aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-10-03cookie: avoid harmless use after freePaul Dreik
This fix removes a use after free which can be triggered by the internal cookie fuzzer, but otherwise is probably impossible to trigger from an ordinary application. The following program reproduces it: curl_global_init(CURL_GLOBAL_DEFAULT); CURL* handle=curl_easy_init(); CookieInfo* info=Curl_cookie_init(handle,NULL,NULL,false); curl_easy_setopt(handle, CURLOPT_COOKIEJAR, "/dev/null"); Curl_flush_cookies(handle, true); Curl_cookie_cleanup(info); curl_easy_cleanup(handle); curl_global_cleanup(); This was found through fuzzing. Closes #4454
2019-10-03docs: add note on failed handles not being counted by curl_multi_performDenis Chaplygin
Closes #4446
2019-10-03CURLMOPT_MAX_CONCURRENT_STREAMS.3: fix SEE ALSO typoDaniel Stenberg
2019-10-02ESNI: initial build/setupNiall
Closes #4011
2019-10-02RELEASE-NOTES: syncedDaniel Stenberg
2019-10-02redirect: when following redirects to an absolute URL, URL encode itDaniel Stenberg
... to make it handle for example (RFC violating) embeded spaces. Reported-by: momala454 on github Fixes #4445 Closes #4447
2019-10-02urlapi: fix URL encoding when setting a full URLDaniel Stenberg
2019-10-02tool_operate: rename functions to make more senseDaniel Stenberg
2019-10-02curl: create easy handles on-demand and not ahead of timeDaniel Stenberg
This should again enable crazy-large download ranges of the style [1-10000000] that otherwise easily ran out of memory starting in 7.66.0 when this new handle allocating scheme was introduced. Reported-by: Peter Sumatra Fixes #4393 Closes #4438
2019-10-02CURLMOPT_MAX_CONCURRENT_STREAMS: new setoptKunal Ekawde
Closes #4410
2019-10-02chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING errorDaniel Stenberg
Unknown content-encoding would get returned as CURLE_WRITE_ERROR if the response is chunked-encoded. Reported-by: Ilya Kosarev Fixes #4310 Closes #4449
2019-10-01checksrc: fix uninitialized variable warningMarcel Raad
The loop doesn't need to be executed without a file argument. Closes https://github.com/curl/curl/pull/4444
2019-10-01urlapi: fix unused variable warningMarcel Raad
`dest` is only used with `ENABLE_IPV6`. Closes https://github.com/curl/curl/pull/4444
2019-10-01lib: silence conversion warningsMarcel Raad
Closes https://github.com/curl/curl/pull/4444
2019-09-30AppVeyor: add 32-bit MinGW-w64 buildMarcel Raad
With WinSSL and testing enabled so that it would have detected most of the warnings fixed in [0] and [1]. [0] https://github.com/curl/curl/pull/4398 [1] https://github.com/curl/curl/pull/4415 Closes https://github.com/curl/curl/pull/4433
2019-09-30AppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuildMarcel Raad
It's only used for MSYS2 with MinGW. Closes
2019-09-30git: add tests/server/disabled to .gitignoreEmil Engler
Closes #4441
2019-09-30altsvc: accept quoted ma and persist valuesDaniel Stenberg
As mandated by the spec. Test 1654 is extended to verify. Closes #4443
2019-09-30mailmap: a Lucas fixDaniel Stenberg
2019-09-29quiche: update HTTP/3 config creation to new APIlucas
2019-09-29BINDINGS: PureBasic, Net::Curl for perl and NimDaniel Stenberg
2019-09-29BINDINGS: Kapito is an Erlang library, basically a bindingDaniel Stenberg
2019-09-29BINDINGS: added clj-curlDaniel Stenberg
Reported-by: Lucas Severo
2019-09-28docs: disambiguate CURLUPART_HOST is for host name (ie no port)Jay Satiro
Closes #4424
2019-09-28cookies: using a share with cookies shouldn't enable the cookie engineDaniel Stenberg
