_ _ ____ _
|
___| | | | _ \| |
|
/ __| | | | |_) | |
|
| (__| |_| | _ <| |___
|
\___|\___/|_| \_\_____|
|
|
Changelog
|
|
Version 7.64.1 (27 Mar 2019)
|
|
Daniel Stenberg (27 Mar 2019)
|
- RELEASE: 7.64.1
|
|
- Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set"
|
|
This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00.
|
|
Fixes #3708
|
|
- [Christian Schmitz brought this change]
|
|
ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set
|
|
Closes #3704
|
|
Jay Satiro (26 Mar 2019)
|
- tool_cb_wrt: fix writing to Windows null device NUL
|
|
- Improve console detection.
|
|
Prior to this change WriteConsole could be called to write to a handle
|
that may not be a console, which would cause an error. This issue is
|
limited to character devices that are not also consoles such as the null
|
device NUL.
|
|
Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724
|
Reported-by: Gisle Vanem
|
|
- CURLMOPT_PIPELINING.3: fix typo
|
|
Daniel Stenberg (25 Mar 2019)
|
- TODO: config file parsing
|
|
Closes #3698
|
|
Jay Satiro (24 Mar 2019)
|
- os400: Disable Alt-Svc by default since it's experimental
|
|
Follow-up to 520f0b4 which added Alt-Svc support and enabled it by
|
default for OS400. Since the feature is experimental, it should be
|
disabled by default.
|
|
Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332
|
Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html
|
|
Closes https://github.com/curl/curl/pull/3688
|
|
Dan Fandrich (24 Mar 2019)
|
- tests: Fixed XML validation errors in some test files.
|
|
- tests: Fix some incorrect precheck error messages.
|
|
[ci skip]
|
|
Daniel Stenberg (22 Mar 2019)
|
- curl_url.3: this is not experimental anymore
|
|
- travis: bump the used wolfSSL version to 4.0.0
|
|
Test 311 is now fine, leaving only 313 (CRL) disabled.
|
|
Test 313 details can be found here:
|
https://github.com/wolfSSL/wolfssl/issues/1546
|
|
Closes #3697
|
|
Daniel Gustafsson (22 Mar 2019)
|
- lib: Fix typos in comments
|
|
David Woodhouse (20 Mar 2019)
|
- openssl: if cert type is ENG and no key specified, key is ENG too
|
|
Fixes #3692
|
Closes #3692
|
|
Daniel Stenberg (20 Mar 2019)
|
- sectransp: tvOS 11 is required for ALPN support
|
|
Reported-by: nianxuejie on github
|
Assisted-by: Nick Zitzmann
|
Assisted-by: Jay Satiro
|
Fixes #3689
|
Closes #3690
|
|
- test1541: threaded connection sharing
|
|
The threaded-shared-conn.c example turned into test case. Only works if
|
pthread was detected.
|
|
An attempt to detect future regressions such as e3a53e3efb942a5
|
|
Closes #3687
|
|
Patrick Monnerat (17 Mar 2019)
|
- os400: alt-svc support.
|
|
Although experimental, enable it in the platform config file.
|
Upgrade ILE/RPG binding.
|
|
Daniel Stenberg (17 Mar 2019)
|
- conncache: use conn->data to know if a transfer owns it
|
|
- make sure an already "owned" connection isn't returned unless
|
multiplexed.
|
|
- clear ->data when returning the connection to the cache again
|
|
Regression since 7.62.0 (probably in commit 1b76c38904f0)
|
|
Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html
|
|
Closes #3686
|
|
- RELEASE-NOTES: synced
|
|
- [Chris Young brought this change]
|
|
configure: add --with-amissl
|
|
AmiSSL is an Amiga native library which provides a wrapper over OpenSSL.
|
It also requires all programs using it to use bsdsocket.library
|
directly, rather than accessing socket functions through clib, which
|
libcurl was not necessarily doing previously. Configure will now check
|
for the headers and ensure they are included if found.
|
|
Closes #3677
|
|
- [Chris Young brought this change]
|
|
vtls: rename some of the SSL functions
|
|
... in the SSL structure as AmiSSL is using macros for the socket API
|
functions.
|
|
- [Chris Young brought this change]
|
|
tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
|
|
- [Chris Young brought this change]
|
|
tool_operate: build on AmigaOS
|
|
- makefile: make checksrc and hugefile commands "silent"
|
|
... to match the style already used for compiling, linking
|
etc. Acknowledges 'make V=1' to enable verbose.
|
|
Closes #3681
|
|
- curl.1: --user and --proxy-user are hidden from ps output
|
|
Suggested-by: Eric Curtin
|
Improved-by: Dan Fandrich
|
Ref: #3680
|
|
Closes #3683
|
|
- curl.1: mark the argument to --cookie as <data|filename>
|
|
From a discussion in #3676
|
|
Suggested-by: Tim RĆ¼hsen
|
|
Closes #3682
|
|
Dan Fandrich (14 Mar 2019)
|
- fuzzer: Only clone the latest fuzzer code, for speed.
|
|
Daniel Stenberg (14 Mar 2019)
|
- [Dominik Hƶlzl brought this change]
|
|
Negotiate: fix for HTTP POST with Negotiate
|
|
* Adjusted unit tests 2056, 2057
|
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
|
* moved negotiatedata from UrlState to connectdata
|
* Added stream rewind logic for CURLAUTH_NEGOTIATE
|
* introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
|
* Consider authproblem state for CURLAUTH_NEGOTIATE
|
* Consider reuse_forbid for CURLAUTH_NEGOTIATE
|
* moved and adjusted negotiate authentication state handling from
|
output_auth_headers into Curl_output_negotiate
|
* Curl_output_negotiate: ensure auth done is always set
|
* Curl_output_negotiate: Set auth done also if result code is
|
GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
|
also indicate the last challenge request (only works with disabled
|
Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
|
* Consider "Persistent-Auth" header, detect if not present;
|
Reset/Cleanup negotiate after authentication if no persistent
|
authentication
|
* apply changes introduced with #2546 for negotiate rewind logic
|
|
Fixes #1261
|
Closes #1975
|
|
- [Marc Schlatter brought this change]
|
|
http: send payload when (proxy) authentication is done
|
|
The check that prevents payload from sending in case of authentication
|
doesn't check properly if the authentication is done or not.
|
|
They're cases where the proxy respond "200 OK" before sending
|
authentication challenge. This change takes care of that.
|
|
Fixes #2431
|
Closes #3669
|
|
- file: fix "Checking if unsigned variable 'readcount' is less than zero."
|
|
Pointed out by codacy
|
|
Closes #3672
|
|
- memdebug: log pointer before freeing its data
|
|
Coverity warned for two potentional "Use after free" cases. Both are false
|
positives because the memory wasn't used, it was only the actual pointer
|
value that was logged.
|
|
The fix still changes the order of execution to avoid the warnings.
|
|
Coverity CID 1443033 and 1443034
|
|
Closes #3671
|
|
- RELEASE-NOTES: synced
|
|
Marcel Raad (12 Mar 2019)
|
- travis: actually use updated compiler versions
|
|
For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the
|
new GCC versions were only used for the coverage build and for building
|
nghttp2, while the new clang version was not used at all.
|
|
BoringSSL needs to use the default GCC as it respects CC, but not CXX,
|
so it would otherwise pass gcc 8 options to g++ 4.8 and fail.
|
|
Also remove GCC 7, it's not needed anymore.
|
|
Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning
|
|
Closes https://github.com/curl/curl/pull/3670
|
|
- travis: update clang to version 7
|
|
Closes https://github.com/curl/curl/pull/3670
|
|
Jay Satiro (11 Mar 2019)
|
- [Andre Guibert de Bruet brought this change]
|
|
examples/externalsocket: add missing close socket calls
|
|
.. and for Windows also call WSACleanup since we call WSAStartup.
|
|
The example is to demonstrate handling the socket independently of
|
libcurl. In this case libcurl is not responsible for creating, opening
|
or closing the socket, it is handled by the application (our example).
|
|
Fixes https://github.com/curl/curl/pull/3663
|
|
Daniel Stenberg (11 Mar 2019)
|
- multi: removed unused code for request retries
|
|
This code was once used for the non multi-interface using code path, but
|
ever since easy_perform was turned into a wrapper around the multi
|
interface, this code path never runs.
|
|
Closes #3666
|
|
Jay Satiro (11 Mar 2019)
|
- doh: inherit some SSL options from user's easy handle
|
|
- Inherit SSL options for the doh handle but not SSL client certs,
|
SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert,
|
SSL pinned public key, SSL ciphers, SSL id cache setting,
|
SSL kerberos or SSL gss-api settings.
|
|
- Fix inheritance of verbose setting.
|
|
- Inherit NOSIGNAL.
|
|
There is no way for the user to set options for the doh (DNS-over-HTTPS)
|
handles and instead we inherit some options from the user's easy handle.
|
|
My thinking for the SSL options not inherited is they are most likely
|
not intended by the user for the DOH transfer. I did inherit insecure
|
because I think that should still be in control of the user.
|
|
Prior to this change doh did not work for me because CAINFO was not
|
inherited. Also verbose was set always which AFAICT was a bug (#3660).
|
|
Fixes https://github.com/curl/curl/issues/3660
|
Closes https://github.com/curl/curl/pull/3661
|
|
Daniel Stenberg (9 Mar 2019)
|
- test331: verify set-cookie for dotless host name
|
|
Reproduced bug #3649
|
Closes #3659
|
|
- Revert "cookies: extend domain checks to non psl builds"
|
|
This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0.
|
|
Regression shipped in 7.64.0
|
Fixes #3649
|
|
- memdebug: make debug-specific functions use curl_dbg_ prefix
|
|
To not "collide" or use up the regular curl_ name space. Also makes them
|
easier to detect in helper scripts.
|
|
Closes #3656
|
|
- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
|
|
Clarify the language and simplify.
|
|
Reported-by: Daniel Lublin
|
Closes #3658
|
|
- KNOWN_BUGS: Client cert (MTLS) issues with Schannel
|
|
Closes #3145
|
|
- ROADMAP: updated to some more current things to work on
|
|
- tests: fix multiple may be used uninitialized warnings
|
|
- RELEASE-NOTES: synced
|
|
- source: fix two 'nread' may be used uninitialized warnings
|
|
Both seem to be false positives but we don't like warnings.
|
|
Closes #3646
|
|
- gopher: remove check for path == NULL
|
|
Since it can't be NULL and it makes Coverity believe we lack proper NULL
|
checks. Verified by test 659, landed in commit 15401fa886b.
|
|
Pointed out by Coverity CID 1442746.
|
|
Assisted-by: Dan Fandrich
|
Fixes #3617
|
Closes #3642
|
|
- examples: only include <curl/curl.h>
|
|
That's the only public curl header we should encourage use of.
|
|
Reviewed-by: Marcel Raad
|
Closes #3645
|
|
- ssh: loop the state machine if not done and not blocking
|
|
If the state machine isn't complete, didn't fail and it didn't return
|
due to blocking it can just as well loop again.
|
|
This addresses the problem with SFTP directory listings where we would
|
otherwise return back to the parent and as the multi state machine
|
doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the
|
doing phase isn't complete, it would return out when in reality there
|
was more data to deal with.
|
|
Fixes #3506
|
Closes #3644
|
|
Jay Satiro (5 Mar 2019)
|
- multi: support verbose conncache closure handle
|
|
- Change closure handle to receive verbose setting from the easy handle
|
most recently added via curl_multi_add_handle.
|
|
The closure handle is a special easy handle used for closing cached
|
connections. It receives limited settings from the easy handle most
|
recently added to the multi handle. Prior to this change that did not
|
include verbose which was a problem because on connection shutdown
|
verbose mode was not acknowledged.
|
|
Ref: https://github.com/curl/curl/pull/3598
|
|
Co-authored-by: Daniel Stenberg
|
|
Closes https://github.com/curl/curl/pull/3618
|
|
Daniel Stenberg (4 Mar 2019)
|
- CURLU: fix NULL dereference when used over proxy
|
|
Test 659 verifies
|
|
Also fixed the test 658 name
|
|
Closes #3641
|
|
- altsvc_out: check the return code from Curl_gmtime
|
|
Pointed out by Coverity, CID 1442956.
|
|
Closes #3640
|
|
- docs/ALTSVC.md: docs describing the approach
|
|
Closes #3498
|
|
- alt-svc: add a travis build
|
|
- alt-svc: add test 355 and 356 to verify with command line curl
|
|
- alt-svc: the curl command line bits
|
|
- alt-svc: the libcurl bits
|
|
- travis: add build using gnutls
|
|
Closes #3637
|
|
- RELEASE-NOTES: synced
|
|
- [Simon Legner brought this change]
|
|
scripts/completion.pl: also generate fish completion file
|
|
This is the renamed script formerly known as zsh.pl
|
|
Closes #3545
|
|
- gnutls: remove call to deprecated gnutls_compression_get_name
|
|
It has been deprecated by GnuTLS since a year ago and now causes build
|
warnings.
|
|
Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f
|
Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html
|
|
Closes #3636
|
|
Jay Satiro (2 Mar 2019)
|
- system_win32: move win32_init here from easy.c
|
|
.. since system_win32 is a more appropriate location for the functions
|
and to extern the globals.
|
|
Ref: https://github.com/curl/curl/commit/ca597ad#r32446578
|
Reported-by: Gisle Vanem
|
|
Closes https://github.com/curl/curl/pull/3625
|
|
Daniel Stenberg (1 Mar 2019)
|
- curl_easy_duphandle.3: clarify that a duped handle has no shares
|
|
Reported-by: Sara Golemon
|
|
Fixes #3592
|
Closes #3634
|
|
- 10-at-a-time.c: fix too long line
|
|
- [Arnaud Rebillout brought this change]
|
|
examples: various fixes in ephiperfifo.c
|
|
The main change here is the timer value that was wrong, it was given in
|
usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 *
|
1000). This resulted in the callback being invoked WAY TOO OFTEN.
|
|
As a quick check you can run this command before and after applying this
|
commit:
|
|
# shell 1
|
./ephiperfifo 2>&1 | tee ephiperfifo.log
|
# shell 2
|
echo http://hacking.elboulangero.com > hiper.fifo
|
|
Then just compare the size of the logs files.
|
|
Closes #3633
|
Fixes #3632
|
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
|
|
- urldata: simplify bytecounters
|
|
- no need to have them protocol specific
|
|
- no need to set pointers to them with the Curl_setup_transfer() call
|
|
- make Curl_setup_transfer() operate on a transfer pointer, not
|
connection
|
|
- switch some counters from long to the more proper curl_off_t type
|
|
Closes #3627
|
|
- examples/10-at-a-time.c: improve readability and simplify
|
|
- use better variable names to explain their purposes
|
- convert logic to curl_multi_wait()
|
|
- threaded-resolver: shutdown the resolver thread without error message
|
|
When a transfer is done, the resolver thread will be brought down. That
|
could accidentally generate an error message in the error buffer even
|
though this is not an error situationand the transfer would still return
|
OK. An application that still reads the error buffer could find a
|
"Could not resolve host: [host name]" message there and get confused.
|
|
Reported-by: Michael Schmid
|
Fixes #3629
|
Closes #3630
|
|
- [ŌŠµŃ brought this change]
|
|
docs: update max-redirs.d phrasing
|
|
clarify redir - "in absurdum" doesn't seem to make sense in this context
|
|
Closes #3631
|
|
- ssh: fix Condition '!status' is always true
|
|
in the same sftp_done function in both SSH backends. Simplify them
|
somewhat.
|
|
Pointed out by Codacy.
|
|
Closes #3628
|
|
- test578: make it read data from the correct test
|
|
- Curl_easy: remove req.maxfd - never used!
|
|
Introduced in 8b6314ccfb, but not used anymore in current code. Unclear
|
since when.
|
|
Closes #3626
|
|
- http: set state.infilesize when sending formposts
|
|
Without it set, we would unwillingly triger the "HTTP error before end
|
of send, stop sending" condition even if the entire POST body had been
|
sent (since it wouldn't know the expected size) which would
|
unnecessarily log that message and close the connection when it didn't
|
have to.
|
|
Reported-by: Matt McClure
|
Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html
|
Closes #3624
|
|
- INSTALL: refer to the current TLS library names and configure options
|
|
- FAQ: minor updates and spelling fixes
|
|
- GOVERNANCE.md: minor spelling fixes
|
|
- Secure Transport: no more "darwinssl"
|
|
Everyone calls it Secure Transport, now we do too.
|
|
Reviewed-by: Nick Zitzmann
|
|
Closes #3619
|
|
Marcel Raad (27 Feb 2019)
|
- AppVeyor: add classic MinGW build
|
|
But use the MSYS2 shell rather than the default MSYS shell because of
|
POSIX path conversion issues. Classic MinGW is only available on the
|
Visual Studio 2015 image.
|
|
Closes https://github.com/curl/curl/pull/3623
|
|
- AppVeyor: add MinGW-w64 build
|
|
Add a MinGW-w64 build using CMake's MSYS Makefiles generator.
|
Use the Visual Studio 2015 image as it has GCC 8, while the
|
Visual Studio 2017 image only has GCC 7.2.
|
|
Closes https://github.com/curl/curl/pull/3623
|
|
Daniel Stenberg (27 Feb 2019)
|
- cookies: only save the cookie file if the engine is enabled
|
|
Follow-up to 8eddb8f4259.
|
|
If the cookieinfo pointer is NULL there really is nothing to save.
|
|
Without this fix, we got a problem when a handle was using shared object
|
with cookies and is told to "FLUSH" it to file (which worked) and then
|
the share object was removed and when the easy handle was closed just
|
afterwards it has no cookieinfo and no cookies so it decided to save an
|
empty jar (overwriting the file just flushed).
|
|
Test 1905 now verifies that this works.
|
|
Assisted-by: Michael Wallner
|
Assisted-by: Marcel Raad
|
|
Closes #3621
|
|
- [DaVieS brought this change]
|
|
cacertinmem.c: use multiple certificates for loading CA-chain
|
|
Closes #3421
|
|
- urldata: convert bools to bitfields and move to end
|
|
This allows the compiler to pack and align the structs better in
|
memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2
|
makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000.
|
|
Removed an unused struct field.
|
|
No functionality changes.
|
|
Closes #3610
|
|
- [Don J Olmstead brought this change]
|
|
curl.h: use __has_declspec_attribute for shared builds
|
|
Closes #3616
|
|
- curl: display --version features sorted alphabetically
|
|
Closes #3611
|
|
- runtests: detect "schannel" as an alias for "winssl"
|
|
Follow-up to 180501cb02
|
|
Reported-by: Marcel Raad
|
Fixes #3609
|
Closes #3620
|
|
Marcel Raad (26 Feb 2019)
|
- AppVeyor: update to Visual Studio 2017
|
|
Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a
|
moving target anymore as the last update, Update 9, has been released.
|
|
Closes https://github.com/curl/curl/pull/3606
|
|
- AppVeyor: switch VS 2015 builds to VS 2017 image
|
|
The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed.
|
|
Closes https://github.com/curl/curl/pull/3606
|
|
- AppVeyor: explicitly select worker image
|
|
Currently, we're using the default Visual Studio 2015 image for
|
everything.
|
|
Closes https://github.com/curl/curl/pull/3606
|
|
Daniel Stenberg (26 Feb 2019)
|
- strerror: make the strerror function use local buffers
|
|
Instead of using a fixed 256 byte buffer in the connectdata struct.
|
|
In my build, this reduces the size of the connectdata struct by 11.8%,
|
from 2160 to 1904 bytes with no functionality or performance loss.
|
|
This also fixes a bug in schannel's Curl_verify_certificate where it
|
called Curl_sspi_strerror when it should have called Curl_strerror for
|
string from GetLastError. the only effect would have been no text or the
|
wrong text being shown for the error.
|
|
Co-authored-by: Jay Satiro
|
|
Closes #3612
|
|
- [Michael Wallner brought this change]
|
|
cookies: fix NULL dereference if flushing cookies with no CookieInfo set
|
|
Regression brought by a52e46f3900fb0 (shipped in 7.63.0)
|
|
Closes #3613
|
|
Marcel Raad (26 Feb 2019)
|
- AppVeyor: re-enable test 500
|
|
It's passing now.
|
|
Closes https://github.com/curl/curl/pull/3615
|
|
- AppVeyor: remove redundant builds
|
|
Remove the Visual Studio 2012 and 2013 builds as they add little value.
|
|
Ref: https://github.com/curl/curl/pull/3606
|
Closes https://github.com/curl/curl/pull/3614
|
|
Daniel Stenberg (25 Feb 2019)
|
- RELEASE-NOTES: synced
|
|
- [Bernd Mueller brought this change]
|
|
OpenSSL: add support for TLS ASYNC state
|
|
Closes #3591
|
|
Jay Satiro (25 Feb 2019)
|
- [Michael Felt brought this change]
|
|
acinclude: add additional libraries to check for LDAP support
|
|
- Add an additional check for LDAP that also checks for OpenSSL since
|
on AIX those libraries may be required to link LDAP properly.
|
|
Fixes https://github.com/curl/curl/issues/3595
|
Closes https://github.com/curl/curl/pull/3596
|
|
- [georgeok brought this change]
|
|
schannel: support CALG_ECDH_EPHEM algorithm
|
|
Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
|
algorithm option when selecting ciphers. This became available on the
|
Win10 SDK.
|
|
Closes https://github.com/curl/curl/pull/3608
|
|
Daniel Stenberg (24 Feb 2019)
|
- multi: call multi_done on connect timeouts
|
|
Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get
|
updated correctly and could end up getting reported to the application
|
completely wrong (way too small).
|
|
Reported-by: accountantM on github
|
Fixes #3602
|
Closes #3605
|
|
- examples: remove recursive calls to curl_multi_socket_action
|
|
From within the timer callbacks. Recursive is problematic for several
|
reasons. They should still work, but this way the examples and the
|
documentation becomes simpler. I don't think we need to encourage
|
recursive calls.
|
|
Discussed in #3537
|
Closes #3601
|
|
Marcel Raad (23 Feb 2019)
|
- configure: remove CURL_CHECK_FUNC_FDOPEN call
|
|
The macro itself has been removed in commit
|
11974ac859c5d82def59e837e0db56fef7f6794e.
|
|
Closes https://github.com/curl/curl/pull/3604
|
|
Daniel Stenberg (23 Feb 2019)
|
- wolfssl: stop custom-adding curves
|
|
since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in
|
wolfSSL 3.10.2 and later) it sends these curves by default already.
|
|
Pointed-out-by: David Garske
|
|
Closes #3599
|
|
- configure: remove the unused fdopen macro
|
|
and the two remaining #ifdefs for it
|
|
Closes #3600
|
|
Jay Satiro (22 Feb 2019)
|
- url: change conn shutdown order to unlink data as last step
|
|
- Split off connection shutdown procedure from Curl_disconnect into new
|
function conn_shutdown.
|
|
- Change the shutdown procedure to close the sockets before
|
disassociating the transfer.
|
|
Prior to this change the sockets were closed after disassociating the
|
transfer so SOCKETFUNCTION wasn't called since the transfer was already
|
disassociated. That likely came about from recent work started in
|
Jan 2019 (#3442) to separate transfers from connections.
|
|
Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html
|
Reported-by: Pavel Lƶbl
|
|
Closes https://github.com/curl/curl/issues/3597
|
Closes https://github.com/curl/curl/pull/3598
|
|
Marcel Raad (22 Feb 2019)
|
- Fix strict-prototypes GCC warning
|
|
As seen in the MinGW autobuilds. Caused by commit
|
f26bc29cfec0be84c67cf74065cf8e5e78fd68b7.
|
|
Dan Fandrich (21 Feb 2019)
|
- tests: Fixed XML validation errors in some test files.
|
|
Daniel Stenberg (20 Feb 2019)
|
- TODO: Allow SAN names in HTTP/2 server push
|
|
Suggested-by: Nicolas Grekas
|
|
- RELEASE-NOTES: synced
|
|
- curl: remove MANUAL from -M output
|
|
... and remove it from the dist tarball. It has served its time, it
|
barely gets updated anymore and "everything curl" is now convering all
|
this document once tried to include, and does it more and better.
|
|
In the compressed scenario, this removes ~15K data from the binary,
|
which is 25% of the -M output.
|
|
It remains in the git repo for now for as long as the web site builds a
|
page using that as source. It renders poorly on the site (especially for
|
mobile users) so its not even good there.
|
|
Closes #3587
|
|
- http2: verify :athority in push promise requests
|
|
RFC 7540 says we should verify that the push is for an "authoritative"
|
server. We make sure of this by only allowing push with an :athority
|
header that matches the host that was asked for in the URL.
|
|
Fixes #3577
|
Reported-by: Nicolas Grekas
|
Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html
|
Closes #3581
|
|
- singlesocket: fix the 'sincebefore' placement
|
|
The variable wasn't properly reset within the loop and thus could remain
|
set for sockets that hadn't been set before and miss notifying the app.
|
|
This is a follow-up to 4c35574 (shipped in curl 7.64.0)
|
|
Reported-by: buzo-ffm on github
|
Detected-by: Jan Alexander Steffens
|
Fixes #3585
|
Closes #3589
|
|
- connection: never reuse CONNECT_ONLY conections
|
|
and make CONNECT_ONLY conections never reuse any existing ones either.
|
|
Reported-by: Pavel Lƶbl
|
Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html
|
Closes #3586
|
|
Patrick Monnerat (19 Feb 2019)
|
- cli tool: fix mime post with --disable-libcurl-option configure option
|
|
Reported-by: Marcel Raad
|
Fixes #3576
|
Closes #3583
|
|
Daniel Stenberg (19 Feb 2019)
|
- x509asn1: cleanup and unify code layout
|
|
- rename 'n' to buflen in functions, and use size_t for them. Don't pass
|
in negative buffer lengths.
|
|
- move most function comments to above the function starts like we use
|
to
|
|
- remove several unnecessary typecasts (especially of NULL)
|
|
Reviewed-by: Patrick Monnerat
|
Closes #3582
|
|
- curl_multi_remove_handle.3: use at any time, just not from within callbacks
|
|
[ci skip]
|
|
- http: make adding a blank header thread-safe
|
|
Previously the function would edit the provided header in-place when a
|
semicolon is used to signify an empty header. This made it impossible to
|
use the same set of custom headers in multiple threads simultaneously.
|
|
This approach now makes a local copy when it needs to edit the string.
|
|
Reported-by: d912e3 on github
|
Fixes #3578
|
Closes #3579
|
|
- unit1651: survive curl_easy_init() fails
|
|
- [Frank Gevaerts brought this change]
|
|
rand: Fix a mismatch between comments in source and header.
|
|
Reported-by: Bjƶrn Stenberg <bjorn@haxx.se>
|
Closes #3584
|
|
Patrick Monnerat (18 Feb 2019)
|
- x509asn1: replace single char with an array
|
|
Although safe in this context, using a single char as an array may
|
cause invalid accesses to adjacent memory locations.
|
|
Detected by Coverity.
|
|
Daniel Stenberg (18 Feb 2019)
|
- examples/http2-serverpush: add some sensible error checks
|
|
To avoid NULL pointer dereferences etc in the case of problems.
|
|
Closes #3580
|
|
Jay Satiro (18 Feb 2019)
|
- easy: fix win32 init to work without CURL_GLOBAL_WIN32
|
|
- Change the behavior of win32_init so that the required initialization
|
procedures are not affected by CURL_GLOBAL_WIN32 flag.
|
|
libcurl via curl_global_init supports initializing for win32 with an
|
optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop
|
Winsock initialization. It did so internally by skipping win32_init()
|
when that flag was set. Since then win32_init() has been expanded to
|
include required initialization routines that are separate from
|
Winsock and therefore must be called in all cases. This commit fixes
|
it so that CURL_GLOBAL_WIN32 only controls the optional win32
|
initialization (which is Winsock initialization, according to our doc).
|
|
The only users affected by this change are those that don't pass
|
CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the
|
risk of a potential crash.
|
|
Ref: https://github.com/curl/curl/pull/3573
|
|
Fixes https://github.com/curl/curl/issues/3313
|
Closes https://github.com/curl/curl/pull/3575
|
|
Daniel Gustafsson (17 Feb 2019)
|
- cookie: Add support for cookie prefixes
|
|
The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
|
and how they should affect cookie initialization, which has been
|
adopted by the major browsers. This adds support for the two prefixes
|
defined, __Host- and __Secure, and updates the testcase with the
|
supplied examples from the draft.
|
|
Closes #3554
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- mbedtls: release sessionid resources on error
|
|
If mbedtls_ssl_get_session() fails, it may still have allocated
|
memory that needs to be freed to avoid leaking. Call the library
|
API function to release session resources on this errorpath as
|
well as on Curl_ssl_addsessionid() errors.
|
|
Closes: #3574
|
Reported-by: MichaÅ Antoniak <M.Antoniak@posnet.com>
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Patrick Monnerat (16 Feb 2019)
|
- cli tool: refactor encoding conversion sequence for switch case fallthrough.
|
|
- version.c: silent scan-build even when librtmp is not enabled
|
|
Daniel Stenberg (15 Feb 2019)
|
- RELEASE-NOTES: synced
|
|
- Curl_now: figure out windows version in win32_init
|
|
... and avoid use of static variables that aren't thread safe.
