]> granicus.if.org Git - curl/log
curl
5 years agovauth/cleartext: Update the PLAIN login function signature to match RFC 4616
Steve Holme [Wed, 10 Apr 2019 21:17:02 +0000 (22:17 +0100)]
vauth/cleartext: Update the PLAIN login function signature to match RFC 4616

Functionally this doesn't change anything as we still use the username
for both the authorisation identity and the authentication identity.

Closes #3757

5 years agotest1906: verify CURLOPT_CURLU + CURLOPT_PORT usage
Daniel Stenberg [Thu, 11 Apr 2019 09:28:11 +0000 (11:28 +0200)]
test1906: verify CURLOPT_CURLU + CURLOPT_PORT usage

Based-on-code-by: Poul T Lomholt
5 years agourl: always clone the CUROPT_CURLU handle
Daniel Stenberg [Thu, 11 Apr 2019 10:49:20 +0000 (12:49 +0200)]
url: always clone the CUROPT_CURLU handle

Since a few code paths actually update that data.

Fixes #3753
Closes #3761

Reported-by: Poul T Lomholt
5 years agoCURLOPT_DNS_USE_GLOBAL_CACHE: remove
Daniel Stenberg [Thu, 7 Mar 2019 14:39:43 +0000 (15:39 +0100)]
CURLOPT_DNS_USE_GLOBAL_CACHE: remove

Remove the code too. The functionality has been disabled in code since
7.62.0. Setting this option will from now on simply be ignored and have
no function.

Closes #3654

5 years agotravis: install libgnutls28-dev only for --with-gnutls build
Marcel Raad [Tue, 2 Apr 2019 13:06:47 +0000 (15:06 +0200)]
travis: install libgnutls28-dev only for --with-gnutls build

Reduces the time needed for the other jobs a little.

Closes https://github.com/curl/curl/pull/3721

5 years agotravis: install libnss3-dev only for --with-nss build
Marcel Raad [Tue, 2 Apr 2019 12:58:33 +0000 (14:58 +0200)]
travis: install libnss3-dev only for --with-nss build

Reduces the time needed for the other jobs a little.

Closes https://github.com/curl/curl/pull/3721

5 years agotravis: install libssh2-dev only for --with-libssh2 build
Marcel Raad [Tue, 2 Apr 2019 12:56:18 +0000 (14:56 +0200)]
travis: install libssh2-dev only for --with-libssh2 build

Reduces the time needed for the other jobs a little.

Closes https://github.com/curl/curl/pull/3721

5 years agotravis: install libssh-dev only for --with-libssh build
Marcel Raad [Tue, 2 Apr 2019 12:51:21 +0000 (14:51 +0200)]
travis: install libssh-dev only for --with-libssh build

Reduces the time needed for the other jobs a little.

Closes https://github.com/curl/curl/pull/3721

5 years agotravis: install krb5-user only for --with-gssapi build
Marcel Raad [Tue, 2 Apr 2019 12:46:23 +0000 (14:46 +0200)]
travis: install krb5-user only for --with-gssapi build

Reduces the time needed for the other jobs a little.

Closes https://github.com/curl/curl/pull/3721

5 years agotravis: install lcov only for the coverage job
Marcel Raad [Tue, 2 Apr 2019 12:35:19 +0000 (14:35 +0200)]
travis: install lcov only for the coverage job

Reduces the time needed for the other jobs a little.

Closes https://github.com/curl/curl/pull/3721

5 years agotravis: install clang only when needed
Marcel Raad [Tue, 2 Apr 2019 12:31:06 +0000 (14:31 +0200)]
travis: install clang only when needed

This reduces the GCC job runtimes a little and it's needed to
selectively update clang builds to xenial.

Closes https://github.com/curl/curl/pull/3721

5 years agoAppVeyor: enable testing for WinSSL build
Marcel Raad [Sun, 24 Feb 2019 18:05:28 +0000 (19:05 +0100)]
AppVeyor: enable testing for WinSSL build

Closes https://github.com/curl/curl/pull/3725

5 years agobuild: fix Codacy/CppCheck warnings
Marcel Raad [Fri, 5 Apr 2019 17:57:29 +0000 (19:57 +0200)]
build: fix Codacy/CppCheck warnings

- remove unused variables
- declare conditionally used variables conditionally
- suppress unused variable warnings in the CMake tests
- remove dead variable stores
- consistently use WIN32 macro to detect Windows

Closes https://github.com/curl/curl/pull/3739

5 years agopolarssl_threadlock: remove conditionally unused code
Marcel Raad [Fri, 5 Apr 2019 17:46:05 +0000 (19:46 +0200)]
polarssl_threadlock: remove conditionally unused code

Make functions no-ops if neither both USE_THREADS_POSIX and
HAVE_PTHREAD_H nor both USE_THREADS_WIN32 and HAVE_PROCESS_H are
defined. Previously, if only one of them was defined, there was either
code compiled that did nothing useful or the wrong header included for
the functions used.

