]> granicus.if.org Git - curl/log
curl
6 years agoopenssl: output the correct cipher list on TLS 1.3 error
Daniel Stenberg [Fri, 26 Oct 2018 11:34:37 +0000 (13:34 +0200)]
openssl: output the correct cipher list on TLS 1.3 error

When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".

Reported-by: Ricky-Tigg on github
Fixes #3178
Closes #3180

6 years agodocs/CIPHERS: fix the TLS 1.3 cipher names
Daniel Stenberg [Fri, 26 Oct 2018 11:33:34 +0000 (13:33 +0200)]
docs/CIPHERS: fix the TLS 1.3 cipher names

... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html

Reported-by: Ricky-Tigg on github
Bug: #3178

6 years agotravis: install gnutls-bin package
Marcel Raad [Sat, 8 Sep 2018 20:44:16 +0000 (22:44 +0200)]
travis: install gnutls-bin package

This is required for gnutls-serv, which enables a few more tests.

Closes https://github.com/curl/curl/pull/2958

6 years agossh: free the session on init failures
Daniel Gustafsson [Fri, 26 Oct 2018 13:39:15 +0000 (15:39 +0200)]
ssh: free the session on init failures

Ensure to clear the session object in case the libssh2 initialization
fails.

It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.

Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agodocs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
Daniel Stenberg [Fri, 26 Oct 2018 12:12:44 +0000 (14:12 +0200)]
docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date

... I'm moving it up one week due to travels. The rest stays.

6 years agoopenssl: make 'done' a proper boolean
Daniel Gustafsson [Fri, 26 Oct 2018 08:06:48 +0000 (10:06 +0200)]
openssl: make 'done' a proper boolean

Closes #3176

6 years agogtls: Values stored to but never read
Daniel Stenberg [Mon, 22 Oct 2018 22:31:16 +0000 (00:31 +0200)]
gtls: Values stored to but never read

Detected by clang-tidy

Closes #3176

6 years agocurl.1: --ipv6 mutexes ipv4 (fixed typo)
Alexey Eremikhin [Thu, 25 Oct 2018 14:02:59 +0000 (17:02 +0300)]
curl.1: --ipv6 mutexes ipv4 (fixed typo)

Fixes #3171
Closes #3172

6 years agotool_main: make TerminalSettings static
Daniel Stenberg [Tue, 23 Oct 2018 11:38:48 +0000 (13:38 +0200)]
tool_main: make TerminalSettings static

Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819
Closes #3161

6 years agocurl-config.in: remove dependency on bc
Daniel Stenberg [Thu, 25 Oct 2018 14:55:27 +0000 (16:55 +0200)]
curl-config.in: remove dependency on bc

Reported-by: Dima Pasechnik
Fixes #3143
Closes #3174

6 years agortmp: fix for compiling with lwIP
Gisle Vanem [Mon, 22 Oct 2018 08:33:44 +0000 (10:33 +0200)]
rtmp: fix for compiling with lwIP

Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
  curl_rtmp.c(223,3):  error: use of undeclared identifier 'setsockopt'
    setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
    ^
  curl_rtmp.c(41,32):  note: expanded from macro 'setsockopt'
  #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
                                 ^
Closes #3155

6 years agoconfigure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
Daniel Stenberg [Thu, 25 Oct 2018 06:03:51 +0000 (08:03 +0200)]
configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T

Follow-up to #3166 which did the cmake part of this. This type/define is
not used.

Closes #3168

6 years agocmake: remove unused variables
Ruslan Baratov [Wed, 24 Oct 2018 12:22:02 +0000 (15:22 +0300)]
cmake: remove unused variables

Remove variables:
* HAVE_SOCKLEN_T
* CURL_SIZEOF_CURL_SOCKLEN_T
* CURL_TYPEOF_CURL_SOCKLEN_T

Closes #3166

6 years agourldata: Fix comment in header
Michael Kaufmann [Thu, 25 Oct 2018 11:02:26 +0000 (13:02 +0200)]
urldata: Fix comment in header

The "connecting" function is used by multiple protocols, not only FTP

6 years agonetrc: free temporary strings if memory allocation fails
Michael Kaufmann [Wed, 10 Oct 2018 20:38:50 +0000 (22:38 +0200)]
netrc: free temporary strings if memory allocation fails

- Change the inout parameters after all needed memory has been
  allocated. Do not change them if something goes wrong.
- Free the allocated temporary strings if strdup() fails.