|
|
Fixes regression from e9ababd4f5a (present in the 7.64.0 release)
|
|
Reported-by: Paul Groke
|
Fixes #3572
|
Closes #3573
|
|
Marcel Raad (15 Feb 2019)
|
- unit1307: just fail without FTP support
|
|
I missed to check this in with commit
|
71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test.
|
This fixes the actual linker error.
|
|
Closes https://github.com/curl/curl/pull/3568
|
|
Daniel Stenberg (15 Feb 2019)
|
- travis: enable valgrind for the iconv tests too
|
|
Closes #3571
|
|
- travis: add scan-build
|
|
Closes #3564
|
|
- examples/sftpuploadresume: Value stored to 'result' is never read
|
|
Detected by scan-build
|
|
- examples/http2-upload: cleaned up
|
|
Fix scan-build warnings, no globals, no silly handle scan. Also remove
|
handles from the multi before cleaning up.
|
|
- examples/http2-download: cleaned up
|
|
To avoid scan-build warnings and global variables.
|
|
- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
|
|
Detected by scan-build
|
|
- examples/httpcustomheader: Value stored to 'res' is never read
|
|
Detected by scan-build
|
|
- examples: remove superfluous null-pointer checks
|
|
in ftpget, ftpsget and sftpget, so that scan-build stops warning for
|
potential NULL pointer dereference below!
|
|
Detected by scan-build
|
|
- strip_trailing_dot: make sure NULL is never used for strlen
|
|
scan-build warning: Null pointer passed as an argument to a 'nonnull'
|
parameter
|
|
- [Jay Satiro brought this change]
|
|
connection_check: restore original conn->data after the check
|
|
- Save the original conn->data before it's changed to the specified
|
data transfer for the connection check and then restore it afterwards.
|
|
This is a follow-up to 38d8e1b 2019-02-11.
|
|
History:
|
|
It was discovered a month ago that before checking whether to extract a
|
dead connection that that connection should be associated with a "live"
|
transfer for the check (ie original conn->data ignored and set to the
|
passed in data). A fix was landed in 54b201b which did that and also
|
cleared conn->data after the check. The original conn->data was not
|
restored, so presumably it was thought that a valid conn->data was no
|
longer needed.
|
|
Several days later it was discovered that a valid conn->data was needed
|
after the check and follow-up fix was landed in bbae24c which partially
|
reverted the original fix and attempted to limit the scope of when
|
conn->data was changed to only when pruning dead connections. In that
|
case conn->data was not cleared and the original conn->data not
|
restored.
|
|
A month later it was discovered that the original fix was somewhat
|
correct; a "live" transfer is needed for the check in all cases
|
because original conn->data could be null which could cause a bad deref
|
at arbitrary points in the check. A fix was landed in 38d8e1b which
|
expanded the scope to all cases. conn->data was not cleared and the
|
original conn->data not restored.
|
|
A day later it was discovered that not restoring the original conn->data
|
may lead to busy loops in applications that use the event interface, and
|
given this observation it's a pretty safe assumption that there is some
|
code path that still needs the original conn->data. This commit is the
|
follow-up fix for that, it restores the original conn->data after the
|
connection check.
|
|
Assisted-by: tholin@users.noreply.github.com
|
Reported-by: tholin@users.noreply.github.com
|
|
Fixes https://github.com/curl/curl/issues/3542
|
Closes #3559
|
|
- memdebug: bring back curl_mark_sclose
|
|
Used by debug builds with NSS.
|
|
Reverted from 05b100aee247bb
|
|
Patrick Monnerat (14 Feb 2019)
|
- transfer.c: do not compute length of undefined hex buffer.
|
|
On non-ascii platforms, the chunked hex header was measured for char code
|
conversion length, even for chunked trailers that do not have an hex header.
|
In addition, the efective length is already known: use it.
|
Since the hex length can be zero, only convert if needed.
|
|
Reported by valgrind.
|
|
Daniel Stenberg (14 Feb 2019)
|
- KNOWN_BUGS: Cannot compile against a static build of OpenLDAP
|
|
Closes #2367
|
|
Patrick Monnerat (14 Feb 2019)
|
- x509asn1: "Dereference of null pointer"
|
|
Detected by scan-build (false positive).
|
|
Daniel Stenberg (14 Feb 2019)
|
- configure: show features as well in the final summary
|
|
Closes #3569
|
|
- KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10
|
|
Closes #2905
|
|
- KNOWN_BUGS: Deflate error after all content was received
|
|
Closes #2719
|
|
- gssapi: fix deprecated header warnings
|
|
Heimdal includes on FreeBSD spewed out lots of them. Less so now.
|
|
Closes #3566
|
|
- TODO: Upgrade to websockets
|
|
Closes #3523
|
|
- TODO: cmake test suite improvements
|
|
Closes #3109
|
|
Patrick Monnerat (13 Feb 2019)
|
- curl: "Dereference of null pointer"
|
|
Rephrase to satisfy scan-build.
|
|
Marcel Raad (13 Feb 2019)
|
- unit1307: require FTP support
|
|
This test doesn't link without FTP support after
|
fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch
|
unavailable without FTP support.
|
|
Closes https://github.com/curl/curl/pull/3565
|
|
Daniel Stenberg (13 Feb 2019)
|
- TODO: TFO support on Windows
|
|
Nobody works on this now.
|
|
Closes #3378
|
|
- multi: Dereference of null pointer
|
|
Mostly a false positive, but this makes the code easier to read anyway.
|
|
Detected by scan-build.
|
|
Closes #3563
|
|
- urlglob: Argument with 'nonnull' attribute passed null
|
|
Detected by scan-build.
|
|
Jay Satiro (12 Feb 2019)
|
- schannel: restore some debug output but only for debug builds
|
|
Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy
|
debug output in DEBUGF but omitted a few lines.
|
|
Ref: https://github.com/curl/curl/commit/84c10dc#r32292900
|
|
- examples/crawler: Fix the Accept-Encoding setting
|
|
- Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default
|
supported encodings.
|
|
Prior to this change the specific encodings of gzip and deflate were set
|
but there's no guarantee they'd be supported by the user's libcurl.
|
|
Daniel Stenberg (12 Feb 2019)
|
- mime: put the boundary buffer into the curl_mime struct
|
|
... instead of allocating it separately and point to it. It is
|
fixed-size and always used for each part.
|
|
Closes #3561
|
|
- schannel: be quiet
|
|
Convert numerous infof() calls into debug-build only messages since they
|
are annoyingly verbose for regular applications. Removed a few.
|
|
Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html
|
Reported-by: Volker Schmid
|
Closes #3552
|
|
- [Romain Geissler brought this change]
|
|
Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
|
|
Closes #3562
|
|
- http2: multi_connchanged() moved from multi.c, only used for h2
|
|
Closes #3557
|
|
- curl: "Function call argument is an uninitialized value"
|
|
Follow-up to cac0e4a6ad14b42471eb
|
|
Detected by scan-build
|
Closes #3560
|
|
- pretransfer: don't strlen() POSTFIELDS set for GET requests
|
|
... since that data won't be used in the request anyway.
|
|
Fixes #3548
|
Reported-by: Renaud Allard
|
Close #3549
|
|
- multi: remove verbose "Expire in" ... messages
|
|
Reported-by: James Brown
|
Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html
|
Closes #3558
|
|
- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
|
|
Reported-by: MAntoniak on github
|
Fixes #3553
|
Closes #3556
|
|
Daniel Gustafsson (12 Feb 2019)
|
- non-ascii.c: fix typos in comments
|
|
Fix two occurrences of s/convers/converts/ spotted while reading code.
|
|
Daniel Stenberg (12 Feb 2019)
|
- fnmatch: disable if FTP is disabled
|
|
Closes #3551
|
|
- curl_path: only enabled for SSH builds
|
|
- [Frank Gevaerts brought this change]
|
|
tests: add stderr comparison to the test suite
|
|
The code is more or less copied from the stdout comparison code, maybe
|
some better reuse is possible.
|
|
test 1457 is adjusted to make the output actually match (by using --silent)
|
test 506 used <stderr> without actually needing it, so that <stderr> block is removed
|
|
Closes #3536
|
|
Patrick Monnerat (11 Feb 2019)
|
- cli tool: do not use mime.h private structures.
|
|
Option -F generates an intermediate representation of the mime structure
|
that is used later to create the libcurl mime structure and generate
|
the --libcurl statements.
|
|
Reported-by: Daniel Stenberg
|
Fixes #3532
|
Closes #3546
|
|
Daniel Stenberg (11 Feb 2019)
|
- curlver: bump to 7.64.1-dev
|
|
- RELEASE-NOTES: synced
|
|
and bump the version in progress to 7.64.1. If we merge any "change"
|
before the cut-off date, we update again.
|
|
Daniel Gustafsson (11 Feb 2019)
|
- curl: follow-up to 3f16990ec84
|
|
Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was
|
inadvertently introducing a new bug in the ternary expression.
|
|
Close #3555
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- dns: release sharelock as soon as possible
|
|
There is no benefit to holding the data sharelock when freeing the
|
addrinfo in case it fails, so ensure releaseing it as soon as we can
|
rather than holding on to it. This also aligns the code with other
|
consumers of sharelocks.
|
|
Closes #3516
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (11 Feb 2019)
|
- curl: follow-up to b49652ac66cc0
|
|
On FreeBSD, return non-zero on error otherwise zero.
|
|
Reported-by: Marcel Raad
|
|
- multi: (void)-prefix when ignoring return values
|
|
... and added braces to two function calls which fixes warnings if they
|
are replace by empty macros at build-time.
|
|
- curl: fix FreeBSD compiler warning in the --xattr code
|
|
Closes #3550
|
|
- connection_check: set ->data to the transfer doing the check
|
|
The http2 code for connection checking needs a transfer to use. Make
|
sure a working one is set before handler->connection_check() is called.
|
|
Reported-by: jnbr on github
|
Fixes #3541
|
Closes #3547
|
|
- hostip: make create_hostcache_id avoid alloc + free
|
|
Closes #3544
|
|
- scripts/singleuse: script to use to track single-use functions
|
|
That is functions that are declared global but are not used from outside
|
of the file in which it is declared. Such functions should be made
|
static or even at times be removed.
|
|
It also verifies that all used curl_ prefixed functions are "blessed"
|
|
Closes #3538
|
|
- cleanup: make local functions static
|
|
urlapi: turn three local-only functions into statics
|
|
conncache: make conncache_find_first_connection static
|
|
multi: make detach_connnection static
|
|
connect: make getaddressinfo static
|
|
curl_ntlm_core: make hmac_md5 static
|
|
http2: make two functions static
|
|
http: make http_setup_conn static
|
|
connect: make tcpnodelay static
|
|
tests: make UNITTEST a thing to mark functions with, so they can be static for
|
normal builds and non-static for unit test builds
|
|
... and mark Curl_shuffle_addr accordingly.
|
|
url: make up_free static
|
|
setopt: make vsetopt static
|
|
curl_endian: make write32_le static
|
|
rtsp: make rtsp_connisdead static
|
|
warnless: remove unused functions
|
|
memdebug: remove one unused function, made another static
|
|
Dan Fandrich (10 Feb 2019)
|
- cirrus: Added FreeBSD builds using Cirrus CI.
|
|
The build logs will be at https://cirrus-ci.com/github/curl/curl
|
|
Some tests are currently failing and so disabled for now. The SSH server
|
isn't starting for the SSH tests due to unsupported options used in its
|
config file. The DICT server also is failing on startup.
|
|
Daniel Stenberg (9 Feb 2019)
|
- url/idnconvert: remove scan for <= 32 ascii values
|
|
The check was added back in fa939220df before the URL parser would catch
|
these problems and therefore these will never trigger now.
|
|
Closes #3539
|
|
- urlapi: reduce variable scope, remove unreachable 'break'
|
|
Both nits pointed out by codacy.com
|
|
Closes #3540
|
|
Alessandro Ghedini (7 Feb 2019)
|
- zsh.pl: escape ':' character
|
|
':' is interpreted as separator by zsh, so if used as part of the argument
|
or option's description it needs to be escaped.
|
|
The problem can be reproduced as follows:
|
|
% curl --reso<TAB>
|
% curl -E <TAB>
|
|
Bug: https://bugs.debian.org/921452
|
|
- zsh.pl: update regex to better match curl -h output
|
|
The current regex fails to match '<...>' arguments properly (e.g. those
|
with spaces in them), which causes an completion script with wrong
|
descriptions for some options.
|
|
Here's a diff of the generated completion script, comparing the previous
|
version to the one with this fix:
|
|
--- /usr/share/zsh/vendor-completions/_curl 2019-01-15 20:47:40.000000000 +0000
|
+++ _curl 2019-02-05 20:57:29.453349040 +0000
|
@@ -9,48 +9,48 @@
|
|
_arguments -C -S \
|
--happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
|
+ --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
|
{-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
|
{-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
|
{-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
|
--proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
|
- --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
|
+ --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
|
{-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
|
--libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
|
--proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
|
- --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
|
--proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
|
--crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
|
- --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
|
- --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
|
+ --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
|
--abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
|
--pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
|
+ --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
|
--proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
|
+ --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
|
{-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
|
--socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
|
--proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
|
- --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
|
+ --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
|
--socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
|
--ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
|
- --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
|
{-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
|
--local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
|
--proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
|
{-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
|
- --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
|
- --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
|
- {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
|
- --location-trusted'[--location, and send auth to other hosts]':'Like' \
|
+ --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
|
--proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
|
{-O,--remote-name}'[Write output to a file named as the remote file]' \
|
+ --retry-connrefused'[Retry on connection refused (use with --retry)]' \
|
+ --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
|
--trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
|
--connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
|
--expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
|
{-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
|
+ {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
|
{-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
|
--dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
|
--dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
|
- --ignore-content-length'[the size of the remote resource]':'Ignore' \
|
{-k,--insecure}'[Allow insecure server connections when using SSL]' \
|
+ --location-trusted'[Like --location, and send auth to other hosts]' \
|
--mail-auth'[Originator address of the original email]':'<address>' \
|
--noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
|
--proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
|
@@ -62,18 +62,19 @@
|
--socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
|
--cacert'[CA certificate to verify peer against]':'<file>':_files \
|
{-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
|
+ --ignore-content-length'[Ignore the size of the remote resource]' \
|
{-i,--include}'[Include protocol response headers in the output]' \
|
--proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
|
--unix-socket'[Connect through this Unix domain socket]':'<path>' \
|
{-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
|
- --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
|
{-o,--output}'[Write to file instead of stdout]':'<file>':_files \
|
- {-J,--remote-header-name}'[the header-provided filename]':'Use' \
|
+ --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
|
--socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
|
{-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
|
{-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
|
--capath'[CA directory to verify peer against]':'<dir>':_files \
|
{-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
|
+ --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
|
--proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
|
{-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
|
--proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
|
@@ -81,52 +82,49 @@
|
{-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
|
--egd-file'[EGD socket path for random data]':'<file>':_files \
|
--fail-early'[Fail on first transfer error, do not continue]' \
|
- --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
|
- --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
|
+ {-J,--remote-header-name}'[Use the header-provided filename]' \
|
--retry-max-time'[Retry only within this period]':'<seconds>' \
|
--socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
|
--socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
|
- --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
|
- --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
|
--cert-status'[Verify the status of the server certificate]' \
|
- --ftp-create-dirs'[the remote dirs if not present]':'Create' \
|
{-:,--next}'[Make next URL use its separate set of options]' \
|
--proxy-key-type'[Private key file type for proxy]':'<type>' \
|
- --remote-name-all'[the remote file name for all URLs]':'Use' \
|
{-X,--request}'[Specify request command to use]':'<command>' \
|
--retry'[Retry request if transient problems occur]':'<num>' \
|
- --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
|
--cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
|
--connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
|
--create-dirs'[Create necessary local directory hierarchy]' \
|
+ --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
|
--max-redirs'[Maximum number of redirects allowed]':'<num>' \
|
{-n,--netrc}'[Must read .netrc for user name and password]' \
|
+ {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
|
--proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
|
--sasl-ir'[Enable initial response in SASL authentication]' \
|
- --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
|
+ --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
|
+ --ssl-allow-beast'[Allow security flaw to improve interop]' \
|
+ --ftp-create-dirs'[Create the remote dirs if not present]' \
|
--interface'[Use network INTERFACE (or address)]':'<name>' \
|
--key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
|
--netrc-file'[Specify FILE for netrc]':'<filename>':_files \
|
{-N,--no-buffer}'[Disable buffering of the output stream]' \
|
--proxy-service-name'[SPNEGO proxy service name]':'<name>' \
|
- --styled-output'[styled output for HTTP headers]':'Enable' \
|
+ --remote-name-all'[Use the remote file name for all URLs]' \
|
+ --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
|
--max-filesize'[Maximum file size to download]':'<bytes>' \
|
--negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
|
--no-keepalive'[Disable TCP keepalive on the connection]' \
|
{-#,--progress-bar}'[Display transfer progress as a bar]' \
|
- {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
|
- --proxy-anyauth'[any proxy authentication method]':'Pick' \
|
{-Q,--quote}'[Send command(s) to server before transfer]' \
|
- --request-target'[the target for this request]':'Specify' \
|
+ --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
|
{-u,--user}'[Server user and password]':'<user:password>' \
|
{-K,--config}'[Read config from a file]':'<file>':_files \
|
{-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
|
--data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
|
- --disallow-username-in-url'[username in url]':'Disallow' \
|
--krb'[Enable Kerberos with security <level>]':'<level>' \
|
--proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
|
--proxy-digest'[Use Digest authentication on the proxy]' \
|
--proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
|
+ --styled-output'[Enable styled output for HTTP headers]' \
|
{-b,--cookie}'[Send cookies from string/file]':'<data>' \
|
--data-urlencode'[HTTP POST data url encoded]':'<data>' \
|
--delegation'[GSS-API delegation permission]':'<LEVEL>' \
|
@@ -134,7 +132,10 @@
|
--post301'[Do not switch to GET after following a 301]' \
|
--post302'[Do not switch to GET after following a 302]' \
|
--post303'[Do not switch to GET after following a 303]' \
|
+ --proxy-anyauth'[Pick any proxy authentication method]' \
|
+ --request-target'[Specify the target for this request]' \
|
--trace-time'[Add time stamps to trace/verbose output]' \
|
+ --disallow-username-in-url'[Disallow username in url]' \
|
--dns-servers'[DNS server addrs to use]':'<addresses>' \
|
{-G,--get}'[Put the post data in the URL and use GET]' \
|
--limit-rate'[Limit transfer speed to RATE]':'<speed>' \
|
@@ -148,21 +149,21 @@
|
--metalink'[Process given URLs as metalink XML file]' \
|
--tr-encoding'[Request compressed transfer encoding]' \
|
--xattr'[Store metadata in extended file attributes]' \
|
- --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
|
--pass'[Pass phrase for the private key]':'<phrase>' \
|
--proxy-ntlm'[Use NTLM authentication on the proxy]' \
|
{-S,--show-error}'[Show error even when -s is used]' \
|
- --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
|
+ --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
|
--form-string'[Specify multipart MIME data]':'<name=string>' \
|
--login-options'[Server login options]':'<options>' \
|
--tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
|
- --tftp-no-options'[not send any TFTP options]':'Do' \
|
{-v,--verbose}'[Make the operation more talkative]' \
|
+ --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
|
--proxy-key'[Private key for HTTPS proxy]':'<key>' \
|
{-F,--form}'[Specify multipart MIME data]':'<name=content>' \
|
--mail-from'[Mail from this address]':'<address>' \
|
--oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
|
--proto'[Enable/disable PROTOCOLS]':'<protocols>' \
|
+ --tftp-no-options'[Do not send any TFTP options]' \
|
--tlsauthtype'[TLS authentication type]':'<type>' \
|
--doh-url'[Resolve host names over DOH]':'<URL>' \
|
--no-sessionid'[Disable SSL session-ID reusing]' \
|
@@ -173,14 +174,13 @@
|
--ftp-ssl-ccc'[Send CCC after authenticating]' \
|
{-4,--ipv4}'[Resolve names to IPv4 addresses]' \
|
{-6,--ipv6}'[Resolve names to IPv6 addresses]' \
|
- --netrc-optional'[either .netrc or URL]':'Use' \
|
--service-name'[SPNEGO service name]':'<name>' \
|
{-V,--version}'[Show version number and quit]' \
|
--data-ascii'[HTTP POST ASCII data]':'<data>' \
|
--ftp-account'[Account data string]':'<data>' \
|
- --compressed-ssh'[SSH compression]':'Enable' \
|
--disable-eprt'[Inhibit using EPRT or LPRT]' \
|
--ftp-method'[Control CWD usage]':'<method>' \
|
+ --netrc-optional'[Use either .netrc or URL]' \
|
--pubkey'[SSH Public key file name]':'<key>' \
|
--raw'[Do HTTP "raw"; no transfer decoding]' \
|
--anyauth'[Pick any authentication method]' \
|
@@ -189,6 +189,7 @@
|
--no-alpn'[Disable the ALPN TLS extension]' \
|
--tcp-nodelay'[Use the TCP_NODELAY option]' \
|
{-B,--use-ascii}'[Use ASCII/text transfer]' \
|
+ --compressed-ssh'[Enable SSH compression]' \
|
--digest'[Use HTTP Digest Authentication]' \
|
--proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
|
--engine'[Crypto engine to use]':'<name>' \
|
|
Marcel Raad (7 Feb 2019)
|
- tool_operate: fix typecheck warning
|
|
Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
|
tool_operate.c: In function 'operate_do':
|
../include/curl/typecheck-gcc.h:47:9: error: call to
|
'_curl_easy_setopt_err_long' declared with attribute warning:
|
curl_easy_setopt expects a long argument for this option [-Werror]
|
|
Closes https://github.com/curl/curl/pull/3534
|
|
Jay Satiro (6 Feb 2019)
|
- [Chris Araman brought this change]
|
|
url: close TLS before removing conn from cache
|
|
- Fix potential crashes in schannel shutdown.
|
|
Ensure any TLS shutdown messages are sent before removing the
|
association between the connection and the easy handle. Reverts
|
@bagder's previous partial fix for #3412.
|
|
Fixes https://github.com/curl/curl/issues/3412
|
Fixes https://github.com/curl/curl/issues/3505
|
Closes https://github.com/curl/curl/pull/3531
|
|
Daniel Gustafsson (6 Feb 2019)
|
- INTERNALS.md: fix subsection depth and link
|
|
The Kerberos subsection was mistakenly a subsubsection under FTP, and
|
the curlx subsection was missing an anchor for the TOC link.
|
|
Closes #3529
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Version 7.64.0 (6 Feb 2019)
|
|
Daniel Stenberg (6 Feb 2019)
|
- RELEASE-NOTES: 7.64.0
|
|
- RELEASE-PROCEDURE: update the release calendar
|
|
- THANKS: 7.64.0 status
|
|
Daniel Gustafsson (5 Feb 2019)
|
- ROADMAP: remove already performed item
|
|
Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support
|
for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
|
the entry was removed from the TODO it was mistakenly left here.
|
Fix by removing and rewording the entry slightly.
|
|
Closes #3530
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- [Etienne Simard brought this change]
|
|
CONTRIBUTE.md: Fix grammatical errors
|
|
Fix grammatical errors making the document read better. Also fixes
|
a typo.
|
|
Closes #3525
|
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
Daniel Stenberg (4 Feb 2019)
|
- [Julian Z brought this change]
|
|
docs: use $(INSTALL_DATA) to install man page
|
|
Fixes #3518
|
Closes #3522
|
|
Jay Satiro (4 Feb 2019)
|
- [Ladar Levison brought this change]
|
|
runtests.pl: Fix perl call to include srcdir
|
|
- Use explicit include opt for perl calls.
|
|
Prior to this change some scripts couldn't find their dependencies.
|
|
At the top, perl is called using with the "-Isrcdir" option, and it
|
works:
|
|
https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183
|
|
But on line 3868, that option is omitted. This caused problems for me,
|
as the symbol-scan.pl script in particular couldn't find its
|
dependencies properly:
|
|
https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868
|
|
This patch fixes that oversight by making calls to perl sub-shells
|
uniform.
|
|
Closes https://github.com/curl/curl/pull/3496
|
|
Daniel Stenberg (4 Feb 2019)
|
- [Daniel Gustafsson brought this change]
|
|
smtp: avoid risk of buffer overflow in strtol
|
|
If the incoming len 5, but the buffer does not have a termination
|
after 5 bytes, the strtol() call may keep reading through the line
|
buffer until is exceeds its boundary. Fix by ensuring that we are
|
using a bounded read with a temporary buffer on the stack.
|
|
Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
|
Reported-by: Brian Carpenter (Geeknik Labs)
|
CVE-2019-3823
|
|
- ntlm: fix *_type3_message size check to avoid buffer overflow
|
|
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
|
Reported-by: Wenxiang Qian
|
CVE-2019-3822
|
|
- NTLM: fix size check condition for type2 received data
|
|
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
|
Reported-by: Wenxiang Qian
|
CVE-2018-16890
|
|
Marcel Raad (1 Feb 2019)
|
- [georgeok brought this change]
|
|
spnego_sspi: add support for channel binding
|
|
Attempt to add support for Secure Channel binding when negotiate
|
authentication is used. The problem to solve is that by default IIS
|
accepts channel binding and curl doesn't utilise them. The result was a
|
401 response. Scope affects only the Schannel(winssl)-SSPI combination.
|
|
Fixes https://github.com/curl/curl/issues/3503
|
Closes https://github.com/curl/curl/pull/3509
|
|
Daniel Stenberg (1 Feb 2019)
|
- RELEASE-NOTES: synced
|
|
- schannel: stop calling it "winssl"
|
|
Stick to "Schannel" everywhere. The configure option --with-winssl is
|
kept to allow existing builds to work but --with-schannel is added as an
|
alias.
|
|
Closes #3504
|
|
- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
|
|
To make sure Curl_timeleft() also thinks the timeout has been reached
|
when one of the EXPIRE_*TIMEOUTs expires.
|
|
Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html
|
Reported-by: Zhao Yisha
|
Closes #3501
|
|
- [John Marshall brought this change]
|
|
doc: use meaningless port number in CURLOPT_LOCALPORT example
|
|
Use an ephemeral port number here; previously the example had 8080
|
which could be confusing as the common web server port number might
|
be misinterpreted as suggesting this option affects the remote port.
|
|
URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
|
Closes #3513
|
|
GitHub (29 Jan 2019)
|
- [Gisle Vanem brought this change]
|
|
Escape the '\'
|
|
A backslash should be escaped in Roff / Troff.
|
|
Jay Satiro (29 Jan 2019)
|
- TODO: WinSSL: 'Add option to disable client cert auto-send'
|
|
By default WinSSL selects and send a client certificate automatically,
|
but for privacy and consistency we should offer an option to disable the
|
default auto-send behavior.
|
|
Reported-by: Jeroen Ooms
|
|
Closes https://github.com/curl/curl/issues/2262
|
|
Daniel Stenberg (28 Jan 2019)
|
- [Jeremie Rapin brought this change]
|
|
sigpipe: if mbedTLS is used, ignore SIGPIPE
|
|
mbedTLS doesn't have a sigpipe management. If a write/read occurs when
|
the remote closes the socket, the signal is raised and kills the
|
application. Use the curl mecanisms fix this behavior.
|
|
Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com>
|
|
Closes #3502
|
|
- unit1653: make it survive torture tests
|
|
Jay Satiro (28 Jan 2019)
|
- [Michael Kujawa brought this change]
|
|
timeval: Disable MSVC Analyzer GetTickCount warning
|
|
Compiling with msvc /analyze and a recent Windows SDK warns against
|
using GetTickCount (Suggests to use GetTickCount64 instead.)
|
|
Since GetTickCount is only being used when GetTickCount64 isn't
|
available, I am disabling that warning.
|
|
Fixes https://github.com/curl/curl/issues/3437
|
Closes https://github.com/curl/curl/pull/3440
|
|
Daniel Stenberg (26 Jan 2019)
|
- configure: rewrite --enable-code-coverage
|
|
The previously used ax_code_coverage.m4 is not license compatible and
|
must not be used.
|
|
Reported-by: William A. Rowe Jr
|
Fixes #3497
|
Closes #3499
|
|
- [Felix HƤdicke brought this change]
|
|
setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
|
|
CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for
|
libssh as well. So accepting these options only when compiling with
|
libssh2 is wrong here.
|
|
Fixes #3493
|
Closes #3494
|
|
- [Felix HƤdicke brought this change]
|
|
libssh: do not let libssh create socket
|
|
By default, libssh creates a new socket, instead of using the socket
|
created by curl for SSH connections.
|
|
Pass the socket created by curl to libssh using ssh_options_set() with
|
SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
|
instead of creating a new one.
|
|
This approach is very similar to what is done in the libssh2 code, where
|
the socket created by curl is passed to libssh2 when
|
libssh2_session_startup() is called.
