]> granicus.if.org Git - curl/log
curl
7 years agocurl-config: add --ssl-backends
Daniel Stenberg [Thu, 30 Nov 2017 07:57:36 +0000 (08:57 +0100)]
curl-config: add --ssl-backends

Lists all SSL backends that were enabled at build-time.

Suggested-by: Oleg Pudeyev
Fixes #2128

7 years agoconncache: only allow multiplexing within same multi handle
Daniel Stenberg [Tue, 5 Dec 2017 07:39:31 +0000 (08:39 +0100)]
conncache: only allow multiplexing within same multi handle

Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing
only get additional transfers added to them if the existing connection
is held by the same multi or easy handle. libcurl does not support doing
HTTP/2 streams in different threads using a shared connection.

Closes #2152

7 years agothreaded-shared-conn.c: fixed typo in commenta
Daniel Stenberg [Tue, 5 Dec 2017 22:35:08 +0000 (23:35 +0100)]
threaded-shared-conn.c: fixed typo in commenta

7 years agothreaded-shared-conn.c: new example
Daniel Stenberg [Tue, 5 Dec 2017 22:31:47 +0000 (23:31 +0100)]
threaded-shared-conn.c: new example

7 years agoconncache: fix several lock issues
Daniel Stenberg [Sat, 2 Dec 2017 13:27:00 +0000 (14:27 +0100)]
conncache: fix several lock issues

If the lock is released before the dealings with the bundle is over, it may
have changed by another thread in the mean time.

Fixes #2132
Fixes #2151
Closes #2139

7 years agolibssh: remove dead code in sftp_qoute
Daniel Stenberg [Tue, 5 Dec 2017 08:14:04 +0000 (09:14 +0100)]
libssh: remove dead code in sftp_qoute

... by removing a superfluous NULL pointer check that also confuses
Coverity.

Fixes #2143
Closes #2153

7 years agosasl_getmesssage: make sure we have a long enough string to pass
Daniel Stenberg [Thu, 30 Nov 2017 23:45:46 +0000 (00:45 +0100)]
sasl_getmesssage: make sure we have a long enough string to pass

For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.

For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.

Closes #2150

7 years agolibssh2: remove dead code from SSH_SFTP_QUOTE
Daniel Stenberg [Mon, 4 Dec 2017 08:00:34 +0000 (09:00 +0100)]
libssh2: remove dead code from SSH_SFTP_QUOTE

Figured out while reviewing code in the libssh backend. The pointer was
checked for NULL after having been dereferenced, so we know it would
always equal true or it would've crashed.

Pointed-out-by: Nikos Mavrogiannopoulos
Bug #2143
Closes #2148

7 years agossh-libssh.c: please checksrc
Daniel Stenberg [Mon, 4 Dec 2017 09:48:01 +0000 (10:48 +0100)]
ssh-libssh.c: please checksrc

7 years agolibssh: fixed dereference in statvfs access
Nikos Mavrogiannopoulos [Mon, 4 Dec 2017 08:24:06 +0000 (09:24 +0100)]
libssh: fixed dereference in statvfs access

The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS
handling fails.

Fixes #2142

7 years agoRESOURCES: update spec names
Guitared [Sun, 3 Dec 2017 12:46:44 +0000 (19:46 +0700)]
RESOURCES: update spec names

Closes #2145

7 years agolibssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
Nikos Mavrogiannopoulos [Sun, 3 Dec 2017 11:05:45 +0000 (12:05 +0100)]
libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS

The previous code was incorrectly following the libssh2 error detection
for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs.

Fixes #2142

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh: no need to call sftp_get_error as ssh_get_error is sufficient
Nikos Mavrogiannopoulos [Sun, 3 Dec 2017 10:58:27 +0000 (11:58 +0100)]
libssh: no need to call sftp_get_error as ssh_get_error is sufficient

Fixes #2141

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh: fix minor static code analyzer nits
Daniel Stenberg [Sat, 2 Dec 2017 22:27:22 +0000 (23:27 +0100)]
libssh: fix minor static code analyzer nits

- remove superfluous NULL check which otherwise tricks the static code
analyzers to assume NULL pointer dereferences.

