aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-05-31option: disallow username in URLBjörn Stenberg
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340
2018-05-31libcurl-security.3: improved layout for two rememdy listsDaniel Stenberg
2018-05-31libcurl-security.3: refer to URL instead of in-source markdown fileDaniel Stenberg
2018-05-30curl.rc: embed manifest for correct Windows version detectionViktor Szakats
* enable it in `src/Makefile.m32` * enable it in `winbuild/MakefileBuild.vc` if a custom manifest is _not_ enabled via the existing `EMBED_MANIFEST` option * enable it for all Windows CMake builds (also disable the built-in minimal manifest, added by CMake by default.) For other build systems, add the `-DCURL_EMBED_MANIFEST` option to the list of RC (Resource Compiler) flags to enable the manifest included in `src/curl.rc`. This may require to disable whatever automatic or other means in which way another manifest is added to `curl.exe`. Notice that Borland C doesn't support this method due to a long-pending resource compiler bug. Watcom C may also not handle it correctly when the `-zm` `wrc` option is used (this option may be unnecessary though) and regardless of options in certain earlier revisions of the 2.0 beta version. Closes https://github.com/curl/curl/pull/1221 Fixes https://github.com/curl/curl/issues/2591
2018-05-30os400: sync EBCDIC wrappers and ILE/RPG binding with latest optionsPatrick Monnerat
2018-05-30os400: implement mime api EBCDIC wrappersPatrick Monnerat
Also sync ILE/RPG binding to define the new functions.
2018-05-29setopt: add TLS 1.3 ciphersuitesDaniel Stenberg
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. curl: added --tls13-ciphers and --proxy-tls13-ciphers Fixes #2435 Reported-by: zzq1015 on github Closes #2607
2018-05-29configure: override AR_FLAGS to silence warningDaniel Stenberg
The automake default ar flags are 'cru', but the 'u' flag in there causes warnings on many modern Linux distros. Removing 'u' may have a minor performance impact on older distros but should not cause harm. Explained on the automake mailing list already back in April 2015: https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html Reported-by: elephoenix on github Fixes #2617 Closes #2619
2018-05-29cmake: fixed comments in compile checks codeSergei Nikulov
2018-05-29INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/libDaniel Stenberg
... the older description doesn't work Reported-by: Peter Varga Fixes #2615 Closes #2616
2018-05-29KNOWN_BUGS: restore text regarding #2101.Will Dietz
This was added earlier but appears to have been removed accidentally. AFAICT this is very much still an issue. ----- I say "accidentally" because the text seems to have harmlessly snuck into [1] (which makes no mention of it). [1] was later reverted for unspecified reasons in [2], presumably because the mentioned issue was fixed or invalid. [1] de9fac00c40db321d44fa6fbab6eb62ec4c83998 [2] 16d1f369403cbb04bd7b085eabbeebf159473fc2 Closes #2618
2018-05-28fnmatch: insist on escaped bracket to matchDaniel Stenberg
A non-escaped bracket ([) is for a character group - as documented. It will *not* match an individual bracket anymore. Test case 1307 updated accordingly to match. Problem detected by OSS-Fuzz, although this fix is probably not a final fix for the notorious timeout issues. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525 Closes #2614
2018-05-28psl: use latest psl and refresh it periodicallyPatrick Monnerat
The latest psl is cached in the multi or share handle. It is refreshed before use after 72 hours. New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing. If the latest psl is not available, the builtin psl is used. Reported-by: Yaakov Selkowitz Fixes #2553 Closes #2601
2018-05-28configure: fix ssh2 linking when built with a static mbedtlsFabrice Fontaine
The ssh2 pkg-config file could contain the following lines when build with a static version of mbedtls: Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a Libs.private: /xxx/libmbedcrypto.a This static mbedtls library must be used to correctly detect ssh2 support and this library must be copied in libcurl.pc otherwise compilation of any application (such as upmpdcli) with libcurl will fail when trying to found mbedtls functions included in libssh2. So, replace pkg-config --libs-only-l by pkg-config --libs. Fixes: - http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Closes #2613
2018-05-28RELEASE-NOTES: syncedDaniel Stenberg
2018-05-28cmake: check for getpwuid_rBernhard Walle
The autotools-based build system does it, so we do it also in CMake. Bug: #2609 Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
2018-05-28cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing optionsDaniel Stenberg
2018-05-28curl.1: Fix cmdline-opts reference errors.Frank Gevaerts
--data, --form, and --ntlm were declared to be mutually exclusive with non-existing options. --data and --form referred to --upload (which is short for --upload-file and therefore did work, so this one was merely a bit confusing), --ntlm referred to --negotiated instead of --negotiate. Closes #2612
2018-05-28docs: fix cmdline-opts metadata headers case consistency.Frank Gevaerts
Almost all headers start with an uppercase letter, but some didn't.
