aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-11-22url: reject ASCII control characters and space in host namesDaniel Stenberg
Host names like "127.0.0.1 moo" would otherwise be accepted by some getaddrinfo() implementations. Updated test 1034 and 1035 accordingly. Fixes #2073 Closes #2092
2017-11-21Curl_open: fix OOM return error correctlyDaniel Stenberg
Closes #2098
2017-11-21http2: fix "Value stored to 'end' is never read" scan-build errorDaniel Stenberg
2017-11-21http2: fix "Value stored to 'hdbuf' is never read" scan-build errorDaniel Stenberg
2017-11-21openssl: fix "Value stored to 'rc' is never read" scan-build errorDaniel Stenberg
2017-11-21mime: fix "Value stored to 'sz' is never read" scan-build errorDaniel Stenberg
2017-11-21Curl_llist_remove: fix potential NULL pointer derefDaniel Stenberg
Fixes a scan-build warning.
2017-11-21ntlm: remove unnecessary NULL-check to please scan-buildDaniel Stenberg
2017-11-20BUGS: spellcheckedDaniel Stenberg
2017-11-18examples/curlx: Fix code stylefmmedeiros
- Add braces around multi-line if statement. Closes https://github.com/curl/curl/pull/2096
2017-11-17resolve: allow IP address within [] bracketsDaniel Stenberg
... so that IPv6 addresses can be passed like they can for connect-to and how they're used in URLs. Added test 1324 to verify Reported-by: Alex Malinovich Fixes #2087 Closes #2091
2017-11-15macOS: Fix missing connectx function with Xcode version older than 9.0Pavol Markovic
The previous fix https://github.com/curl/curl/pull/1788 worked just for Xcode 9. This commit extends the fix to older Xcode versions effectively by not using connectx function. Fixes https://github.com/curl/curl/issues/1330 Fixes https://github.com/curl/curl/issues/2080 Closes https://github.com/curl/curl/pull/1336 Closes #2082
2017-11-15openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEYDirk Feytons
Fixes #2079 Closes #2081
2017-11-14TODO: ignore private IP addresses in PASV responseDaniel Stenberg
Closes #1455
2017-11-14RELEASE-NOTES: synced with ae7369b6dDaniel Stenberg
2017-11-14URL: return error on malformed URLs with junk after IPv6 bracketMichael Kaufmann
Follow-up to aadb7c7. Verified by new test 1263. Closes #2072
2017-11-14INTERNALS: we may use libidn2 now, not libidnDaniel Stenberg
2017-11-13zlib/brotli: only include header files in modules needing themPatrick Monnerat
There is a conflict on symbol 'free_func' between openssl/crypto.h and zlib.h on AIX. This is an attempt to resolve it. Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html Reported-By: Michael Felt
2017-11-13SMB: fix uninitialized local variableDaniel Stenberg
Reported-by: Brian Carpenter
2017-11-12connect.c: remove executable bit on fileOrgad Shaneh
Closes #2071
2017-11-12README.md: fixed layouthsiao yi
Closes #2069
2017-11-10setopt: split out curl_easy_setopt() to its own fileDaniel Stenberg
... to make url.c smaller. Closes #1944
2017-11-10cmake: Add missing setmode checkJohn Starks
Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this, curl will corrupt binary files when writing them to stdout on Windows. Closes https://github.com/curl/curl/pull/2067
2017-11-10curl_share_setopt: va_end was not called if conncache errorsDaniel Stenberg
CID 984459, detected by Coverity
2017-11-10cmake: Correctly include curl.rc in Windows builds (#2064)John Starks
Update CMakeLists.txt to add curl.rc to the correct list.
