aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2018-10-30voutf: fix bad arethmetic when outputting warnings to stderrDaniel Stenberg
CVE-2018-16842 Reported-by: Brian Carpenter Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
2018-10-27Makefile: add 'tidy' target that runs clang-tidyDaniel Stenberg
Available in the root, src and lib dirs. Closes #3163
2018-10-26tool_main: make TerminalSettings staticDaniel Stenberg
Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819 Closes #3161
2018-10-17tool_cb_hdr: handle failure of rename()Kamil Dudka
Detected by Coverity. Closes #3140 Reviewed-by: Jay Satiro
2018-10-09Windows: fixes for MinGW targeting Windows VistaMarcel Raad
Classic MinGW has neither InitializeCriticalSectionEx nor GetTickCount64, independent of the target Windows version. Closes https://github.com/curl/curl/pull/3113
2018-10-08spelling fixes [ci skip]Viktor Szakats
as detected by codespell 1.14.0 Closes https://github.com/curl/curl/pull/3114 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-10-08FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER outputDaniel Stenberg
Now FILE transfers send headers to the header callback like HTTP and other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...) work for FILE in the callbacks. Makes "curl -i file://.." and "curl -I file://.." work like before again. Applied the bold header logic to them too. Regression from c1c2762 (7.61.0) Reported-by: Shaun Jackman Fixes #3083 Closes #3101
2018-10-01CMake: Improve config installationRuslan Baratov
Use 'GNUInstallDirs' standard module to set destinations of installed files. Use uppercase "CURL" names instead of lowercase "curl" to match standard 'FindCURL.cmake' CMake module: * https://cmake.org/cmake/help/latest/module/FindCURL.html Meaning: * Install 'CURLConfig.cmake' instead of 'curl-config.cmake' * User should call 'find_package(CURL)' instead of 'find_package(curl)' Use 'configure_package_config_file' function to generate 'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template file smaller and handle components better. E.g. current configuration report no error if user specified unknown components (note: new configuration expects no components, report error if user will try to specify any). Closes https://github.com/curl/curl/pull/2849
2018-09-29curl: enabled Windows VT Support and UTF-8 outputRich Turner
Enabled Console VT support (if running OS supports VT) in tool_main.c. Fixes #3008 Closes #3011
2018-09-23whitespace fixesViktor Szakats
- replace tabs with spaces where possible - remove line ending spaces - remove double/triple newlines at EOF - fix a non-UTF-8 character - cleanup a few indentations/line continuations in manual examples Closes https://github.com/curl/curl/pull/3037
2018-09-22URL and mailmap updates, remove an obsolete directory [ci skip]Viktor Szakats
Closes https://github.com/curl/curl/pull/3031
2018-09-16curl: update --tlsv* descriptions in --help outputSi
Closes #2994
2018-09-13urlglob: improve error messageDaniel Stenberg
to help user understand what the problem is Reported-by: Daniel Shahaf Fixes #2763 Closes #2977
2018-09-10misc: fix typos in commentsDaniel Gustafsson
Closes #2963
2018-09-06curl: --doh-url addedDaniel Stenberg
2018-09-03tool_operate: Add http code 408 to transient list for --retryJay Satiro
- Treat 408 request timeout as transient so that curl will retry the request if --retry was used. Closes #2925
2018-08-31tool_operate: Fix setting proxy TLS 1.3 ciphersJay Satiro
2018-08-25curl: fix time-of-check, time-of-use race in dir creationDaniel Stenberg
Patch-by: Jay Satiro Detected by Coverity Fixes #2739 Closes #2912
2018-08-21curl-compilers: enable -Wimplicit-fallthrough=4 for GCCMarcel Raad
This enables level 4 instead of the default level 3, which of the currently used comments only allows /* FALLTHROUGH */ to silence the warning. Closes https://github.com/curl/curl/pull/2747
2018-08-21curl-compilers: enable -Wbad-function-cast on GCCMarcel Raad
This warning used to be enabled only for clang as it's a bit stricter on GCC. Silence the remaining occurrences and enable it on GCC too. Closes https://github.com/curl/curl/pull/2747
2018-08-21Remove unused definitionsMarcel Raad
Closes https://github.com/curl/curl/pull/2747
2018-08-15curl: warn the user if a given file name looks like an optionDaniel Stenberg
... simply because this is usually a sign of the user having omitted the file name and the next option is instead "eaten" by the parser as a file name. Add test1268 to verify Closes #2885
2018-08-11GCC: silence -Wcast-function-type uniformlyMarcel Raad
Pointed-out-by: Rikard Falkeborn Closes https://github.com/curl/curl/pull/2860
2018-08-08ssl: set engine implicitly when a PKCS#11 URI is providedAnderson Toshiyuki Sasaki
This allows the use of PKCS#11 URI for certificates and keys without setting the corresponding type as "ENG" and the engine as "pkcs11" explicitly. If a PKCS#11 URI is provided for certificate, key, proxy_certificate or proxy_key, the corresponding type is set as "ENG" if not provided and the engine is set to "pkcs11" if not provided. Acked-by: Nikos Mavrogiannopoulos Closes #2333
2018-07-31curl: use Content-Disposition before the "URL end" for -OJDaniel Stenberg
Regression introduced in 7.61.0 Reported-by: Thomas Klausner Fixes #2783 Closes #2813
2018-07-28curl: Fix segfault when -H @headerfile is emptyTobias Blomberg
The curl binary would crash if the -H command line option was given a filename to read using the @filename syntax but that file was empty. Closes #2797
2018-07-17CMake: Update scripts to use consistent styleRuslan Baratov
Closes #2727 Reviewed-by: Sergei Nikulov
2018-07-17header output: switch off all styles, not just unboldDaniel Stenberg
... the "unbold" sequence doesn't work on the mac Terminal. Reported-by: Zero King Fixes #2736 Closes #2738
2018-06-11cppcheck: fix warningsMarian Klymov
- Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
2018-06-03spelling fixesViktor Szakats
Detected using the `codespell` tool (version 1.13.0). Also secure and fix an URL.