Also, move POLARSSL_MUTEX_T define to implementation file as it's not
used externally.

Closes https://github.com/curl/curl/pull/3739

5 years agolib557: initialize variables
Marcel Raad [Fri, 5 Apr 2019 09:18:12 +0000 (11:18 +0200)]
lib557: initialize variables

These variables are only conditionally initialized.

Closes https://github.com/curl/curl/pull/3739

5 years agolib509: add missing include for strdup
Marcel Raad [Fri, 5 Apr 2019 09:12:25 +0000 (11:12 +0200)]
lib509: add missing include for strdup

Closes https://github.com/curl/curl/pull/3739

5 years agoREADME.md: fix no-consecutive-blank-lines Codacy warning
Marcel Raad [Fri, 5 Apr 2019 07:56:57 +0000 (09:56 +0200)]
README.md: fix no-consecutive-blank-lines Codacy warning

Consistently use one blank line between blocks.

Closes https://github.com/curl/curl/pull/3739

5 years agotests/server/util: fix Windows Unicode build
Marcel Raad [Wed, 10 Apr 2019 17:26:35 +0000 (19:26 +0200)]
tests/server/util: fix Windows Unicode build

Always use the ANSI version of FormatMessage as we don't have the
curl_multibyte gear available here.

Closes https://github.com/curl/curl/pull/3758

5 years agocurl_easy_getinfo.3: fix minor formatting mistake
Daniel Stenberg [Thu, 11 Apr 2019 14:06:40 +0000 (16:06 +0200)]
curl_easy_getinfo.3: fix minor formatting mistake

5 years agoxattr: skip unittest on unsupported platforms
Daniel Gustafsson [Thu, 11 Apr 2019 07:22:22 +0000 (09:22 +0200)]
xattr: skip unittest on unsupported platforms

The stripcredentials unittest fails to compile on platforms without
xattr support, for example the Solaris member in the buildfarm which
fails with the following:

  CC unit1621-unit1621.o
  CC ../libtest/unit1621-first.o
  CCLD unit1621
  Undefined first referenced
  symbol in file
  stripcredentials unit1621-unit1621.o
  goto problem 2
  ld: fatal: symbol referencing errors. No output written to .libs/unit1621
  collect2: error: ld returned 1 exit status
  gmake[2]: *** [Makefile:996: unit1621] Error 1

Fix by excluding the test on such platforms by using the reverse
logic from where stripcredentials() is defined.

Closes #3759
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agoemailL Added reference to RFC8314 for implicit TLS
Steve Holme [Thu, 11 Apr 2019 00:19:15 +0000 (01:19 +0100)]
emailL Added reference to RFC8314 for implicit TLS

5 years agoREADME: Schannel, stop calling it "winssl"
Steve Holme [Tue, 9 Apr 2019 19:34:10 +0000 (20:34 +0100)]
README: Schannel, stop calling it "winssl"

Stick to "Schannel" everywhere - follow up to 180501cb.

5 years agocmake: clear CMAKE_REQUIRED_LIBRARIES after each use
Jakub Zakrzewski [Sun, 7 Apr 2019 10:38:09 +0000 (12:38 +0200)]
cmake: clear CMAKE_REQUIRED_LIBRARIES after each use

This fixes GSSAPI builds with the libraries in a non-standard location.
The testing for recv() were failing because it failed to link
the Kerberos libraries, which are not needed for this or subsequent
tests.

fixes #3743
closes #3744

5 years agocmake: avoid linking executable for some tests with cmake 3.6+
Jakub Zakrzewski [Sun, 7 Apr 2019 10:43:38 +0000 (12:43 +0200)]
cmake: avoid linking executable for some tests with cmake 3.6+

With CMAKE_TRY_COMPILE_TARGET_TYPE set to STATIC_LIBRARY, the try_compile()
(which is used by check_c_source_compiles()) will build static library
instead of executable. This avoids linking additional libraries in and thus
speeds up those checks a little.

This commit also avoids #3743 (GSSAPI build errors) on itself with cmake
3.6 or above. That issue was fixed separately for all versions.

