aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-11-24metalink: fix memory-leak and NULL pointer dereferenceDaniel Stenberg
Reported by scan-build Closes #2109
2017-11-10cmake: Correctly include curl.rc in Windows builds (#2064)John Starks
Update CMakeLists.txt to add curl.rc to the correct list.
2017-11-06src/Makefile.m32: fix typo in brotli lib customizationViktor Szakats
Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31
2017-11-05Makefile.m32: allow to customize brotli libsViktor Szakats
It adds the ability to link against static brotli libs. Also fix brotli include path.
2017-11-05Makefile.m32: add brotli supportViktor Szakats
2017-11-05HTTP: implement Brotli content encodingPatrick Monnerat
This uses the brotli external library (https://github.com/google/brotli). Brotli becomes a feature: additional curl_version_info() bit and structure fields are provided for it and CURLVERSION_NOW bumped. Tests 314 and 315 check Brotli content unencoding with correct and erroneous data. Some tests are updated to accomodate with the now configuration dependent parameters of the Accept-Encoding header.
2017-11-04curl: speed up handling of many URLsDaniel Stenberg
By properly keeping track of the last entry in the list of URLs/uploads to handle, curl now avoids many meaningless traverses of the list which speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K URLs). Added test 1291, to verify that it doesn't take ages - but we don't have any detection of "too slow" command in the test suite. Reported-by: arainchik on github Fixes #1959 Closes #2052
2017-11-04curl: pass through [] in URLs instead of calling globbing errorDaniel Stenberg
Assisted-by: Per Lundberg Fixes #2044 Closes #2046 Closes #2048
2017-10-30mkhelp.pl: support reproducible buildJuro Bystricky
Do not generate line with the current date, such as: * Generation time: Tue Oct-24 18:01:41 2017 This will improve reproducibility. The generated string is only part of a comment, so there should be no adverse consequences. Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> closes #2026
2017-10-29cli tool: improve ";type=" handling in -F option argumentsPatrick Monnerat
2017-10-29cli tool: in -F option arg, comma is a delimiter for files onlyPatrick Monnerat
Also upgrade test 1133 to cover this case and clarify man page about form data quoting. Bug: https://github.com/curl/curl/issues/2022 Reported-By: omau on github
2017-10-28cmake: Export libcurl and curl targets to use by other cmake projectsJakub Zakrzewski
The config files define curl and libcurl targets as imported targets CURL::curl and CURL::libcurl. For backward compatibility with CMake- provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are also set. Closes #1879
2017-10-15makefile.m32: allow to override gcc, ar and ranlibViktor Szakats
Allow to ovverride certain build tools, making it possible to use LLVM/Clang to build curl. The default behavior is unchanged. To build with clang (as offered by MSYS2), these settings can be used: CURL_CC=clang CURL_AR=llvm-ar CURL_RANLIB=llvm-ranlib Closes https://github.com/curl/curl/pull/1993
2017-10-12cli tool: use file2memory() to buffer stdin in -F option.Patrick Monnerat
Closes PR https://github.com/curl/curl/pull/1985
2017-10-12cli tool: reimplement stdin buffering in -F option.Patrick Monnerat
If stdin is not a regular file, its content is memory-buffered to enable a possible data "rewind". In all cases, stdin data size is determined before real use to avoid having an unknown part's size. --libcurl generated code is left as an unbuffered stdin fread/fseek callback part with unknown data size. Buffering is not supported in deprecated curl_formadd() API.
2017-10-09curl: don't pass semicolons when parsing Content-DispositionKristiyan Tsaklev
Test 1422 updated to verify. Closes #1964
2017-09-30Set and use more necessary options when some protocols are disabledDan Fandrich
When curl and libcurl are built with some protocols disabled, they stop setting and receiving some options that don't make sense with those protocols. In particular, when HTTP is disabled many options aren't set that are used only by HTTP. However, some options that appear to be HTTP-only are actually used by other protocols as well (some despite having HTTP in the name) and should be set, but weren't. This change now causes some of these options to be set and used for more (or for all) protocols. In particular, this fixes tests 646 through 649 in an HTTP-disabled build, which use the MIME API in the mail protocols.
2017-09-22metalink: fix NSS issue in MultiSSL buildsViktor Szakats
In MultiSSL mode (i.e. when more than one SSL backend is compiled in), we cannot use the compile time flag `USE_NSS` as indicator that the NSS backend is in use. As far as Metalink is concerned, the SSL backend is only used for MD5, SHA-1 and SHA-256 calculations, therefore one of the available SSL backends is selected at compile time, in a strict order of preference. Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used to determine whether the SSL backend used for Metalink is the NSS backend, and use that to guard the code that wants to de-initialize the NSS-specific data structure. Ref: https://github.com/curl/curl/pull/1848
2017-09-22form/mime: field names are not allowed to contain zero-valued bytes.Patrick Monnerat
Also suppress length argument of curl_mime_name() (names are always zero-terminated).
2017-09-20curl: check fseek() return code and bail on errorDaniel Stenberg
Detected by coverity. CID 1418137.
2017-09-18curl: make str2udouble not return values on errorDaniel Stenberg
... previously it would store a return value even when it returned error, which could make the value get used anyway! Reported-by: Brian Carpenter Closes #1893
2017-09-11code style: use spaces around plusesDaniel Stenberg
2017-09-11code style: use spaces around equals signsDaniel Stenberg
2017-09-06mime: drop internal FILE * support.Patrick Monnerat
- The part kind MIMEKIND_FILE and associated code are suppressed. - Seek data origin offset not used anymore: suppressed. - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions renamed accordingly. - Curl_getformdata() processes stdin via a callback.
