |
| 6754 | Closes #1749 |
| 6755 | |
| 6756 | - make install: add 8 missing man pages to the installation |
| 6757 | |
| 6758 | - build: fix 'make install' with configure, install docs/libcurl/* too |
| 6759 | |
| 6760 | Broken since d24838d4da9faa |
| 6761 | |
| 6762 | Reported-by: Bernard Spil |
| 6763 | |
| 6764 | Version 7.55.0 (9 Aug 2017) |
| 6765 | |
| 6766 | Daniel Stenberg (9 Aug 2017) |
| 6767 | - RELEASE-NOTES: curl 7.55.0 |
| 6768 | |
| 6769 | - THANKS: 20 new contributors in 7.55.0 |
| 6770 | |
Elliott Hughes | cac3980 | 2018-04-27 16:19:43 -0700 | [diff] [blame] | 6771 | - [Viktor Szakats brought this change] |
Elliott Hughes | 82be86d | 2017-09-20 17:00:17 -0700 | [diff] [blame] | 6772 | |
| 6773 | docs/comments: Update to secure URL versions |
| 6774 | |
| 6775 | Closes #1741 |
| 6776 | |
| 6777 | - configure: fix recv/send/select detection on Android |
| 6778 | |
| 6779 | ... since they now provide several functions as |
| 6780 | __attribute__((overloadable)), the argument detection logic need |
| 6781 | updates. |
| 6782 | |
| 6783 | Patched-by: destman at github |
| 6784 | |
| 6785 | Fixes #1738 |
| 6786 | Closes #1739 |
| 6787 | |
| 6788 | Marcel Raad (8 Aug 2017) |
| 6789 | - ax_code_coverage.m4: update to latest version |
| 6790 | |
| 6791 | This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d |
| 6792 | from August 01, 2017. Notably, this removes the lconv version whitelist. |
| 6793 | |
| 6794 | Closes https://github.com/curl/curl/pull/1716 |
| 6795 | |
| 6796 | Daniel Stenberg (7 Aug 2017) |
| 6797 | - test1427: verify command line parser integer overflow detection |
| 6798 | |
| 6799 | - curl: detect and bail out early on parameter integer overflows |
| 6800 | |
| 6801 | Make the number parser aware of the maximum limit curl accepts for a |
| 6802 | value and return an error immediately if larger, instead of running an |
| 6803 | integer overflow later. |
| 6804 | |
| 6805 | Fixes #1730 |
| 6806 | Closes #1736 |
| 6807 | |
| 6808 | - glob: do not continue parsing after a strtoul() overflow range |
| 6809 | |
| 6810 | Added test 1289 to verify. |
| 6811 | |
| 6812 | CVE-2017-1000101 |
| 6813 | |
| 6814 | Bug: https://curl.haxx.se/docs/adv_20170809A.html |
| 6815 | Reported-by: Brian Carpenter |
| 6816 | |
| 6817 | - tftp: reject file name lengths that don't fit |
| 6818 | |
| 6819 | ... and thereby avoid telling send() to send off more bytes than the |
| 6820 | size of the buffer! |
| 6821 | |
| 6822 | CVE-2017-1000100 |
| 6823 | |
| 6824 | Bug: https://curl.haxx.se/docs/adv_20170809B.html |
| 6825 | Reported-by: Even Rouault |
| 6826 | |
| 6827 | Credit to OSS-Fuzz for the discovery |
| 6828 | |
| 6829 | - [Even Rouault brought this change] |
| 6830 | |
| 6831 | file: output the correct buffer to the user |
| 6832 | |
| 6833 | Regression brought by 7c312f84ea930d8 (April 2017) |
| 6834 | |
| 6835 | CVE-2017-1000099 |
| 6836 | |
| 6837 | Bug: https://curl.haxx.se/docs/adv_20170809C.html |
| 6838 | |
| 6839 | Credit to OSS-Fuzz for the discovery |
| 6840 | |
| 6841 | - easy_events: make event data static |
| 6842 | |
| 6843 | First: this function is only used in debug-builds and not in |
| 6844 | release/real builds. It is used to drive tests using the event-based |
| 6845 | API. |
| 6846 | |
| 6847 | A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the |
| 6848 | CURLMOPT_TIMERFUNCTION calback can in fact be called even after this |
| 6849 | funtion returns, namely when curl_multi_remove_handle() is called. |
| 6850 | |
| 6851 | Reported-by: Brian Carpenter |
| 6852 | |
| 6853 | - getparameter: avoid returning uninitialized 'usedarg' |
| 6854 | |
| 6855 | Fixes #1728 |
| 6856 | |
| 6857 | Marcel Raad (5 Aug 2017) |
| 6858 | - [Isaac Boukris brought this change] |
| 6859 | |
| 6860 | gssapi: fix memory leak of output token in multi round context |
| 6861 | |
| 6862 | When multiple rounds are needed to establish a security context |