Closes #3122

6 years agoconfig: Remove unused SIZEOF_VOIDP
Ruslan Baratov [Wed, 8 Aug 2018 11:15:43 +0000 (14:15 +0300)]
config: Remove unused SIZEOF_VOIDP

Closes #3162

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 24 Oct 2018 07:22:18 +0000 (09:22 +0200)]
RELEASE-NOTES: synced

6 years agoFix for compiling with lwIP (3)
Gisle Vanem [Tue, 23 Oct 2018 10:55:07 +0000 (12:55 +0200)]
Fix for compiling with lwIP (3)

lwIP on Windows does not have a WSAIoctl() function.
But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing.

6 years agoCurl_follow: return better errors on URL problems
Daniel Stenberg [Sun, 21 Oct 2018 22:09:49 +0000 (00:09 +0200)]
Curl_follow: return better errors on URL problems

... by making the converter function global and accessible.

Closes #3153

6 years agoCurl_follow: remove remaining free(newurl)
Daniel Stenberg [Sun, 21 Oct 2018 21:50:13 +0000 (23:50 +0200)]
Curl_follow: remove remaining free(newurl)

Follow-up to 05564e750e8f0c. This function no longer frees the passed-in
URL.

Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/commit/05564e750e8f0c79016c680f301ce251e6e86155#commitcomm
ent-30985666

6 years agoheaders: end all headers with guard comment
Daniel Gustafsson [Tue, 23 Oct 2018 08:02:24 +0000 (10:02 +0200)]
headers: end all headers with guard comment

Most headerfiles end with a /* <headerguard> */ comment, but it was
missing from some. The comment isn't the most important part of our
code documentation but consistency has an intrinsic value in itself.
This adds header guard comments to the files that were lacking it.

Closes #3158
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoCIPHERS.md: Mention the options used to set TLS 1.3 ciphers
Jay Satiro [Tue, 23 Oct 2018 04:49:12 +0000 (00:49 -0400)]
CIPHERS.md: Mention the options used to set TLS 1.3 ciphers

Closes https://github.com/curl/curl/pull/3159

6 years agodocs/BUG-BOUNTY: the sponsors actually decide the amount
Daniel Stenberg [Sat, 20 Oct 2018 08:54:19 +0000 (10:54 +0200)]
docs/BUG-BOUNTY: the sponsors actually decide the amount

Retract the previous approach as the sponsors will be the ones to set the
final amounts.

Closes #3152
[ci skip]

6 years agomulti: avoid double-free
Daniel Stenberg [Tue, 2 Oct 2018 07:58:04 +0000 (09:58 +0200)]
multi: avoid double-free

Curl_follow() no longer frees the string. Make sure it happens in the
caller function, like we normally handle allocations.

This bug was introduced with the use of the URL API internally, it has
never been in a release version

Reported-by: Dario Weißer
Closes #3149

6 years agomulti: make the closure handle "inherit" CURLOPT_NOSIGNAL
Daniel Stenberg [Thu, 18 Oct 2018 21:35:12 +0000 (23:35 +0200)]
multi: make the closure handle "inherit" CURLOPT_NOSIGNAL

Otherwise, closing that handle can still cause surprises!

Reported-by: Martin Ankerl
Fixes #3138
Closes #3147

6 years agoVS projects: add USE_IPV6
Marcel Raad [Wed, 17 Oct 2018 15:34:56 +0000 (17:34 +0200)]
VS projects: add USE_IPV6

The Visual Studio builds didn't use IPv6. Add it to all projects since
Visual Studio 2008, which is verified to build via AppVeyor.

Closes https://github.com/curl/curl/pull/3137

6 years agoconfig_win32: enable LDAPS
Marcel Raad [Sun, 14 Oct 2018 14:00:39 +0000 (16:00 +0200)]
config_win32: enable LDAPS

As done in the autotools and CMake builds by default.

