]> granicus.if.org Git - curl/log
curl
5 years agontlm: fix *_type3_message size check to avoid buffer overflow
Daniel Stenberg [Thu, 3 Jan 2019 11:59:28 +0000 (12:59 +0100)]
ntlm: fix *_type3_message size check to avoid buffer overflow

Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
Reported-by: Wenxiang Qian
CVE-2019-3822

5 years agoNTLM: fix size check condition for type2 received data
Daniel Stenberg [Wed, 2 Jan 2019 19:33:08 +0000 (20:33 +0100)]
NTLM: fix size check condition for type2 received data

Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
Reported-by: Wenxiang Qian
CVE-2018-16890

5 years agospnego_sspi: add support for channel binding
georgeok [Tue, 29 Jan 2019 17:26:31 +0000 (18:26 +0100)]
spnego_sspi: add support for channel binding

Attempt to add support for Secure Channel binding when negotiate
authentication is used. The problem to solve is that by default IIS
accepts channel binding and curl doesn't utilise them. The result was a
401 response. Scope affects only the Schannel(winssl)-SSPI combination.

Fixes https://github.com/curl/curl/issues/3503
Closes https://github.com/curl/curl/pull/3509

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 1 Feb 2019 08:42:37 +0000 (09:42 +0100)]
RELEASE-NOTES: synced

5 years agoschannel: stop calling it "winssl"
Daniel Stenberg [Tue, 29 Jan 2019 09:09:29 +0000 (10:09 +0100)]
schannel: stop calling it "winssl"

Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504

5 years agomulti: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
Daniel Stenberg [Sun, 27 Jan 2019 22:45:42 +0000 (23:45 +0100)]
multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time

To make sure Curl_timeleft() also thinks the timeout has been reached
when one of the EXPIRE_*TIMEOUTs expires.

Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html
Reported-by: Zhao Yisha
Closes #3501

5 years agodoc: use meaningless port number in CURLOPT_LOCALPORT example
John Marshall [Thu, 31 Jan 2019 11:52:51 +0000 (11:52 +0000)]
doc: use meaningless port number in CURLOPT_LOCALPORT example

Use an ephemeral port number here; previously the example had 8080
which could be confusing as the common web server port number might
be misinterpreted as suggesting this option affects the remote port.

URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
Closes #3513

5 years agoEscape the '\'
Gisle Vanem [Tue, 29 Jan 2019 15:42:22 +0000 (16:42 +0100)]
Escape the '\'

A backslash should be escaped in Roff / Troff.

5 years agoTODO: WinSSL: 'Add option to disable client cert auto-send'
Jay Satiro [Tue, 29 Jan 2019 05:33:14 +0000 (00:33 -0500)]
TODO: WinSSL: 'Add option to disable client cert auto-send'

By default WinSSL selects and send a client certificate automatically,
but for privacy and consistency we should offer an option to disable the
default auto-send behavior.

Reported-by: Jeroen Ooms
Closes https://github.com/curl/curl/issues/2262

5 years agosigpipe: if mbedTLS is used, ignore SIGPIPE
Jeremie Rapin [Wed, 23 Jan 2019 14:35:46 +0000 (15:35 +0100)]
sigpipe: if mbedTLS is used, ignore SIGPIPE

mbedTLS doesn't have a sigpipe management. If a write/read occurs when
the remote closes the socket, the signal is raised and kills the
application.  Use the curl mecanisms fix this behavior.

Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com>
Closes #3502

5 years agounit1653: make it survive torture tests
Daniel Stenberg [Mon, 28 Jan 2019 07:44:15 +0000 (08:44 +0100)]
unit1653: make it survive torture tests

5 years agotimeval: Disable MSVC Analyzer GetTickCount warning
Michael Kujawa [Sat, 5 Jan 2019 01:18:25 +0000 (20:18 -0500)]
timeval: Disable MSVC Analyzer GetTickCount warning

Compiling with msvc /analyze and a recent Windows SDK warns against
using GetTickCount (Suggests to use GetTickCount64 instead.)

Since GetTickCount is only being used when GetTickCount64 isn't
available, I am disabling that warning.