2018-06-02build: remove the Borland specific makefilesDaniel Stenberg
According to the user survey 2018, not even one out of 670 users use them. Nobody on the mailing list spoke up for them either. Closes #2629
2018-05-31option: disallow username in URLBjörn Stenberg
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340
2018-05-30curl.rc: embed manifest for correct Windows version detectionViktor Szakats
* enable it in `src/Makefile.m32` * enable it in `winbuild/MakefileBuild.vc` if a custom manifest is _not_ enabled via the existing `EMBED_MANIFEST` option * enable it for all Windows CMake builds (also disable the built-in minimal manifest, added by CMake by default.) For other build systems, add the `-DCURL_EMBED_MANIFEST` option to the list of RC (Resource Compiler) flags to enable the manifest included in `src/curl.rc`. This may require to disable whatever automatic or other means in which way another manifest is added to `curl.exe`. Notice that Borland C doesn't support this method due to a long-pending resource compiler bug. Watcom C may also not handle it correctly when the `-zm` `wrc` option is used (this option may be unnecessary though) and regardless of options in certain earlier revisions of the 2.0 beta version. Closes https://github.com/curl/curl/pull/1221 Fixes https://github.com/curl/curl/issues/2591
2018-05-29setopt: add TLS 1.3 ciphersuitesDaniel Stenberg
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. curl: added --tls13-ciphers and --proxy-tls13-ciphers Fixes #2435 Reported-by: zzq1015 on github Closes #2607
2018-05-24httpauth: add support for Bearer tokensLinus Lewandowski
Closes #2102
2018-05-24cmake: set -d postfix for debug builds if not specifiedSergei Nikulov
using -DCMAKE_DEBUG_POSTFIX explicitly fixes #2121, obsoletes #2384
2018-05-21checksrc: make sure sizeof() is used *with* parenthesesDaniel Stenberg
... and unify the source code to adhere. Closes #2563
2018-05-21curl: added --styled-outputDaniel Stenberg
It is enabled by default, so --no-styled-output will switch off the detection/use of bold headers. Closes #2538
2018-05-21curl: show headers in boldDaniel Stenberg
The feature is only enabled if the output is believed to be a tty. -J: There's some minor differences and improvements in -J handling, as now J should work with -i and it actually creates a file first using the initial name and then *renames* that to the one found in Content-Disposition (if any). -i: only shows headers for HTTP transfers now (as documented). Previously it would also show for pieces of the transfer that were HTTP (for example when doing FTP over a HTTP proxy). -i: now shows trailers as well. Previously they were not shown at all. --libcurl: the CURLOPT_HEADER is no longer set, as the header output is now done in the header callback.
2018-05-18checksrc: fix too long lineDaniel Stenberg
follow-up to e05ad5d
2018-05-18docs: mention HAproxy protocol "version 1"Aleks
...as there's also a version 2. Closes #2579
2018-05-14gcc: disable picky gcc-8 function pointer warnings in two placesDaniel Stenberg
Reported-by: Rikard Falkeborn Bug: #2560 Closes #2569
2018-05-14tool: Fix format specifiersRikard Falkeborn
2018-04-27checksrc: force indentation of lines after an elseDaniel Gustafsson
This extends the INDENTATION case to also handle 'else' statements and require proper indentation on the following line. Also fixes the offending cases found in the codebase. Closes #2532
2018-04-21tool_help: clarify --max-time unit of time is secondsJay Satiro
Before: -m, --max-time <time> Maximum time allowed for the transfer After: -m, --max-time <seconds> Maximum time allowed for the transfer
2018-04-18schannel: add support for CURLOPT_CAINFODan McNulty
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
2018-04-15all: Refactor malloc+memset to use callocDaniel Gustafsson
When a zeroed out allocation is required, use calloc() rather than malloc() followed by an explicit memset(). The result will be the same, but using calloc() everywhere increases consistency in the codebase and avoids the risk of subtle bugs when code is injected between malloc and memset by accident. Closes https://github.com/curl/curl/pull/2497
2018-04-07tool_operate: Fix retry on FTP 4xx to ignore other protocolsStefan Agner
Only treat response code as FTP response codes in case the protocol type is FTP. This fixes an issue where an HTTP download was treated as FTP in case libcurl returned with 33. This happens when the download has already finished and the server responses 416: HTTP/1.1 416 Requested Range Not Satisfiable This should not be treated as an FTP error. Fixes #2464 Closes #2465
2018-03-17CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews
Add --haproxy-protocol for the command line tool Closes #2162
2018-03-16cleanup: misc typos in strings and commentsluz.paz
Found via `codespell` Closes #2389