|
|
Fixes #3491
|
Closes #3495
|
|
- RELEASE-NOTES: synced
|
|
- [Archangel_SDY brought this change]
|
|
schannel: preserve original certificate path parameter
|
|
Fixes #3480
|
Closes #3487
|
|
- KNOWN_BUGS: tests not compatible with python3
|
|
Closes #3289
|
[skip ci]
|
|
Daniel Gustafsson (20 Jan 2019)
|
- memcmp: avoid doing single char memcmp
|
|
There is no real gain in performing memcmp() comparisons on single
|
characters, so change these to array subscript inspections which
|
saves a call and makes the code clearer.
|
|
Closes #3486
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
Daniel Stenberg (19 Jan 2019)
|
- COPYING: it's 2019
|
|
[skip ci]
|
|
- [hhb brought this change]
|
|
configure: fix recv/send/select detection on Android
|
|
This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9.
|
|
The overloadable attribute is removed again starting from
|
NDK17. Actually they only exist in two NDK versions (15 and 16). With
|
overloadable, the first condition tried will succeed. Results in wrong
|
detection result.
|
|
Closes #3484
|
|
Marcel Raad (19 Jan 2019)
|
- [georgeok brought this change]
|
|
ntlm_sspi: add support for channel binding
|
|
Windows extended potection (aka ssl channel binding) is required
|
to login to ntlm IIS endpoint, otherwise the server returns 401
|
responses.
|
|
Fixes #3280
|
Closes #3321
|
|
Daniel Stenberg (18 Jan 2019)
|
- schannel: on connection close there might not be a transfer
|
|
Reported-by: Marcel Raad
|
Fixes #3412
|
Closes #3483
|
|
- [Joel Depooter brought this change]
|
|
ssh: log the libssh2 error message when ssh session startup fails
|
|
When a ssh session startup fails, it is useful to know why it has
|
failed. This commit changes the message from:
|
"Failure establishing ssh session"
|
to something like this, for example:
|
"Failure establishing ssh session: -5, Unable to exchange encryption keys"
|
|
Closes #3481
|
|
Alessandro Ghedini (16 Jan 2019)
|
- Fix typo in manpage
|
|
Daniel Stenberg (16 Jan 2019)
|
- RELEASE-NOTES: synced
|
|
Sergei Nikulov (16 Jan 2019)
|
- cmake: updated check for HAVE_POLL_FINE to match autotools
|
|
Daniel Stenberg (16 Jan 2019)
|
- curl-compilers.m4: check for __ibmxl__ to detect xlclang
|
|
Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a
|
particular flag is used for legacy macros.
|
|
Fixes #3474
|
Closes #3479
|
|
- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
|
|
.... to not pass in a const in the second argument as that's not how it
|
is supposed to be used and might cause compiler warnings.
|
|
Reported-by: Pavel Pavlov
|
Fixes #3477
|
Closes #3478
|
|
- curl-compilers.m4: detect xlclang
|
|
Since it isn't totally clang compatible, we detect this IBM clang
|
front-end and if detected, avoids some clang specific magic.
|
|
Reported-by: Kees Dekker
|
Fixes #3474
|
Closes #3476
|
|
- README: add codacy code quality badge
|
|
[skip ci]
|
|
- extract_if_dead: follow-up to 54b201b48c90a
|
|
extract_if_dead() dead is called from two functions, and only one of
|
them should get conn->data updated and now neither call path clears it.
|
|
scan-build found a case where conn->data would be NULL dereferenced in
|
ConnectionExists() otherwise.
|
|
Closes #3473
|
|
- multi: remove "Dead assignment"
|
|
Found by scan-build. Follow-up to 4c35574bb785ce.
|
|
Closes #3471
|
|
- tests: move objnames-* from lib into tests
|
|
Since they're used purely for testing purposes, I think they should
|
rather be stored there.
|
|
Closes #3470
|
|
Sergei Nikulov (15 Jan 2019)
|
- travis: added cmake build for osx
|
|
Daniel Stenberg (14 Jan 2019)
|
- [Frank Gevaerts brought this change]
|
|
cookie: fix comment typo (url_path_len -> uri_path_len)
|
|
Closes #3469
|
|
Marcel Raad (14 Jan 2019)
|
- winbuild: conditionally use /DZLIB_WINAPI
|
|
zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have
|
the ZLIB_WINAPI define set by default. Using them requires that define
|
too.
|
|
Ref: https://zlib.net/DLL_FAQ.txt
|
|
Fixes https://github.com/curl/curl/issues/3133
|
Closes https://github.com/curl/curl/pull/3460
|
|
Daniel Stenberg (14 Jan 2019)
|
- src/Makefile: make 'tidy' target work for metalink builds
|
|
- extract_if_dead: use a known working transfer when checking connections
|
|
Make sure that this function sets a proper "live" transfer for the
|
connection before calling the protocol-specific connection check
|
function, and then clear it again afterward as a non-used connection has
|
no current transfer.
|
|
Reported-by: Jeroen Ooms
|
Reviewed-by: Marcel Raad
|
Reviewed-by: Daniel Gustafsson
|
Fixes #3463
|
Closes #3464
|
|
- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
|
|
OpenSSL_version() replaces OpenSSL_version_num()
|
|
Closes #3462
|
|
Sergei Nikulov (11 Jan 2019)
|
- cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC
|
|
Daniel Stenberg (11 Jan 2019)
|
- urldata: rename easy_conn to just conn
|
|
We use "conn" everywhere to be a pointer to the connection.
|
|
Introduces two functions that "attaches" and "detaches" the connection
|
to and from the transfer.
|
|
Going forward, we should favour using "data->conn" (since a transfer
|
always only has a single connection or none at all) to "conn->data"
|
(since a connection can have none, one or many transfers associated with
|
it and updating conn->data to be correct is error prone and a frequent
|
reason for internal issues).
|
|
Closes #3442
|
|
- tool_cb_prg: avoid integer overflow
|
|
When calculating the progress bar width.
|
|
Reported-by: Peng Li
|
Fixes #3456
|
Closes #3458
|
|
Daniel Gustafsson (11 Jan 2019)
|
- travis: turn off copyright year checks in checksrc
|
|
Invoking the maintainer intended COPYRIGHTYEAR check for everyone
|
in the PR pipeline is too invasive, especially at the turn of the
|
year when many files get affected. Remove and leave it as a tool
|
for maintainers to verify patches before commits.
|
|
This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41.
|
|
After discussion with: Daniel Stenberg
|
|
Daniel Stenberg (10 Jan 2019)
|
- KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW
|
|
Closes #3125
|
|
- KNOWN_BUGS: Improve --data-urlencode space encoding
|
|
Closes #3229
|
|
Patrick Monnerat (10 Jan 2019)
|
- os400: add a missing closing bracket
|
|
See https://github.com/curl/curl/issues/3453#issuecomment-453054458
|
|
Reported-by: jonrumsey on github
|
|
- os400: fix extra parameter syntax error.
|
|
Reported-by: jonrumsey on github
|
Closes #3453
|
|
Daniel Stenberg (10 Jan 2019)
|
- test1558: verify CURLINFO_PROTOCOL on file:// transfer
|
|
Attempt to reproduce issue #3444.
|
|
Closes #3447
|
|
- RELEASE-NOTES: synced
|
|
- xattr: strip credentials from any URL that is stored
|
|
Both user and password are cleared uncondtitionally.
|
|
Added unit test 1621 to verify.
|
|
Fixes #3423
|
Closes #3433
|
|
- cookies: allow secure override when done over HTTPS
|
|
Added test 1562 to verify.
|
|
Reported-by: Jeroen Ooms
|
Fixes #3445
|
Closes #3450
|
|
- multi: multiplexing improvements
|
|
Fixes #3436
|
Closes #3448
|
|
Problem 1
|
|
After LOTS of scratching my head, I eventually realized that even when doing
|
10 uploads in parallel, sometimes the socket callback to the application that
|
tells it what to wait for on the socket, looked like it would reflect the
|
status of just the single transfer that just changed state.
|
|
Digging into the code revealed that this was indeed the truth. When multiple
|
transfers are using the same connection, the application did not correctly get
|
the *combined* flags for all transfers which then could make it switch to READ
|
(only) when in fact most transfers wanted to get told when the socket was
|
WRITEABLE.
|
|
Problem 1b
|
|
A separate but related regression had also been introduced by me when I
|
cleared connection/transfer association better a while ago, as now the logic
|
couldn't find the connection and see if that was marked as used by more
|
transfers and then it would also prematurely remove the socket from the socket
|
hash table even in times other transfers were still using it!
|
|
Fix 1
|
|
Make sure that each socket stored in the socket hash has a "combined" action
|
field of what to ask the application to wait for, that is potentially the ORed
|
action of multiple parallel transfers. And remove that socket hash entry only
|
if there are no transfers left using it.
|
|
Problem 2
|
|
The socket hash entry stored an association to a single transfer using that
|
socket - and when curl_multi_socket_action() was called to tell libcurl about
|
activities on that specific socket only that transfer was "handled".
|
|
This was WRONG, as a single socket/connection can be used by numerous parallel
|
transfers and not necessarily a single one.
|
|
Fix 2
|
|
We now store a list of handles in the socket hashtable entry and when libcurl
|
is told there's traffic for a particular socket, it now iterates over all
|
known transfers using that single socket.
|
|
- test1561: improve test name
|
|
[skip ci]
|
|
- [Katsuhiko YOSHIDA brought this change]
|
|
cookies: skip custom cookies when redirecting cross-site
|
|
Closes #3417
|
|
- THANKS: fixups and a dedupe
|
|
[skip ci]
|
|
- timediff: fix math for unsigned time_t
|
|
Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html
|
|
Closes #3449
|
|
- [Bernhard M. Wiedemann brought this change]
|
|
tests: allow tests to pass by 2037-02-12
|
|
similar to commit f508d29f3902104018
|
|
Closes #3443
|
|
- RELEASE-NOTES: synced
|
|
- [Brad Spencer brought this change]
|
|
curl_multi_remove_handle() don't block terminating c-ares requests
|
|
Added Curl_resolver_kill() for all three resolver modes, which only
|
blocks when necessary, along with test 1592 to confirm
|
curl_multi_remove_handle() doesn't block unless it must.
|
|
Closes #3428
|
Fixes #3371
|
|
- Revert "http_negotiate: do not close connection until negotiation is completed"
|
|
This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.
|
|
This also reopens PR #3275 which brought the change now reverted.
|
|
Fixes #3384
|
Closes #3439
|
|
- curl/urlapi.h: include "curl.h" first
|
|
This allows programs to include curl/urlapi.h directly.
|
|
Reviewed-by: Daniel Gustafsson
|
Reported-by: Ben Kohler
|
Fixes #3438
|
Closes #3441
|
|
Marcel Raad (6 Jan 2019)
|
- VS projects: fix build warning
|
|
Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
|
the MinimalRebuild option anymore and warns:
|
|
cl : Command line warning D9035: option 'Gm' has been deprecated and
|
will be removed in a future release
|
|
The option can be safely removed so that the default is used.
|
|
Closes https://github.com/curl/curl/pull/3425
|
|
- schannel: fix compiler warning
|
|
When building with Unicode on MSVC, the compiler warns about freeing a
|
pointer to const in Curl_unicodefree. Fix this by declaring it as
|
non-const and casting the argument to Curl_convert_UTF8_to_tchar to
|
non-const too, like we do in all other places.
|
|
Closes https://github.com/curl/curl/pull/3435
|
|
Daniel Stenberg (4 Jan 2019)
|
- [Rikard Falkeborn brought this change]
|
|
printf: introduce CURL_FORMAT_TIMEDIFF_T
|
|
- [Rikard Falkeborn brought this change]
|
|
printf: fix format specifiers
|
|
Closes #3426
|
|
- libtest/stub_gssapi: use "real" snprintf
|
|
... since it doesn't link with libcurl.
|
|
Reverts the commit dcd6f81025 changes from this file.
|
|
Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
|
Reported-by: Shlomi Fish
|
Reviewed-by: Daniel Gustafsson
|
Reviewed-by: Kamil Dudka
|
|
Closes #3434
|
|
- INTERNALS: correct some outdated function names
|
|
Closes #3431
|
|
- docs/version.d: mention MultiSSL
|
|
Reviewed-by: Daniel Gustafsson
|
Closes #3432
|
|
Daniel Gustafsson (2 Jan 2019)
|
- [Rikard Falkeborn brought this change]
|
|
examples: Update .gitignore
|
|
Add a few missing examples to make `make examples` not leave the
|
workspace in a dirty state.
|
|
Closes #3427
|
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
- THANKS: add more missing names
|
|
Add Adrian Burcea who made the artwork for the curl://up 2018 event
|
which was held in Stockholm, Sweden.
|
|
- docs: mention potential leak in curl_slist_append
|
|
When a non-empty list is appended to, and used as the returnvalue,
|
the list pointer can leak in case of an allocation failure in the
|
curl_slist_append() call. This is correctly handled in curl code
|
usage but we weren't explicitly pointing it out in the API call
|
documentation. Fix by extending the RETURNVALUE manpage section
|
and example code.
|
|
Closes #3424
|
Reported-by: dnivras on github
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Marcel Raad (1 Jan 2019)
|
- tvnow: silence conversion warnings
|
|
MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
|
used and the milliseconds are represented as unsigned long long,
|
leading to a compiler warning when implicitly converting them to long.
|
|
Daniel Stenberg (1 Jan 2019)
|
- THANKS: dedupe more names
|
|
Researched-by: Tae Wong
|
|
Marcel Raad (1 Jan 2019)
|
- [Markus Moeller brought this change]
|
|
ntlm: update selection of type 3 response
|
|
NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
|
check seems to work.
|
|
Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf
|
|
Fixes https://github.com/curl/curl/issues/3286
|
Closes https://github.com/curl/curl/pull/3287
|
Closes https://github.com/curl/curl/pull/3415
|
|
Daniel Stenberg (31 Dec 2018)
|
- THANKS: added missing names from year <= 2000
|
|
Due to a report of a missing name in THANKS I manually went through an
|
old CHANGES.0 file and added many previously missing names here.
|
|
Daniel Gustafsson (30 Dec 2018)
|
- urlapi: fix parsing ipv6 with zone index
|
|
The previous fix for parsing IPv6 URLs with a zone index was a paddle
|
short for URLs without an explicit port. This patch fixes that case
|
and adds a unit test case.
|
|
This bug was highlighted by issue #3408, and while it's not the full
|
fix for the problem there it is an isolated bug that should be fixed
|
regardless.
|
|
Closes #3411
|
Reported-by: GitYuanQu on github
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (30 Dec 2018)
|
- THANKS: dedupe Guenter Knauf
|
|
Reported-by: Tae Wong
|
|
- THANKS: missing name from the 6.3.1 release!
|
|
Daniel Gustafsson (27 Dec 2018)
|
- RELEASE-NOTES: synced
|
|
- [Claes Jakobsson brought this change]
|
|
hostip: support wildcard hosts
|
|
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
|
try-last so any non-wildcard entry is resolved first. If specified,
|
any host not matched by another CURLOPT_RESOLVE config will use this
|
as fallback.
|
|
Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
|
curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
|
https://a.com https://b.com
|
|
This is probably quite similar to using:
|
--connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
|
|
Closes #3406
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- url: fix incorrect indentation
|
|
Patrick Monnerat (26 Dec 2018)
|
- os400: upgrade ILE/RPG binding.
|
|
- Trailer function support.
|
- http 0.9 option.
|
- curl_easy_upkeep.
|
|
Daniel Gustafsson (25 Dec 2018)
|
- FAQ: remove mention of sourceforge for github
|
|
The project bug tracker is no longer hosted at sourceforge but is now
|
hosted on the curl Github page. Update the FAQ to reflect.
|
|
Closes #3410
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- openvms: fix typos in documentation
|
|
- openvms: fix OpenSSL discovery on VAX
|
|
The DCL code had a typo in one of the commands which would make the
|
OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.
|
|
Closes #3407
|
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
Daniel Stenberg (24 Dec 2018)
|
- [Ruslan Baratov brought this change]
|
|
cmake: use lowercase for function name like the rest of the code
|
|
Reviewed-by: Sergei Nikulov
|
|
closes #3196
|
|
- Revert "libssh: no data pointer == nothing to do"
|
|
This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the
|
problem in a more generic way.
|
|
- disconnect: set conn->data for protocol disconnect
|
|
Follow-up to fb445a1e18d: Set conn->data explicitly to point out the
|
current transfer when invoking the protocol-specific disconnect function
|
so that it can work correctly.
|
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
|
|
Jay Satiro (23 Dec 2018)
|
- [Pavel Pavlov brought this change]
|
|
timeval: Use high resolution timestamps on Windows
|
|
- Use QueryPerformanceCounter on Windows Vista+
|
|
There is confusing info floating around that QueryPerformanceCounter
|
can leap etc, which might have been true long time ago, but no longer
|
the case nowadays (perhaps starting from WinXP?). Also, boost and
|
std::chrono::steady_clock use QueryPerformanceCounter in a similar way.
|
|
Prior to this change GetTickCount or GetTickCount64 was used, which has
|
lower resolution. That is still the case for <= XP.
|
|
Fixes https://github.com/curl/curl/issues/3309
|
Closes https://github.com/curl/curl/pull/3318
|
|
Daniel Stenberg (22 Dec 2018)
|
- libssh: no data pointer == nothing to do
|
|
- conncache_unlock: avoid indirection by changing input argument type
|
|
- disconnect: separate connections and easy handles better
|
|
Do not assume/store assocation between a given easy handle and the
|
connection if it can be avoided.
|
|
Long-term, the 'conn->data' pointer should probably be removed as it is a
|
little too error-prone. Still used very widely though.
|
|
Reported-by: masbug on github
|
Fixes #3391
|
Closes #3400
|
|
- libssh: free sftp_canonicalize_path() data correctly
|
|
Assisted-by: Harry Sintonen
|
|
Fixes #3402
|
Closes #3403
|
|
- RELEASE-NOTES: synced
|
|
- http: added options for allowing HTTP/0.9 responses
|
|
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
|
|
For now, both the tool and library allow HTTP/0.9 by default.
|
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
|
months after the 7.64.0 release. The options are added already now so
|
that applications/scripts can start using them already now.
|
|
Fixes #2873
|
Closes #3383
|
|
- if2ip: remove unused function Curl_if_is_interface_name
|
|
Closes #3401
|
|
- http2: clear pause stream id if it gets closed
|
|
Reported-by: Florian Pritz
|
|
Fixes #3392
|
Closes #3399
|
|
Daniel Gustafsson (20 Dec 2018)
|
- [David Garske brought this change]
|
|
wolfssl: Perform cleanup
|
|
This adds a cleanup callback for cyassl. Resolves possible memory leak
|
when using ECC fixed point cache.
|
|
Closes #3395
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
Daniel Stenberg (20 Dec 2018)
|
- mbedtls: follow-up VERIFYHOST fix from f097669248
|
|
Fix-by: Eric Rosenquist
|
|
Fixes #3376
|
Closes #3390
|
|
- curlver: bump to 7.64.0 for next release
|
|
Daniel Gustafsson (19 Dec 2018)
|
- cookies: extend domain checks to non psl builds
|
|
Ensure to perform the checks we have to enforce a sane domain in
|
the cookie request. The check for non-PSL enabled builds is quite
|
basic but it's better than nothing.
|
|
Closes #2964
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (19 Dec 2018)
|
- [Matus Uzak brought this change]
|
|
smb: fix incorrect path in request if connection reused
|
|
Follow-up to 09e401e01bf9. If connection gets reused, then data member
|
will be copied, but not the proto member. As a result, in smb_do(),
|
path has been set from the original proto.share data.
|
|
Closes #3388
|
|
- curl -J: do not append to the destination file
|
|
Reported-by: Kamil Dudka
|
Fixes #3380
|
Closes #3381
|
|
- mbedtls: use VERIFYHOST
|
|
Previously, VERIFYPEER would enable/disable all checks.
|
|
Reported-by: Eric Rosenquist
|
Fixes #3376
|
Closes #3380
|
|
- pingpong: change default response timeout to 120 seconds
|
|
Previously it was 30 minutes
|
|
- pingpong: ignore regular timeout in disconnect phase
|
|
The timeout set with CURLOPT_TIMEOUT is no longer used when
|
disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
|
POP3).
|
|
Reported-by: jasal82 on github
|
|
Fixes #3264
|
Closes #3374
|
|
- TODO: Windows: set attribute 'archive' for completed downloads
|
|
Closes #3354
|
|
- RELEASE-NOTES: synced
|
|
- http: minor whitespace cleanup from f464535b
|
|
- [Ayoub Boudhar brought this change]
|
|
http: Implement trailing headers for chunked transfers
|
|
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
|
options that allow a callback based approach to sending trailing headers
|
with chunked transfers.
|
|
The test server (sws) was updated to take into account the detection of the
|
end of transfer in the case of trailing headers presence.
|
|
Test 1591 checks that trailing headers can be sent using libcurl.
|
|
Closes #3350
|
|
- darwinssl: accept setting max-tls with default min-tls
|
|
Reported-by: Andrei Neculau
|
Fixes #3367
|
Closes #3373
|
|
- gopher: fix memory leak from 9026083ddb2a9
|
|
- [Leonardo Taccari brought this change]
|
|
test1201: Add a trailing `?' to the selector
|
|
This verify that the `?' in the selector is kept as is.
|
|
Verifies the fix in #3370
|
|
- [Leonardo Taccari brought this change]
|
|
gopher: always include the entire gopher-path in request
|
|
After the migration to URL API all octets in the selector after the
|
first `?' were interpreted as query and accidentally discarded and not
|
passed to the server.
|
|
Add a gopherpath to always concatenate possible path and query URL
|
pieces.
|
|
Fixes #3369
|
Closes #3370
|
|
- [Leonardo Taccari brought this change]
|
|
urlapi: distinguish possibly empty query
|
|
If just a `?' to indicate the query is passed always store a zero length
|
query instead of having a NULL query.
|
|
This permits to distinguish URL with trailing `?'.
|
|
Fixes #3369
|
Closes #3370
|
|
Daniel Gustafsson (13 Dec 2018)
|
- OS400: handle memory error in list conversion
|
|
Curl_slist_append_nodup() returns NULL when it fails to create a new
|
item for the specified list, and since the coding here reassigned the
|
new list on top of the old list it would result in a dangling pointer
|
and lost memory. Also, in case we hit an allocation failure at some
|
point during the conversion, with allocation succeeding again on the
|
subsequent call(s) we will return a truncated list around the malloc
|
failure point. Fix by assigning to a temporary list pointer, which can
|
be checked (which is the common pattern for slist appending), and free
|
all the resources on allocation failure.
|
|
Closes #3372
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- cookies: leave secure cookies alone
|
|
Only allow secure origins to be able to write cookies with the
|
'secure' flag set. This reduces the risk of non-secure origins
|
to influence the state of secure origins. This implements IETF
|
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
|
RFC6265.
|
|
Closes #2956
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (13 Dec 2018)
|
- docs: fix the --tls-max description
|
|
Reported-by: Tobias Lindgren
|
Pointed out in #3367
|
|
Closes #3368
|
|
Daniel Gustafsson (12 Dec 2018)
|
- urlapi: Fix port parsing of eol colon
|
|
A URL with a single colon without a portnumber should use the default
|
port, discarding the colon. Fix, add a testcase and also do little bit
|
of comment wordsmithing.
|
|
Closes #3365
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Version 7.63.0 (12 Dec 2018)
|
|
Daniel Stenberg (12 Dec 2018)
|
- RELEASE-NOTES: 7.63.0
|
|
- THANKS: from the curl 7.62.0 cycle
|
|
- test1519: use lib1518 and test CURLINFO_REDIRECT_URL more
|
|
- Curl_follow: extract the Location: header field unvalidated
|
|
... when not actually following the redirect. Otherwise we return error
|
for this and an application can't extract the value.
|
|
Test 1518 added to verify.
|
|
Reported-by: Pavel Pavlov
|
Fixes #3340
|
Closes #3364
|
|
- multi: convert two timeout variables to timediff_t
|
|
The time_t type is unsigned on some systems and these variables are used
|
to hold return values from functions that return timediff_t
|
already. timediff_t is always a signed type.
|
|
Closes #3363
|
|
- delta: use --diff-filter on the git diff-tree invokes
|
|
Suggested-by: Dave Reisner
|
|
Patrick Monnerat (11 Dec 2018)
|
- documentation: curl_formadd field and file names are now escaped
|
|
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
|
header without special processing: this may lead to invalid RFC 822
|
quoted-strings.
|
7.56.0 introduces escaping of backslashes and double quotes in these names:
|
mention it in the documentation.
|
|
Reported-by: daboul on github
|
Closes #3361
|
|
Daniel Stenberg (11 Dec 2018)
|
- scripts/delta: show repo delta info from last release
|
|
... where "last release" should be the git tag in the repo.
|
|
Daniel Gustafsson (11 Dec 2018)
|
- tests: add urlapi unittest
|
|
This adds a new unittest intended to cover the internal functions in
|
the urlapi code, starting with parse_port(). In order to avoid name
|
collisions in debug builds, parse_port() is renamed Curl_parse_port()
|
since it will be exported.
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
- urlapi: fix portnumber parsing for ipv6 zone index
|
|
An IPv6 URL which contains a zone index includes a '%%25<zode id>'
|
string before the ending ']' bracket. The parsing logic wasn't set
|
up to cope with the zone index however, resulting in a malformed url
|
error being returned. Fix by breaking the parsing into two stages
|
to correctly handle the zone index.
|
|
Closes #3355
|
Closes #3319
|
Reported-by: tonystz on Github
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
Daniel Stenberg (11 Dec 2018)
|
- [Jay Satiro brought this change]
|
|
http: fix HTTP auth to include query in URI
|
|
- Include query in the path passed to generate HTTP auth.
|
|
Recent changes to use the URL API internally (46e1640, 7.62.0)
|
inadvertently broke authentication URIs by omitting the query.
|
|
Fixes https://github.com/curl/curl/issues/3353
|
Closes #3356
|
|
- [Michael Kaufmann brought this change]
|
|
http: don't set CURLINFO_CONDITION_UNMET for http status code 204
|
|
The http status code 204 (No Content) should not change the "condition
|
unmet" flag. Only the http status code 304 (Not Modified) should do
|
this.
|
|
Closes #359
|
|
- [Samuel Surtees brought this change]
|
|
ldap: fix LDAP URL parsing regressions
|
|
- Match URL scheme with LDAP and LDAPS
|
- Retrieve attributes, scope and filter from URL query instead
|
|
Regression brought in 46e164069d1a5230 (7.62.0)
|
|
Closes #3362
|
|
- RELEASE-NOTES: synced
|
|
- [Stefan Kanthak brought this change]
|
|
(lib)curl.rc: fixup for minor bugs
|
|
All resources defined in lib/libcurl.rc and curl.rc are language
|
neutral.
|
|
winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the
|
ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong.
|
|
Replace the hard-coded constants in both *.rc files with #define'd
|
values.
|
|
Thumbs-uped-by: Rod Widdowson, Johannes Schindelin
|
URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
|
Closes #3348
|
|
- test329: verify cookie max-age=0 immediate expiry
|
|
- cookies: expire "Max-Age=0" immediately
|
|
Reported-by: Jeroen Ooms
|
Fixes #3351
|
Closes #3352
|
|
- [Johannes Schindelin brought this change]
|
|
Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
|
|
This is a companion patch to cbea2fd2c (NTLM: force the connection to
|
HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
|
preemptively. However, with other (Negotiate) authentication it is not
|
clear to this developer whether there is a way to make it work with
|
HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
|
error HTTP_1_1_REQUIRED.
|
|
Note: we will still keep the NTLM workaround, as it avoids an extra
|
round trip.
|
|
Daniel Stenberg helped a lot with this patch, in particular by
|
suggesting to introduce the Curl_h2_http_1_1_error() function.
|
|
Closes #3349
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
- [Ben Greear brought this change]
|
|
openssl: fix unused variable compiler warning with old openssl
|
|
URL: https://curl.haxx.se/mail/lib-2018-11/0055.html
|
|
Closes #3347
|
|
- [Johannes Schindelin brought this change]
|
|
NTLM: force the connection to HTTP/1.1
|
|
Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
|
the capability. However, NTLM authentication only works with HTTP/1.1,
|
and will likely remain in that boat (for details, see
|
https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
|
|
When we just found out that we want to use NTLM, and when the current
|
connection runs in HTTP/2 mode, let's force the connection to be closed
|
and to be re-opened using HTTP/1.1.
|
|
Fixes https://github.com/curl/curl/issues/3341.
|
Closes #3345
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
- [Johannes Schindelin brought this change]
|
|
curl_global_sslset(): id == -1 is not necessarily an error
|
|
It is allowed to call that function with id set to -1, specifying the
|
backend by the name instead. We should imitate what is done further down
|
in that function to allow for that.
