aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-05-24httpauth: add support for Bearer tokensLinus Lewandowski
Closes #2102
2018-05-24TODO: CURLINFO_PAUSE_STATEDaniel Stenberg
Closes #2588
2018-05-24cmake: set -d postfix for debug builds if not specifiedSergei Nikulov
using -DCMAKE_DEBUG_POSTFIX explicitly fixes #2121, obsoletes #2384
2018-05-23configure: add basic test of --with-ssl prefixDaniel Stenberg
When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or $PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an error. Helps users detect when giving configure the wrong path. Reported-by: Oleg Pudeyev Assisted-by: Per Malmberg Fixes #2580
2018-05-22http resume: skip body if http code 416 (range error) is ignored.Patrick Monnerat
This avoids appending error data to already existing good data. Test 92 is updated to match this change. New test 1156 checks all combinations of --range/--resume, --fail, Content-Range header and http status code 200/416. Fixes #1163 Reported-By: Ithubg on github Closes #2578
2018-05-22tftp: make sure error is zero terminated before printfing itDaniel Stenberg
2018-05-22configure: add missing m4/ax_compile_check_sizeof.m4Daniel Stenberg
follow-up to mistake in 6876ccf90b4
2018-05-22schannel: make CAinfo parsing resilient to CR/LFJohannes Schindelin
OpenSSL has supported --cacert for ages, always accepting LF-only line endings ("Unix line endings") as well as CR/LF line endings ("Windows line endings"). When we introduced support for --cacert also with Secure Channel (or in cURL speak: "WinSSL"), we did not take care to support CR/LF line endings, too, even if we are much more likely to receive input in that form when using Windows. Let's fix that. Happily, CryptQueryObject(), the function we use to parse the ca-bundle, accepts CR/LF input already, and the trailing LF before the END CERTIFICATE marker catches naturally any CR/LF line ending, too. So all we need to care about is the BEGIN CERTIFICATE marker. We do not actually need to verify here that the line ending is CR/LF. Just checking for a CR or an LF is really plenty enough. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/2592
2018-05-22CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bitDaniel Stenberg
2018-05-22RELEASE-NOTES: syncedDaniel Stenberg
2018-05-21KNOWN_BUGS: mention the -O with %-encoded file namesDaniel Stenberg
Closes #2573
2018-05-21checksrc: make sure sizeof() is used *with* parenthesesDaniel Stenberg
... and unify the source code to adhere. Closes #2563
2018-05-21curl: added --styled-outputDaniel Stenberg
It is enabled by default, so --no-styled-output will switch off the detection/use of bold headers. Closes #2538
2018-05-21curl: show headers in boldDaniel Stenberg
The feature is only enabled if the output is believed to be a tty. -J: There's some minor differences and improvements in -J handling, as now J should work with -i and it actually creates a file first using the initial name and then *renames* that to the one found in Content-Disposition (if any). -i: only shows headers for HTTP transfers now (as documented). Previously it would also show for pieces of the transfer that were HTTP (for example when doing FTP over a HTTP proxy). -i: now shows trailers as well. Previously they were not shown at all. --libcurl: the CURLOPT_HEADER is no longer set, as the header output is now done in the header callback.
2018-05-21configure: compile-time SIZEOF checksDaniel Stenberg
... instead of exeucting code to get the size. Removes the use of LD_LIBRARY_PATH for this. Fixes #2586 Closes #2589 Reported-by: Bernhard Walle
2018-05-21configure: replace AC_TRY_RUN with CURL_RUN_IFELSEDaniel Stenberg
... and export LD_LIBRARY_PATH properly. This is a follow-up from 2d4c215. Fixes #2586 Reported-by: Bernhard Walle
2018-05-21docs: clarify CURLOPT_HTTPGET somewhatDaniel Stenberg
Reported-by: bsammon on github Fixes #2590
2018-05-18curl_fnmatch: only allow two asterisks for matchingDaniel Stenberg
The previous limit of 5 can still end up in situation that takes a very long time and consumes a lot of CPU. If there is still a rare use case for this, a user can provide their own fnmatch callback for a version that allows a larger set of wildcards. This commit was triggered by yet another OSS-Fuzz timeout due to this. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369 Closes #2587
2018-05-18checksrc: fix too long lineDaniel Stenberg
follow-up to e05ad5d
2018-05-18docs: mention HAproxy protocol "version 1"Aleks
...as there's also a version 2. Closes #2579
2018-05-18examples/progressfunc: make it build on older libcurlsDaniel Stenberg
This example was changed in ce2140a8c1 to use the new microsecond based getinfo option. This change makes it conditionally keep using the older option so that the example still builds with older libcurl versions. Closes #2584
2018-05-18stub_gssapi: fix numerous 'unused parameter' warningsDaniel Stenberg
follow-up to d9e92fd9fd1d
2018-05-17getinfo: add microsecond precise timers for various intervalsPhilip Prindeville
Provide a set of new timers that return the time intervals using integer number of microseconds instead of floats. The new info names are as following: CURLINFO_APPCONNECT_TIME_T CURLINFO_CONNECT_TIME_T CURLINFO_NAMELOOKUP_TIME_T CURLINFO_PRETRANSFER_TIME_T CURLINFO_REDIRECT_TIME_T CURLINFO_STARTTRANSFER_TIME_T CURLINFO_TOTAL_TIME_T Closes #2495
2018-05-17openssl: acknowledge --tls-max for default version tooDaniel Stenberg
... previously it only used the max setting if a TLS version was also explicitly asked for. Reported-by: byte_bucket Fixes #2571 Closes #2572
2018-05-17bump: start working on the pending 7.61.0Daniel Stenberg
2018-05-16tests/libtest/Makefile: Do not unconditionally add gcc-specific flagsDagobert Michelsen
The warning flag leads e.g. Sun Studio compiler to bail out. Closes #2576
2018-05-16schannel_verify: fix build for non-schannelDaniel Stenberg
2018-05-16rand: fix typoJay Satiro
2018-05-16schannel: disable manual verify if APIs not availableJay Satiro
.. because original MinGW and old compilers do not have the Windows API definitions needed to support manual verification.