Fixes https://github.com/curl/curl/issues/3437
Closes https://github.com/curl/curl/pull/3440

5 years agoconfigure: rewrite --enable-code-coverage
Daniel Stenberg [Fri, 25 Jan 2019 09:14:25 +0000 (10:14 +0100)]
configure: rewrite --enable-code-coverage

The previously used ax_code_coverage.m4 is not license compatible and
must not be used.

Reported-by: William A. Rowe Jr
Fixes #3497
Closes #3499

5 years agosetopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
Felix Hädicke [Wed, 23 Jan 2019 22:10:39 +0000 (23:10 +0100)]
setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh

CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for
libssh as well. So accepting these options only when compiling with
libssh2 is wrong here.

Fixes #3493
Closes #3494

5 years agolibssh: do not let libssh create socket
Felix Hädicke [Wed, 23 Jan 2019 22:47:55 +0000 (23:47 +0100)]
libssh: do not let libssh create socket

By default, libssh creates a new socket, instead of using the socket
created by curl for SSH connections.

Pass the socket created by curl to libssh using ssh_options_set() with
SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
instead of creating a new one.

This approach is very similar to what is done in the libssh2 code, where
the socket created by curl is passed to libssh2 when
libssh2_session_startup() is called.

Fixes #3491
Closes #3495

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 21 Jan 2019 22:28:33 +0000 (23:28 +0100)]
RELEASE-NOTES: synced

5 years agoschannel: preserve original certificate path parameter
Archangel_SDY [Sun, 20 Jan 2019 04:47:56 +0000 (12:47 +0800)]
schannel: preserve original certificate path parameter

Fixes #3480
Closes #3487

5 years agoKNOWN_BUGS: tests not compatible with python3
Daniel Stenberg [Mon, 21 Jan 2019 11:16:20 +0000 (12:16 +0100)]
KNOWN_BUGS: tests not compatible with python3

Closes #3289
[skip ci]

5 years agomemcmp: avoid doing single char memcmp
Daniel Gustafsson [Sun, 20 Jan 2019 20:59:04 +0000 (21:59 +0100)]
memcmp: avoid doing single char memcmp

There is no real gain in performing memcmp() comparisons on single
characters, so change these to array subscript inspections which
saves a call and makes the code clearer.

Closes #3486
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
5 years agoCOPYING: it's 2019
Daniel Stenberg [Sat, 19 Jan 2019 19:26:20 +0000 (20:26 +0100)]
COPYING: it's 2019

[skip ci]

5 years agoconfigure: fix recv/send/select detection on Android
hhb [Fri, 18 Jan 2019 23:03:49 +0000 (15:03 -0800)]
configure: fix recv/send/select detection on Android

This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9.

The overloadable attribute is removed again starting from
NDK17. Actually they only exist in two NDK versions (15 and 16). With
overloadable, the first condition tried will succeed. Results in wrong
detection result.

Closes #3484

5 years agontlm_sspi: add support for channel binding
georgeok [Tue, 27 Nov 2018 17:39:45 +0000 (18:39 +0100)]
ntlm_sspi: add support for channel binding

Windows extended potection (aka ssl channel binding) is required
to login to ntlm IIS endpoint, otherwise the server returns 401
responses.

Fixes #3280
Closes #3321

6 years agoschannel: on connection close there might not be a transfer
Daniel Stenberg [Fri, 18 Jan 2019 10:21:25 +0000 (11:21 +0100)]
schannel: on connection close there might not be a transfer

Reported-by: Marcel Raad
Fixes #3412
Closes #3483

6 years agossh: log the libssh2 error message when ssh session startup fails
JDepooter [Thu, 17 Jan 2019 01:18:20 +0000 (17:18 -0800)]
ssh: log the libssh2 error message when ssh session startup fails

When a ssh session startup fails, it is useful to know why it has
failed. This commit changes the message from:
   "Failure establishing ssh session"
to something like this, for example:
   "Failure establishing ssh session: -5, Unable to exchange encryption keys"

Closes #3481

6 years agoFix typo in manpage
Alessandro Ghedini [Wed, 16 Jan 2019 19:05:12 +0000 (19:05 +0000)]
Fix typo in manpage