| 6863 | (usually ntlm), we overwrite old token with a new one without free. |
| 6864 | Found by proposed gss tests using stub a gss implementation (by |
| 6865 | valgrind error), though I have confirmed the leak with a real |
| 6866 | gssapi implementation as well. |
| 6867 | |
| 6868 | Closes https://github.com/curl/curl/pull/1733 |
| 6869 | |
| 6870 | - darwinssl: fix compiler warning |
| 6871 | |
| 6872 | clang complains: |
| 6873 | vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive |
| 6874 | [-Werror,-Wextra-tokens] |
| 6875 | |
| 6876 | This breaks the darwinssl build on Travis. Fix it by making this token |
| 6877 | a comment. |
| 6878 | |
| 6879 | Closes https://github.com/curl/curl/pull/1734 |
| 6880 | |
| 6881 | - CMake: fix CURL_WERROR for MSVC |
| 6882 | |
| 6883 | When using CURL_WERROR in MSVC builds, the debug flags were overridden |
| 6884 | by the release flags and /WX got added twice in debug mode. |
| 6885 | |
| 6886 | Closes https://github.com/curl/curl/pull/1715 |
| 6887 | |
| 6888 | Daniel Stenberg (4 Aug 2017) |
| 6889 | - RELEASE-NOTES: synced with 561e9217c |
| 6890 | |
| 6891 | - test1010: verify that #1718 is fixed |
| 6892 | |
| 6893 | ... by doing two transfers in nocwd mode and check that there's no |
| 6894 | superfluous CWD command. |
| 6895 | |
| 6896 | - FTP: skip unnecessary CWD when in nocwd mode |
| 6897 | |
| 6898 | ... when reusing a connection. If it didn't do any CWD previously. |
| 6899 | |
| 6900 | Fixes #1718 |
| 6901 | |
| 6902 | Marcel Raad (4 Aug 2017) |
| 6903 | - travis: explicitly specify dist |
| 6904 | |
| 6905 | This makes the builds more reproducible as travis is currently rolling |
| 6906 | out trusty as default dist [1]. Specifically, this avoids coverage |
| 6907 | check failures when trusty is used as seen in [2] until we figure out |
| 6908 | what's wrong. |
| 6909 | |
| 6910 | [1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming |
| 6911 | [2] https://github.com/curl/curl/pull/1692 |
| 6912 | |
| 6913 | Closes https://github.com/curl/curl/pull/1725 |
| 6914 | |
| 6915 | Daniel Stenberg (4 Aug 2017) |
| 6916 | - travis: BUILD_TYPE => T |
| 6917 | |
| 6918 | (to make the full line appear nicer on travis web UI) |
| 6919 | |
| 6920 | - travis: add osx build with darwinssl |
| 6921 | |
| 6922 | Closes #1706 |
| 6923 | |
| 6924 | - darwin: silence compiler warnings |
| 6925 | |
| 6926 | With a clang pragma and three type fixes |
| 6927 | |
| 6928 | Fixes #1722 |
| 6929 | |
| 6930 | - BUILD.WINDOWS: mention buildconf.bat for builds off git |
| 6931 | |
| 6932 | - darwinssl: fix curlssl_sha256sum() compiler warnings on first argument |
| 6933 | |
| 6934 | - test130: verify comments in .netrc |
| 6935 | |
| 6936 | - [Gisle Vanem brought this change] |
| 6937 | |
| 6938 | netrc: skip lines starting with '#' |
| 6939 | |
| 6940 | Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html |
| 6941 | |
| 6942 | Marcel Raad (3 Aug 2017) |
| 6943 | - CMake: set MSVC warning level to 4 |
| 6944 | |
| 6945 | The MSVC warning level defaults to 3 in CMake. Change it to 4, which is |
| 6946 | consistent with the Visual Studio and NMake builds. Disable level 4 |
| 6947 | warning C4127 for the library and additionally C4306 for the test |
| 6948 | servers to get a clean CURL_WERROR build as that warning is raised in |
| 6949 | some macros in older Visual Studio versions. |
| 6950 | |
| 6951 | Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794 |
| 6952 | Closes https://github.com/curl/curl/pull/1711 |
| 6953 | |
| 6954 | Daniel Stenberg (2 Aug 2017) |
| 6955 | - CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2 |
| 6956 | |
| 6957 | Reported-by: Viktor Szakats |
| 6958 | |
| 6959 | - CURLOPT_NETRC.3: mention the file name on windows |
| 6960 | |
| 6961 | ... and CURLOPT_NETRC_FILE(3). |
| 6962 | |
| 6963 | - travis: build osx with libressl too |
| 6964 | |
| 6965 | - travis: build osx with openssl too |