Closes https://github.com/curl/curl/pull/3137

6 years agotravis: add build for "configure --disable-verbose"
Daniel Stenberg [Tue, 16 Oct 2018 21:35:44 +0000 (23:35 +0200)]
travis: add build for "configure --disable-verbose"

Closes #3144

6 years agotool_cb_hdr: handle failure of rename()
Kamil Dudka [Mon, 15 Oct 2018 14:03:46 +0000 (16:03 +0200)]
tool_cb_hdr: handle failure of rename()

Detected by Coverity.

Closes #3140
Reviewed-by: Jay Satiro
6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 17 Oct 2018 06:17:04 +0000 (08:17 +0200)]
RELEASE-NOTES: synced

6 years agodocs/SECURITY-PROCESS: the hackerone IBB program drops curl
Daniel Stenberg [Wed, 17 Oct 2018 06:02:37 +0000 (08:02 +0200)]
docs/SECURITY-PROCESS: the hackerone IBB program drops curl

... now there's only BountyGraph.

6 years agox509asn1: Fix SAN IP address verification
Matthew Whitehead [Mon, 15 Oct 2018 15:27:28 +0000 (16:27 +0100)]
x509asn1: Fix SAN IP address verification

For IP addresses in the subject alternative name field, the length
of the IP address (and hence the number of bytes to perform a
memcmp on) is incorrectly calculated to be zero. The code previously
subtracted q from name.end. where in a successful case q = name.end
and therefore addrlen equalled 0. The change modifies the code to
subtract name.beg from name.end to calculate the length correctly.

The issue only affects libcurl with GSKit SSL, not other SSL backends.
The issue is not a security issue as IP verification would always fail.

Fixes #3102
Closes #3141

6 years agoINSTALL: mention mesalink in TLS section
Daniel Gustafsson [Mon, 15 Oct 2018 07:15:23 +0000 (09:15 +0200)]
INSTALL: mention mesalink in TLS section

Commit 57348eb97d1b8fc3742e02c6587d2d02ff592da5 added support for the
MesaLink vtls backend, but missed updating the TLS section containing
supported backends in the docs.

Closes #3134
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agononblock: fix unused parameter warning
Marcel Raad [Sun, 14 Oct 2018 19:07:45 +0000 (21:07 +0200)]
nonblock: fix unused parameter warning

If USE_BLOCKING_SOCKETS is defined, curlx_nonblock's arguments are not
used.

6 years agoCurl_follow: Always free the passed new URL
Michael Kaufmann [Wed, 10 Oct 2018 20:53:50 +0000 (22:53 +0200)]
Curl_follow: Always free the passed new URL

Closes #3124

6 years agoreplace rawgit links [ci skip]
Viktor Szakats [Fri, 12 Oct 2018 21:04:37 +0000 (21:04 +0000)]
replace rawgit links [ci skip]

Ref: https://rawgit.com/ "RawGit has reached the end of its useful life"
Ref: https://news.ycombinator.com/item?id=18202481
Closes https://github.com/curl/curl/pull/3131

6 years agodocs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018
Daniel Stenberg [Fri, 12 Oct 2018 07:11:54 +0000 (09:11 +0200)]
docs/BUG-BOUNTY.md: for vulns published since Aug 1st 2018

[ci skip]

6 years agotravis: make distcheck scan for BOM markers
Daniel Stenberg [Thu, 11 Oct 2018 07:51:10 +0000 (09:51 +0200)]
travis: make distcheck scan for BOM markers

and remove BOM from projects/wolfssl_override.props

Closes #3126

6 years agoCMake: remove BOM
Marcel Raad [Thu, 11 Oct 2018 07:15:24 +0000 (09:15 +0200)]
CMake: remove BOM

Accidentally aded in commit 1bb86057ff07083deeb0b00f8ad35879ec4d03ea.

Reported-by: Viktor Szakats
Ref: https://github.com/curl/curl/pull/3120#issuecomment-428673136

6 years agotransfer: fix typo in comment
Daniel Gustafsson [Wed, 10 Oct 2018 19:32:28 +0000 (21:32 +0200)]
transfer: fix typo in comment

6 years agodocs: add "see also" links for SSL options
Michael Kaufmann [Wed, 10 Oct 2018 11:00:34 +0000 (13:00 +0200)]
docs: add "see also" links for SSL options

- link TLS 1.2 and TLS 1.3 options
- link proxy and non-proxy options

Closes #3121

6 years agoAppVeyor: remove BDIR variable that sneaked in again
Marcel Raad [Wed, 10 Oct 2018 19:57:42 +0000 (21:57 +0200)]
AppVeyor: remove BDIR variable that sneaked in again

Removed in ae762e1abebe3a5fe75658583c85059a0957ef6e, accidentally added
again in 9f3be5672dc4dda30ab43e0152e13d714a84d762.