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
Closes #3346
|
|
Johannes Schindelin (6 Dec 2018)
|
- .gitattributes: make tabs in indentation a visible error
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
Daniel Stenberg (6 Dec 2018)
|
- RELEASE-NOTES: synced
|
|
- doh: fix memory leak in OOM situation
|
|
Reviewed-by: Daniel Gustafsson
|
Closes #3342
|
|
- doh: make it work for h2-disabled builds too
|
|
Reported-by: dtmsecurity at github
|
Fixes #3325
|
Closes #3336
|
|
- packages: remove old leftover files and dirs
|
|
This subdir has mostly become an attic of never-used cruft from the
|
past.
|
|
Closes #3331
|
|
- [Gergely Nagy brought this change]
|
|
openssl: do not use file BIOs if not requested
|
|
Moves the file handling BIO calls to the branch of the code where they
|
are actually used.
|
|
Closes #3339
|
|
- [Paul Howarth brought this change]
|
|
nss: Fix compatibility with nss versions 3.14 to 3.15
|
|
- [Paul Howarth brought this change]
|
|
nss: Improve info message when falling back SSL protocol
|
|
Use descriptive text strings rather than decimal numbers.
|
|
- [Paul Howarth brought this change]
|
|
nss: Fall back to latest supported SSL version
|
|
NSS may be built without support for the latest SSL/TLS versions,
|
leading to "SSL version range is not valid" errors when the library
|
code supports a recent version (e.g. TLS v1.3) but it has explicitly
|
been disabled.
|
|
This change adjusts the maximum SSL version requested by libcurl to
|
be the maximum supported version at runtime, as long as that version
|
is at least as high as the minimum version required by libcurl.
|
|
Fixes #3261
|
|
Daniel Gustafsson (3 Dec 2018)
|
- travis: enable COPYRIGHTYEAR extended warning
|
|
The extended warning for checking incorrect COPYRIGHTYEAR is quite
|
expensive to run, so rather than expecting every developer to do it
|
we ensure it's turned on locally for Travis.
|
|
- checksrc: add COPYRIGHTYEAR check
|
|
Forgetting to bump the year in the copyright clause when hacking has
|
been quite common among curl developers, but a traditional checksrc
|
check isn't a good fit as it would penalize anyone hacking on January
|
1st (among other things). This adds a more selective COPYRIGHTYEAR
|
check which intends to only cover the currently hacked on changeset.
|
|
The check for updated copyright year is currently not enforced on all
|
files but only on files edited and/or committed locally. This is due to
|
the amount of files which aren't updated with their correct copyright
|
year at the time of their respective commit.
|
|
To further avoid running this expensive check for every developer, it
|
adds a new local override mode for checksrc where a .checksrc file can
|
be used to turn on extended warnings locally.
|
|
Closes #3303
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (3 Dec 2018)
|
- CHECKSRC.md: document more warnings
|
|
Closes #3335
|
[ci skip]
|
|
- RELEASE-NOTES: synced
|
|
- SECURITY-PROCESS: bountygraph shuts down
|
|
This backpedals back the documents to the state before bountygraph.
|
|
Closes #3311
|
|
- curl: fix memory leak reading --writeout from file
|
|
If another string had been set first, the writout function for reading
|
the syntax from file would leak the previously allocated memory.
|
|
Reported-by: Brian Carpenter
|
Fixes #3322
|
Closes #3330
|
|
- tool_main: rename function to make it unique and better
|
|
... there's already another function in the curl tool named
|
free_config_fields!
|
|
Daniel Gustafsson (29 Nov 2018)
|
- TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry
|
|
Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option
|
making it a manual code-edit operation to turn it back on. The removal
|
process has thus started and is now documented in docs/DEPRECATE.md so
|
remove from the TODO to avoid anyone looking for something to pick up
|
spend cycles on an already in-progress entry.
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Jay Satiro (29 Nov 2018)
|
- [Sevan Janiyan brought this change]
|
|
connect: fix building for recent versions of Minix
|
|
EBADIOCTL doesn't exist on more recent Minix.
|
There have also been substantial changes to the network stack.
|
Fixes build on Minix 3.4rc
|
|
Closes https://github.com/curl/curl/pull/3323
|
|
- [Konstantin Kushnir brought this change]
|
|
CMake: fix MIT/Heimdal Kerberos detection
|
|
- fix syntax error in FindGSS.cmake
|
- correct krb5 include directory. FindGSS exports
|
"GSS_INCLUDE_DIR" variable.
|
|
Closes https://github.com/curl/curl/pull/3316
|
|
Daniel Stenberg (28 Nov 2018)
|
- test328: verify Content-Encoding: none
|
|
Because of issue #3315
|
|
Closes #3317
|
|
- [James Knight brought this change]
|
|
configure: include all libraries in ssl-libs fetch
|
|
When compiling a collection of SSL libraries to link against (SSL_LIBS),
|
ensure all libraries are included. The call `--libs-only-l` can produce
|
only a subset of found in a `--libs` call (e.x. pthread may be excluded).
|
Adding `--libs-only-other` ensures other libraries are also included in
|
the list. This corrects select build environments compiling against a
|
static version of OpenSSL. Before the change, the following could be
|
observed:
|
|
checking for openssl options with pkg-config... found
|
configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
|
configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
|
configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
|
checking for HMAC_Update in -lcrypto... no
|
checking for HMAC_Init_ex in -lcrypto... no
|
checking OpenSSL linking with -ldl... no
|
checking OpenSSL linking with -ldl and -lpthread... no
|
configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
|
configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
|
...
|
SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
|
...
|
|
And include the other libraries when compiling SSL_LIBS succeeds with:
|
|
checking for openssl options with pkg-config... found
|
configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
|
configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
|
configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
|
checking for HMAC_Update in -lcrypto... yes
|
checking for SSL_connect in -lssl... yes
|
...
|
SSL support: enabled (OpenSSL)
|
...
|
|
Signed-off-by: James Knight <james.d.knight@live.com>
|
Closes #3193
|
|
Daniel Gustafsson (26 Nov 2018)
|
- doh: fix typo in infof call
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- cmdline-opts/gen.pl: define the correct varname
|
|
The variable definition had a small typo making it declare another
|
variable then the intended.
|
|
Closes #3304
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (25 Nov 2018)
|
- RELEASE-NOTES: synced
|
|
- curl_easy_perform: fix timeout handling
|
|
curl_multi_wait() was erroneously used from within
|
curl_easy_perform(). It could lead to it believing there was no socket
|
to wait for and then instead sleep for a while instead of monitoring the
|
socket and then miss acting on that activity as swiftly as it should
|
(causing an up to 1000 ms delay).
|
|
Reported-by: Antoni Villalonga
|
Fixes #3305
|
Closes #3306
|
Closes #3308
|
|
- CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
|
|
- cookies: create the cookiejar even if no cookies to save
|
|
Important for when the file is going to be read again and thus must not
|
contain old contents!
|
|
Adds test 327 to verify.
|
|
Reported-by: daboul on github
|
Fixes #3299
|
Closes #3300
|
|
- checksrc: ban snprintf use, add command line flag to override warns
|
|
- snprintf: renamed and we now only use msnprintf()
|
|
The function does not return the same value as snprintf() normally does,
|
so readers may be mislead into thinking the code works differently than
|
it actually does. A different function name makes this easier to detect.
|
|
Reported-by: Tomas Hoger
|
Assisted-by: Daniel Gustafsson
|
Fixes #3296
|
Closes #3297
|
|
- [Tobias Hintze brought this change]
|
|
test: update test20/1322 for eglibc bug workaround
|
|
The tests 20 and 1322 are using getaddrinfo of libc for resolving. In
|
eglibc-2.19 there is a memory leakage and invalid free bug which
|
surfaces in some special circumstances (PF_UNSPEC hint with invalid or
|
non-existent names). The valgrind runs in testing fail in these
|
situations.
|
|
As the tests 20/1322 are not specific on either protocol (IPv4/IPv6)
|
this commit changes the hints to IPv4 protocol by passing `--ipv4` flag
|
on the tests' command line. This prevents the valgrind failures.
|
|
- [Tobias Hintze brought this change]
|
|
host names: allow trailing dot in name resolve, then strip it
|
|
Delays stripping of trailing dots to after resolving the hostname.
|
|
Fixes #3022
|
Closes #3222
|
|
- [UnknownShadow200 brought this change]
|
|
CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
|
|
Closes #3295
|
|
Daniel Gustafsson (21 Nov 2018)
|
- configure: Fix typo in comment
|
|
Michael Kaufmann (21 Nov 2018)
|
- openssl: support session resume with TLS 1.3
|
|
Session resumption information is not available immediately after a TLS 1.3
|
handshake. The client must wait until the server has sent a session ticket.
|
|
Use OpenSSL's "new session" callback to get the session information and put it
|
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
|
after the server has sent a session ticket.
|
|
The "new session" callback is invoked only if OpenSSL's session cache is
|
enabled, so enable it and use the "external storage" mode which lets curl manage
|
the contents of the session cache.
|
|
A pointer to the connection data and the sockindex are now saved as "SSL extra
|
data" to make them available to the callback.
|
|
This approach also works for old SSL/TLS versions and old OpenSSL versions.
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Fixes #3202
|
Closes #3271
|
|
- ssl: fix compilation with OpenSSL 0.9.7
|
|
- ENGINE_cleanup() was used without including "openssl/engine.h"
|
- enable engine support for OpenSSL 0.9.7
|
|
Closes #3266
|
|
Daniel Stenberg (21 Nov 2018)
|
- openssl: disable TLS renegotiation with BoringSSL
|
|
Since we're close to feature freeze, this change disables this feature
|
with an #ifdef. Define ALLOW_RENEG at build-time to enable.
|
|
This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
|
applications opt-in this.
|
|
Concern-raised-by: David Benjamin
|
Fixes #3283
|
Closes #3293
|
|
- [Romain Fliedel brought this change]
|
|
ares: remove fd from multi fd set when ares is about to close the fd
|
|
When using c-ares for asyn dns, the dns socket fd was silently closed
|
by c-ares without curl being aware. curl would then 'realize' the fd
|
has been removed at next call of Curl_resolver_getsock, and only then
|
notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
|
CURL_POLL_REMOVE. At this point the fd is already closed.
|
|
By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
|
patch allows curl to be notified that the fd is not longer needed
|
for neither for write nor read. At this point by calling
|
Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
|
before the fd is actually closed by ares.
|
|
In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
|
since it does not allow passing a different sock_state_cb_data
|
|
Closes #3238
|
|
- [Romain Fliedel brought this change]
|
|
examples/ephiperfifo: report error when epoll_ctl fails
|
|
Daniel Gustafsson (20 Nov 2018)
|
- [pkubaj brought this change]
|
|
ntlm: Remove redundant ifdef USE_OPENSSL
|
|
lib/curl_ntlm.c had code that read as follows:
|
|
#ifdef USE_OPENSSL
|
# ifdef USE_OPENSSL
|
# else
|
# ..
|
# endif
|
#endif
|
|
Remove the redundant USE_OPENSSL along with #else (it's not possible to
|
reach it anyway). The removed construction is a leftover from when the
|
SSLeay support was removed.
|
|
Closes #3269
|
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (20 Nov 2018)
|
- [Han Han brought this change]
|
|
ssl: replace all internal uses of CURLE_SSL_CACERT
|
|
Closes #3291
|
|
Han Han (19 Nov 2018)
|
- docs: add more description to unified ssl error codes
|
|
- curle: move deprecated error code to ifndef block
|
|
Patrick Monnerat (19 Nov 2018)
|
- os400: add CURLOPT_CURLU to ILE/RPG binding.
|
|
- os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.
|
|
- os400: fix return type of curl_easy_pause() in ILE/RPG binding.
|
|
Daniel Stenberg (19 Nov 2018)
|
- RELEASE-NOTES: synced
|
|
- impacket: add LICENSE
|
|
The license for the impacket package was not in our tree.
|
|
Imported now from upstream's
|
https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE
|
|
Reported-by: infinnovation-dev on github
|
Fixes #3276
|
Closes #3277
|
|
Daniel Gustafsson (18 Nov 2018)
|
- tool_doswin: Fix uninitialized field warning
|
|
The partial struct initialization in 397664a065abffb7c3445ca9 caused
|
a warning on uninitialized MODULEENTRY32 struct members:
|
|
/src/tool_doswin.c:681:3: warning: missing initializer for field
|
'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}'
|
[-Wmissing-field-initializers]
|
|
This is sort of a bogus warning as the remaining members will be set
|
to zero by the compiler, as all omitted members are. Nevertheless,
|
remove the warning by omitting all members and setting the dwSize
|
members explicitly.
|
|
Closes #3254
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
|
- openssl: Remove SSLEAY leftovers
|
|
Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't
|
compatible with the SSLeay library. This removes the few leftovers that
|
were omitted in the less frequently used platform targets.
|
|
Closes #3270
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (16 Nov 2018)
|
- [Elia Tufarolo brought this change]
|
|
http_negotiate: do not close connection until negotiation is completed
|
|
Fix HTTP POST using CURLAUTH_NEGOTIATE.
|
|
Closes #3275
|
|
- pop3: only do APOP with a valid timestamp
|
|
Brought-by: bobmitchell1956 on github
|
Fixes #3278
|
Closes #3279
|
|
Jay Satiro (16 Nov 2018)
|
- [Peter Wu brought this change]
|
|
openssl: do not log excess "TLS app data" lines for TLS 1.3
|
|
The SSL_CTX_set_msg_callback callback is not just called for the
|
Handshake or Alert protocols, but also for the raw record header
|
(SSL3_RT_HEADER) and the decrypted inner record type
|
(SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
|
excess debug spam when using `curl -v` against a TLSv1.3-enabled server:
|
|
* TLSv1.3 (IN), TLS app data, [no content] (0):
|
|
(Following this message, another callback for the decrypted
|
handshake/alert messages will be be present anyway.)
|
|
Closes https://github.com/curl/curl/pull/3281
|
|
Marc Hoersken (15 Nov 2018)
|
- tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
|
|
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
|
but does not work together with SO_REUSEADDR being on.
|
|
The default changes were made with stunnel 5.34 and 5.35.
|
|
Daniel Stenberg (13 Nov 2018)
|
- [Kamil Dudka brought this change]
|
|
nss: remove version selecting dead code
|
|
Closes #3262
|
|
- nss: set default max-tls to 1.3/1.2
|
|
Fixes #3261
|
|
Daniel Gustafsson (13 Nov 2018)
|
- tool_cb_wrt: Silence function cast compiler warning
|
|
Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
|
compiler warning on Windows cross compilation with GCC. See below
|
for an example of the warning from the autobuild logs (whitespace
|
edited to fit):
|
|
/src/tool_cb_wrt.c:175:9: warning: cast from function call of type
|
'intptr_t {aka long long int}' to non-matching type 'void *'
|
[-Wbad-function-cast]
|
(HANDLE) _get_osfhandle(fileno(outs->stream)),
|
^
|
|
Store the return value from _get_osfhandle() in an intermediate
|
variable and cast the variable in WriteConsoleW() rather than the
|
function call directly to avoid a compiler warning.
|
|
In passing, also add inspection of the MultiByteToWideChar() return
|
value and return failure in case an error is reported.
|
|
Closes #3263
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
Daniel Stenberg (12 Nov 2018)
|
- nss: fix fallthrough comment to fix picky compiler warning
|
|
- docs: expanded on some CURLU details
|
|
- [Tim RĆ¼hsen brought this change]
|
|
ftp: avoid two unsigned int overflows in FTP listing parser
|
|
Curl_ftp_parselist: avoid unsigned integer overflows
|
|
The overflow has no real world impact, just avoid it for "best
|
practice".
|
|
Closes #3225
|
|
- curl: --local-port range was not "including"
|
|
The end port number in a given range was not included in the range used,
|
as it is documented to be.
|
|
Reported-by: infinnovation-dev on github
|
Fixes #3251
|
Closes #3255
|
|
- [JƩrƩmy Rocher brought this change]
|
|
openssl: support BoringSSL TLS renegotiation
|
|
As per BoringSSL porting documentation [1], BoringSSL rejects peer
|
renegotiations by default.
|
|
curl fails when trying to authenticate to server through client
|
certificate if it is requested by server after the initial TLS
|
handshake.
|
|
Enable renegotiation by default with BoringSSL to get same behavior as
|
with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2]
|
which was introduced in commit 1d5ef3bb1eb9 [3].
|
|
1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation
|
2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482
|
3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86
|
|
Signed-off-by: JƩrƩmy Rocher <rocher.jeremy@gmail.com>
|
Fixes #3258
|
Closes #3259
|
|
- HISTORY: add some milestones
|
|
Added a few of the more notable milestones in curl history that were
|
missing. Primarily more recent ones but I also noted some older that
|
could be worth mentioning.
|
|
[ci skip]
|
Closes #3257
|
|
Daniel Gustafsson (9 Nov 2018)
|
- KNOWN_BUGS: add --proxy-any connection issue
|
|
Add the identified issue with --proxy-any and proxy servers which
|
advertise authentication schemes other than the supported one.
|
|
Closes #876
|
Closes #3250
|
Reported-by: NTMan on Github
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (9 Nov 2018)
|
- [Jim Fuller brought this change]
|
|
setopt: add CURLOPT_CURLU
|
|
Allows an application to pass in a pre-parsed URL via a URL handle.
|
|
Closes #3227
|
|
- [Gisle Vanem brought this change]
|
|
docs: ESCape "\n" codes
|
|
Groff / Troff will display a:
|
printaf("Errno: %ld\n", error);
|
as:
|
printf("Errno: %ld0, error);
|
|
when a "\n" is not escaped. Use "\\n" instead.
|
|
Closes #3246
|
|
- curl: --local-port fix followup
|
|
Regression by 52db54869e6.
|
|
Reported-by: infinnovation-dev on github
|
Fixes #3248
|
Closes #3249
|
|
GitHub (7 Nov 2018)
|
- [Gisle Vanem brought this change]
|
|
More "\n" ESCaping
|
|
Daniel Stenberg (7 Nov 2018)
|
- RELEASE-NOTES: synced
|
|
- curl: fix --local-port integer overflow
|
|
The tool's local port command line range parser didn't check for integer
|
overflows and could pass "weird" data to libcurl for this option.
|
libcurl however, has a strict range check for the values so it rejects
|
anything outside of the accepted range.
|
|
Reported-by: Brian Carpenter
|
Closes #3242
|
|
- curl: correct the switch() logic in ourWriteOut
|
|
Follow-up to e431daf013, as I did the wrong correction for a compiler
|
warning. It should be a break and not a fall-through.
|
|
Pointed-out-by: Frank Gevaerts
|
|
- [Frank Gevaerts brought this change]
|
|
curl: add %{stderr} and %{stdout} for --write-out
|
|
Closes #3115
|
|
Daniel Gustafsson (7 Nov 2018)
|
- winssl: be consistent in Schannel capitalization
|
|
The productname from Microsoft is "Schannel", but in infof/failf
|
reporting we use "schannel". This removes different versions.
|
|
Closes #3243
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (7 Nov 2018)
|
- TODO: Have the URL API offer IDN decoding
|
|
Similar to how URL decoding/encoding is done, we could have URL
|
functions to convert IDN host names to punycode.
|
|
Suggested-by: Alexey Melnichuk
|
Closes #3232
|
|
- urlapi: only skip encoding the first '=' with APPENDQUERY set
|
|
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
|
encoding the first to better allow "name=content" for any content.
|
|
Reported-by: Alexey Melnichuk
|
Fixes #3231
|
Closes #3231
|
|
- url: a short host name + port is not a scheme
|
|
The function identifying a leading "scheme" part of the URL considered a
|
few letters ending with a colon to be a scheme, making something like
|
"short:80" to become an unknown scheme instead of a short host name and
|
a port number.
|
|
Extended test 1560 to verify.
|
|
Also fixed test203 to use file_pwd to make it get the correct path on
|
windows. Removed test 2070 since it was a duplicate of 203.
|
|
Assisted-by: Marcel Raad
|
Reported-by: Hagai Auro
|
Fixes #3220
|
Fixes #3233
|
Closes #3223
|
Closes #3235
|
|
- [Sangamkar brought this change]
|
|
libcurl: stop reading from paused transfers
|
|
In the transfer loop it would previously not acknwledge the pause bit
|
and continue until drained or loop ended.
|
|
Closes #3240
|
|
Jay Satiro (6 Nov 2018)
|
- tool: add undocumented option --dump-module-paths for win32
|
|
- Add an undocumented diagnostic option for Windows to show the full
|
paths of all loaded modules regardless of whether or not libcurl
|
initialization succeeds.
|
|
This is needed so that in the CI we can get a list of all DLL
|
dependencies after initialization (when they're most likely to have
|
finished loading) and then package them as artifacts so that a
|
functioning build can be downloaded. Also I imagine it may have some use
|
as a diagnostic for help requests.
|
|
Ref: https://github.com/curl/curl/pull/3103
|
|
Closes https://github.com/curl/curl/pull/3208
|
|
- curl_multibyte: fix a malloc overcalculation
|
|
Prior to this change twice as many bytes as necessary were malloc'd when
|
converting wchar to UTF8. To allay confusion in the future I also
|
changed the variable name for the amount of bytes from len to bytes.
|
|
Closes https://github.com/curl/curl/pull/3209
|
|
Michael Kaufmann (5 Nov 2018)
|
- netrc: don't ignore the login name specified with "--user"
|
|
- for "--netrc", don't ignore the login/password specified with "--user",
|
only ignore the login/password in the URL.
|
This restores the netrc behaviour of curl 7.61.1 and earlier.
|
- fix the documentation of CURL_NETRC_REQUIRED
|
- improve the detection of login/password changes when reading .netrc
|
- don't read .netrc if both login and password are already set
|
|
Fixes #3213
|
Closes #3224
|
|
Patrick Monnerat (5 Nov 2018)
|
- OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
|
|
Daniel Stenberg (5 Nov 2018)
|
- [Yasuhiro Matsumoto brought this change]
|
|
curl: fixed UTF-8 in current console code page (Windows)
|
|
Fixes #3211
|
Fixes #3175
|
Closes #3212
|
|
- TODO: 2.6 multi upkeep
|
|
Closes #3199
|
|
Daniel Gustafsson (5 Nov 2018)
|
- unittest: make 1652 stable across collations
|
|
The previous coding used a format string whose output depended on the
|
current locale of the environment running the test. Since the gist of
|
the test is to have a format string, with the actual formatting being
|
less important, switch to a more stable formatstring with decimals.
|
|
Reported-by: Marcel Raad
|
Closes #3234
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
Daniel Stenberg (5 Nov 2018)
|
- Revert "url: a short host name + port is not a scheme"
|
|
This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2.
|
|
This commit caused test failures on appveyor/windows. Work on fixing them is
|
in #3235.
|
|
- symbols-in-versions: add missing CURLU_ symbols
|
|
...and fix symbol-scan.pl to also scan urlapi.h
|
|
Reported-by: Alexey Melnichuk
|
Fixes #3226
|
Closes #3230
|
|
Daniel Gustafsson (3 Nov 2018)
|
- infof: clearly indicate truncation
|
|
The internal buffer in infof() is limited to 2048 bytes of payload plus
|
an additional byte for NULL termination. Servers with very long error
|
messages can however cause truncation of the string, which currently
|
isn't very clear, and leads to badly formatted output.
|
|
This appends a "...\n" (or just "..." in case the format didn't with a
|
newline char) marker to the end of the string to clearly show
|
that it has been truncated.
|
|
Also include a unittest covering infof() to try and catch any bugs
|
introduced in this quite important function.
|
|
Closes #3216
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
Michael Kaufmann (3 Nov 2018)
|
- tool_getparam: fix some comments
|
|
Daniel Stenberg (3 Nov 2018)
|
- url: a short host name + port is not a scheme
|
|
The function identifying a leading "scheme" part of the URL considered a few
|
letters ending with a colon to be a scheme, making something like "short:80"
|
to become an unknown scheme instead of a short host name and a port number.
|
|
Extended test 1560 to verify.
|
|
Reported-by: Hagai Auro
|
Fixes #3220
|
Closes #3223
|
|
- URL: fix IPv6 numeral address parser
|
|
Regression from 46e164069d1a52. Extended test 1560 to verify.
|
|
Reported-by: tpaukrt on github
|
Fixes #3218
|
Closes #3219
|
|
- travis: remove curl before a normal build
|
|
on Linux. To make sure the test suite runs with its newly build tool and
|
doesn't require an external one present.
|
|
Bug: #3198
|
Closes #3200
|
|
- [Tim RĆ¼hsen brought this change]
|
|
mprintf: avoid unsigned integer overflow warning
|
|
The overflow has no real world impact.
|
Just avoid it for "best practice".
|
|
Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
|
Closes #3184
|
|
- Curl_follow: accept non-supported schemes for "fake" redirects
|
|
When not actually following the redirect and the target URL is only
|
stored for later retrieval, curl always accepted "non-supported"
|
schemes. This was a regression from 46e164069d1a5230.
|
|
Reported-by: Brad King
|
Fixes #3210
|
Closes #3215
|
|
Daniel Gustafsson (2 Nov 2018)
|
- openvms: fix example name
|
|
Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to
|
fix the typo in the name, but missed to update the OpenVMS package
|
files which still looked for the old name.
|
|
Closes #3217
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
Daniel Stenberg (1 Nov 2018)
|
- configure: show CFLAGS, LDFLAGS etc in summary
|
|
To make it easier to understand other people's and remote builds etc.
|
|
Closes #3207
|
|
- version: bump for next cycle
|
|
- axtls: removed
|
|
As has been outlined in the DEPRECATE.md document, the axTLS code has
|
been disabled for 6 months and is hereby removed.
|
|
Use a better supported TLS library!
|
|
Assisted-by: Daniel Gustafsson
|
Closes #3194
|
|
- [marcosdiazr brought this change]
|
|
schannel: make CURLOPT_CERTINFO support using Issuer chain
|
|
Closes #3197
|
|
- travis: build with sanitize=address,undefined,signed-integer-overflow
|
|
... using clang
|
|
Closes #3190
|
|
- schannel: use Curl_ prefix for global private symbols
|
|
Curl_verify_certificate() must use the Curl_ prefix since it is globally
|
available in the lib and otherwise steps outside of our namespace!
|
|
Closes #3201
|
|
Kamil Dudka (1 Nov 2018)
|
- tests: drop http_pipe.py script no longer used
|
|
It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135.
|
|
Closes #3204
|
|
Daniel Stenberg (31 Oct 2018)
|
- runtests: use the local curl for verifying
|
|
... revert the mistaken change brought in commit 8440616f53.
|
|
Reported-by: Alessandro Ghedini
|
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
|
|
Closes #3198
|
|
Version 7.62.0 (30 Oct 2018)
|
|
Daniel Stenberg (30 Oct 2018)
|
- RELEASE-NOTES: 7.62.0
|
|
- THANKS: 7.62.0 status
|
|
Daniel Gustafsson (30 Oct 2018)
|
- vtls: add MesaLink to curl_sslbackend enum
|
|
MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
|
backend was never added to the curl_sslbackend enum in curl/curl.h.
|
This adds the new backend to the enum and updates the relevant docs.
|
|
Closes #3195
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (30 Oct 2018)
|
- [Ruslan Baratov brought this change]
|
|
cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable
|
|
Closes #3191
|
|
- test2080: verify the fix for CVE-2018-16842
|
|
- voutf: fix bad arethmetic when outputting warnings to stderr
|
|
CVE-2018-16842
|
Reported-by: Brian Carpenter
|
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
|
|
- [Tuomo Rinne brought this change]
|
|
cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in
|
|
Closes #3123
|
|
- [Tuomo Rinne brought this change]
|
|
cmake: add find_dependency call for ZLIB to CMake config file
|
|
- [Tuomo Rinne brought this change]
|
|
cmake: add support for transitive ZLIB target
|
|
- unit1650: fix "null pointer passed as argument 1 to memcmp"
|
|
Detected by UndefinedBehaviorSanitizer
|
|
Closes #3187
|
|
- travis: add a "make tidy" build that runs clang-tidy
|
|
Closes #3182
|
|
- unit1300: fix stack-use-after-scope AddressSanitizer warning
|
|
Closes #3186
|
|
- Curl_auth_create_plain_message: fix too-large-input-check
|
|
CVE-2018-16839
|
Reported-by: Harry Sintonen
|
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
|
|
- Curl_close: clear data->multi_easy on free to avoid use-after-free
|
|
Regression from b46cfbc068 (7.59.0)
|
CVE-2018-16840
|
Reported-by: Brian Carpenter (Geeknik Labs)
|
|
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
|
|
- [randomswdev brought this change]
|
|
system.h: use proper setting with Sun C++ as well
|
|
system.h selects the proper Sun settings when __SUNPRO_C is defined. The
|
Sun compiler does not define it when compiling C++ files. I'm adding a
|
check also on __SUNPRO_CC to allow curl to work properly also when used
|
in a C++ project on Sun Solaris.
|
|
Closes #3181
|
|
- rand: add comment to skip a clang-tidy false positive
|
|
- test1651: unit test Curl_extract_certinfo()
|
|
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
|
|
- x509asn1: always check return code from getASN1Element()
|
|
- Makefile: add 'tidy' target that runs clang-tidy
|
|
Available in the root, src and lib dirs.
