]>
granicus.if.org Git - curl/log
Gisle Vanem [Fri, 24 May 2019 07:05:28 +0000 (09:05 +0200)]
Fix typo.
Daniel Stenberg [Wed, 22 May 2019 21:25:43 +0000 (23:25 +0200)]
tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
Reported-by: Marcel Raad
Fixes #3926
Closes #3929
Steve Holme [Tue, 14 May 2019 09:00:09 +0000 (10:00 +0100)]
winbuild: Use two space indentation
Closes #3930
Gisle Vanem [Thu, 23 May 2019 15:13:39 +0000 (17:13 +0200)]
tool_parse_cfg: Avoid 2 fopen() for WIN32
Using the memdebug.h mem-leak feature, I noticed 2 calls like:
FILE tool_parsecfg.c:70 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt")
FILE tool_parsecfg.c:114 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt")
No need for 'fopen(), 'fclose()' and a 'fopen()' yet again.
Daniel Stenberg [Wed, 22 May 2019 08:45:35 +0000 (10:45 +0200)]
md4: include the mbedtls config.h to get the MD4 info
Daniel Stenberg [Wed, 22 May 2019 08:40:02 +0000 (10:40 +0200)]
md4: build correctly with openssl without MD4
Reported-by: elsamuko at github
Fixes #3921
Closes #3922
Patrick Monnerat [Thu, 23 May 2019 11:24:53 +0000 (13:24 +0200)]
os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid().
Daniel Stenberg [Thu, 23 May 2019 09:15:19 +0000 (11:15 +0200)]
.github/FUNDING: mention our opencollective "home" [ci skip]
Zenju [Wed, 22 May 2019 09:11:36 +0000 (11:11 +0200)]
config-win32: add support for if_nametoindex and getsockname
Closes https://github.com/curl/curl/pull/3923
Jay Satiro [Thu, 23 May 2019 08:01:09 +0000 (04:01 -0400)]
tests: Fix the line endings for the SASL alt-auth tests
- Change data and protocol sections to CRLF line endings.
Prior to this change the tests would fail or hang, which is because
certain sections such as protocol require CRLF line endings.
Follow-up to
a9499ff from today which added the tests.
Ref: https://github.com/curl/curl/pull/3790
Daniel Stenberg [Wed, 22 May 2019 11:28:22 +0000 (13:28 +0200)]
url: fix bad #ifdef
Regression since
e91e48161235272ff485 .
Reported-by: Tom Greenslade
Fixes #3924
Closes #3925
Daniel Stenberg [Wed, 22 May 2019 21:15:34 +0000 (23:15 +0200)]
Revert "progress: CURL_DISABLE_PROGRESS_METER"
This reverts commit
3b06e68b7734cb10a555f9d7e804dd5d808236a4 .
Clearly this change wasn't good enough as it broke CURLOPT_LOW_SPEED_LIMIT +
CURLOPT_LOW_SPEED_TIME
Reported-by: Dave Reisner
Fixes #3927
Closes #3928
Steve Holme [Sun, 21 Apr 2019 22:29:57 +0000 (23:29 +0100)]
examples: Added SASL PLAIN authorisation identity (authzid) examples
Steve Holme [Fri, 19 Apr 2019 13:26:47 +0000 (14:26 +0100)]
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
Steve Holme [Wed, 17 Apr 2019 22:47:51 +0000 (23:47 +0100)]
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.
