Jay Satiro [Mon, 1 May 2017 17:44:39 +0000 (13:44 -0400)]
curl_setup: Ensure no more than one IDN lib is enabled
Prior to this change it was possible for libcurl to be built with both
Windows' native IDN lib (normaliz) and libidn2 enabled. It appears that
doesn't offer any benefit --and could cause a bug-- since libcurl's IDN
handling is written to use either one but not both.
Bug: https://github.com/curl/curl/issues/1441#issuecomment-297689856 Reported-by: Gisle Vanem
Marcel Raad [Mon, 1 May 2017 11:17:57 +0000 (13:17 +0200)]
getpart: use correct variable type
This fixes the following clang warning:
getpart.c:201:17: warning: cast from function call of type 'CURLcode'
to non-matching type 'int' [-Wbad-function-cast]
Dan Fandrich [Wed, 26 Apr 2017 21:02:42 +0000 (23:02 +0200)]
Makefile: fix make dist
Commit 80a87e8a broke 'make dist' as it can't handle installing from
absolute target names. Rearranged the dependencies so the absolute name
is used for building but the relative name is use for distributing.
get_protocol_family() is not defined static even though there is a
static local forward declaration. Let's simply make the definition match
it's declaration.
nss: load libnssckbi.so if no other trust is specified
The module contains a more comprehensive set of trust information than
supported by nss-pem, because libnssckbi.so also includes information
about distrusted certificates.
Info values starting with CURLINFO_SOCKET expect a curl_socket_t, not a
curl_slist argument.
This fixes the following GCC warning when building the examples with
--enable-optimize:
../../include/curl/typecheck-gcc.h:126:42: warning: call to
‘_curl_easy_getinfo_err_curl_slist’ declared with attribute warning:
curl_easy_getinfo expects a pointer to 'struct curl_slist *' for this
info [enabled by default]
sendrecv.c:90:11: note: in expansion of macro ‘curl_easy_getinfo’
res = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd);
Daniel Stenberg [Tue, 25 Apr 2017 08:49:53 +0000 (10:49 +0200)]
transfer: remove 'uploadbuf' pointer and cleanup readwrite_upload()
The data->req.uploadbuf struct member served no good purpose, instead we
use ->state.uploadbuffer directly. It makes it clearer in the code which
buffer that's being used.
Removed the 'SingleRequest *' argument from the readwrite_upload() proto
as it can be derived from the Curl_easy struct. Also made the code in
the readwrite_upload() function use the 'k->' shortcut to all references
to struct fields in 'data->req', which previously was made with a mix of
both.
Dan Fandrich [Sun, 23 Apr 2017 07:49:59 +0000 (09:49 +0200)]
Makefile: avoid use of GNU-specific form of $<
$< is only allowed in implicit rules in some non-GNU makes (e.g. BSD,
AIX) so avoid use elsewhere by referencing the dependent curl.1 file
directly instead. This is somewhat tricky because the file is supplied
in the packaged tar ball (but not in git) but must still be able to be
rebuilt when its dependencies change. The right thing must happen in
both tar ball and git source trees, as well as in both in-tree and
out-of-tree builds.
curl-compilers.m4: accept -Og and -Ofast GCC flags
-Og, introduced in GCC 4.8, optimizes for debugging experience.
-Ofast, introduced in GCC 4.7, builds on -O3 and enables further
optimizations breaking strict standards compliance.
When specified in CFLAGS, these were always overridden by -O0 or -O2.
Fix this by adding them to flags_opt_all.
Daniel Stenberg [Tue, 18 Apr 2017 11:36:23 +0000 (13:36 +0200)]
configure: fix the -ldl check for openssl, add -lpthread check
The check for if -ldl is needed to build with (a statically built)
openssl was broken. This repairs the check, and adds a check for
-lpthread as well since OpenSSL 1.1.0+ does in fact require -lpthread so
only adding -ldl for a static openssl build is no longer enough.
Alan Jenkins [Sat, 22 Apr 2017 20:16:44 +0000 (21:16 +0100)]
multi: clarify condition in curl_multi_wait
`if(nfds || extra_nfds) {` is followed by `malloc(nfds * ...)`.
If `extra_fs` could be non-zero when `nfds` was zero, then we have
`malloc(0)` which is allowed to return `NULL`. But, malloc returning
NULL can be confusing. In this code, the next line would treat the NULL
as an allocation failure.
It turns out, if `nfds` is zero then `extra_nfds` must also be zero.