|
|
Closes #3163
|
|
- RELEASE-PROCEDURE: adjust the release dates
|
|
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
|
|
Patrick Monnerat (27 Oct 2018)
|
- x509asn1: suppress left shift on signed value
|
|
Use an unsigned variable: as the signed operation behavior is undefined,
|
this change silents clang-tidy about it.
|
|
Ref: https://github.com/curl/curl/pull/3163
|
Reported-By: Daniel Stenberg
|
|
Michael Kaufmann (27 Oct 2018)
|
- multi: Fix error handling in the SENDPROTOCONNECT state
|
|
If Curl_protocol_connect() returns an error code,
|
handle the error instead of switching to the next state.
|
|
Closes #3170
|
|
Daniel Stenberg (27 Oct 2018)
|
- RELEASE-NOTES: synced
|
|
- openssl: output the correct cipher list on TLS 1.3 error
|
|
When failing to set the 1.3 cipher suite, the wrong string pointer would
|
be used in the error message. Most often saying "(nil)".
|
|
Reported-by: Ricky-Tigg on github
|
Fixes #3178
|
Closes #3180
|
|
- docs/CIPHERS: fix the TLS 1.3 cipher names
|
|
... picked straight from the OpenSSL man page:
|
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
|
|
Reported-by: Ricky-Tigg on github
|
Bug: #3178
|
|
Marcel Raad (27 Oct 2018)
|
- travis: install gnutls-bin package
|
|
This is required for gnutls-serv, which enables a few more tests.
|
|
Closes https://github.com/curl/curl/pull/2958
|
|
Daniel Gustafsson (26 Oct 2018)
|
- ssh: free the session on init failures
|
|
Ensure to clear the session object in case the libssh2 initialization
|
fails.
|
|
It could be argued that the libssh2 error function should be called to
|
get a proper error message in this case. But since the only error path
|
in libssh2_knownhost_init() is memory a allocation failure it's safest
|
to avoid since the libssh2 error handling allocates memory.
|
|
Closes #3179
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (26 Oct 2018)
|
- docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
|
|
... I'm moving it up one week due to travels. The rest stays.
|
|
- [Daniel Gustafsson brought this change]
|
|
openssl: make 'done' a proper boolean
|
|
Closes #3176
|
|
- gtls: Values stored to but never read
|
|
Detected by clang-tidy
|
|
Closes #3176
|
|
- [Alexey Eremikhin brought this change]
|
|
curl.1: --ipv6 mutexes ipv4 (fixed typo)
|
|
Fixes #3171
|
Closes #3172
|
|
- tool_main: make TerminalSettings static
|
|
Reported-by: Gisle Vanem
|
Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819
|
Closes #3161
|
|
- curl-config.in: remove dependency on bc
|
|
Reported-by: Dima Pasechnik
|
Fixes #3143
|
Closes #3174
|
|
- [Gisle Vanem brought this change]
|
|
rtmp: fix for compiling with lwIP
|
|
Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
|
curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt'
|
setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
|
^
|
curl_rtmp.c(41,32): note: expanded from macro 'setsockopt'
|
#define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
|
^
|
Closes #3155
|
|
- configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
|
|
Follow-up to #3166 which did the cmake part of this. This type/define is
|
not used.
|
|
Closes #3168
|
|
- [Ruslan Baratov brought this change]
|
|
cmake: remove unused variables
|
|
Remove variables:
|
* HAVE_SOCKLEN_T
|
* CURL_SIZEOF_CURL_SOCKLEN_T
|
* CURL_TYPEOF_CURL_SOCKLEN_T
|
|
Closes #3166
|
|
Michael Kaufmann (25 Oct 2018)
|
- urldata: Fix comment in header
|
|
The "connecting" function is used by multiple protocols, not only FTP
|
|
- netrc: free temporary strings if memory allocation fails
|
|
- Change the inout parameters after all needed memory has been
|
allocated. Do not change them if something goes wrong.
|
- Free the allocated temporary strings if strdup() fails.
|
|
Closes #3122
|
|
Daniel Stenberg (24 Oct 2018)
|
- [Ruslan Baratov brought this change]
|
|
config: Remove unused SIZEOF_VOIDP
|
|
Closes #3162
|
|
- RELEASE-NOTES: synced
|
|
GitHub (23 Oct 2018)
|
- [Gisle Vanem brought this change]
|
|
Fix for compiling with lwIP (3)
|
|
lwIP on Windows does not have a WSAIoctl() function.
|
But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing.
|
|
Daniel Stenberg (23 Oct 2018)
|
- Curl_follow: return better errors on URL problems
|
|
... by making the converter function global and accessible.
|
|
Closes #3153
|
|
- Curl_follow: remove remaining free(newurl)
|
|
Follow-up to 05564e750e8f0c. This function no longer frees the passed-in
|
URL.
|
|
Reported-by: Michael Kaufmann
|
Bug: https://github.com/curl/curl/commit/05564e750e8f0c79016c680f301ce251e6e86155#commitcomm
|
ent-30985666
|
|
Daniel Gustafsson (23 Oct 2018)
|
- headers: end all headers with guard comment
|
|
Most headerfiles end with a /* <headerguard> */ comment, but it was
|
missing from some. The comment isn't the most important part of our
|
code documentation but consistency has an intrinsic value in itself.
|
This adds header guard comments to the files that were lacking it.
|
|
Closes #3158
|
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Jay Satiro (23 Oct 2018)
|
- CIPHERS.md: Mention the options used to set TLS 1.3 ciphers
|
|
Closes https://github.com/curl/curl/pull/3159
|
|
Daniel Stenberg (20 Oct 2018)
|
- docs/BUG-BOUNTY: the sponsors actually decide the amount
|
|
Retract the previous approach as the sponsors will be the ones to set the
|
final amounts.
|
|
Closes #3152
|
[ci skip]
|
|
- multi: avoid double-free
|
|
Curl_follow() no longer frees the string. Make sure it happens in the
|
caller function, like we normally handle allocations.
|
|
This bug was introduced with the use of the URL API internally, it has
|
never been in a release version
|
|
Reported-by: Dario WeiĆer
|
Closes #3149
|
|
- multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
|
|
Otherwise, closing that handle can still cause surprises!
|
|
Reported-by: Martin Ankerl
|
Fixes #3138
|
Closes #3147
|
|
Marcel Raad (19 Oct 2018)
|
- VS projects: add USE_IPV6
|
|
The Visual Studio builds didn't use IPv6. Add it to all projects since
|
Visual Studio 2008, which is verified to build via AppVeyor.
|
|
Closes https://github.com/curl/curl/pull/3137
|
|
- config_win32: enable LDAPS
|
|
As done in the autotools and CMake builds by default.
|
|
Closes https://github.com/curl/curl/pull/3137
|
|
Daniel Stenberg (18 Oct 2018)
|
- travis: add build for "configure --disable-verbose"
|
|
Closes #3144
|
|
Kamil Dudka (17 Oct 2018)
|
- tool_cb_hdr: handle failure of rename()
|
|
Detected by Coverity.
|
|
Closes #3140
|
Reviewed-by: Jay Satiro
|
|
Daniel Stenberg (17 Oct 2018)
|
- RELEASE-NOTES: synced
|
|
- docs/SECURITY-PROCESS: the hackerone IBB program drops curl
|
|
... now there's only BountyGraph.
|
|
Jay Satiro (16 Oct 2018)
|
- [Matthew Whitehead brought this change]
|
|
x509asn1: Fix SAN IP address verification
|
|
For IP addresses in the subject alternative name field, the length
|
of the IP address (and hence the number of bytes to perform a
|
memcmp on) is incorrectly calculated to be zero. The code previously
|
subtracted q from name.end. where in a successful case q = name.end
|
and therefore addrlen equalled 0. The change modifies the code to
|
subtract name.beg from name.end to calculate the length correctly.
|
|
The issue only affects libcurl with GSKit SSL, not other SSL backends.
|
The issue is not a security issue as IP verification would always fail.
|
|
Fixes #3102
|
Closes #3141
|
|
Daniel Gustafsson (15 Oct 2018)
|
- INSTALL: mention mesalink in TLS section
|
|
Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the
|
MesaLink vtls backend, but missed updating the TLS section containing
|
supported backends in the docs.
|
|
Closes #3134
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Marcel Raad (14 Oct 2018)
|
- nonblock: fix unused parameter warning
|
|
If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not
|
used.
|
|
Michael Kaufmann (13 Oct 2018)
|
- Curl_follow: Always free the passed new URL
|
|
Closes #3124
|
|
Viktor Szakats (12 Oct 2018)
|
- replace rawgit links [ci skip]
|
|
Ref: https://rawgit.com/ "RawGit has reached the end of its useful life"
|
Ref: https://news.ycombinator.com/item?id=18202481
|
Closes https://github.com/curl/curl/pull/3131
|
|
Daniel Stenberg (12 Oct 2018)
|
- docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018
|
|
[ci skip]
|
|
- travis: make distcheck scan for BOM markers
|
|
and remove BOM from projects/wolfssl_override.props
|
|
Closes #3126
|
|
Marcel Raad (11 Oct 2018)
|
- CMake: remove BOM
|
|
Accidentally aded in commit 1bb86057ff07083deeb0b00f8ad35879ec4d03ea.
|
|
Reported-by: Viktor Szakats
|
Ref: https://github.com/curl/curl/pull/3120#issuecomment-428673136
|
|
Daniel Gustafsson (10 Oct 2018)
|
- transfer: fix typo in comment
|
|
Michael Kaufmann (10 Oct 2018)
|
- docs: add "see also" links for SSL options
|
|
- link TLS 1.2 and TLS 1.3 options
|
- link proxy and non-proxy options
|
|
Closes #3121
|
|
Marcel Raad (10 Oct 2018)
|
- AppVeyor: remove BDIR variable that sneaked in again
|
|
Removed in ae762e1abebe3a5fe75658583c85059a0957ef6e, accidentally added
|
again in 9f3be5672dc4dda30ab43e0152e13d714a84d762.
|
|
- CMake: disable -Wpedantic-ms-format
|
|
As done in the autotools build. This is required for MinGW, which
|
supports only %I64 for printing 64-bit values, but warns about it.
|
|
Closes https://github.com/curl/curl/pull/3120
|
|
Viktor Szakats (9 Oct 2018)
|
- ldap: show precise LDAP call in error message on Windows
|
|
Also add a unique but common text ('bind via') to make it
|
easy to grep this specific failure regardless of platform.
|
|
Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468
|
Closes https://github.com/curl/curl/pull/3118
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
Daniel Stenberg (9 Oct 2018)
|
- docs/DEPRECATE: minor reformat to render nicer on web
|
|
Daniel Gustafsson (9 Oct 2018)
|
- CURLOPT_SSL_VERIFYSTATUS: Fix typo
|
|
Changes s/OSCP/OCSP/ and bumps the copyright year due to the change.
|
|
Marcel Raad (9 Oct 2018)
|
- curl_setup: define NOGDI on Windows
|
|
This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h>
|
on MinGW.
|
|
Closes https://github.com/curl/curl/pull/3113
|
|
- Windows: fixes for MinGW targeting Windows Vista
|
|
Classic MinGW has neither InitializeCriticalSectionEx nor
|
GetTickCount64, independent of the target Windows version.
|
|
Closes https://github.com/curl/curl/pull/3113
|
|
Daniel Stenberg (8 Oct 2018)
|
- TODO: fixed 'API for URL parsing/splitting'
|
|
Daniel Gustafsson (8 Oct 2018)
|
- KNOWN_BUGS: Fix various typos
|
|
Closes #3112
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Viktor Szakats (8 Oct 2018)
|
- spelling fixes [ci skip]
|
|
as detected by codespell 1.14.0
|
|
Closes https://github.com/curl/curl/pull/3114
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
Daniel Stenberg (8 Oct 2018)
|
- RELEASE-NOTES: synced
|
|
- curl_ntlm_wb: check aprintf() return codes
|
|
... when they return NULL we're out of memory and MUST return failure.
|
|
closes #3111
|
|
- docs/BUG-BOUNTY: proposed additional docs
|
|
Bug bounty explainer. See https://bountygraph.com/programs/curl
|
|
Closes #3067
|
|
- [Rick Deist brought this change]
|
|
hostip: fix check on Curl_shuffle_addr return value
|
|
Closes #3110
|
|
- FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
|
|
Now FILE transfers send headers to the header callback like HTTP and
|
other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
|
work for FILE in the callbacks.
|
|
Makes "curl -i file://.." and "curl -I file://.." work like before
|
again. Applied the bold header logic to them too.
|
|
Regression from c1c2762 (7.61.0)
|
|
Reported-by: Shaun Jackman
|
Fixes #3083
|
Closes #3101
|
|
Daniel Gustafsson (7 Oct 2018)
|
- gskit: make sure to terminate version string
|
|
In case a very small buffer was passed to the version function, it could
|
result in the buffer not being NULL-terminated since strncpy() doesn't
|
guarantee a terminator on an overflowed buffer. Rather than adding code
|
to terminate (and handle zero-sized buffers), move to using snprintf()
|
instead like all the other vtls backends.
|
|
Closes #3105
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
- TODO: add LD_PRELOAD support on macOS
|
|
Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394.
|
|
- runtests: skip ld_preload tests on macOS
|
|
The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests
|
requiring it.
|
|
Fixes #2394
|
Closes #3106
|
Reported-by: Github user @jakirkham
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Marcel Raad (7 Oct 2018)
|
- AppVeyor: use Debug builds to run tests
|
|
This enables more tests.
|
|
Closes https://github.com/curl/curl/pull/3104
|
|
- AppVeyor: add HTTP_ONLY build
|
|
Closes https://github.com/curl/curl/pull/3104
|
|
- AppVeyor: add WinSSL builds
|
|
Use the oldest and latest Windows SDKs for them.
|
Also, remove all but one OpenSSL build.
|
|
Closes https://github.com/curl/curl/pull/3104
|
|
- AppVeyor: add remaining Visual Studio versions
|
|
This adds Visual Studio 9 and 10 builds.
|
There's no 64-bit VC9 compiler on AppVeyor, so use it as the Win32
|
build. Also, VC9 cannot be used for running the test suite.
|
|
Closes https://github.com/curl/curl/pull/3104
|
|
- AppVeyor: break long line
|
|
Closes https://github.com/curl/curl/pull/3104
|
|
- AppVeyor: remove unused BDIR variable
|
|
Closes https://github.com/curl/curl/pull/3104
|
|
Daniel Stenberg (6 Oct 2018)
|
- test2100: test DoH using IPv4-only
|
|
To make it only send one DoH request and avoid the race condition that
|
could lead to the requests getting sent in reversed order and thus
|
making it hard to compare in the test case.
|
|
Fixes #3107
|
Closes #3108
|
|
- tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too
|
|
[ci skip]
|
|
- RELEASE-NOTES: synced
|
|
- [Dmitry Kostjuchenko brought this change]
|
|
timeval: fix use of weak symbol clock_gettime() on Apple platforms
|
|
Closes #3048
|
|
- doh: keep the IPv4 address in (original) network byte order
|
|
Ideally this will fix the reversed order shown in SPARC tests:
|
|
resp 8: Expected 127.0.0.1 got 1.0.0.127
|
|
Closes #3091
|
|
Jay Satiro (5 Oct 2018)
|
- INTERNALS.md: wrap lines longer than 79
|
|
Daniel Gustafsson (5 Oct 2018)
|
- INTERNALS: escape reference to parameter
|
|
The parameter reference <string> was causing rendering issues in the
|
generated HTML page, as <string> isn't a valid HTML tag. Fix by back-
|
tick escaping it.
|
|
Closes #3099
|
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- checksrc: handle zero scoped ignore commands
|
|
If a !checksrc! disable command specified to ignore zero errors, it was
|
still added to the ignore block even though nothing was ignored. While
|
there were no blocks ignored that shouldn't be ignored, the processing
|
ended with with a warning:
|
|
<filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE)
|
/* !checksrc! disable LONGLINE 0 */
|
^
|
Fix by instead treating a zero ignore as a a badcommand and throw a
|
warning for that one.
|
|
Closes #3096
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- checksrc: enable strict mode and warnings
|
|
Enable strict and warnings mode for checksrc to ensure we aren't missing
|
anything due to bugs in the checking code. This uncovered a few things
|
which are all fixed in this commit:
|
|
* several variables were used uninitialized
|
* several variables were not defined in the correct scope
|
* the whitelist filehandle was read even if the file didn't exist
|
* the enable_warn() call when a disable counter had expired was passing
|
incorrect variables, but since the checkwarn() call is unlikely to hit
|
(the counter is only decremented to zero on actual ignores) it didn't
|
manifest a problem.
|
|
Closes #3090
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
Marcel Raad (5 Oct 2018)
|
- CMake: suppress MSVC warning C4127 for libtest
|
|
It's issued by older Windows SDKs (prior to version 8.0).
|
|
Sergei Nikulov (5 Oct 2018)
|
- Merge branch 'dmitrykos-fix_missing_CMake_defines'
|
|
- [Dmitry Kostjuchenko brought this change]
|
|
cmake: test and set missed defines during configuration
|
|
Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC.
|
|
Closes #3097
|
|
Marcel Raad (5 Oct 2018)
|
- AppVeyor: disable test 500
|
|
It almost always results in
|
"starttransfer vs total: 0.000001 0.000000".
|
I cannot reproduce this locally, so disable it for now.
|
|
Closes https://github.com/curl/curl/pull/3100
|
|
- AppVeyor: set custom install prefix
|
|
CMake's default has spaces and in 32-bit mode parentheses, which result
|
in syntax errors in curl-config.
|
|
Closes https://github.com/curl/curl/pull/3100
|
|
- AppVeyor: Remove non-SSL non-test builds
|
|
They don't add much value.
|
|
Closes https://github.com/curl/curl/pull/3100
|
|
- AppVeyor: run test suite
|
|
Use the preinstalled MSYS2 bash for that.
|
Disable test 1139 as the CMake build doesn't generate curl.1.
|
|
Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224
|
Closes https://github.com/curl/curl/pull/3100
|
|
- AppVeyor: use in-tree build
|
|
Required to run the tests.
|
|
Closes https://github.com/curl/curl/pull/3100
|
|
Daniel Stenberg (4 Oct 2018)
|
- doh: make sure TTL isn't re-inited by second (discarded?) response
|
|
Closes #3092
|
|
- test320: strip out more HTML when comparing
|
|
To make the test case work with different gnutls-serv versions better.
|
|
Reported-by: Kamil Dudka
|
Fixes #3093
|
Closes #3094
|
|
Marcel Raad (4 Oct 2018)
|
- runtests: use Windows paths for Windows curl
|
|
curl generated by CMake's Visual Studio generator has "Windows" in the
|
version number.
|
|
Daniel Stenberg (4 Oct 2018)
|
- [Colin Hogben brought this change]
|
|
tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
|
|
Fix problems caused by differences in treatment of bytes objects between
|
python2 and python3.
|
|
Fixes #2929
|
Closes #3080
|
|
Daniel Gustafsson (3 Oct 2018)
|
- memory: ensure to check allocation results
|
|
The result of a memory allocation should always be checked, as we may
|
run under memory pressure where even a small allocation can fail. This
|
adds checking and error handling to a few cases where the allocation
|
wasn't checked for success. In the ftp case, the freeing of the path
|
variable is moved ahead of the allocation since there is little point
|
in keeping it around across the strdup, and the separation makes for
|
more readable code. In nwlib, the lock is aslo freed in the error path.
|
|
Also bumps the copyright years on affected files.
|
|
Closes #3084
|
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- comment: Fix multiple typos in function parameters
|
|
Ensure that the parameters in the comment match the actual names in the
|
prototype.
|
|
Closes #3079
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- CURLOPT_SSLVERSION.3: fix typos and consistent spelling
|
|
Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was
|
already done in all but a few cases. Also fix a few typos.
|
|
Closes #3076
|
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- SECURITY-PROCESS: make links into hyperlinks
|
|
Use proper Markdown hyperlink format for the Bountygraph links in order
|
for the generated website page to be more user friendly. Also link to
|
the sponsors to give them a little extra credit.
|
|
Closes #3082
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Jay Satiro (3 Oct 2018)
|
- CURLOPT_HEADER.3: fix typo
|
|
- nss: fix nssckbi module loading on Windows
|
|
- Use .DLL extension instead of .so to load modules on Windows.
|
|
Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
|
Reported-by: Maxime Legros
|
|
Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442
|
|
Closes https://github.com/curl/curl/pull/3086
|
|
- data-binary.d: clarify default content-type is x-www-form-urlencoded
|
|
- Advise user that --data-binary sends a default content type of
|
x-www-form-urlencoded, and to have the data treated as arbitrary
|
binary data by the server set the content-type header to octet-stream.
|
|
Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094
|
|
Closes https://github.com/curl/curl/pull/3085
|
|
Marcel Raad (2 Oct 2018)
|
- test1299: use single quotes around asterisk
|
|
Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580
|
|
Daniel Stenberg (2 Oct 2018)
|
- docs/CIPHERS: mention the colon separation for OpenSSL
|
|
Bug: #3077
|
|
- runtests: ignore disabled even when ranges are given
|
|
runtests.pl support running a range of tests, like "44 to 127". Starting
|
now, the code makes sure that even such given ranges will ignore tests
|
that are marked as disabled.
|
|
Disabled tests can still be run by explictly specifying that test
|
number.
|
|
Closes #3075
|
|
- urlapi: starting with a drive letter on win32 is not an abs url
|
|
... and libcurl doesn't support any single-letter URL schemes (if there
|
even exist any) so it should be fairly risk-free.
|
|
Reported-by: Marcel Raad
|
|
Fixes #3070
|
Closes #3071
|
|
Marcel Raad (2 Oct 2018)
|
- doh: fix curl_easy_setopt argument type
|
|
CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
|
MinGW.
|
|
Daniel Stenberg (2 Oct 2018)
|
- RELEASE-NOTES: synced
|
|
Jay Satiro (1 Oct 2018)
|
- [Ruslan Baratov brought this change]
|
|
CMake: Improve config installation
|
|
Use 'GNUInstallDirs' standard module to set destinations of installed
|
files.
|
|
Use uppercase "CURL" names instead of lowercase "curl" to match standard
|
'FindCURL.cmake' CMake module:
|
* https://cmake.org/cmake/help/latest/module/FindCURL.html
|
|
Meaning:
|
* Install 'CURLConfig.cmake' instead of 'curl-config.cmake'
|
* User should call 'find_package(CURL)' instead of 'find_package(curl)'
|
|
Use 'configure_package_config_file' function to generate
|
'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template
|
file smaller and handle components better. E.g. current configuration
|
report no error if user specified unknown components (note: new
|
configuration expects no components, report error if user will try to
|
specify any).
|
|
Closes https://github.com/curl/curl/pull/2849
|
|
Daniel Stenberg (1 Oct 2018)
|
- test1650: make it depend on http/2
|
|
Follow-up to 570008c99da0ccbb as it gets link errors.
|
|
Reported-by: Michael Kaufmann
|
Closes #3068
|
|
- [Nate Prewitt brought this change]
|
|
MANUAL: minor grammar fix
|
|
Noticed a typo reading through the docs.
|
|
Closes #3069
|
|
- doh: only build if h2 enabled
|
|
The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version
|
of HTTP for use with DoH".
|
|
Reported-by: Marcel Raad
|
Closes #3066
|
|
- test2100: require http2 to run
|
|
Reported-by: Marcel Raad
|
Fixes #3064
|
Closes #3065
|
|
- multi: fix memory leak in content encoding related error path
|
|
... a missing multi_done() call.
|
|
Credit to OSS-Fuzz
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728
|
Closes #3063
|
|
- travis: bump the Secure Transport build to use xcode 10
|
|
Due to an issue with travis
|
(https://github.com/travis-ci/travis-ci/issues/9956) we've been using
|
Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as
|
an alternative and as it builds curl+darwinssl fine that seems like a
|
better choice.
|
|
Closes #3062
|
|
- [Rich Turner brought this change]
|
|
curl: enabled Windows VT Support and UTF-8 output
|
|
Enabled Console VT support (if running OS supports VT) in tool_main.c.
|
|
Fixes #3008
|
Closes #3011
|
|
- multi: fix location URL memleak in error path
|
|
Follow-up to #3044 - fix a leak OSS-Fuzz detected
|
Closes #3057
|
|
Sergei Nikulov (28 Sep 2018)
|
- cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...)
|
|
- [Brad King brought this change]
|
|
cmake: Backport to work with CMake 3.0 again
|
|
Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets
|
instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake:
|
bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix
|
issue #2746. This broke support for users on older versions of CMake
|
even if they just want to build curl and do not care whether transitive
|
dependencies work.
|
|
Backport the logic to work with CMake 3.0 again by implementing the
|
fix only when the version of CMake is at least 3.4.
|
|
Marcel Raad (27 Sep 2018)
|
- curl_threads: fix classic MinGW compile break
|
|
Classic MinGW still has _beginthreadex's return type as unsigned long
|
instead of uintptr_t [0]. uintptr_t is not even defined because of [1].
|
|
[0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167
|
[1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90
|
|
Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807
|
Closes https://github.com/curl/curl/pull/3051
|
|
Daniel Stenberg (26 Sep 2018)
|
- configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
|
|
fix a few leftovers
|
|
Fixes #3006
|
Closes #3049
|
|
- [Doron Behar brought this change]
|
|
example/htmltidy: fix include paths of tidy libraries
|
|
Closes #3050
|
|
- RELEASE-NOTES: synced
|
|
- Curl_http2_done: fix memleak in error path
|
|
Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
|
early failures.
|
|
Detected by OSS-Fuzz
|
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
|
Closes #3046
|
|
- http: fix memleak in rewind error path
|
|
If the rewind would fail, a strdup() would not get freed.
|
|
Detected by OSS-Fuzz
|
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
|
Closes #3044
|
|
Viktor Szakats (24 Sep 2018)
|
- test320: fix regression in [ci skip]
|
|
The value in question is coming directly from `gnutls-serv`, so it cannot
|
be modified freely.
|
|
Reported-by: Marcel Raad
|
Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004
|
|
Daniel Stenberg (24 Sep 2018)
|
- Curl_retry_request: fix memory leak
|
|
Detected by OSS-Fuzz
|
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
|
Closes #3042
|
|
- openssl: load built-in engines too
|
|
Regression since 38203f1
|
|
Reported-by: Jean Fabrice
|
Fixes #3023
|
Closes #3040
|
|
- [Christian Heimes brought this change]
|
|
OpenSSL: enable TLS 1.3 post-handshake auth
|
|
OpenSSL 1.1.1 requires clients to opt-in for post-handshake
|
authentication.
|
|
Fixes: https://github.com/curl/curl/issues/3026
|
Signed-off-by: Christian Heimes <christian@python.org>
|
|
Closes https://github.com/curl/curl/pull/3027
|
|
- [Even Rouault brought this change]
|
|
Curl_dedotdotify(): always nul terminate returned string.
|
|
This fixes potential out-of-buffer access on "file:./" URL
|
|
$ valgrind curl "file:./"
|
==24516== Memcheck, a memory error detector
|
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
|
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
|
==24516== Command: /home/even/install-curl-git/bin/curl file:./
|
==24516==
|
==24516== Conditional jump or move depends on uninitialised value(s)
|
==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==24516== by 0x4EBB315: seturl (urlapi.c:801)
|
==24516== by 0x4EBB568: parseurl (urlapi.c:861)
|
==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199)
|
==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044)
|
==24516== by 0x4E67AEF: create_conn (url.c:3613)
|
==24516== by 0x4E68A4F: Curl_connect (url.c:4119)
|
==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440)
|
==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173)
|
==24516== by 0x4E7558C: easy_transfer (easy.c:686)
|
==24516== by 0x4E75801: easy_perform (easy.c:779)
|
==24516== by 0x4E75868: curl_easy_perform (easy.c:798)
|
|
Was originally spotted by
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
|
Credit to OSS-Fuzz
|
|
Closes #3039
|
|
Viktor Szakats (23 Sep 2018)
|
- update URLs in tests
|
|
- and one in docs/MANUAL as well
|
|
Closes https://github.com/curl/curl/pull/3038
|
|
- whitespace fixes
|
|
- replace tabs with spaces where possible
|
- remove line ending spaces
|
- remove double/triple newlines at EOF
|
- fix a non-UTF-8 character
|
- cleanup a few indentations/line continuations
|
in manual examples
|
|
Closes https://github.com/curl/curl/pull/3037
|
|
Daniel Stenberg (23 Sep 2018)
|
- http: add missing return code check
|
|
Detected by Coverity. CID 1439610.
|
|
Follow-up from 46e164069d1a523
|
|
Closes #3034
|
|
- ftp: don't access pointer before NULL check
|
|
Detected by Coverity. CID 1439611.
