aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-04-08RELEASE-NOTES: syncedDaniel Stenberg
bumped to 7.65.0 for next release
2019-04-07socks5: user name and passwords must be shorter than 256Daniel Stenberg
bytes... since the protocol needs to store the length in a single byte field. Reported-by: XmiliaH on github Fixes #3737 Closes #3740
2019-04-07test: urlapi: urlencode characters above 0x7f correctlyJakub Zakrzewski
2019-04-07urlapi: urlencode characters above 0x7f correctlyJakub Zakrzewski
fixes #3741 Closes #3742
2019-04-07multi_runsingle(): fix use-after-freeEven Rouault
Fixes #3745 Closes #3746 The following snippet ``` int main() { CURL* hCurlHandle = curl_easy_init(); curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com"); curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1"); curl_easy_perform(hCurlHandle); curl_easy_cleanup(hCurlHandle); return 0; } ``` triggers the following Valgrind warning ``` ==4125== Invalid read of size 8 ==4125== at 0x4E7D1EE: Curl_llist_remove (llist.c:97) ==4125== by 0x4E7EF5C: detach_connnection (multi.c:798) ==4125== by 0x4E80545: multi_runsingle (multi.c:1451) ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) ==4125== by 0x4E766A0: easy_transfer (easy.c:625) ==4125== by 0x4E76915: easy_perform (easy.c:719) ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) ==4125== by 0x4008BE: main (in /home/even/curl/test) ==4125== Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd ==4125== at 0x4C2ECF0: free (vg_replace_malloc.c:530) ==4125== by 0x4E62C36: conn_free (url.c:756) ==4125== by 0x4E62D34: Curl_disconnect (url.c:818) ==4125== by 0x4E48DF9: Curl_once_resolved (hostip.c:1097) ==4125== by 0x4E8052D: multi_runsingle (multi.c:1446) ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) ==4125== by 0x4E766A0: easy_transfer (easy.c:625) ==4125== by 0x4E76915: easy_perform (easy.c:719) ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) ==4125== by 0x4008BE: main (in /home/even/curl/test) ==4125== Block was alloc'd at ==4125== at 0x4C2F988: calloc (vg_replace_malloc.c:711) ==4125== by 0x4E6438E: allocate_conn (url.c:1654) ==4125== by 0x4E685B4: create_conn (url.c:3496) ==4125== by 0x4E6968F: Curl_connect (url.c:4023) ==4125== by 0x4E802E7: multi_runsingle (multi.c:1368) ==4125== by 0x4E8197C: curl_multi_perform (multi.c:2072) ==4125== by 0x4E766A0: easy_transfer (easy.c:625) ==4125== by 0x4E76915: easy_perform (easy.c:719) ==4125== by 0x4E7697C: curl_easy_perform (easy.c:738) ==4125== by 0x4008BE: main (in /home/even/curl/test) ``` This has been bisected to commit 2f44e94 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109 Credit to OSS Fuzz
2019-04-06pipelining: removedDaniel Stenberg
As previously planned and documented in DEPRECATE.md, all pipelining code is removed. Closes #3651
2019-04-06tests: make Impacket (SMB server) Python 3 compatiblecclauss
Closes #3731 Fixes #3289
2019-04-06cmake: set SSL_BACKENDSSimon Warta
This groups all SSL backends into the feature "SSL" and sets the SSL_BACKENDS analogue to configure.ac Closes https://github.com/curl/curl/pull/3736
2019-04-06cmake: don't run SORT on empty listSimon Warta
In case of an empty list, SORTing leads to the cmake error "list sub-command SORT requires list to be present." Closes https://github.com/curl/curl/pull/3736
2019-04-05configure: fix default location for fish completionsEli Schwartz