6 years agoCMake: disable -Wpedantic-ms-format
Marcel Raad [Tue, 9 Oct 2018 06:42:04 +0000 (08:42 +0200)]
CMake: disable -Wpedantic-ms-format

As done in the autotools build. This is required for MinGW, which
supports only %I64 for printing 64-bit values, but warns about it.

Closes https://github.com/curl/curl/pull/3120

6 years agoldap: show precise LDAP call in error message on Windows
Viktor Szakats [Tue, 9 Oct 2018 15:05:35 +0000 (15:05 +0000)]
ldap: show precise LDAP call in error message on Windows

Also add a unique but common text ('bind via') to make it
easy to grep this specific failure regardless of platform.

Ref: https://github.com/curl/curl/pull/878/files#diff-7a636f08047c4edb53a240f540b4ecf6R468
Closes https://github.com/curl/curl/pull/3118
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
6 years agodocs/DEPRECATE: minor reformat to render nicer on web
Daniel Stenberg [Tue, 9 Oct 2018 08:05:06 +0000 (10:05 +0200)]
docs/DEPRECATE: minor reformat to render nicer on web

6 years agoCURLOPT_SSL_VERIFYSTATUS: Fix typo
Daniel Gustafsson [Tue, 9 Oct 2018 07:47:40 +0000 (09:47 +0200)]
CURLOPT_SSL_VERIFYSTATUS: Fix typo

Changes s/OSCP/OCSP/ and bumps the copyright year due to the change.

6 years agocurl_setup: define NOGDI on Windows
Marcel Raad [Mon, 8 Oct 2018 09:33:15 +0000 (11:33 +0200)]
curl_setup: define NOGDI on Windows

This avoids an ERROR macro clash between <wingdi.h> and <arpa/tftp.h>
on MinGW.

Closes https://github.com/curl/curl/pull/3113

6 years agoWindows: fixes for MinGW targeting Windows Vista
Marcel Raad [Sun, 7 Oct 2018 19:46:56 +0000 (21:46 +0200)]
Windows: fixes for MinGW targeting Windows Vista

Classic MinGW has neither InitializeCriticalSectionEx nor
GetTickCount64, independent of the target Windows version.

Closes https://github.com/curl/curl/pull/3113

6 years agoTODO: fixed 'API for URL parsing/splitting'
Daniel Stenberg [Mon, 8 Oct 2018 21:35:55 +0000 (23:35 +0200)]
TODO: fixed 'API for URL parsing/splitting'

6 years agoKNOWN_BUGS: Fix various typos
Daniel Gustafsson [Mon, 8 Oct 2018 20:59:37 +0000 (22:59 +0200)]
KNOWN_BUGS: Fix various typos

Closes #3112
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agospelling fixes [ci skip]
Viktor Szakats [Mon, 8 Oct 2018 19:37:40 +0000 (19:37 +0000)]
spelling fixes [ci skip]

as detected by codespell 1.14.0

Closes https://github.com/curl/curl/pull/3114
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 8 Oct 2018 13:03:21 +0000 (15:03 +0200)]
RELEASE-NOTES: synced

6 years agocurl_ntlm_wb: check aprintf() return codes
Daniel Stenberg [Sun, 7 Oct 2018 21:34:35 +0000 (23:34 +0200)]
curl_ntlm_wb: check aprintf() return codes

... when they return NULL we're out of memory and MUST return failure.

closes #3111

6 years agodocs/BUG-BOUNTY: proposed additional docs
Daniel Stenberg [Sat, 29 Sep 2018 12:54:49 +0000 (14:54 +0200)]
docs/BUG-BOUNTY: proposed additional docs

Bug bounty explainer. See https://bountygraph.com/programs/curl

Closes #3067

6 years agohostip: fix check on Curl_shuffle_addr return value
Rick Deist [Sun, 7 Oct 2018 16:18:03 +0000 (19:18 +0300)]
hostip: fix check on Curl_shuffle_addr return value

Closes #3110

6 years agoFILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
Daniel Stenberg [Thu, 4 Oct 2018 21:53:32 +0000 (23:53 +0200)]
FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output

Now FILE transfers send headers to the header callback like HTTP and
other protocols. Also made curl_easy_getinfo(...CURLINFO_PROTOCOL...)
work for FILE in the callbacks.