Ref: #3744

5 years agocmake: minor cleanup
Jakub Zakrzewski [Sun, 7 Apr 2019 10:05:23 +0000 (12:05 +0200)]
cmake: minor cleanup

- Remove nneeded include_regular_expression.
  It was setting what is already a default.

- Remove duplicated include.

- Don't check for pre-3.0.0 CMake version.
  We already require at least 3.0.0, so it's just clutter.

Ref: #3744

5 years agobuild-openssl.bat: Fixed support for OpenSSL v1.1.0+
Steve Holme [Sat, 10 Feb 2018 15:28:10 +0000 (15:28 +0000)]
build-openssl.bat: Fixed support for OpenSSL v1.1.0+

5 years agobuild-openssl.bat: Perfer the use of if statements rather than goto (where possible)
Steve Holme [Sat, 6 Apr 2019 21:07:58 +0000 (22:07 +0100)]
build-openssl.bat: Perfer the use of if statements rather than goto (where possible)

5 years agobuild-openssl.bat: Perform the install for each build type directly after the build
Steve Holme [Sat, 6 Apr 2019 21:46:30 +0000 (22:46 +0100)]
build-openssl.bat: Perform the install for each build type directly after the build

5 years agobuild-openssl.bat: Split the install of static and shared build types
Steve Holme [Sat, 6 Apr 2019 19:00:21 +0000 (20:00 +0100)]
build-openssl.bat: Split the install of static and shared build types

5 years agobuild-openssl.bat: Split the building of static and shared build types
Steve Holme [Sun, 31 Mar 2019 15:45:03 +0000 (17:45 +0200)]
build-openssl.bat: Split the building of static and shared build types

5 years agobuild-openssl.bat: Move the installation into a separate function
Steve Holme [Sun, 31 Mar 2019 09:55:55 +0000 (11:55 +0200)]
build-openssl.bat: Move the installation into a separate function

5 years agobuild-openssl.bat: Move the build step into a separate function
Steve Holme [Thu, 8 Feb 2018 22:05:31 +0000 (22:05 +0000)]
build-openssl.bat: Move the build step into a separate function

5 years agobuild-openssl.bat: Move the OpenSSL configuration into a separate function
Steve Holme [Sun, 31 Mar 2019 08:00:12 +0000 (10:00 +0200)]
build-openssl.bat: Move the OpenSSL configuration into a separate function

5 years agobuild-openssl.bat: Fixed the BUILD_CONFIG variable not being initialised
Steve Holme [Thu, 8 Feb 2018 21:55:26 +0000 (21:55 +0000)]
build-openssl.bat: Fixed the BUILD_CONFIG variable not being initialised

Should the parent environment set this variable then the build might
not be performed as the user intended.

5 years agosocks: fix error message
Daniel Stenberg [Mon, 8 Apr 2019 16:41:43 +0000 (18:41 +0200)]
socks: fix error message

5 years agoconfig.d: clarify that initial : and = might need quoting [skip ci]
Daniel Stenberg [Sun, 7 Apr 2019 22:16:21 +0000 (00:16 +0200)]
config.d: clarify that initial : and = might need quoting [skip ci]

Fixes #3738
Closes #3749

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 8 Apr 2019 19:42:05 +0000 (21:42 +0200)]
RELEASE-NOTES: synced

bumped to 7.65.0 for next release

5 years agosocks5: user name and passwords must be shorter than 256
Daniel Stenberg [Fri, 5 Apr 2019 20:50:22 +0000 (22:50 +0200)]
socks5: user name and passwords must be shorter than 256

bytes... since the protocol needs to store the length in a single byte field.

Reported-by: XmiliaH on github
Fixes #3737
Closes #3740

5 years agotest: urlapi: urlencode characters above 0x7f correctly
Jakub Zakrzewski [Sat, 6 Apr 2019 11:47:43 +0000 (13:47 +0200)]
test: urlapi: urlencode characters above 0x7f correctly

5 years agourlapi: urlencode characters above 0x7f correctly
Jakub Zakrzewski [Sat, 6 Apr 2019 11:48:18 +0000 (13:48 +0200)]
urlapi: urlencode characters above 0x7f correctly

fixes #3741
Closes #3742

5 years agomulti_runsingle(): fix use-after-free
Even Rouault [Sun, 7 Apr 2019 12:07:35 +0000 (14:07 +0200)]
multi_runsingle(): fix use-after-free