|
|
Follow-up from 46e164069d1a523
|
|
- unit1650: fix out of boundary access
|
|
Fixes #2987
|
Closes #3035
|
|
Viktor Szakats (23 Sep 2018)
|
- docs/examples: URL updates
|
|
- also update two URLs outside of docs/examples
|
- fix spelling of filename persistant.c
|
- fix three long lines that started failing checksrc.pl
|
|
Closes https://github.com/curl/curl/pull/3036
|
|
- examples/Makefile.m32: sync with core [ci skip]
|
|
also:
|
- fix two warnings in synctime.c (one of them Windows-specific)
|
- upgrade URLs in synctime.c and remove a broken one
|
|
Closes https://github.com/curl/curl/pull/3033
|
|
Daniel Stenberg (22 Sep 2018)
|
- examples/parseurl.c: show off the URL API a bit
|
|
Closes #3030
|
|
- SECURITY-PROCESS: mention the bountygraph program [ci skip]
|
|
Closes #3032
|
|
- url: use the URL API internally as well
|
|
... to make it a truly unified URL parser.
|
|
Closes #3017
|
|
Viktor Szakats (22 Sep 2018)
|
- URL and mailmap updates, remove an obsolete directory [ci skip]
|
|
Closes https://github.com/curl/curl/pull/3031
|
|
Daniel Stenberg (22 Sep 2018)
|
- RELEASE-NOTES: synced
|
|
- configure: force-use -lpthreads on HPUX
|
|
When trying to detect pthreads use on HPUX the checks will succeed
|
without the correct -l option but then end up failing at run-time.
|
|
Reported-by: Eason-Yu on github
|
Fixes #2697
|
Closes #3025
|
|
- [Erik Minekus brought this change]
|
|
Curl_saferealloc: Fixed typo in docblock
|
|
Closes #3029
|
|
- urlapi: fix support for address scope in IPv6 numerical addresses
|
|
Closes #3024
|
|
- [Loganaden Velvindron brought this change]
|
|
GnutTLS: TLS 1.3 support
|
|
Closes #2971
|
|
- TODO: c-ares and CURLOPT_OPENSOCKETFUNCTION
|
|
Removed DoH.
|
|
Closes #2734
|
|
Jay Satiro (20 Sep 2018)
|
- vtls: fix ssl version "or later" behavior change for many backends
|
|
- Treat CURL_SSLVERSION_MAX_NONE the same as
|
CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use
|
the minimum version also as the maximum.
|
|
This is a follow-up to 6015cef which changed the behavior of setting
|
the SSL version so that the requested version would only be the minimum
|
and not the maximum. It appears it was (mostly) implemented in OpenSSL
|
but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to
|
mean use just TLS v1.0 and now it means use TLS v1.0 *or later*.
|
|
- Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL.
|
|
Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was
|
erroneously treated as always TLS 1.3, and would cause an error if
|
OpenSSL was built without TLS 1.3 support.
|
|
Co-authored-by: Daniel Gustafsson
|
|
Fixes https://github.com/curl/curl/issues/2969
|
Closes https://github.com/curl/curl/pull/3012
|
|
Daniel Stenberg (20 Sep 2018)
|
- certs: generate tests certs with sha256 digest algorithm
|
|
As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:
|
|
"SSL certificate problem: CA signature digest algorithm too weak"
|
|
Closes #3014
|
|
- urlapi: document the error codes, remove two unused ones
|
|
Assisted-by: Daniel Gustafsson
|
Closes #3019
|
|
- urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance
|
|
In order for this API to fully work for libcurl itself, it now offers a
|
CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
|
name prefix just like libcurl always did. If there's no known prefix, it
|
will guess "http://".
|
|
Separately, it relaxes the check of the host name so that IDN host names
|
can be passed in as well.
|
|
Both these changes are necessary for libcurl itself to use this API.
|
|
Assisted-by: Daniel Gustafsson
|
Closes #3018
|
|
Kamil Dudka (19 Sep 2018)
|
- nss: try to connect even if libnssckbi.so fails to load
|
|
One can still use CA certificates stored in NSS database.
|
|
Reported-by: Maxime Legros
|
Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
|
|
Closes #3016
|
|
Daniel Gustafsson (19 Sep 2018)
|
- urlapi: don't set value which is never read
|
|
In the CURLUPART_URL case, there is no codepath which invokes url
|
decoding so remove the assignment of the urldecode variable. This
|
fixes the deadstore bug-report from clang static analysis.
|
|
Closes #3015
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- todo: Update reference to already done item
|
|
TODO item 1.1 was implemented in commit 946ce5b61f, update reference
|
to it with instead referencing the implemented option.
|
|
Closes #3013
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (18 Sep 2018)
|
- RELEASE-NOTES: synced
|
|
- [slodki brought this change]
|
|
cmake: don't require OpenSSL if USE_OPENSSL=OFF
|
|
User must have OpenSSL installed even if not used by libcurl at all
|
since 7.61.1 release. Broken at
|
7867aaa9a01decf93711428462335be8cef70212
|
|
Reviewed-by: Sergei Nikulov
|
Closes #3001
|
|
- curl_multi_wait: call getsock before figuring out timeout
|
|
.... since getsock may update the expiry timer.
|
|
Fixes #2996
|
Closes #3000
|
|
- examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
|
|
Closes #3004
|
|
Daniel Gustafsson (18 Sep 2018)
|
- darwinssl: Fix realloc memleak
|
|
The reallocation was using the input pointer for the return value, which
|
leads to a memory leak on reallication failure. Fix by instead use the
|
safe internal API call Curl_saferealloc().
|
|
Closes #3005
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
|
|
- [Kruzya brought this change]
|
|
examples: Fix memory leaks from realloc errors
|
|
Make sure to not overwrite the reallocated pointer in realloc() calls
|
to avoid a memleak on memory errors.
|
|
- memory: add missing curl_printf header
|
|
ftp_send_command() was using vsnprintf() without including the libcurl
|
*rintf() replacement header. Fix by including curl_printf.h and also
|
add curl_memory.h while at it since memdebug.h depends on it.
|
|
Closes #2999
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (16 Sep 2018)
|
- [Si brought this change]
|
|
curl: update --tlsv* descriptions in --help output
|
|
Closes #2994
|
|
- http: made Curl_add_buffer functions take a pointer-pointer
|
|
... so that they can clear the original pointer on failure, which makes
|
the error-paths and their cleanups easier.
|
|
Closes #2992
|
|
- http2: fix memory leaks on error-path
|
|
- [Rikard Falkeborn brought this change]
|
|
libtest: Add chkdecimalpoint to .gitignore
|
|
Closes #2998
|
|
Viktor Szakats (14 Sep 2018)
|
- secure Openwall URLs
|
|
Daniel Stenberg (14 Sep 2018)
|
- openssl: show "proper" version number for libressl builds
|
|
Closes #2989
|
|
- [Rainer Jung brought this change]
|
|
openssl: assume engine support in 0.9.8 or later
|
|
Fixes #2983
|
Closes #2988
|
|
Daniel Gustafsson (13 Sep 2018)
|
- sendf: use failf() rather than Curl_failf()
|
|
The failf() macro is the name used for invoking Curl_failf(). While
|
there isn't a way to turn off failf like there is for infof, but it's
|
still a good idea to use the macro.
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- sendf: Fix whitespace in infof/failf concatenation
|
|
Strings broken on multiple rows in the .c file need to have appropriate
|
whitespace padding on either side of the concatenation point to render
|
a correct amalgamated string. Fix by adding a space at the occurrences
|
found.
|
|
Closes #2986
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- krb5: fix memory leak in krb_auth
|
|
The FTP command allocated by aprintf() must be freed after usage.
|
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- ftp: include command in Curl_ftpsend sendbuffer
|
|
Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed
|
the actual command to be sent from the send buffer in a refactoring.
|
Add back copying the command into the buffer. Also add more guards
|
against malformed input while at it.
|
|
Closes #2985
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
- ntlm_wb: Fix memory leaks in ntlm_wb_response
|
|
When erroring out on a request being too large, the existing buffer was
|
leaked. Fix by explicitly freeing on the way out.
|
|
Closes #2966
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Daniel Stenberg (13 Sep 2018)
|
- [Yiming Jing brought this change]
|
|
travis: build the MesaLink vtls backend with MesaLink 0.7.1
|
|
- [Yiming Jing brought this change]
|
|
runtests.pl: run tests against the MesaLink vtls backend
|
|
- [Yiming Jing brought this change]
|
|
vtls: add a MesaLink vtls backend
|
|
Closes #2984
|
|
- [Yiming Jing brought this change]
|
|
configure.ac: add a MesaLink vtls backend
|
|
- [Dave Reisner brought this change]
|
|
curl_url_set.3: properly escape \n in example code
|
|
This yields
|
|
"the scheme is %s\n"
|
|
instead of
|
|
"the scheme is %s0
|
|
Closes #2970
|
|
- [Dave Reisner brought this change]
|
|
curl_url_set.3: fix typo in reference to CURLU_APPENDQUERY
|
|
- urlglob: improve error message
|
|
to help user understand what the problem is
|
|
Reported-by: Daniel Shahaf
|
|
Fixes #2763
|
Closes #2977
|
|
- [Yiming Jing brought this change]
|
|
tests/certs: rebuild certs with 2048-bit RSA keys
|
|
The previous test certificates contained RSA keys of only 1024 bits.
|
However, RSA claims that 1024-bit RSA keys are likely to become
|
crackable some time before 2010. The NIST recommends at least 2048-bit
|
keys for RSA for now.
|
|
Better use full 2048 also for testing.
|
|
Closes #2973
|
|
Daniel Gustafsson (12 Sep 2018)
|
- TODO: fix typo in item
|
|
Closes #2968
|
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Marcel Raad (12 Sep 2018)
|
- anyauthput: fix compiler warning on 64-bit Windows
|
|
On Windows, the read function from <io.h> is used, which has its byte
|
count parameter as unsigned int instead of size_t.
|
|
Closes https://github.com/curl/curl/pull/2972
|
|
Viktor Szakats (12 Sep 2018)
|
- lib: fix gcc8 warning on Windows
|
|
Closes https://github.com/curl/curl/pull/2979
|
|
Jay Satiro (12 Sep 2018)
|
- openssl: fix gcc8 warning
|
|
- Use memcpy instead of strncpy to copy a string without termination,
|
since gcc8 warns about using strncpy to copy as many bytes from a
|
string as its length.
|
|
Suggested-by: Viktor Szakats
|
|
Closes https://github.com/curl/curl/issues/2980
|
|
Daniel Stenberg (10 Sep 2018)
|
- libcurl-url.3: overview man page for the URL API
|
|
Closes #2967
|
|
- example/asiohiper: insert warning comment about its status
|
|
This example is simply not working correctly but there's nobody around
|
with the skills and energy to fix it.
|
|
Closes #2407
|
|
Kamil Dudka (10 Sep 2018)
|
- docs/cmdline-opts: update the documentation of --tlsv1.0
|
|
... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9
|
|
Closes #2955
|
|
- docs/examples: do not wait when no transfers are running
|
|
Closes #2948
|
|
Daniel Stenberg (10 Sep 2018)
|
- [Daniel Gustafsson brought this change]
|
|
cookies: Move failure case label to end of function
|
|
Rather than jumping backwards to where failure cleanup happens
|
to be performed, move the failure case to end of the function
|
where it is expected per existing coding convention.
|
|
Closes #2965
|
|
- [Daniel Gustafsson brought this change]
|
|
misc: fix typos in comments
|
|
Closes #2963
|
|
- [Daniel Gustafsson brought this change]
|
|
cookies: fix leak when writing cookies to file
|
|
If the formatting fails, we error out on a fatal error and
|
clean up on the way out. The array was however freed within
|
the wrong scope and was thus never freed in case the cookies
|
were written to a file instead of STDOUT.
|
|
Closes #2957
|
|
- [Daniel Gustafsson brought this change]
|
|
cookies: Remove redundant expired check
|
|
Expired cookies have already been purged at a later expiration time
|
before this check, so remove the redundant check.
|
|
closes #2962
|
|
- ntlm_wb: bail out if the response gets overly large
|
|
Exit the realloc() loop if the response turns out ridiculously large to
|
avoid worse problems.
|
|
Reported-by: Harry Sintonen
|
Closes #2959
|
|
- [Daniel Gustafsson brought this change]
|
|
url.c: fix comment typo and indentation
|
|
Closes #2960
|
|
- urlapi: avoid derefencing a possible NULL pointer
|
|
Coverity CID 1439134
|
|
- RELEASE-NOTES: synced
|
|
Marcel Raad (8 Sep 2018)
|
- test324: fix after 3f3b26d6feb0667714902e836af608094235fca2
|
|
The expected error code is now 60. 51 is dead.
|
|
Daniel Stenberg (8 Sep 2018)
|
- curl_url_set.3: correct description
|
|
- curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0
|
|
- URL-API
|
|
See header file and man pages for API. All documented API details work
|
and are tested in the 1560 test case.
|
|
Closes #2842
|
|
- curl_easy_upkeep: removed 'conn' from the name
|
|
... including the associated option.
|
|
Fixes #2951
|
Closes #2952
|
|
- [Max Dymond brought this change]
|
|
upkeep: add a connection upkeep API: curl_easy_conn_upkeep()
|
|
Add functionality so that protocols can do custom keepalive on their
|
connections, when an external API function is called.
|
|
Add docs for the new options in 7.62.0
|
|
Closes #1641
|
|
- [Philipp Waehnert brought this change]
|
|
configure: add option to disable automatic OpenSSL config loading
|
|
Sometimes it may be considered a security risk to load an external
|
OpenSSL configuration automatically inside curl_global_init(). The
|
configuration option --disable-ssl-auto-load-config disables this
|
automatism. The Windows build scripts winbuild/Makefile.vs provide a
|
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
|
value.
|
|
Setting neither of these options corresponds to the previous behavior
|
loading the external OpenSSL configuration automatically.
|
|
Fixes #2724
|
Closes #2791
|
|
- doh: minor edits to please Coverity
|
|
The gcc typecheck macros and coverity combined made it warn on the 2nd
|
argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.
|
|
Coverity CID 1439115 and CID 1439114.
|
|
- schannel: avoid switch-cases that go to default anyway
|
|
SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
|
mingw and would require an ifdef otherwise.
|
|
Reported-by: Thomas Glanzmann
|
Approved-by: Marc Hƶrsken
|
Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
|
Closes #2950
|
|
- [Nicklas AvƩn brought this change]
|
|
imap: change from "FETCH" to "UID FETCH"
|
|
... and add "MAILINDEX".
|
|
As described in #2789, this is a suggested solution. Changing UID=xx to
|
actually get mail with UID xx and add "MAILINDEX" to get a mail with a
|
special index in the mail box (old behavior). So MAILINDEX=1 gives the
|
first non deleted mail in the mail box.
|
|
Fixes #2789
|
Closes #2815
|
|
- CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
|
|
This is step 3 of #2888.
|
|
Fixes #2888
|
Closes #2896
|
|
- travis: add the DOH tests to the torture testing
|
|
- DOH: add test case 1650 and 2100
|
|
- curl: --doh-url added
|
|
- setopt: add CURLOPT_DOH_URL
|
|
Closes #2668
|
|
- [Han Han brought this change]
|
|
ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
|
|
Long live CURLE_PEER_FAILED_VERIFICATION
|
|
- [Han Han brought this change]
|
|
x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
|
|
CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
|
does not allocate memory internally as its first argument is a pointer
|
to the certificate structure. The same error code is also returned by
|
Curl_verifyhost when its call to Curl_parseX509 fails so the change
|
makes error handling more consistent.
|
|
- [Han Han brought this change]
|
|
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
|
|
Failure to extract the issuer name from the server certificate should
|
return a more specific error code like on other TLS backends.
|
|
- [Han Han brought this change]
|
|
schannel: unified error code handling
|
|
Closes #2901
|
|
- [Han Han brought this change]
|
|
darwinssl: more specific and unified error codes
|
|
Closes #2901
|
|
- CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
|
|
Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
|
deprecation and complete removal in six months.
|
|
Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
|
Closes #2942
|
|
- url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
|
|
Closes #2709
|
|
- multiplex: enable by default
|
|
Starting 7.62.0, multiplexing is enabled by default in multi handles.
|
|
- [Jim Fuller brought this change]
|
|
tests: add unit tests for url.c
|
|
Approved-by: Daniel Gustafsson
|
Closes #2937
|
|
- test1452: mark as flaky
|
|
makes it not run in the CI builds
|
|
Closes #2941
|
|
- pipelining: deprecated
|
|
Transparently. The related curl_multi_setopt() options all still returns
|
OK when pipelining is selected.
|
|
To re-enable the support, the single line change in lib/multi.c needs to
|
be reverted.
|
|
See docs/DEPRECATE.md
|
|
Closes #2705
|
|
- RELEASE-NOTES: start working on 7.62.0
|
|
Version 7.61.1 (4 Sep 2018)
|
|
Daniel Stenberg (4 Sep 2018)
|
- THANKS: 7.61.1 status
|
|
- RELEASE-NOTES: 7.61.1
|
|
- Curl_getoff_all_pipelines: ignore unused return values
|
|
Since scan-build would warn on the dead "Dead store/Dead increment"
|
|
Viktor Szakats (4 Sep 2018)
|
- sftp: fix indentation
|
|
Daniel Stenberg (4 Sep 2018)
|
- [PrzemysÅaw Tomaszewski brought this change]
|
|
sftp: don't send post-qoute sequence when retrying a connection
|
|
Fixes #2939
|
Closes #2940
|
|
Kamil Dudka (3 Sep 2018)
|
- url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
|
|
This is a follow-up to PR #2607 and PR #2926.
|
|
Closes #2936
|
|
Daniel Stenberg (3 Sep 2018)
|
- [Jay Satiro brought this change]
|
|
tool_operate: Add http code 408 to transient list for --retry
|
|
- Treat 408 request timeout as transient so that curl will retry the
|
request if --retry was used.
|
|
Closes #2925
|
|
- [Jay Satiro brought this change]
|
|
openssl: Fix setting TLS 1.3 cipher suites
|
|
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
|
missing.
|
|
Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
|
Reported-by: Kamil Dudka
|
|
Closes #2926
|
|
- Curl_ntlm_core_mk_nt_hash: return error on too long password
|
|
... since it would cause an integer overflow if longer than (max size_t
|
/ 2).
|
|
This is CVE-2018-14618
|
|
Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
|
Closes #2756
|
Reported-by: Zhaoyang Wu
|
|
- [Rikard Falkeborn brought this change]
|
|
http2: Use correct format identifier for stream_id
|
|
Closes #2928
|
|
Marcel Raad (2 Sep 2018)
|
- test1148: fix precheck output
|
|
"precheck command error" is not very helpful.
|
|
Daniel Stenberg (1 Sep 2018)
|
- all: s/int/size_t cleanup
|
|
Assisted-by: Rikard Falkeborn
|
|
Closes #2922
|
|
- ssh-libssh: use FALLTHROUGH to silence gcc8
|
|
Jay Satiro (31 Aug 2018)
|
- tool_operate: Fix setting proxy TLS 1.3 ciphers
|
|
Daniel Stenberg (31 Aug 2018)
|
- [Daniel Gustafsson brought this change]
|
|
cookies: support creation-time attribute for cookies
|
|
According to RFC6265 section 5.4, cookies with equal path lengths
|
SHOULD be sorted by creation-time (earlier first). This adds a
|
creation-time record to the cookie struct in order to make cookie
|
sorting more deterministic. The creation-time is defined as the
|
order of the cookies in the jar, the first cookie read fro the
|
jar being the oldest. The creation-time is thus not serialized
|
into the jar. Also remove the strcmp() matching in the sorting as
|
there is no lexicographic ordering in RFC6265. Existing tests are
|
updated to match.
|
|
Closes #2524
|
|
Marcel Raad (31 Aug 2018)
|
- Don't use Windows path %PWD for SSH tests
|
|
All these tests failed on Windows because something like
|
sftp://%HOSTIP:%SSHPORT%PWD/
|
expanded to
|
sftp://127.0.0.1:1234c:/msys64/home/bla/curl
|
and then curl complained about the port number ending with a letter.
|
|
Use the original POSIX path instead of the Windows path created in
|
checksystem to fix this.
|
|
Closes https://github.com/curl/curl/pull/2920
|
|
Jay Satiro (29 Aug 2018)
|
- CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning
|
|
Reported-by: Daniel Stenberg
|
|
Closes https://github.com/curl/curl/issues/2916
|
|
Daniel Stenberg (28 Aug 2018)
|
- THANKS-filter: dedup Daniel JeliÅski
|
|
- RELEASE-NOTES: synced
|
|
- CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip]
|
|
- CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip]
|
|
Added a warning!
|
|
Closes #2915
|
|
- curl: fix time-of-check, time-of-use race in dir creation
|
|
Patch-by: Jay Satiro
|
Detected by Coverity
|
Fixes #2739
|
Closes #2912
|
|
- cmdline-opts/page-footer: fix edit mistake
|
|
There was a missing newline.
|
|
follow-up to a7ba60bb7250
|
|
- docs: clarify NO_PROXY env variable functionality
|
|
Reported-by: Kirill Marchuk
|
Fixes #2773
|
Closes #2911
|
|
Marcel Raad (24 Aug 2018)
|
- lib1522: fix curl_easy_setopt argument type
|
|
CURLOPT_POSTFIELDSIZE is a long option.
|
|
- curl_threads: silence bad-function-cast warning
|
|
As uintptr_t and HANDLE are always the same size, this warning is
|
harmless. Just silence it using an intermediate uintptr_t variable.
|
|
Closes https://github.com/curl/curl/pull/2908
|
|
Daniel Stenberg (24 Aug 2018)
|
- README: add appveyor build badge [ci skip]
|
|
Closes #2913
|
|
- [Ihor Karpenko brought this change]
|
|
schannel: client certificate store opening fix
|
|
1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
|
while opening certificate store would be sufficient in this scenario and
|
less-demanding in sense of required user credentials ( for example,
|
IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
|
call without any of flags mentioned above ),
|
|
2) as 'cert_store_name' is a DWORD, attempt to format its value like a
|
string ( in "Failed to open cert store" error message ) will throw null
|
pointer exception
|
|
3) adding GetLastError(), in my opinion, will make error message more
|
useful.
|
|
Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
|
|
Closes #2909
|
|
- [Leonardo Taccari brought this change]
|
|
gopher: Do not translate `?' to `%09'
|
|
Since GOPHER support was added in curl `?' character was automatically
|
translated to `%09' (`\t').
|
|
However, this behaviour does not seems documented in RFC 4266 and for
|
search selectors it is documented to directly use `%09' in the URL.
|
Apart that several gopher servers in the current gopherspace have CGI
|
support where `?' is used as part of the selector and translating it to
|
`%09' often leads to surprising results.
|
|
Closes #2910
|
|
Marcel Raad (23 Aug 2018)
|
- cookie tests: treat files as text
|
|
Fixes test failures because of wrong line endings on Windows.
|
|
Daniel Stenberg (23 Aug 2018)
|
- libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
|
|
Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to
|
avoid the risk of getting a SIGPIPE.
|
|
Either way, a multi-threaded application that uses libcurl/openssl needs
|
to have a signhandler for or ignore SIGPIPE on its own.
|
|
Based on discussions in #2800
|
Closes #2904
|
|
- RELEASE-NOTES: synced
|
|
Marcel Raad (22 Aug 2018)
|
- Tests: fixes for Windows
|
|
- test 1268 requires unix sockets
|
- test 2072 must be disabled also for MSYS/MinGW
|
|
Daniel Stenberg (22 Aug 2018)
|
- http2: abort the send_callback if not setup yet
|
|
When Curl_http2_done() gets called before the http2 data is setup all
|
the way, we cannot send anything and this should just return an error.
|
|
Detected by OSS-Fuzz
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
|
|
- http2: remove four unused nghttp2 callbacks
|
|
Closes #2903
|
|
- x509asn1: use FALLTHROUGH
|
|
... as no other comments are accepted since 014ed7c22f51463
|
|
Marcel Raad (21 Aug 2018)
|
- test1148: disable if decimal separator is not point
|
|
Modifying the locale with environment variables doesn't work for native
|
Windows applications. Just disable the test in this case if the decimal
|
separator is something different than a point. Use a precheck with a
|
small C program to achieve that.
|
|
Closes https://github.com/curl/curl/pull/2786
|
|
- Enable more GCC warnings
|
|
This enables the following additional warnings:
|
-Wold-style-definition
|
-Warray-bounds=2 instead of the default 1
|
-Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not
|
respected for older versions
|
-Wunused-const-variable, which enables level 2 instead of the default 1
|
-Warray-bounds also in debug mode through -ftree-vrp
|
-Wnull-dereference also in debug mode through
|
-fdelete-null-pointer-checks
|
|
Closes https://github.com/curl/curl/pull/2747
|
|
- curl-compilers: enable -Wimplicit-fallthrough=4 for GCC
|
|
This enables level 4 instead of the default level 3, which of the
|
currently used comments only allows /* FALLTHROUGH */ to silence the
|
warning.
|
|
Closes https://github.com/curl/curl/pull/2747
|
|
- curl-compilers: enable -Wbad-function-cast on GCC
|
|
This warning used to be enabled only for clang as it's a bit stricter
|
on GCC. Silence the remaining occurrences and enable it on GCC too.
|
|
Closes https://github.com/curl/curl/pull/2747
|
|
- configure: conditionally enable pedantic-errors
|
|
Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
|
pedantic-errors was synonymous to -Werror=pedantic [0], which is still
|
the case for clang [1]. With GCC 5, it became complementary [2].
|
|
Also fix a resulting error in acinclude.m4 as main's return type was
|
missing, which is illegal in C99.
|
|
[0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
|
[1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
|
[2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html
|
|
Closes https://github.com/curl/curl/pull/2747
|
|
- Remove unused definitions
|
|
Closes https://github.com/curl/curl/pull/2747
|
|
Daniel Stenberg (21 Aug 2018)
|
- x509asn1: make several functions static
|
|
and remove the private SIZE_T_MAX define and use the generic one.
|
|
Closes #2902
|
|
- INTERNALS: require GnuTLS >= 2.11.3
|
|
Since the public pinning support was brought in e644866caf4. GnuTLS
|
2.11.3 was released in October 2010.
|
|
Figured out in #2890
|
|
- http2: avoid set_stream_user_data() before stream is assigned
|
|
... before the stream is started, we have it set to -1.
|
|
Fixes #2894
|
Closes #2898
|
|
- SSLCERTS: improve the openssl command line
|
|
... for extracting certs from a live HTTPS server to make a cacerts.pem
|
from them.
|
|
- docs/SECURITY-PROCESS: now we name the files after the CVE id
|
|
- RELEASE-NOTES: synced
|
|
- upload: change default UPLOAD_BUFSIZE to 64KB
|
|
To make uploads significantly faster in some circumstances.
|
|
Part 2 of #2888
|
Closes #2892
|
|
- upload: allocate upload buffer on-demand
|
|
Saves 16KB on the easy handle for operations that don't need that
|
buffer.
|
|
Part 1 of #2888
|
|
- [Laurent Bonnans brought this change]
|
|
vtls: reinstantiate engine on duplicated handles
|
|
Handles created with curl_easy_duphandle do not use the SSL engine set
|
up in the original handle. This fixes the issue by storing the engine
|
name in the internal url state and setting the engine from its name
|
inside curl_easy_duphandle.
|
|
Reported-by: Anton Gerasimov
|
Signed-of-by: Laurent Bonnans
|
Fixes #2829
|
Closes #2833
|
|
- http2: make sure to send after RST_STREAM
|
|
If this is the last stream on this connection, the RST_STREAM might not
|
get pushed to the wire otherwise.
|
|
Fixes #2882
|
Closes #2887
|
Researched-by: Michael Kaufmann
|
|
- test1268: check the stderr output as "text"
|
|
Follow-up to 099f37e9c57
|
|
Pointed-out-by: Marcel Raad
|
|
- urldata: remove unused pipe_broke struct field
|
|
This struct field is never set TRUE in any existing code path. This
|
change removes the field completely.
|
|
Closes #2871
|
|
- curl: warn the user if a given file name looks like an option
|
|
... simply because this is usually a sign of the user having omitted the
|
file name and the next option is instead "eaten" by the parser as a file
|
name.
|
|
Add test1268 to verify
|
|
Closes #2885
|
|
- http2: check nghttp2_session_set_stream_user_data return code
|
|
Might help bug #2688 debugging
|
|
Closes #2880
|
|
- travis: revert back to gcc-7 for coverage builds
|
|
... since the gcc-8 ones seem to fail frequently.
|
|
Follow-up from b85207199544ca
|
|
Closes #2886
|
|
- RELEASE-NOTES: synced
|
|
... and now listed in alphabetical order!
|
|
- [Adrien brought this change]
|
|
CMake: CMake config files are defining CURL_STATICLIB for static builds
|
|
This change allows to use the CMake config files generated by Curl's
|
CMake scripts for static builds of the library.
|
The symbol CURL_STATIC lib must be defined to compile downstream,
|
thus the config package is the perfect place to do so.
|
|
Fixes #2817
|
Closes #2823
|
Reported-by: adnn on github
|
Reviewed-by: Sergei Nikulov
|
|
- TODO: host name sections in config files
|
|
Kamil Dudka (14 Aug 2018)
|
- ssh-libssh: fix infinite connect loop on invalid private key
|
|
Added test 656 (based on test 604) to verify the fix.