- fix fallthrough in switch()

- indent mistake

7 years agoopenssl: pkcs12 is supported by boringssl
Daniel Stenberg [Fri, 1 Dec 2017 09:17:50 +0000 (10:17 +0100)]
openssl: pkcs12 is supported by boringssl

Removes another #ifdef for BoringSSL

Pointed-out-by: David Benjamin
Closes #2134

7 years agotravis: use pip2 instead of pip
Jay Satiro [Fri, 1 Dec 2017 08:03:26 +0000 (03:03 -0500)]
travis: use pip2 instead of pip

.. since now mac osx image expects pip2 or pip3, and doesn't know pip:

0.01s$ pip install --user cpp-coveralls
/Users/travis/.travis/job_stages: line 57: pip: command not found

Ref: https://github.com/travis-ci/travis-ci/issues/8829

Closes https://github.com/curl/curl/pull/2133

7 years agolib582: do not verify host for SFTP
Nikos Mavrogiannopoulos [Tue, 14 Nov 2017 18:11:59 +0000 (19:11 +0100)]
lib582: do not verify host for SFTP

This SFTP test fails with libssh back-end due to failure to verify
the peer. Disable peer verification in the test as there seems to
be the intention of the test.

Note that the libssh back-end automatically verifies the peer's
host using the default known_hosts file.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh: added SFTP support
Nikos Mavrogiannopoulos [Tue, 31 Oct 2017 17:30:36 +0000 (18:30 +0100)]
libssh: added SFTP support

The SFTP back-end supports asynchronous reading only, limited
to 32-bit file length. Writing is synchronous with no other
limitations.

This also brings keyboard-interactive authentication.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agosymbols-in-versions: added new symbols with 7.56.3 version
Nikos Mavrogiannopoulos [Sun, 5 Nov 2017 08:59:38 +0000 (09:59 +0100)]
symbols-in-versions: added new symbols with 7.56.3 version

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years ago.travis.yml: added build --with-libssh
Nikos Mavrogiannopoulos [Tue, 31 Oct 2017 07:44:24 +0000 (08:44 +0100)]
.travis.yml: added build --with-libssh

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
7 years agolibssh2: return CURLE_UPLOAD_FAILED on failure to upload
Nikos Mavrogiannopoulos [Sun, 5 Nov 2017 14:06:30 +0000 (15:06 +0100)]
libssh2: return CURLE_UPLOAD_FAILED on failure to upload

This brings its in sync with the error code returned by the
libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh2: send the correct CURLE error code on scp file not found
Nikos Mavrogiannopoulos [Thu, 26 Oct 2017 09:08:43 +0000 (11:08 +0200)]
libssh2: send the correct CURLE error code on scp file not found

That also updates tests to expect the right error code

libssh2 back-end returns CURLE_SSH error if the remote file
is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
which is sent by the libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
7 years agoAdded support for libssh SSH SCP back-end
Nikos Mavrogiannopoulos [Mon, 23 Oct 2017 11:49:23 +0000 (13:49 +0200)]
Added support for libssh SSH SCP back-end

libssh is an alternative library to libssh2.
https://www.libssh.org/

That patch set also introduces support for ECDSA
ed25519 keys, as well as gssapi authentication.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
7 years agoRELEASE-NOTES: synced with af8cc7a69
Daniel Stenberg [Fri, 1 Dec 2017 09:37:05 +0000 (10:37 +0100)]
RELEASE-NOTES: synced with af8cc7a69

7 years agocurlver: towards 7.57.1
Daniel Stenberg [Fri, 1 Dec 2017 09:36:48 +0000 (10:36 +0100)]
curlver: towards 7.57.1

7 years agolib: don't export all symbols, just everything curl_*
W. Mark Kubacki [Wed, 29 Nov 2017 23:43:38 +0000 (00:43 +0100)]
lib: don't export all symbols, just everything curl_*

Absent any 'symbol map' or script to limit what gets exported, static
linking of libraries previously resulted in a libcurl with curl's and
those other symbols being (re-)exported.