Fixes #3745
Closes #3746

The following snippet
```

int main()
{
    CURL* hCurlHandle = curl_easy_init();
    curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com");
    curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1");
    curl_easy_perform(hCurlHandle);
    curl_easy_cleanup(hCurlHandle);
    return 0;
}
```
triggers the following Valgrind warning

```
==4125== Invalid read of size 8
==4125==    at 0x4E7D1EE: Curl_llist_remove (llist.c:97)
==4125==    by 0x4E7EF5C: detach_connnection (multi.c:798)
==4125==    by 0x4E80545: multi_runsingle (multi.c:1451)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
==4125==  Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd
==4125==    at 0x4C2ECF0: free (vg_replace_malloc.c:530)
==4125==    by 0x4E62C36: conn_free (url.c:756)
==4125==    by 0x4E62D34: Curl_disconnect (url.c:818)
==4125==    by 0x4E48DF9: Curl_once_resolved (hostip.c:1097)
==4125==    by 0x4E8052D: multi_runsingle (multi.c:1446)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
==4125==  Block was alloc'd at
==4125==    at 0x4C2F988: calloc (vg_replace_malloc.c:711)
==4125==    by 0x4E6438E: allocate_conn (url.c:1654)
==4125==    by 0x4E685B4: create_conn (url.c:3496)
==4125==    by 0x4E6968F: Curl_connect (url.c:4023)
==4125==    by 0x4E802E7: multi_runsingle (multi.c:1368)
==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
==4125==    by 0x4E76915: easy_perform (easy.c:719)
==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
==4125==    by 0x4008BE: main (in /home/even/curl/test)
```

This has been bisected to commit 2f44e94

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109
Credit to OSS Fuzz

5 years agopipelining: removed
Daniel Stenberg [Fri, 5 Apr 2019 14:38:36 +0000 (16:38 +0200)]
pipelining: removed

As previously planned and documented in DEPRECATE.md, all pipelining
code is removed.

Closes #3651

5 years agotests: make Impacket (SMB server) Python 3 compatible
cclauss [Thu, 4 Apr 2019 23:32:39 +0000 (01:32 +0200)]
tests: make Impacket (SMB server) Python 3 compatible

Closes #3731
Fixes #3289

5 years agocmake: set SSL_BACKENDS
Simon Warta [Fri, 5 Apr 2019 14:57:03 +0000 (16:57 +0200)]
cmake: set SSL_BACKENDS

This groups all SSL backends into the feature "SSL" and sets the
SSL_BACKENDS analogue to configure.ac

Closes https://github.com/curl/curl/pull/3736

5 years agocmake: don't run SORT on empty list
Simon Warta [Sat, 6 Apr 2019 13:05:50 +0000 (15:05 +0200)]
cmake: don't run SORT on empty list

In case of an empty list, SORTing leads to the cmake error "list
sub-command SORT requires list to be present."

Closes https://github.com/curl/curl/pull/3736

5 years agoconfigure: fix default location for fish completions
Eli Schwartz [Wed, 3 Apr 2019 00:43:29 +0000 (20:43 -0400)]
configure: fix default location for fish completions

Fish defines a vendor completions directory for completions that are not
installed as part of the fish project itself, and the vendor completions
are preferred if they exist. This prevents trying to overwrite the
builtin curl.fish completion (or creating file conflicts in distro
packaging).

Prefer the pkg-config defined location exported by fish, if it can be
found, and fall back to the correct directory defined by most systems.

Closes #3723
Reviewed-by: Daniel Gustafsson
5 years agoftplistparser: fix LGTM alert "Empty block without comment"
Marcel Raad [Fri, 5 Apr 2019 07:20:13 +0000 (09:20 +0200)]
ftplistparser: fix LGTM alert "Empty block without comment"

Removing the block is consistent with line 954/957.

Closes https://github.com/curl/curl/pull/3732

5 years agotransfer: fix LGTM alert "Comparison is always true"
Marcel Raad [Fri, 5 Apr 2019 07:14:28 +0000 (09:14 +0200)]
transfer: fix LGTM alert "Comparison is always true"

Just remove the redundant condition, which also makes it clear that
k->buf is always 0-terminated if this break is not hit.

Closes https://github.com/curl/curl/pull/3732

5 years agosmtp: fix compiler warning
Rikard Falkeborn [Thu, 4 Apr 2019 21:13:56 +0000 (23:13 +0200)]
smtp: fix compiler warning

- Fix clang string-plus-int warning.

Clang 8 warns about adding a string to an int does not append to the
string. Indeed it doesn't, but that was not the intention either. Use
array indexing as suggested to silence the warning. There should be no
functional changes.

