aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-12-02openssl: pkcs12 is supported by boringsslDaniel Stenberg
Removes another #ifdef for BoringSSL Pointed-out-by: David Benjamin Closes #2134
2017-12-02travis: use pip2 instead of pipJay Satiro
.. since now mac osx image expects pip2 or pip3, and doesn't know pip: 0.01s$ pip install --user cpp-coveralls /Users/travis/.travis/job_stages: line 57: pip: command not found Ref: https://github.com/travis-ci/travis-ci/issues/8829 Closes https://github.com/curl/curl/pull/2133
2017-12-01lib582: do not verify host for SFTPNikos Mavrogiannopoulos
This SFTP test fails with libssh back-end due to failure to verify the peer. Disable peer verification in the test as there seems to be the intention of the test. Note that the libssh back-end automatically verifies the peer's host using the default known_hosts file. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01libssh: added SFTP supportNikos Mavrogiannopoulos
The SFTP back-end supports asynchronous reading only, limited to 32-bit file length. Writing is synchronous with no other limitations. This also brings keyboard-interactive authentication. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01symbols-in-versions: added new symbols with 7.56.3 versionNikos Mavrogiannopoulos
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01.travis.yml: added build --with-libsshNikos Mavrogiannopoulos
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-12-01libssh2: return CURLE_UPLOAD_FAILED on failure to uploadNikos Mavrogiannopoulos
This brings its in sync with the error code returned by the libssh backend. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-12-01libssh2: send the correct CURLE error code on scp file not foundNikos Mavrogiannopoulos
That also updates tests to expect the right error code libssh2 back-end returns CURLE_SSH error if the remote file is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND which is sent by the libssh backend. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-12-01Added support for libssh SSH SCP back-endNikos Mavrogiannopoulos
libssh is an alternative library to libssh2. https://www.libssh.org/ That patch set also introduces support for ECDSA ed25519 keys, as well as gssapi authentication. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-12-01RELEASE-NOTES: synced with af8cc7a69Daniel Stenberg
2017-12-01curlver: towards 7.57.1Daniel Stenberg
2017-12-01lib: don't export all symbols, just everything curl_*W. Mark Kubacki
Absent any 'symbol map' or script to limit what gets exported, static linking of libraries previously resulted in a libcurl with curl's and those other symbols being (re-)exported. This did not happen if 'versioned symbols' were enabled (which is not the default) because then a version script is employed. This limits exports to everything starting in 'curl_*'., which is what "libcurl.vers" exports. This avoids strange side-effects such as with mixing methods from system libraries and those erroneously offered by libcurl. Closes #2127
2017-12-01SSL: Avoid magic allocation of SSL backend specific dataJohannes Schindelin
Originally, my idea was to allocate the two structures (or more precisely, the connectdata structure and the four SSL backend-specific strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so that they all could be free()d together. However, getting the alignment right is tricky. Too tricky. So let's just bite the bullet and allocate the SSL backend-specific data separately. As a consequence, we now have to be very careful to release the memory allocated for the SSL backend-specific data whenever we release any connectdata. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #2119
2017-12-01examples/xmlstream.c: don't switch off CURL_GLOBAL_SSLDaniel Stenberg
Reported-by: Dima Tisnek
2017-11-30travis: add boringssl buildDaniel Stenberg
Uses a separate build without --enable-debug and no valgrind. The debug option causes far too many warnings in boringssl's headers (C++ comments, trailing commas etc). Valgrind triggers some false positive errors in thread-local data used by boringssl. Closes #2118
2017-11-29RELEASE-NOTES: curl 7.57.0Daniel Stenberg
2017-11-29THANKS: added contributors from 7.57.0 releaseDaniel Stenberg
2017-11-27openssl: fix boringssl build againDaniel Stenberg
commit d3ab7c5a21e broke the boringssl build since it doesn't have RSA_flags(), so we disable that code block for boringssl builds. Reported-by: W. Mark Kubacki Fixes #2117
2017-11-27curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if providedDaniel Stenberg
2017-11-27libcurl-share.3: the connection cache is shareable nowDaniel Stenberg
2017-11-27global_init: ignore CURL_GLOBAL_SSL's absenseDaniel Stenberg
This bit is no longer used. It is not clear what it meant for users to "init the TLS" in a world with different TLS backends and since the introduction of multissl, libcurl didn't properly work if inited without this bit set. Not a single user responded to the call for users of it: https://curl.haxx.se/mail/lib-2017-11/0072.html Reported-by: Evgeny Grin Assisted-by: Jay Satiro Fixes #2089 Fixes #2083 Closes #2107
2017-11-27ntlm: avoid integer overflow for malloc sizeDaniel Stenberg
Reported-by: Alex Nichols Assisted-by: Kamil Dudka and Max Dymond CVE-2017-8816 Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
