aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-11-02mprintf: avoid unsigned integer overflow warningTim Rühsen
The overflow has no real world impact. Just avoid it for "best practice". Code change suggested by "The Infinnovation Team" and Daniel Stenberg. Closes #3184
2018-11-02Curl_follow: accept non-supported schemes for "fake" redirectsDaniel Stenberg
When not actually following the redirect and the target URL is only stored for later retrieval, curl always accepted "non-supported" schemes. This was a regression from 46e164069d1a5230. Reported-by: Brad King Fixes #3210 Closes #3215
2018-11-02openvms: fix example nameDaniel Gustafsson
Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to fix the typo in the name, but missed to update the OpenVMS package files which still looked for the old name. Closes #3217 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Viktor Szakats <commit@vszakats.net>
2018-11-01configure: show CFLAGS, LDFLAGS etc in summaryDaniel Stenberg
To make it easier to understand other people's and remote builds etc. Closes #3207
2018-11-01version: bump for next cycleDaniel Stenberg
2018-11-01axtls: removedDaniel Stenberg
As has been outlined in the DEPRECATE.md document, the axTLS code has been disabled for 6 months and is hereby removed. Use a better supported TLS library! Assisted-by: Daniel Gustafsson Closes #3194
2018-11-01schannel: make CURLOPT_CERTINFO support using Issuer chainmarcosdiazr
Closes #3197
2018-11-01travis: build with sanitize=address,undefined,signed-integer-overflowDaniel Stenberg
... using clang Closes #3190
2018-11-01schannel: use Curl_ prefix for global private symbolsDaniel Stenberg
Curl_verify_certificate() must use the Curl_ prefix since it is globally available in the lib and otherwise steps outside of our namespace! Closes #3201
2018-11-01tests: drop http_pipe.py script no longer usedKamil Dudka
It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135. Closes #3204
2018-10-31runtests: use the local curl for verifyingDaniel Stenberg
... revert the mistaken change brought in commit 8440616f53. Reported-by: Alessandro Ghedini Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html Closes #3198
2018-10-30RELEASE-NOTES: 7.62.0Daniel Stenberg
2018-10-30THANKS: 7.62.0 statusDaniel Stenberg
2018-10-30vtls: add MesaLink to curl_sslbackend enumDaniel Gustafsson
MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the backend was never added to the curl_sslbackend enum in curl/curl.h. This adds the new backend to the enum and updates the relevant docs. Closes #3195 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-30cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variableRuslan Baratov
Closes #3191
2018-10-30test2080: verify the fix for CVE-2018-16842Daniel Stenberg
2018-10-30voutf: fix bad arethmetic when outputting warnings to stderrDaniel Stenberg
CVE-2018-16842 Reported-by: Brian Carpenter Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
2018-10-29cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.inTuomo Rinne
Closes #3123
2018-10-29cmake: add find_dependency call for ZLIB to CMake config fileTuomo Rinne
2018-10-29cmake: add support for transitive ZLIB targetTuomo Rinne
2018-10-29unit1650: fix "null pointer passed as argument 1 to memcmp"Daniel Stenberg
Detected by UndefinedBehaviorSanitizer Closes #3187
2018-10-29travis: add a "make tidy" build that runs clang-tidyDaniel Stenberg
Closes #3182
2018-10-29unit1300: fix stack-use-after-scope AddressSanitizer warningDaniel Stenberg
Closes #3186
2018-10-29Curl_auth_create_plain_message: fix too-large-input-checkDaniel Stenberg
CVE-2018-16839 Reported-by: Harry Sintonen Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2018-10-29Curl_close: clear data->multi_easy on free to avoid use-after-freeDaniel Stenberg
Regression from b46cfbc068 (7.59.0) CVE-2018-16840 Reported-by: Brian Carpenter (Geeknik Labs) Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
2018-10-27system.h: use proper setting with Sun C++ as wellrandomswdev
