aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-10-05INTERNALS: escape reference to parameterDaniel Gustafsson
The parameter reference <string> was causing rendering issues in the generated HTML page, as <string> isn't a valid HTML tag. Fix by back- tick escaping it. Closes #3099 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-05checksrc: handle zero scoped ignore commandsDaniel Gustafsson
If a !checksrc! disable command specified to ignore zero errors, it was still added to the ignore block even though nothing was ignored. While there were no blocks ignored that shouldn't be ignored, the processing ended with with a warning: <filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE) /* !checksrc! disable LONGLINE 0 */ ^ Fix by instead treating a zero ignore as a a badcommand and throw a warning for that one. Closes #3096 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-05checksrc: enable strict mode and warningsDaniel Gustafsson
Enable strict and warnings mode for checksrc to ensure we aren't missing anything due to bugs in the checking code. This uncovered a few things which are all fixed in this commit: * several variables were used uninitialized * several variables were not defined in the correct scope * the whitelist filehandle was read even if the file didn't exist * the enable_warn() call when a disable counter had expired was passing incorrect variables, but since the checkwarn() call is unlikely to hit (the counter is only decremented to zero on actual ignores) it didn't manifest a problem. Closes #3090 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-10-05CMake: suppress MSVC warning C4127 for libtestMarcel Raad
It's issued by older Windows SDKs (prior to version 8.0).
2018-10-05Merge branch 'dmitrykos-fix_missing_CMake_defines'Sergei Nikulov
2018-10-05cmake: test and set missed defines during configurationdmitrykos
Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC. Closes #3097
2018-10-05AppVeyor: disable test 500Marcel Raad
It almost always results in "starttransfer vs total: 0.000001 0.000000". I cannot reproduce this locally, so disable it for now. Closes https://github.com/curl/curl/pull/3100
2018-10-05AppVeyor: set custom install prefixMarcel Raad
CMake's default has spaces and in 32-bit mode parentheses, which result in syntax errors in curl-config. Closes https://github.com/curl/curl/pull/3100
2018-10-05AppVeyor: Remove non-SSL non-test buildsMarcel Raad
They don't add much value. Closes https://github.com/curl/curl/pull/3100
2018-10-05AppVeyor: run test suiteMarcel Raad
Use the preinstalled MSYS2 bash for that. Disable test 1139 as the CMake build doesn't generate curl.1. Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224 Closes https://github.com/curl/curl/pull/3100
2018-10-05AppVeyor: use in-tree buildMarcel Raad
Required to run the tests. Closes https://github.com/curl/curl/pull/3100
2018-10-04doh: make sure TTL isn't re-inited by second (discarded?) responseDaniel Stenberg
Closes #3092
2018-10-04test320: strip out more HTML when comparingDaniel Stenberg
To make the test case work with different gnutls-serv versions better. Reported-by: Kamil Dudka Fixes #3093 Closes #3094
2018-10-04runtests: use Windows paths for Windows curlMarcel Raad
curl generated by CMake's Visual Studio generator has "Windows" in the version number.
2018-10-04tests/negtelnetserver.py: fix Python2-ism in neg TELNET serverColin Hogben
Fix problems caused by differences in treatment of bytes objects between python2 and python3. Fixes #2929 Closes #3080
2018-10-03memory: ensure to check allocation resultsDaniel Gustafsson
The result of a memory allocation should always be checked, as we may run under memory pressure where even a small allocation can fail. This adds checking and error handling to a few cases where the allocation wasn't checked for success. In the ftp case, the freeing of the path variable is moved ahead of the allocation since there is little point in keeping it around across the strdup, and the separation makes for more readable code. In nwlib, the lock is aslo freed in the error path. Also bumps the copyright years on affected files. Closes #3084 Reviewed-by: Jay Satiro <raysatiro@yahoo.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03comment: Fix multiple typos in function parametersDaniel Gustafsson
Ensure that the parameters in the comment match the actual names in the prototype. Closes #3079 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03CURLOPT_SSLVERSION.3: fix typos and consistent spellingDaniel Gustafsson
Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was already done in all but a few cases. Also fix a few typos. Closes #3076 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03SECURITY-PROCESS: make links into hyperlinksDaniel Gustafsson
Use proper Markdown hyperlink format for the Bountygraph links in order for the generated website page to be more user friendly. Also link to the sponsors to give them a little extra credit. Closes #3082 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-03CURLOPT_HEADER.3: fix typoJay Satiro
2018-10-03nss: fix nssckbi module loading on WindowsJay Satiro
- Use .DLL extension instead of .so to load modules on Windows. Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html Reported-by: Maxime Legros Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442 Closes https://github.com/curl/curl/pull/3086
2018-10-03data-binary.d: clarify default content-type is x-www-form-urlencodedJay Satiro
- Advise user that --data-binary sends a default content type of x-www-form-urlencoded, and to have the data treated as arbitrary binary data by the server set the content-type header to octet-stream. Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094 Closes https://github.com/curl/curl/pull/3085
2018-10-02test1299: use single quotes around asteriskMarcel Raad
Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580
2018-10-02docs/CIPHERS: mention the colon separation for OpenSSLDaniel Stenberg
Bug: #3077
2018-10-02runtests: ignore disabled even when ranges are givenDaniel Stenberg
runtests.pl support running a range of tests, like "44 to 127". Starting now, the code makes sure that even such given ranges will ignore tests that are marked as disabled. Disabled tests can still be run by explictly specifying that test number. Closes #3075
2018-10-02urlapi: starting with a drive letter on win32 is not an abs urlDaniel Stenberg
... and libcurl doesn't support any single-letter URL schemes (if there even exist any) so it should be fairly risk-free. Reported-by: Marcel Raad Fixes #3070 Closes #3071
2018-10-02doh: fix curl_easy_setopt argument typeMarcel Raad
CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit MinGW.