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 16 Jan 2019 10:33:26 +0000 (11:33 +0100)]
RELEASE-NOTES: synced

6 years agocmake: updated check for HAVE_POLL_FINE to match autotools
Sergei Nikulov [Tue, 15 Jan 2019 09:50:18 +0000 (12:50 +0300)]
cmake: updated check for HAVE_POLL_FINE to match autotools

6 years agocurl-compilers.m4: check for __ibmxl__ to detect xlclang
Daniel Stenberg [Wed, 16 Jan 2019 07:11:43 +0000 (08:11 +0100)]
curl-compilers.m4: check for __ibmxl__ to detect xlclang

Follow-up to 2fa0d57e2e3. The __xlc__ symbol is only defined there if a
particular flag is used for legacy macros.

Fixes #3474
Closes #3479

6 years agoopenssl: fix the SSL_get_tlsext_status_ocsp_resp call
Daniel Stenberg [Tue, 15 Jan 2019 22:57:25 +0000 (23:57 +0100)]
openssl: fix the SSL_get_tlsext_status_ocsp_resp call

.... to not pass in a const in the second argument as that's not how it
is supposed to be used and might cause compiler warnings.

Reported-by: Pavel Pavlov
Fixes #3477
Closes #3478

6 years agocurl-compilers.m4: detect xlclang
Daniel Stenberg [Tue, 15 Jan 2019 10:48:41 +0000 (11:48 +0100)]
curl-compilers.m4: detect xlclang

Since it isn't totally clang compatible, we detect this IBM clang
front-end and if detected, avoids some clang specific magic.

Reported-by: Kees Dekker
Fixes #3474
Closes #3476

6 years agoREADME: add codacy code quality badge
Daniel Stenberg [Tue, 15 Jan 2019 08:13:56 +0000 (09:13 +0100)]
README: add codacy code quality badge

[skip ci]

6 years agoextract_if_dead: follow-up to 54b201b48c90a
Daniel Stenberg [Mon, 14 Jan 2019 23:06:26 +0000 (00:06 +0100)]
extract_if_dead: follow-up to 54b201b48c90a

extract_if_dead() dead is called from two functions, and only one of
them should get conn->data updated and now neither call path clears it.

scan-build found a case where conn->data would be NULL dereferenced in
ConnectionExists() otherwise.

Closes #3473

6 years agomulti: remove "Dead assignment"
Daniel Stenberg [Mon, 14 Jan 2019 22:47:13 +0000 (23:47 +0100)]
multi: remove "Dead assignment"

Found by scan-build. Follow-up to 4c35574bb785ce.

Closes #3471

6 years agotests: move objnames-* from lib into tests
Daniel Stenberg [Mon, 14 Jan 2019 22:35:34 +0000 (23:35 +0100)]
tests: move objnames-* from lib into tests

Since they're used purely for testing purposes, I think they should
rather be stored there.

Closes #3470

6 years agotravis: added cmake build for osx
Sergei Nikulov [Mon, 14 Jan 2019 15:14:48 +0000 (18:14 +0300)]
travis: added cmake build for osx

6 years agocookie: fix comment typo (url_path_len -> uri_path_len)
Frank Gevaerts [Mon, 14 Jan 2019 15:31:20 +0000 (16:31 +0100)]
cookie: fix comment typo (url_path_len -> uri_path_len)

Closes #3469

6 years agowinbuild: conditionally use /DZLIB_WINAPI
Marcel Raad [Fri, 11 Jan 2019 12:06:37 +0000 (13:06 +0100)]
winbuild: conditionally use /DZLIB_WINAPI

zlibwapi.lib (dynamic library) and zlibstat.lib (static library) have
the ZLIB_WINAPI define set by default. Using them requires that define
too.

Ref: https://zlib.net/DLL_FAQ.txt

Fixes https://github.com/curl/curl/issues/3133
Closes https://github.com/curl/curl/pull/3460

6 years agosrc/Makefile: make 'tidy' target work for metalink builds
Daniel Stenberg [Mon, 14 Jan 2019 08:12:12 +0000 (09:12 +0100)]
src/Makefile: make 'tidy' target work for metalink builds

6 years agoextract_if_dead: use a known working transfer when checking connections
Daniel Stenberg [Fri, 11 Jan 2019 22:43:38 +0000 (23:43 +0100)]
extract_if_dead: use a known working transfer when checking connections

Make sure that this function sets a proper "live" transfer for the
connection before calling the protocol-specific connection check
function, and then clear it again afterward as a non-used connection has
no current transfer.