|
|
Bug: https://bugzilla.redhat.com/1595135
|
|
Closes #2879
|
|
- ssh-libssh: reduce excessive verbose output about pubkey auth
|
|
The verbose message "Authentication using SSH public key file" was
|
printed each time the ssh_userauth_publickey_auto() was called, which
|
meant each time a packet was transferred over network because the API
|
operates in non-blocking mode.
|
|
This patch makes sure that the verbose message is printed just once
|
(when the authentication state is entered by the SSH state machine).
|
|
Daniel Stenberg (14 Aug 2018)
|
- travis: disable h2 torture tests for "coverage"
|
|
Since they started to fail almost 100% since a few days.
|
|
Closes #2876
|
|
Marcel Raad (14 Aug 2018)
|
- travis: update to GCC 8
|
|
Closes https://github.com/curl/curl/pull/2869
|
|
Daniel Stenberg (13 Aug 2018)
|
- http: fix for tiny "HTTP/0.9" response
|
|
Deal with tiny "HTTP/0.9" (header-less) responses by checking the
|
status-line early, even before a full "HTTP/" is received to allow
|
detecting 0.9 properly.
|
|
Test 1266 and 1267 added to verify.
|
|
Fixes #2420
|
Closes #2872
|
|
Kamil Dudka (13 Aug 2018)
|
- docs: add disallow-username-in-url.d and haproxy-protocol.d on the list
|
|
... to make make the files appear in distribution tarballs
|
|
Closes #2856
|
|
- .travis.yml: verify that man pages can be regenerated
|
|
... when curl is built from distribution tarball
|
|
Closes #2856
|
|
Marcel Raad (11 Aug 2018)
|
- Split non-portable part off test 1133
|
|
Split off testing file names with double quotes into new test 1158.
|
Disable it for MSYS using a precheck as it doesn't support file names
|
with double quotes (but Cygwin does, for example).
|
|
Fixes https://github.com/curl/curl/issues/2796
|
Closes https://github.com/curl/curl/pull/2854
|
|
Jay Satiro (11 Aug 2018)
|
- projects: Improve Windows perl detection in batch scripts
|
|
- Determine if perl is in the user's PATH by running perl.exe.
|
|
Prior to this change detection was done by checking the PATH for perl/
|
but that did not work in all cases (eg git install includes perl but
|
not in perl/ path).
|
|
Bug: https://github.com/curl/curl/pull/2865
|
Reported-by: Daniel JeliÅski
|
|
- [Michael Kaufmann brought this change]
|
|
docs: Improve the manual pages of some callbacks
|
|
- CURLOPT_HEADERFUNCTION: add newlines
|
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
|
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
|
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
|
how to set it
|
|
Closes https://github.com/curl/curl/pull/2868
|
|
Marcel Raad (11 Aug 2018)
|
- GCC: silence -Wcast-function-type uniformly
|
|
Pointed-out-by: Rikard Falkeborn
|
Closes https://github.com/curl/curl/pull/2860
|
|
- Silence GCC 8 cast-function-type warnings
|
|
On Windows, casting between unrelated function types is fine and
|
sometimes even necessary, so just use an intermediate cast to
|
(void (*) (void)) to silence the warning as described in [0].
|
|
[0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html
|
|
Closes https://github.com/curl/curl/pull/2860
|
|
Daniel Stenberg (11 Aug 2018)
|
- CURLINFO_SIZE_UPLOAD: fix missing counter update
|
|
Adds test 1522 for verification.
|
|
Reported-by: cjmsoregan
|
Fixes #2847
|
Closes #2864
|
|
- [Daniel Jelinski brought this change]
|
|
Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
|
|
Closes #2867
|
|
- RELEASE-NOTES: synced
|
|
- openssl: fix potential NULL pointer deref in is_pkcs11_uri
|
|
Follow-up to 298d2565e
|
Coverity CID 1438387
|
|
Marcel Raad (10 Aug 2018)
|
- travis: execute "set -eo pipefail" for coverage build
|
|
Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and
|
0b87c963252d3504552ee0c8cf4402bd65a80af5.
|
|
Closes https://github.com/curl/curl/pull/2862
|
|
Daniel Stenberg (10 Aug 2018)
|
- lib1502: fix memory leak in torture test
|
|
Reported-by: Marcel Raad
|
Fixes #2861
|
Closes #2863
|
|
- docs: mention NULL is fine input to several functions
|
|
Fixes #2837
|
Closes #2858
|
Reported-by: Markus Elfring
|
|
- [Bas van Schaik brought this change]
|
|
README.md: add LGTM.com code quality grade for C/C++
|
|
Closes #2857
|
|
- [Rikard Falkeborn brought this change]
|
|
test1531: Add timeout
|
|
Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is
|
looping going on, we might as well add timing instead of removing it.
|
|
Closes #2853
|
|
- [Rikard Falkeborn brought this change]
|
|
test1540: Remove unused macro TEST_HANG_TIMEOUT
|
|
The macro has never been used, and it there is not really any place
|
where it would make sense to add timing checks.
|
|
Closes #2852
|
|
- [Rikard Falkeborn brought this change]
|
|
asyn-thread: Remove unused macro
|
|
The macro seems to never have been used.
|
|
Closes #2852
|
|
- [Rikard Falkeborn brought this change]
|
|
http_proxy: Remove unused macro SELECT_TIMEOUT
|
|
Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22.
|
|
Closes #2852
|
|
- [Rikard Falkeborn brought this change]
|
|
formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
|
|
Its usage was removed in
|
84ad1fd3047815f9c6e78728bb351b828eac10b1.
|
|
Closes #2852
|
|
- [Rikard Falkeborn brought this change]
|
|
telnet: Remove unused macros TELOPTS and TELCMDS
|
|
Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51.
|
|
Closes #2852
|
|
- [Daniel Jelinski brought this change]
|
|
openssl: fix debug messages
|
|
Fixes #2806
|
Closes #2843
|
|
- configure: fix for -lpthread detection with OpenSSL and pkg-config
|
|
... by making sure it uses the -I provided by pkg-config!
|
|
Reported-by: pszemus on github
|
Fixes #2848
|
Closes #2850
|
|
- RELEASE-NOTES: synced
|
|
- windows: follow up to the buffer-tuning 1ba1dba7
|
|
Somehow I didn't include the amended version of the previous fix. This
|
is the missing piece.
|
|
Pointed-out-by: Viktor Szakats
|
|
- [Daniel Jelinski brought this change]
|
|
windows: implement send buffer tuning
|
|
Significantly enhances upload performance on modern Windows versions.
|
|
Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html
|
Closes #2762
|
Fixes #2224
|
|
- [Anderson Toshiyuki Sasaki brought this change]
|
|
ssl: set engine implicitly when a PKCS#11 URI is provided
|
|
This allows the use of PKCS#11 URI for certificates and keys without
|
setting the corresponding type as "ENG" and the engine as "pkcs11"
|
explicitly. If a PKCS#11 URI is provided for certificate, key,
|
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
|
if not provided and the engine is set to "pkcs11" if not provided.
|
|
Acked-by: Nikos Mavrogiannopoulos
|
Closes #2333
|
|
- [Ruslan Baratov brought this change]
|
|
CMake: Respect BUILD_SHARED_LIBS
|
|
Use standard CMake variable BUILD_SHARED_LIBS instead of introducing
|
custom option CURL_STATICLIB.
|
|
Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml.
|
|
Reviewed-by: Sergei Nikulov
|
Closes #2755
|
|
- [John Butterfield brought this change]
|
|
cmake: bumped minimum version to 3.4
|
|
Closes #2753
|
|
- [John Butterfield brought this change]
|
|
cmake: link curl to the OpenSSL targets instead of lib absolute paths
|
|
Reviewed-by: Jakub Zakrzewski
|
Reviewed-by: Sergei Nikulov
|
Closes #2753
|
|
- travis: build darwinssl on macos 10.12
|
|
... as building on 10.13.x before 10.13.4 leads to link errors.
|
|
Assisted-by: Nick Zitzmann
|
Fixes #2835
|
Closes #2845
|
|
- DEPRECATE: remove release date from 7.62.0
|
|
Since it will slip and the version is the important part there, not the
|
date.
|
|
- lib/Makefile: only do symbol hiding if told to
|
|
This restores the ability to build a static lib with
|
--disable-symbol-hiding to keep non-curl_ symbols.
|
|
Researched-by: Dan Fandrich
|
Reported-by: Ran Mozes
|
Fixes #2830
|
Closes #2831
|
|
Marcel Raad (2 Aug 2018)
|
- hostip: fix unused variable warning
|
|
addresses is only used in an infof call, which is a macro expanding to
|
nothing if CURL_DISABLE_VERBOSE_STRINGS is set.
|
|
Daniel Stenberg (2 Aug 2018)
|
- test1307: disabled
|
|
Turns out that since we're using the native fnmatch function now when
|
available, and they simply disagree on a huge number of test patterns
|
that make it hard to test this function like this...
|
|
Fixes #2825
|
|
- smb: don't mark it done in smb_do
|
|
Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its
|
doing function too, which requires smb_do() to not mark itself as
|
done...
|
|
Closes #2822
|
|
- [Rikard Falkeborn brought this change]
|
|
general: fix printf specifiers
|
|
Closes #2818
|
|
- RELEASE-NOTES: synced
|
|
- mailmap: Daniel Jelinski
|
|
- [Harry Sintonen brought this change]
|
|
HTTP: Don't attempt to needlessly decompress redirect body
|
|
This change fixes a regression where redirect body would needlessly be
|
decompressed even though it was to be ignored anyway. As it happens this
|
causes secondary issues since there appears to be a bug in apache2 that
|
it in certain conditions generates a corrupt zlib response. The
|
regression was created by commit:
|
dbcced8e32b50c068ac297106f0502ee200a1ebd
|
|
Discovered-by: Harry Sintonen
|
Closes #2798
|
|
- curl: use Content-Disposition before the "URL end" for -OJ
|
|
Regression introduced in 7.61.0
|
|
Reported-by: Thomas Klausner
|
Fixes #2783
|
Closes #2813
|
|
- [Daniel Jelinski brought this change]
|
|
retry: return error if rewind was necessary but didn't happen
|
|
Fixes #2801
|
Closes #2812
|
|
- http2: clear the drain counter in Curl_http2_done
|
|
Reported-by: Andrei Virtosu
|
Fixes #2800
|
Closes #2809
|
|
- smb: fix memory leak on early failure
|
|
... by making sure connection related data (->share) is stored in the
|
connection and not in the easy handle.
|
|
Detected by OSS-fuzz
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
|
Fixes #2769
|
Closes #2810
|
|
- travis: run a 'make checksrc' too
|
|
... to make sure the examples are all checked.
|
|
Closes #2811
|
|
Jay Satiro (29 Jul 2018)
|
- examples/ephiperfifo: checksrc compliance
|
|
- [Michael Kaufmann brought this change]
|
|
sws: handle EINTR when calling select()
|
|
Closes https://github.com/curl/curl/pull/2808
|
|
Daniel Stenberg (29 Jul 2018)
|
- test1157: follow-up to 35ecffb9
|
|
Ignore the user-agent line.
|
Pointed-out-by: Marcel Raad
|
|
Michael Kaufmann (29 Jul 2018)
|
- tests/http_pipe.py: Use /usr/bin/env to find python
|
|
Daniel Stenberg (28 Jul 2018)
|
- TODO: Support Authority Information Access certificate extension (AIA)
|
|
Closes #2793
|
|
- conn_free: updated comment to clarify
|
|
Let's call it disassociate instead of disconnect since the latter term
|
is used so much for (TCP) connections already.
|
|
- test1157: test -H from empty file
|
|
Verifies bugfix #2797
|
|
- [Tobias Blomberg brought this change]
|
|
curl: Fix segfault when -H @headerfile is empty
|
|
The curl binary would crash if the -H command line option was given a
|
filename to read using the @filename syntax but that file was empty.
|
|
Closes #2797
|
|
- mime: check Curl_rand_hex's return code
|
|
Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
|
Reported-by: Jeffrey Walton
|
Closes #2795
|
|
- [Josh Bialkowski brought this change]
|
|
docs/examples: add hiperfifo example using linux epoll/timerfd
|
|
Closes #2804
|
|
- [DarĆo HereƱĆŗ brought this change]
|
|
docs/INSTALL.md: minor formatting fixes
|
|
Closes #2794
|
|
- [Christopher Head brought this change]
|
|
docs/CURLOPT_URL: fix indentation
|
|
The statement, āThe application does not have to keep the string around
|
after setting this option,ā appears to be indented under the RTMP
|
paragraph. It actually applies to all protocols, not just RTMP.
|
Eliminate the extra indentation.
|
|
Closes #2788
|
|
- [Christopher Head brought this change]
|
|
docs/CURLOPT_WRITEFUNCTION: size is always 1
|
|
For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
|
passed two `size_t` parameters which, when multiplied, designate the
|
number of bytes of data passed in. In practice, CURL always sets the
|
first parameter (`size`) to 1.
|
|
This practice is also enshrined in documentation and cannot be changed
|
in future. The documentation states that the default callback is
|
`fwrite`, which means `fwrite` must be a suitable function for this
|
purpose. However, the documentation also states that the callback must
|
return the number of *bytes* it successfully handled, whereas ISO C
|
`fwrite` returns the number of items (each of size `size`) which it
|
wrote. The only way these numbers can be equal is if `size` is 1.
|
|
Since `size` is 1 and can never be changed in future anyway, document
|
that fact explicitly and let users rely on it.
|
|
Closes #2787
|
|
- [Carie Pointer brought this change]
|
|
wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
|
|
RNG structure must be freed by call to FreeRng after its use in
|
Curl_cyassl_random. This call fixes Valgrind failures when running the
|
test suite with wolfSSL.
|
|
Closes #2784
|
|
- [Even Rouault brought this change]
|
|
reuse_conn(): free old_conn->options
|
|
This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
|
connection reuse.
|
|
I found this with oss-fuzz on GDAL and curl master:
|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
|
I couldn't reproduce with the oss-fuzz original test case, but looking
|
at curl source code pointed to this well reproducable leak.
|
|
Closes #2790
|
|
Marcel Raad (25 Jul 2018)
|
- [Daniel Jelinski brought this change]
|
|
system_win32: fix version checking
|
|
In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
|
when run on windows 10.0. This patch addresses that error.
|
|
Closes https://github.com/curl/curl/pull/2792
|
|
Daniel Stenberg (24 Jul 2018)
|
- [Johannes Schindelin brought this change]
|
|
auth: pick Bearer authentication whenever a token is available
|
|
So far, the code tries to pick an authentication method only if
|
user/password credentials are available, which is not the case for
|
Bearer authentictation...
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
Closes #2754
|
|
- [Johannes Schindelin brought this change]
|
|
auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
|
|
The Bearer authentication was added to cURL 7.61.0, but there is a
|
problem: if CURLAUTH_ANY is selected, and the server supports multiple
|
authentication methods including the Bearer method, we strongly prefer
|
that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
|
authentication fails, we will never even try to attempt any other
|
method.
|
|
This is particularly unfortunate when we already know that we do not
|
have any Bearer token to work with.
|
|
Such a scenario happens e.g. when using Git to push to Visual Studio
|
Team Services (which supports Basic and Bearer authentication among
|
other methods) and specifying the Personal Access Token directly in the
|
URL (this aproach is frequently taken by automated builds).
|
|
Let's make sure that we have a Bearer token to work with before we
|
select the Bearer authentication among the available authentication
|
methods.
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
Closes #2754
|
|
Marcel Raad (22 Jul 2018)
|
- test320: treat curl320.out file as binary
|
|
Otherwise, LF line endings are converted to CRLF on Windows,
|
but no conversion is done for the reply, so the test case fails.
|
|
Closes https://github.com/curl/curl/pull/2776
|
|
Daniel Stenberg (22 Jul 2018)
|
- vtls: set conn->data when closing TLS
|
|
Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS
|
layer for a connection still needs a Curl_easy handle for the session_id
|
cache etc.
|
|
Fixes #2764
|
Closes #2771
|
|
Marcel Raad (21 Jul 2018)
|
- tests: fixes for Windows line endlings
|
|
Set mode="text" when line endings depend on the system representation.
|
|
Closes https://github.com/curl/curl/pull/2772
|
|
- test214: disable MSYS2's POSIX path conversion for URL
|
|
By default, the MSYS2 bash converts all backslashes to forward slashes
|
in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
|
|
Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
|
|
Daniel Stenberg (20 Jul 2018)
|
- http2: several cleanups
|
|
- separate easy handle from connections better
|
- added asserts on a number of places
|
- added sanity check of pipelines for debug builds
|
|
Closes #2751
|
|
- smb_getsock: always wait for write socket too
|
|
... the protocol is doing read/write a lot, so it needs to write often
|
even when downloading. A more proper fix could check for eactly when it
|
wants to write and only ask for it then.
|
|
Without this fix, an SMB download could easily get stuck when the event-driven
|
API was used.
|
|
Closes #2768
|
|
Marcel Raad (20 Jul 2018)
|
- test1143: disable MSYS2's POSIX path conversion
|
|
By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
|
as a POSIX file list and converts it to a Windows file list.
|
Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
|
|
Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
|
Closes https://github.com/curl/curl/pull/2765
|
|
Daniel Stenberg (18 Jul 2018)
|
- RELEASE-NOTES: sync
|
|
... and work toward 7.61.1
|
|
- [Ruslan Baratov brought this change]
|
|
CMake: Update scripts to use consistent style
|
|
Closes #2727
|
Reviewed-by: Sergei Nikulov
|
|
- header output: switch off all styles, not just unbold
|
|
... the "unbold" sequence doesn't work on the mac Terminal.
|
|
Reported-by: Zero King
|
Fixes #2736
|
Closes #2738
|
|
Nick Zitzmann (14 Jul 2018)
|
- [Rodger Combs brought this change]
|
|
darwinssl: add support for ALPN negotiation
|
|
Marcel Raad (14 Jul 2018)
|
- test1422: add required file feature
|
|
curl configured with --enable-debug --disable-file currently complains
|
on test1422:
|
Info: Protocol "file" not supported or disabled in libcurl
|
|
Make test1422 dependend on enabled FILE protocol to fix this.
|
|
Fixes https://github.com/curl/curl/issues/2741
|
Closes https://github.com/curl/curl/pull/2742
|
|
Patrick Monnerat (12 Jul 2018)
|
- content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
|
|
Some servers issue raw deflate data that may be followed by an undocumented
|
trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
|
before considering the data is in error.
|
|
Reported-by: clbr on github
|
Fixes #2719
|
|
Daniel Stenberg (12 Jul 2018)
|
- smb: fix memory-leak in URL parse error path
|
|
Detected by OSS-Fuzz
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
|
Closes #2740
|
|
Marcel Raad (12 Jul 2018)
|
- schannel: enable CALG_TLS1PRF for w32api >= 5.1
|
|
The definition of CALG_TLS1PRF has been fixed in the 5.1 branch:
|
https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5
|
|
Daniel Stenberg (12 Jul 2018)
|
- docs/SECURITY-PROCESS: mention bounty, drop pre-notify
|
|
+ The hackerone bounty and its process
|
|
- We don't and can't handle pre-notification
|
|
- multi: always do the COMPLETED procedure/state
|
|
It was previously erroneously skipped in some situations.
|
|
libtest/libntlmconnect.c wrongly depended on wrong behavior (that it
|
would get a zero timeout) when no handles are "running" in a multi
|
handle. That behavior is no longer present with this fix. Now libcurl
|
will always return a -1 timeout when all handles are completed.
|
|
Closes #2733
|
|
- Curl_getoff_all_pipelines: improved for multiplexed
|
|
On multiplexed connections, transfers can be removed from anywhere not
|
just at the head as for pipelines.
|
|
- ares: check for NULL in completed-callback
|
|
- conn: remove the boolean 'inuse' field
|
|
... as the usage needs to be counted.
|
|
- [Paul Howarth brought this change]
|
|
openssl: assume engine support in 1.0.0 or later
|
|
Commit 38203f1585da changed engine detection to be version-based,
|
with a baseline of openssl 1.0.1. This does in fact break builds
|
with openssl 1.0.0, which has engine support - the configure script
|
detects that ENGINE_cleanup() is available - but <openssl/engine.h>
|
doesn't get included to declare it.
|
|
According to upstream documentation, engine support was added to
|
mainstream openssl builds as of version 0.9.7:
|
https://github.com/openssl/openssl/blob/master/README.ENGINE
|
|
This commit drops the version test down to 1.0.0 as version 1.0.0d
|
is the oldest version I have to test with.
|
|
Closes #2732
|
|
Marcel Raad (11 Jul 2018)
|
- schannel: fix MinGW compile break
|
|
Original MinGW's w32api has a sytax error in its definition of
|
CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF
|
until this bug [1] is fixed.
|
|
[0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h
|
[1] https://osdn.net/projects/mingw/ticket/38391
|
|
Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043
|
Closes https://github.com/curl/curl/pull/2728
|
|
Daniel Stenberg (11 Jul 2018)
|
- examples/crawler.c: move #ifdef to column 0
|
|
Apparently the C => HTML converter on the web site doesn't quite like it
|
otherwise.
|
|
Reported-by: Jeroen Ooms
|
|
Version 7.61.0 (11 Jul 2018)
|
|
Daniel Stenberg (11 Jul 2018)
|
- release: 7.61.0
|
|
- TODO: Configurable loading of OpenSSL configuration file
|
|
Closes #2724
|
|
- post303.d: clarify that this is an RFC violation
|
|
... and not the other way around, which this previously said.
|
|
Reported-by: Vasiliy Faronov
|
Fixes #2723
|
Closes #2726
|
|
- [Ruslan Baratov brought this change]
|
|
CMake: remove redundant and old end-of-block syntax
|
|
Reviewed-by: Jakub Zakrzewski
|
Closes #2715
|
|
Jay Satiro (9 Jul 2018)
|
- lib/curl_setup.h: remove unicode character
|
|
Follow-up to 82ce416.
|
|
Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
|
|
Daniel Stenberg (9 Jul 2018)
|
- lib/curl_setup.h: remove unicode bom from 8272ec50f02
|
|
Marcel Raad (9 Jul 2018)
|
- schannel: fix -Wsign-compare warning
|
|
MinGW warns:
|
/lib/vtls/schannel.c:219:64: warning: signed and unsigned type in
|
conditional expression [-Wsign-compare]
|
|
Fix this by casting the ptrdiff_t to size_t as we know it's positive.
|
|
Closes https://github.com/curl/curl/pull/2721
|
|
- schannel: workaround for wrong function signature in w32api
|
|
Original MinGW's w32api has CryptHashData's second parameter as BYTE *
|
instead of const BYTE *.
|
|
Closes https://github.com/curl/curl/pull/2721
|
|
- schannel: make more cipher options conditional
|
|
They are not defined in the original MinGW's <wincrypt.h>.
|
|
Closes https://github.com/curl/curl/pull/2721
|
|
- curl_setup: include <winerror.h> before <windows.h>
|
|
Otherwise, only part of it gets pulled in through <windows.h> on
|
original MinGW.
|
|
Fixes https://github.com/curl/curl/issues/2361
|
Closes https://github.com/curl/curl/pull/2721
|
|
- examples: fix -Wformat warnings
|
|
When size_t is not a typedef for unsigned long (as usually the case on
|
Windows), GCC emits -Wformat warnings when using lu and lx format
|
specifiers with size_t. Silence them with explicit casts to
|
unsigned long.
|
|
Closes https://github.com/curl/curl/pull/2721
|
|
Daniel Stenberg (9 Jul 2018)
|
- smtp: use the upload buffer size for scratch buffer malloc
|
|
... not the read buffer size, as that can be set smaller and thus cause
|
a buffer overflow! CVE-2018-0500
|
|
Reported-by: Peter Wu
|
Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
|
|
- [Dave Reisner brought this change]
|
|
scripts: include _curl as part of CLEANFILES
|
|
Closes #2718
|
|
- [Nick Zitzmann brought this change]
|
|
darwinssl: allow High Sierra users to build the code using GCC
|
|
...but GCC users lose out on TLS 1.3 support, since we can't weak-link
|
enumeration constants.
|
|
Fixes #2656
|
Closes #2703
|
|
- [Ruslan Baratov brought this change]
|
|
CMake: Remove unused 'output_var' from 'collect_true'
|
|
Variable 'output_var' is not used and can be removed.
|
Function 'collect_true' renamed to 'count_true'.
|
|
- [Ruslan Baratov brought this change]
|
|
CMake: Remove unused functions
|
|
Closes #2711
|
|
- KNOWN_BUGS: Stick to same family over SOCKS proxy
|
|
- libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE
|
|
... because otherwise not everything get closed down correctly.
|
|
Fixes #2708
|
Closes #2712
|
|
- libssh: include line number in state change debug messages
|
|
Closes #2713
|
|
- KNOWN_BUGS: Borland support is dropped, AIX problem is too old
|
|
- [Jeroen Ooms brought this change]
|
|
example/crawler.c: simple crawler based on libxml2
|
|
Closes #2706
|
|
- RELEASE-NOTES: synced
|
|
- DEPRECATE: include year when specifying date
|
|
- DEPRECATE: linkified
|
|
- DEPRECATE: mention the PR that disabled axTLS
|
|
- docs/DEPRECATE.md: spelling and minor formatting
|
|
- DEPRECATE: new doc describing planned item removals
|
|
Closes #2704
|
|
- [Gisle Vanem brought this change]
|
|
telnet: fix clang warnings
|
|
telnet.c(1401,28): warning: cast from function call of type 'int' to
|
non-matching type 'HANDLE' (aka 'void *') [-Wbad-function-cast]
|
|
Fixes #2696
|
Closes #2700
|
|
- docs: fix missed option name markups
|
|
- [Gaurav Malhotra brought this change]
|
|
openssl: Remove some dead code
|
|
Closes #2698
|
|
- openssl: make the requested TLS version the *minimum* wanted
|
|
The code treated the set version as the *exact* version to require in
|
the TLS handshake, which is not what other TLS backends do and probably
|
not what most people expect either.
|
|
Reported-by: Andreas Olsson
|
Assisted-by: Gaurav Malhotra
|
Fixes #2691
|
Closes #2694
|
|
- RELEASE-NOTES: synced
|
|
- openssl: allow TLS 1.3 by default
|
|
Reported-by: Andreas Olsson
|
Fixes #2692
|
Closes #2693
|
|
- [Adrian Peniak brought this change]
|
|
CURLINFO_TLS_SSL_PTR.3: improve the example
|
|
The previous example was a little bit confusing, because SSL* structure
|
(or other "in use" SSL connection pointer) is not accessible after the
|
transfer is completed, therefore working with the raw TLS library
|
specific pointer needs to be done during transfer.
|
|
Closes #2690
|
|
- travis: add a build using the synchronous name resolver
|
|
... since default uses the threaded one and we test the c-ares build
|
already.
|
|
Closes #2689
|
|
- configure: remove CURL_CHECK_NI_WITHSCOPEID too
|
|
Since it isn't used either and requires the getnameinfo check
|
|
Follow-up to 0aeca41702d2
|
|
- getnameinfo: not used
|
|
Closes #2687
|
|
- easy_perform: use *multi_timeout() to get wait times
|
|
... and trim the threaded Curl_resolver_getsock() to return zero
|
millisecond wait times during the first three milliseconds so that
|
localhost or names in the OS resolver cache gets detected and used
|
faster.
|
|
Closes #2685
|
|
Max Dymond (27 Jun 2018)
|
- configure: Add dependent libraries after crypto
|
|
The linker is pretty dumb and processes things left to right, keeping a
|
tally of symbols it hasn't resolved yet. So, we need -ldl to appear
|
after -lcrypto otherwise the linker won't find the dl functions.
|
|
Closes #2684
|
|
Daniel Stenberg (27 Jun 2018)
|
- GOVERNANCE: linkify, changed some titles
|
|
- GOVERNANCE: add maintainer details/duties
|
|
- url: check Curl_conncache_add_conn return code
|
|
... it was previously unchecked in two places and thus errors could
|
remain undetected and cause trouble.
|
|
Closes #2681
|
|
- include/README: remove "hacking" advice, not the right place
|
|
- RELEASE-NOTES: synced
|
|
- CURLOPT_SSL_VERIFYPEER.3: fix syntax mistake
|
|
Follow-up to b6a16afa0aa5
|
|
- netrc: use a larger buffer
|
|
... to work with longer passwords etc. Grow it from a 256 to a 4096
|
bytes buffer.
|
|
Reported-by: Dario Nieuwenhuis
|
Fixes #2676
|
Closes #2680
|
|
- [Patrick Schlangen brought this change]
|
|
CURLOPT_SSL_VERIFYPEER.3: Add performance note
|
|
Closes #2673
|
|
- [Javier Blazquez brought this change]
|
|
multi: fix crash due to dangling entry in connect-pending list
|
|
Fixes #2677
|
Closes #2679
|
|
- ConnectionExists: make sure conn->data is set when "taking" a connection
|
|
Follow-up to 2c15693.
