]>
granicus.if.org Git - curl/log
Daniel Stenberg [Thu, 9 Nov 2017 06:51:11 +0000 (07:51 +0100)]
curl_multi_fdset.3: emphasize curl_multi_timeout
... even when there's no socket to wait for, the timeout can still be
very short.
Jay Satiro [Tue, 7 Nov 2017 05:46:59 +0000 (00:46 -0500)]
content_encoding: fix inflate_stream for no bytes available
- Don't call zlib's inflate() when avail_in stream bytes is 0.
This is a follow up to the parent commit
19e66e5 . Prior to that change
libcurl's inflate_stream could call zlib's inflate even when no bytes
were available, causing inflate to return Z_BUF_ERROR, and then
inflate_stream would treat that as a hard error and return
CURLE_BAD_CONTENT_ENCODING.
According to the zlib FAQ, Z_BUF_ERROR is not fatal.
This bug would happen randomly since packet sizes are arbitrary. A test
of 10,000 transfers had 55 fail (ie 0.55%).
Ref: https://zlib.net/zlib_faq.html#faq05
Closes https://github.com/curl/curl/pull/2060
Patrick Monnerat [Tue, 7 Nov 2017 01:38:34 +0000 (02:38 +0100)]
content_encoding: do not write 0 length data
Daniel Stenberg [Mon, 6 Nov 2017 08:01:53 +0000 (09:01 +0100)]
fnmatch: remove dead code
There was a duplicate check for backslashes in the setcharset()
function.
Coverity CID
1420611
Daniel Stenberg [Mon, 6 Nov 2017 07:21:30 +0000 (08:21 +0100)]
url: remove unncessary NULL-check
Since 'conn' won't be NULL in there and we also access the pointer in
there without the check.
Coverity CID
1420610
Viktor Szakats [Mon, 6 Nov 2017 01:03:49 +0000 (01:03 +0000)]
src/Makefile.m32: fix typo in brotli lib customization
Ref
cc1f4436099decb9d1a7034b2bb773a9f8379d31
Viktor Szakats [Sun, 5 Nov 2017 22:56:39 +0000 (22:56 +0000)]
Makefile.m32: allow to customize brotli libs
It adds the ability to link against static brotli libs.
Also fix brotli include path.
Patrick Monnerat [Sun, 5 Nov 2017 14:38:17 +0000 (15:38 +0100)]
travis: add a job with brotli enabled
Viktor Szakats [Sun, 5 Nov 2017 14:32:43 +0000 (15:32 +0100)]
Makefile.m32: add brotli support
Patrick Monnerat [Sun, 5 Nov 2017 14:28:16 +0000 (15:28 +0100)]
HTTP: implement Brotli content encoding
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.
Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.
Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
Patrick Monnerat [Sun, 5 Nov 2017 14:09:48 +0000 (15:09 +0100)]
HTTP: support multiple Content-Encodings
This is implemented as an output streaming stack of unencoders, the last
calling the client write procedure.
New test 230 checks this feature.
Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
Jay Satiro [Sat, 4 Nov 2017 22:36:07 +0000 (18:36 -0400)]
url: remove arg value check from CURLOPT_SSH_AUTH_TYPES
Since CURLSSH_AUTH_ANY (aka CURLSSH_AUTH_DEFAULT) is ~0 an arg value
check on this option is incorrect; we have to accept any value.
Prior to this change since
f121575 (7.56.1+) CURLOPT_SSH_AUTH_TYPES
erroneously rejected CURLSSH_AUTH_ANY with CURLE_BAD_FUNCTION_ARGUMENT.
Bug: https://github.com/curl/curl/commit/
f121575 #commitcomment-
25347120
Daniel Stenberg [Sat, 4 Nov 2017 15:42:21 +0000 (16:42 +0100)]
ntlm: avoid malloc(0) for zero length passwords
It triggers an assert() when built with memdebug since malloc(0) may
return NULL *or* a valid pointer.
Detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4054
Assisted-by: Max Dymond
Closes #2054
Daniel Stenberg [Sat, 4 Nov 2017 21:03:18 +0000 (22:03 +0100)]
RELEASE-NOTES: synced with
ee8016b3d
Daniel Stenberg [Sat, 4 Nov 2017 11:56:30 +0000 (12:56 +0100)]
curl: speed up handling of many URLs
By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).
Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.
Reported-by: arainchik on github
Fixes #1959
Closes #2052
Daniel Stenberg [Fri, 3 Nov 2017 13:04:53 +0000 (15:04 +0200)]
curl: pass through [] in URLs instead of calling globbing error
Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048
Daniel Stenberg [Fri, 3 Nov 2017 13:40:05 +0000 (14:40 +0100)]
CURLOPT_INFILESIZE: accept -1
Regression since
f121575
Reported-by: Petr Voytsik
Fixes #2047
Jay Satiro [Thu, 2 Nov 2017 04:30:28 +0000 (00:30 -0400)]
url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
Prior to this change since
f121575 (7.56.1+) CURLOPT_DNS_CACHE_TIMEOUT
erroneously rejected -1 with CURLE_BAD_FUNCTION_ARGUMENT.
Dan Fandrich [Wed, 1 Nov 2017 13:36:15 +0000 (14:36 +0100)]
http2: Fixed OOM handling in upgrade request
This caused the torture tests on test 1800 to fail.
Dan Fandrich [Wed, 1 Nov 2017 13:34:15 +0000 (14:34 +0100)]
tests: Fixed torture tests on tests 556 and 650
Test cleanup after OOM wasn't being consistently performed.
Daniel Stenberg [Tue, 31 Oct 2017 14:01:23 +0000 (15:01 +0100)]
CURLOPT_MAXREDIRS: allow -1 as a value
... which is valid according to documentation. Regression since
f121575c0b5f .
Verified now in test 501.
Reported-by: cbartl on github
Fixes #2038
Closes #2039
Daniel Stenberg [Wed, 1 Nov 2017 09:06:32 +0000 (10:06 +0100)]
include: remove conncache.h inclusion from where its not needed
Jay Satiro [Wed, 1 Nov 2017 06:11:30 +0000 (02:11 -0400)]
url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
.. also add same arg value check to CURLOPT_POSTFIELDSIZE_LARGE.
Prior to this change since
f121575 (7.56.1+) CURLOPT_POSTFIELDSIZE
erroneously rejected -1 value with CURLE_BAD_FUNCTION_ARGUMENT.
Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html
Reported-by: Andrew Lambert
Daniel Stenberg [Mon, 30 Oct 2017 15:42:25 +0000 (16:42 +0100)]
cookie: avoid NULL dereference
... when expiring old cookies.
Reported-by: Pavel Gushchin
Fixes #2032
Closes #2035
Marcel Raad [Fri, 27 Oct 2017 08:10:30 +0000 (10:10 +0200)]
memdebug: use send/recv signature for curl_dosend/curl_dorecv
This avoids build errors and warnings caused by implicit casts.
Closes https://github.com/curl/curl/pull/2031
Juro Bystricky [Fri, 27 Oct 2017 15:28:25 +0000 (08:28 -0700)]
mkhelp.pl: support reproducible build
Do not generate line with the current date, such as:
* Generation time: Tue Oct-24 18:01:41 2017
This will improve reproducibility. The generated string is only
part of a comment, so there should be no adverse consequences.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
closes #2026
Dan Fandrich [Mon, 30 Oct 2017 15:56:14 +0000 (16:56 +0100)]
runtests.pl: Fixed typo in message
Daniel Stenberg [Mon, 30 Oct 2017 15:41:02 +0000 (16:41 +0100)]
curlx: the timeval functions are no longer provided as curlx_*
Pointed-out-by: Dmitri Tikhonov
Bug: #2034
Daniel Stenberg [Mon, 30 Oct 2017 15:40:28 +0000 (16:40 +0100)]
select: update comments
s/curlx_tvnow/Curl_now
Daniel Stenberg [Mon, 30 Oct 2017 14:30:01 +0000 (15:30 +0100)]
INTERNALS: remove curlx_tv* functions no longer provided
Dmitri Tikhonov [Mon, 30 Oct 2017 12:12:41 +0000 (08:12 -0400)]
timeval: use mach time on MacOS
If clock_gettime() is not supported, use mach_absolute_time() on MacOS.
closes #2033
Patrick Monnerat [Sun, 29 Oct 2017 13:31:03 +0000 (14:31 +0100)]
cli tool: improve ";type=" handling in -F option arguments
Patrick Monnerat [Sun, 29 Oct 2017 12:57:16 +0000 (13:57 +0100)]
cli tool: in -F option arg, comma is a delimiter for files only
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.
Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
Daniel Stenberg [Sun, 29 Oct 2017 12:13:23 +0000 (13:13 +0100)]
timeleft: made two more users of Curl_timeleft use timediff_t
Jakub Zakrzewski [Sun, 10 Sep 2017 14:56:16 +0000 (16:56 +0200)]
cmake: Export libcurl and curl targets to use by other cmake projects
The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.
Closes #1879
Daniel Stenberg [Sat, 28 Oct 2017 14:49:27 +0000 (16:49 +0200)]
RELEASE-NOTES: synced with
f20cbac97
Florin [Sat, 7 Oct 2017 11:30:17 +0000 (13:30 +0200)]
auth: Added test cases for RFC7616
Updated docs to include support for RFC7616
Signed-off-by: Florin <petriuc.florin@gmail.com>
Closes #1934
Florin [Sat, 30 Sep 2017 18:30:55 +0000 (20:30 +0200)]
auth: add support for RFC7616 - HTTP Digest access authentication
Signed-off-by: Florin <petriuc.florin@gmail.com>
Daniel Bankhead [Fri, 20 Oct 2017 17:01:32 +0000 (13:01 -0400)]
TODO: support multiple Content-Encodings
Closes #2002
Daniel Stenberg [Sat, 28 Oct 2017 08:54:20 +0000 (10:54 +0200)]
ROADMAP: cleanup
Removed done stuff. Removed entries no longer considered for the near
term.
Magicansk [Sat, 28 Oct 2017 03:16:32 +0000 (11:16 +0800)]
ROADMAP.md: spelling fixes
Closes #2028
Daniel Stenberg [Thu, 26 Oct 2017 13:24:50 +0000 (15:24 +0200)]
Curl_timeleft: change return type to timediff_t
returning 'time_t' is problematic when that type is unsigned and we
return values less than zero to signal "already expired", used in
several places in the code.
Closes #2021
Daniel Stenberg [Fri, 27 Oct 2017 21:40:04 +0000 (23:40 +0200)]
appveyor: add a win32 build
Daniel Stenberg [Fri, 27 Oct 2017 20:56:33 +0000 (22:56 +0200)]
setopt: fix CURLOPT_SSH_AUTH_TYPES option read
Regression since
f121575c0b5f
Reported-by: Rob Cotrone
Marcel Raad [Thu, 26 Oct 2017 18:52:22 +0000 (20:52 +0200)]
resolvers: only include anything if needed
This avoids warnings about unused stuff.
Closes https://github.com/curl/curl/pull/2023
Daniel Stenberg [Fri, 27 Oct 2017 09:19:22 +0000 (11:19 +0200)]
HELP-US: rename the subtitle too since the label is changed
"PR-welcome" was the former name.
Daniel Stenberg [Fri, 27 Oct 2017 09:12:45 +0000 (11:12 +0200)]
curl_setup.h: oops, shorten the too long line
Martin Storsjo [Fri, 27 Oct 2017 08:21:01 +0000 (11:21 +0300)]
curl_setup: Improve detection of CURL_WINDOWS_APP
If WINAPI_FAMILY is defined, it should be safe to try to include
winapifamily.h to check what the define evaluates to.
This should fix detection of CURL_WINDOWS_APP if building with
_WIN32_WINNT set to 0x0600.
Closes #2025
Jay Satiro [Tue, 24 Oct 2017 20:08:26 +0000 (16:08 -0400)]
transfer: Fix chunked-encoding upload bug
- When uploading via chunked-encoding don't compare file size to bytes
sent to determine whether the upload has finished.
Chunked-encoding adds its own overhead which why the bytes sent is not
equal to the file size. Prior to this change if a file was uploaded in
chunked-encoding and its size was known it was possible that the upload
could end prematurely without sending the final few chunks. That would
result in a server hang waiting for the remaining data, likely followed
by a disconnect.