Reported-by: Jeroen Ooms
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Gustafsson
Fixes #3463
Closes #3464

6 years agoopenssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
Daniel Stenberg [Fri, 11 Jan 2019 16:04:44 +0000 (17:04 +0100)]
openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated

OpenSSL_version() replaces OpenSSL_version_num()

Closes #3462

6 years agocmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC
Sergei Nikulov [Fri, 11 Jan 2019 09:05:17 +0000 (12:05 +0300)]
cmake: added checks for HAVE_VARIADIC_MACROS_C99 and HAVE_VARIADIC_MACROS_GCC

6 years agourldata: rename easy_conn to just conn
Daniel Stenberg [Wed, 2 Jan 2019 17:04:58 +0000 (18:04 +0100)]
urldata: rename easy_conn to just conn

We use "conn" everywhere to be a pointer to the connection.

Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.

Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).

Closes #3442

6 years agotool_cb_prg: avoid integer overflow
Daniel Stenberg [Thu, 10 Jan 2019 23:25:46 +0000 (00:25 +0100)]
tool_cb_prg: avoid integer overflow

When calculating the progress bar width.

Reported-by: Peng Li
Fixes #3456
Closes #3458

6 years agotravis: turn off copyright year checks in checksrc
Daniel Gustafsson [Thu, 10 Jan 2019 23:16:30 +0000 (00:16 +0100)]
travis: turn off copyright year checks in checksrc

Invoking the maintainer intended COPYRIGHTYEAR check for everyone
in the PR pipeline is too invasive, especially at the turn of the
year when many files get affected. Remove and leave it as a tool
for maintainers to verify patches before commits.

This reverts f7bdf4b2e1d81b2652b81b9b3029927589273b41.

After discussion with: Daniel Stenberg

6 years agoKNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW
Daniel Stenberg [Thu, 10 Jan 2019 15:52:39 +0000 (16:52 +0100)]
KNOWN_BUGS: cmake makes unusable tool_hugehelp.c with MinGW

Closes #3125

6 years agoKNOWN_BUGS: Improve --data-urlencode space encoding
Daniel Stenberg [Thu, 10 Jan 2019 14:55:37 +0000 (15:55 +0100)]
KNOWN_BUGS: Improve --data-urlencode space encoding

Closes #3229

6 years agoos400: add a missing closing bracket
Patrick Monnerat [Thu, 10 Jan 2019 11:04:35 +0000 (12:04 +0100)]
os400: add a missing closing bracket

See https://github.com/curl/curl/issues/3453#issuecomment-453054458

Reported-by: jonrumsey on github
6 years agoos400: fix extra parameter syntax error.
Patrick Monnerat [Thu, 10 Jan 2019 10:50:27 +0000 (11:50 +0100)]
os400: fix extra parameter syntax error.

Reported-by: jonrumsey on github
Closes #3453

6 years agotest1558: verify CURLINFO_PROTOCOL on file:// transfer
Daniel Stenberg [Tue, 8 Jan 2019 08:58:50 +0000 (09:58 +0100)]
test1558: verify CURLINFO_PROTOCOL on file:// transfer

Attempt to reproduce issue #3444.

Closes #3447

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Thu, 10 Jan 2019 10:07:45 +0000 (11:07 +0100)]
RELEASE-NOTES: synced

6 years agoxattr: strip credentials from any URL that is stored
Daniel Stenberg [Wed, 2 Jan 2019 19:18:27 +0000 (20:18 +0100)]
xattr: strip credentials from any URL that is stored

Both user and password are cleared uncondtitionally.

Added unit test 1621 to verify.

Fixes #3423
Closes #3433

6 years agocookies: allow secure override when done over HTTPS
Daniel Stenberg [Wed, 9 Jan 2019 09:11:58 +0000 (10:11 +0100)]
cookies: allow secure override when done over HTTPS

Added test 1562 to verify.