2017-09-05mime: implement encoders.Patrick Monnerat
curl_mime_encoder() is operational and documented. curl tool -F option is extended with ";encoder=". curl tool --libcurl option generates calls to curl_mime_encoder(). New encoder tests 648 & 649. Test 1404 extended with an encoder specification.
2017-09-03mime: fix signed/unsigned conversions.Patrick Monnerat
Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
2017-09-03tool_formparse: fix some trivial warningsJay Satiro
2017-09-03mime: use size_t instead of ssize_t in public API interface.Patrick Monnerat
To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED has been introduced. Documentation updated accordingly. symbols in versions updated. Added form API symbols deprecation info.
2017-09-03mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().Patrick Monnerat
This feature is badly supported in Windows: as a replacement, a caller has to use curl_mime_data_cb() with fread, fseek and possibly fclose callbacks to process opened files. The cli tool and documentation are updated accordingly. The feature is however kept internally for form API compatibility, with the known caveats it always had. As a side effect, stdin size is not determined by the cli tool even if possible and this results in a chunked transfer encoding. Test 173 is updated accordingly.
2017-09-03mime: fix some implicit curl_off_t --> size_t conversion warnings.Patrick Monnerat
2017-09-02mime: use in curl cli tool instead of form API.Patrick Monnerat
Extended -F option syntax to support multipart mail messages. -F keyword headers= added to include custom headers in parts. Documentation upgraded.
2017-08-30makefile.m32: add multissl supportViktor Szakats
Closes https://github.com/curl/curl/pull/1840
2017-08-28version: add the CURL_VERSION_MULTI_SSL feature flagJohannes Schindelin
This new feature flag reports When cURL was built with multiple SSL backends. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28metalink: allow compiling with multiple SSL backendsJohannes Schindelin
Previously, the code assumed that at most one of the SSL backends would be compiled in, emulating OpenSSL's functions if the configured backend was not OpenSSL itself. However, now we allow building with multiple SSL backends and choosing one at runtime. Therefore, metalink needs to be adjusted to handle this scenario, too. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-22curl: shorten and clean up CA cert verification error messageDaniel Stenberg
The previous message was just too long for ordinary people and it was encouraging users to use `--insecure` a little too easy. Based-on-work-by: Frank Denis Closes #1810 Closes #1817
2017-08-22tool_main: turn off MinGW CRT's globbingMarcel Raad
By default, the MinGW CRT globs command-line arguments. This prevents getting a single asterisk into an argument as test 1299 does. Turn off globbing by setting the global variable _CRT_glob to 0 for MinGW. Fixes https://github.com/curl/curl/issues/1751 Closes https://github.com/curl/curl/pull/1813
2017-08-22makefile.m32: add support for libidn2Viktor Szakats
libidn was replaced with libidn2 last year in configure. Caveat: libidn2 may depend on a list of further libs. These can be manually specified via CURL_LDFLAG_EXTRAS. Closes https://github.com/curl/curl/pull/1815
2017-08-18metalink: adjust source code styleJohannes Schindelin
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-17CURL_SIZEOF_LONG: removed, use only SIZEOF_LONGDaniel Stenberg
2017-08-17system.h: remove all CURL_SIZEOF_* definesDaniel Stenberg
... as they're not used externally and internally we check for the sizes already in configure etc. Closes #1767
2017-08-17ssh: add the ability to enable compression (for SCP/SFTP)Viktor Szakats
The required low-level logic was already available as part of `libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1] option.) This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION` (boolean) and the new `curl` command-line option `--compressed-ssh` to request this `libssh2` feature. To have compression enabled, it is required that the SSH server supports a (zlib) compatible compression method and that `libssh2` was built with `zlib` support enabled. [1] https://www.libssh2.org/libssh2_session_flag.html Ref: https://github.com/curl/curl/issues/1732 Closes https://github.com/curl/curl/pull/1735
2017-08-15zsh.pl: produce a working completion script againKamil Dudka
Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to produce a broken completion script: % curl --<TAB> _curl:10: no such file or directory: seconds Closes #1779
2017-08-14strtoofft: reduce integer overflow risks globallyDaniel Stenberg
... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
2017-08-10mkhelp.pl: allow executing this script directlyJay Satiro
- Enable execute permission (chmod +x) - Change interpreter to /usr/bin/env perl Ref: https://github.com/curl/curl/issues/1743
2017-08-10metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ insteadDaniel Stenberg
2017-08-09curl: do bounds check using a double comparisonAdam Sampson
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't complete: if the parsed number in num is larger than will fit in a long, the conversion is undefined behaviour (causing test1427 to fail for me on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting rid of the cast means the comparison will be done using doubles. It might make more sense for the max argument to also be a double... Fixes #1750 Closes #1749
2017-08-08docs/comments: Update to secure URL versionsViktor Szakats
Closes #1741
2017-08-07curl: detect and bail out early on parameter integer overflowsDaniel Stenberg
Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
2017-08-07glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg
Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
2017-08-05getparameter: avoid returning uninitialized 'usedarg'Daniel Stenberg
Fixes #1728