Makes "curl -i file://.." and "curl -I file://.." work like before
again. Applied the bold header logic to them too.

Regression from c1c2762 (7.61.0)

Reported-by: Shaun Jackman
Fixes #3083
Closes #3101

6 years agogskit: make sure to terminate version string
Daniel Gustafsson [Sun, 7 Oct 2018 20:36:25 +0000 (22:36 +0200)]
gskit: make sure to terminate version string

In case a very small buffer was passed to the version function, it could
result in the buffer not being NULL-terminated since strncpy() doesn't
guarantee a terminator on an overflowed buffer. Rather than adding code
to terminate (and handle zero-sized buffers), move to using snprintf()
instead like all the other vtls backends.

Closes #3105
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
6 years agoTODO: add LD_PRELOAD support on macOS
Daniel Gustafsson [Sun, 7 Oct 2018 20:28:19 +0000 (22:28 +0200)]
TODO: add LD_PRELOAD support on macOS

Add DYLD_INSERT_LIBRARIES support to the TODO list. Reported in #2394.

6 years agoruntests: skip ld_preload tests on macOS
Daniel Gustafsson [Sun, 7 Oct 2018 20:25:53 +0000 (22:25 +0200)]
runtests: skip ld_preload tests on macOS

The LD_PRELOAD functionality doesn't exist on macOS, so skip any tests
requiring it.

Fixes #2394
Closes #3106
Reported-by: Github user @jakirkham
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoAppVeyor: use Debug builds to run tests
Marcel Raad [Fri, 5 Oct 2018 11:14:23 +0000 (13:14 +0200)]
AppVeyor: use Debug builds to run tests

This enables more tests.

Closes https://github.com/curl/curl/pull/3104

6 years agoAppVeyor: add HTTP_ONLY build
Marcel Raad [Fri, 5 Oct 2018 11:12:13 +0000 (13:12 +0200)]
AppVeyor: add HTTP_ONLY build

Closes https://github.com/curl/curl/pull/3104

6 years agoAppVeyor: add WinSSL builds
Marcel Raad [Fri, 5 Oct 2018 11:09:24 +0000 (13:09 +0200)]
AppVeyor: add WinSSL builds

Use the oldest and latest Windows SDKs for them.
Also, remove all but one OpenSSL build.

Closes https://github.com/curl/curl/pull/3104

6 years agoAppVeyor: add remaining Visual Studio versions
Marcel Raad [Fri, 5 Oct 2018 11:02:34 +0000 (13:02 +0200)]
AppVeyor: add remaining Visual Studio versions

This adds Visual Studio 9 and 10 builds.
There's no 64-bit VC9 compiler on AppVeyor, so use it as the Win32
build. Also, VC9 cannot be used for running the test suite.

Closes https://github.com/curl/curl/pull/3104

6 years agoAppVeyor: break long line
Marcel Raad [Fri, 5 Oct 2018 11:05:21 +0000 (13:05 +0200)]
AppVeyor: break long line

Closes https://github.com/curl/curl/pull/3104

6 years agoAppVeyor: remove unused BDIR variable
Marcel Raad [Sun, 7 Oct 2018 09:04:15 +0000 (11:04 +0200)]
AppVeyor: remove unused BDIR variable

Closes https://github.com/curl/curl/pull/3104

6 years agotest2100: test DoH using IPv4-only
Daniel Stenberg [Sat, 6 Oct 2018 11:31:33 +0000 (13:31 +0200)]
test2100: test DoH using IPv4-only

To make it only send one DoH request and avoid the race condition that
could lead to the requests getting sent in reversed order and thus
making it hard to compare in the test case.

