aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-01-25GSKit: restore pinnedpubkey functionalitymoparisthebest
inadvertently removed in 283babfaf8d8f3bab9d3c63cea94eb0b84e79c37 Closes #2263
2018-01-25darwinssl: Don't import client certificates into Keychain on macOSDair Grant
Closes #2085
2018-01-25configure: fix the check for unsigned time_tDaniel Stenberg
Assign the time_t variable negative value and then check if it is greater than zero, which will evaluate true for unsigned time_t but false for signed time_t.
2018-01-25parsedate: fix date parsing for systems with 32 bit longDaniel Stenberg
Make curl_getdate() handle dates before 1970 as well (returning negative values). Make test 517 test dates for 64 bit time_t. This fixes bug (3) mentioned in #2238 Closes #2250
2018-01-25openssl: fix pinned public key build error in FIPS modeMcDonough, Tim
Here is a version that should work with all versions of openssl 0.9.7 through 1.1.0. Links to the docs: https://www.openssl.org/docs/man1.0.2/crypto/EVP_DigestInit.html https://www.openssl.org/docs/man1.1.0/crypto/EVP_DigestInit.html At the very bottom of the 1.1.0 documentation there is a history section that states, " stack allocated EVP_MD_CTXs are no longer supported." If EVP_MD_CTX_create and EVP_MD_CTX_destroy are not defined, then a simple mapping can be used as described here: https://wiki.openssl.org/index.php/Talk:OpenSSL_1.1.0_Changes Closes #2258
2018-01-25SChannel/WinSSL: Replace Curl_none_md5sum with Curl_schannel_md5summoparisthebest
2018-01-25SChannel/WinSSL: Implement public key pinningmoparisthebest
Closes #1429
2018-01-25bump: towards 7.58.1Daniel Stenberg
2018-01-25cookies: remove verbose "cookie size:" outputDaniel Stenberg
It was once used for some debugging/verifying logic but should never have ended up in git!
2018-01-25TODO: hardcode the "localhost" addressesDaniel Stenberg
2018-01-25TODO: CURL_REFUSE_CLEARTEXTDaniel Stenberg
An idea that popped up in discussions on twitter.
2018-01-24progress-bar: don't use stderr explicitly, use bar->outDaniel Stenberg
Reported-By: Gisle Vanem Bug: https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080
2018-01-24Fixes for MSDOS etc.Gisle Vanem
djgpp do have 'mkdir(dir, mode)'. Other DOS-compilers does not But djgpp seems the only choice for MSDOS anyway. PellesC do have a 'F_OK' defined in it's <unistd.h>. Update year in Copyright.
2018-01-24Fix small typo.Gisle Vanem
2018-01-23RELEASE: 7.58.0Daniel Stenberg
2018-01-23progress-bar: get screen width on windowsGisle Vanem
2018-01-23test1454: --connect-to with IPv6 address w/o IPv6 support!Daniel Stenberg
2018-01-23CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 supportDaniel Stenberg
Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html Reported-by: John Hascall Closes #2257
2018-01-23docs: fix man page syntax to make test 1140 OK againDaniel Stenberg
2018-01-22http: prevent custom Authorization headers in redirectsDaniel Stenberg
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
2018-01-22curl: progress bar refresh, get width using ioctl()Daniel Stenberg
Get screen width from the environment variable COLUMNS first, if set. If not, use ioctl(). If nether works, assume 79. Closes #2242 The "refresh" is for the -# output when no total transfer size is known. It will now only use a single updated line even for this case: The "-=O=-" ship moves when data is transferred. The four flying "hashes" move (on a sine wave) on each refresh, independent of data.
2018-01-20RELEASE-NOTES: synced with bb0ffcc36Daniel Stenberg
2018-01-20libcurl-env.3: first takeDaniel Stenberg
2018-01-20TODO: two possible name resolver improvementsDaniel Stenberg
2018-01-18http2: don't close connection when single transfer is stoppedKartik Mahajan
Fixes #2237 Closes #2249
2018-01-18test558: fix for multissl buildsDaniel Stenberg
vtls.c:multissl_init() might do a curl_free() call so strip that out to make this work with more builds. We just want to verify that memorytracking works so skipping one line is no harm.
2018-01-18examples/url2file.c: add missing curl_global_cleanup() callDaniel Stenberg
Reported-by: XhstormR on github Fixes #2245
2018-01-18SSH: Fix state machine for ssh-agent authenticationMichael Gmelin
In case an identity didn't match[0], the state machine would fail in state SSH_AUTH_AGENT instead of progressing to the next identity in ssh-agent. As a result, ssh-agent authentication only worked if the identity required happened to be the first added to ssh-agent. This was introduced as part of commit c4eb10e2f06fbd6cc904f1d78e4, which stated that the "else" statement was required to prevent getting stuck in state SSH_AUTH_AGENT. Given the state machine's logic and libssh2's interface I couldn't see how this could happen or reproduce it and I also couldn't find a more detailed description of the problem which would explain a test case to reproduce the problem this was supposed to fix. [0] libssh2_agent_userauth returning LIBSSH2_ERROR_AUTHENTICATION_FAILED Closes #2248
2018-01-18openssl: fix potential memory leak in SSLKEYLOGFILE logicDaniel Stenberg
Coverity CID 1427646.