Fixed #3653
Closes #3790
Marc Hoersken [Mon, 19 Nov 2018 20:05:57 +0000 (21:05 +0100)]
tests: add support to test against OpenSSH for Windows
Testing against OpenSSH for Windows requires v7.7.0.0 or newer
due to the use of AllowUsers and DenyUsers. For more info see:
https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config
Daniel Stenberg [Wed, 22 May 2019 08:11:05 +0000 (10:11 +0200)]
bump: start on the next release
Marcel Raad [Tue, 21 May 2019 09:25:42 +0000 (11:25 +0200)]
examples: fix "clarify calculation precedence" warnings
Closes https://github.com/curl/curl/pull/3919
Marcel Raad [Tue, 21 May 2019 09:18:10 +0000 (11:18 +0200)]
hiperfifo: remove unused variable
Closes https://github.com/curl/curl/pull/3919
Marcel Raad [Tue, 21 May 2019 08:58:21 +0000 (10:58 +0200)]
examples: remove dead variable stores
Closes https://github.com/curl/curl/pull/3919
Marcel Raad [Tue, 21 May 2019 08:44:16 +0000 (10:44 +0200)]
examples: reduce variable scopes
Closes https://github.com/curl/curl/pull/3919
Marcel Raad [Tue, 21 May 2019 08:02:39 +0000 (10:02 +0200)]
http2-download: fix format specifier
Closes https://github.com/curl/curl/pull/3919
Daniel Stenberg [Wed, 15 May 2019 11:57:16 +0000 (13:57 +0200)]
PolarSSL: deprecate support step 1. Removed from configure.
Also removed mentions from most docs.
Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html
Closes #3888
Daniel Stenberg [Tue, 21 May 2019 14:47:53 +0000 (16:47 +0200)]
configure/cmake: check for if_nametoindex()
- adds the check to cmake
- fixes the configure check to work for cross-compiled windows builds
Closes #3917
Daniel Stenberg [Tue, 21 May 2019 13:02:41 +0000 (15:02 +0200)]
parse_proxy: use the IPv6 zone id if given
If the proxy string is given as an IPv6 numerical address with a zone
id, make sure to use that for the connect to the proxy.
Reported-by: Edmond Yu
Fixes #3482
Closes #3918
Daniel Stenberg [Wed, 22 May 2019 05:48:44 +0000 (07:48 +0200)]
RELEASE-NOTES: 7.65.0 release
Daniel Stenberg [Wed, 22 May 2019 05:48:44 +0000 (07:48 +0200)]
THANKS: from the 7.65.0 release-notes
Daniel Stenberg [Tue, 21 May 2019 07:43:10 +0000 (09:43 +0200)]
url: convert the zone id from a IPv6 URL to correct scope id
Reported-by: GitYuanQu on github
Fixes #3902
Closes #3914
Daniel Stenberg [Tue, 21 May 2019 08:06:06 +0000 (10:06 +0200)]
configure: detect getsockname and getpeername on windows too
Made detection macros for these two functions in the same style as other
functions possibly in winsock in the hope this will work better to
detect these functions when cross-compiling for Windows.
Follow-up to
e91e4816123
Fixes #3913
Closes #3915
Marcel Raad [Mon, 20 May 2019 09:50:23 +0000 (11:50 +0200)]
examples: remove unused variables
Fixes Codacy/CppCheck warnings.
Closes
Daniel Gustafsson [Tue, 21 May 2019 07:42:22 +0000 (09:42 +0200)]
udpateconninfo: mark variable unused
When compiling without getpeername() or getsockname(), the sockfd
paramter to Curl_udpateconninfo() became unused after commit
e91e481612
added ifdef guards.
Closes #3910
Fixes https://curl.haxx.se/dev/log.cgi?id=
20190520172441 -32196
Reviewed-by: Marcel Raad, Daniel Stenberg
Daniel Gustafsson [Tue, 21 May 2019 07:38:11 +0000 (09:38 +0200)]
ftp: move ftp_ccc in under featureflag
Commit
e91e48161235272ff485ff32bd048c53af731f43 moved ftp_ccc in under
the FTP featureflag in the UserDefined struct, but vtls callsites were
still using it unprotected.