The scope of this bug is limited to some arbitrary file sizes which have
not been determined. One size that triggers the bug is 475020.
Bug: https://github.com/curl/curl/issues/2001
Reported-by: moohoorama@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2010
Daniel Stenberg [Thu, 26 Oct 2017 11:02:00 +0000 (13:02 +0200)]
timeval: make timediff_t also work on 32bit windows
... by using curl_off_t for the typedef if time_t is larger than 4
bytes.
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/
b9d25f9a6b3ca791385b80a6a3c3fa5ae113e1e0 #co
mmitcomment-
25205058
Closes #2019
Daniel Stenberg [Wed, 25 Oct 2017 21:53:30 +0000 (23:53 +0200)]
curl_fnmatch: return error on illegal wildcard pattern
... instead of doing an infinite loop!
Added test 1162 to verify.
Reported-by: Max Dymond
Fixes #2015
Closes #2017
Max Dymond [Wed, 25 Oct 2017 21:51:50 +0000 (22:51 +0100)]
wildcards: don't use with non-supported protocols
Fixes timeouts in the fuzzing tests for non-FTP protocols.
Closes #2016
Max Dymond [Wed, 11 Oct 2017 12:18:46 +0000 (13:18 +0100)]
multi: allow table handle sizes to be overridden
Allow users to specify their own hash define for
CURL_CONNECTION_HASH_SIZE so that both values can be overridden.
Closes #1982
Daniel Stenberg [Wed, 25 Oct 2017 09:59:43 +0000 (11:59 +0200)]
time: rename Curl_tvnow to Curl_now
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.
Also, cleaned up the Curl_timediff*() functions to avoid typecasts and
clean up the descriptive comments.
Closes #2011
Daniel Stenberg [Wed, 25 Oct 2017 16:19:44 +0000 (18:19 +0200)]
ftplistparser: follow-up cleanup to remove PL_ERROR()
Max Dymond [Wed, 25 Oct 2017 14:52:43 +0000 (15:52 +0100)]
ftplistparser: free off temporary memory always
When using the FTP list parser, ensure that the memory that's
allocated is always freed.
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3682
Closes #2013
Daniel Stenberg [Mon, 23 Oct 2017 10:05:49 +0000 (12:05 +0200)]
timediff: return timediff_t from the time diff functions
... to cater for systems with unsigned time_t variables.
- Renamed the functions to curlx_timediff and Curl_timediff_us.
- Added overflow protection for both of them in either direction for
both 32 bit and 64 bit time_ts
- Reprefixed the curlx_time functions to use Curl_*
Reported-by: Peter Piekarski
Fixes #2004
Closes #2005
Paul Howarth [Mon, 23 Oct 2017 17:51:36 +0000 (18:51 +0100)]
libtest: Add required test libraries for lib1552 and lib1553
They use $(TESTUTIL) and thus should use $(TESTUTIL_LIBS) too.
This fixes build failures on Fedora 13.
Closes #2006
Alessandro Ghedini [Mon, 23 Oct 2017 22:24:10 +0000 (23:24 +0100)]
libcurl-tutorial.3: fix typo
closes #2008
Alessandro Ghedini [Mon, 23 Oct 2017 22:23:23 +0000 (23:23 +0100)]
curl_mime_filedata.3: fix typos
Daniel Stenberg [Mon, 23 Oct 2017 11:33:04 +0000 (13:33 +0200)]
RELEASE-NOTES: clean slate towards 7.57.0
Max Dymond [Mon, 9 Oct 2017 08:10:51 +0000 (09:10 +0100)]
travis: exit if any steps fail
We don't expect any steps to fail in travis. Exit the script if they do.
Closes #1966
Daniel Stenberg [Sun, 22 Oct 2017 14:20:04 +0000 (16:20 +0200)]
RELEASE-NOTES: 7.56.1
Daniel Stenberg [Sun, 22 Oct 2017 21:32:03 +0000 (23:32 +0200)]
THANKS: update at 7.56.1 release time
Jon DeVree [Thu, 19 Oct 2017 15:54:04 +0000 (11:54 -0400)]
mk-ca-bundle: Remove URL for aurora
Aurora is no longer used by Mozilla
https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
Jon DeVree [Thu, 19 Oct 2017 12:40:54 +0000 (08:40 -0400)]
mk-ca-bundle: Fix URL for NSS
The 'tip' is the most recent branch committed to, this should be
'default' like the URLs for the browser are.