|
|
Bug #2674
|
Closes #2675
|
|
- [Kevin R. Bulgrien brought this change]
|
|
system.h: fix for gcc on 32 bit OpenServer
|
|
Bug: https://curl.haxx.se/mail/lib-2018-06/0100.html
|
|
- [Raphael Gozzo brought this change]
|
|
cmake: allow multiple SSL backends
|
|
This will make possible to select the SSL backend (using
|
curl_global_sslset()) even when the libcurl is built using CMake
|
|
Closes #2665
|
|
- url: fix dangling conn->data pointer
|
|
By masking sure to use the *current* easy handle with extracted
|
connections from the cache, and make sure to NULLify the ->data pointer
|
when the connection is put into the cache to make this mistake easier to
|
detect in the future.
|
|
Reported-by: Will Dietz
|
Fixes #2669
|
Closes #2672
|
|
- CURLOPT_INTERFACE.3: interface names not supported on Windows
|
|
- travis: run more tests for coverage check
|
|
... run a few more tortured based and run all tests event-based.
|
|
Closes #2664
|
|
- multi: fix memory leak when stopped during name resolve
|
|
When the application just started the transfer and then stops it while
|
the name resolve in the background thread hasn't completed, we need to
|
wait for the resolve to complete and then cleanup data accordingly.
|
|
Enabled test 1553 again and added test 1590 to also check when the host
|
name resolves successfully.
|
|
Detected by OSS-fuzz.
|
Closes #1968
|
|
Viktor Szakats (15 Jun 2018)
|
- maketgz: delete .bak files, fix indentation
|
|
Ref: https://github.com/curl/curl/pull/2660
|
|
Closes https://github.com/curl/curl/pull/2662
|
|
Daniel Stenberg (15 Jun 2018)
|
- runtests.pl: remove debug leftover from bb9a340c73f3
|
|
- curl-confopts.m4: fix typo from ed224f23d5beb
|
|
Fixes my local configure to detect a custom installed c-ares without
|
pkgconfig.
|
|
- docs/RELEASE-PROCEDURE.md: renamed to use .md extension
|
|
Closes #2663
|
|
- RELEASE-PROCEDURE: gpg sign the tags
|
|
- RELEASE-NOTES: synced
|
|
- CURLOPT_HTTPAUTH.3: CURLAUTH_BEARER was added in 7.61.0
|
|
- [Mamta Upadhyay brought this change]
|
|
maketgz: fix sed issues on OSX
|
|
maketgz creates release tarballs and removes the -DEV string in curl
|
version (e.g. 7.58.0-DEV), else -DEV shows up on command line when curl
|
is run. maketgz works fine on linux but fails on OSX. Problem is with
|
the sed commands that use option -i without an extension. Maketgz
|
expects GNU sed instead of BSD and this simply won't work on OSX. Adding
|
a backup extension .bak after -i fixes this issue
|
|
Running the script as if on OSX gives this error:
|
|
sed: -e: No such file or directory
|
|
Adding a .bak extension resolves it
|
|
Closes #2660
|
|
- configure: enhance ability to detect/build with static openssl
|
|
Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for
|
building with static libs without pkg-config.
|
|
Reported-by: Marcel Raad
|
Fixes #2199
|
Closes #2659
|
|
- configure: use pkg-config for c-ares detection
|
|
First check if there's c-ares information given as pkg-config info and use
|
that as first preference.
|
|
Reported-by: pszemus on github
|
Fixes #2203
|
Closes #2658
|
|
- GOVERNANCE.md: explains how this project is run
|
|
Closes #2657
|
|
- KNOWN_BUGS: NTLM doen't support password with Ā§ character
|
|
Closes #2120
|
|
- KNOWN_BUGS: slow connect to localhost on Windows
|
|
Closes #2281
|
|
- [Matteo Bignotti brought this change]
|
|
mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
|
|
certdata.txt should be deleted also when the process is interrupted by
|
"same certificate downloaded, exiting"
|
|
The certdata.txt is currently kept on disk even if you give the -u
|
option
|
|
Closes #2655
|
|
- progress: remove a set of unused defines
|
|
Reported-by: Peter Wu
|
Closes #2654
|
|
- TODO: "Option to refuse usernames in URLs" done
|
|
Implemented by Bjƶrn in 946ce5b61f
|
|
- [Lyman Epp brought this change]
|
|
Curl_init_do: handle NULL connection pointer passed in
|
|
Closes #2653
|
|
- runtests: support variables in <strippart>
|
|
... and make use of that to make 1455 work better without using a fixed
|
local port number.
|
|
Fixes #2649
|
Closes #2650
|
|
- Curl_debug: remove dead printhost code
|
|
The struct field is never set (since 5e0d9aea3) so remove the use of it
|
and remove the connectdata pointer from the prototype.
|
|
Reported-by: Tejas
|
Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html
|
Closes #2647
|
|
Viktor Szakats (12 Jun 2018)
|
- schannel: avoid incompatible pointer warning
|
|
with clang-6.0:
|
```
|
vtls/schannel_verify.c: In function 'add_certs_to_store':
|
vtls/schannel_verify.c:212:30: warning: passing argument 11 of 'CryptQueryObject' from incompatible pointer type [-Wincompatible-pointer-types]
|
&cert_context)) {
|
^
|
In file included from /usr/share/mingw-w64/include/schannel.h:10:0,
|
from /usr/share/mingw-w64/include/schnlsp.h:9,
|
from vtls/schannel.h:29,
|
from vtls/schannel_verify.c:40:
|
/usr/share/mingw-w64/include/wincrypt.h:4437:26: note: expected 'const void **' but argument is of type 'CERT_CONTEXT ** {aka struct _CERT_CONTEXT **}'
|
WINIMPM WINBOOL WINAPI CryptQueryObject (DWORD dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags,
|
^~~~~~~~~~~~~~~~
|
```
|
Ref: https://msdn.microsoft.com/library/windows/desktop/aa380264
|
|
Closes https://github.com/curl/curl/pull/2648
|
|
Daniel Stenberg (12 Jun 2018)
|
- [Robert Prag brought this change]
|
|
schannel: support selecting ciphers
|
|
Given the contstraints of SChannel, I'm exposing these as the algorithms
|
themselves instead; while replicating the ciphersuite as specified by
|
OpenSSL would have been preferable, I found no way in the SChannel API
|
to do so.
|
|
To use this from the commandline, you need to pass the names of contants
|
defining the desired algorithms. For example, curl --ciphers
|
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
|
https://github.com The specific names come from wincrypt.h
|
|
Closes #2630
|
|
- [Bernhard M. Wiedemann brought this change]
|
|
test 46: make test pass after 2025
|
|
shifting the expiry date to 2037 for now
|
to be before the possibly problematic year 2038
|
|
similar in spirit to commit e6293cf8764e9eecb
|
|
Closes #2646
|
|
- [Marian Klymov brought this change]
|
|
cppcheck: fix warnings
|
|
- Get rid of variable that was generating false positive warning
|
(unitialized)
|
|
- Fix issues in tests
|
|
- Reduce scope of several variables all over
|
|
etc
|
|
Closes #2631
|
|
- openssl: assume engine support in 1.0.1 or later
|
|
Previously it was checked for in configure/cmake, but that would then
|
leave other build systems built without engine support.
|
|
While engine support probably existed prior to 1.0.1, I decided to play
|
safe. If someone experience a problem with this, we can widen the
|
version check.
|
|
Fixes #2641
|
Closes #2644
|
|
- RELEASE-NOTES: synced
|
|
- RELEASE-PROCEDURE: update the release calendar for 2019
|
|
- [Gisle Vanem brought this change]
|
|
boringssl + schannel: undef X509_NAME in lib/schannel.h
|
|
Fixes the build problem when both boringssl and schannel are enabled.
|
|
Fixes #2634
|
Closes #2643
|
|
- [Vladimir Kotal brought this change]
|
|
mk-ca-bundle.pl: leave certificate name untouched in decode()
|
|
Closes #2640
|
|
- [Rikard Falkeborn brought this change]
|
|
tests/libtests/Makefile.am: Add lib1521.c to CLEANFILES
|
|
This removes the generated lib1521.c when running make clean.
|
|
Closes #2633
|
|
- [Rikard Falkeborn brought this change]
|
|
tests/libtest: Add lib1521 to nodist_SOURCES
|
|
Since 467da3af0, lib1521.c is generated instead of checked in. According
|
to the commit message, the intention was to remove it from the tarball
|
as well. However, it is still present when running make dist. To remove
|
it, add it to nodist_lib1521_SOURCES. This also means there is no need
|
for the manually added dist-rule in the Makefile.
|
|
Also update CMakelists.txt to handle the fact that we now may have
|
nodist_SOURCES.
|
|
- [Stephan MĆ¼hlstrasser brought this change]
|
|
system.h: add support for IBM xlc C compiler
|
|
Added a section to system.h guarded with __xlc__ for the IBM xml C
|
compiler. Before this change the section titled 'generic "safe guess" on
|
old 32 bit style' was used, which resulted in a wrong definition of
|
CURL_TYPEOF_CURL_SOCKLEN_T, and for 64-bit also CURL_TYPEOF_CURL_OFF_T
|
was wrong.
|
|
Compilation warnings fixed with this change:
|
|
CC libcurl_la-ftp.lo
|
"ftp.c", line 290.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
"ftp.c", line 293.48: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
"ftp.c", line 1070.49: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
"ftp.c", line 1154.53: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
"ftp.c", line 1187.51: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
CC libcurl_la-connect.lo
|
"connect.c", line 448.56: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
"connect.c", line 516.66: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
"connect.c", line 687.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
"connect.c", line 696.55: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
CC libcurl_la-tftp.lo
|
"tftp.c", line 1115.33: 1506-280 (W) Function argument assignment between types "unsigned long* restrict" and "int*" is not allowed.
|
|
Closes #2637
|
|
- cmdline-opts/cert-type.d: mention "p12" as a recognized type as well
|
|
Viktor Szakats (3 Jun 2018)
|
- spelling fixes
|
|
Detected using the `codespell` tool (version 1.13.0).
|
|
Also secure and fix an URL.
|
|
Daniel Stenberg (2 Jun 2018)
|
- axtls: follow-up spell fix of comment
|
|
- axTLS: not considered fit for use
|
|
URL: https://curl.haxx.se/mail/lib-2018-06/0000.html
|
|
This is step one. It adds #error statements that require source edits to
|
make curl build again if asked to use axTLS. At a later stage we might
|
remove the axTLS specific code completely.
|
|
Closes #2628
|
|
- build: remove the Borland specific makefiles
|
|
According to the user survey 2018, not even one out of 670 users use
|
them. Nobody on the mailing list spoke up for them either.
|
|
Closes #2629
|
|
- curl_addrinfo: use same #ifdef conditions in source as header
|
|
... for curl_dofreeaddrinfo
|
|
- multi: remove a DEBUGF()
|
|
... it might call infof() with a NULL first argument that isn't harmful
|
but makes it not do anything. The infof() line is not very useful
|
anymore, it has served it purpose. Good riddance!
|
|
Fixes #2627
|
|
- [Alibek.Jorajev brought this change]
|
|
CURLOPT_RESOLVE: always purge old entry first
|
|
If there's an existing entry using the selected name.
|
|
Closes #2622
|
|
- fnmatch: use the system one if available
|
|
If configure detects fnmatch to be available, use that instead of our
|
custom one for FTP wildcard pattern matching. For standard compliance,
|
to reduce our footprint and to use already well tested and well
|
exercised code.
|
|
A POSIX fnmatch behaves slightly different than the internal function
|
for a few test patterns currently and the macOS one yet slightly
|
different. Test case 1307 is adjusted for these differences.
|
|
Closes #2626
|
|
Patrick Monnerat (31 May 2018)
|
- os400: add new option in ILE/RPG binding
|
|
Follow-up to commit 946ce5b
|
|
Daniel Stenberg (31 May 2018)
|
- tests/libtest/.gitignore: follow-up fix to ignore lib5* too
|
|
- KNOWN_BUGS: CURL_GLOBAL_SSL
|
|
Closes #2276
|
|
- [Bernhard Walle brought this change]
|
|
configure: check for declaration of getpwuid_r
|
|
On our x86 Android toolchain, getpwuid_r is implemented but the header
|
is missing:
|
|
netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration]
|
|
Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved
|
the prototype to curl_setup.h.
|
|
Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
|
Closes #2609
|
|
- [Rikard Falkeborn brought this change]
|
|
tests: update .gitignore for libtests
|
|
Closes #2624
|
|
- [Rikard Falkeborn brought this change]
|
|
strictness: correct {infof, failf} format specifiers
|
|
Closes #2623
|
|
- [Bjƶrn Stenberg brought this change]
|
|
option: disallow username in URL
|
|
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes
|
libcurl reject URLs with a username in them.
|
|
Closes #2340
|
|
- libcurl-security.3: improved layout for two rememdy lists
|
|
- libcurl-security.3: refer to URL instead of in-source markdown file
|
|
Viktor Szakats (30 May 2018)
|
- curl.rc: embed manifest for correct Windows version detection
|
|
* enable it in `src/Makefile.m32`
|
* enable it in `winbuild/MakefileBuild.vc` if a custom manifest is
|
_not_ enabled via the existing `EMBED_MANIFEST` option
|
* enable it for all Windows CMake builds (also disable the built-in
|
minimal manifest, added by CMake by default.)
|
|
For other build systems, add the `-DCURL_EMBED_MANIFEST` option to
|
the list of RC (Resource Compiler) flags to enable the manifest
|
included in `src/curl.rc`. This may require to disable whatever
|
automatic or other means in which way another manifest is added to
|
`curl.exe`.
|
|
Notice that Borland C doesn't support this method due to a
|
long-pending resource compiler bug. Watcom C may also not handle
|
it correctly when the `-zm` `wrc` option is used (this option may
|
be unnecessary though) and regardless of options in certain earlier
|
revisions of the 2.0 beta version.
|
|
Closes https://github.com/curl/curl/pull/1221
|
Fixes https://github.com/curl/curl/issues/2591
|
|
Patrick Monnerat (30 May 2018)
|
- os400: sync EBCDIC wrappers and ILE/RPG binding with latest options
|
|
- os400: implement mime api EBCDIC wrappers
|
|
Also sync ILE/RPG binding to define the new functions.
|
|
Daniel Stenberg (29 May 2018)
|
- setopt: add TLS 1.3 ciphersuites
|
|
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS.
|
|
curl: added --tls13-ciphers and --proxy-tls13-ciphers
|
|
Fixes #2435
|
Reported-by: zzq1015 on github
|
Closes #2607
|
|
- configure: override AR_FLAGS to silence warning
|
|
The automake default ar flags are 'cru', but the 'u' flag in there
|
causes warnings on many modern Linux distros. Removing 'u' may have a
|
minor performance impact on older distros but should not cause harm.
|
|
Explained on the automake mailing list already back in April 2015:
|
|
https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html
|
|
Reported-by: elephoenix on github
|
Fixes #2617
|
Closes #2619
|
|
Sergei Nikulov (29 May 2018)
|
- cmake: fixed comments in compile checks code
|
|
Daniel Stenberg (29 May 2018)
|
- INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
|
|
... the older description doesn't work
|
|
Reported-by: Peter Varga
|
Fixes #2615
|
Closes #2616
|
|
- [Will Dietz brought this change]
|
|
KNOWN_BUGS: restore text regarding #2101.
|
|
This was added earlier but appears to have been removed accidentally.
|
|
AFAICT this is very much still an issue.
|
|
-----
|
|
I say "accidentally" because the text seems to have harmlessly snuck
|
into [1] (which makes no mention of it). [1] was later reverted for
|
unspecified reasons in [2], presumably because the mentioned issue was
|
fixed or invalid.
|
|
[1] de9fac00c40db321d44fa6fbab6eb62ec4c83998
|
[2] 16d1f369403cbb04bd7b085eabbeebf159473fc2
|
|
Closes #2618
|
|
- fnmatch: insist on escaped bracket to match
|
|
A non-escaped bracket ([) is for a character group - as documented. It
|
will *not* match an individual bracket anymore. Test case 1307 updated
|
accordingly to match.
|
|
Problem detected by OSS-Fuzz, although this fix is probably not a final
|
fix for the notorious timeout issues.
|
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525
|
Closes #2614
|
|
Patrick Monnerat (28 May 2018)
|
- psl: use latest psl and refresh it periodically
|
|
The latest psl is cached in the multi or share handle. It is refreshed
|
before use after 72 hours.
|
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
|
If the latest psl is not available, the builtin psl is used.
|
|
Reported-by: Yaakov Selkowitz
|
Fixes #2553
|
Closes #2601
|
|
Daniel Stenberg (28 May 2018)
|
- [Fabrice Fontaine brought this change]
|
|
configure: fix ssh2 linking when built with a static mbedtls
|
|
The ssh2 pkg-config file could contain the following lines when build
|
with a static version of mbedtls:
|
Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
|
Libs.private: /xxx/libmbedcrypto.a
|
|
This static mbedtls library must be used to correctly detect ssh2
|
support and this library must be copied in libcurl.pc otherwise
|
compilation of any application (such as upmpdcli) with libcurl will fail
|
when trying to found mbedtls functions included in libssh2. So, replace
|
pkg-config --libs-only-l by pkg-config --libs.
|
|
Fixes:
|
- http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
Closes #2613
|
|
- RELEASE-NOTES: synced
|
|
- [Bernhard Walle brought this change]
|
|
cmake: check for getpwuid_r
|
|
The autotools-based build system does it, so we do it also in CMake.
|
|
Bug: #2609
|
Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
|
|
- cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
|
|
- [Frank Gevaerts brought this change]
|
|
curl.1: Fix cmdline-opts reference errors.
|
|
--data, --form, and --ntlm were declared to be mutually exclusive with
|
non-existing options. --data and --form referred to --upload (which is
|
short for --upload-file and therefore did work, so this one was merely
|
a bit confusing), --ntlm referred to --negotiated instead of --negotiate.
|
|
Closes #2612
|
|
- [Frank Gevaerts brought this change]
|
|
docs: fix cmdline-opts metadata headers case consistency.
|
|
Almost all headers start with an uppercase letter, but some didn't.
|
|
- mailmap: Max Savenkov
|
|
Sergei Nikulov (28 May 2018)
|
- [Max Savenkov brought this change]
|
|
Fix the test for fsetxattr and strerror_r tests in CMake to work without compiling
|
|
Daniel Stenberg (27 May 2018)
|
- mailmap: a Richard Alcock fixup
|
|
- [Richard Alcock brought this change]
|
|
schannel: add failf calls for client certificate failures
|
|
Closes #2604
|
|
- [Richard Alcock brought this change]
|
|
winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
|
|
Change requirement from $(DISTDIR) to $(DIRDIST)
|
|
closes #2603
|
|
- [Richard Alcock brought this change]
|
|
winbuild: only delete OUTFILE if it exists
|
|
This removes the slightly annoying "Could not file LIBCURL_OBJS.inc" and
|
"Could not find CURL_OBJS.inc.inc" message when building into a clean
|
folder.
|
|
closes #2602
|
|
- [Alejandro R. SedeƱo brought this change]
|
|
content_encoding: handle zlib versions too old for Z_BLOCK
|
|
Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available.
|
|
Fixes #2606
|
Closes #2608
|
|
- multi: provide a socket to wait for in Curl_protocol_getsock
|
|
... even when there's no protocol specific handler setup.
|
|
Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html
|
Reported-by: Sean Miller
|
Closes #2600
|
|
- [Linus Lewandowski brought this change]
|
|
httpauth: add support for Bearer tokens
|
|
Closes #2102
|
|
- TODO: CURLINFO_PAUSE_STATE
|
|
Closes #2588
|
|
Sergei Nikulov (24 May 2018)
|
- cmake: set -d postfix for debug builds if not specified
|
using -DCMAKE_DEBUG_POSTFIX explicitly
|
|
fixes #2121, obsoletes #2384
|
|
Daniel Stenberg (23 May 2018)
|
- configure: add basic test of --with-ssl prefix
|
|
When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or
|
$PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an
|
error. Helps users detect when giving configure the wrong path.
|
|
Reported-by: Oleg Pudeyev
|
Assisted-by: Per Malmberg
|
Fixes #2580
|
|
Patrick Monnerat (22 May 2018)
|
- http resume: skip body if http code 416 (range error) is ignored.
|
|
This avoids appending error data to already existing good data.
|
|
Test 92 is updated to match this change.
|
New test 1156 checks all combinations of --range/--resume, --fail,
|
Content-Range header and http status code 200/416.
|
|
Fixes #1163
|
Reported-By: Ithubg on github
|
Closes #2578
|
|
Daniel Stenberg (22 May 2018)
|
- tftp: make sure error is zero terminated before printfing it
|
|
- configure: add missing m4/ax_compile_check_sizeof.m4
|
|
follow-up to mistake in 6876ccf90b4
|
|
Jay Satiro (22 May 2018)
|
- [Johannes Schindelin brought this change]
|
|
schannel: make CAinfo parsing resilient to CR/LF
|
|
OpenSSL has supported --cacert for ages, always accepting LF-only line
|
endings ("Unix line endings") as well as CR/LF line endings ("Windows
|
line endings").
|
|
When we introduced support for --cacert also with Secure Channel (or in
|
cURL speak: "WinSSL"), we did not take care to support CR/LF line
|
endings, too, even if we are much more likely to receive input in that
|
form when using Windows.
|
|
Let's fix that.
|
|
Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
|
accepts CR/LF input already, and the trailing LF before the END
|
CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
|
we need to care about is the BEGIN CERTIFICATE marker. We do not
|
actually need to verify here that the line ending is CR/LF. Just
|
checking for a CR or an LF is really plenty enough.
|
|
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
Closes https://github.com/curl/curl/pull/2592
|
|
Daniel Stenberg (22 May 2018)
|
- CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
|
|
- RELEASE-NOTES: synced
|
|
- KNOWN_BUGS: mention the -O with %-encoded file names
|
|
Closes #2573
|
|
- checksrc: make sure sizeof() is used *with* parentheses
|
|
... and unify the source code to adhere.
|
|
Closes #2563
|
|
- curl: added --styled-output
|
|
It is enabled by default, so --no-styled-output will switch off the
|
detection/use of bold headers.
|
|
Closes #2538
|
|
- curl: show headers in bold
|
|
The feature is only enabled if the output is believed to be a tty.
|
|
-J: There's some minor differences and improvements in -J handling, as
|
now J should work with -i and it actually creates a file first using the
|
initial name and then *renames* that to the one found in
|
Content-Disposition (if any).
|
|
-i: only shows headers for HTTP transfers now (as documented).
|
Previously it would also show for pieces of the transfer that were HTTP
|
(for example when doing FTP over a HTTP proxy).
|
|
-i: now shows trailers as well. Previously they were not shown at all.
|
|
--libcurl: the CURLOPT_HEADER is no longer set, as the header output is
|
now done in the header callback.
|
|
- configure: compile-time SIZEOF checks
|
|
... instead of exeucting code to get the size. Removes the use of
|
LD_LIBRARY_PATH for this.
|
|
Fixes #2586
|
Closes #2589
|
Reported-by: Bernhard Walle
|
|
- configure: replace AC_TRY_RUN with CURL_RUN_IFELSE
|
|
... and export LD_LIBRARY_PATH properly. This is a follow-up from
|
2d4c215.
|
|
Fixes #2586
|
Reported-by: Bernhard Walle
|
|
- docs: clarify CURLOPT_HTTPGET somewhat
|
|
Reported-by: bsammon on github
|
Fixes #2590
|
|
- curl_fnmatch: only allow two asterisks for matching
|
|
The previous limit of 5 can still end up in situation that takes a very
|
long time and consumes a lot of CPU.
|
|
If there is still a rare use case for this, a user can provide their own
|
fnmatch callback for a version that allows a larger set of wildcards.
|
|
This commit was triggered by yet another OSS-Fuzz timeout due to this.
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369
|
|
Closes #2587
|
|
- checksrc: fix too long line
|
|
follow-up to e05ad5d
|
|
- [Aleks brought this change]
|
|
docs: mention HAproxy protocol "version 1"
|
|
...as there's also a version 2.
|
|
Closes #2579
|
|
- examples/progressfunc: make it build on older libcurls
|
|
This example was changed in ce2140a8c1 to use the new microsecond based
|
getinfo option. This change makes it conditionally keep using the older
|
option so that the example still builds with older libcurl versions.
|
|
Closes #2584
|
|
- stub_gssapi: fix numerous 'unused parameter' warnings
|
|
follow-up to d9e92fd9fd1d
|
|
- [Philip Prindeville brought this change]
|
|
getinfo: add microsecond precise timers for various intervals
|
|
Provide a set of new timers that return the time intervals using integer
|
number of microseconds instead of floats.
|
|
The new info names are as following:
|
|
CURLINFO_APPCONNECT_TIME_T
|
CURLINFO_CONNECT_TIME_T
|
CURLINFO_NAMELOOKUP_TIME_T
|
CURLINFO_PRETRANSFER_TIME_T
|
CURLINFO_REDIRECT_TIME_T
|
CURLINFO_STARTTRANSFER_TIME_T
|
CURLINFO_TOTAL_TIME_T
|
|
Closes #2495
|
|
- openssl: acknowledge --tls-max for default version too
|
|
... previously it only used the max setting if a TLS version was also
|
explicitly asked for.
|
|
Reported-by: byte_bucket
|
Fixes #2571
|
Closes #2572
|
|
- bump: start working on the pending 7.61.0
|
|
- [Dagobert Michelsen brought this change]
|
|
tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
|
|
The warning flag leads e.g. Sun Studio compiler to bail out.
|
|
Closes #2576
|
|
- schannel_verify: fix build for non-schannel
|
|
Jay Satiro (16 May 2018)
|
- rand: fix typo
|
|
- schannel: disable manual verify if APIs not available
|
|
.. because original MinGW and old compilers do not have the Windows API
|
definitions needed to support manual verification.
|
|
- [Archangel_SDY brought this change]
|
|
schannel: disable client cert option if APIs not available
|
|
Original MinGW targets Windows 2000 by default, which lacks some APIs and
|
definitions for this feature. Disable it if these APIs are not available.
|
|
Closes https://github.com/curl/curl/pull/2522
|
|
Version 7.60.0 (15 May 2018)
|
|
Daniel Stenberg (15 May 2018)
|
- RELEASE-NOTES: 7.60.0 release
|
|
- THANKS: added people from the curl 7.60.0 release
|
|
- docs/libcurl/index.html: removed
|
|
The HTML files are long gone from the dist, now remove the last HTML
|
file pointing to those missing files.
|
|
d
|
|
- [steini2000 brought this change]
|
|
http2: remove unused variable
|
|
Closes #2570
|
|
- [steini2000 brought this change]
|
|
http2: use easy handle of stream for logging
|
|
- gcc: disable picky gcc-8 function pointer warnings in two places
|
|
Reported-by: Rikard Falkeborn
|
Bug: #2560
|
Closes #2569
|
|
- http2: use the correct function pointer typedef
|
|
Fixes gcc-8 picky compiler warnings
|
Reported-by: Rikard Falkeborn
|
Bug: #2560
|
Closes #2568
|
|
- CODE_STYLE: mention return w/o parens, but sizeof with
|
|
... and remove the github markdown syntax so that it renders better on
|
the web site. Also, don't use back-ticks inlined to allow the CSS to
|
highlight source code better.
|
|
- [Rikard Falkeborn brought this change]
|
|
examples: Fix format specifiers
|
|
Closes #2561
|
|
- [Rikard Falkeborn brought this change]
|
|
tool: Fix format specifiers
|
|
- [Rikard Falkeborn brought this change]
|
|
ntlm: Fix format specifiers
|
|
- [Rikard Falkeborn brought this change]
|
|
tests: Fix format specifiers
|
|
- [Rikard Falkeborn brought this change]
|
|
lib: Fix format specifiers
|
|
- contributors.sh: use "on github", not at
|
|
- http2: getsock fix for uploads
|
|
When there's an upload in progress, make sure to wait for the socket to
|
become writable.
|
|
Detected-by: steini2000 on github
|
Bug: #2520
|
Closes #2567
|
|
- pingpong: fix response cache memcpy overflow
|
|
Response data for a handle with a large buffer might be cached and then
|
used with the "closure" handle when it has a smaller buffer and then the
|
larger cache will be copied and overflow the new smaller heap based
|
buffer.
|
|
Reported-by: Dario Weisser
|
CVE: CVE-2018-1000300
|
Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
|
|
- http: restore buffer pointer when bad response-line is parsed
|
|
... leaving the k->str could lead to buffer over-reads later on.
|
|
CVE: CVE-2018-1000301
|
Assisted-by: Max Dymond
|
|
Detected by OSS-Fuzz.
|
Bug: https://curl.haxx.se/docs/adv_2018-b138.html
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
|
|
Patrick Monnerat (13 May 2018)
|
- cookies: do not take cookie name as a parameter
|
|
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
|
This is a follow-up to commit 7f7fcd0.
|
Also explicitly check proper syntax of cookie name/value pair.
|
|
New test 1155 checks that cookie names are not reserved words.
|
|
Reported-By: anshnd at github
|
Fixes #2564
|
Closes #2566
|
|
Daniel Stenberg (12 May 2018)
|
- smb: reject negative file sizes
|
|
Assisted-by: Max Dymond
|
|
Detected by OSS-Fuzz
|
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
|
