aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-01-02THANKS: add more missing namesDaniel Gustafsson
Add Adrian Burcea who made the artwork for the curl://up 2018 event which was held in Stockholm, Sweden.
2019-01-02docs: mention potential leak in curl_slist_appendDaniel Gustafsson
When a non-empty list is appended to, and used as the returnvalue, the list pointer can leak in case of an allocation failure in the curl_slist_append() call. This is correctly handled in curl code usage but we weren't explicitly pointing it out in the API call documentation. Fix by extending the RETURNVALUE manpage section and example code. Closes #3424 Reported-by: dnivras on github Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-01-01tvnow: silence conversion warningsMarcel Raad
MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is used and the milliseconds are represented as unsigned long long, leading to a compiler warning when implicitly converting them to long.
2019-01-01THANKS: dedupe more namesDaniel Stenberg
Researched-by: Tae Wong
2019-01-01ntlm: update selection of type 3 responseMarkus Moeller
NTLM2 did not work i.e. no NTLMv2 response was created. Changing the check seems to work. Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf Fixes https://github.com/curl/curl/issues/3286 Closes https://github.com/curl/curl/pull/3287 Closes https://github.com/curl/curl/pull/3415
2018-12-31THANKS: added missing names from year <= 2000Daniel Stenberg
Due to a report of a missing name in THANKS I manually went through an old CHANGES.0 file and added many previously missing names here.
2018-12-30urlapi: fix parsing ipv6 with zone indexDaniel Gustafsson
The previous fix for parsing IPv6 URLs with a zone index was a paddle short for URLs without an explicit port. This patch fixes that case and adds a unit test case. This bug was highlighted by issue #3408, and while it's not the full fix for the problem there it is an isolated bug that should be fixed regardless. Closes #3411 Reported-by: GitYuanQu on github Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-30THANKS: dedupe Guenter KnaufDaniel Stenberg
Reported-by: Tae Wong
2018-12-30THANKS: missing name from the 6.3.1 release!Daniel Stenberg
2018-12-27RELEASE-NOTES: syncedDaniel Gustafsson
2018-12-27hostip: support wildcard hostsClaes Jakobsson
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are try-last so any non-wildcard entry is resolved first. If specified, any host not matched by another CURLOPT_RESOLVE config will use this as fallback. Example send a.com to 10.0.0.1 and everything else to 10.0.0.2: curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \ https://a.com https://b.com This is probably quite similar to using: --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443 Closes #3406 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-27url: fix incorrect indentationDaniel Gustafsson
2018-12-26os400: upgrade ILE/RPG binding.Patrick Monnerat
- Trailer function support. - http 0.9 option. - curl_easy_upkeep.
2018-12-25FAQ: remove mention of sourceforge for githubDaniel Gustafsson
The project bug tracker is no longer hosted at sourceforge but is now hosted on the curl Github page. Update the FAQ to reflect. Closes #3410 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-25openvms: fix typos in documentationDaniel Gustafsson
2018-12-25openvms: fix OpenSSL discovery on VAXDaniel Gustafsson
The DCL code had a typo in one of the commands which would make the OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT. Closes #3407 Reviewed-by: Viktor Szakats <commit@vszakats.net>
2018-12-24cmake: use lowercase for function name like the rest of the codeRuslan Baratov
Reviewed-by: Sergei Nikulov closes #3196
2018-12-23Revert "libssh: no data pointer == nothing to do"Daniel Stenberg
This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the problem in a more generic way.
