]> granicus.if.org Git - curl/log
curl
5 years agomulti: support verbose conncache closure handle
Jay Satiro [Tue, 26 Feb 2019 07:17:03 +0000 (02:17 -0500)]
multi: support verbose conncache closure handle

- Change closure handle to receive verbose setting from the easy handle
  most recently added via curl_multi_add_handle.

The closure handle is a special easy handle used for closing cached
connections. It receives limited settings from the easy handle most
recently added to the multi handle. Prior to this change that did not
include verbose which was a problem because on connection shutdown
verbose mode was not acknowledged.

Ref: https://github.com/curl/curl/pull/3598

Co-authored-by: Daniel Stenberg
Closes https://github.com/curl/curl/pull/3618

5 years agoCURLU: fix NULL dereference when used over proxy
Daniel Stenberg [Mon, 4 Mar 2019 11:03:39 +0000 (12:03 +0100)]
CURLU: fix NULL dereference when used over proxy

Test 659 verifies

Also fixed the test 658 name

Closes #3641

5 years agoaltsvc_out: check the return code from Curl_gmtime
Daniel Stenberg [Sun, 3 Mar 2019 16:37:29 +0000 (17:37 +0100)]
altsvc_out: check the return code from Curl_gmtime

Pointed out by Coverity, CID 1442956.

Closes #3640

5 years agodocs/ALTSVC.md: docs describing the approach
Daniel Stenberg [Sun, 3 Mar 2019 10:17:52 +0000 (11:17 +0100)]
docs/ALTSVC.md: docs describing the approach

Closes #3498

5 years agoalt-svc: add a travis build
Daniel Stenberg [Sun, 3 Mar 2019 10:17:52 +0000 (11:17 +0100)]
alt-svc: add a travis build

5 years agoalt-svc: add test 355 and 356 to verify with command line curl
Daniel Stenberg [Sun, 3 Mar 2019 10:17:52 +0000 (11:17 +0100)]
alt-svc: add test 355 and 356 to verify with command line curl

5 years agoalt-svc: the curl command line bits
Daniel Stenberg [Sun, 3 Mar 2019 10:17:52 +0000 (11:17 +0100)]
alt-svc: the curl command line bits

5 years agoalt-svc: the libcurl bits
Daniel Stenberg [Sun, 3 Mar 2019 10:17:52 +0000 (11:17 +0100)]
alt-svc: the libcurl bits

5 years agotravis: add build using gnutls
Daniel Stenberg [Fri, 1 Mar 2019 21:00:27 +0000 (22:00 +0100)]
travis: add build using gnutls

Closes #3637

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sat, 2 Mar 2019 11:04:43 +0000 (12:04 +0100)]
RELEASE-NOTES: synced

5 years agoscripts/completion.pl: also generate fish completion file
Simon Legner [Sun, 10 Feb 2019 21:06:42 +0000 (22:06 +0100)]
scripts/completion.pl: also generate fish completion file

This is the renamed script formerly known as zsh.pl

Closes #3545

5 years agognutls: remove call to deprecated gnutls_compression_get_name
Daniel Stenberg [Fri, 1 Mar 2019 15:02:04 +0000 (16:02 +0100)]
gnutls: remove call to deprecated gnutls_compression_get_name

It has been deprecated by GnuTLS since a year ago and now causes build
warnings.

Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f
Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html

Closes #3636

5 years agosystem_win32: move win32_init here from easy.c
Jay Satiro [Thu, 28 Feb 2019 08:03:00 +0000 (03:03 -0500)]
system_win32: move win32_init here from easy.c

.. since system_win32 is a more appropriate location for the functions
and to extern the globals.

