aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-10-04doh: make sure TTL isn't re-inited by second (discarded?) responseDaniel Stenberg
Closes #3092
2018-10-04test320: strip out more HTML when comparingDaniel Stenberg
To make the test case work with different gnutls-serv versions better. Reported-by: Kamil Dudka Fixes #3093 Closes #3094
2018-10-04runtests: use Windows paths for Windows curlMarcel Raad
curl generated by CMake's Visual Studio generator has "Windows" in the version number.
2018-10-04tests/negtelnetserver.py: fix Python2-ism in neg TELNET serverColin Hogben
Fix problems caused by differences in treatment of bytes objects between python2 and python3. Fixes #2929 Closes #3080
2018-10-03memory: ensure to check allocation resultsDaniel Gustafsson
The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03comment: Fix multiple typos in function parametersDaniel Gustafsson
Ensure that the parameters in the comment match the actual names in the prototype. Closes #3079 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03CURLOPT_SSLVERSION.3: fix typos and consistent spellingDaniel Gustafsson
Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was already done in all but a few cases. Also fix a few typos. Closes #3076 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03SECURITY-PROCESS: make links into hyperlinksDaniel Gustafsson
Use proper Markdown hyperlink format for the Bountygraph links in order for the generated website page to be more user friendly. Also link to the sponsors to give them a little extra credit. Closes #3082 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03CURLOPT_HEADER.3: fix typoJay Satiro
2018-10-03nss: fix nssckbi module loading on WindowsJay Satiro
- Use .DLL extension instead of .so to load modules on Windows. Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html Reported-by: Maxime Legros Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442 Closes https://github.com/curl/curl/pull/3086
2018-10-03data-binary.d: clarify default content-type is x-www-form-urlencodedJay Satiro
- Advise user that --data-binary sends a default content type of x-www-form-urlencoded, and to have the data treated as arbitrary binary data by the server set the content-type header to octet-stream. Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094 Closes https://github.com/curl/curl/pull/3085
2018-10-02test1299: use single quotes around asteriskMarcel Raad
Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580
2018-10-02docs/CIPHERS: mention the colon separation for OpenSSLDaniel Stenberg
Bug: #3077
2018-10-02runtests: ignore disabled even when ranges are givenDaniel Stenberg
runtests.pl support running a range of tests, like "44 to 127". Starting now, the code makes sure that even such given ranges will ignore tests that are marked as disabled. Disabled tests can still be run by explictly specifying that test number. Closes #3075
2018-10-02urlapi: starting with a drive letter on win32 is not an abs urlDaniel Stenberg
... and libcurl doesn't support any single-letter URL schemes (if there even exist any) so it should be fairly risk-free. Reported-by: Marcel Raad Fixes #3070 Closes #3071
2018-10-02doh: fix curl_easy_setopt argument typeMarcel Raad
CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit MinGW.
2018-10-02RELEASE-NOTES: syncedDaniel Stenberg
2018-10-01CMake: Improve config installationRuslan Baratov
Use 'GNUInstallDirs' standard module to set destinations of installed files. Use uppercase "CURL" names instead of lowercase "curl" to match standard 'FindCURL.cmake' CMake module: * https://cmake.org/cmake/help/latest/module/FindCURL.html Meaning: * Install 'CURLConfig.cmake' instead of 'curl-config.cmake' * User should call 'find_package(CURL)' instead of 'find_package(curl)' Use 'configure_package_config_file' function to generate 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template file smaller and handle components better. E.g. current configuration report no error if user specified unknown components (note: new configuration expects no components, report error if user will try to specify any). Closes https://github.com/curl/curl/pull/2849
2018-10-01test1650: make it depend on http/2Daniel Stenberg
Follow-up to 570008c99da0ccbb as it gets link errors. Reported-by: Michael Kaufmann Closes #3068
2018-10-01MANUAL: minor grammar fixNate Prewitt
Noticed a typo reading through the docs. Closes #3069
2018-09-30doh: only build if h2 enabledDaniel Stenberg
The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version of HTTP for use with DoH". Reported-by: Marcel Raad Closes #3066
2018-09-29test2100: require http2 to runDaniel Stenberg
Reported-by: Marcel Raad Fixes #3064 Closes #3065
2018-09-29multi: fix memory leak in content encoding related error pathDaniel Stenberg
... a missing multi_done() call. Credit to OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728 Closes #3063
2018-09-29travis: bump the Secure Transport build to use xcode 10Daniel Stenberg
Due to an issue with travis (https://github.com/travis-ci/travis-ci/issues/9956) we've been using Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as an alternative and as it builds curl+darwinssl fine that seems like a better choice. Closes #3062
2018-09-29curl: enabled Windows VT Support and UTF-8 outputRich Turner
Enabled Console VT support (if running OS supports VT) in tool_main.c. Fixes #3008 Closes #3011
2018-09-28multi: fix location URL memleak in error pathDaniel Stenberg
Follow-up to #3044 - fix a leak OSS-Fuzz detected Closes #3057
2018-09-28cmake: fixed path used in generation of docs/tests during curl build through ↵Sergei Nikulov
add_subdicectory(...)