Reported-by: Jeroen Ooms
Fixes #3445
Closes #3450

6 years agomulti: multiplexing improvements
Daniel Stenberg [Tue, 8 Jan 2019 13:24:15 +0000 (14:24 +0100)]
multi: multiplexing improvements

Fixes #3436
Closes #3448

 Problem 1

After LOTS of scratching my head, I eventually realized that even when doing
10 uploads in parallel, sometimes the socket callback to the application that
tells it what to wait for on the socket, looked like it would reflect the
status of just the single transfer that just changed state.

Digging into the code revealed that this was indeed the truth. When multiple
transfers are using the same connection, the application did not correctly get
the *combined* flags for all transfers which then could make it switch to READ
(only) when in fact most transfers wanted to get told when the socket was
WRITEABLE.

 Problem 1b

A separate but related regression had also been introduced by me when I
cleared connection/transfer association better a while ago, as now the logic
couldn't find the connection and see if that was marked as used by more
transfers and then it would also prematurely remove the socket from the socket
hash table even in times other transfers were still using it!

 Fix 1

Make sure that each socket stored in the socket hash has a "combined" action
field of what to ask the application to wait for, that is potentially the ORed
action of multiple parallel transfers. And remove that socket hash entry only
if there are no transfers left using it.

 Problem 2

The socket hash entry stored an association to a single transfer using that
socket - and when curl_multi_socket_action() was called to tell libcurl about
activities on that specific socket only that transfer was "handled".

This was WRONG, as a single socket/connection can be used by numerous parallel
transfers and not necessarily a single one.

 Fix 2

We now store a list of handles in the socket hashtable entry and when libcurl
is told there's traffic for a particular socket, it now iterates over all
known transfers using that single socket.

6 years agotest1561: improve test name
Daniel Stenberg [Wed, 9 Jan 2019 14:34:36 +0000 (15:34 +0100)]
test1561: improve test name

[skip ci]

6 years agocookies: skip custom cookies when redirecting cross-site
Katsuhiko YOSHIDA [Sun, 30 Dec 2018 00:44:30 +0000 (09:44 +0900)]
cookies: skip custom cookies when redirecting cross-site

Closes #3417

6 years agoTHANKS: fixups and a dedupe
Daniel Stenberg [Wed, 9 Jan 2019 08:17:22 +0000 (09:17 +0100)]
THANKS: fixups and a dedupe

[skip ci]

6 years agotimediff: fix math for unsigned time_t
Daniel Stenberg [Tue, 8 Jan 2019 16:34:45 +0000 (17:34 +0100)]
timediff: fix math for unsigned time_t

Bug: https://curl.haxx.se/mail/lib-2018-12/0088.html

Closes #3449

6 years agotests: allow tests to pass by 2037-02-12
Bernhard M. Wiedemann [Mon, 7 Jan 2019 15:23:04 +0000 (16:23 +0100)]
tests: allow tests to pass by 2037-02-12

similar to commit f508d29f3902104018

Closes #3443

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 7 Jan 2019 13:06:43 +0000 (14:06 +0100)]
RELEASE-NOTES: synced

6 years agocurl_multi_remove_handle() don't block terminating c-ares requests
Brad Spencer [Fri, 14 Dec 2018 21:18:22 +0000 (17:18 -0400)]
curl_multi_remove_handle() don't block terminating c-ares requests

Added Curl_resolver_kill() for all three resolver modes, which only
blocks when necessary, along with test 1592 to confirm
curl_multi_remove_handle() doesn't block unless it must.

Closes #3428
Fixes #3371

6 years agoRevert "http_negotiate: do not close connection until negotiation is completed"
Daniel Stenberg [Fri, 4 Jan 2019 22:34:50 +0000 (23:34 +0100)]
Revert "http_negotiate: do not close connection until negotiation is completed"

This reverts commit 07ebaf837843124ee670e5b8c218b80b92e06e47.

This also reopens PR #3275 which brought the change now reverted.

Fixes #3384
Closes #3439

6 years agocurl/urlapi.h: include "curl.h" first
Daniel Stenberg [Sat, 5 Jan 2019 22:07:29 +0000 (23:07 +0100)]
curl/urlapi.h: include "curl.h" first

This allows programs to include curl/urlapi.h directly.