Fixes #3107
Closes #3108

6 years agotests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too
Daniel Stenberg [Sat, 6 Oct 2018 10:57:12 +0000 (12:57 +0200)]
tests/FILEFORMAT: mention how to use <fileN> and <stripfileN> too

[ci skip]

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 5 Oct 2018 20:40:02 +0000 (22:40 +0200)]
RELEASE-NOTES: synced

6 years agotimeval: fix use of weak symbol clock_gettime() on Apple platforms
dmitrykos [Tue, 25 Sep 2018 17:06:26 +0000 (20:06 +0300)]
timeval: fix use of weak symbol clock_gettime() on Apple platforms

Closes #3048

6 years agodoh: keep the IPv4 address in (original) network byte order
Daniel Stenberg [Thu, 4 Oct 2018 09:57:29 +0000 (11:57 +0200)]
doh: keep the IPv4 address in (original) network byte order

Ideally this will fix the reversed order shown in SPARC tests:

  resp 8: Expected 127.0.0.1 got 1.0.0.127

Closes #3091

6 years agoINTERNALS.md: wrap lines longer than 79
Jay Satiro [Fri, 5 Oct 2018 18:00:15 +0000 (14:00 -0400)]
INTERNALS.md: wrap lines longer than 79

6 years agoINTERNALS: escape reference to parameter
Daniel Gustafsson [Fri, 5 Oct 2018 11:37:02 +0000 (13:37 +0200)]
INTERNALS: escape reference to parameter

The parameter reference <string> was causing rendering issues in the
generated HTML page, as <string> isn't a valid HTML tag. Fix by back-
tick escaping it.

Closes #3099
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agochecksrc: handle zero scoped ignore commands
Daniel Gustafsson [Fri, 5 Oct 2018 11:33:21 +0000 (13:33 +0200)]
checksrc: handle zero scoped ignore commands

If a !checksrc! disable command specified to ignore zero errors, it was
still added to the ignore block even though nothing was ignored. While
there were no blocks ignored that shouldn't be ignored, the processing
ended with with a warning:

<filename>:<line>:<col>: warning: Unused ignore: LONGLINE (UNUSEDIGNORE)
 /* !checksrc! disable LONGLINE 0 */
                    ^
Fix by instead treating a zero ignore as a a badcommand and throw a
warning for that one.

Closes #3096
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agochecksrc: enable strict mode and warnings
Daniel Gustafsson [Fri, 5 Oct 2018 11:29:37 +0000 (13:29 +0200)]
checksrc: enable strict mode and warnings

Enable strict and warnings mode for checksrc to ensure we aren't missing
anything due to bugs in the checking code. This uncovered a few things
which are all fixed in this commit:

* several variables were used uninitialized
* several variables were not defined in the correct scope
* the whitelist filehandle was read even if the file didn't exist
* the enable_warn() call when a disable counter had expired was passing
  incorrect variables, but since the checkwarn() call is unlikely to hit
  (the counter is only decremented to zero on actual ignores) it didn't
  manifest a problem.

Closes #3090
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
6 years agoCMake: suppress MSVC warning C4127 for libtest
Marcel Raad [Fri, 5 Oct 2018 10:48:47 +0000 (12:48 +0200)]
CMake: suppress MSVC warning C4127 for libtest

It's issued by older Windows SDKs (prior to version 8.0).

6 years agoMerge branch 'dmitrykos-fix_missing_CMake_defines'
Sergei Nikulov [Fri, 5 Oct 2018 10:17:43 +0000 (13:17 +0300)]
Merge branch 'dmitrykos-fix_missing_CMake_defines'

6 years agocmake: test and set missed defines during configuration
dmitrykos [Thu, 4 Oct 2018 18:31:23 +0000 (21:31 +0300)]
cmake: test and set missed defines during configuration

Added configuration checks for HAVE_BUILTIN_AVAILABLE and HAVE_CLOCK_GETTIME_MONOTONIC.

Closes #3097

6 years agoAppVeyor: disable test 500
Marcel Raad [Thu, 4 Oct 2018 18:31:50 +0000 (20:31 +0200)]
AppVeyor: disable test 500

It almost always results in
"starttransfer vs total: 0.000001 0.000000".
I cannot reproduce this locally, so disable it for now.