Ref: https://github.com/curl/curl/commit/ca597ad#r32446578
Reported-by: Gisle Vanem
Closes https://github.com/curl/curl/pull/3625

5 years agocurl_easy_duphandle.3: clarify that a duped handle has no shares
Daniel Stenberg [Fri, 1 Mar 2019 11:03:42 +0000 (12:03 +0100)]
curl_easy_duphandle.3: clarify that a duped handle has no shares

Reported-by: Sara Golemon
Fixes #3592
Closes #3634

5 years ago10-at-a-time.c: fix too long line
Daniel Stenberg [Fri, 1 Mar 2019 20:46:59 +0000 (21:46 +0100)]
10-at-a-time.c: fix too long line

5 years agoexamples: various fixes in ephiperfifo.c
Arnaud Rebillout [Fri, 1 Mar 2019 09:58:25 +0000 (16:58 +0700)]
examples: various fixes in ephiperfifo.c

The main change here is the timer value that was wrong, it was given in
usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 *
1000). This resulted in the callback being invoked WAY TOO OFTEN.

As a quick check you can run this command before and after applying this
commit:

    # shell 1
    ./ephiperfifo 2>&1 | tee ephiperfifo.log
    # shell 2
    echo http://hacking.elboulangero.com > hiper.fifo

Then just compare the size of the logs files.

Closes #3633
Fixes #3632
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
5 years agourldata: simplify bytecounters
Daniel Stenberg [Thu, 28 Feb 2019 10:36:26 +0000 (11:36 +0100)]
urldata: simplify bytecounters

- no need to have them protocol specific

- no need to set pointers to them with the Curl_setup_transfer() call

- make Curl_setup_transfer() operate on a transfer pointer, not
  connection

- switch some counters from long to the more proper curl_off_t type

Closes #3627

5 years agoexamples/10-at-a-time.c: improve readability and simplify
Daniel Stenberg [Fri, 1 Mar 2019 16:11:57 +0000 (17:11 +0100)]
examples/10-at-a-time.c: improve readability and simplify

 - use better variable names to explain their purposes
 - convert logic to curl_multi_wait()

5 years agothreaded-resolver: shutdown the resolver thread without error message
Daniel Stenberg [Thu, 28 Feb 2019 19:34:36 +0000 (20:34 +0100)]
threaded-resolver: shutdown the resolver thread without error message

When a transfer is done, the resolver thread will be brought down. That
could accidentally generate an error message in the error buffer even
though this is not an error situationand the transfer would still return
OK.  An application that still reads the error buffer could find a
"Could not resolve host: [host name]" message there and get confused.

Reported-by: Michael Schmid
Fixes #3629
Closes #3630

5 years agodocs: update max-redirs.d phrasing
Ԝеѕ [Thu, 28 Feb 2019 20:59:13 +0000 (15:59 -0500)]
docs: update max-redirs.d phrasing

clarify redir - "in absurdum" doesn't seem to make sense in this context

Closes #3631

5 years agossh: fix Condition '!status' is always true
Daniel Stenberg [Thu, 28 Feb 2019 14:35:58 +0000 (15:35 +0100)]
ssh: fix Condition '!status' is always true

in the same sftp_done function in both SSH backends. Simplify them
somewhat.

Pointed out by Codacy.

Closes #3628

5 years agotest578: make it read data from the correct test
Daniel Stenberg [Thu, 28 Feb 2019 19:46:03 +0000 (20:46 +0100)]
test578: make it read data from the correct test

5 years agoCurl_easy: remove req.maxfd - never used!
Daniel Stenberg [Thu, 28 Feb 2019 09:47:55 +0000 (10:47 +0100)]
Curl_easy: remove req.maxfd - never used!

Introduced in 8b6314ccfb, but not used anymore in current code. Unclear
since when.

Closes #3626

5 years agohttp: set state.infilesize when sending formposts
Daniel Stenberg [Wed, 27 Feb 2019 21:30:32 +0000 (22:30 +0100)]
http: set state.infilesize when sending formposts

Without it set, we would unwillingly triger the "HTTP error before end
of send, stop sending" condition even if the entire POST body had been
sent (since it wouldn't know the expected size) which would
unnecessarily log that message and close the connection when it didn't
have to.

