aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-06-10SECURITY.md: createdDaniel Stenberg
Brief security policy description for use/display on github.
2019-06-10tool_cb_prg: Fix integer overflow in progress barDaniel Gustafsson
Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar width calculation to avoid integer overflow, but failed to account for the fact that initial_size is initialized to -1 when the file size is retrieved from the remote on an upload, causing another signed integer overflow. Fix by separately checking for this case before the width calculation. Closes #3984 Reported-by: Brian Carpenter (Geeknik Labs) Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-06-10wolfssl: refer to it as wolfSSL onlyDaniel Stenberg
Remove support for, references to and use of "cyaSSL" from the source and docs. wolfSSL is the current name and there's no point in keeping references to ancient history. Assisted-by: Daniel Gustafsson Closes #3903
2019-06-10RELEASE-NOTES: syncedDaniel Stenberg
2019-06-10bindlocal: detect and avoid IP version mismatches in bind()Daniel Stenberg
Reported-by: Alex Grebenschikov Fixes #3993 Closes #4002
2019-06-10multi: make sure 'data' can present in several sockhash entriesDaniel Stenberg
Since more than one socket can be used by each transfer at a given time, each sockhash entry how has its own hash table with transfers using that socket. In addition, the sockhash entry can now be marked 'blocked = TRUE'" which then makes the delete function just set 'removed = TRUE' instead of removing it "for real", as a way to not rip out the carpet under the feet of a parent function that iterates over the transfers of that same sockhash entry. Reported-by: Tom van der Woerdt Fixes #3961 Fixes #3986 Fixes #3995 Fixes #4004 Closes #3997
2019-06-09libcurl-tutorial.3: Fix small typo (mutipart -> multipart)Sorcus
Fixed-by: MrSorcus on github Closes #4000
2019-06-09unpause: trigger a timeout for event-based transfersDaniel Stenberg
... so that timeouts or other state machine actions get going again after a changing pause state. For example, if the last delivery was paused there's no pending socket activity. Reported-by: sstruchtrup on github Fixes #3994 Closes #4001
2019-06-09travis: use xenial LLVM package for scan-buildMarcel Raad
I missed that in commit 99a49d6.
2019-06-09travis: update scan-build job to xenialMarcel Raad
Closes https://github.com/curl/curl/pull/3999
2019-06-08bump: start working on 7.65.2Daniel Stenberg
2019-06-05examples/htmltitle: use C++ casts between pointer typesMarcel Raad
Compilers and static analyzers warn about using C-style casts here. Closes https://github.com/curl/curl/pull/3975
2019-06-05examples/fopen: fix comparisonMarcel Raad
As want is size_t, (file->buffer_pos - want) is unsigned, so checking if it's less than zero makes no sense. Check if file->buffer_pos is less than want instead to avoid the unsigned integer wraparound. Closes https://github.com/curl/curl/pull/3975
2019-06-05build: fix Codacy warningsMarcel Raad
Reduce variable scopes and remove redundant variable stores. Closes https://github.com/curl/curl/pull/3975
2019-06-05sws: remove unused variablesMarcel Raad
Unused since commit 2f44e94. Closes https://github.com/curl/curl/pull/3975
2019-06-04RELEASE-NOTES: 7.65.1Daniel Stenberg
2019-06-04THANKS: new contributors from 7.65.1Daniel Stenberg
2019-06-04ssl: Update outdated "openssl-only" comments for supported backendsFrank Gevaerts
These are for features that used to be openssl-only but were expanded over time to support other SSL backends. Closes #3985
2019-06-04curl_share_setopt.3: improve wording [ci ship]Daniel Stenberg
Reported-by: Carlos ORyan
2019-06-04tool_parsecfg: Use correct return type for GetModuleFileName()Steve Holme
GetModuleFileName() returns a DWORD which is a typedef of an unsigned long and not an int. Closes #3980
2019-06-03TODO: "at least N milliseconds between requests" [ci skip]Daniel Stenberg
Suggested-by: dkwolfe4 on github Closes #3920
2019-06-02tests/server/.gitignore: Add socksd to the ignore listSteve Holme
Missed in 04fd6755. Closes #3978
2019-06-02tool_parsecfg: Fix control flow issue (DEADCODE)Steve Holme
Follow-up to 8144ba38. Detected by Coverity CID 1445663 Closes #3976
2019-06-02NTLM: reset proxy "multipass" state when CONNECT request is doneSergey Ogryzkov
Closes #3972
2019-06-02test334: verify HTTP 204 response with chunked coding headerDaniel Stenberg
Verifies that a bodyless response don't parse this content-related header.