Closes #3912
Fixes: https://curl.haxx.se/dev/log.cgi?id=20190520044705-29865
Reviewed-by: Daniel Stenberg, Marcel Raad
Daniel Stenberg [Mon, 20 May 2019 08:51:53 +0000 (10:51 +0200)]
curl: report error for "--no-" on non-boolean options
Reported-by: Olen Andoni
Fixes #3906
Closes #3907
Guy Poizat [Thu, 16 May 2019 09:54:26 +0000 (11:54 +0200)]
mbedtls: enable use of EC keys
Closes #3892
Daniel Stenberg [Mon, 20 May 2019 08:00:27 +0000 (10:00 +0200)]
lib1560: add tests for parsing URL with too long scheme
Ref: #3905
Omar Ramadan [Sat, 18 May 2019 23:48:00 +0000 (16:48 -0700)]
urlapi: increase supported scheme length to 40 bytes
The longest currently registered URI scheme at IANA is 36 bytes long.
Closes #3905
Closes #3900
Marcel Raad [Sat, 11 May 2019 19:42:48 +0000 (21:42 +0200)]
lib: reduce variable scopes
Fixes Codacy/CppCheck warnings.
Closes https://github.com/curl/curl/pull/3872
Marcel Raad [Sun, 12 May 2019 12:35:22 +0000 (14:35 +0200)]
tool_formparse: remove redundant assignment
Just initialize word_begin with the correct value.
Closes https://github.com/curl/curl/pull/3873
Marcel Raad [Sun, 12 May 2019 12:30:03 +0000 (14:30 +0200)]
ssh: move variable declaration to where it's used
This way, we need only one call to free.
Closes https://github.com/curl/curl/pull/3873
Marcel Raad [Sun, 12 May 2019 12:27:53 +0000 (14:27 +0200)]
ssh-libssh: remove unused variable
sock was only used to be assigned to fd_read.
Closes https://github.com/curl/curl/pull/3873
Daniel Stenberg [Fri, 3 May 2019 20:21:10 +0000 (22:21 +0200)]
test332: verify the blksize fix
Daniel Stenberg [Fri, 3 May 2019 20:20:37 +0000 (22:20 +0200)]
tftp: use the current blksize for recvfrom()
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436
Daniel Gustafsson [Sun, 19 May 2019 20:06:26 +0000 (22:06 +0200)]
version: make ssl_version buffer match for multi_ssl
When running a multi TLS backend build the version string needs more
buffer space. Make the internal ssl_buffer stack buffer match the one
in Curl_multissl_version() to allow for the longer string. For single
TLS backend builds there is no use in extended to buffer. This is a
fallout from #3863 which fixes up the multi_ssl string generation to
avoid a buffer overflow when the buffer is too small.
Closes #3875
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Steve Holme [Sat, 18 May 2019 16:30:16 +0000 (17:30 +0100)]
http_ntlm_wb: Handle auth for only a single request
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed. However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).
Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.
Missed in
fe6049f0 .
Steve Holme [Sat, 18 May 2019 16:17:12 +0000 (17:17 +0100)]
http_ntlm_wb: Cleanup handshake after clean NTLM failure
Missed in
50b87c4e .
Steve Holme [Sat, 18 May 2019 16:05:04 +0000 (17:05 +0100)]
http_ntlm_wb: Return the correct error on receiving an empty auth message
Missed in
fe20826b as it wasn't implemented in http.c in
b4d6db83 .
Closes #3894
Daniel Stenberg [Tue, 14 May 2019 08:03:54 +0000 (10:03 +0200)]
curl: make code work with protocol-disabled libcurl
Closes #3844
Daniel Stenberg [Sun, 5 May 2019 15:08:22 +0000 (17:08 +0200)]
libcurl: #ifdef away more code for disabled features/protocols
Daniel Stenberg [Sun, 5 May 2019 15:08:22 +0000 (17:08 +0200)]
progress: CURL_DISABLE_PROGRESS_METER
Daniel Stenberg [Sun, 5 May 2019 15:08:22 +0000 (17:08 +0200)]
hostip: CURL_DISABLE_SHUFFLE_DNS
Daniel Stenberg [Sun, 5 May 2019 15:08:22 +0000 (17:08 +0200)]
netrc: CURL_DISABLE_NETRC
Viktor Szakats [Thu, 16 May 2019 22:11:27 +0000 (22:11 +0000)]
docs: Markdown and misc improvements [ci skip]
Approved-by: Daniel Stenberg
Closes #3896
Viktor Szakats [Thu, 16 May 2019 18:56:42 +0000 (18:56 +0000)]
docs/RELEASE-PROCEDURE: link to live iCalendar [ci skip]
Ref: https://github.com/curl/curl/commit/
0af41b40b2c7bd379b2251cbe7cd618e21fa0ea1 #commitcomment-
33563135
Approved-by: Daniel Stenberg
Closes #3895
Daniel Stenberg [Wed, 15 May 2019 06:57:00 +0000 (08:57 +0200)]
travis: add an osx http-only build
Closes #3887
Daniel Stenberg [Tue, 14 May 2019 14:36:15 +0000 (16:36 +0200)]
cleanup: remove FIXME and TODO comments
They serve very little purpose and mostly just add noise. Most of them
have been around for a very long time. I read them all before removing
or rephrasing them.