This did not happen if 'versioned symbols' were enabled (which is not
the default) because then a version script is employed.

This limits exports to everything starting in 'curl_*'., which is
what "libcurl.vers" exports.

This avoids strange side-effects such as with mixing methods
from system libraries and those erroneously offered by libcurl.

Closes #2127

7 years agoSSL: Avoid magic allocation of SSL backend specific data
Johannes Schindelin [Tue, 28 Nov 2017 00:21:59 +0000 (01:21 +0100)]
SSL: Avoid magic allocation of SSL backend specific data

Originally, my idea was to allocate the two structures (or more
precisely, the connectdata structure and the four SSL backend-specific
strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so
that they all could be free()d together.

However, getting the alignment right is tricky. Too tricky.

So let's just bite the bullet and allocate the SSL backend-specific
data separately.

As a consequence, we now have to be very careful to release the memory
allocated for the SSL backend-specific data whenever we release any
connectdata.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2119

7 years agoexamples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
Daniel Stenberg [Fri, 1 Dec 2017 06:52:24 +0000 (07:52 +0100)]
examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL

Reported-by: Dima Tisnek
7 years agotravis: add boringssl build
Daniel Stenberg [Mon, 27 Nov 2017 18:55:25 +0000 (19:55 +0100)]
travis: add boringssl build

Uses a separate build without --enable-debug and no valgrind.

The debug option causes far too many warnings in boringssl's headers
(C++ comments, trailing commas etc).  Valgrind triggers some false
positive errors in thread-local data used by boringssl.

Closes #2118

7 years agoRELEASE-NOTES: curl 7.57.0 curl-7_57_0
Daniel Stenberg [Sun, 26 Nov 2017 13:30:56 +0000 (14:30 +0100)]
RELEASE-NOTES: curl 7.57.0

7 years agoTHANKS: added contributors from 7.57.0 release
Daniel Stenberg [Sun, 26 Nov 2017 13:37:22 +0000 (14:37 +0100)]
THANKS: added contributors from 7.57.0 release

7 years agoopenssl: fix boringssl build again
Daniel Stenberg [Mon, 27 Nov 2017 18:39:09 +0000 (19:39 +0100)]
openssl: fix boringssl build again

commit d3ab7c5a21e broke the boringssl build since it doesn't have
RSA_flags(), so we disable that code block for boringssl builds.

Reported-by: W. Mark Kubacki
Fixes #2117

7 years agocurl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided
Daniel Stenberg [Mon, 27 Nov 2017 09:40:31 +0000 (10:40 +0100)]
curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided

7 years agolibcurl-share.3: the connection cache is shareable now
Daniel Stenberg [Mon, 27 Nov 2017 08:42:39 +0000 (09:42 +0100)]
libcurl-share.3: the connection cache is shareable now

7 years agoglobal_init: ignore CURL_GLOBAL_SSL's absense
Daniel Stenberg [Thu, 23 Nov 2017 16:02:48 +0000 (17:02 +0100)]
global_init: ignore CURL_GLOBAL_SSL's absense

This bit is no longer used. It is not clear what it meant for users to
"init the TLS" in a world with different TLS backends and since the
introduction of multissl, libcurl didn't properly work if inited without
this bit set.

Not a single user responded to the call for users of it:
https://curl.haxx.se/mail/lib-2017-11/0072.html

Reported-by: Evgeny Grin
Assisted-by: Jay Satiro
Fixes #2089
Fixes #2083
Closes #2107

7 years agontlm: avoid integer overflow for malloc size
Daniel Stenberg [Mon, 6 Nov 2017 22:51:52 +0000 (23:51 +0100)]
ntlm: avoid integer overflow for malloc size

Reported-by: Alex Nichols
Assisted-by: Kamil Dudka and Max Dymond
CVE-2017-8816

Bug: https://curl.haxx.se/docs/adv_2017-11e7.html

7 years agowildcardmatch: fix heap buffer overflow in setcharset
Daniel Stenberg [Fri, 10 Nov 2017 07:52:45 +0000 (08:52 +0100)]
wildcardmatch: fix heap buffer overflow in setcharset

The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.

Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161

CVE-2017-8817

Bug: https://curl.haxx.se/docs/adv_2017-ae72.html

7 years agourl: fix alignment of ssl_backend_data struct
Jay Satiro [Mon, 20 Nov 2017 06:26:19 +0000 (01:26 -0500)]
url: fix alignment of ssl_backend_data struct

- Align the array of ssl_backend_data on a max 32 byte boundary.

8 is likely to be ok but I went with 32 for posterity should one of
the ssl_backend_data structs change to contain a larger sized variable
in the future.

Prior to this change (since dev 70f1db3, release 7.56) the connectdata
structure was undersized by 4 bytes in 32-bit builds with ssl enabled
because long long * was mistakenly used for alignment instead of
long long, with the intention being an 8 byte boundary. Also long long
may not be an available type.

The undersized connectdata could lead to oob read/write past the end in
what was expected to be the last 4 bytes of the connection's secondary
socket https proxy ssl_backend_data struct (the secondary socket in a
connection is used by ftp, others?).

Closes https://github.com/curl/curl/issues/2093

CVE-2017-8818

Bug: https://curl.haxx.se/docs/adv_2017-af0a.html

7 years agossh: remove check for a NULL pointer (!)
Daniel Stenberg [Fri, 24 Nov 2017 23:33:59 +0000 (00:33 +0100)]
ssh: remove check for a NULL pointer (!)

With this check present, scan-build warns that we might dereference this
point in other places where it isn't first checked for NULL. Thus, if it
*can* be NULL we have a problem on a few places. However, this pointer
should not be possible to be NULL here so I remove the check and thus
also three different scan-build warnings.

Closes #2111

7 years agotest: add test for bad UNC/SMB path in file: URL
Matthew Kerwin [Fri, 24 Nov 2017 12:39:18 +0000 (22:39 +1000)]
test: add test for bad UNC/SMB path in file: URL

7 years agotest: add tests to ensure basic file: URLs
Matthew Kerwin [Fri, 24 Nov 2017 12:08:05 +0000 (22:08 +1000)]
test: add tests to ensure basic file: URLs

7 years agoURL: update "file:" URL handling
Matthew Kerwin [Fri, 24 Nov 2017 11:24:40 +0000 (21:24 +1000)]
URL: update "file:" URL handling

* LOTS of comment updates
* explicit error for SMB shares (e.g. "file:////share/path/file")
* more strict handling of authority (i.e. "//localhost/")
* now accepts dodgy old "C:|" drive letters
* more precise handling of drive letters in and out of Windows
  (especially recognising both "file:c:/" and "file:/c:/")

Closes #2110

7 years agometalink: fix memory-leak and NULL pointer dereference
Daniel Stenberg [Fri, 24 Nov 2017 08:02:54 +0000 (09:02 +0100)]
metalink: fix memory-leak and NULL pointer dereference

Reported by scan-build

Closes #2109

7 years agoconnect: add support for new TCP Fast Open API on Linux
Alessandro Ghedini [Sun, 5 Nov 2017 23:59:55 +0000 (23:59 +0000)]
connect: add support for new TCP Fast Open API on Linux

The new API added in Linux 4.11 only requires setting a socket option
before connecting, without the whole sento() machinery.

Notably, this makes it possible to use TFO with SSL connections on Linux
as well, without the need to mess around with OpenSSL (or whatever other
SSL library) internals.