system.h selects the proper Sun settings when __SUNPRO_C is defined. The Sun compiler does not define it when compiling C++ files. I'm adding a check also on __SUNPRO_CC to allow curl to work properly also when used in a C++ project on Sun Solaris. Closes #3181
2018-10-27rand: add comment to skip a clang-tidy false positiveDaniel Stenberg
2018-10-27test1651: unit test Curl_extract_certinfo()Daniel Stenberg
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
2018-10-27x509asn1: always check return code from getASN1Element()Daniel Stenberg
2018-10-27Makefile: add 'tidy' target that runs clang-tidyDaniel Stenberg
Available in the root, src and lib dirs. Closes #3163
2018-10-27RELEASE-PROCEDURE: adjust the release datesDaniel Stenberg
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
2018-10-27x509asn1: suppress left shift on signed valuePatrick Monnerat
Use an unsigned variable: as the signed operation behavior is undefined, this change silents clang-tidy about it. Ref: https://github.com/curl/curl/pull/3163 Reported-By: Daniel Stenberg
2018-10-27multi: Fix error handling in the SENDPROTOCONNECT stateMichael Kaufmann
If Curl_protocol_connect() returns an error code, handle the error instead of switching to the next state. Closes #3170
2018-10-27RELEASE-NOTES: syncedDaniel Stenberg
2018-10-27openssl: output the correct cipher list on TLS 1.3 errorDaniel Stenberg
When failing to set the 1.3 cipher suite, the wrong string pointer would be used in the error message. Most often saying "(nil)". Reported-by: Ricky-Tigg on github Fixes #3178 Closes #3180
2018-10-27docs/CIPHERS: fix the TLS 1.3 cipher namesDaniel Stenberg
... picked straight from the OpenSSL man page: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html Reported-by: Ricky-Tigg on github Bug: #3178
2018-10-27travis: install gnutls-bin packageMarcel Raad
This is required for gnutls-serv, which enables a few more tests. Closes https://github.com/curl/curl/pull/2958
2018-10-26ssh: free the session on init failuresDaniel Gustafsson
Ensure to clear the session object in case the libssh2 initialization fails. It could be argued that the libssh2 error function should be called to get a proper error message in this case. But since the only error path in libssh2_knownhost_init() is memory a allocation failure it's safest to avoid since the libssh2 error handling allocates memory. Closes #3179 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-26docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 dateDaniel Stenberg
... I'm moving it up one week due to travels. The rest stays.
2018-10-26openssl: make 'done' a proper booleanDaniel Gustafsson
Closes #3176
2018-10-26gtls: Values stored to but never readDaniel Stenberg
Detected by clang-tidy Closes #3176
2018-10-26curl.1: --ipv6 mutexes ipv4 (fixed typo)Alexey Eremikhin
Fixes #3171 Closes #3172
2018-10-26tool_main: make TerminalSettings staticDaniel Stenberg
Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819 Closes #3161
2018-10-26curl-config.in: remove dependency on bcDaniel Stenberg
Reported-by: Dima Pasechnik Fixes #3143 Closes #3174
2018-10-26rtmp: fix for compiling with lwIPGisle Vanem
Compiling on _WIN32 and with USE_LWIPSOCK, causes this error: curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt' setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO, ^ curl_rtmp.c(41,32): note: expanded from macro 'setsockopt' #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e) ^ Closes #3155
2018-10-25configure: remove CURL_CONFIGURE_CURL_SOCKLEN_TDaniel Stenberg
Follow-up to #3166 which did the cmake part of this. This type/define is not used. Closes #3168
2018-10-25cmake: remove unused variablesRuslan Baratov
Remove variables: * HAVE_SOCKLEN_T * CURL_SIZEOF_CURL_SOCKLEN_T * CURL_TYPEOF_CURL_SOCKLEN_T Closes #3166
2018-10-25urldata: Fix comment in headerMichael Kaufmann
The "connecting" function is used by multiple protocols, not only FTP
2018-10-25netrc: free temporary strings if memory allocation failsMichael Kaufmann
- Change the inout parameters after all needed memory has been allocated. Do not change them if something goes wrong. - Free the allocated temporary strings if strdup() fails. Closes #3122
2018-10-24config: Remove unused SIZEOF_VOIDPRuslan Baratov
Closes #3162