Reported-by: Matt McClure
Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html
Closes #3624

5 years agoINSTALL: refer to the current TLS library names and configure options
Daniel Stenberg [Thu, 28 Feb 2019 08:12:31 +0000 (09:12 +0100)]
INSTALL: refer to the current TLS library names and configure options

5 years agoFAQ: minor updates and spelling fixes
Daniel Stenberg [Thu, 28 Feb 2019 08:09:51 +0000 (09:09 +0100)]
FAQ: minor updates and spelling fixes

5 years agoGOVERNANCE.md: minor spelling fixes
Daniel Stenberg [Thu, 28 Feb 2019 08:09:31 +0000 (09:09 +0100)]
GOVERNANCE.md: minor spelling fixes

5 years agoSecure Transport: no more "darwinssl"
Daniel Stenberg [Tue, 26 Feb 2019 08:21:12 +0000 (09:21 +0100)]
Secure Transport: no more "darwinssl"

Everyone calls it Secure Transport, now we do too.

Reviewed-by: Nick Zitzmann
Closes #3619

5 years agoAppVeyor: add classic MinGW build
Marcel Raad [Tue, 26 Feb 2019 16:38:14 +0000 (17:38 +0100)]
AppVeyor: add classic MinGW build

But use the MSYS2 shell rather than the default MSYS shell because of
POSIX path conversion issues. Classic MinGW is only available on the
Visual Studio 2015 image.

Closes https://github.com/curl/curl/pull/3623

5 years agoAppVeyor: add MinGW-w64 build
Marcel Raad [Wed, 10 Oct 2018 20:22:06 +0000 (22:22 +0200)]
AppVeyor: add MinGW-w64 build

Add a MinGW-w64 build using CMake's MSYS Makefiles generator.
Use the Visual Studio 2015 image as it has GCC 8, while the
Visual Studio 2017 image only has GCC 7.2.

Closes https://github.com/curl/curl/pull/3623

5 years agocookies: only save the cookie file if the engine is enabled
Daniel Stenberg [Tue, 26 Feb 2019 15:35:07 +0000 (16:35 +0100)]
cookies: only save the cookie file if the engine is enabled

Follow-up to 8eddb8f4259.

If the cookieinfo pointer is NULL there really is nothing to save.

Without this fix, we got a problem when a handle was using shared object
with cookies and is told to "FLUSH" it to file (which worked) and then
the share object was removed and when the easy handle was closed just
afterwards it has no cookieinfo and no cookies so it decided to save an
empty jar (overwriting the file just flushed).

Test 1905 now verifies that this works.

Assisted-by: Michael Wallner
Assisted-by: Marcel Raad
Closes #3621

5 years agocacertinmem.c: use multiple certificates for loading CA-chain
DaVieS [Mon, 31 Dec 2018 00:36:05 +0000 (01:36 +0100)]
cacertinmem.c: use multiple certificates for loading CA-chain

Closes #3421

5 years agourldata: convert bools to bitfields and move to end
Daniel Stenberg [Mon, 25 Feb 2019 10:17:53 +0000 (11:17 +0100)]
urldata: convert bools to bitfields and move to end

This allows the compiler to pack and align the structs better in
memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2
makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000.

Removed an unused struct field.

No functionality changes.

Closes #3610

5 years agocurl.h: use __has_declspec_attribute for shared builds
Don J Olmstead [Mon, 25 Feb 2019 22:17:51 +0000 (14:17 -0800)]
curl.h: use __has_declspec_attribute for shared builds

Closes #3616

5 years agocurl: display --version features sorted alphabetically
Daniel Stenberg [Mon, 25 Feb 2019 11:25:15 +0000 (12:25 +0100)]
curl: display --version features sorted alphabetically

Closes #3611

5 years agoruntests: detect "schannel" as an alias for "winssl"
Daniel Stenberg [Tue, 26 Feb 2019 13:01:30 +0000 (14:01 +0100)]
runtests: detect "schannel" as an alias for "winssl"

Follow-up to 180501cb02

Reported-by: Marcel Raad
Fixes #3609
Closes #3620

5 years agoAppVeyor: update to Visual Studio 2017
Marcel Raad [Sun, 24 Feb 2019 12:55:40 +0000 (13:55 +0100)]
AppVeyor: update to Visual Studio 2017

Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a
moving target anymore as the last update, Update 9, has been released.