Closes #1998
Daniel Stenberg [Fri, 6 Oct 2017 22:11:31 +0000 (00:11 +0200)]
imap: if a FETCH response has no size, don't call write callback
CVE-2017-
1000257
Reported-by: Brian Carpenter and 0xd34db347
Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
Daniel Stenberg [Thu, 19 Oct 2017 12:41:14 +0000 (14:41 +0200)]
ftp: reject illegal IP/port in PASV 227 response
... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.
Closes #1997
Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
Patrick Monnerat [Fri, 20 Oct 2017 13:01:14 +0000 (14:01 +0100)]
test653: check reuse of easy handle after mime data change
See issue #1999
Patrick Monnerat [Fri, 20 Oct 2017 12:57:12 +0000 (13:57 +0100)]
mime: do not reuse previously computed multipart size
The contents might have changed: size must be recomputed.
Reported-by: moteus on github
Fixes #1999
Patrick Monnerat [Thu, 19 Oct 2017 19:16:05 +0000 (20:16 +0100)]
test308: disable if MultiSSL feature enabled
Even if OpenSSL is enabled, it might not be the default backend when
multi-ssl is enabled, causing the test to fail.
Patrick Monnerat [Thu, 19 Oct 2017 19:15:21 +0000 (20:15 +0100)]
runtests: support MultiSSL client feature
Patrick Monnerat [Thu, 19 Oct 2017 18:55:17 +0000 (19:55 +0100)]
vtls: change struct Curl_ssl `close' field name to `close_one'.
On OS/400, `close' is an ASCII system macro that corrupts the code if
not used in a context not targetting the close() system API.
Patrick Monnerat [Thu, 19 Oct 2017 17:48:21 +0000 (18:48 +0100)]
os400: add missing symbols in config file.
Also adjust makefile to renamed files and warn about installation dirs mix-up.
Patrick Monnerat [Thu, 19 Oct 2017 17:37:19 +0000 (18:37 +0100)]
test652: curl_mime_data + base64 encoder with large contents
Patrick Monnerat [Thu, 19 Oct 2017 17:33:27 +0000 (18:33 +0100)]
mime: limit bas64-encoded lines length to 76 characters
Daniel Stenberg [Mon, 16 Oct 2017 09:07:30 +0000 (11:07 +0200)]
RELEASE-NOTES: synced with
f121575c0
Daniel Stenberg [Sat, 14 Oct 2017 15:20:13 +0000 (17:20 +0200)]
setopt: range check most long options
... filter early instead of risking "funny values" having to be dealt
with elsewhere.
Daniel Stenberg [Tue, 3 Oct 2017 15:00:18 +0000 (17:00 +0200)]
setopt: avoid integer overflows when setting millsecond values
... that are multiplied by 1000 when stored.
For 32 bit long systems, the max value accepted (
2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.
Also updated the man pages for these timeout options to mention the
return code.
Closes #1938
Viktor Szakats [Sun, 15 Oct 2017 19:42:32 +0000 (19:42 +0000)]
makefile.m32: allow to override gcc, ar and ranlib
Allow to ovverride certain build tools, making it possible to
use LLVM/Clang to build curl. The default behavior is unchanged.
To build with clang (as offered by MSYS2), these settings can
be used:
CURL_CC=clang
CURL_AR=llvm-ar
CURL_RANLIB=llvm-ranlib
Closes https://github.com/curl/curl/pull/1993
Viktor Szakats [Sun, 15 Oct 2017 15:59:43 +0000 (15:59 +0000)]
ldap: silence clang warning
Use memset() to initialize a structure to avoid LLVM/Clang warning:
ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers]
Closes https://github.com/curl/curl/pull/1992
Daniel Stenberg [Tue, 10 Oct 2017 20:52:17 +0000 (22:52 +0200)]
runtests: use valgrind for torture as well
NOTE: it makes them terribly slow. I recommend only using valgrind for
specific torture tests or using lots of patience.