Closes #2056

7 years agomake: fix "make distclean"
Daniel Stenberg [Thu, 23 Nov 2017 23:49:48 +0000 (00:49 +0100)]
make: fix "make distclean"

Fixes #2097
Closes #2108

7 years agoRELEASE-NOTES: synced with 31f18d272
Daniel Stenberg [Thu, 23 Nov 2017 09:26:52 +0000 (10:26 +0100)]
RELEASE-NOTES: synced with 31f18d272

7 years agoconnect: improve the bind error message
Jay Satiro [Thu, 23 Nov 2017 07:47:26 +0000 (02:47 -0500)]
connect: improve the bind error message

eg consider a non-existent interface eth8, curl --interface eth8

Before: curl: (45) Could not resolve host: eth8
After: curl: (45) Couldn't bind to 'eth8'

Bug: https://github.com/curl/curl/issues/2104
Reported-by: Alfonso Martone
7 years agoexamples/rtsp: clear RANGE again after use
Daniel Stenberg [Thu, 23 Nov 2017 07:06:44 +0000 (08:06 +0100)]
examples/rtsp: clear RANGE again after use

Fixes #2106
Reported-by: youngchopin on github
7 years agotest1264: verify URL with space in host name being rejected
Michael Kaufmann [Mon, 20 Nov 2017 22:48:46 +0000 (23:48 +0100)]
test1264: verify URL with space in host name being rejected

7 years agourl: reject ASCII control characters and space in host names
Daniel Stenberg [Fri, 17 Nov 2017 15:48:37 +0000 (16:48 +0100)]
url: reject ASCII control characters and space in host names

Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.

Updated test 1034 and 1035 accordingly.

Fixes #2073
Closes #2092

7 years agoCurl_open: fix OOM return error correctly
Daniel Stenberg [Mon, 20 Nov 2017 22:16:56 +0000 (23:16 +0100)]
Curl_open: fix OOM return error correctly

Closes #2098

7 years agohttp2: fix "Value stored to 'end' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:13:03 +0000 (23:13 +0100)]
http2: fix "Value stored to 'end' is never read" scan-build error

7 years agohttp2: fix "Value stored to 'hdbuf' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:12:19 +0000 (23:12 +0100)]
http2: fix "Value stored to 'hdbuf' is never read" scan-build error

7 years agoopenssl: fix "Value stored to 'rc' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:10:48 +0000 (23:10 +0100)]
openssl: fix "Value stored to 'rc' is never read" scan-build error

7 years agomime: fix "Value stored to 'sz' is never read" scan-build error
Daniel Stenberg [Mon, 20 Nov 2017 22:08:59 +0000 (23:08 +0100)]
mime: fix "Value stored to 'sz' is never read" scan-build error

7 years agoCurl_llist_remove: fix potential NULL pointer deref
Daniel Stenberg [Mon, 20 Nov 2017 21:59:19 +0000 (22:59 +0100)]
Curl_llist_remove: fix potential NULL pointer deref

Fixes a scan-build warning.

7 years agontlm: remove unnecessary NULL-check to please scan-build
Daniel Stenberg [Mon, 20 Nov 2017 15:14:15 +0000 (16:14 +0100)]
ntlm: remove unnecessary NULL-check to please scan-build

7 years agoBUGS: spellchecked
Daniel Stenberg [Mon, 20 Nov 2017 22:57:57 +0000 (23:57 +0100)]
BUGS: spellchecked

7 years agoexamples/curlx: Fix code style
fmmedeiros [Sat, 18 Nov 2017 18:06:35 +0000 (15:06 -0300)]
examples/curlx: Fix code style

- Add braces around multi-line if statement.

Closes https://github.com/curl/curl/pull/2096

7 years agoresolve: allow IP address within [] brackets
Daniel Stenberg [Fri, 17 Nov 2017 10:21:12 +0000 (11:21 +0100)]
resolve: allow IP address within [] brackets

... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.