Fish defines a vendor completions directory for completions that are not installed as part of the fish project itself, and the vendor completions are preferred if they exist. This prevents trying to overwrite the builtin curl.fish completion (or creating file conflicts in distro packaging). Prefer the pkg-config defined location exported by fish, if it can be found, and fall back to the correct directory defined by most systems. Closes #3723 Reviewed-by: Daniel Gustafsson
2019-04-05ftplistparser: fix LGTM alert "Empty block without comment"Marcel Raad
Removing the block is consistent with line 954/957. Closes https://github.com/curl/curl/pull/3732
2019-04-05transfer: fix LGTM alert "Comparison is always true"Marcel Raad
Just remove the redundant condition, which also makes it clear that k->buf is always 0-terminated if this break is not hit. Closes https://github.com/curl/curl/pull/3732
2019-04-04smtp: fix compiler warningRikard Falkeborn
- Fix clang string-plus-int warning. Clang 8 warns about adding a string to an int does not append to the string. Indeed it doesn't, but that was not the intention either. Use array indexing as suggested to silence the warning. There should be no functional changes. (In other words clang warns about "foo"+2 but not &"foo"[2] so use the latter.) smtp.c:1221:29: warning: adding 'int' to a string does not append to the string [-Wstring-plus-int] eob = strdup(SMTP_EOB + 2); ~~~~~~~~~~~~~~~~^~~~ Closes https://github.com/curl/curl/pull/3729
2019-04-04VS projects: use Unicode for VC10+Marcel Raad
All Windows APIs have been natively UTF-16 since Windows 2000 and the non-Unicode variants are just wrappers around them. Only Windows 9x doesn't understand Unicode without the UnicoWS DLL. As later Visual Studio versions cannot target Windows 9x anyway, using the ANSI API doesn't really have any benefit there. This avoids issues like KNOWN_BUGS 6.5. Ref: https://github.com/curl/curl/issues/2120 Closes https://github.com/curl/curl/pull/3720
2019-04-03RELEASE-NOTES: syncedDaniel Gustafsson
Bump the version in progress to 7.64.2, if we merge any "change" before the cut-off date we can update the version.
2019-04-03documentation: Fix several typosTim Rühsen
Closes #3724 Reviewed-by: Jakub Zakrzewski Reviewed-by: Daniel Gustafsson
2019-04-02vauth/oauth2: Fix OAUTHBEARER token generationMert Yazıcıoğlu
OAUTHBEARER tokens were incorrectly generated in a format similar to XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the RFC7628. Fixes: #2487 Reported-by: Paolo Mossino Closes https://github.com/curl/curl/pull/3377
2019-04-02tool_cb_wrt: fix bad-function-cast warningMarcel Raad
Commit f5bc578f4cdfdc6c708211dfc2962a0e9d79352d reintroduced the warning fixed in commit 2f5f31bb57d68b54e03bffcd9648aece1fe564f8. Extend fhnd's scope and reuse that variable instead of calling _get_osfhandle a second time to fix the warning again. Closes https://github.com/curl/curl/pull/3718
2019-04-01VC15 project: remove MinimalRebuildMarcel Raad
Already done in commit d5cfefd0ea8e331b884186bff484210fad36e345 for the library project, but I forgot the tool project template. Now also removed for that.
2019-04-01cirrus: Customize the disabled tests per FreeBSD versionDan Fandrich
Try to run as many test cases as possible on each OS version. 12.0 passes 13 more tests than the older versions, so we might as well run them.
2019-04-01tool_help: include <strings.h> for strcasecmpDaniel Stenberg
Reported-by: Wyatt O'Day Fixes #3715 Closes #3716
2019-03-31scripts: fix typosDaniel Gustafsson
2019-03-28travis: allow builds on branches named "ci"Dan Fandrich
This allows a way to test changes other than through PRs.