Daniel Stenberg [Tue, 10 Oct 2017 14:56:35 +0000 (16:56 +0200)]
memdebug: trace send, recv and socket
... to allow them to be included in torture tests too.
closes #1980
Daniel Stenberg [Sat, 14 Oct 2017 11:52:51 +0000 (13:52 +0200)]
configure: remove the C++ compiler check
... we used it only for the fuzzer, which we now have in a separate git
repo.
Closes #1990
Patrick Monnerat [Fri, 13 Oct 2017 16:16:57 +0000 (17:16 +0100)]
mime: do not call failf() if easy handle is NULL.
Daniel Stenberg [Thu, 12 Oct 2017 18:00:43 +0000 (20:00 +0200)]
test651: curl_formadd with huge COPYCONTENTS
Daniel Stenberg [Thu, 12 Oct 2017 22:13:41 +0000 (00:13 +0200)]
mime: fix the content reader to handle >16K data properly
Reported-by: Jeroen Ooms
Closes #1988
Patrick Monnerat [Thu, 12 Oct 2017 18:36:16 +0000 (19:36 +0100)]
mime: keep "text/plain" content type if user-specified.
Include test cases in 554, 587, 650.
Fixes https://github.com/curl/curl/issues/1986
Patrick Monnerat [Thu, 12 Oct 2017 15:42:02 +0000 (16:42 +0100)]
cli tool: use file2memory() to buffer stdin in -F option.
Closes PR https://github.com/curl/curl/pull/1985
Patrick Monnerat [Thu, 12 Oct 2017 13:25:59 +0000 (14:25 +0100)]
cli tool: reimplement stdin buffering in -F option.
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.
--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.
Buffering is not supported in deprecated curl_formadd() API.
Daniel Stenberg [Thu, 12 Oct 2017 11:54:00 +0000 (13:54 +0200)]
winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
Daniel Stenberg [Thu, 12 Oct 2017 07:50:52 +0000 (09:50 +0200)]
HELP-US: the label "PR-welcome" is now renamed to "help wanted"
following the new github "standard"
Daniel Stenberg [Wed, 11 Oct 2017 10:00:19 +0000 (12:00 +0200)]
RELEASE-NOTES: synced with
5505df7d2
Artak Galoyan [Thu, 5 Oct 2017 19:43:13 +0000 (15:43 -0400)]
url: Update current connection SSL verify params in setopt
Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active
connection updates the current connection's (i.e.'connectdata'
structure) appropriate ssl_config (and ssl_proxy_config) structures
variables, making these options effective for ongoing connection.
This functionality was available before and was broken by the
following change:
"proxy: Support HTTPS proxy and SOCKS+HTTP(s)"
CommitId:
cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151 .
Bug: https://github.com/curl/curl/issues/1941
Closes https://github.com/curl/curl/pull/1951
David Benjamin [Mon, 9 Oct 2017 15:41:02 +0000 (11:41 -0400)]
openssl: don't use old BORINGSSL_YYYYMM macros
Those were temporary things we'd add and remove for our own convenience
long ago. The last few stayed around for too long as an oversight but
have since been removed. These days we have a running
BORINGSSL_API_VERSION counter which is bumped when we find it
convenient, but 2015-11-19 was quite some time ago, so just check
OPENSSL_IS_BORINGSSL.
Closes #1979
Daniel Stenberg [Tue, 10 Oct 2017 14:59:13 +0000 (16:59 +0200)]
test950; verify SMTP with custom request
Daniel Stenberg [Tue, 10 Oct 2017 14:58:40 +0000 (16:58 +0200)]
ftpserver: support case insensitive commands
Daniel Stenberg [Tue, 10 Oct 2017 12:34:57 +0000 (14:34 +0200)]
smtp_done: free data before returning (on send failure)
... as otherwise it could leak that memory.
Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600
Assisted-by: Max Dymond
Closes #1977
Daniel Stenberg [Tue, 10 Oct 2017 10:02:11 +0000 (12:02 +0200)]
FTP: URL decode path for dir listing in nocwd mode
Reported-by: Zenju on github
Test 244 added to verify
Fixes #1974
Closes #1976
Daniel Stenberg [Mon, 9 Oct 2017 20:50:40 +0000 (22:50 +0200)]
test298: verify --ftp-method nowcwd with URL encoded path
Ref: #1974