aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-09-26FTP: url-decode path before evaluationZenju
Closes #4423
2019-09-26openssl: use strerror on SSL_ERROR_SYSCALLDaniel Stenberg
Instead of showing the somewhat nonsensical errno number, use strerror() to provide a more relatable error message. Closes #4411
2019-09-26HTTP3: update quic.aiortc.org + add link to server listDaniel Stenberg
Reported-by: Jeremy Lainé
2019-09-26url: don't set appconnect time for non-ssl/non-ssh connectionsJay Satiro
Prior to this change non-ssl/non-ssh connections that were reused set TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH handshake took place. [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in libcurl and %{time_appconnect} in the curl tool. It is documented as "the time until the SSL/SSH handshake is completed". Reported-by: Marcel Hernandez Ref: https://github.com/curl/curl/issues/3760 Closes https://github.com/curl/curl/pull/3773
2019-09-25ngtcp2: remove fprintf() callsDaniel Stenberg
- convert some of them to H3BUF() calls to infof() - remove some of them completely - made DEBUG_HTTP3 defined only if CURLDEBUG is set for now Closes #4421
2019-09-25url: fix the NULL hostname compiler warning caseJay Satiro
Closes #4403
2019-09-25travis: move the go install to linux-onlyJay Satiro
... to repair the build again Closes #4403
2019-09-25altsvc: correct the #ifdef for the ngtcp2 backendDaniel Stenberg
2019-09-25altsvc: save h3 as h3-23Daniel Stenberg
Follow-up to d176a2c7e5
2019-09-24urlapi: question mark within fragment is still fragmentDaniel Stenberg
The parser would check for a query part before fragment, which caused it to do wrong when the fragment contains a question mark. Extended test 1560 to verify. Reported-by: Alex Konev Fixes #4412 Closes #4413
2019-09-24HTTP3.md: move -p for mkdir, remove -j for makeAlex Samorukov
- mkdir on OSX/Darwin requires `-p` argument before dir - portabbly figuring out number of cores is an exercise for somewhere else Closes #4407
2019-09-24os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr,Patrick Monnerat
As libcurl now uses these 2 system functions, wrappers are needed on os400 to convert returned AF_UNIX sockaddrs to ascii. This is a follow-up to commit 7fb54ef. See also #4037. Closes #4214
2019-09-24strcase: fix raw lowercasing the letter XLucas Pardue
Casing mistake in Curl_raw_tolower 'X' wasn't lowercased as 'x' prior to this change. Follow-up to 0023fce which added the function several days ago. Ref: https://github.com/curl/curl/pull/4401#discussion_r327396546 Closes https://github.com/curl/curl/pull/4408
2019-09-23http2: Expression 'stream->stream_id != - 1' is always trueDaniel Stenberg
PVS-Studio warning Fixes #4402
2019-09-23http2: A value is being subtracted from the unsigned variableDaniel Stenberg
PVS-Studio warning Fixes #4402
2019-09-23libssh: part of conditional expression is always true: !resultDaniel Stenberg
PVS-Studio warning Fixed #4402
2019-09-23libssh: part of conditional expression is always trueDaniel Stenberg
PVS-Studio warning Fixes #4402
2019-09-23libssh: The expression is excessive or contains a misprintDaniel Stenberg
PVS-Studio warning Fixes #4402
2019-09-23quiche: The expression must be surrounded by parenthesesDaniel Stenberg
PVS-Studio warning Fixes #4402
2019-09-23vauth: The parameter 'status' must be surrounded by parenthesesDaniel Stenberg
PVS-Studio warning Fixes #4402
2019-09-23doh: allow only http and https in debug modePaul Dreik
Otherwise curl may be told to use for instance pop3 to communicate with the doh server, which most likely is not what you want. Found through fuzzing. Closes #4406
2019-09-23doh: return early if there is no time leftPaul Dreik
Closes #4406
2019-09-23http: lowercase headernames for HTTP/2 and HTTP/3Barry Pollard
Closes #4401 Fixes #4400
2019-09-23vtls: fix narrowing conversion warningsMarcel Raad
Curl_timeleft returns `timediff_t`, which is 64 bits wide also on 32-bit systems since commit b1616dad8f0. Closes https://github.com/curl/curl/pull/4398
2019-09-23winbuild: Add manifest to curl.exe for proper OS version detectionJoel Depooter
This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898 in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is overwritten. The fix is to append values to CURL_RC_FLAGS instead of overwriting Closes #4399
2019-09-22RELEASE-NOTES: syncedDaniel Stenberg
2019-09-22openssl: fix compiler warning with LibreSSLMarcel Raad
It was already fixed for BoringSSL in commit a0f8fccb1e0. LibreSSL has had the second argument to SSL_CTX_set_min_proto_version as uint16_t ever since the function was added in [0]. [0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda Closes https://github.com/curl/curl/pull/4397
