aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-08-13redirect: skip URL encoding for host namesSalah-Eddin Shaban
This fixes redirects to IDN URLs Fixes #1441 Closes #1762 Reported by: David Lord
2017-08-13test2032: mark as flaky (again)Daniel Stenberg
2017-08-12travis: test cmake build on tarball tooDaniel Stenberg
Could've prevented #1755
2017-08-12cmake: allow user to override CMAKE_DEBUG_POSTFIXSimon Warta
Closes #1763
2017-08-12connect-to.d: better languageDaniel Stenberg
2017-08-12connect-to.d: clarifiedDaniel Stenberg
2017-08-12bagder/Curl_tvdiff_us: fix the mathDaniel Stenberg
Regression since adef394ac5 (released in 7.55.0) Reported-by: Han Qiao Fixes #1769 Closes #1771
2017-08-12curl/system.h: add Oracle Solaris StudioDaniel Stenberg
Fixes #1752
2017-08-12docs: fix typo funtion -> functionAlessandro Ghedini
Closes #1770
2017-08-12docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT descriptionAlessandro Ghedini
2017-08-12docs: fix typo stuct -> structAlessandro Ghedini
2017-08-12test1447: require a curl with http supportDan Fandrich
2017-08-11curl/system.h: support more architecturesThomas Petazzoni
The long list of architectures in include/curl/system.h is annoying to maintain, and needs to be extended for each and every architecture to support. Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler (we are in the GNUC condition anyway), which tells us if long is 4 bytes or 8 bytes. This fixes the build of libcurl 7.55.0 on architectures such as OpenRISC or ARC. Closes #1766 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-08-11test2033: this went flaky againDaniel Stenberg
Suspicion: when we enabled the threaded resolver by default.
2017-08-11test1447: verifies the parse proxy fix in 6e0e152ce5cDaniel Stenberg
2017-08-11parse_proxy(): fix memory leak in case of invalid proxy server nameEven Rouault
Fixes the below leak: $ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1 curl: (5) Couldn't resolve proxy name ==5048== ==5048== HEAP SUMMARY: ==5048== in use at exit: 532 bytes in 12 blocks ==5048== total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated ==5048== ==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12 ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5048== by 0x4E6CB79: parse_login_details (url.c:5614) ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) ==5048== by 0x4E6EA18: create_conn (url.c:6498) ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) ==5048== by 0x4E7C515: easy_transfer (easy.c:708) ==5048== by 0x4E7C74A: easy_perform (easy.c:794) ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) ==5048== by 0x414025: operate_do (tool_operate.c:1563) ==5048== ==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12 ==5048== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==5048== by 0x4E6CBB6: parse_login_details (url.c:5621) ==5048== by 0x4E6BA82: parse_proxy (url.c:5091) ==5048== by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346) ==5048== by 0x4E6EA18: create_conn (url.c:6498) ==5048== by 0x4E6F9B4: Curl_connect (url.c:6967) ==5048== by 0x4E86D05: multi_runsingle (multi.c:1436) ==5048== by 0x4E88432: curl_multi_perform (multi.c:2160) ==5048== by 0x4E7C515: easy_transfer (easy.c:708) ==5048== by 0x4E7C74A: easy_perform (easy.c:794) ==5048== by 0x4E7C7B1: curl_easy_perform (easy.c:813) ==5048== by 0x414025: operate_do (tool_operate.c:1563) Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984 Credit to OSS Fuzz for discovery Closes #1761
2017-08-11RELEASE-NOTES: synced with 37f2195a9Daniel Stenberg
2017-08-11curlver: bump to 7.55.1Daniel Stenberg
2017-08-11openssl: fix "error: this statement may fall through"Daniel Stenberg
A gcc7 warning.