Added test 1324 to verify
Reported-by: Alex Malinovich
Fixes #2087
Closes #2091

7 years agomacOS: Fix missing connectx function with Xcode version older than 9.0
Pavol Markovic [Wed, 15 Nov 2017 02:35:14 +0000 (15:35 +1300)]
macOS: Fix missing connectx function with Xcode version older than 9.0

The previous fix https://github.com/curl/curl/pull/1788 worked just for
Xcode 9. This commit extends the fix to older Xcode versions effectively
by not using connectx function.

Fixes https://github.com/curl/curl/issues/1330
Fixes https://github.com/curl/curl/issues/2080
Closes https://github.com/curl/curl/pull/1336
Closes #2082

7 years agoopenssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
Dirk Feytons [Tue, 14 Nov 2017 21:22:47 +0000 (22:22 +0100)]
openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY

Fixes #2079
Closes #2081

7 years agoTODO: ignore private IP addresses in PASV response
Daniel Stenberg [Tue, 14 Nov 2017 22:49:06 +0000 (23:49 +0100)]
TODO: ignore private IP addresses in PASV response

Closes #1455

7 years agoRELEASE-NOTES: synced with ae7369b6d
Daniel Stenberg [Tue, 14 Nov 2017 19:40:37 +0000 (20:40 +0100)]
RELEASE-NOTES: synced with ae7369b6d

7 years agoURL: return error on malformed URLs with junk after IPv6 bracket
Michael Kaufmann [Sun, 12 Nov 2017 12:25:09 +0000 (13:25 +0100)]
URL: return error on malformed URLs with junk after IPv6 bracket

Follow-up to aadb7c7. Verified by new test 1263.

Closes #2072

7 years agoINTERNALS: we may use libidn2 now, not libidn
Daniel Stenberg [Tue, 14 Nov 2017 11:47:04 +0000 (12:47 +0100)]
INTERNALS: we may use libidn2 now, not libidn

7 years agozlib/brotli: only include header files in modules needing them
Patrick Monnerat [Mon, 13 Nov 2017 13:20:41 +0000 (14:20 +0100)]
zlib/brotli: only include header files in modules needing them

There is a conflict on symbol 'free_func' between openssl/crypto.h and
zlib.h on AIX. This is an attempt to resolve it.

Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
Reported-By: Michael Felt
7 years agoSMB: fix uninitialized local variable
Daniel Stenberg [Mon, 13 Nov 2017 07:26:54 +0000 (08:26 +0100)]
SMB: fix uninitialized local variable

Reported-by: Brian Carpenter
7 years agoconnect.c: remove executable bit on file
Orgad Shaneh [Sun, 12 Nov 2017 07:23:17 +0000 (09:23 +0200)]
connect.c: remove executable bit on file

Closes #2071

7 years agoREADME.md: fixed layout
hsiao yi [Sat, 11 Nov 2017 18:16:58 +0000 (13:16 -0500)]
README.md: fixed layout

Closes #2069

7 years agosetopt: split out curl_easy_setopt() to its own file
Daniel Stenberg [Fri, 10 Nov 2017 16:45:54 +0000 (17:45 +0100)]
setopt: split out curl_easy_setopt() to its own file

... to make url.c smaller.

Closes #1944

7 years agocmake: Add missing setmode check
John Starks [Fri, 10 Nov 2017 19:46:41 +0000 (11:46 -0800)]
cmake: Add missing setmode check

Ensure HAVE_SETMODE is set to 1 on OSes that have setmode. Without this,
curl will corrupt binary files when writing them to stdout on Windows.

Closes https://github.com/curl/curl/pull/2067

7 years agocurl_share_setopt: va_end was not called if conncache errors
Daniel Stenberg [Fri, 10 Nov 2017 13:59:19 +0000 (14:59 +0100)]
curl_share_setopt: va_end was not called if conncache errors

CID 984459, detected by Coverity

7 years agocmake: Correctly include curl.rc in Windows builds (#2064)
John Starks [Fri, 10 Nov 2017 10:58:10 +0000 (02:58 -0800)]
cmake: Correctly include curl.rc in Windows builds (#2064)

Update CMakeLists.txt to add curl.rc to the correct list.