Closes https://github.com/curl/curl/pull/3606

5 years agoAppVeyor: switch VS 2015 builds to VS 2017 image
Marcel Raad [Sun, 24 Feb 2019 12:50:05 +0000 (13:50 +0100)]
AppVeyor: switch VS 2015 builds to VS 2017 image

The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed.

Closes https://github.com/curl/curl/pull/3606

5 years agoAppVeyor: explicitly select worker image
Marcel Raad [Sat, 23 Feb 2019 21:33:32 +0000 (22:33 +0100)]
AppVeyor: explicitly select worker image

Currently, we're using the default Visual Studio 2015 image for
everything.

Closes https://github.com/curl/curl/pull/3606

5 years agostrerror: make the strerror function use local buffers
Daniel Stenberg [Mon, 25 Feb 2019 17:12:51 +0000 (18:12 +0100)]
strerror: make the strerror function use local buffers

Instead of using a fixed 256 byte buffer in the connectdata struct.

In my build, this reduces the size of the connectdata struct by 11.8%,
from 2160 to 1904 bytes with no functionality or performance loss.

This also fixes a bug in schannel's Curl_verify_certificate where it
called Curl_sspi_strerror when it should have called Curl_strerror for
string from GetLastError. the only effect would have been no text or the
wrong text being shown for the error.

Co-authored-by: Jay Satiro
Closes #3612

5 years agocookies: fix NULL dereference if flushing cookies with no CookieInfo set
Michael Wallner [Mon, 25 Feb 2019 18:05:02 +0000 (19:05 +0100)]
cookies: fix NULL dereference if flushing cookies with no CookieInfo set

Regression brought by a52e46f3900fb0 (shipped in 7.63.0)

Closes #3613

5 years agoAppVeyor: re-enable test 500
Marcel Raad [Mon, 25 Feb 2019 20:20:19 +0000 (21:20 +0100)]
AppVeyor: re-enable test 500

It's passing now.

Closes https://github.com/curl/curl/pull/3615

5 years agoAppVeyor: remove redundant builds
Marcel Raad [Mon, 25 Feb 2019 20:03:13 +0000 (21:03 +0100)]
AppVeyor: remove redundant builds

Remove the Visual Studio 2012 and 2013 builds as they add little value.

Ref: https://github.com/curl/curl/pull/3606
Closes https://github.com/curl/curl/pull/3614

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 25 Feb 2019 22:19:32 +0000 (23:19 +0100)]
RELEASE-NOTES: synced

5 years agoOpenSSL: add support for TLS ASYNC state
Bernd Mueller [Wed, 20 Feb 2019 13:21:10 +0000 (14:21 +0100)]
OpenSSL: add support for TLS ASYNC state

Closes #3591

5 years agoacinclude: add additional libraries to check for LDAP support
Michael Felt [Thu, 21 Feb 2019 13:34:49 +0000 (13:34 +0000)]
acinclude: add additional libraries to check for LDAP support

- Add an additional check for LDAP that also checks for OpenSSL since
  on AIX those libraries may be required to link LDAP properly.

Fixes https://github.com/curl/curl/issues/3595
Closes https://github.com/curl/curl/pull/3596

5 years agoschannel: support CALG_ECDH_EPHEM algorithm
georgeok [Sun, 24 Feb 2019 18:20:57 +0000 (18:20 +0000)]
schannel: support CALG_ECDH_EPHEM algorithm

Add support for Ephemeral elliptic curve Diffie-Hellman key exchange
algorithm option when selecting ciphers. This became available on the
Win10 SDK.

Closes https://github.com/curl/curl/pull/3608

5 years agomulti: call multi_done on connect timeouts
Daniel Stenberg [Sun, 24 Feb 2019 15:32:04 +0000 (16:32 +0100)]
multi: call multi_done on connect timeouts

Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get
updated correctly and could end up getting reported to the application
completely wrong (way too small).

Reported-by: accountantM on github
Fixes #3602
Closes #3605

5 years agoexamples: remove recursive calls to curl_multi_socket_action
Daniel Stenberg [Fri, 22 Feb 2019 12:44:41 +0000 (13:44 +0100)]
examples: remove recursive calls to curl_multi_socket_action

From within the timer callbacks. Recursive is problematic for several
reasons. They should still work, but this way the examples and the
documentation becomes simpler. I don't think we need to encourage
recursive calls.

