aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-07-30RELEASE-NOTES: syncedDaniel Stenberg
2019-07-30asyn-thread: create a socketpair to wait onamkatyal
Closes #4157
2019-07-30curl: cap the maximum allowed values for retry time argumentsDaniel Stenberg
... to avoid integer overflows later when multiplying with 1000 to convert seconds to milliseconds. Added test 1269 to verify. Reported-by: Jason Lee Closes #4166
2019-07-29progress: reset download/uploaded counterDaniel Stenberg
... to make CURLOPT_MAX_RECV_SPEED_LARGE and CURLOPT_MAX_SEND_SPEED_LARGE work correctly on subsequent transfers that reuse the same handle. Fixed-by: Ironbars13 on github Fixes #4084 Closes #4161
2019-07-29http2_recv: trigger another read when the last data is returnedDaniel Stenberg
... so that end-of-stream is detected properly. Reported-by: Tom van der Woerdt Fixes #4043 Closes #4160
2019-07-29curl: avoid uncessary libcurl timeouts (in parallel mode)Daniel Stenberg
When curl_multi_wait() returns OK without file descriptors to wait for, it might already have done a long timeout. Closes #4159
2019-07-29HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknownBalazs Kovacsics
If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set, automatically add a Transfer-Encoding: chunked header, same as it is already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME. Update test 1514 according to the new behaviour. Closes #4138
2019-07-29winbuild: add vquic to list of build directoriesDaniel Stenberg
This fixes the winbuild build method which broke several days ago when experimental quic support was added in 3af0e76. Reported-by: Michael Lee Fixes https://github.com/curl/curl/issues/4158
2019-07-25easy: resize receive buffer on easy handle resetJay Satiro
- In curl_easy_reset attempt to resize the receive buffer to its default size. If realloc fails then continue using the previous size. Prior to this change curl_easy_reset did not properly handle resetting the receive buffer (data->state.buffer). It reset the variable holding its size (data->set.buffer_size) to the default size (READBUFFER_SIZE) but then did not actually resize the buffer. If a user resized the buffer by using CURLOPT_BUFFERSIZE to set the size smaller than the default, later called curl_easy_reset and attempted to reuse the handle then a heap overflow would very likely occur during that handle's next transfer. Reported-by: Felix Hädicke Fixes https://github.com/curl/curl/issues/4143 Closes https://github.com/curl/curl/pull/4145
2019-07-25examples: Avoid reserved names in hiperfifo examplesBrad Spencer
- Trade in __attribute__((unused)) for the classic (void)x to silence unused symbols. Because the classic way is not gcc specific. Also because the prior method mapped to symbol _Unused, which starts with _ and a capital letter which is reserved. Assisted-by: The Infinnovation team Bug: https://github.com/curl/curl/issues/4120#issuecomment-512542108 Closes https://github.com/curl/curl/pull/4153
2019-07-25RELEASE-NOTES: syncedDaniel Stenberg
2019-07-25ssh-libssh: do not specify O_APPEND when not in append modeFelix Hädicke
Specifying O_APPEND in conjunction with O_TRUNC and O_CREAT does not make much sense. And this combination of flags is not accepted by all SFTP servers (at least not Apache SSHD). Fixes #4147 Closes #4148
2019-07-25multi: call detach_connection before Curl_disconnectGergely Nagy
Curl_disconnect bails out if conn->easyq is not empty, detach_connection needs to be called first to remove the current easy from the queue. Fixes #4144 Closes #4151
2019-07-23tool_operate: fix implicit call to easysrc_cleanupJay Satiro
easysrc_cleanup is only defined when CURL_DISABLE_LIBCURL_OPTION is not defined, and prior to this change would be called regardless. Bug: https://github.com/curl/curl/pull/3804#issuecomment-513922637 Reported-by: Marcel Raad Closes https://github.com/curl/curl/pull/4142
2019-07-22curl:create_transfers check return code from curl_easy_setoptDaniel Stenberg
From commit b8894085 Pointed out by Coverity CID 1451703 Closes #4134
2019-07-21HTTP3: initial (experimental) supportDaniel Stenberg
USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
2019-07-21curl: remove dead codeDaniel Stenberg
The loop never loops (since b889408500), pointed out by Coverity (CID 1451702) Closes #4133
2019-07-20docs/PARALLEL-TRANSFERS: correct the version numberDaniel Stenberg
2019-07-20docs/PARALLEL-TRANSFERS: addedDaniel Stenberg
2019-07-20curl: support parallel transfersDaniel Stenberg
This is done by making sure each individual transfer is first added to a linked list as then they can be performed serially, or at will, in parallel. Closes #3804
2019-07-20docs/MANUAL.md: converted to markdown from plain textDaniel Stenberg
... will make it render as a nicer web page. Closes #4131
2019-07-20curl_version_info: provide nghttp2 detailsDaniel Stenberg
Introducing CURLVERSION_SIXTH with nghttp2 info. Closes #4121
2019-07-19bump: start working on 7.66.0Daniel Stenberg
2019-07-19source: remove names from source commentsDaniel Stenberg
Several reasons: - we can't add everyone who's helping out so its unfair to just a few selected ones. - we already list all helpers in THANKS and in RELEASE-NOTES for each release - we don't want to give the impression that some parts of the code is "owned" or "controlled" by specific persons Assisted-by: Daniel Gustafsson Closes #4129
2019-07-19RELEASE-NOTES: 7.65.3Daniel Stenberg
2019-07-19THANKS: 7.65.3 statusDaniel Stenberg
2019-07-19progress: make the progress meter appear againDaniel Stenberg