Reviewed-by: Daniel Gustafsson
Reported-by: Ben Kohler
Fixes #3438
Closes #3441

6 years agoVS projects: fix build warning
Marcel Raad [Wed, 2 Jan 2019 11:01:04 +0000 (12:01 +0100)]
VS projects: fix build warning

Starting with Visual Studio 2017 Update 9, Visual Studio doesn't like
the MinimalRebuild option anymore and warns:

cl : Command line warning D9035: option 'Gm' has been deprecated and
will be removed in a future release

The option can be safely removed so that the default is used.

Closes https://github.com/curl/curl/pull/3425

6 years agoschannel: fix compiler warning
Marcel Raad [Thu, 3 Jan 2019 14:22:44 +0000 (15:22 +0100)]
schannel: fix compiler warning

When building with Unicode on MSVC, the compiler warns about freeing a
pointer to const in Curl_unicodefree. Fix this by declaring it as
non-const and casting the argument to Curl_convert_UTF8_to_tchar to
non-const too, like we do in all other places.

Closes https://github.com/curl/curl/pull/3435

6 years agoprintf: introduce CURL_FORMAT_TIMEDIFF_T
Rikard Falkeborn [Tue, 1 Jan 2019 22:04:57 +0000 (23:04 +0100)]
printf: introduce CURL_FORMAT_TIMEDIFF_T

6 years agoprintf: fix format specifiers
Rikard Falkeborn [Sun, 16 Sep 2018 20:04:49 +0000 (22:04 +0200)]
printf: fix format specifiers

Closes #3426

6 years agolibtest/stub_gssapi: use "real" snprintf
Daniel Stenberg [Thu, 3 Jan 2019 11:00:58 +0000 (12:00 +0100)]
libtest/stub_gssapi: use "real" snprintf

... since it doesn't link with libcurl.

Reverts the commit dcd6f81025 changes from this file.

Bug: https://curl.haxx.se/mail/lib-2019-01/0000.html
Reported-by: Shlomi Fish
Reviewed-by: Daniel Gustafsson
Reviewed-by: Kamil Dudka
Closes #3434

6 years agoINTERNALS: correct some outdated function names
Daniel Stenberg [Wed, 2 Jan 2019 20:00:08 +0000 (21:00 +0100)]
INTERNALS: correct some outdated function names

Closes #3431

6 years agodocs/version.d: mention MultiSSL
Daniel Stenberg [Wed, 2 Jan 2019 18:29:13 +0000 (19:29 +0100)]
docs/version.d: mention MultiSSL

Reviewed-by: Daniel Gustafsson
Closes #3432

6 years agoexamples: Update .gitignore
Rikard Falkeborn [Mon, 31 Dec 2018 22:08:29 +0000 (23:08 +0100)]
examples: Update .gitignore

Add a few missing examples to make `make examples` not leave the
workspace in a dirty state.

Closes #3427
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
6 years agoTHANKS: add more missing names
Daniel Gustafsson [Wed, 2 Jan 2019 12:40:13 +0000 (13:40 +0100)]
THANKS: add more missing names

Add Adrian Burcea who made the artwork for the curl://up 2018 event
which was held in Stockholm, Sweden.

6 years agodocs: mention potential leak in curl_slist_append
Daniel Gustafsson [Wed, 2 Jan 2019 11:46:31 +0000 (12:46 +0100)]
docs: mention potential leak in curl_slist_append

When a non-empty list is appended to, and used as the returnvalue,
the list pointer can leak in case of an allocation failure in the
curl_slist_append() call. This is correctly handled in curl code
usage but we weren't explicitly pointing it out in the API call
documentation. Fix by extending the RETURNVALUE manpage section
and example code.

Closes #3424
Reported-by: dnivras on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agotvnow: silence conversion warnings
Marcel Raad [Tue, 1 Jan 2019 17:03:11 +0000 (18:03 +0100)]
tvnow: silence conversion warnings

MinGW-w64 defaults to targeting Windows 7 now, so GetTickCount64 is
used and the milliseconds are represented as unsigned long long,
leading to a compiler warning when implicitly converting them to long.