2017-11-27wildcardmatch: fix heap buffer overflow in setcharsetDaniel Stenberg
The code would previous read beyond the end of the pattern string if the match pattern ends with an open bracket when the default pattern matching function is used. Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161 CVE-2017-8817 Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
2017-11-27url: fix alignment of ssl_backend_data structJay Satiro
- Align the array of ssl_backend_data on a max 32 byte boundary. 8 is likely to be ok but I went with 32 for posterity should one of the ssl_backend_data structs change to contain a larger sized variable in the future. Prior to this change (since dev 70f1db3, release 7.56) the connectdata structure was undersized by 4 bytes in 32-bit builds with ssl enabled because long long * was mistakenly used for alignment instead of long long, with the intention being an 8 byte boundary. Also long long may not be an available type. The undersized connectdata could lead to oob read/write past the end in what was expected to be the last 4 bytes of the connection's secondary socket https proxy ssl_backend_data struct (the secondary socket in a connection is used by ftp, others?). Closes https://github.com/curl/curl/issues/2093 CVE-2017-8818 Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
2017-11-25ssh: remove check for a NULL pointer (!)Daniel Stenberg
With this check present, scan-build warns that we might dereference this point in other places where it isn't first checked for NULL. Thus, if it *can* be NULL we have a problem on a few places. However, this pointer should not be possible to be NULL here so I remove the check and thus also three different scan-build warnings. Closes #2111
2017-11-24test: add test for bad UNC/SMB path in file: URLMatthew Kerwin
2017-11-24test: add tests to ensure basic file: URLsMatthew Kerwin
2017-11-24URL: update "file:" URL handlingMatthew Kerwin
* LOTS of comment updates * explicit error for SMB shares (e.g. "file:////share/path/file") * more strict handling of authority (i.e. "//localhost/") * now accepts dodgy old "C:|" drive letters * more precise handling of drive letters in and out of Windows (especially recognising both "file:c:/" and "file:/c:/") Closes #2110
2017-11-24metalink: fix memory-leak and NULL pointer dereferenceDaniel Stenberg
Reported by scan-build Closes #2109
2017-11-24connect: add support for new TCP Fast Open API on LinuxAlessandro Ghedini
The new API added in Linux 4.11 only requires setting a socket option before connecting, without the whole sento() machinery. Notably, this makes it possible to use TFO with SSL connections on Linux as well, without the need to mess around with OpenSSL (or whatever other SSL library) internals. Closes #2056
2017-11-24make: fix "make distclean"Daniel Stenberg
Fixes #2097 Closes #2108
2017-11-23RELEASE-NOTES: synced with 31f18d272Daniel Stenberg
2017-11-23connect: improve the bind error messageJay Satiro
eg consider a non-existent interface eth8, curl --interface eth8 Before: curl: (45) Could not resolve host: eth8 After: curl: (45) Couldn't bind to 'eth8' Bug: https://github.com/curl/curl/issues/2104 Reported-by: Alfonso Martone
2017-11-23examples/rtsp: clear RANGE again after useDaniel Stenberg
Fixes #2106 Reported-by: youngchopin on github
2017-11-22test1264: verify URL with space in host name being rejectedMichael Kaufmann
2017-11-22url: reject ASCII control characters and space in host namesDaniel Stenberg
Host names like "127.0.0.1 moo" would otherwise be accepted by some getaddrinfo() implementations. Updated test 1034 and 1035 accordingly. Fixes #2073 Closes #2092
2017-11-21Curl_open: fix OOM return error correctlyDaniel Stenberg
Closes #2098
2017-11-21http2: fix "Value stored to 'end' is never read" scan-build errorDaniel Stenberg
2017-11-21http2: fix "Value stored to 'hdbuf' is never read" scan-build errorDaniel Stenberg
2017-11-21openssl: fix "Value stored to 'rc' is never read" scan-build errorDaniel Stenberg
2017-11-21mime: fix "Value stored to 'sz' is never read" scan-build errorDaniel Stenberg
2017-11-21Curl_llist_remove: fix potential NULL pointer derefDaniel Stenberg
Fixes a scan-build warning.
2017-11-21ntlm: remove unnecessary NULL-check to please scan-buildDaniel Stenberg
2017-11-20BUGS: spellcheckedDaniel Stenberg
2017-11-18examples/curlx: Fix code stylefmmedeiros
- Add braces around multi-line if statement. Closes https://github.com/curl/curl/pull/2096
2017-11-17resolve: allow IP address within [] bracketsDaniel Stenberg
... so that IPv6 addresses can be passed like they can for connect-to and how they're used in URLs. Added test 1324 to verify Reported-by: Alex Malinovich Fixes #2087 Closes #2091
2017-11-15macOS: Fix missing connectx function with Xcode version older than 9.0Pavol Markovic
The previous fix https://github.com/curl/curl/pull/1788 worked just for Xcode 9. This commit extends the fix to older Xcode versions effectively by not using connectx function. Fixes https://github.com/curl/curl/issues/1330 Fixes https://github.com/curl/curl/issues/2080 Closes https://github.com/curl/curl/pull/1336 Closes #2082
2017-11-15openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEYDirk Feytons
Fixes #2079 Closes #2081
2017-11-14TODO: ignore private IP addresses in PASV responseDaniel Stenberg
Closes #1455
2017-11-14RELEASE-NOTES: synced with ae7369b6dDaniel Stenberg