aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-19tool_paramhlp: fixup C89 mistakeDaniel Stenberg
Follow-up to c5f0a9db22.
2020-05-19tool_paramhlp: fixed potentially uninitialized strtol() variableSiva Sivaraman
Seems highly unlikely to actually be possible, but better safe than sorry. Closes #5417
2020-05-19tool_operate: fixed potentially uninitialized variablesSiva Sivaraman
... in curl_easy_getinfo() calls. They're harmless but clearing the variables makes the code safer and comforts the reader. Closes #5416
2020-05-19sha256: move assign to the declaration lineDaniel Stenberg
Follow-up to fae30656. Should've been squashed with that commit...
2020-05-19sha256: fixed potentially uninitialized variableSiva Sivaraman
Closes #5414
2020-05-19sendf: make failf() use the mvsnprintf() return codeDaniel Stenberg
... and avoid a strlen() call. Fixes a MonocleAI warning. Reported-by: MonocleAI Fixes #5413 Closes #5420
2020-05-19hostip: make Curl_printable_address not return anythingDaniel Stenberg
It was not used much anyway and instead we let it store a blank buffer in case of failure. Reported-by: MonocleAI Fixes #5411 Closes #5418
2020-05-19ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)Daniel Stenberg
They're done on purpose, make that visible in the code. Reported-by: MonocleAI Fixes #5412 Closes #549
2020-05-18TODO: forbid TLS post-handshake auth and do TLS record paddingDaniel Stenberg
Closes #5396 Closes #5398
2020-05-18RELEASE-NOTES: syncedDaniel Stenberg
2020-05-17dynbuf: return NULL when there's no buffer lengthDaniel Stenberg
... as returning a "" is not a good idea as the string is supposed to be allocated and returning a const string will cause issues. Reported-by: Brian Carpenter Follow-up to ed35d6590e72c Closes #5405
2020-05-16travis: upgrade to bionic, clang-9, improve readabilityPeter Wu
Changes, partially to reduce build failures from external dependencies: - Upgrade Ubuntu and drop unnecessary third-party repos. - Properly clone apt config to ensure retries. - Upgrade to clang-9 from the standard repos. - Use Ubuntu 20.04 focal for the libssh build, use of ssh_get_publickey fails on -Werror=deprecated-declarations in Ubuntu 18.04. Do not use focal everywhere yet since Travis CI has not documented this option. In focal, python-impacket (Py2.7) has been removed, leaving only python3-impacket. Since it is only needed for SMB tests and not SSH, skip it for the libssh job since it might need more work. - apt: Remove gcc-8 and libstdc++-8-dev, already installed via g++-8. Non-functional cleanups: - Simplify test matrix, drop redundant os and compiler keys. - Deprecation fixes: remove sudo, rename matrix -> jobs. - Every job has an 'env' key, put this key first in a list item. Closes #5370
2020-05-16travis: whitespace-only changes for consistencyPeter Wu
Automatically apply a consistent indentation with: python3 -c 'from ruamel.yaml import YAML;y=YAML();d=y.load(open(".travis.yml"));y.width=500;y.dump(d,open(".travis.yml.new","w"))' followed by manually re-indenting three comments. Closes #5370
2020-05-15CMake: add libssh build supportPeter Wu
Closes #5372
2020-05-15KNOWN_BUGS: wolfssh: publickey auth doesn't workDaniel Stenberg
Closes #4820
2020-05-15KNOWN_BUGS: OS400 port requires deprecated IBM libraryDaniel Stenberg
Closes #5176
2020-05-15http2: keep trying to send pending frames after req.upload_doneVyron Tsingaras
Fixes #1410 Closes #5401
2020-05-15setopt: support certificate options in memory with struct curl_blobGilles Vollant
This change introduces a generic way to provide binary data in setopt options, called BLOBs. This change introduces these new setopts: CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB, CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB. Reviewed-by: Daniel Stenberg Closes #5357
2020-05-15source cleanup: remove all custom typedef structsDaniel Stenberg
- Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
2020-05-15travis: remove the .checksrc fiddlingDaniel Stenberg
2020-05-15ftp: make domore_getsock() return the secondary socket properlyDaniel Stenberg
Previously, after PASV and immediately after the data connection has connected, the function would only return the control socket to wait for which then made the data connection simply timeout and not get polled correctly. This become obvious when running test 1631 and 1632 event- based.
2020-05-15test1632: verify FTP through HTTPS-proxy with connection re-useDaniel Stenberg
2020-05-15test1631: verify FTP download through HTTPS-proxyDaniel Stenberg
2020-05-15sws: as last resort, get test number from server cmd fileDaniel Stenberg
If it can't be found in the request. Also support --cmdfile to set it to a custom file name. runtests.pl always writes this file with the test number in it since a while back.