2018-12-23disconnect: set conn->data for protocol disconnectDaniel Stenberg
Follow-up to fb445a1e18d: Set conn->data explicitly to point out the current transfer when invoking the protocol-specific disconnect function so that it can work correctly. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
2018-12-23timeval: Use high resolution timestamps on WindowsPavel P
- Use QueryPerformanceCounter on Windows Vista+ There is confusing info floating around that QueryPerformanceCounter can leap etc, which might have been true long time ago, but no longer the case nowadays (perhaps starting from WinXP?). Also, boost and std::chrono::steady_clock use QueryPerformanceCounter in a similar way. Prior to this change GetTickCount or GetTickCount64 was used, which has lower resolution. That is still the case for <= XP. Fixes https://github.com/curl/curl/issues/3309 Closes https://github.com/curl/curl/pull/3318
2018-12-22libssh: no data pointer == nothing to doDaniel Stenberg
2018-12-22conncache_unlock: avoid indirection by changing input argument typeDaniel Stenberg
2018-12-22disconnect: separate connections and easy handles betterDaniel Stenberg
Do not assume/store assocation between a given easy handle and the connection if it can be avoided. Long-term, the 'conn->data' pointer should probably be removed as it is a little too error-prone. Still used very widely though. Reported-by: masbug on github Fixes #3391 Closes #3400
2018-12-22libssh: free sftp_canonicalize_path() data correctlyDaniel Stenberg
Assisted-by: Harry Sintonen Fixes #3402 Closes #3403
2018-12-21RELEASE-NOTES: syncedDaniel Stenberg
2018-12-21http: added options for allowing HTTP/0.9 responsesDaniel Stenberg
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
2018-12-21if2ip: remove unused function Curl_if_is_interface_nameDaniel Stenberg
Closes #3401
2018-12-20http2: clear pause stream id if it gets closedDaniel Stenberg
Reported-by: Florian Pritz Fixes #3392 Closes #3399
2018-12-20wolfssl: Perform cleanupDavid Garske
This adds a cleanup callback for cyassl. Resolves possible memory leak when using ECC fixed point cache. Closes #3395 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2018-12-20mbedtls: follow-up VERIFYHOST fix from f097669248Daniel Stenberg
Fix-by: Eric Rosenquist Fixes #3376 Closes #3390
2018-12-20curlver: bump to 7.64.0 for next releaseDaniel Stenberg
2018-12-19cookies: extend domain checks to non psl buildsDaniel Gustafsson
Ensure to perform the checks we have to enforce a sane domain in the cookie request. The check for non-PSL enabled builds is quite basic but it's better than nothing. Closes #2964 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-19smb: fix incorrect path in request if connection reusedMatus Uzak
Follow-up to 09e401e01bf9. If connection gets reused, then data member will be copied, but not the proto member. As a result, in smb_do(), path has been set from the original proto.share data. Closes #3388
2018-12-19curl -J: do not append to the destination fileDaniel Stenberg
Reported-by: Kamil Dudka Fixes #3380 Closes #3381
2018-12-17mbedtls: use VERIFYHOSTDaniel Stenberg
Previously, VERIFYPEER would enable/disable all checks. Reported-by: Eric Rosenquist Fixes #3376 Closes #3380
2018-12-17pingpong: change default response timeout to 120 secondsDaniel Stenberg
Previously it was 30 minutes
2018-12-17pingpong: ignore regular timeout in disconnect phaseDaniel Stenberg
The timeout set with CURLOPT_TIMEOUT is no longer used when disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP, POP3). Reported-by: jasal82 on github Fixes #3264 Closes #3374
2018-12-14TODO: Windows: set attribute 'archive' for completed downloadsDaniel Stenberg
Closes #3354
2018-12-14RELEASE-NOTES: syncedDaniel Stenberg
2018-12-14http: minor whitespace cleanup from f464535bDaniel Stenberg
2018-12-14http: Implement trailing headers for chunked transfersAyoub Boudhar
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350
2018-12-14darwinssl: accept setting max-tls with default min-tlsDaniel Stenberg
Reported-by: Andrei Neculau Fixes #3367 Closes #3373
2018-12-13gopher: fix memory leak from 9026083ddb2a9Daniel Stenberg
2018-12-13test1201: Add a trailing `?' to the selectorLeonardo Taccari
This verify that the `?' in the selector is kept as is. Verifies the fix in #3370
2018-12-13gopher: always include the entire gopher-path in requestLeonardo Taccari
After the migration to URL API all octets in the selector after the first `?' were interpreted as query and accidentally discarded and not passed to the server. Add a gopherpath to always concatenate possible path and query URL pieces. Fixes #3369 Closes #3370
2018-12-13urlapi: distinguish possibly empty queryLeonardo Taccari
If just a `?' to indicate the query is passed always store a zero length query instead of having a NULL query. This permits to distinguish URL with trailing `?'. Fixes #3369 Closes #3370
2018-12-13OS400: handle memory error in list conversionDaniel Gustafsson
Curl_slist_append_nodup() returns NULL when it fails to create a new item for the specified list, and since the coding here reassigned the new list on top of the old list it would result in a dangling pointer and lost memory. Also, in case we hit an allocation failure at some point during the conversion, with allocation succeeding again on the subsequent call(s) we will return a truncated list around the malloc failure point. Fix by assigning to a temporary list pointer, which can be checked (which is the common pattern for slist appending), and free all the resources on allocation failure. Closes #3372 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-13cookies: leave secure cookies aloneDaniel Gustafsson
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-13docs: fix the --tls-max descriptionDaniel Stenberg
Reported-by: Tobias Lindgren Pointed out in #3367 Closes #3368
2018-12-12urlapi: Fix port parsing of eol colonDaniel Gustafsson
A URL with a single colon without a portnumber should use the default port, discarding the colon. Fix, add a testcase and also do little bit of comment wordsmithing. Closes #3365 Reviewed-by: Daniel Stenberg <daniel@haxx.se>