aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-08-01BUGS: improved phrasing about security bugsDaniel Stenberg
Reported-by: Max Dymond
2017-08-01BUGS: clarify how to report security related bugsDaniel Stenberg
2017-08-01multi: fix request timer managementBrad Spencer
There are some bugs in how timers are managed for a single easy handle that causes the wrong "next timeout" value to be reported to the application when a new minimum needs to be recomputed and that new minimum should be an existing timer that isn't currently set for the easy handle. When the application drives a set of easy handles via the `curl_multi_socket_action()` API (for example), it gets told to wait the wrong amount of time before the next call, which causes requests to linger for a long time (or, it is my guess, possibly forever). Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
2017-08-01curl_setup: Define CURL_NO_OLDIES for building libcurlJay Satiro
.. to catch accidental use of deprecated error codes. Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
2017-08-01configure: fix the check for IdnToUnicodeJeremy Tan
Fixes #1669 Closes #1713
2017-07-31http: fix response code parser to avoid integer overflowDaniel Stenberg
test 1429 and 1433 were updated to work with the stricter HTTP status line parser. Closes #1714 Reported-by: Brian Carpenter
2017-07-31libcurl: Stop using error codes defined under CURL_NO_OLDIESDwarakanath Yadavalli
Fixes https://github.com/curl/curl/issues/1688 Closes https://github.com/curl/curl/pull/1712
2017-07-30include.d: clarify --include is only for response headersJay Satiro
Follow-up to 171f8de and de6de94. Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851 Reported-by: Daniel Stenberg
2017-07-30cmake: support make uninstalljasjuang
Closes #1674
2017-07-30RELEASE-NOTES: synced with 001701c47Daniel Stenberg
2017-07-29AppVeyor: now really use CURL_WERRORMarcel Raad
It was misspelled as CURL_ERROR in commit 2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4. Closes https://github.com/curl/curl/pull/1686
2017-07-29tool_help: clarify --include is only for response headersJay Satiro
Follow-up to 171f8de. Ref: https://github.com/curl/curl/issues/1704
2017-07-29splay: fix signed/unsigned mismatch warningJay Satiro
Follow-up to 4dee50b. Ref: https://github.com/curl/curl/pull/1693
2017-07-28include.d: clarify that it concerns the response headersDaniel Stenberg
Reported-by: olesteban at github Fixes #1704
2017-07-28curl_rtmp: fix a compiler warningJohannes Schindelin
The headers of librtmp declare the socket as `int`, and on Windows, that disagrees with curl_socket_t. Bug: #1652 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28test1323: verify curlx_tvdiffDaniel Stenberg
2017-07-28timeval: struct curltime is a struct timeval replacementDaniel Stenberg
... to make all libcurl internals able to use the same data types for the struct members. The timeval struct differs subtly on several platforms so it makes it cumbersome to use everywhere. Ref: #1652 Closes #1693
2017-07-27darwinssl: fix variable type mistake (regression)Daniel Stenberg
... which made --tlsv1.2 not work because it would blank the max tls version variable. Reported-by: Nick Miyake Bug: #1703
2017-07-27multi: mention integer overflow risk if using > 500 million socketsDaniel Stenberg
Reported-by: ovidiu-benea@users.noreply.github.com Closes #1675 Closes #1683
2017-07-27checksrc: escape open brace in regexDaniel Stenberg
... to silence warning.
2017-07-20nss: fix a possible use-after-free in SelectClientCert()Kamil Dudka
... causing a SIGSEGV in showit() in case the handle used to initiate the connection has already been freed. This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803. Reported-by: Rob Sanders Bug: https://bugzilla.redhat.com/1436158
2017-07-20nss: unify the coding style of nss_send() and nss_recv()Kamil Dudka
No changes in behavior intended by this commit.
2017-07-18tests/server/resolve.c: fix deprecation warningMarcel Raad
MSVC warns that gethostbyname is deprecated. Always use getaddrinfo instead to fix this when IPv6 is enabled, also for IPv4 resolves. This is also consistent with what libcurl does. Closes https://github.com/curl/curl/pull/1682
2017-07-17darwinssl: fix pinnedpubkey build errorJay Satiro
- s/SessionHandle/Curl_easy/ Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670 Reported-by: Gisle Vanem
2017-07-16rtspd: fix GCC warning after MSVC warning fixMarcel Raad
Older GCC warns: /tests/server/rtspd.c:1194:10: warning: missing braces around initializer [-Wmissing-braces] Fix this by using memset instead of an initializer.
2017-07-16libtest: fix MSVC warning C4706Marcel Raad
With warning level 4, MSVC warns about assignments within conditional expressions. Change the while loop to a do-while loop to fix this. This change is also consistent with CODE_STYLE.md.
2017-07-16sockfilt: suppress conversion warning with explicit castMarcel Raad
MSVC warns when implicitly casting -1 to unsigned long.
2017-07-16rtspd: fix MSVC level 4 warningMarcel Raad
warning C4701: potentially uninitialized local variable 'req' used
2017-07-14winbuild: re-enable warning C4127 for curl toolMarcel Raad
Disabled in cda19a345f6970e22fe8b7a808aeb8f086a21eac. It only needs to be disabled for libcurl.