| 6966 | |
| 6967 | - tests/server/util: fix curltime mistake from 4dee50b9c80f9 |
| 6968 | |
| 6969 | Marcel Raad (1 Aug 2017) |
| 6970 | - curl_threads: fix MSVC compiler warning |
| 6971 | |
| 6972 | Use LongToHandle to convert from long to HANDLE in the Win32 |
| 6973 | implementation. |
| 6974 | This should fix the following warning when compiling with |
| 6975 | MSVC 11 (2012) in 64-bit mode: |
| 6976 | lib\curl_threads.c(113): warning C4306: |
| 6977 | 'type cast' : conversion from 'long' to 'HANDLE' of greater size |
| 6978 | |
| 6979 | Closes https://github.com/curl/curl/pull/1717 |
| 6980 | |
| 6981 | Daniel Stenberg (1 Aug 2017) |
| 6982 | - BUGS: improved phrasing about security bugs |
| 6983 | |
| 6984 | Reported-by: Max Dymond |
| 6985 | |
| 6986 | - BUGS: clarify how to report security related bugs |
| 6987 | |
| 6988 | - [Brad Spencer brought this change] |
| 6989 | |
| 6990 | multi: fix request timer management |
| 6991 | |
| 6992 | There are some bugs in how timers are managed for a single easy handle |
| 6993 | that causes the wrong "next timeout" value to be reported to the |
| 6994 | application when a new minimum needs to be recomputed and that new |
| 6995 | minimum should be an existing timer that isn't currently set for the |
| 6996 | easy handle. When the application drives a set of easy handles via the |
| 6997 | `curl_multi_socket_action()` API (for example), it gets told to wait the |
| 6998 | wrong amount of time before the next call, which causes requests to |
| 6999 | linger for a long time (or, it is my guess, possibly forever). |
| 7000 | |
| 7001 | Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html |
| 7002 | |
| 7003 | Jay Satiro (1 Aug 2017) |
| 7004 | - curl_setup: Define CURL_NO_OLDIES for building libcurl |
| 7005 | |
| 7006 | .. to catch accidental use of deprecated error codes. |
| 7007 | |
| 7008 | Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237 |
| 7009 | |
| 7010 | Daniel Stenberg (1 Aug 2017) |
| 7011 | - [Jeremy Tan brought this change] |
| 7012 | |
| 7013 | configure: fix the check for IdnToUnicode |
| 7014 | |
| 7015 | Fixes #1669 |
| 7016 | Closes #1713 |
| 7017 | |
| 7018 | - http: fix response code parser to avoid integer overflow |
| 7019 | |
| 7020 | test 1429 and 1433 were updated to work with the stricter HTTP status line |
| 7021 | parser. |
| 7022 | |
| 7023 | Closes #1714 |
| 7024 | Reported-by: Brian Carpenter |
| 7025 | |
| 7026 | Jay Satiro (31 Jul 2017) |
| 7027 | - [Dwarakanath Yadavalli brought this change] |
| 7028 | |
| 7029 | libcurl: Stop using error codes defined under CURL_NO_OLDIES |
| 7030 | |
| 7031 | Fixes https://github.com/curl/curl/issues/1688 |
| 7032 | Closes https://github.com/curl/curl/pull/1712 |
| 7033 | |
| 7034 | - include.d: clarify --include is only for response headers |
| 7035 | |
| 7036 | Follow-up to 171f8de and de6de94. |
| 7037 | |
| 7038 | Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851 |
| 7039 | Reported-by: Daniel Stenberg |
| 7040 | |
| 7041 | Daniel Stenberg (30 Jul 2017) |
Elliott Hughes | 0128fe4 | 2018-02-27 14:57:55 -0800 | [diff] [blame] | 7042 | - [Jason Juang brought this change] |
Elliott Hughes | 82be86d | 2017-09-20 17:00:17 -0700 | [diff] [blame] | 7043 | |
| 7044 | cmake: support make uninstall |
| 7045 | |
| 7046 | Closes #1674 |
| 7047 | |
| 7048 | - RELEASE-NOTES: synced with 001701c47 |
| 7049 | |
| 7050 | Marcel Raad (29 Jul 2017) |
| 7051 | - AppVeyor: now really use CURL_WERROR |
| 7052 | |
| 7053 | It was misspelled as CURL_ERROR in commit |
| 7054 | 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4. |
| 7055 | |
| 7056 | Closes https://github.com/curl/curl/pull/1686 |
| 7057 | |
| 7058 | Jay Satiro (29 Jul 2017) |
| 7059 | - tool_help: clarify --include is only for response headers |
| 7060 | |
| 7061 | Follow-up to 171f8de. |
| 7062 | |
| 7063 | Ref: https://github.com/curl/curl/issues/1704 |
| 7064 | |