(In other words clang warns about "foo"+2 but not &"foo"[2] so use the
latter.)

smtp.c:1221:29: warning: adding 'int' to a string does not append to the
string [-Wstring-plus-int]
      eob = strdup(SMTP_EOB + 2);
            ~~~~~~~~~~~~~~~~^~~~

Closes https://github.com/curl/curl/pull/3729

5 years agoVS projects: use Unicode for VC10+
Marcel Raad [Tue, 2 Apr 2019 11:11:34 +0000 (13:11 +0200)]
VS projects: use Unicode for VC10+

All Windows APIs have been natively UTF-16 since Windows 2000 and the
non-Unicode variants are just wrappers around them. Only Windows 9x
doesn't understand Unicode without the UnicoWS DLL. As later Visual
Studio versions cannot target Windows 9x anyway, using the ANSI API
doesn't really have any benefit there.

This avoids issues like KNOWN_BUGS 6.5.

Ref: https://github.com/curl/curl/issues/2120
Closes https://github.com/curl/curl/pull/3720

5 years agoRELEASE-NOTES: synced
Daniel Gustafsson [Wed, 3 Apr 2019 20:29:02 +0000 (22:29 +0200)]
RELEASE-NOTES: synced

Bump the version in progress to 7.64.2, if we merge any "change"
before the cut-off date we can update the version.

5 years agodocumentation: Fix several typos
Tim Rühsen [Wed, 3 Apr 2019 15:16:18 +0000 (17:16 +0200)]
documentation: Fix several typos

Closes #3724
Reviewed-by: Jakub Zakrzewski
Reviewed-by: Daniel Gustafsson
5 years agovauth/oauth2: Fix OAUTHBEARER token generation
Mert Yazıcıoğlu [Sun, 16 Dec 2018 12:45:40 +0000 (15:45 +0300)]
vauth/oauth2: Fix OAUTHBEARER token generation

OAUTHBEARER tokens were incorrectly generated in a format similar to
XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the
RFC7628.

Fixes: #2487
Reported-by: Paolo Mossino
Closes https://github.com/curl/curl/pull/3377

5 years agotool_cb_wrt: fix bad-function-cast warning
Marcel Raad [Mon, 1 Apr 2019 16:40:01 +0000 (18:40 +0200)]
tool_cb_wrt: fix bad-function-cast warning

Commit f5bc578f4cdfdc6c708211dfc2962a0e9d79352d reintroduced the
warning fixed in commit 2f5f31bb57d68b54e03bffcd9648aece1fe564f8.
Extend fhnd's scope and reuse that variable instead of calling
_get_osfhandle a second time to fix the warning again.

Closes https://github.com/curl/curl/pull/3718

5 years agoVC15 project: remove MinimalRebuild
Marcel Raad [Mon, 1 Apr 2019 17:18:08 +0000 (19:18 +0200)]
VC15 project: remove MinimalRebuild

Already done in commit d5cfefd0ea8e331b884186bff484210fad36e345 for the
library project, but I forgot the tool project template. Now also
removed for that.

5 years agocirrus: Customize the disabled tests per FreeBSD version
Dan Fandrich [Sun, 31 Mar 2019 16:45:38 +0000 (18:45 +0200)]
cirrus: Customize the disabled tests per FreeBSD version

Try to run as many test cases as possible on each OS version.
12.0 passes 13 more tests than the older versions, so we might as well
run them.

5 years agotool_help: include <strings.h> for strcasecmp
Daniel Stenberg [Sat, 30 Mar 2019 05:46:30 +0000 (06:46 +0100)]
tool_help: include <strings.h> for strcasecmp

Reported-by: Wyatt O'Day
Fixes #3715
Closes #3716

5 years agoscripts: fix typos
Daniel Gustafsson [Sun, 31 Mar 2019 20:39:29 +0000 (22:39 +0200)]
scripts: fix typos

5 years agotravis: allow builds on branches named "ci"
Dan Fandrich [Fri, 15 Mar 2019 13:38:48 +0000 (14:38 +0100)]
travis: allow builds on branches named "ci"

This allows a way to test changes other than through PRs.

5 years agoresolve: apply Happy Eyeballs philosophy to parallel c-ares queries
Brad Spencer [Tue, 15 Jan 2019 18:39:41 +0000 (14:39 -0400)]
resolve: apply Happy Eyeballs philosophy to parallel c-ares queries

Closes #3699

5 years agomulti: improved HTTP_1_1_REQUIRED handling
Daniel Stenberg [Wed, 27 Mar 2019 22:28:13 +0000 (23:28 +0100)]
multi: improved HTTP_1_1_REQUIRED handling

Make sure to downgrade to 1.1 even when we get this HTTP/2 stream error
on first flight.