2017-07-13winbuild: build with warning level 4Marcel Raad
This is consistent with 7bc64561a2e63ca93e4b0b31d350773ba80955c2, which changed the warning level from 3 to 4 for the Visual Studio project files. But disable the level 4 warning C4127 "conditional expression is constant", as that one is issued by older versions of the Windows SDK as well as curl itself under some circumstances. Closes https://github.com/curl/curl/pull/1667
2017-07-12travis: install libidn2Max Dymond
Install libidn2 to increase test coverage (IDN tests) Closes https://github.com/curl/curl/pull/1673
2017-07-12travis: enable warnings also in release modeMarcel Raad
... to get warnings also on Linux/GCC and OSX/clang. Closes https://github.com/curl/curl/pull/1666
2017-07-12travis: install libssh2Max Dymond
Install libssh2 to increase test coverage (SFTP, SCP)
2017-07-12system.h: include winsock2.h before windows.hMarcel Raad
... to avoid compiler warnings if the user doesn't want WIN32_LEAN_AND_MEAN.
2017-07-11build: remove WIN32_LEAN_AND_MEAN from individual build systemsMarcel Raad
It's defined for all build systems in curl_setup.h since commit beb08481d01a07a8b10938b1078a5e298b1c2912. This caused macro redefinition warnings in the configure builds. Closes https://github.com/curl/curl/pull/1677
2017-07-11ISSUE_TEMPLATE: Add a comment not to file security issues on githubJay Satiro
2017-07-11curl_setup: always define WIN32_LEAN_AND_MEAN on WindowsMarcel Raad
Make sure to always define WIN32_LEAN_AND_MEAN before including any Windows headers to avoid pulling in unnecessary headers. This avoids unnecessary macro clashes and compiler warnings. Ref: https://github.com/curl/curl/issues/1562 Closes https://github.com/curl/curl/pull/1672
2017-07-11strerror: Preserve Windows error code in some functionsJay Satiro
This is a follow-up to af02162 which removed (SET_)ERRNO macros. That commit was an earlier draft that I committed by mistake, which was then remedied by a5834e5 and e909de6, and now this commit. With this commit there is now no difference between the current code and the changes that were approved in the final draft. Thanks-to: Max Dymond, Marcel Raad, Daniel Stenberg, Gisle Vanem Ref: https://github.com/curl/curl/pull/1589
2017-07-10tests: Fix up issues with errno in test filesMax Dymond
Closes https://github.com/curl/curl/pull/1671
2017-07-10errno: fix non-windows builds after af0216251b94e7Daniel Stenberg
2017-07-10make: fix docs build on OpenBSDRyan Winograd
Ref: #1591
2017-07-10ldap: fix MinGW compiler warningMarcel Raad
ldap_bind_s is marked as deprecated in w32api's winldap.h shipping with the latest original MinGW, resulting in compiler warnings since commit f0fe66f13c93d3d0af45d9fb1231c9164e0f9dc8. Fix this for the non-SSPI case by using ldap_simple_bind_s again instead of ldap_bind_s with LDAP_AUTH_SIMPLE. Closes https://github.com/curl/curl/pull/1664
2017-07-10curl-compilers.m4: disable warning spam with Cygwin's clangMarcel Raad
When building with Cygwin or MinGW, libtool uses a wrapper executable instead of a wrapper script [1], which is written in C and throws missing-variable-declarations warnings. Don't enable these warnings on Cygwin and MinGW in order to avoid warnings for every executable built, which spams the test suite output when using Cygwin's clang. [1] https://www.gnu.org/software/libtool/manual/html_node/Wrapper-executables.html Closes https://github.com/curl/curl/pull/1665
2017-07-10curl_setup_once: Remove ERRNO/SET_ERRNO macrosJay Satiro
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError for Win32 and regular errno otherwise. I reviewed the code and found no justifiable reason for conflating errno on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno, and any Win32 multithreaded CRT supports thread-local errno. Fixes https://github.com/curl/curl/issues/895 Closes https://github.com/curl/curl/pull/1589
2017-07-09tool_getparam: fix potentially uninitialized errJay Satiro
2017-07-09smb: rename variable to fix shadowing warningMarcel Raad
GCC 4.6.3 on travis complains: smb.c: In function ‘get_posix_time’: smb.c:725:13: error: declaration of ‘time’ shadows a global declaration [-Werror=shadow] Fix this by renaming the variable.
2017-07-09tool_cb_wrt: fix variable shadowing warningMarcel Raad
GCC 4.4 complains: tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global declaration /usr/include/unistd.h:782: error: shadowed declaration is here Fix this by renaming the variable. Closes https://github.com/curl/curl/pull/1661
2017-07-08RELEASE-NOTES: synced with be2c999b8Daniel Stenberg
2017-07-07travis: install stunnelDaniel Stenberg
2017-07-07valgrind.supp: supress OpenSSL false positive seen on travisDaniel Stenberg