2018-10-02RELEASE-NOTES: syncedDaniel Stenberg
2018-10-01CMake: Improve config installationRuslan Baratov
Use 'GNUInstallDirs' standard module to set destinations of installed files. Use uppercase "CURL" names instead of lowercase "curl" to match standard 'FindCURL.cmake' CMake module: * https://cmake.org/cmake/help/latest/module/FindCURL.html Meaning: * Install 'CURLConfig.cmake' instead of 'curl-config.cmake' * User should call 'find_package(CURL)' instead of 'find_package(curl)' Use 'configure_package_config_file' function to generate 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template file smaller and handle components better. E.g. current configuration report no error if user specified unknown components (note: new configuration expects no components, report error if user will try to specify any). Closes https://github.com/curl/curl/pull/2849
2018-10-01test1650: make it depend on http/2Daniel Stenberg
Follow-up to 570008c99da0ccbb as it gets link errors. Reported-by: Michael Kaufmann Closes #3068
2018-10-01MANUAL: minor grammar fixNate Prewitt
Noticed a typo reading through the docs. Closes #3069
2018-09-30doh: only build if h2 enabledDaniel Stenberg
The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version of HTTP for use with DoH". Reported-by: Marcel Raad Closes #3066
2018-09-29test2100: require http2 to runDaniel Stenberg
Reported-by: Marcel Raad Fixes #3064 Closes #3065
2018-09-29multi: fix memory leak in content encoding related error pathDaniel Stenberg
... a missing multi_done() call. Credit to OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728 Closes #3063
2018-09-29travis: bump the Secure Transport build to use xcode 10Daniel Stenberg
Due to an issue with travis (https://github.com/travis-ci/travis-ci/issues/9956) we've been using Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as an alternative and as it builds curl+darwinssl fine that seems like a better choice. Closes #3062
2018-09-29curl: enabled Windows VT Support and UTF-8 outputRich Turner
Enabled Console VT support (if running OS supports VT) in tool_main.c. Fixes #3008 Closes #3011
2018-09-28multi: fix location URL memleak in error pathDaniel Stenberg
Follow-up to #3044 - fix a leak OSS-Fuzz detected Closes #3057
2018-09-28cmake: fixed path used in generation of docs/tests during curl build through ↵Sergei Nikulov
add_subdicectory(...)
2018-09-28cmake: Backport to work with CMake 3.0 againBrad King
Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake: bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix issue #2746. This broke support for users on older versions of CMake even if they just want to build curl and do not care whether transitive dependencies work. Backport the logic to work with CMake 3.0 again by implementing the fix only when the version of CMake is at least 3.4.
2018-09-27curl_threads: fix classic MinGW compile breakMarcel Raad
Classic MinGW still has _beginthreadex's return type as unsigned long instead of uintptr_t [0]. uintptr_t is not even defined because of [1]. [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167 [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90 Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807 Closes https://github.com/curl/curl/pull/3051
2018-09-26configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSEDaniel Stenberg
fix a few leftovers Fixes #3006 Closes #3049
2018-09-26example/htmltidy: fix include paths of tidy librariesDoron Behar
Closes #3050
2018-09-26RELEASE-NOTES: syncedDaniel Stenberg
2018-09-25Curl_http2_done: fix memleak in error pathDaniel Stenberg
Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for early failures. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669 Closes #3046
2018-09-25http: fix memleak in rewind error pathDaniel Stenberg
If the rewind would fail, a strdup() would not get freed. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 Closes #3044
2018-09-24test320: fix regression in [ci skip]Viktor Szakats
The value in question is coming directly from `gnutls-serv`, so it cannot be modified freely. Reported-by: Marcel Raad Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004
2018-09-24Curl_retry_request: fix memory leakDaniel Stenberg
Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648 Closes #3042
2018-09-24openssl: load built-in engines tooDaniel Stenberg
Regression since 38203f1 Reported-by: Jean Fabrice Fixes #3023 Closes #3040
2018-09-24OpenSSL: enable TLS 1.3 post-handshake authChristian Heimes
OpenSSL 1.1.1 requires clients to opt-in for post-handshake authentication. Fixes: https://github.com/curl/curl/issues/3026 Signed-off-by: Christian Heimes <christian@python.org> Closes https://github.com/curl/curl/pull/3027
2018-09-24Curl_dedotdotify(): always nul terminate returned string.Even Rouault
This fixes potential out-of-buffer access on "file:./" URL $ valgrind curl "file:./" ==24516== Memcheck, a memory error detector ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24516== Command: /home/even/install-curl-git/bin/curl file:./ ==24516== ==24516== Conditional jump or move depends on uninitialised value(s) ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24516== by 0x4EBB315: seturl (urlapi.c:801) ==24516== by 0x4EBB568: parseurl (urlapi.c:861) ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) ==24516== by 0x4E67AEF: create_conn (url.c:3613) ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) ==24516== by 0x4E7558C: easy_transfer (easy.c:686) ==24516== by 0x4E75801: easy_perform (easy.c:779) ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) Was originally spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 Credit to OSS-Fuzz Closes #3039