2017-08-11openssl: remove CONST_ASN1_BIT_STRING.David Benjamin
Just making the pointer as const works for the pre-1.1.0 path too. Closes #1759
2017-08-10maketgz: remove old *.dist files before making the tarballDaniel Stenberg
To avoid "old crap" unintentionally getting shipped. Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html Reported-by: Christian Weisgerber
2017-08-10mkhelp.pl: allow executing this script directlyJay Satiro
- Enable execute permission (chmod +x) - Change interpreter to /usr/bin/env perl Ref: https://github.com/curl/curl/issues/1743
2017-08-10configure: use the threaded resolver backend by default if possibleDaniel Stenberg
Closes #1647
2017-08-10cmake: move cmake_uninstall.cmake to CMake/Daniel Stenberg
Closes #1756
2017-08-10metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ insteadDaniel Stenberg
2017-08-10dist: fix the cmake build by shipping cmake_uninstall.cmake.in tooDaniel Stenberg
Fixes #1755
2017-08-10travis: verify "make install"Daniel Stenberg
Help-by: Jay Satiro Closes #1753
2017-08-10build: check out *.sln files with Windows line endingsMarcel Raad
Visual Studio doesn't like LF line endings in solution files and always converts them to CRLF when doing changes to the solution. Notably, this affects the solutions in the release archive. Closes https://github.com/curl/curl/pull/1746
2017-08-10gitignore: ignore top-level .vs folderMarcel Raad
This folder is generated when using the CMake build system from within Visual Studio. Closes https://github.com/curl/curl/pull/1746
2017-08-10digest_sspi: Don't reuse context if the user/passwd has changedJay Satiro
Bug: https://github.com/curl/curl/issues/1685 Reported-by: paulharris@users.noreply.github.com Assisted-by: Isaac Boukris Closes https://github.com/curl/curl/pull/1742
2017-08-09dist: Add dictserver.py/negtelnetserver.py to EXTRA_DISTAdam Sampson
These weren't included in the 7.55.0 release, but are required in order to run the full test suite. Closes #1744
2017-08-09curl: do bounds check using a double comparisonAdam Sampson
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't complete: if the parsed number in num is larger than will fit in a long, the conversion is undefined behaviour (causing test1427 to fail for me on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting rid of the cast means the comparison will be done using doubles. It might make more sense for the max argument to also be a double... Fixes #1750 Closes #1749
2017-08-09make install: add 8 missing man pages to the installationDaniel Stenberg
2017-08-09build: fix 'make install' with configure, install docs/libcurl/* tooDaniel Stenberg
Broken since d24838d4da9faa Reported-by: Bernard Spil
2017-08-09RELEASE-NOTES: curl 7.55.0Daniel Stenberg
2017-08-09THANKS: 20 new contributors in 7.55.0Daniel Stenberg
2017-08-08docs/comments: Update to secure URL versionsViktor Szakats
Closes #1741
2017-08-08configure: fix recv/send/select detection on AndroidDaniel Stenberg
... since they now provide several functions as __attribute__((overloadable)), the argument detection logic need updates. Patched-by: destman at github Fixes #1738 Closes #1739
2017-08-08ax_code_coverage.m4: update to latest versionMarcel Raad
This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d from August 01, 2017. Notably, this removes the lconv version whitelist. Closes https://github.com/curl/curl/pull/1716
2017-08-07test1427: verify command line parser integer overflow detectionDaniel Stenberg
2017-08-07curl: detect and bail out early on parameter integer overflowsDaniel Stenberg
Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
2017-08-07glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg
Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
2017-08-07tftp: reject file name lengths that don't fitDaniel Stenberg
... and thereby avoid telling send() to send off more bytes than the size of the buffer! CVE-2017-1000100 Bug: https://curl.haxx.se/docs/adv_20170809B.html Reported-by: Even Rouault Credit to OSS-Fuzz for the discovery
2017-08-07file: output the correct buffer to the userEven Rouault
Regression brought by 7c312f84ea930d8 (April 2017) CVE-2017-1000099 Bug: https://curl.haxx.se/docs/adv_20170809C.html Credit to OSS-Fuzz for the discovery
2017-08-06easy_events: make event data staticDaniel Stenberg
First: this function is only used in debug-builds and not in release/real builds. It is used to drive tests using the event-based API. A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the CURLMOPT_TIMERFUNCTION calback can in fact be called even after this funtion returns, namely when curl_multi_remove_handle() is called. Reported-by: Brian Carpenter
2017-08-05getparameter: avoid returning uninitialized 'usedarg'Daniel Stenberg
Fixes #1728
2017-08-05gssapi: fix memory leak of output token in multi round contextIsaac Boukris
When multiple rounds are needed to establish a security context (usually ntlm), we overwrite old token with a new one without free. Found by proposed gss tests using stub a gss implementation (by valgrind error), though I have confirmed the leak with a real gssapi implementation as well. Closes https://github.com/curl/curl/pull/1733
2017-08-05darwinssl: fix compiler warningMarcel Raad
clang complains: vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive [-Werror,-Wextra-tokens] This breaks the darwinssl build on Travis. Fix it by making this token a comment. Closes https://github.com/curl/curl/pull/1734
2017-08-04CMake: fix CURL_WERROR for MSVCMarcel Raad
When using CURL_WERROR in MSVC builds, the debug flags were overridden by the release flags and /WX got added twice in debug mode. Closes https://github.com/curl/curl/pull/1715
2017-08-04RELEASE-NOTES: synced with 561e9217cDaniel Stenberg