2019-03-27resolve: apply Happy Eyeballs philosophy to parallel c-ares queriesBrad Spencer
Closes #3699
2019-03-27multi: improved HTTP_1_1_REQUIRED handlingDaniel Stenberg
Make sure to downgrade to 1.1 even when we get this HTTP/2 stream error on first flight. Reported-by: niner on github Fixes #3696 Closes #3707
2019-03-27configure: avoid unportable `==' test(1) operatorLeonardo Taccari
Closes #3709
2019-03-27RELEASE: 7.64.1Daniel Stenberg
2019-03-27Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set"Daniel Stenberg
This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00. Fixes #3708
2019-03-26ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION setChristian Schmitz
Closes #3704
2019-03-26tool_cb_wrt: fix writing to Windows null device NULJay Satiro
- Improve console detection. Prior to this change WriteConsole could be called to write to a handle that may not be a console, which would cause an error. This issue is limited to character devices that are not also consoles such as the null device NUL. Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724 Reported-by: Gisle Vanem
2019-03-25CURLMOPT_PIPELINING.3: fix typoJay Satiro
2019-03-25TODO: config file parsingDaniel Stenberg
Closes #3698
2019-03-24os400: Disable Alt-Svc by default since it's experimentalJay Satiro
Follow-up to 520f0b4 which added Alt-Svc support and enabled it by default for OS400. Since the feature is experimental, it should be disabled by default. Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332 Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html Closes https://github.com/curl/curl/pull/3688
2019-03-24tests: Fixed XML validation errors in some test files.Dan Fandrich
2019-03-24tests: Fix some incorrect precheck error messages.Dan Fandrich
[ci skip]
2019-03-22curl_url.3: this is not experimental anymoreDaniel Stenberg
2019-03-22travis: bump the used wolfSSL version to 4.0.0Daniel Stenberg
Test 311 is now fine, leaving only 313 (CRL) disabled. Test 313 details can be found here: https://github.com/wolfSSL/wolfssl/issues/1546 Closes #3697
2019-03-22lib: Fix typos in commentsDaniel Gustafsson
2019-03-20openssl: if cert type is ENG and no key specified, key is ENG tooDavid Woodhouse
Fixes #3692 Closes #3692
2019-03-20sectransp: tvOS 11 is required for ALPN supportDaniel Stenberg
Reported-by: nianxuejie on github Assisted-by: Nick Zitzmann Assisted-by: Jay Satiro Fixes #3689 Closes #3690
2019-03-18test1541: threaded connection sharingDaniel Stenberg
The threaded-shared-conn.c example turned into test case. Only works if pthread was detected. An attempt to detect future regressions such as e3a53e3efb942a5 Closes #3687
2019-03-17os400: alt-svc support.Patrick Monnerat
Although experimental, enable it in the platform config file. Upgrade ILE/RPG binding.
2019-03-17conncache: use conn->data to know if a transfer owns itDaniel Stenberg
- make sure an already "owned" connection isn't returned unless multiplexed. - clear ->data when returning the connection to the cache again Regression since 7.62.0 (probably in commit 1b76c38904f0) Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html Closes #3686
2019-03-15RELEASE-NOTES: syncedDaniel Stenberg
2019-03-15configure: add --with-amisslChris Young
AmiSSL is an Amiga native library which provides a wrapper over OpenSSL. It also requires all programs using it to use bsdsocket.library directly, rather than accessing socket functions through clib, which libcurl was not necessarily doing previously. Configure will now check for the headers and ensure they are included if found. Closes #3677
2019-03-15vtls: rename some of the SSL functionsChris Young
... in the SSL structure as AmiSSL is using macros for the socket API functions.
2019-03-15tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattrChris Young
2019-03-15tool_operate: build on AmigaOSChris Young
2019-03-14makefile: make checksrc and hugefile commands "silent"Daniel Stenberg
... to match the style already used for compiling, linking etc. Acknowledges 'make V=1' to enable verbose. Closes #3681
2019-03-14curl.1: --user and --proxy-user are hidden from ps outputDaniel Stenberg
Suggested-by: Eric Curtin Improved-by: Dan Fandrich Ref: #3680 Closes #3683