6 years agoTHANKS: dedupe more names
Daniel Stenberg [Tue, 1 Jan 2019 16:55:41 +0000 (17:55 +0100)]
THANKS: dedupe more names

Researched-by: Tae Wong
6 years agontlm: update selection of type 3 response
Markus Moeller [Fri, 28 Dec 2018 14:04:53 +0000 (15:04 +0100)]
ntlm: update selection of type 3 response

NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
check seems to work.

Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf

Fixes https://github.com/curl/curl/issues/3286
Closes https://github.com/curl/curl/pull/3287
Closes https://github.com/curl/curl/pull/3415

6 years agoTHANKS: added missing names from year <= 2000
Daniel Stenberg [Mon, 31 Dec 2018 19:01:00 +0000 (20:01 +0100)]
THANKS: added missing names from year <= 2000

Due to a report of a missing name in THANKS I manually went through an
old CHANGES.0 file and added many previously missing names here.

6 years agourlapi: fix parsing ipv6 with zone index
Daniel Gustafsson [Sun, 30 Dec 2018 19:11:57 +0000 (20:11 +0100)]
urlapi: fix parsing ipv6 with zone index

The previous fix for parsing IPv6 URLs with a zone index was a paddle
short for URLs without an explicit port. This patch fixes that case
and adds a unit test case.

This bug was highlighted by issue #3408, and while it's not the full
fix for the problem there it is an isolated bug that should be fixed
regardless.

Closes #3411
Reported-by: GitYuanQu on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoTHANKS: dedupe Guenter Knauf
Daniel Stenberg [Sun, 30 Dec 2018 16:59:58 +0000 (17:59 +0100)]
THANKS: dedupe Guenter Knauf

Reported-by: Tae Wong
6 years agoTHANKS: missing name from the 6.3.1 release!
Daniel Stenberg [Sun, 30 Dec 2018 16:57:54 +0000 (17:57 +0100)]
THANKS: missing name from the 6.3.1 release!

6 years agoRELEASE-NOTES: synced
Daniel Gustafsson [Thu, 27 Dec 2018 13:40:33 +0000 (14:40 +0100)]
RELEASE-NOTES: synced

6 years agohostip: support wildcard hosts
Claes Jakobsson [Thu, 27 Dec 2018 13:23:13 +0000 (14:23 +0100)]
hostip: support wildcard hosts

This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.

Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
  curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
       https://a.com https://b.com

This is probably quite similar to using:
  --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443

Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agourl: fix incorrect indentation
Daniel Gustafsson [Wed, 26 Dec 2018 23:03:35 +0000 (00:03 +0100)]
url: fix incorrect indentation

6 years agoos400: upgrade ILE/RPG binding.
Patrick Monnerat [Wed, 26 Dec 2018 14:17:54 +0000 (15:17 +0100)]
os400: upgrade ILE/RPG binding.

- Trailer function support.
- http 0.9 option.
- curl_easy_upkeep.

6 years agoFAQ: remove mention of sourceforge for github
Daniel Gustafsson [Tue, 25 Dec 2018 22:20:55 +0000 (23:20 +0100)]
FAQ: remove mention of sourceforge for github

The project bug tracker is no longer hosted at sourceforge but is now
hosted on the curl Github page. Update the FAQ to reflect.

Closes #3410
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoopenvms: fix typos in documentation
Daniel Gustafsson [Tue, 25 Dec 2018 21:28:36 +0000 (22:28 +0100)]
openvms: fix typos in documentation

6 years agoopenvms: fix OpenSSL discovery on VAX
Daniel Gustafsson [Tue, 25 Dec 2018 21:27:29 +0000 (22:27 +0100)]
openvms: fix OpenSSL discovery on VAX

The DCL code had a typo in one of the commands which would make the
OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.

Closes #3407
Reviewed-by: Viktor Szakats <commit@vszakats.net>
6 years agocmake: use lowercase for function name like the rest of the code
Ruslan Baratov [Tue, 30 Oct 2018 14:45:46 +0000 (17:45 +0300)]
cmake: use lowercase for function name like the rest of the code

Reviewed-by: Sergei Nikulov
closes #3196

6 years agoRevert "libssh: no data pointer == nothing to do"
Daniel Stenberg [Sun, 23 Dec 2018 16:40:46 +0000 (17:40 +0100)]
Revert "libssh: no data pointer == nothing to do"

This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the
problem in a more generic way.