2018-09-28cmake: Backport to work with CMake 3.0 againBrad King
Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake: bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix issue #2746. This broke support for users on older versions of CMake even if they just want to build curl and do not care whether transitive dependencies work. Backport the logic to work with CMake 3.0 again by implementing the fix only when the version of CMake is at least 3.4.
2018-09-27curl_threads: fix classic MinGW compile breakMarcel Raad
Classic MinGW still has _beginthreadex's return type as unsigned long instead of uintptr_t [0]. uintptr_t is not even defined because of [1]. [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167 [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90 Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807 Closes https://github.com/curl/curl/pull/3051
2018-09-26configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSEDaniel Stenberg
fix a few leftovers Fixes #3006 Closes #3049
2018-09-26example/htmltidy: fix include paths of tidy librariesDoron Behar
Closes #3050
2018-09-26RELEASE-NOTES: syncedDaniel Stenberg
2018-09-25Curl_http2_done: fix memleak in error pathDaniel Stenberg
Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for early failures. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669 Closes #3046
2018-09-25http: fix memleak in rewind error pathDaniel Stenberg
If the rewind would fail, a strdup() would not get freed. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 Closes #3044
2018-09-24test320: fix regression in [ci skip]Viktor Szakats
The value in question is coming directly from `gnutls-serv`, so it cannot be modified freely. Reported-by: Marcel Raad Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004
2018-09-24Curl_retry_request: fix memory leakDaniel Stenberg
Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648 Closes #3042
2018-09-24openssl: load built-in engines tooDaniel Stenberg
Regression since 38203f1 Reported-by: Jean Fabrice Fixes #3023 Closes #3040
2018-09-24OpenSSL: enable TLS 1.3 post-handshake authChristian Heimes
OpenSSL 1.1.1 requires clients to opt-in for post-handshake authentication. Fixes: https://github.com/curl/curl/issues/3026 Signed-off-by: Christian Heimes <christian@python.org> Closes https://github.com/curl/curl/pull/3027
2018-09-24Curl_dedotdotify(): always nul terminate returned string.Even Rouault
This fixes potential out-of-buffer access on "file:./" URL $ valgrind curl "file:./" ==24516== Memcheck, a memory error detector ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24516== Command: /home/even/install-curl-git/bin/curl file:./ ==24516== ==24516== Conditional jump or move depends on uninitialised value(s) ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24516== by 0x4EBB315: seturl (urlapi.c:801) ==24516== by 0x4EBB568: parseurl (urlapi.c:861) ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) ==24516== by 0x4E67AEF: create_conn (url.c:3613) ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) ==24516== by 0x4E7558C: easy_transfer (easy.c:686) ==24516== by 0x4E75801: easy_perform (easy.c:779) ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) Was originally spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 Credit to OSS-Fuzz Closes #3039
2018-09-23update URLs in testsViktor Szakats
- and one in docs/MANUAL as well Closes https://github.com/curl/curl/pull/3038
2018-09-23whitespace fixesViktor Szakats
- replace tabs with spaces where possible - remove line ending spaces - remove double/triple newlines at EOF - fix a non-UTF-8 character - cleanup a few indentations/line continuations in manual examples Closes https://github.com/curl/curl/pull/3037
2018-09-23http: add missing return code checkDaniel Stenberg
Detected by Coverity. CID 1439610. Follow-up from 46e164069d1a523 Closes #3034
2018-09-23ftp: don't access pointer before NULL checkDaniel Stenberg
Detected by Coverity. CID 1439611. Follow-up from 46e164069d1a523
2018-09-23unit1650: fix out of boundary accessDaniel Stenberg
Fixes #2987 Closes #3035
2018-09-23docs/examples: URL updatesViktor Szakats
- also update two URLs outside of docs/examples - fix spelling of filename persistant.c - fix three long lines that started failing checksrc.pl Closes https://github.com/curl/curl/pull/3036
2018-09-22examples/Makefile.m32: sync with core [ci skip]Viktor Szakats
also: - fix two warnings in synctime.c (one of them Windows-specific) - upgrade URLs in synctime.c and remove a broken one Closes https://github.com/curl/curl/pull/3033
2018-09-22examples/parseurl.c: show off the URL API a bitDaniel Stenberg
Closes #3030
2018-09-22SECURITY-PROCESS: mention the bountygraph program [ci skip]Daniel Stenberg
Closes #3032
2018-09-22url: use the URL API internally as wellDaniel Stenberg
... to make it a truly unified URL parser. Closes #3017
2018-09-22URL and mailmap updates, remove an obsolete directory [ci skip]Viktor Szakats
Closes https://github.com/curl/curl/pull/3031