2018-05-16schannel: disable client cert option if APIs not availableArchangel_SDY
Original MinGW targets Windows 2000 by default, which lacks some APIs and definitions for this feature. Disable it if these APIs are not available. Closes https://github.com/curl/curl/pull/2522
2018-05-15RELEASE-NOTES: 7.60.0 releaseDaniel Stenberg
2018-05-15THANKS: added people from the curl 7.60.0 releaseDaniel Stenberg
2018-05-15docs/libcurl/index.html: removedDaniel Stenberg
The HTML files are long gone from the dist, now remove the last HTML file pointing to those missing files. d
2018-05-14http2: remove unused variablesteini2000
Closes #2570
2018-05-14http2: use easy handle of stream for loggingsteini2000
2018-05-14gcc: disable picky gcc-8 function pointer warnings in two placesDaniel Stenberg
Reported-by: Rikard Falkeborn Bug: #2560 Closes #2569
2018-05-14http2: use the correct function pointer typedefDaniel Stenberg
Fixes gcc-8 picky compiler warnings Reported-by: Rikard Falkeborn Bug: #2560 Closes #2568
2018-05-14CODE_STYLE: mention return w/o parens, but sizeof withDaniel Stenberg
... and remove the github markdown syntax so that it renders better on the web site. Also, don't use back-ticks inlined to allow the CSS to highlight source code better.
2018-05-14examples: Fix format specifiersRikard Falkeborn
Closes #2561
2018-05-14tool: Fix format specifiersRikard Falkeborn
2018-05-14ntlm: Fix format specifiersRikard Falkeborn
2018-05-14tests: Fix format specifiersRikard Falkeborn
2018-05-14lib: Fix format specifiersRikard Falkeborn
2018-05-14contributors.sh: use "on github", not atDaniel Stenberg
2018-05-14http2: getsock fix for uploadsDaniel Stenberg
When there's an upload in progress, make sure to wait for the socket to become writable. Detected-by: steini2000 on github Bug: #2520 Closes #2567
2018-05-14pingpong: fix response cache memcpy overflowDaniel Stenberg
Response data for a handle with a large buffer might be cached and then used with the "closure" handle when it has a smaller buffer and then the larger cache will be copied and overflow the new smaller heap based buffer. Reported-by: Dario Weisser CVE: CVE-2018-1000300 Bug: https://curl.haxx.se/docs/adv_2018-82c2.html
2018-05-14http: restore buffer pointer when bad response-line is parsedDaniel Stenberg
... leaving the k->str could lead to buffer over-reads later on. CVE: CVE-2018-1000301 Assisted-by: Max Dymond Detected by OSS-Fuzz. Bug: https://curl.haxx.se/docs/adv_2018-b138.html Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7105
2018-05-13cookies: do not take cookie name as a parameterPatrick Monnerat
RFC 6265 section 4.2.1 does not set restrictions on cookie names. This is a follow-up to commit 7f7fcd0. Also explicitly check proper syntax of cookie name/value pair. New test 1155 checks that cookie names are not reserved words. Reported-By: anshnd at github Fixes #2564 Closes #2566
2018-05-12smb: reject negative file sizesDaniel Stenberg
Assisted-by: Max Dymond Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8245
2018-05-11setup_transfer: deal with both sockets being -1Daniel Stenberg
Detected by Coverity; CID 1435559. Follow-up to f8d608f38d00. It would index the array with -1 if neither index was a socket.