Viktor Szakats [Wed, 30 May 2018 12:08:26 +0000 (12:08 +0000)]
curl.rc: embed manifest for correct Windows version detection
* enable it in `src/Makefile.m32`
* enable it in `winbuild/MakefileBuild.vc` if a custom manifest is
_not_ enabled via the existing `EMBED_MANIFEST` option
* enable it for all Windows CMake builds (also disable the built-in
minimal manifest, added by CMake by default.)
For other build systems, add the `-DCURL_EMBED_MANIFEST` option to
the list of RC (Resource Compiler) flags to enable the manifest
included in `src/curl.rc`. This may require to disable whatever
automatic or other means in which way another manifest is added to
`curl.exe`.
Notice that Borland C doesn't support this method due to a
long-pending resource compiler bug. Watcom C may also not handle
it correctly when the `-zm` `wrc` option is used (this option may
be unnecessary though) and regardless of options in certain earlier
revisions of the 2.0 beta version.
Daniel Stenberg [Tue, 29 May 2018 08:26:06 +0000 (10:26 +0200)]
configure: override AR_FLAGS to silence warning
The automake default ar flags are 'cru', but the 'u' flag in there
causes warnings on many modern Linux distros. Removing 'u' may have a
minor performance impact on older distros but should not cause harm.
Explained on the automake mailing list already back in April 2015:
Will Dietz [Tue, 29 May 2018 03:17:07 +0000 (22:17 -0500)]
KNOWN_BUGS: restore text regarding #2101.
This was added earlier but appears to have been removed accidentally.
AFAICT this is very much still an issue.
-----
I say "accidentally" because the text seems to have harmlessly snuck
into [1] (which makes no mention of it). [1] was later reverted for
unspecified reasons in [2], presumably because the mentioned issue was
fixed or invalid.
Daniel Stenberg [Sun, 27 May 2018 21:24:27 +0000 (23:24 +0200)]
fnmatch: insist on escaped bracket to match
A non-escaped bracket ([) is for a character group - as documented. It
will *not* match an individual bracket anymore. Test case 1307 updated
accordingly to match.
Problem detected by OSS-Fuzz, although this fix is probably not a final
fix for the notorious timeout issues.
Patrick Monnerat [Mon, 28 May 2018 18:29:15 +0000 (20:29 +0200)]
psl: use latest psl and refresh it periodically
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
If the latest psl is not available, the builtin psl is used.
Fabrice Fontaine [Mon, 21 May 2018 10:07:00 +0000 (12:07 +0200)]
configure: fix ssh2 linking when built with a static mbedtls
The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
Libs.private: /xxx/libmbedcrypto.a
This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to found mbedtls functions included in libssh2. So, replace
pkg-config --libs-only-l by pkg-config --libs.
Frank Gevaerts [Mon, 28 May 2018 12:17:51 +0000 (14:17 +0200)]
curl.1: Fix cmdline-opts reference errors.
--data, --form, and --ntlm were declared to be mutually exclusive with
non-existing options. --data and --form referred to --upload (which is
short for --upload-file and therefore did work, so this one was merely
a bit confusing), --ntlm referred to --negotiated instead of --negotiate.
Daniel Stenberg [Wed, 23 May 2018 12:26:49 +0000 (14:26 +0200)]
configure: add basic test of --with-ssl prefix
When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or
$PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an
error. Helps users detect when giving configure the wrong path.
Reported-by: Oleg Pudeyev Assisted-by: Per Malmberg
Fixes #2580
Patrick Monnerat [Tue, 22 May 2018 11:23:02 +0000 (13:23 +0200)]
http resume: skip body if http code 416 (range error) is ignored.
This avoids appending error data to already existing good data.
Test 92 is updated to match this change.
New test 1156 checks all combinations of --range/--resume, --fail,
Content-Range header and http status code 200/416.
Fixes #1163 Reported-By: Ithubg on github
Closes #2578
OpenSSL has supported --cacert for ages, always accepting LF-only line
endings ("Unix line endings") as well as CR/LF line endings ("Windows
line endings").
When we introduced support for --cacert also with Secure Channel (or in
cURL speak: "WinSSL"), we did not take care to support CR/LF line
endings, too, even if we are much more likely to receive input in that
form when using Windows.
Let's fix that.
Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
accepts CR/LF input already, and the trailing LF before the END
CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
we need to care about is the BEGIN CERTIFICATE marker. We do not
actually need to verify here that the line ending is CR/LF. Just
checking for a CR or an LF is really plenty enough.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/2592
Daniel Stenberg [Thu, 17 May 2018 11:56:35 +0000 (13:56 +0200)]
curl: show headers in bold
The feature is only enabled if the output is believed to be a tty.
-J: There's some minor differences and improvements in -J handling, as
now J should work with -i and it actually creates a file first using the
initial name and then *renames* that to the one found in
Content-Disposition (if any).
-i: only shows headers for HTTP transfers now (as documented).
Previously it would also show for pieces of the transfer that were HTTP
(for example when doing FTP over a HTTP proxy).
-i: now shows trailers as well. Previously they were not shown at all.
--libcurl: the CURLOPT_HEADER is no longer set, as the header output is
now done in the header callback.
Daniel Stenberg [Fri, 18 May 2018 08:28:17 +0000 (10:28 +0200)]
examples/progressfunc: make it build on older libcurls
This example was changed in ce2140a8c1 to use the new microsecond based
getinfo option. This change makes it conditionally keep using the older
option so that the example still builds with older libcurl versions.
Daniel Stenberg [Mon, 14 May 2018 08:19:52 +0000 (10:19 +0200)]
CODE_STYLE: mention return w/o parens, but sizeof with
... and remove the github markdown syntax so that it renders better on
the web site. Also, don't use back-ticks inlined to allow the CSS to
highlight source code better.
Daniel Stenberg [Fri, 23 Mar 2018 22:30:04 +0000 (23:30 +0100)]
pingpong: fix response cache memcpy overflow
Response data for a handle with a large buffer might be cached and then
used with the "closure" handle when it has a smaller buffer and then the
larger cache will be copied and overflow the new smaller heap based
buffer.
Patrick Monnerat [Sat, 12 May 2018 23:23:10 +0000 (01:23 +0200)]
cookies: do not take cookie name as a parameter
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.
New test 1155 checks that cookie names are not reserved words.
Reported-By: anshnd at github
Fixes #2564
Closes #2566
To make builds with VS2015 work. Recent changes in VS2015 _IOB_ENTRIES
handling is causing problems. This fix changes the OpenSSL backend code
to use BIO functions instead of FILE I/O functions to circumvent those
problems.
This file wasn't included in commit 4af40b3646d3b09 which updated all
haxx.se http urls to https. The file was committed prior to that update,
but may have been merged after it and hence didn't get updated.
This change fixes strlen_url() and strcpy_url() in parallel to use a
common host-encoding independent criterion for deciding whether an URL
character must be %-escaped.