Reported-by: niner on github
Fixes #3696
Closes #3707

5 years agoconfigure: avoid unportable `==' test(1) operator
Leonardo Taccari [Wed, 27 Mar 2019 12:56:59 +0000 (13:56 +0100)]
configure: avoid unportable `==' test(1) operator

Closes #3709

5 years agoRELEASE: 7.64.1 curl-7_64_1
Daniel Stenberg [Wed, 27 Mar 2019 06:53:33 +0000 (07:53 +0100)]
RELEASE: 7.64.1

5 years agoRevert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set"
Daniel Stenberg [Tue, 26 Mar 2019 23:19:15 +0000 (00:19 +0100)]
Revert "ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set"

This reverts commit 9130ead9fcabdb6b8fbdb37c0b38be2d326adb00.

Fixes #3708

5 years agontlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set
Christian Schmitz [Tue, 26 Mar 2019 08:53:03 +0000 (09:53 +0100)]
ntlm: remove USE_WIN32_CRYPTO check to get USE_NTLM2SESSION set

Closes #3704

5 years agotool_cb_wrt: fix writing to Windows null device NUL
Jay Satiro [Tue, 26 Mar 2019 07:31:30 +0000 (03:31 -0400)]
tool_cb_wrt: fix writing to Windows null device NUL

- Improve console detection.

Prior to this change WriteConsole could be called to write to a handle
that may not be a console, which would cause an error. This issue is
limited to character devices that are not also consoles such as the null
device NUL.

Bug: https://github.com/curl/curl/issues/3175#issuecomment-439068724
Reported-by: Gisle Vanem
5 years agoCURLMOPT_PIPELINING.3: fix typo
Jay Satiro [Mon, 25 Mar 2019 21:12:19 +0000 (17:12 -0400)]
CURLMOPT_PIPELINING.3: fix typo

5 years agoTODO: config file parsing
Daniel Stenberg [Mon, 25 Mar 2019 21:03:00 +0000 (22:03 +0100)]
TODO: config file parsing

Closes #3698

5 years agoos400: Disable Alt-Svc by default since it's experimental
Jay Satiro [Mon, 18 Mar 2019 20:33:58 +0000 (16:33 -0400)]
os400: Disable Alt-Svc by default since it's experimental

Follow-up to 520f0b4 which added Alt-Svc support and enabled it by
default for OS400. Since the feature is experimental, it should be
disabled by default.

Ref: https://github.com/curl/curl/commit/520f0b4#commitcomment-32792332
Ref: https://curl.haxx.se/mail/lib-2019-02/0008.html

Closes https://github.com/curl/curl/pull/3688

5 years agotests: Fixed XML validation errors in some test files.
Dan Fandrich [Sun, 24 Mar 2019 14:19:50 +0000 (15:19 +0100)]
tests: Fixed XML validation errors in some test files.

5 years agotests: Fix some incorrect precheck error messages.
Dan Fandrich [Sun, 24 Mar 2019 12:02:05 +0000 (13:02 +0100)]
tests: Fix some incorrect precheck error messages.

[ci skip]

5 years agocurl_url.3: this is not experimental anymore
Daniel Stenberg [Fri, 22 Mar 2019 17:33:06 +0000 (18:33 +0100)]
curl_url.3: this is not experimental anymore

5 years agotravis: bump the used wolfSSL version to 4.0.0
Daniel Stenberg [Fri, 22 Mar 2019 09:59:51 +0000 (10:59 +0100)]
travis: bump the used wolfSSL version to 4.0.0

Test 311 is now fine, leaving only 313 (CRL) disabled.

Test 313 details can be found here:
https://github.com/wolfSSL/wolfssl/issues/1546

Closes #3697

5 years agolib: Fix typos in comments
Daniel Gustafsson [Fri, 22 Mar 2019 10:38:11 +0000 (11:38 +0100)]
lib: Fix typos in comments

5 years agoopenssl: if cert type is ENG and no key specified, key is ENG too
David Woodhouse [Wed, 20 Mar 2019 20:10:44 +0000 (13:10 -0700)]
openssl: if cert type is ENG and no key specified, key is ENG too

Fixes #3692
Closes #3692

5 years agosectransp: tvOS 11 is required for ALPN support
Daniel Stenberg [Tue, 19 Mar 2019 09:19:40 +0000 (10:19 +0100)]
sectransp: tvOS 11 is required for ALPN support

Reported-by: nianxuejie on github
Assisted-by: Nick Zitzmann
Assisted-by: Jay Satiro
Fixes #3689
Closes #3690

5 years agotest1541: threaded connection sharing
Daniel Stenberg [Sun, 17 Mar 2019 22:37:35 +0000 (23:37 +0100)]
test1541: threaded connection sharing

The threaded-shared-conn.c example turned into test case. Only works if
pthread was detected.