| 7065 | - splay: fix signed/unsigned mismatch warning |
| 7066 | |
| 7067 | Follow-up to 4dee50b. |
| 7068 | |
| 7069 | Ref: https://github.com/curl/curl/pull/1693 |
| 7070 | |
| 7071 | Daniel Stenberg (28 Jul 2017) |
| 7072 | - include.d: clarify that it concerns the response headers |
| 7073 | |
| 7074 | Reported-by: olesteban at github |
| 7075 | Fixes #1704 |
| 7076 | |
| 7077 | - [Johannes Schindelin brought this change] |
| 7078 | |
| 7079 | curl_rtmp: fix a compiler warning |
| 7080 | |
| 7081 | The headers of librtmp declare the socket as `int`, and on Windows, that |
| 7082 | disagrees with curl_socket_t. |
| 7083 | |
| 7084 | Bug: #1652 |
| 7085 | |
| 7086 | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> |
| 7087 | |
| 7088 | - test1323: verify curlx_tvdiff |
| 7089 | |
| 7090 | - timeval: struct curltime is a struct timeval replacement |
| 7091 | |
| 7092 | ... to make all libcurl internals able to use the same data types for |
| 7093 | the struct members. The timeval struct differs subtly on several |
| 7094 | platforms so it makes it cumbersome to use everywhere. |
| 7095 | |
| 7096 | Ref: #1652 |
| 7097 | Closes #1693 |
| 7098 | |
| 7099 | - darwinssl: fix variable type mistake (regression) |
| 7100 | |
| 7101 | ... which made --tlsv1.2 not work because it would blank the max tls |
| 7102 | version variable. |
| 7103 | |
| 7104 | Reported-by: Nick Miyake |
| 7105 | Bug: #1703 |
| 7106 | |
| 7107 | - multi: mention integer overflow risk if using > 500 million sockets |
| 7108 | |
| 7109 | Reported-by: ovidiu-benea@users.noreply.github.com |
| 7110 | |
| 7111 | Closes #1675 |
| 7112 | Closes #1683 |
| 7113 | |
| 7114 | - checksrc: escape open brace in regex |
| 7115 | |
| 7116 | ... to silence warning. |
| 7117 | |
| 7118 | Kamil Dudka (20 Jul 2017) |
| 7119 | - nss: fix a possible use-after-free in SelectClientCert() |
| 7120 | |
| 7121 | ... causing a SIGSEGV in showit() in case the handle used to initiate |
| 7122 | the connection has already been freed. |
| 7123 | |
| 7124 | This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. |
| 7125 | |
| 7126 | Reported-by: Rob Sanders |
| 7127 | Bug: https://bugzilla.redhat.com/1436158 |
| 7128 | |
| 7129 | - nss: unify the coding style of nss_send() and nss_recv() |
| 7130 | |
| 7131 | No changes in behavior intended by this commit. |
| 7132 | |
| 7133 | Marcel Raad (18 Jul 2017) |
| 7134 | - tests/server/resolve.c: fix deprecation warning |
| 7135 | |
| 7136 | MSVC warns that gethostbyname is deprecated. Always use getaddrinfo |
| 7137 | instead to fix this when IPv6 is enabled, also for IPv4 resolves. This |
| 7138 | is also consistent with what libcurl does. |
| 7139 | |
| 7140 | Closes https://github.com/curl/curl/pull/1682 |
| 7141 | |
| 7142 | Jay Satiro (17 Jul 2017) |
| 7143 | - darwinssl: fix pinnedpubkey build error |
| 7144 | |
| 7145 | - s/SessionHandle/Curl_easy/ |
| 7146 | |
| 7147 | Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 |
| 7148 | Reported-by: Gisle Vanem |
| 7149 | |
| 7150 | Marcel Raad (16 Jul 2017) |
| 7151 | - rtspd: fix GCC warning after MSVC warning fix |
| 7152 | |
| 7153 | Older GCC warns: |
| 7154 | /tests/server/rtspd.c:1194:10: warning: missing braces around |
| 7155 | initializer [-Wmissing-braces] |
| 7156 | |
| 7157 | Fix this by using memset instead of an initializer. |
| 7158 | |
| 7159 | - libtest: fix MSVC warning C4706 |
| 7160 | |
| 7161 | With warning level 4, MSVC warns about assignments within conditional |
| 7162 | expressions. Change the while loop to a do-while loop to fix this. This |
| 7163 | change is also consistent with CODE_STYLE.md. |
| 7164 | |
| 7165 | - sockfilt: suppress conversion warning with explicit cast |
| 7166 | |
| 7167 | MSVC warns when implicitly casting -1 to unsigned long. |
| 7168 | |
| 7169 | - rtspd: fix MSVC level 4 warning |
| 7170 | |
| 7171 | warning C4701: potentially uninitialized local variable 'req' used |