aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-08-08docs/comments: Update to secure URL versionsViktor Szakats
Closes #1741
2017-08-07curl: detect and bail out early on parameter integer overflowsDaniel Stenberg
Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
2017-08-07glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg
Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
2017-08-05getparameter: avoid returning uninitialized 'usedarg'Daniel Stenberg
Fixes #1728
2017-07-29tool_help: clarify --include is only for response headersJay Satiro
Follow-up to 171f8de. Ref: https://github.com/curl/curl/issues/1704
2017-07-10make: fix docs build on OpenBSDRyan Winograd
Ref: #1591
2017-07-10curl_setup_once: Remove ERRNO/SET_ERRNO macrosJay Satiro
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError for Win32 and regular errno otherwise. I reviewed the code and found no justifiable reason for conflating errno on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno, and any Win32 multithreaded CRT supports thread-local errno. Fixes https://github.com/curl/curl/issues/895 Closes https://github.com/curl/curl/pull/1589
2017-07-09tool_getparam: fix potentially uninitialized errJay Satiro
2017-07-09tool_cb_wrt: fix variable shadowing warningMarcel Raad
GCC 4.4 complains: tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global declaration /usr/include/unistd.h:782: error: shadowed declaration is here Fix this by renaming the variable. Closes https://github.com/curl/curl/pull/1661
2017-07-04tool_sleep: typecast to avoid macos compiler warningDaniel Stenberg
tool_sleep.c:54:24: error: implicit conversion loses integer precision: 'long' to '__darwin_suseconds_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
2017-06-30make: build the docs subdir only from within srcDaniel Stenberg
... and don't build at all in include Prompted-by-work-by: Simon Warta Ref: #1590 Closes #1591
2017-06-28curl --socks5-{basic,gssapi}: control socks5 authKamil Dudka
Closes https://github.com/curl/curl/pull/1454
2017-06-26tool_getparam: fix memory leak on test 1147 OOM (torture tests)Jay Satiro
Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872 Reported-by: Dan Fandrich
2017-06-21--request-target: instead of --strip-path-slashDaniel Stenberg
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. This option instead provides the full "alternative" target to use in the request, instead of extracting the path from the URL. Test 1298 and 1299 updated accordingly. Idea-by: Evert Pot Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 Closes #1593
2017-06-19http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASHDaniel Stenberg
... to enable sending "OPTIONS *" which wasn't possible previously. This option currently only works for HTTP. Added test cases 1298 + 1299 to verify Fixes #1280 Closes #1462
2017-06-19automake: use $(MKHELP) variable instead if constant mkhelp.plSimon Warta
this improves symmetry with the rule above
2017-06-19mkhelp.pl: fix script name in usage textSimon Warta
2017-06-17tool_wrte_cb: remove check for config == NULLDaniel Stenberg
... as it really cannot have reached this far with config being NULL, thus this is unnecesary and misleading. Bug: https://news.ycombinator.com/item?id=14577585 and https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356 Forwarded-to-us-by: Jakub Wilk
2017-06-16curl: prevent binary output spewed to terminalDaniel Stenberg
... unless "--output -" is used. Binary detection is done by simply checking for a binary zero in early data. Added test 1425 1426 to verify. Closes #1512
2017-06-16Makefile.m32: enable -W for MinGW32 buildMarcel Raad
The configure-based build also has this in addition to -Wall. Closes https://github.com/curl/curl/pull/1578
2017-06-15curl: allow --header and --proxy-header read from fileDaniel Stenberg
So many headers can be provided as @filename. Suggested-by: Timothe Litt Closes #1486
2017-06-14includes: remove curl/curlbuild.h and curl/curlrules.hDaniel Stenberg
Rely entirely on curl/system.h now. Introduced in Aug 2008 with commit 14240e9e109f. Now gone. Fixes #1456
2017-06-13urlglob: fix division by zeroDaniel Stenberg
The multiply() function that is used to avoid integer overflows, was itself reason for a possible division by zero error when passed a specially formatted glob. Reported-by: GwanYeong Kim
2017-06-11FindWin32CACert: Use a temporary buffer on the stackMichael Kaufmann
Don't malloc() the temporary buffer, and use the correct type: SearchPath() works with TCHAR, but SearchPathA() works with char. Set the buffer size to MAX_PATH, because the terminating null byte is already included in MAX_PATH. Reviewed-by: Daniel Stenberg Reviewed-by: Marcel Raad Closes #1548
2017-06-07metalink: remove unused printf() argumentDaniel Stenberg
2017-06-03tool_util: remove unused tvdiff_secs and remove tool_ prefixDaniel Stenberg
Closes #1532
2017-06-02build: provide easy code coverage measuringDaniel Stenberg
Closes #1528
2017-05-24time: fix type conversions and compiler warningsMichael Kaufmann
Fix bugs and compiler warnings on systems with 32-bit long and 64-bit time_t. Reviewed-by: Daniel Stenberg Closes #1499
2017-05-17mkhelp.pl: do not add current time into curl binaryBernhard M. Wiedemann
... as part of hugehelpgz rodata to make build reproducible. See https://reproducible-builds.org/ for why this is good Closes #1490
2017-05-14curl: show the libcurl release date in --version outputDaniel Stenberg
... and support and additional "security patched" date for those who enhance older versions that way. Pass on the define CURL_PATCHSTAMP with a date for that. Building with non-release headers shows the date as [unreleased]. Also: this changes the date format generated in the curlver.h file to be "YYYY-MM-DD" (no name of the day or month, no time, no time zone) to make it easier on the eye and easier to parse. Example (new) date string: 2017-05-09 Suggested-by: Brian Childs Closes #1474
2017-05-09tool: fix remaining -Wcast-qual warningsMarcel Raad
Avoid casting away low-level const.