2018-01-18openssl: fix the libressl build againDaniel Stenberg
Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is late OpenSSL version... Fixes #2246 Closes #2247 Reported-by: jungle-boogie on github
2018-01-17unit1307: test many wildcards tooDaniel Stenberg
2018-01-17curl_fnmatch: only allow 5 '*' sections in a single patternDaniel Stenberg
... to avoid excessive recursive calls. The number 5 is totally arbitrary and could be modified if someone has a good motivation.
2018-01-17ftp-wildcard: fix matching an empty string with "*[^a]"Daniel Stenberg
.... and avoid advancing the pointer to trigger an out of buffer read. Detected by OSS-fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251 Assisted-by: Max Dymond
2018-01-16SMB: fix numeric constant suffix and variable typesDaniel Stenberg
1. don't use "ULL" suffix since unsupported in older MSVC 2. use curl_off_t instead of custom long long ifdefs 3. make get_posix_time() not do unaligned data access Fixes #2211 Closes #2240 Reported-by: Chester Liu
2018-01-15CURLOPT_TCP_NODELAY.3: fix typorouzier
Closes #2239
2018-01-15smtp/pop3/imap_get_message: decrease the data length too...Daniel Stenberg
Follow-up commit to 615edc1f73 which was incomplete. Assisted-by: Max Dymond Detected by OSS-fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5206
2018-01-15openssl: enable SSLKEYLOGFILE support by defaultDaniel Stenberg
Fixes #2210 Closes #2236
2018-01-14mime: clone mime tree upon easy handle duplication.Patrick Monnerat
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is strongly bound to the handle: there is a pointer to the easy handle in each item of the mime tree and following the parent pointer list of mime items ends in a dummy part stored within the handle. Because of this binding, a mime tree cannot be shared between different easy handles, thus it needs to be cloned upon easy handle duplication. There is no way for the caller to get the duplicated mime tree handle: it is then set to be automatically destroyed upon freeing the new easy handle. New test 654 checks proper mime structure duplication/release. Add a warning note in curl_mime_data_cb() documentation about sharing user data between duplicated handles. Closes #2235
2018-01-14docs: comment about CURLE_READ_ERROR returned by curl_mime_filedataPatrick Monnerat
2018-01-13test395: HTTP with overflow Content-Length valueDaniel Stenberg
2018-01-13test394: verify abort of rubbish in Content-Length: valueDaniel Stenberg
2018-01-13test393: verify --max-filesize with excessive Content-LengthDaniel Stenberg
2018-01-13HTTP: bail out on negative Content-Length: valuesDaniel Stenberg
... and make the max filesize check trigger if the value is too big. Updates test 178. Reported-by: Brad Spencer Fixes #2212 Closes #2223
2018-01-13configure.ac: append extra linker flags instead of prepending them.Dan Johnson
Link order should list libraries after the libraries that use them, so when we're guessing that we might also need to add -ldl in order to use -lssl, we should add -ldl after -lssl. Closes https://github.com/curl/curl/pull/2234
2018-01-13RELEASE-NOTES: synced with 6fa10c8faDaniel Stenberg
2018-01-13setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ valuesJay Satiro
Broken since f121575 (precedes 7.56.1). Bug: https://github.com/curl/curl/issues/2225 Reported-by: cmfrolick@users.noreply.github.com Closes https://github.com/curl/curl/pull/2227
2018-01-13setopt: reintroduce non-static Curl_vsetopt() for OS400 supportPatrick Monnerat
This also upgrades ILE/RPG bindings with latest setopt options. Reported-By: jonrumsey on github Fixes #2230 Closes #2233
2018-01-11http2: fix incorrect trailer buffer sizeZhouyihai Ding
Prior to this change the stored byte count of each trailer was miscalculated and 1 less than required. It appears any trailer after the first that was passed to Curl_client_write would be truncated or corrupted as well as the size. Potentially the size of some subsequent trailer could be erroneously extracted from the contents of that trailer, and since that size is used by client write an out-of-bounds read could occur and cause a crash or be otherwise processed by client write. The bug appears to have been born in 0761a51 (precedes 7.49.0). Closes https://github.com/curl/curl/pull/2231
2018-01-09easy: fix connection ownership in curl_easy_pauseBasuke Suzuki
Before calling Curl_client_chop_write(), change the owner of connection to the current Curl_easy handle. This will fix the issue #2217. Fixes https://github.com/curl/curl/issues/2217 Closes https://github.com/curl/curl/pull/2221
2018-01-09system.h: Additionally check __LONG_MAX__ for defining curl_off_tDimitrios Apostolou
__SIZEOF_LONG__ was introduced in GCC 4.4, __LONG_MAX__ was introduced in GCC 3.3. Closes #2216