2019-09-22curl: exit the create_transfers loop on errorsDaniel Stenberg
When looping around the ranges and given URLs to create transfers, all errors should exit the loop and return. Previously it would keep looping. Reported-by: SumatraPeter on github Bug: #4393 Closes #4396
2019-09-21socks: Fix destination host shown on SOCKS5 errorJay Satiro
Prior to this change when a server returned a socks5 connect error then curl would parse the destination address:port from that data and show it to the user as the destination: curld -v --socks5 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to IPv4 172.217.12.206 (locally resolved) * Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1) That's incorrect because the address:port included in the connect error is actually a bind address:port (typically unused) and not the destination address:port. This fix changes curl to show the destination information that curl sent to the server instead: curld -v --socks5 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved) * Can't complete SOCKS5 connection to 172.217.7.14:99. (1) curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1) curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99 * SOCKS5 communication to google.com:99 * SOCKS5 connect to google.com:99 (remotely resolved) * Can't complete SOCKS5 connection to google.com:99. (1) curl: (7) Can't complete SOCKS5 connection to google.com:99. (1) Ref: https://tools.ietf.org/html/rfc1928#section-6 Closes https://github.com/curl/curl/pull/4394
2019-09-21travis: enable ngtcp2 h3-23 buildsDaniel Stenberg
2019-09-21altsvc: both backends run h3-23 nowDaniel Stenberg
Closes #4395
2019-09-21http: fix warning on conversion from int to bitDaniel Stenberg
Follow-up from 03ebe66d70
2019-09-21urldata: use 'bool' for the bit type on MSVC compilersDaniel Stenberg
Closes #4387 Fixes #4379
2019-09-21appveyor: upgrade VS2017 to VS2019Daniel Stenberg
Closes #4383
2019-09-21FTP: FTPFILE_NOCWD: avoid redundant CWDsZenju
Closes #4382
2019-09-21cookie: pass in the correct cookie amount to qsort()Daniel Stenberg
As the loop discards cookies without domain set. This bug would lead to qsort() trying to sort uninitialized pointers. We have however not found it a security problem. Reported-by: Paul Dreik Closes #4386
2019-09-21urlapi: avoid index underflow for short ipv6 hostnamesPaul Dreik
If the input hostname is "[", hlen will underflow to max of size_t when it is subtracted with 2. hostname[hlen] will then cause a warning by ubsanitizer: runtime error: addition of unsigned offset to 0x<snip> overflowed to 0x<snip> I think that in practice, the generated code will work, and the output of hostname[hlen] will be the first character "[". This can be demonstrated by the following program (tested in both clang and gcc, with -O3) int main() { char* hostname=strdup("["); size_t hlen = strlen(hostname); hlen-=2; hostname++; printf("character is %d\n",+hostname[hlen]); free(hostname-1); } I found this through fuzzing, and even if it seems harmless, the proper thing is to return early with an error. Closes #4389
2019-09-21ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23Tatsuhiro Tsujikawa
Closes #4392
2019-09-20THANKS-filter: deal with my typos 'Jat' => 'Jay'Daniel Stenberg
2019-09-20travis: use go masterDaniel Stenberg
... as the boringssl builds needs a very recent version Co-authored-by: Jat Satiro Closes #4361
2019-09-20tool_operate: removed unused variable 'done'Daniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20tool_operate: Expression 'config->resume_from' is always trueDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20tool_getparam: remove duplicate switch caseDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20libssh2: part of conditional expression is always true: !resultDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20urlapi: Expression 'storep' is always trueDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20urlapi: 'scheme' is always trueDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20urlapi: part of conditional expression is always true: (relurl[0] == '/')Daniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20setopt: store CURLOPT_RTSP_SERVER_CSEQ correctlyDaniel Stenberg
Fixes bug detected by PVS-Studio Fixes #4374
2019-09-20mime: make Curl_mime_duppart() assert if called without valid dstDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20http_proxy: part of conditional expression is always true: !errorDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374