2020-05-15ftp: shut down the secondary connection properly when SSL is usedDaniel Stenberg
Reported-by: Neal Poole Fixes #5340 Closes #5385
2020-05-14KNOWN_BUGS: adapt 5.5 to recent changesMarcel Raad
It only applies to non-Unicode builds now. Also merge 5.10 into it as it's effectively a duplicate. Closes https://github.com/curl/curl/pull/3784
2020-05-14curl_setup: support Unicode functions to open files on WindowsMarcel Raad
Use them only if `_UNICODE` is defined, in which case command-line arguments have been converted to UTF-8. Closes https://github.com/curl/curl/pull/3784
2020-05-14tool: support UTF-16 command line on WindowsMarcel Raad
- use `wmain` instead of `main` when `_UNICODE` is defined [0] - define `argv_item_t` as `wchar_t *` in this case - use the curl_multibyte gear to convert the command-line arguments to UTF-8 This makes it possible to pass parameters with characters outside of the current locale on Windows, which is required for some tests, e.g. the IDN tests. Out of the box, this currently only works with the Visual Studio project files, which default to Unicode, and winbuild with the `ENABLE_UNICODE` option. [0] https://devblogs.microsoft.com/oldnewthing/?p=40643 Ref: https://github.com/curl/curl/issues/3747 Closes https://github.com/curl/curl/pull/3784
2020-05-14curl_multibyte: add to curlxMarcel Raad
This will also be needed in the tool and tests. Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512 Closes https://github.com/curl/curl/pull/3784
2020-05-14url: make the updated credentials URL-encoded in the URLDaniel Stenberg
Found-by: Gregory Jefferis Reported-by: Jeroen Ooms Added test 1168 to verify. Bug spotted when doing a redirect. Bug: https://github.com/jeroen/curl/issues/224 Closes #5400
2020-05-14tests: add https-proxy support to the test suiteDaniel Stenberg
Initial test 1630 added with basic HTTPS-proxy use. HTTPS-proxy is like HTTP proxy but with a full TLS connection to the proxy. Closes #5399
2020-05-14mailmap: James FullerDaniel Stenberg
2020-05-14vauth/cleartext: fix theoretical integer overflowMajor_Tom
Fix theoretical integer overflow in Curl_auth_create_plain_message. The security impact of the overflow was discussed on hackerone. We agreed this is more of a theoretical vulnerability, as the integer overflow would only be triggerable on systems using 32-bits size_t with over 4GB of available memory space for the process. Closes #5391
2020-05-13curl.1: Quote globbed URLsJay Satiro
- Quote the globbing example URLs that contain characters [] {} since otherwise they may be interpreted as shell metacharacters. Bug: https://github.com/curl/curl/issues/5388 Reported-by: John Simpson Closes https://github.com/curl/curl/pull/5394
2020-05-14checksrc: enhance the ASTERISKSPACE and update code accordinglyDaniel Stenberg
Fine: "struct hello *world" Not fine: "struct hello* world" (and variations) Closes #5386
2020-05-13docs/options-in-versions: which version added each cmdline optionDaniel Stenberg
Added test 971 to verify that the list is in sync with the files in cmdline-opts. The check also verifies that .d-files that uses Added: specify the same version number as the options-in-versions file does. Closes #5381
2020-05-13docs: unify protocol listsDaniel Stenberg
We boast support for 25 transfer protocols. Make sure the lists are consistent Closes #5384
2020-05-13OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAINDaniel Stenberg
... to avoid an OpenSSL bug that otherwise makes the CRL check to fail. Reported-by: Michael Kaufmann Fixes #5374 Closes #5376
2020-05-13tls13-ciphers.d: shorten the ArgDaniel Stenberg
2020-05-13sasl-authzid.d: add Arg: and shorten the descDaniel Stenberg
2020-05-13cert-type.d: mention the available types in the descDaniel Stenberg
2020-05-13tool: shorten 3 --help descriptionsDaniel Stenberg
--happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort gen.pl already warned about these lines but we didn't listen Closes #5379
2020-05-13configure: the wolfssh backend does not provide SCPDaniel Stenberg
Closes #5387
2020-05-13RELEASE-NOTES: syncedDaniel Stenberg
2020-05-13url: reject too long input when parsing credentialsDaniel Stenberg
Since input passed to libcurl with CURLOPT_USERPWD and CURLOPT_PROXYUSERPWD circumvents the regular string length check we have in Curl_setstropt(), the input length limit is enforced in Curl_parse_login_details too, separately. Reported-by: Thomas Bouzerar Closes #5383
2020-05-12list-only.d: this option existed already in 4.0Daniel Stenberg
2020-05-12retry-all-errors.d: Shorten the summary lineJay Satiro
Follow-up to b995bb5 from a few moments ago. Reported-by: Daniel Stenberg Ref: https://github.com/curl/curl/commit/b995bb5#r39108929
2020-05-12easy: fix dangling pointer on easy_perform faildenzor
Closes https://github.com/curl/curl/pull/5363
2020-05-12tool: Add option --retry-all-errors to retry on any errorJay Satiro
The "sledgehammer" of retrying. Closes https://github.com/curl/curl/pull/5185
2020-05-12libcurl.pc: Merge Libs.private into Libs for static-only buildsJames Le Cuirot
A project being built entirely statically will call pkg-config with --static, which utilises the Libs.private field. Conversely it will not use --static when not being built entirely statically, even if there is only a static build of libcurl available. This will most likely cause the build to fail due to underlinking unless we merge the Libs fields. Consider that this is what the Meson build system does when it generates pkg-config files. I have also reflected this in the --libs argument of curl-config even though REQUIRE_LIB_DEPS always seems to be "yes" anyway. Closes #5373