2017-11-09RELEASE-NOTES: synced with 32828cc4fDaniel Stenberg
2017-11-09--interface: add support for Linux VRFLuca Boccassi
The --interface command (CURLOPT_INTERFACE option) already uses SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP address first, which fails in case the user passes a VRF. Try to use the socket option immediately and parse it as a fallback instead. Update the documentation to mention this feature, and that it requires the binary to be ran by root or with CAP_NET_RAW capabilities for this to work. Closes #2024
2017-11-09curl_share_setopt.3: document CURL_LOCK_DATA_CONNECTDaniel Stenberg
Closes #2043
2017-11-09examples: add shared-connection-cacheDaniel Stenberg
2017-11-09test1554: verify connection cache sharingDaniel Stenberg
2017-11-09share: add support for sharing the connection cacheDaniel Stenberg
2017-11-09imap: deal with commands case insensitivelyDaniel Stenberg
As documented in RFC 3501 section 9: https://tools.ietf.org/html/rfc3501#section-9 Closes #2061
2017-11-09connect: store IPv6 connection status after valid connectionDaniel Stenberg
... previously it would store it already in the happy eyeballs stage which could lead to the IPv6 bit being set for an IPv4 connection, leading to curl not wanting to do EPSV=>PASV for FTP transfers. Closes #2053
2017-11-09curl_multi_fdset.3: emphasize curl_multi_timeoutDaniel Stenberg
... even when there's no socket to wait for, the timeout can still be very short.
2017-11-09content_encoding: fix inflate_stream for no bytes availableJay Satiro
- Don't call zlib's inflate() when avail_in stream bytes is 0. This is a follow up to the parent commit 19e66e5. Prior to that change libcurl's inflate_stream could call zlib's inflate even when no bytes were available, causing inflate to return Z_BUF_ERROR, and then inflate_stream would treat that as a hard error and return CURLE_BAD_CONTENT_ENCODING. According to the zlib FAQ, Z_BUF_ERROR is not fatal. This bug would happen randomly since packet sizes are arbitrary. A test of 10,000 transfers had 55 fail (ie 0.55%). Ref: https://zlib.net/zlib_faq.html#faq05 Closes https://github.com/curl/curl/pull/2060
2017-11-07content_encoding: do not write 0 length dataPatrick Monnerat
2017-11-06fnmatch: remove dead codeDaniel Stenberg
There was a duplicate check for backslashes in the setcharset() function. Coverity CID 1420611
2017-11-06url: remove unncessary NULL-checkDaniel Stenberg
Since 'conn' won't be NULL in there and we also access the pointer in there without the check. Coverity CID 1420610
2017-11-06src/Makefile.m32: fix typo in brotli lib customizationViktor Szakats
Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31
2017-11-05Makefile.m32: allow to customize brotli libsViktor Szakats
It adds the ability to link against static brotli libs. Also fix brotli include path.
2017-11-05travis: add a job with brotli enabledPatrick Monnerat
2017-11-05Makefile.m32: add brotli supportViktor Szakats
2017-11-05HTTP: implement Brotli content encodingPatrick Monnerat
This uses the brotli external library (https://github.com/google/brotli). Brotli becomes a feature: additional curl_version_info() bit and structure fields are provided for it and CURLVERSION_NOW bumped. Tests 314 and 315 check Brotli content unencoding with correct and erroneous data. Some tests are updated to accomodate with the now configuration dependent parameters of the Accept-Encoding header.
2017-11-05HTTP: support multiple Content-EncodingsPatrick Monnerat
This is implemented as an output streaming stack of unencoders, the last calling the client write procedure. New test 230 checks this feature. Bug: https://github.com/curl/curl/pull/2002 Reported-By: Daniel Bankhead
2017-11-04url: remove arg value check from CURLOPT_SSH_AUTH_TYPESJay Satiro
Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value check on this option is incorrect; we have to accept any value. Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120
2017-11-04ntlm: avoid malloc(0) for zero length passwordsDaniel Stenberg
It triggers an assert() when built with memdebug since malloc(0) may return NULL *or* a valid pointer. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054 Assisted-by: Max Dymond Closes #2054
2017-11-04RELEASE-NOTES: synced with ee8016b3dDaniel Stenberg
2017-11-04curl: speed up handling of many URLsDaniel Stenberg
By properly keeping track of the last entry in the list of URLs/uploads to handle, curl now avoids many meaningless traverses of the list which speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K URLs). Added test 1291, to verify that it doesn't take ages - but we don't have any detection of "too slow" command in the test suite. Reported-by: arainchik on github Fixes #1959 Closes #2052
2017-11-04curl: pass through [] in URLs instead of calling globbing errorDaniel Stenberg
Assisted-by: Per Lundberg Fixes #2044 Closes #2046 Closes #2048
2017-11-03CURLOPT_INFILESIZE: accept -1Daniel Stenberg
Regression since f121575 Reported-by: Petr Voytsik Fixes #2047