2019-06-02http: don't parse body-related headers bodyless responsesMichael Kaufmann
Responses with status codes 1xx, 204 or 304 don't have a response body. For these, don't parse these headers: - Content-Encoding - Content-Length - Content-Range - Last-Modified - Transfer-Encoding This change ensures that HTTP/2 upgrades work even if a "Content-Length: 0" or a "Transfer-Encoding: chunked" header is present. Co-authored-by: Daniel Stenberg Closes #3702 Fixes #3968 Closes #3977
2019-06-02tls13-docs: mention it is only for OpenSSL >= 1.1.1Daniel Stenberg
Reported-by: Jay Satiro Co-authored-by: Jay Satiro Fixes #3938 Closes #3946
2019-06-01dump-header.d: spell out that no headers == empty file [ci skip]Daniel Stenberg
Reported-by: wesinator at github Fixes #3964 Closes #3974
2019-06-01singlesocket: use separate variable for inner loopDaniel Stenberg
An inner loop within the singlesocket() function wrongly re-used the variable for the outer loop which then could cause an infinite loop. Change to using a separate variable! Reported-by: Eric Wu Fixes #3970 Closes #3973
2019-05-31RELEASE-NOTES: syncedDaniel Stenberg
2019-05-30http2: Stop drain from being permanently set onJosie Huddleston
Various functions called within Curl_http2_done() can have the side-effect of setting the Easy connection into drain mode (by calling drain_this()). However, the last time we unset this for a transfer (by calling drained_transfer()) is at the beginning of Curl_http2_done(). If the Curl_easy is reused for another transfer, it is then stuck in drain mode permanently, which in practice makes it unable to write any data in the new transfer. This fix moves the last call to drained_transfer() to later in Curl_http2_done(), after the functions that could potentially call for a drain. Fixes #3966 Closes #3967 Reported-by: Josie-H
2019-05-29conncache: Remove the DEBUGASSERT on length checkSteve Holme
We trust the calling code as this is an internal function. Closes #3962
2019-05-29system_win32: fix function prototypeGisle Vanem
- Change if_nametoindex parameter type from char * to const char *. Follow-up to 09eef8af from this morning. Bug: https://github.com/curl/curl/commit/09eef8af#r33716067
2019-05-29appveyor: add Visual Studio solution buildMarcel Raad
Closes https://github.com/curl/curl/pull/3941
2019-05-29appveyor: add support for other build systemsMarcel Raad
Introduce BUILD_SYSTEM variable, which is currently always CMake. Closes https://github.com/curl/curl/pull/3941
2019-05-29url: Load if_nametoindex() dynamically from iphlpapi.dll on WindowsSteve Holme
This fixes the static dependency on iphlpapi.lib and allows curl to build for targets prior to Windows Vista. This partially reverts 170bd047. Fixes #3960 Closes #3958
2019-05-29http: fix "error: equality comparison with extraneous parentheses"Daniel Stenberg
2019-05-28parse_proxy: make sure portptr is initializedDaniel Stenberg
Reported-by: Benbuck Nason fixes #3959
2019-05-28url: default conn->port to the same as conn->remote_portDaniel Stenberg
... so that it has a sensible value when ConnectionExists() is called which needs it set to differentiate host "bundles" correctly on port number! Also, make conncache:hashkey() use correct port for bundles that are proxy vs host connections. Probably a regression from 7.62.0 Reported-by: Tom van der Woerdt Fixes #3956 Closes #3957
2019-05-28conncache: make "bundles" per host name when doing proxy tunnelsDaniel Stenberg
Only HTTP proxy use where multiple host names can be used over the same connection should use the proxy host name for bundles. Reported-by: Tom van der Woerdt Fixes #3951 Closes #3955
2019-05-28multi: track users of a socket betterDaniel Stenberg
They need to be removed from the socket hash linked list with more care. When sh_delentry() is called to remove a sockethash entry, remove all individual transfers from the list first. To enable this, each Curl_easy struct now stores a pointer to the sockethash entry to know how to remove itself. Reported-by: Tom van der Woerdt and Kunal Ekawde Fixes #3952 Fixes #3904 Closes #3953
2019-05-28curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK versionSteve Holme
Microsoft added support for Unix Domain Sockets in Windows 10 1803 (RS4). Rather than expect the user to enable Unix Domain Sockets by uncommenting the #define that was added in 0fd6221f we use the RS4 pre-processor variable that is present in newer versions of the Windows SDK. Closes #3939
2019-05-28cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variablesJonas Vautherin
Closes #3945
2019-05-27HAProxy tests: add keywordsMarcel Raad
Add the proxy and haproxy keywords in order to be able to exclude or run these specific tests. Closes https://github.com/curl/curl/pull/3949
2019-05-27tests: make test 1420 and 1406 work with rtsp-disabled libcurlMaksim Stsepanenka
Closes #3948
2019-05-27nss: allow to specify TLS 1.3 ciphers if supported by NSSHubert Kario
Closes #3916
2019-05-26RELEASE-NOTES: syncedDaniel Stenberg
2019-05-25Revert all SASL authzid (new feature) commitsJay Satiro
- Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
2019-05-25FAQ: more minor updates and spelling fixesdbrowndan
Closes #3937
2019-05-24RELEASE-NOTES: syncedDaniel Stenberg