Ref: #3876
Closes #3883
Daniel Stenberg [Wed, 15 May 2019 06:42:57 +0000 (08:42 +0200)]
curl: don't set FTP options for FTP-disabled builds
... since libcurl has started to be totally unaware of options for
disabled protocols they now return error.
Bug: https://github.com/curl/curl/commit/
c9c5304dd4747cbe75d2f24be85920d572fcb5b8 #commitcomment-
33533937
Reported-by: Marcel Raad
Closes #3886
Steve Holme [Wed, 15 May 2019 15:10:56 +0000 (16:10 +0100)]
http_ntlm_wb: Move the type-2 message processing into a dedicated function
This brings the code inline with the other HTTP authentication mechanisms.
Closes #3890
Daniel Stenberg [Wed, 15 May 2019 12:35:00 +0000 (14:35 +0200)]
RELEASE-NOTES: synced
Daniel Stenberg [Wed, 15 May 2019 11:56:19 +0000 (13:56 +0200)]
docs/RELEASE-PROCEDURE: updated coming releases dates [ci skip]
Daniel Stenberg [Wed, 15 May 2019 10:05:49 +0000 (12:05 +0200)]
CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [ci skip]
Reported-by: Roy Bellingan
Bug: #3885
Daniel Stenberg [Sun, 12 May 2019 21:46:41 +0000 (23:46 +0200)]
parse_proxy: use the URL parser API
As we treat a given proxy as a URL we should use the unified URL parser
to extract the parts out of it.
Closes #3878
Steve Holme [Mon, 13 May 2019 20:42:35 +0000 (21:42 +0100)]
http_negotiate: Move the Negotiate state out of the negotiatedata structure
Given that this member variable is not used by the SASL based protocols
there is no need to have it here.
Closes #3882
Steve Holme [Mon, 13 May 2019 19:58:39 +0000 (20:58 +0100)]
http_ntlm: Move the NTLM state out of the ntlmdata structure
Given that this member variable is not used by the SASL based protocols
there is no need to have it here.
Steve Holme [Mon, 13 May 2019 19:29:40 +0000 (20:29 +0100)]
url: Move the negotiate state type into a dedicated enum
Steve Holme [Wed, 8 May 2019 10:36:08 +0000 (11:36 +0100)]
url: Remove duplicate clean up of the winbind variables in conn_shutdown()
Given that Curl_disconnect() calls Curl_http_auth_cleanup_ntlm() prior
to calling conn_shutdown() and it in turn performs this, there is no
need to perform the same action in conn_shutdown().
Closes #3881
Daniel Stenberg [Mon, 13 May 2019 16:42:05 +0000 (18:42 +0200)]
urlapi: require a non-zero host name length when parsing URL
Updated test 1560 to verify.
Closes #3880
Daniel Stenberg [Thu, 2 May 2019 08:42:23 +0000 (10:42 +0200)]
configure: error out if OpenSSL wasn't detected when asked for
If --with-ssl is used and configure still couldn't enable SSL this
creates an error instead of just silently ignoring the fact.