Discussed in #3537
Closes #3601

5 years agoconfigure: remove CURL_CHECK_FUNC_FDOPEN call
Marcel Raad [Sat, 23 Feb 2019 10:00:53 +0000 (11:00 +0100)]
configure: remove CURL_CHECK_FUNC_FDOPEN call

The macro itself has been removed in commit
11974ac859c5d82def59e837e0db56fef7f6794e.

Closes https://github.com/curl/curl/pull/3604

5 years agowolfssl: stop custom-adding curves
Daniel Stenberg [Fri, 22 Feb 2019 07:04:09 +0000 (08:04 +0100)]
wolfssl: stop custom-adding curves

since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in
wolfSSL 3.10.2 and later) it sends these curves by default already.

Pointed-out-by: David Garske
Closes #3599

5 years agoconfigure: remove the unused fdopen macro
Daniel Stenberg [Fri, 22 Feb 2019 11:56:15 +0000 (12:56 +0100)]
configure: remove the unused fdopen macro

and the two remaining #ifdefs for it

Closes #3600

5 years agourl: change conn shutdown order to unlink data as last step
Jay Satiro [Thu, 21 Feb 2019 20:30:10 +0000 (15:30 -0500)]
url: change conn shutdown order to unlink data as last step

- Split off connection shutdown procedure from Curl_disconnect into new
  function conn_shutdown.

- Change the shutdown procedure to close the sockets before
  disassociating the transfer.

Prior to this change the sockets were closed after disassociating the
transfer so SOCKETFUNCTION wasn't called since the transfer was already
disassociated. That likely came about from recent work started in
Jan 2019 (#3442) to separate transfers from connections.

Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html
Reported-by: Pavel Löbl
Closes https://github.com/curl/curl/issues/3597
Closes https://github.com/curl/curl/pull/3598

5 years agoFix strict-prototypes GCC warning
Marcel Raad [Fri, 22 Feb 2019 18:12:30 +0000 (19:12 +0100)]
Fix strict-prototypes GCC warning

As seen in the MinGW autobuilds. Caused by commit
f26bc29cfec0be84c67cf74065cf8e5e78fd68b7.

5 years agotests: Fixed XML validation errors in some test files.
Dan Fandrich [Thu, 21 Feb 2019 21:06:16 +0000 (22:06 +0100)]
tests: Fixed XML validation errors in some test files.

5 years agoTODO: Allow SAN names in HTTP/2 server push
Daniel Stenberg [Wed, 20 Feb 2019 07:44:21 +0000 (08:44 +0100)]
TODO: Allow SAN names in HTTP/2 server push

Suggested-by: Nicolas Grekas
5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 20 Feb 2019 07:29:48 +0000 (08:29 +0100)]
RELEASE-NOTES: synced

5 years agocurl: remove MANUAL from -M output
Daniel Stenberg [Tue, 19 Feb 2019 09:02:27 +0000 (10:02 +0100)]
curl: remove MANUAL from -M output

... and remove it from the dist tarball. It has served its time, it
barely gets updated anymore and "everything curl" is now convering all
this document once tried to include, and does it more and better.

In the compressed scenario, this removes ~15K data from the binary,
which is 25% of the -M output.

It remains in the git repo for now for as long as the web site builds a
page using that as source. It renders poorly on the site (especially for
mobile users) so its not even good there.

Closes #3587

5 years agohttp2: verify :athority in push promise requests
Daniel Stenberg [Mon, 18 Feb 2019 08:10:01 +0000 (09:10 +0100)]
http2: verify :athority in push promise requests

RFC 7540 says we should verify that the push is for an "authoritative"
server. We make sure of this by only allowing push with an :athority
header that matches the host that was asked for in the URL.

Fixes #3577
Reported-by: Nicolas Grekas
Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html
Closes #3581

5 years agosinglesocket: fix the 'sincebefore' placement
Daniel Stenberg [Tue, 19 Feb 2019 14:56:54 +0000 (15:56 +0100)]
singlesocket: fix the 'sincebefore' placement

The variable wasn't properly reset within the loop and thus could remain
set for sockets that hadn't been set before and miss notifying the app.