An attempt to detect future regressions such as e3a53e3efb942a5

Closes #3687

5 years agoos400: alt-svc support.
Patrick Monnerat [Sun, 17 Mar 2019 17:54:36 +0000 (18:54 +0100)]
os400: alt-svc support.

Although experimental, enable it in the platform config file.
Upgrade ILE/RPG binding.

5 years agoconncache: use conn->data to know if a transfer owns it
Daniel Stenberg [Sat, 16 Mar 2019 23:49:21 +0000 (00:49 +0100)]
conncache: use conn->data to know if a transfer owns it

- make sure an already "owned" connection isn't returned unless
  multiplexed.

- clear ->data when returning the connection to the cache again

Regression since 7.62.0 (probably in commit 1b76c38904f0)

Bug: https://curl.haxx.se/mail/lib-2019-03/0064.html

Closes #3686

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 15 Mar 2019 10:00:24 +0000 (11:00 +0100)]
RELEASE-NOTES: synced

5 years agoconfigure: add --with-amissl
Chris Young [Fri, 8 Mar 2019 00:06:59 +0000 (00:06 +0000)]
configure: add --with-amissl

AmiSSL is an Amiga native library which provides a wrapper over OpenSSL.
It also requires all programs using it to use bsdsocket.library
directly, rather than accessing socket functions through clib, which
libcurl was not necessarily doing previously. Configure will now check
for the headers and ensure they are included if found.

Closes #3677

5 years agovtls: rename some of the SSL functions
Chris Young [Tue, 12 Mar 2019 22:50:28 +0000 (22:50 +0000)]
vtls: rename some of the SSL functions

... in the SSL structure as AmiSSL is using macros for the socket API
functions.

5 years agotool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
Chris Young [Sun, 10 Mar 2019 22:49:31 +0000 (22:49 +0000)]
tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr

5 years agotool_operate: build on AmigaOS
Chris Young [Sun, 10 Mar 2019 16:13:40 +0000 (16:13 +0000)]
tool_operate: build on AmigaOS

5 years agomakefile: make checksrc and hugefile commands "silent"
Daniel Stenberg [Thu, 14 Mar 2019 09:40:38 +0000 (10:40 +0100)]
makefile: make checksrc and hugefile commands "silent"

... to match the style already used for compiling, linking
etc. Acknowledges 'make V=1' to enable verbose.

Closes #3681

5 years agocurl.1: --user and --proxy-user are hidden from ps output
Daniel Stenberg [Thu, 14 Mar 2019 10:49:35 +0000 (11:49 +0100)]
curl.1: --user and --proxy-user are hidden from ps output

Suggested-by: Eric Curtin
Improved-by: Dan Fandrich
Ref: #3680

Closes #3683

5 years agocurl.1: mark the argument to --cookie as <data|filename>
Daniel Stenberg [Thu, 14 Mar 2019 09:54:10 +0000 (10:54 +0100)]
curl.1: mark the argument to --cookie as <data|filename>

From a discussion in #3676

Suggested-by: Tim Rühsen
Closes #3682

5 years agofuzzer: Only clone the latest fuzzer code, for speed.
Dan Fandrich [Thu, 14 Mar 2019 13:03:16 +0000 (14:03 +0100)]
fuzzer: Only clone the latest fuzzer code, for speed.

5 years agoNegotiate: fix for HTTP POST with Negotiate
Dominik Hölzl [Mon, 10 Sep 2018 07:18:01 +0000 (09:18 +0200)]
Negotiate: fix for HTTP POST with Negotiate

* Adjusted unit tests 2056, 2057
* do not generally close connections with CURLAUTH_NEGOTIATE after every request
* moved negotiatedata from UrlState to connectdata
* Added stream rewind logic for CURLAUTH_NEGOTIATE
* introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC
* Consider authproblem state for CURLAUTH_NEGOTIATE
* Consider reuse_forbid for CURLAUTH_NEGOTIATE
* moved and adjusted negotiate authentication state handling from
  output_auth_headers into Curl_output_negotiate
* Curl_output_negotiate: ensure auth done is always set
* Curl_output_negotiate: Set auth done also if result code is
  GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may
  also indicate the last challenge request (only works with disabled
  Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1)
* Consider "Persistent-Auth" header, detect if not present;
  Reset/Cleanup negotiate after authentication if no persistent
  authentication
* apply changes introduced with #2546 for negotiate rewind logic

Fixes #1261
Closes #1975

5 years agohttp: send payload when (proxy) authentication is done
Marc Schlatter [Mon, 11 Mar 2019 16:15:34 +0000 (17:15 +0100)]
http: send payload when (proxy) authentication is done

The check that prevents payload from sending in case of authentication
doesn't check properly if the authentication is done or not.