The 'share object' only sets the storage area for cookies. The "cookie engine" still needs to be enabled or activated using the normal cookie options. This caused the curl command line tool to accidentally use cookies without having been told to, since curl switched to using shared cookies in 7.66.0. Test 1166 verifies Updated test 506 Fixes #4429 Closes #4434
2019-09-27setopt: handle ALTSVC set to NULLDaniel Stenberg
2019-09-27RELEASE-NOTES: syncedDaniel Stenberg
2019-09-27INSTALL: add vcpkg installation instructionsgrdowns
Closes #4435
2019-09-27FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDsZenju
Add libtest 661 Closes #4417
2019-09-27FTP: url-decode path before evaluationZenju
Closes #4428
2019-09-27tests: fix narrowing conversion warningsMarcel Raad
`timediff_t` is 64 bits wide also on 32-bit systems since commit b1616dad8f0. Closes https://github.com/curl/curl/pull/4415
2019-09-27vtls: Fix comment typo about macosx-version-min compiler flagjulian
Closes https://github.com/curl/curl/pull/4425
2019-09-26README: minor grammar fixYechiel Kalmenson
Closes #4431
2019-09-26HTTP3: fix prefix parameter for ngtcp2 buildSpezifant
Closes #4430
2019-09-26quiche: don't close connection at end of stream!Daniel Stenberg
2019-09-26quiche: set 'drain' when returning without having drained the queuesDaniel Stenberg
2019-09-26Revert "FTP: url-decode path before evaluation"Daniel Stenberg
This reverts commit 2f036a72d543e96128bd75cb0fedd88815fd42e2.
2019-09-26HTTP3: merged and simplified the two 'running' sectionsDaniel Stenberg
2019-09-26HTTP3: show an --alt-svc using example tooDaniel Stenberg
2019-09-26FTP: url-decode path before evaluationZenju
Closes #4423
2019-09-26openssl: use strerror on SSL_ERROR_SYSCALLDaniel Stenberg
Instead of showing the somewhat nonsensical errno number, use strerror() to provide a more relatable error message. Closes #4411
2019-09-26HTTP3: update quic.aiortc.org + add link to server listDaniel Stenberg
Reported-by: Jeremy Lainé
2019-09-26url: don't set appconnect time for non-ssl/non-ssh connectionsJay Satiro
Prior to this change non-ssl/non-ssh connections that were reused set TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH handshake took place. [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in libcurl and %{time_appconnect} in the curl tool. It is documented as "the time until the SSL/SSH handshake is completed". Reported-by: Marcel Hernandez Ref: https://github.com/curl/curl/issues/3760 Closes https://github.com/curl/curl/pull/3773
2019-09-25ngtcp2: remove fprintf() callsDaniel Stenberg
- convert some of them to H3BUF() calls to infof() - remove some of them completely - made DEBUG_HTTP3 defined only if CURLDEBUG is set for now Closes #4421
2019-09-25url: fix the NULL hostname compiler warning caseJay Satiro
Closes #4403
2019-09-25travis: move the go install to linux-onlyJay Satiro
... to repair the build again Closes #4403
2019-09-25altsvc: correct the #ifdef for the ngtcp2 backendDaniel Stenberg
2019-09-25altsvc: save h3 as h3-23Daniel Stenberg
Follow-up to d176a2c7e5
2019-09-24urlapi: question mark within fragment is still fragmentDaniel Stenberg
The parser would check for a query part before fragment, which caused it to do wrong when the fragment contains a question mark. Extended test 1560 to verify. Reported-by: Alex Konev Fixes #4412 Closes #4413
2019-09-24HTTP3.md: move -p for mkdir, remove -j for makeAlex Samorukov
- mkdir on OSX/Darwin requires `-p` argument before dir - portabbly figuring out number of cores is an exercise for somewhere else Closes #4407