2018-05-28mailmap: Max SavenkovDaniel Stenberg
2018-05-28Fix the test for fsetxattr and strerror_r tests in CMake to work without ↵maxed
compiling
2018-05-27mailmap: a Richard Alcock fixupDaniel Stenberg
2018-05-27schannel: add failf calls for client certificate failuresralcock
Closes #2604
2018-05-27winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDISTrichardthe3rd
Change requirement from $(DISTDIR) to $(DIRDIST) closes #2603
2018-05-27winbuild: only delete OUTFILE if it existsrichardthe3rd
This removes the slightly annoying "Could not file LIBCURL_OBJS.inc" and "Could not find CURL_OBJS.inc.inc" message when building into a clean folder. closes #2602
2018-05-25content_encoding: handle zlib versions too old for Z_BLOCKAlejandro R. Sedeño
Fallback on Z_SYNC_FLUSH when Z_BLOCK is not available. Fixes #2606 Closes #2608
2018-05-24multi: provide a socket to wait for in Curl_protocol_getsockDaniel Stenberg
... even when there's no protocol specific handler setup. Bug: https://curl.haxx.se/mail/lib-2018-05/0062.html Reported-by: Sean Miller Closes #2600
2018-05-24httpauth: add support for Bearer tokensLinus Lewandowski
Closes #2102
2018-05-24TODO: CURLINFO_PAUSE_STATEDaniel Stenberg
Closes #2588
2018-05-24cmake: set -d postfix for debug builds if not specifiedSergei Nikulov
using -DCMAKE_DEBUG_POSTFIX explicitly fixes #2121, obsoletes #2384
2018-05-23configure: add basic test of --with-ssl prefixDaniel Stenberg
When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or $PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an error. Helps users detect when giving configure the wrong path. Reported-by: Oleg Pudeyev Assisted-by: Per Malmberg Fixes #2580
2018-05-22http resume: skip body if http code 416 (range error) is ignored.Patrick Monnerat
This avoids appending error data to already existing good data. Test 92 is updated to match this change. New test 1156 checks all combinations of --range/--resume, --fail, Content-Range header and http status code 200/416. Fixes #1163 Reported-By: Ithubg on github Closes #2578
2018-05-22tftp: make sure error is zero terminated before printfing itDaniel Stenberg
2018-05-22configure: add missing m4/ax_compile_check_sizeof.m4Daniel Stenberg
follow-up to mistake in 6876ccf90b4
2018-05-22schannel: make CAinfo parsing resilient to CR/LFJohannes Schindelin
OpenSSL has supported --cacert for ages, always accepting LF-only line endings ("Unix line endings") as well as CR/LF line endings ("Windows line endings"). When we introduced support for --cacert also with Secure Channel (or in cURL speak: "WinSSL"), we did not take care to support CR/LF line endings, too, even if we are much more likely to receive input in that form when using Windows. Let's fix that. Happily, CryptQueryObject(), the function we use to parse the ca-bundle, accepts CR/LF input already, and the trailing LF before the END CERTIFICATE marker catches naturally any CR/LF line ending, too. So all we need to care about is the BEGIN CERTIFICATE marker. We do not actually need to verify here that the line ending is CR/LF. Just checking for a CR or an LF is really plenty enough. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/2592
2018-05-22CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bitDaniel Stenberg
2018-05-22RELEASE-NOTES: syncedDaniel Stenberg
2018-05-21KNOWN_BUGS: mention the -O with %-encoded file namesDaniel Stenberg
Closes #2573
2018-05-21checksrc: make sure sizeof() is used *with* parenthesesDaniel Stenberg
... and unify the source code to adhere. Closes #2563
2018-05-21curl: added --styled-outputDaniel Stenberg
It is enabled by default, so --no-styled-output will switch off the detection/use of bold headers. Closes #2538
2018-05-21curl: show headers in boldDaniel Stenberg
The feature is only enabled if the output is believed to be a tty. -J: There's some minor differences and improvements in -J handling, as now J should work with -i and it actually creates a file first using the initial name and then *renames* that to the one found in Content-Disposition (if any). -i: only shows headers for HTTP transfers now (as documented). Previously it would also show for pieces of the transfer that were HTTP (for example when doing FTP over a HTTP proxy). -i: now shows trailers as well. Previously they were not shown at all. --libcurl: the CURLOPT_HEADER is no longer set, as the header output is now done in the header callback.
2018-05-21configure: compile-time SIZEOF checksDaniel Stenberg
... instead of exeucting code to get the size. Removes the use of LD_LIBRARY_PATH for this. Fixes #2586 Closes #2589 Reported-by: Bernhard Walle
2018-05-21configure: replace AC_TRY_RUN with CURL_RUN_IFELSEDaniel Stenberg
... and export LD_LIBRARY_PATH properly. This is a follow-up from 2d4c215. Fixes #2586 Reported-by: Bernhard Walle
2018-05-21docs: clarify CURLOPT_HTTPGET somewhatDaniel Stenberg
Reported-by: bsammon on github Fixes #2590
2018-05-18curl_fnmatch: only allow two asterisks for matchingDaniel Stenberg
The previous limit of 5 can still end up in situation that takes a very long time and consumes a lot of CPU. If there is still a rare use case for this, a user can provide their own fnmatch callback for a version that allows a larger set of wildcards. This commit was triggered by yet another OSS-Fuzz timeout due to this. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8369 Closes #2587
2018-05-18checksrc: fix too long lineDaniel Stenberg
follow-up to e05ad5d
2018-05-18docs: mention HAproxy protocol "version 1"Aleks
...as there's also a version 2. Closes #2579
2018-05-18examples/progressfunc: make it build on older libcurlsDaniel Stenberg
This example was changed in ce2140a8c1 to use the new microsecond based getinfo option. This change makes it conditionally keep using the older option so that the example still builds with older libcurl versions. Closes #2584
2018-05-18stub_gssapi: fix numerous 'unused parameter' warningsDaniel Stenberg
follow-up to d9e92fd9fd1d
2018-05-17getinfo: add microsecond precise timers for various intervalsPhilip Prindeville
Provide a set of new timers that return the time intervals using integer number of microseconds instead of floats. The new info names are as following: CURLINFO_APPCONNECT_TIME_T CURLINFO_CONNECT_TIME_T CURLINFO_NAMELOOKUP_TIME_T CURLINFO_PRETRANSFER_TIME_T CURLINFO_REDIRECT_TIME_T CURLINFO_STARTTRANSFER_TIME_T CURLINFO_TOTAL_TIME_T Closes #2495