Closes https://github.com/curl/curl/pull/3100

6 years agoAppVeyor: set custom install prefix
Marcel Raad [Thu, 4 Oct 2018 18:22:39 +0000 (20:22 +0200)]
AppVeyor: set custom install prefix

CMake's default has spaces and in 32-bit mode parentheses, which result
in syntax errors in curl-config.

Closes https://github.com/curl/curl/pull/3100

6 years agoAppVeyor: Remove non-SSL non-test builds
Marcel Raad [Thu, 4 Oct 2018 18:08:07 +0000 (20:08 +0200)]
AppVeyor: Remove non-SSL non-test builds

They don't add much value.

Closes https://github.com/curl/curl/pull/3100

6 years agoAppVeyor: run test suite
Marcel Raad [Tue, 2 Oct 2018 15:47:39 +0000 (17:47 +0200)]
AppVeyor: run test suite

Use the preinstalled MSYS2 bash for that.
Disable test 1139 as the CMake build doesn't generate curl.1.

Ref: https://github.com/curl/curl/issues/3070#issuecomment-425922224
Closes https://github.com/curl/curl/pull/3100

6 years agoAppVeyor: use in-tree build
Marcel Raad [Wed, 3 Oct 2018 17:21:12 +0000 (19:21 +0200)]
AppVeyor: use in-tree build

Required to run the tests.

Closes https://github.com/curl/curl/pull/3100

6 years agodoh: make sure TTL isn't re-inited by second (discarded?) response
Daniel Stenberg [Thu, 4 Oct 2018 10:13:06 +0000 (12:13 +0200)]
doh: make sure TTL isn't re-inited by second (discarded?) response

Closes #3092

6 years agotest320: strip out more HTML when comparing
Daniel Stenberg [Thu, 4 Oct 2018 13:34:13 +0000 (15:34 +0200)]
test320: strip out more HTML when comparing

To make the test case work with different gnutls-serv versions better.

Reported-by: Kamil Dudka
Fixes #3093
Closes #3094

6 years agoruntests: use Windows paths for Windows curl
Marcel Raad [Thu, 4 Oct 2018 08:12:26 +0000 (10:12 +0200)]
runtests: use Windows paths for Windows curl

curl generated by CMake's Visual Studio generator has "Windows" in the
version number.

6 years agotests/negtelnetserver.py: fix Python2-ism in neg TELNET server
Colin Hogben [Tue, 2 Oct 2018 13:27:43 +0000 (14:27 +0100)]
tests/negtelnetserver.py: fix Python2-ism in neg TELNET server

Fix problems caused by differences in treatment of bytes objects between
python2 and python3.

Fixes #2929
Closes #3080

6 years agomemory: ensure to check allocation results
Daniel Gustafsson [Tue, 2 Oct 2018 22:56:29 +0000 (00:56 +0200)]
memory: ensure to check allocation results

The result of a memory allocation should always be checked, as we may
run under memory pressure where even a small allocation can fail. This
adds checking and error handling to a few cases where the allocation
wasn't checked for success. In the ftp case, the freeing of the path
variable is moved ahead of the allocation since there is little point
in keeping it around across the strdup, and the separation makes for
more readable code. In nwlib, the lock is aslo freed in the error path.

Also bumps the copyright years on affected files.

Closes #3084
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agocomment: Fix multiple typos in function parameters
Daniel Gustafsson [Wed, 3 Oct 2018 08:27:27 +0000 (10:27 +0200)]
comment: Fix multiple typos in function parameters

Ensure that the parameters in the comment match the actual names in the
prototype.

Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoCURLOPT_SSLVERSION.3: fix typos and consistent spelling
Daniel Gustafsson [Wed, 3 Oct 2018 08:22:10 +0000 (10:22 +0200)]
CURLOPT_SSLVERSION.3: fix typos and consistent spelling

Use TLS vX.Y throughout the document, instead of TLS X.Y, as that was
already done in all but a few cases. Also fix a few typos.

Closes #3076
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoSECURITY-PROCESS: make links into hyperlinks
Daniel Gustafsson [Wed, 3 Oct 2018 08:17:09 +0000 (10:17 +0200)]
SECURITY-PROCESS: make links into hyperlinks

Use proper Markdown hyperlink format for the Bountygraph links in order
for the generated website page to be more user friendly. Also link to
the sponsors to give them a little extra credit.