7 years agoRELEASE-NOTES: synced with 32828cc4f
Daniel Stenberg [Thu, 9 Nov 2017 22:19:45 +0000 (23:19 +0100)]
RELEASE-NOTES: synced with 32828cc4f

7 years ago--interface: add support for Linux VRF
Luca Boccassi [Thu, 26 Oct 2017 18:42:55 +0000 (19:42 +0100)]
--interface: add support for Linux VRF

The --interface command (CURLOPT_INTERFACE option) already uses
SO_BINDTODEVICE on Linux, but it tries to parse it as an interface or IP
address first, which fails in case the user passes a VRF.

Try to use the socket option immediately and parse it as a fallback
instead.  Update the documentation to mention this feature, and that it
requires the binary to be ran by root or with CAP_NET_RAW capabilities
for this to work.

Closes #2024

7 years agocurl_share_setopt.3: document CURL_LOCK_DATA_CONNECT
Daniel Stenberg [Thu, 9 Nov 2017 10:04:21 +0000 (11:04 +0100)]
curl_share_setopt.3: document CURL_LOCK_DATA_CONNECT

Closes #2043

7 years agoexamples: add shared-connection-cache
Daniel Stenberg [Sat, 4 Nov 2017 16:24:14 +0000 (17:24 +0100)]
examples: add shared-connection-cache

7 years agotest1554: verify connection cache sharing
Daniel Stenberg [Sat, 4 Nov 2017 16:23:32 +0000 (17:23 +0100)]
test1554: verify connection cache sharing

7 years agoshare: add support for sharing the connection cache
Daniel Stenberg [Wed, 1 Nov 2017 22:37:45 +0000 (23:37 +0100)]
share: add support for sharing the connection cache

7 years agoimap: deal with commands case insensitively
Daniel Stenberg [Wed, 8 Nov 2017 23:26:21 +0000 (00:26 +0100)]
imap: deal with commands case insensitively

As documented in RFC 3501 section 9:
https://tools.ietf.org/html/rfc3501#section-9

Closes #2061

7 years agoconnect: store IPv6 connection status after valid connection
Daniel Stenberg [Sat, 4 Nov 2017 12:32:14 +0000 (13:32 +0100)]
connect: store IPv6 connection status after valid connection

... previously it would store it already in the happy eyeballs stage
which could lead to the IPv6 bit being set for an IPv4 connection,
leading to curl not wanting to do EPSV=>PASV for FTP transfers.

Closes #2053

7 years agocurl_multi_fdset.3: emphasize curl_multi_timeout
Daniel Stenberg [Thu, 9 Nov 2017 06:51:11 +0000 (07:51 +0100)]
curl_multi_fdset.3: emphasize curl_multi_timeout

... even when there's no socket to wait for, the timeout can still be
very short.

7 years agocontent_encoding: fix inflate_stream for no bytes available
Jay Satiro [Tue, 7 Nov 2017 05:46:59 +0000 (00:46 -0500)]
content_encoding: fix inflate_stream for no bytes available

- Don't call zlib's inflate() when avail_in stream bytes is 0.

This is a follow up to the parent commit 19e66e5. Prior to that change
libcurl's inflate_stream could call zlib's inflate even when no bytes
were available, causing inflate to return Z_BUF_ERROR, and then
inflate_stream would treat that as a hard error and return
CURLE_BAD_CONTENT_ENCODING.

According to the zlib FAQ, Z_BUF_ERROR is not fatal.

This bug would happen randomly since packet sizes are arbitrary. A test
of 10,000 transfers had 55 fail (ie 0.55%).

Ref: https://zlib.net/zlib_faq.html#faq05

Closes https://github.com/curl/curl/pull/2060

7 years agocontent_encoding: do not write 0 length data
Patrick Monnerat [Tue, 7 Nov 2017 01:38:34 +0000 (02:38 +0100)]
content_encoding: do not write 0 length data

7 years agofnmatch: remove dead code
Daniel Stenberg [Mon, 6 Nov 2017 08:01:53 +0000 (09:01 +0100)]
fnmatch: remove dead code

There was a duplicate check for backslashes in the setcharset()
function.