Suggested-by: Isaiah Norton
Fixes #3824
Closes #3830
Daniel Gustafsson [Tue, 14 May 2019 10:38:09 +0000 (12:38 +0200)]
imap: Fix typo in comment
Steve Holme [Wed, 8 May 2019 11:12:49 +0000 (12:12 +0100)]
url: Remove unnecessary initialisation from allocate_conn()
No need to set variables to zero as calloc() does this for us.
Closes #3879
Daniel Stenberg [Sun, 12 May 2019 14:35:33 +0000 (16:35 +0200)]
CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [ci skip]
Clues-provided-by: Jay Satiro
Clues-provided-by: Jeroen Ooms
Fixes #3711
Closes #3874
Daniel Gustafsson [Mon, 13 May 2019 18:27:50 +0000 (20:27 +0200)]
vtls: fix potential ssl_buffer stack overflow
In Curl_multissl_version() it was possible to overflow the passed in
buffer if the generated version string exceeded the size of the buffer.
Fix by inverting the logic, and also make sure to not exceed the local
buffer during the string generation.
Closes #3863
Reported-by: nevv on HackerOne/curl
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Daniel Stenberg [Mon, 13 May 2019 17:23:36 +0000 (19:23 +0200)]
RELEASE-NOTES: synced
Daniel Stenberg [Fri, 10 May 2019 13:52:57 +0000 (15:52 +0200)]
appveyor: also build "/ci" branches like travis
Daniel Stenberg [Sun, 5 May 2019 15:08:22 +0000 (17:08 +0200)]
pingpong: disable more when no pingpong enabled
Daniel Stenberg [Sun, 5 May 2019 15:08:22 +0000 (17:08 +0200)]
proxy: acknowledge DISABLE_PROXY more
Daniel Stenberg [Sun, 5 May 2019 15:08:21 +0000 (17:08 +0200)]
parsedate: CURL_DISABLE_PARSEDATE
Daniel Stenberg [Sun, 5 May 2019 15:08:21 +0000 (17:08 +0200)]
sasl: only enable if there's a protocol enabled using it
Daniel Stenberg [Sun, 5 May 2019 15:08:21 +0000 (17:08 +0200)]
mime: acknowledge CURL_DISABLE_MIME
Daniel Stenberg [Sun, 5 May 2019 15:08:21 +0000 (17:08 +0200)]
wildcard: disable from build when FTP isn't present
Daniel Stenberg [Sun, 5 May 2019 15:08:21 +0000 (17:08 +0200)]
http: CURL_DISABLE_HTTP_AUTH
Daniel Stenberg [Sun, 5 May 2019 15:08:21 +0000 (17:08 +0200)]
base64: build conditionally if there are users
Daniel Stenberg [Sun, 5 May 2019 15:08:21 +0000 (17:08 +0200)]
doh: CURL_DISABLE_DOH
Steve Holme [Sat, 11 May 2019 11:57:42 +0000 (12:57 +0100)]
auth: Rename the various authentication clean up functions
For consistency and to a avoid confusion.
Closes #3869
Jay Satiro [Sun, 12 May 2019 14:13:42 +0000 (16:13 +0200)]
docs/INSTALL: fix broken link [ci skip]
Reported-by: Joombalaya on github
Fixes #3818
Marcel Raad [Sun, 12 May 2019 11:36:45 +0000 (13:36 +0200)]
easy: fix another "clarify calculation precedence" warning
I missed this one in commit
6b3dde7fe62ea5a557fd1fd323fac2bcd0c2e9be .
Marcel Raad [Sat, 11 May 2019 12:51:24 +0000 (14:51 +0200)]
build: fix "clarify calculation precedence" warnings
Codacy/CppCheck warns about this. Consistently use parentheses as we
already do in some places to silence the warning.
Closes https://github.com/curl/curl/pull/3866
Marcel Raad [Sat, 11 May 2019 20:02:39 +0000 (22:02 +0200)]
cmake: restore C89 compatibility of CurlTests.c
I broke it in
d1b5cf830bfe169745721b21245d2217d2c2453e and
97de97daefc2ed084c91eff34af2426f2e55e134 .
Reported-by: Viktor Szakats
Ref: https://github.com/curl/curl/commit/
97de97daefc2ed084c91eff34af2426f2e55e134 #commitcomment-
33499044
Closes https://github.com/curl/curl/pull/3868
Steve Holme [Thu, 9 May 2019 03:51:54 +0000 (04:51 +0100)]
http_ntlm: Corrected the name of the include guard
Missed in
f0bdd72c .
Closes #3867
Steve Holme [Fri, 10 May 2019 12:10:34 +0000 (13:10 +0100)]
http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
Closes #3861
Steve Holme [Fri, 10 May 2019 12:08:04 +0000 (13:08 +0100)]
http_negotiate: Don't expose functions when HTTP is disabled
Daniel Stenberg [Sat, 11 May 2019 15:50:37 +0000 (17:50 +0200)]
SECURITY-PROCESS: fix links [ci skip]
Marcel Raad [Sat, 11 May 2019 12:17:17 +0000 (14:17 +0200)]
CMake: suppress unused variable warnings
I missed these in commit
d1b5cf830bfe169745721b21245d2217d2c2453e .
Daniel Stenberg [Thu, 9 May 2019 08:58:04 +0000 (10:58 +0200)]
doh: disable DOH for the cases it doesn't work
Due to limitations in Curl_resolver_wait_resolv(), it doesn't work for
DOH resolves. This fix disables DOH for those.
Limitation added to KNOWN_BUGS.
Fixes #3850
Closes #3857
Jay Satiro [Fri, 10 May 2019 19:28:15 +0000 (15:28 -0400)]
checksrc.bat: Ignore snprintf warnings in docs/examples
.. because we allow snprintf use in docs/examples.
Closes https://github.com/curl/curl/pull/3862
Steve Holme [Fri, 10 May 2019 12:01:16 +0000 (13:01 +0100)]
vauth: Fix incorrect function description for Curl_auth_user_contains_domain()
...and misalignment of these comments. From
a78c61a4 .
Closes #3860
Jay Satiro [Thu, 9 May 2019 06:01:34 +0000 (02:01 -0400)]
Revert "multi: support verbose conncache closure handle"
This reverts commit
b0972bc .
- No longer show verbose output for the conncache closure handle.
The offending commit was added so that the conncache closure handle
would inherit verbose mode from the user's easy handle. (Note there is
no way for the user to set options for the closure handle which is why
that was necessary.) Other debug settings such as the debug function
were not also inherited since we determined that could lead to crashes
if the user's per-handle private data was used on an unexpected handle.
The reporter here says he has a debug function to capture the verbose
output, and does not expect or want any output to stderr; however
because the conncache closure handle does not inherit the debug function
the verbose output for that handle does go to stderr.
There are other plausible scenarios as well such as the user redirects
stderr on their handle, which is also not inherited since it could lead
to crashes when used on an unexpected handle.
Short of allowing the user to set options for the conncache closure
handle I don't think there's much we can safely do except no longer
inherit the verbose setting.
Bug: https://curl.haxx.se/mail/lib-2019-05/0021.html
Reported-by: Kristoffer Gleditsch
Ref: https://github.com/curl/curl/pull/3598
Ref: https://github.com/curl/curl/pull/3618
Closes https://github.com/curl/curl/pull/3856
Steve Holme [Thu, 9 May 2019 09:54:46 +0000 (10:54 +0100)]
ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup()
From
6012fa5a .
Closes #3858
Daniel Stenberg [Thu, 9 May 2019 21:30:26 +0000 (23:30 +0200)]
BUG-BOUNTY: minor formatting fixes [ci skip]
Daniel Stenberg [Thu, 9 May 2019 13:26:14 +0000 (15:26 +0200)]
RELEASE-NOTES: synced
Daniel Stenberg [Sat, 4 May 2019 21:58:11 +0000 (23:58 +0200)]
BUG-BOUNTY.md: add the Dropbox "bonus" extra payout ability [ci skip]
Closes #3839