Fix regression caused by 21080e1 Reported-by: Chih-Hsuan Yen Fixes #4122 Closes #4124
2019-07-19version: bump to 7.65.3Daniel Stenberg
2019-07-17RELEASE-NOTES: Contributors or now 1990Daniel Stenberg
2019-07-17RELEASE-NOTES: 7.65.2Daniel Stenberg
2019-07-17THANKS: add contributors from 7.65.2Daniel Stenberg
2019-07-17cmake: Fix finding Brotli on case-sensitive file systemsaasivov
- Find package "Brotli" instead of "BROTLI" since the former is the casing used for CMake/FindBrotli.cmake, and otherwise find_package may fail on a case-sensitive file system. Fixes https://github.com/curl/curl/issues/4117
2019-07-17CURLOPT_RANGE.3: Caution against using it for HTTP PUTJay Satiro
AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've cautioned against using it for that purpose and included a workaround. Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html Reported-by: Christopher Head Closes https://github.com/curl/curl/issues/3814
2019-07-17CURLOPT_SEEKDATA.3: fix variable nameStefano Simonelli
Closes https://github.com/curl/curl/pull/4118
2019-07-17CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCHgeorgeok
If the SSL backend is Schannel and the user specifies an Schannel CALG_ that is not supported by the protocol or the server then curl returns CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH. Fixes https://github.com/curl/curl/issues/3389 Closes https://github.com/curl/curl/pull/4106
2019-07-17nss: inspect returnvalue of token checkDaniel Gustafsson
PK11_IsPresent() checks for the token for the given slot is available, and sets needlogin flags for the PK11_Authenticate() call. Should it return false, we should however treat it as an error and bail out. Closes https://github.com/curl/curl/pull/4110
2019-07-17docs: Explain behavior change in --tlsv1. options since 7.54Jay Satiro
Since 7.54 --tlsv1. options use the specified version or later, however older versions of curl documented it as using just the specified version which may or may not have happened depending on the TLS library. Document this discrepancy to allay confusion for users familiar with the old documentation that expect just the specified version. Fixes https://github.com/curl/curl/issues/4097 Closes https://github.com/curl/curl/pull/4119
2019-07-17libcurl: Restrict redirect schemes (follow-up)Jay Satiro
- Allow FTPS on redirect. - Update default allowed redirect protocols in documentation. Follow-up to 6080ea0. Ref: https://github.com/curl/curl/pull/4094 Closes https://github.com/curl/curl/pull/4115
2019-07-16test1173: make it also check all libcurl option man pagesDaniel Stenberg
... and adjust those that cause errors Closes #4116
2019-07-16curl: only accept COLUMNS less than 10000Daniel Stenberg
... as larger values would rather indicate something silly (and could potentially cause buffer problems). Reported-by: pendrek at hackerone Closes #4114
2019-07-15dist: add manpage-syntax.plDaniel Stenberg
follow-up to 7fb66c403
2019-07-15test1173: detect some basic man page format mistakesDaniel Stenberg
Triggered by PR #4111 Closes #4113
2019-07-15docs: Fix missing lines caused by undefined macrosBjarni Ingi Gislason
- Escape apostrophes at line start. Some lines begin with a "'" (apostrophe, single quote), which is then interpreted as a control character in *roff. Such lines are interpreted as being a call to a macro, and if undefined, the lines are removed from the output. Bug: https://bugs.debian.org/926352 Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is> Submitted-by: Alessandro Ghedini Closes https://github.com/curl/curl/pull/4111
2019-07-14libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaultsDaniel Stenberg
follow-up to 6080ea098
2019-07-14libcurl: Add testcase for gopher redirectsLinos Giannopoulos
The testcase ensures that redirects to CURLPROTO_GOPHER won't be allowed, by default, in the future. Also, curl is being used for convenience while keeping the testcases DRY. The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is redirected to CURLPROTO_GOPHER Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
2019-07-14libcurl: Restrict redirect schemesLinos Giannopoulos
All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS counterpart were allowed for redirect. This vastly broadens the exploitation surface in case of a vulnerability such as SSRF [1], where libcurl-based clients are forced to make requests to arbitrary hosts. For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based protocol by URL-encoding a payload in the URI. Gopher will open a TCP connection and send the payload. Only HTTP/HTTPS and FTP are allowed. All other protocols have to be explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr> Closes #4094
2019-07-14openssl: define HAVE_SSL_GET_SHUTDOWN based on version numberZenju
Closes #4100
2019-07-14http: allow overriding timecond with custom headerPeter Simonyi
With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. If-Modified-Since). Allow this to be replaced or suppressed with CURLOPT_HTTPHEADER. Fixes #4103 Closes #4109
2019-07-11smb: Use the correct error code for access denied on file openJuergen Hoetzel
- Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open. Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead. Closes https://github.com/curl/curl/pull/4095
2019-07-11DEPRECATE: fixup versions and spellingDaniel Gustafsson
Correctly set the July 17 version to 7.65.2, and update spelling to be consistent. Also fix a typo. Closes https://github.com/curl/curl/pull/4107