The final value of `nfds` includes `extra_nfds`. So the test for
`extra_nfds` is redundant. It can only confuse the reader.
easy.c:628:7: error: ‘mcode’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
vauth/digest.c:208:9: note: ‘tok_buf’ was declared here
../lib/strcase.h:35:29: error: ‘tok_buf’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
vauth/digest.c:566:15: note: ‘tok_buf’ was declared here
Daniel Stenberg [Thu, 20 Apr 2017 13:10:04 +0000 (15:10 +0200)]
llist: no longer uses malloc
The 'list element' struct now has to be within the data that is being
added to the list. Removes 16.6% (tiny) mallocs from a simple HTTP
transfer. (96 => 80)
Also removed return codes since the llist functions can't fail now.
All the callbacks passed to curl_easy_setopt are defined as function
pointers. The possibility to pass both functions and function pointers
was handled for the callbacks that typecheck-gcc.h defined as
compatible, but not for the public callback types themselves.
This makes all compatible callback types defined in typecheck-gcc.h
function pointers too and checks all functions uniformly with
_curl_callback_compatible, which handles both functions and function
pointers.
A symptom of the problem was a warning in tool_operate.c with
--disable-libcurl-option and without --enable-debug as that file
passes the callback functions to curl_easy_setopt directly.
Dan Fandrich [Fri, 21 Apr 2017 20:33:17 +0000 (22:33 +0200)]
mbedtls: enable NTLM (& SMB) even if MD4 support is unavailable
In that case, use libcurl's internal MD4 routine. This fixes tests 1013
and 1014 which were failing due to configure assuming NTLM and SMB were
always available whenever mbed TLS was in use (which is now true).
This fixes 3 warnings issued by MinGW:
1. PR_ImportTCPSocket actually has a paramter of type PROsfd instead of
PRInt32, which is 64 bits on Windows. Fixed this by including the
corresponding header file instead of redeclaring the function, which is
supported even though it is in the private include folder. [1]
2. In 64-bit mode, size_t is 64 bits while CK_ULONG is 32 bits, so an explicit
narrowing cast is needed.
3. Curl_timeleft returns time_t instead of long since commit 21aa32d30dbf319f2d336e0cb68d3a3235869fbb.
Jay Satiro [Wed, 22 Mar 2017 05:59:49 +0000 (01:59 -0400)]
TLS: Fix switching off SSL session id when client cert is used
Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl
will each have their own sessionid flag.
Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that
this issue had been fixed in 247d890, CVE-2016-5419.
Bug: https://github.com/curl/curl/issues/1341 Reported-by: lijian996@users.noreply.github.com
The new incarnation of this bug is called CVE-2017-7468 and is documented
here: https://curl.haxx.se/docs/adv_20170419.html
David Benjamin [Mon, 17 Apr 2017 14:01:40 +0000 (10:01 -0400)]
openssl: fix thread-safety bugs in error-handling
ERR_error_string with NULL parameter is not thread-safe. The library
writes the string into some static buffer. Two threads doing this at
once may clobber each other and run into problems. Switch to
ERR_error_string_n which avoids this problem and is explicitly
bounds-checked.
Also clean up some remnants of OpenSSL 0.9.5 around here. A number of
comments (fixed buffer size, explaining that ERR_error_string_n was
added in a particular version) date to when ossl_strerror tried to
support pre-ERR_error_string_n OpenSSLs.
Ignore everything after the version numbers in LIBCURL_VERSION and
LIBCURL_VERSION_NUM to ged rid of the extra CR character.
This makes tests 1022 and 1023 pass on Linux with a CRLF checkout.
MinGW-w64 complains:
warning: conversion to 'long int' from 'time_t {aka long long int}' may
alter its value [-Wconversion]
Fix this by using the correct type.
curl-compilers.m4: turn implicit function declarations into errors
This adds -Werror-implicit-function-declaration for GCC 2.95+ so that
these errors are visible at the point where they occur instead of only
at link time.
Implicit function declarations are illegal in C99 and C++ anyway, and
the same warning has been turned into an error for ICC in commit 3072c5b8a127057aa922b7c51051bbb4a630b091.
Kamil Dudka [Mon, 6 Mar 2017 15:20:33 +0000 (16:20 +0100)]
nss: load CA certificates even with --insecure
... because they may include an intermediate certificate for a client
certificate and the intermediate certificate needs to be presented to
the server, no matter if we verify the peer or not.
projects / curl / log