6 years agodisconnect: set conn->data for protocol disconnect
Daniel Stenberg [Sun, 23 Dec 2018 16:38:59 +0000 (17:38 +0100)]
disconnect: set conn->data for protocol disconnect

Follow-up to fb445a1e18d: Set conn->data explicitly to point out the
current transfer when invoking the protocol-specific disconnect function
so that it can work correctly.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173

6 years agotimeval: Use high resolution timestamps on Windows
Pavel P [Mon, 26 Nov 2018 23:10:10 +0000 (15:10 -0800)]
timeval: Use high resolution timestamps on Windows

- Use QueryPerformanceCounter on Windows Vista+

There is confusing info floating around that QueryPerformanceCounter
can leap etc, which might have been true long time ago, but no longer
the case nowadays (perhaps starting from WinXP?). Also, boost and
std::chrono::steady_clock use QueryPerformanceCounter in a similar way.

Prior to this change GetTickCount or GetTickCount64 was used, which has
lower resolution. That is still the case for <= XP.

Fixes https://github.com/curl/curl/issues/3309
Closes https://github.com/curl/curl/pull/3318

6 years agolibssh: no data pointer == nothing to do
Daniel Stenberg [Sat, 22 Dec 2018 17:13:39 +0000 (18:13 +0100)]
libssh: no data pointer == nothing to do

6 years agoconncache_unlock: avoid indirection by changing input argument type
Daniel Stenberg [Thu, 20 Dec 2018 15:51:44 +0000 (16:51 +0100)]
conncache_unlock: avoid indirection by changing input argument type

6 years agodisconnect: separate connections and easy handles better
Daniel Stenberg [Thu, 20 Dec 2018 15:39:02 +0000 (16:39 +0100)]
disconnect: separate connections and easy handles better

Do not assume/store assocation between a given easy handle and the
connection if it can be avoided.

Long-term, the 'conn->data' pointer should probably be removed as it is a
little too error-prone. Still used very widely though.

Reported-by: masbug on github
Fixes #3391
Closes #3400

6 years agolibssh: free sftp_canonicalize_path() data correctly
Daniel Stenberg [Fri, 21 Dec 2018 13:22:42 +0000 (14:22 +0100)]
libssh: free sftp_canonicalize_path() data correctly

Assisted-by: Harry Sintonen
Fixes #3402
Closes #3403

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 21 Dec 2018 12:57:20 +0000 (13:57 +0100)]
RELEASE-NOTES: synced

6 years agohttp: added options for allowing HTTP/0.9 responses
Daniel Stenberg [Mon, 17 Dec 2018 14:46:56 +0000 (15:46 +0100)]
http: added options for allowing HTTP/0.9 responses

Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383

6 years agoif2ip: remove unused function Curl_if_is_interface_name
Daniel Stenberg [Thu, 20 Dec 2018 16:22:37 +0000 (17:22 +0100)]
if2ip: remove unused function Curl_if_is_interface_name

Closes #3401

6 years agohttp2: clear pause stream id if it gets closed
Daniel Stenberg [Thu, 20 Dec 2018 09:36:52 +0000 (10:36 +0100)]
http2: clear pause stream id if it gets closed

Reported-by: Florian Pritz
Fixes #3392
Closes #3399

6 years agowolfssl: Perform cleanup
David Garske [Wed, 19 Dec 2018 16:30:44 +0000 (08:30 -0800)]
wolfssl: Perform cleanup

This adds a cleanup callback for cyassl. Resolves possible memory leak
when using ECC fixed point cache.

Closes #3395
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
6 years agombedtls: follow-up VERIFYHOST fix from f097669248
Daniel Stenberg [Wed, 19 Dec 2018 07:46:39 +0000 (08:46 +0100)]
mbedtls: follow-up VERIFYHOST fix from f097669248

Fix-by: Eric Rosenquist
Fixes #3376
Closes #3390