They're cases where the proxy respond "200 OK" before sending
authentication challenge. This change takes care of that.

Fixes #2431
Closes #3669

5 years agofile: fix "Checking if unsigned variable 'readcount' is less than zero."
Daniel Stenberg [Tue, 12 Mar 2019 09:03:21 +0000 (10:03 +0100)]
file: fix "Checking if unsigned variable 'readcount' is less than zero."

Pointed out by codacy

Closes #3672

5 years agomemdebug: log pointer before freeing its data
Daniel Stenberg [Tue, 12 Mar 2019 07:37:18 +0000 (08:37 +0100)]
memdebug: log pointer before freeing its data

Coverity warned for two potentional "Use after free" cases. Both are false
positives because the memory wasn't used, it was only the actual pointer
value that was logged.

The fix still changes the order of execution to avoid the warnings.

Coverity CID 1443033 and 1443034

Closes #3671

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 12 Mar 2019 08:05:11 +0000 (09:05 +0100)]
RELEASE-NOTES: synced

5 years agotravis: actually use updated compiler versions
Marcel Raad [Sat, 9 Mar 2019 20:15:18 +0000 (21:15 +0100)]
travis: actually use updated compiler versions

For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the
new GCC versions were only used for the coverage build and for building
nghttp2, while the new clang version was not used at all.

BoringSSL needs to use the default GCC as it respects CC, but not CXX,
so it would otherwise pass gcc 8 options to g++ 4.8 and fail.

Also remove GCC 7, it's not needed anymore.

Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning

Closes https://github.com/curl/curl/pull/3670

5 years agotravis: update clang to version 7
Marcel Raad [Fri, 8 Mar 2019 20:32:07 +0000 (21:32 +0100)]
travis: update clang to version 7

Closes https://github.com/curl/curl/pull/3670

5 years agoexamples/externalsocket: add missing close socket calls
Andre Guibert de Bruet [Mon, 11 Mar 2019 03:15:15 +0000 (23:15 -0400)]
examples/externalsocket: add missing close socket calls

.. and for Windows also call WSACleanup since we call WSAStartup.

The example is to demonstrate handling the socket independently of
libcurl. In this case libcurl is not responsible for creating, opening
or closing the socket, it is handled by the application (our example).

Fixes https://github.com/curl/curl/pull/3663

5 years agomulti: removed unused code for request retries
Daniel Stenberg [Mon, 11 Mar 2019 10:49:09 +0000 (11:49 +0100)]
multi: removed unused code for request retries

This code was once used for the non multi-interface using code path, but
ever since easy_perform was turned into a wrapper around the multi
interface, this code path never runs.

Closes #3666

5 years agodoh: inherit some SSL options from user's easy handle
Jay Satiro [Sat, 9 Mar 2019 08:16:33 +0000 (03:16 -0500)]
doh: inherit some SSL options from user's easy handle

- Inherit SSL options for the doh handle but not SSL client certs,
  SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert,
  SSL pinned public key, SSL ciphers, SSL id cache setting,
  SSL kerberos or SSL gss-api settings.

- Fix inheritance of verbose setting.

- Inherit NOSIGNAL.

There is no way for the user to set options for the doh (DNS-over-HTTPS)
handles and instead we inherit some options from the user's easy handle.

My thinking for the SSL options not inherited is they are most likely
not intended by the user for the DOH transfer. I did inherit insecure
because I think that should still be in control of the user.

Prior to this change doh did not work for me because CAINFO was not
inherited. Also verbose was set always which AFAICT was a bug (#3660).

Fixes https://github.com/curl/curl/issues/3660
Closes https://github.com/curl/curl/pull/3661

5 years agotest331: verify set-cookie for dotless host name
Daniel Stenberg [Fri, 8 Mar 2019 15:58:01 +0000 (16:58 +0100)]
test331: verify set-cookie for dotless host name

Reproduced bug #3649
Closes #3659

5 years agoRevert "cookies: extend domain checks to non psl builds"
Daniel Stenberg [Fri, 8 Mar 2019 15:55:27 +0000 (16:55 +0100)]
Revert "cookies: extend domain checks to non psl builds"

This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0.

Regression shipped in 7.64.0
Fixes #3649