2017-05-08curl: generate the --help outputDaniel Stenberg
... using the docs/cmdline-opts/gen.pl script, so that we get all the command line option documentation from the same source. The generation of the list has to be done manually and pasted into the source code. Closes #1465
2017-05-08tool_msgs: remove wrong castMarcel Raad
Commit 481e0de00a9003b9c5220b120e3fc302d9b0932d changed the variable type from int to size_t, so don't cast the result of strlen to int anymore.
2017-05-07tool_parsecfg: fix -Wcast-qual warningMarcel Raad
Don't convert string literal to char * before assigning it to const char *.
2017-05-06curl: remove tool_writeenv.[ch]Daniel Stenberg
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS support and its platform specific behavior has been annoying ever since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since then. Most probably not actually used for years. Closes #1463
2017-05-04curl: fix warning "comma at end of enumerator list"Daniel Stenberg
2017-05-02curl: non-boolean command line args reject --no- prefixesDaniel Stenberg
... and instead properly respond with an error message to the user instead of silently ignoring. Fixes #1453 Closes #1458
2017-05-01tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONSJay Satiro
- Include tool_convert.h where needed. Bug: https://github.com/curl/curl/issues/1460 Reported-by: Gisle Vanem
2017-05-01tool_cb_prg: fix double-promotion warningMarcel Raad
clang complains: tool_cb_prg.c:86:22: error: implicit conversion increases floating-point precision: 'float' to 'double' [-Werror,-Wdouble-promotion] Fix this by using a double instead of a float constant.
2017-04-27tool_operate: use utimes instead of obsolescent utime when availableDan Fandrich
2017-04-25curl: set a 100K buffer size by defaultDaniel Stenberg
Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian Linux. Before (middle performing run out 9): real 0m28.078s user 0m11.240s sys 0m12.876s After (middle performing run out 9) real 0m26.356s (93.9%) user 0m5.324s (47.4%) sys 0m8.368s (65.0%) Also, doing SFTP over a 200 millsecond latency link is now about 6 times faster. Closes #1446
2017-04-24Makefile: avoid use of GNU-specific form of $<Dan Fandrich
$< is only allowed in implicit rules in some non-GNU makes (e.g. BSD, AIX) so avoid use elsewhere by referencing the dependent curl.1 file directly instead. This is somewhat tricky because the file is supplied in the packaged tar ball (but not in git) but must still be able to be rebuilt when its dependencies change. The right thing must happen in both tar ball and git source trees, as well as in both in-tree and out-of-tree builds.
2017-04-20Revert "src/Makefile.am: avoid explicit $<"Daniel Stenberg
This reverts commit 5b4cbcf11d5100ff793a8e9edbaa6fe1fc7495f5. Since it broke out-of-tree builds from tarballs. See discussion in #1432
2017-04-19src/Makefile.am: avoid explicit $<Daniel Stenberg
... since apparently "BSD make" doesn't support it. Reported-by: Thomas Klausner Fixes #1432
2017-04-11poll: prefer <poll.h> over <sys/poll.h>Marcel Raad
The POSIX standard location is <poll.h>. Using <sys/poll.h> results in warning spam when using the musl standard library. Closes https://github.com/curl/curl/pull/1406
2017-04-05tool_operate: fix MinGW compiler warningMarcel Raad
MinGW complains: tool_operate.c:197:15: error: comparison is always true due to limited range of data type [-Werror=type-limits] Fix this by only doing the comparison if 'long' is large enough to hold the constant it is compared with. Closes https://github.com/curl/curl/pull/1378
2017-04-05tool_operate: move filetime code to its own functionMarcel Raad
Ref: https://github.com/curl/curl/pull/1378
2017-04-04tool: fix Windows Unicode buildMarcel Raad
... by explicitly calling the ANSI versions of Windows API functions where required.
2017-03-30curl: fix callback functions to match prototypeHanno Böck
The function tool_debug_cb doesn't match curl_debug_callback in curl.h (unsigned vs. signed char* for 3rd param). Bug: https://curl.haxx.se/mail/lib-2017-03/0120.html
2017-03-30gcc7: fix ‘*’ in boolean context, suggest ‘&&’ instead ↵Alexis La Goutte
[-Wint-in-bool-context] Closes #1371