Closes #3082
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoCURLOPT_HEADER.3: fix typo
Jay Satiro [Wed, 3 Oct 2018 06:30:32 +0000 (02:30 -0400)]
CURLOPT_HEADER.3: fix typo

6 years agonss: fix nssckbi module loading on Windows
Jay Satiro [Wed, 3 Oct 2018 02:19:16 +0000 (22:19 -0400)]
nss: fix nssckbi module loading on Windows

- Use .DLL extension instead of .so to load modules on Windows.

Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html
Reported-by: Maxime Legros
Ref: https://github.com/curl/curl/pull/3016/#issuecomment-423069442

Closes https://github.com/curl/curl/pull/3086

6 years agodata-binary.d: clarify default content-type is x-www-form-urlencoded
Jay Satiro [Wed, 3 Oct 2018 01:55:57 +0000 (21:55 -0400)]
data-binary.d: clarify default content-type is x-www-form-urlencoded

- Advise user that --data-binary sends a default content type of
  x-www-form-urlencoded, and to have the data treated as arbitrary
  binary data by the server set the content-type header to octet-stream.

Ref: https://github.com/curl/curl/pull/2852#issuecomment-426465094

Closes https://github.com/curl/curl/pull/3085

6 years agotest1299: use single quotes around asterisk
Marcel Raad [Tue, 2 Oct 2018 21:35:52 +0000 (23:35 +0200)]
test1299: use single quotes around asterisk

Ref: https://github.com/curl/curl/issues/1751#issuecomment-321522580

6 years agodocs/CIPHERS: mention the colon separation for OpenSSL
Daniel Stenberg [Tue, 2 Oct 2018 11:55:36 +0000 (13:55 +0200)]
docs/CIPHERS: mention the colon separation for OpenSSL

Bug: #3077

6 years agoruntests: ignore disabled even when ranges are given
Daniel Stenberg [Tue, 2 Oct 2018 07:08:56 +0000 (09:08 +0200)]
runtests: ignore disabled even when ranges are given

runtests.pl support running a range of tests, like "44 to 127". Starting
now, the code makes sure that even such given ranges will ignore tests
that are marked as disabled.

Disabled tests can still be run by explictly specifying that test
number.

Closes #3075

6 years agourlapi: starting with a drive letter on win32 is not an abs url
Daniel Stenberg [Mon, 1 Oct 2018 13:59:24 +0000 (15:59 +0200)]
urlapi: starting with a drive letter on win32 is not an abs url

... and libcurl doesn't support any single-letter URL schemes (if there
even exist any) so it should be fairly risk-free.

Reported-by: Marcel Raad
Fixes #3070
Closes #3071

6 years agodoh: fix curl_easy_setopt argument type
Marcel Raad [Tue, 2 Oct 2018 09:15:29 +0000 (11:15 +0200)]
doh: fix curl_easy_setopt argument type

CURLOPT_POSTFIELDSIZE is long. Fixes a compiler warning on 64-bit
MinGW.

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 1 Oct 2018 22:26:57 +0000 (00:26 +0200)]
RELEASE-NOTES: synced

6 years agoCMake: Improve config installation
Ruslan Baratov [Tue, 17 Jul 2018 23:31:51 +0000 (02:31 +0300)]
CMake: Improve config installation

Use 'GNUInstallDirs' standard module to set destinations of installed
files.

Use uppercase "CURL" names instead of lowercase "curl" to match standard
'FindCURL.cmake' CMake module:
* https://cmake.org/cmake/help/latest/module/FindCURL.html

Meaning:
* Install 'CURLConfig.cmake' instead of 'curl-config.cmake'
* User should call 'find_package(CURL)' instead of 'find_package(curl)'

Use 'configure_package_config_file' function to generate
'CURLConfig.cmake' file. This will make 'curl-config.cmake.in' template
file smaller and handle components better.  E.g.  current configuration
report no error if user specified unknown components (note: new
configuration expects no components, report error if user will try to
specify any).

Closes https://github.com/curl/curl/pull/2849