Coverity CID 1420611

7 years agourl: remove unncessary NULL-check
Daniel Stenberg [Mon, 6 Nov 2017 07:21:30 +0000 (08:21 +0100)]
url: remove unncessary NULL-check

Since 'conn' won't be NULL in there and we also access the pointer in
there without the check.

Coverity CID 1420610

7 years agosrc/Makefile.m32: fix typo in brotli lib customization
Viktor Szakats [Mon, 6 Nov 2017 01:03:49 +0000 (01:03 +0000)]
src/Makefile.m32: fix typo in brotli lib customization

Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31

7 years agoMakefile.m32: allow to customize brotli libs
Viktor Szakats [Sun, 5 Nov 2017 22:56:39 +0000 (22:56 +0000)]
Makefile.m32: allow to customize brotli libs

It adds the ability to link against static brotli libs.

Also fix brotli include path.

7 years agotravis: add a job with brotli enabled
Patrick Monnerat [Sun, 5 Nov 2017 14:38:17 +0000 (15:38 +0100)]
travis: add a job with brotli enabled

7 years agoMakefile.m32: add brotli support
Viktor Szakats [Sun, 5 Nov 2017 14:32:43 +0000 (15:32 +0100)]
Makefile.m32: add brotli support

7 years agoHTTP: implement Brotli content encoding
Patrick Monnerat [Sun, 5 Nov 2017 14:28:16 +0000 (15:28 +0100)]
HTTP: implement Brotli content encoding

This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.

7 years agoHTTP: support multiple Content-Encodings
Patrick Monnerat [Sun, 5 Nov 2017 14:09:48 +0000 (15:09 +0100)]
HTTP: support multiple Content-Encodings

This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.

New test 230 checks this feature.

Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
7 years agourl: remove arg value check from CURLOPT_SSH_AUTH_TYPES
Jay Satiro [Sat, 4 Nov 2017 22:36:07 +0000 (18:36 -0400)]
url: remove arg value check from CURLOPT_SSH_AUTH_TYPES

Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value
check on this option is incorrect; we have to accept any value.

Prior to this change since f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES
erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT.

Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120

7 years agontlm: avoid malloc(0) for zero length passwords
Daniel Stenberg [Sat, 4 Nov 2017 15:42:21 +0000 (16:42 +0100)]
ntlm: avoid malloc(0) for zero length passwords

It triggers an assert() when built with memdebug since malloc(0) may
return NULL *or* a valid pointer.

Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054

Assisted-by: Max Dymond
Closes #2054

7 years agoRELEASE-NOTES: synced with ee8016b3d
Daniel Stenberg [Sat, 4 Nov 2017 21:03:18 +0000 (22:03 +0100)]
RELEASE-NOTES: synced with ee8016b3d

7 years agocurl: speed up handling of many URLs
Daniel Stenberg [Sat, 4 Nov 2017 11:56:30 +0000 (12:56 +0100)]
curl: speed up handling of many URLs

By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).

Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.

Reported-by: arainchik on github
Fixes #1959
Closes #2052

7 years agocurl: pass through [] in URLs instead of calling globbing error
Daniel Stenberg [Fri, 3 Nov 2017 13:04:53 +0000 (15:04 +0200)]
curl: pass through [] in URLs instead of calling globbing error

Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048

7 years agoCURLOPT_INFILESIZE: accept -1
Daniel Stenberg [Fri, 3 Nov 2017 13:40:05 +0000 (14:40 +0100)]
CURLOPT_INFILESIZE: accept -1

Regression since f121575

Reported-by: Petr Voytsik
Fixes #2047

7 years agourl: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
Jay Satiro [Thu, 2 Nov 2017 04:30:28 +0000 (00:30 -0400)]
url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1

Prior to this change since f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT
erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT.