]> granicus.if.org Git - curl/log
curl
6 years agoRemove unused definitions
Marcel Raad [Mon, 9 Jul 2018 16:28:26 +0000 (18:28 +0200)]
Remove unused definitions

Closes https://github.com/curl/curl/pull/2747

6 years agox509asn1: make several functions static
Daniel Stenberg [Tue, 21 Aug 2018 07:44:22 +0000 (09:44 +0200)]
x509asn1: make several functions static

and remove the private SIZE_T_MAX define and use the generic one.

Closes #2902

6 years agoINTERNALS: require GnuTLS >= 2.11.3
Daniel Stenberg [Tue, 21 Aug 2018 08:45:20 +0000 (10:45 +0200)]
INTERNALS: require GnuTLS >= 2.11.3

Since the public pinning support was brought in e644866caf4. GnuTLS
2.11.3 was released in October 2010.

Figured out in #2890

6 years agohttp2: avoid set_stream_user_data() before stream is assigned
Daniel Stenberg [Mon, 20 Aug 2018 11:19:08 +0000 (13:19 +0200)]
http2: avoid set_stream_user_data() before stream is assigned

... before the stream is started, we have it set to -1.

Fixes #2894
Closes #2898

6 years agoSSLCERTS: improve the openssl command line
Daniel Stenberg [Mon, 20 Aug 2018 12:05:28 +0000 (14:05 +0200)]
SSLCERTS: improve the openssl command line

... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.

6 years agodocs/SECURITY-PROCESS: now we name the files after the CVE id
Daniel Stenberg [Mon, 20 Aug 2018 09:49:58 +0000 (11:49 +0200)]
docs/SECURITY-PROCESS: now we name the files after the CVE id

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sat, 18 Aug 2018 22:06:44 +0000 (00:06 +0200)]
RELEASE-NOTES: synced

6 years agoupload: change default UPLOAD_BUFSIZE to 64KB
Daniel Stenberg [Fri, 17 Aug 2018 09:36:12 +0000 (11:36 +0200)]
upload: change default UPLOAD_BUFSIZE to 64KB

To make uploads significantly faster in some circumstances.

Part 2 of #2888
Closes #2892

6 years agoupload: allocate upload buffer on-demand
Daniel Stenberg [Thu, 16 Aug 2018 22:49:37 +0000 (00:49 +0200)]
upload: allocate upload buffer on-demand

Saves 16KB on the easy handle for operations that don't need that
buffer.

Part 1 of #2888

6 years agovtls: reinstantiate engine on duplicated handles
Laurent Bonnans [Fri, 17 Aug 2018 15:39:01 +0000 (17:39 +0200)]
vtls: reinstantiate engine on duplicated handles

Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the engine
name in the internal url state and setting the engine from its name
inside curl_easy_duphandle.

Reported-by: Anton Gerasimov
Signed-of-by: Laurent Bonnans
Fixes #2829
Closes #2833

6 years agohttp2: make sure to send after RST_STREAM
Daniel Stenberg [Thu, 16 Aug 2018 11:21:11 +0000 (13:21 +0200)]
http2: make sure to send after RST_STREAM

If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.

Fixes #2882
Closes #2887
Researched-by: Michael Kaufmann
6 years agotest1268: check the stderr output as "text"
Daniel Stenberg [Thu, 16 Aug 2018 21:05:09 +0000 (23:05 +0200)]
test1268: check the stderr output as "text"

Follow-up to 099f37e9c57

Pointed-out-by: Marcel Raad
6 years agourldata: remove unused pipe_broke struct field
Daniel Stenberg [Sun, 12 Aug 2018 17:36:56 +0000 (19:36 +0200)]
urldata: remove unused pipe_broke struct field

This struct field is never set TRUE in any existing code path. This
change removes the field completely.

Closes #2871

6 years agocurl: warn the user if a given file name looks like an option
Daniel Stenberg [Wed, 15 Aug 2018 07:17:43 +0000 (09:17 +0200)]
curl: warn the user if a given file name looks like an option

... simply because this is usually a sign of the user having omitted the
file name and the next option is instead "eaten" by the parser as a file
name.

Add test1268 to verify

Closes #2885

6 years agohttp2: check nghttp2_session_set_stream_user_data return code
Daniel Stenberg [Tue, 14 Aug 2018 13:28:29 +0000 (15:28 +0200)]
http2: check nghttp2_session_set_stream_user_data return code

Might help bug #2688 debugging

Closes #2880

6 years agotravis: revert back to gcc-7 for coverage builds
Daniel Stenberg [Wed, 15 Aug 2018 09:13:26 +0000 (11:13 +0200)]
travis: revert back to gcc-7 for coverage builds

... since the gcc-8 ones seem to fail frequently.

Follow-up from b85207199544ca

Closes #2886

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 15 Aug 2018 11:59:07 +0000 (13:59 +0200)]
RELEASE-NOTES: synced

... and now listed in alphabetical order!

6 years agoCMake: CMake config files are defining CURL_STATICLIB for static builds
Adrien [Wed, 1 Aug 2018 12:02:26 +0000 (14:02 +0200)]
CMake: CMake config files are defining CURL_STATICLIB for static builds

This change allows to use the CMake config files generated by Curl's
CMake scripts for static builds of the library.
The symbol CURL_STATIC lib must be defined to compile downstream,
thus the config package is the perfect place to do so.

Fixes #2817
Closes #2823
Reported-by: adnn on github
Reviewed-by: Sergei Nikulov
6 years agoTODO: host name sections in config files
Daniel Stenberg [Wed, 15 Aug 2018 07:17:03 +0000 (09:17 +0200)]
TODO: host name sections in config files

6 years agossh-libssh: fix infinite connect loop on invalid private key
Kamil Dudka [Tue, 14 Aug 2018 10:47:18 +0000 (12:47 +0200)]
ssh-libssh: fix infinite connect loop on invalid private key

Added test 656 (based on test 604) to verify the fix.

Bug: https://bugzilla.redhat.com/1595135

Closes #2879

6 years agossh-libssh: reduce excessive verbose output about pubkey auth
Kamil Dudka [Tue, 14 Aug 2018 11:14:49 +0000 (13:14 +0200)]
ssh-libssh: reduce excessive verbose output about pubkey auth

The verbose message "Authentication using SSH public key file" was
printed each time the ssh_userauth_publickey_auto() was called, which
meant each time a packet was transferred over network because the API
operates in non-blocking mode.

This patch makes sure that the verbose message is printed just once
(when the authentication state is entered by the SSH state machine).

6 years agotravis: disable h2 torture tests for "coverage"
Daniel Stenberg [Tue, 14 Aug 2018 06:39:00 +0000 (08:39 +0200)]
travis: disable h2 torture tests for "coverage"

Since they started to fail almost 100% since a few days.

Closes #2876

6 years agotravis: update to GCC 8
Marcel Raad [Thu, 9 Aug 2018 12:48:28 +0000 (14:48 +0200)]
travis: update to GCC 8

Closes https://github.com/curl/curl/pull/2869

6 years agohttp: fix for tiny "HTTP/0.9" response
Daniel Stenberg [Mon, 13 Aug 2018 10:12:14 +0000 (12:12 +0200)]
http: fix for tiny "HTTP/0.9" response

Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting 0.9 properly.

Test 1266 and 1267 added to verify.

Fixes #2420
Closes #2872

6 years agodocs: add disallow-username-in-url.d and haproxy-protocol.d on the list
Kamil Dudka [Thu, 9 Aug 2018 13:22:11 +0000 (15:22 +0200)]
docs: add disallow-username-in-url.d and haproxy-protocol.d on the list

... to make make the files appear in distribution tarballs

Closes #2856

6 years ago.travis.yml: verify that man pages can be regenerated
Kamil Dudka [Thu, 9 Aug 2018 15:16:19 +0000 (17:16 +0200)]
.travis.yml: verify that man pages can be regenerated

... when curl is built from distribution tarball

Closes #2856

6 years agoSplit non-portable part off test 1133
Marcel Raad [Wed, 8 Aug 2018 20:43:27 +0000 (22:43 +0200)]
Split non-portable part off test 1133

Split off testing file names with double quotes into new test 1158.
Disable it for MSYS using a precheck as it doesn't support file names
with double quotes (but Cygwin does, for example).

Fixes https://github.com/curl/curl/issues/2796
Closes https://github.com/curl/curl/pull/2854

6 years agoprojects: Improve Windows perl detection in batch scripts
Jay Satiro [Sat, 11 Aug 2018 20:33:12 +0000 (16:33 -0400)]
projects: Improve Windows perl detection in batch scripts

- Determine if perl is in the user's PATH by running perl.exe.

Prior to this change detection was done by checking the PATH for perl/
but that did not work in all cases (eg git install includes perl but
not in perl/ path).

Bug: https://github.com/curl/curl/pull/2865
Reported-by: Daniel Jeliński
6 years agodocs: Improve the manual pages of some callbacks
Michael Kaufmann [Sat, 11 Aug 2018 11:52:18 +0000 (13:52 +0200)]
docs: Improve the manual pages of some callbacks

- CURLOPT_HEADERFUNCTION: add newlines
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
  how to set it

Closes https://github.com/curl/curl/pull/2868

6 years agoGCC: silence -Wcast-function-type uniformly
Marcel Raad [Fri, 10 Aug 2018 15:32:01 +0000 (17:32 +0200)]
GCC: silence -Wcast-function-type uniformly

Pointed-out-by: Rikard Falkeborn
Closes https://github.com/curl/curl/pull/2860

6 years agoSilence GCC 8 cast-function-type warnings
Marcel Raad [Thu, 9 Aug 2018 15:19:24 +0000 (17:19 +0200)]
Silence GCC 8 cast-function-type warnings

On Windows, casting between unrelated function types is fine and
sometimes even necessary, so just use an intermediate cast to
(void (*) (void)) to silence the warning as described in [0].

[0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html

Closes https://github.com/curl/curl/pull/2860

6 years agoCURLINFO_SIZE_UPLOAD: fix missing counter update
Daniel Stenberg [Fri, 10 Aug 2018 11:57:50 +0000 (13:57 +0200)]
CURLINFO_SIZE_UPLOAD: fix missing counter update

Adds test 1522 for verification.

Reported-by: cjmsoregan
Fixes #2847
Closes #2864

6 years agoDocumentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
Daniel Jelinski [Fri, 10 Aug 2018 21:24:17 +0000 (23:24 +0200)]
Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug

Closes #2867

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 10 Aug 2018 21:27:37 +0000 (23:27 +0200)]
RELEASE-NOTES: synced

6 years agoopenssl: fix potential NULL pointer deref in is_pkcs11_uri
Daniel Stenberg [Fri, 10 Aug 2018 15:43:31 +0000 (17:43 +0200)]
openssl: fix potential NULL pointer deref in is_pkcs11_uri

Follow-up to 298d2565e
Coverity CID 1438387

6 years agotravis: execute "set -eo pipefail" for coverage build
Marcel Raad [Fri, 10 Aug 2018 02:30:51 +0000 (04:30 +0200)]
travis: execute "set -eo pipefail" for coverage build

Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and
0b87c963252d3504552ee0c8cf4402bd65a80af5.

Closes https://github.com/curl/curl/pull/2862

6 years agolib1502: fix memory leak in torture test
Daniel Stenberg [Fri, 10 Aug 2018 11:18:17 +0000 (13:18 +0200)]
lib1502: fix memory leak in torture test

Reported-by: Marcel Raad
Fixes #2861
Closes #2863

6 years agodocs: mention NULL is fine input to several functions
Daniel Stenberg [Thu, 9 Aug 2018 14:37:39 +0000 (16:37 +0200)]
docs: mention NULL is fine input to several functions

Fixes #2837
Closes #2858
Reported-by: Markus Elfring
6 years agoREADME.md: add LGTM.com code quality grade for C/C++
Bas van Schaik [Thu, 9 Aug 2018 14:20:34 +0000 (15:20 +0100)]
README.md: add LGTM.com code quality grade for C/C++

Closes #2857

6 years agotest1531: Add timeout
Rikard Falkeborn [Tue, 7 Aug 2018 22:10:10 +0000 (00:10 +0200)]
test1531: Add timeout

Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is
looping going on, we might as well add timing instead of removing it.

Closes #2853

6 years agotest1540: Remove unused macro TEST_HANG_TIMEOUT
Rikard Falkeborn [Tue, 7 Aug 2018 20:13:16 +0000 (22:13 +0200)]
test1540: Remove unused macro TEST_HANG_TIMEOUT

The macro has never been used, and it there is not really any place
where it would make sense to add timing checks.

Closes #2852

6 years agoasyn-thread: Remove unused macro
Rikard Falkeborn [Sun, 5 Aug 2018 20:47:53 +0000 (22:47 +0200)]
asyn-thread: Remove unused macro

The macro seems to never have been used.

Closes #2852

6 years agohttp_proxy: Remove unused macro SELECT_TIMEOUT
Rikard Falkeborn [Sun, 5 Aug 2018 20:29:29 +0000 (22:29 +0200)]
http_proxy: Remove unused macro SELECT_TIMEOUT

Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22.

Closes #2852

6 years agoformdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
Rikard Falkeborn [Sun, 5 Aug 2018 19:56:50 +0000 (21:56 +0200)]
formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT

Its usage was removed in
84ad1fd3047815f9c6e78728bb351b828eac10b1.

Closes #2852

6 years agotelnet: Remove unused macros TELOPTS and TELCMDS
Rikard Falkeborn [Sun, 5 Aug 2018 19:53:34 +0000 (21:53 +0200)]
telnet: Remove unused macros TELOPTS and TELCMDS

Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51.

Closes #2852

6 years agoopenssl: fix debug messages
Daniel Jelinski [Mon, 6 Aug 2018 21:35:33 +0000 (23:35 +0200)]
openssl: fix debug messages

Fixes #2806
Closes #2843

6 years agoconfigure: fix for -lpthread detection with OpenSSL and pkg-config
Daniel Stenberg [Wed, 8 Aug 2018 12:42:29 +0000 (14:42 +0200)]
configure: fix for -lpthread detection with OpenSSL and pkg-config

... by making sure it uses the -I provided by pkg-config!

Reported-by: pszemus on github
Fixes #2848
Closes #2850

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 8 Aug 2018 12:54:16 +0000 (14:54 +0200)]
RELEASE-NOTES: synced

6 years agowindows: follow up to the buffer-tuning 1ba1dba7
Daniel Stenberg [Wed, 8 Aug 2018 12:43:26 +0000 (14:43 +0200)]
windows: follow up to the buffer-tuning 1ba1dba7

Somehow I didn't include the amended version of the previous fix. This
is the missing piece.

Pointed-out-by: Viktor Szakats
6 years agowindows: implement send buffer tuning
Daniel Jelinski [Thu, 19 Jul 2018 12:07:59 +0000 (14:07 +0200)]
windows: implement send buffer tuning

Significantly enhances upload performance on modern Windows versions.

Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html
Closes #2762
Fixes #2224

6 years agossl: set engine implicitly when a PKCS#11 URI is provided
Anderson Toshiyuki Sasaki [Mon, 19 Feb 2018 13:31:06 +0000 (14:31 +0100)]
ssl: set engine implicitly when a PKCS#11 URI is provided

This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.

Acked-by: Nikos Mavrogiannopoulos
Closes #2333

6 years agoCMake: Respect BUILD_SHARED_LIBS
Ruslan Baratov [Tue, 10 Jul 2018 09:54:34 +0000 (12:54 +0300)]
CMake: Respect BUILD_SHARED_LIBS

Use standard CMake variable BUILD_SHARED_LIBS instead of introducing
custom option CURL_STATICLIB.

Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml.

Reviewed-by: Sergei Nikulov
Closes #2755

6 years agocmake: bumped minimum version to 3.4
John Butterfield [Thu, 19 Jul 2018 17:46:43 +0000 (10:46 -0700)]
cmake: bumped minimum version to 3.4

Closes #2753

6 years agocmake: link curl to the OpenSSL targets instead of lib absolute paths
John Butterfield [Tue, 17 Jul 2018 08:13:18 +0000 (01:13 -0700)]
cmake: link curl to the OpenSSL targets instead of lib absolute paths

Reviewed-by: Jakub Zakrzewski
Reviewed-by: Sergei Nikulov
Closes #2753

6 years agotravis: build darwinssl on macos 10.12
Daniel Stenberg [Tue, 7 Aug 2018 11:17:22 +0000 (13:17 +0200)]
travis: build darwinssl on macos 10.12

... as building on 10.13.x before 10.13.4 leads to link errors.

Assisted-by: Nick Zitzmann
Fixes #2835
Closes #2845

6 years agoDEPRECATE: remove release date from 7.62.0
Daniel Stenberg [Fri, 3 Aug 2018 22:21:16 +0000 (00:21 +0200)]
DEPRECATE: remove release date from 7.62.0

Since it will slip and the version is the important part there, not the
date.

6 years agolib/Makefile: only do symbol hiding if told to
Daniel Stenberg [Thu, 2 Aug 2018 13:05:11 +0000 (15:05 +0200)]
lib/Makefile: only do symbol hiding if told to

This restores the ability to build a static lib with
--disable-symbol-hiding to keep non-curl_ symbols.

Researched-by: Dan Fandrich
Reported-by: Ran Mozes
Fixes #2830
Closes #2831

6 years agohostip: fix unused variable warning
Marcel Raad [Thu, 2 Aug 2018 06:24:27 +0000 (08:24 +0200)]
hostip: fix unused variable warning

addresses is only used in an infof call, which is a macro expanding to
nothing if CURL_DISABLE_VERBOSE_STRINGS is set.

6 years agotest1307: disabled
Daniel Stenberg [Wed, 1 Aug 2018 22:57:01 +0000 (00:57 +0200)]
test1307: disabled

Turns out that since we're using the native fnmatch function now when
available, and they simply disagree on a huge number of test patterns
that make it hard to test this function like this...

Fixes #2825

6 years agosmb: don't mark it done in smb_do
Daniel Stenberg [Wed, 1 Aug 2018 11:06:21 +0000 (13:06 +0200)]
smb: don't mark it done in smb_do

Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its
doing function too, which requires smb_do() to not mark itself as
done...

Closes #2822

6 years agogeneral: fix printf specifiers
Rikard Falkeborn [Tue, 31 Jul 2018 21:13:17 +0000 (23:13 +0200)]
general: fix printf specifiers

Closes #2818

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 31 Jul 2018 15:23:58 +0000 (17:23 +0200)]
RELEASE-NOTES: synced

6 years agomailmap: Daniel Jelinski
Daniel Stenberg [Tue, 31 Jul 2018 15:22:44 +0000 (17:22 +0200)]
mailmap: Daniel Jelinski

6 years agoHTTP: Don't attempt to needlessly decompress redirect body
Harry Sintonen [Thu, 26 Jul 2018 22:04:29 +0000 (01:04 +0300)]
HTTP: Don't attempt to needlessly decompress redirect body

This change fixes a regression where redirect body would needlessly be
decompressed even though it was to be ignored anyway. As it happens this
causes secondary issues since there appears to be a bug in apache2 that
it in certain conditions generates a corrupt zlib response. The
regression was created by commit:
dbcced8e32b50c068ac297106f0502ee200a1ebd

Discovered-by: Harry Sintonen
Closes #2798

6 years agocurl: use Content-Disposition before the "URL end" for -OJ
Daniel Stenberg [Mon, 30 Jul 2018 22:27:50 +0000 (00:27 +0200)]
curl: use Content-Disposition before the "URL end" for -OJ

Regression introduced in 7.61.0

Reported-by: Thomas Klausner
Fixes #2783
Closes #2813

6 years agoretry: return error if rewind was necessary but didn't happen
Daniel Jelinski [Mon, 30 Jul 2018 07:30:10 +0000 (09:30 +0200)]
retry: return error if rewind was necessary but didn't happen

Fixes #2801
Closes #2812

6 years agohttp2: clear the drain counter in Curl_http2_done
Daniel Stenberg [Sun, 29 Jul 2018 10:30:29 +0000 (12:30 +0200)]
http2: clear the drain counter in Curl_http2_done

Reported-by: Andrei Virtosu
Fixes #2800
Closes #2809

6 years agosmb: fix memory leak on early failure
Daniel Stenberg [Sun, 29 Jul 2018 15:58:10 +0000 (17:58 +0200)]
smb: fix memory leak on early failure

... by making sure connection related data (->share) is stored in the
connection and not in the easy handle.

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
Fixes #2769
Closes #2810

6 years agotravis: run a 'make checksrc' too
Daniel Stenberg [Mon, 30 Jul 2018 11:40:09 +0000 (13:40 +0200)]
travis: run a 'make checksrc' too

... to make sure the examples are all checked.

Closes #2811

6 years agoexamples/ephiperfifo: checksrc compliance
Jay Satiro [Sun, 29 Jul 2018 19:06:00 +0000 (15:06 -0400)]
examples/ephiperfifo: checksrc compliance

6 years agosws: handle EINTR when calling select()
Michael Kaufmann [Sun, 29 Jul 2018 11:47:31 +0000 (13:47 +0200)]
sws: handle EINTR when calling select()

Closes https://github.com/curl/curl/pull/2808

6 years agotest1157: follow-up to 35ecffb9
Daniel Stenberg [Sun, 29 Jul 2018 10:29:39 +0000 (12:29 +0200)]
test1157: follow-up to 35ecffb9

Ignore the user-agent line.
Pointed-out-by: Marcel Raad
6 years agotests/http_pipe.py: Use /usr/bin/env to find python
Michael Kaufmann [Sun, 29 Jul 2018 10:22:57 +0000 (12:22 +0200)]
tests/http_pipe.py: Use /usr/bin/env to find python

6 years agoTODO: Support Authority Information Access certificate extension (AIA)
Daniel Stenberg [Sat, 28 Jul 2018 21:26:42 +0000 (23:26 +0200)]
TODO: Support Authority Information Access certificate extension (AIA)

Closes #2793

6 years agoconn_free: updated comment to clarify
Daniel Stenberg [Sat, 28 Jul 2018 21:17:01 +0000 (00:17 +0300)]
conn_free: updated comment to clarify

Let's call it disassociate instead of disconnect since the latter term
is used so much for (TCP) connections already.

6 years agotest1157: test -H from empty file
Daniel Stenberg [Sat, 28 Jul 2018 20:47:16 +0000 (22:47 +0200)]
test1157: test -H from empty file

Verifies bugfix #2797

6 years agocurl: Fix segfault when -H @headerfile is empty
Tobias Blomberg [Thu, 26 Jul 2018 21:22:49 +0000 (23:22 +0200)]
curl: Fix segfault when -H @headerfile is empty

The curl binary would crash if the -H command line option was given a
filename to read using the @filename syntax but that file was empty.

Closes #2797

6 years agomime: check Curl_rand_hex's return code
Daniel Stenberg [Thu, 26 Jul 2018 13:55:59 +0000 (16:55 +0300)]
mime: check Curl_rand_hex's return code

Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
Reported-by: Jeffrey Walton
Closes #2795

6 years agodocs/examples: add hiperfifo example using linux epoll/timerfd
Josh Bialkowski [Fri, 27 Jul 2018 22:46:19 +0000 (15:46 -0700)]
docs/examples: add hiperfifo example using linux epoll/timerfd

Closes #2804

6 years agodocs/INSTALL.md: minor formatting fixes
Darío Hereñú [Thu, 26 Jul 2018 01:57:55 +0000 (22:57 -0300)]
docs/INSTALL.md: minor formatting fixes

Closes #2794

6 years agodocs/CURLOPT_URL: fix indentation
Christopher Head [Wed, 25 Jul 2018 06:40:11 +0000 (23:40 -0700)]
docs/CURLOPT_URL: fix indentation

The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.

Closes #2788

6 years agodocs/CURLOPT_WRITEFUNCTION: size is always 1
Christopher Head [Wed, 25 Jul 2018 05:47:23 +0000 (22:47 -0700)]
docs/CURLOPT_WRITEFUNCTION: size is always 1

For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Closes #2787

6 years agowolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
Carie Pointer [Fri, 20 Jul 2018 20:00:09 +0000 (13:00 -0700)]
wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random

RNG structure must be freed by call to FreeRng after its use in
Curl_cyassl_random. This call fixes Valgrind failures when running the
test suite with wolfSSL.

Closes #2784

6 years agoreuse_conn(): free old_conn->options
Even Rouault [Wed, 25 Jul 2018 09:22:51 +0000 (11:22 +0200)]
reuse_conn(): free old_conn->options

This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
connection reuse.

I found this with oss-fuzz on GDAL and curl master:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
I couldn't reproduce with the oss-fuzz original test case, but looking
at curl source code pointed to this well reproducable leak.

Closes #2790

6 years agosystem_win32: fix version checking
djelinski [Wed, 25 Jul 2018 12:01:55 +0000 (14:01 +0200)]
system_win32: fix version checking

In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
when run on windows 10.0. This patch addresses that error.

Closes https://github.com/curl/curl/pull/2792

6 years agoauth: pick Bearer authentication whenever a token is available
Johannes Schindelin [Fri, 20 Jul 2018 16:17:43 +0000 (18:17 +0200)]
auth: pick Bearer authentication whenever a token is available

So far, the code tries to pick an authentication method only if
user/password credentials are available, which is not the case for
Bearer authentictation...

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754

6 years agoauth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
Johannes Schindelin [Tue, 17 Jul 2018 12:52:53 +0000 (14:52 +0200)]
auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token

The Bearer authentication was added to cURL 7.61.0, but there is a
problem: if CURLAUTH_ANY is selected, and the server supports multiple
authentication methods including the Bearer method, we strongly prefer
that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
authentication fails, we will never even try to attempt any other
method.

This is particularly unfortunate when we already know that we do not
have any Bearer token to work with.

Such a scenario happens e.g. when using Git to push to Visual Studio
Team Services (which supports Basic and Bearer authentication among
other methods) and specifying the Personal Access Token directly in the
URL (this aproach is frequently taken by automated builds).

Let's make sure that we have a Bearer token to work with before we
select the Bearer authentication among the available authentication
methods.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754

6 years agotest320: treat curl320.out file as binary
Marcel Raad [Sun, 22 Jul 2018 08:09:42 +0000 (10:09 +0200)]
test320: treat curl320.out file as binary

Otherwise, LF line endings are converted to CRLF on Windows,
but no conversion is done for the reply, so the test case fails.

Closes https://github.com/curl/curl/pull/2776

6 years agovtls: set conn->data when closing TLS
Daniel Stenberg [Fri, 20 Jul 2018 21:24:47 +0000 (23:24 +0200)]
vtls: set conn->data when closing TLS

Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS
layer for a connection still needs a Curl_easy handle for the session_id
cache etc.

Fixes #2764
Closes #2771

6 years agotests: fixes for Windows line endlings
Marcel Raad [Sat, 21 Jul 2018 10:24:08 +0000 (12:24 +0200)]
tests: fixes for Windows line endlings

Set mode="text" when line endings depend on the system representation.

Closes https://github.com/curl/curl/pull/2772

6 years agotest214: disable MSYS2's POSIX path conversion for URL
Marcel Raad [Sat, 21 Jul 2018 09:27:31 +0000 (11:27 +0200)]
test214: disable MSYS2's POSIX path conversion for URL

By default, the MSYS2 bash converts all backslashes to forward slashes
in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.

Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces

6 years agohttp2: several cleanups
Daniel Stenberg [Mon, 16 Jul 2018 22:29:11 +0000 (00:29 +0200)]
http2: several cleanups

- separate easy handle from connections better
- added asserts on a number of places
- added sanity check of pipelines for debug builds

Closes #2751

6 years agosmb_getsock: always wait for write socket too
Daniel Stenberg [Thu, 19 Jul 2018 22:57:28 +0000 (00:57 +0200)]
smb_getsock: always wait for write socket too

... the protocol is doing read/write a lot, so it needs to write often
even when downloading. A more proper fix could check for eactly when it
wants to write and only ask for it then.

Without this fix, an SMB download could easily get stuck when the event-driven
API was used.

Closes #2768

6 years agotest1143: disable MSYS2's POSIX path conversion
Marcel Raad [Fri, 20 Jul 2018 09:00:57 +0000 (11:00 +0200)]
test1143: disable MSYS2's POSIX path conversion

By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
as a POSIX file list and converts it to a Windows file list.
Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.

Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
Closes https://github.com/curl/curl/pull/2765

6 years agoRELEASE-NOTES: sync
Daniel Stenberg [Tue, 17 Jul 2018 23:21:07 +0000 (01:21 +0200)]
RELEASE-NOTES: sync

... and work toward 7.61.1

6 years agoCMake: Update scripts to use consistent style
Ruslan Baratov [Tue, 17 Jul 2018 06:36:59 +0000 (09:36 +0300)]
CMake: Update scripts to use consistent style

Closes #2727
Reviewed-by: Sergei Nikulov
6 years agoheader output: switch off all styles, not just unbold
Daniel Stenberg [Thu, 12 Jul 2018 09:04:00 +0000 (11:04 +0200)]
header output: switch off all styles, not just unbold

... the "unbold" sequence doesn't work on the mac Terminal.

Reported-by: Zero King
Fixes #2736
Closes #2738

6 years agodarwinssl: add support for ALPN negotiation
Rodger Combs [Wed, 11 Jul 2018 07:45:14 +0000 (02:45 -0500)]
darwinssl: add support for ALPN negotiation

6 years agotest1422: add required file feature
Marcel Raad [Fri, 13 Jul 2018 08:06:13 +0000 (10:06 +0200)]
test1422: add required file feature

curl configured with --enable-debug --disable-file currently complains
on test1422:
Info: Protocol "file" not supported or disabled in libcurl

Make test1422 dependend on enabled FILE protocol to fix this.

Fixes https://github.com/curl/curl/issues/2741
Closes https://github.com/curl/curl/pull/2742

6 years agocontent_encoding: accept up to 4 unknown trailer bytes after raw deflate data
Patrick Monnerat [Thu, 12 Jul 2018 20:46:15 +0000 (22:46 +0200)]
content_encoding: accept up to 4 unknown trailer bytes after raw deflate data

Some servers issue raw deflate data that may be followed by an undocumented
trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
before considering the data is in error.

Reported-by: clbr on github
Fixes #2719