This is a follow-up to 4c35574 (shipped in curl 7.64.0)

Reported-by: buzo-ffm on github
Detected-by: Jan Alexander Steffens
Fixes #3585
Closes #3589

5 years agoconnection: never reuse CONNECT_ONLY conections
Daniel Stenberg [Mon, 18 Feb 2019 15:33:36 +0000 (16:33 +0100)]
connection: never reuse CONNECT_ONLY conections

and make CONNECT_ONLY conections never reuse any existing ones either.

Reported-by: Pavel Löbl
Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html
Closes #3586

5 years agocli tool: fix mime post with --disable-libcurl-option configure option
Patrick Monnerat [Tue, 19 Feb 2019 16:08:58 +0000 (17:08 +0100)]
cli tool: fix mime post with --disable-libcurl-option configure option

Reported-by: Marcel Raad
Fixes #3576
Closes #3583

5 years agox509asn1: cleanup and unify code layout
Daniel Stenberg [Mon, 18 Feb 2019 11:28:35 +0000 (12:28 +0100)]
x509asn1: cleanup and unify code layout

- rename 'n' to buflen in functions, and use size_t for them. Don't pass
  in negative buffer lengths.

- move most function comments to above the function starts like we use
  to

- remove several unnecessary typecasts (especially of NULL)

Reviewed-by: Patrick Monnerat
Closes #3582

5 years agocurl_multi_remove_handle.3: use at any time, just not from within callbacks
Daniel Stenberg [Tue, 19 Feb 2019 10:22:29 +0000 (11:22 +0100)]
curl_multi_remove_handle.3: use at any time, just not from within callbacks

[ci skip]

5 years agohttp: make adding a blank header thread-safe
Daniel Stenberg [Mon, 18 Feb 2019 07:14:52 +0000 (08:14 +0100)]
http: make adding a blank header thread-safe

Previously the function would edit the provided header in-place when a
semicolon is used to signify an empty header. This made it impossible to
use the same set of custom headers in multiple threads simultaneously.

This approach now makes a local copy when it needs to edit the string.

Reported-by: d912e3 on github
Fixes #3578
Closes #3579

5 years agounit1651: survive curl_easy_init() fails
Daniel Stenberg [Mon, 18 Feb 2019 11:29:23 +0000 (12:29 +0100)]
unit1651: survive curl_easy_init() fails

5 years agorand: Fix a mismatch between comments in source and header.
Frank Gevaerts [Mon, 18 Feb 2019 19:01:23 +0000 (20:01 +0100)]
rand: Fix a mismatch between comments in source and header.

Reported-by: Björn Stenberg <bjorn@haxx.se>
Closes #3584

5 years agox509asn1: replace single char with an array
Patrick Monnerat [Mon, 18 Feb 2019 14:40:34 +0000 (15:40 +0100)]
x509asn1: replace single char with an array

Although safe in this context, using a single char as an array may
cause invalid accesses to adjacent memory locations.

Detected by Coverity.

5 years agoexamples/http2-serverpush: add some sensible error checks
Daniel Stenberg [Mon, 18 Feb 2019 08:07:34 +0000 (09:07 +0100)]
examples/http2-serverpush: add some sensible error checks

To avoid NULL pointer dereferences etc in the case of problems.

Closes #3580

5 years agoeasy: fix win32 init to work without CURL_GLOBAL_WIN32
Jay Satiro [Sat, 16 Feb 2019 23:55:40 +0000 (18:55 -0500)]
easy: fix win32 init to work without CURL_GLOBAL_WIN32

- Change the behavior of win32_init so that the required initialization
  procedures are not affected by CURL_GLOBAL_WIN32 flag.

libcurl via curl_global_init supports initializing for win32 with an
optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop
Winsock initialization. It did so internally by skipping win32_init()
when that flag was set. Since then win32_init() has been expanded to
include required initialization routines that are separate from
Winsock and therefore must be called in all cases. This commit fixes
it so that CURL_GLOBAL_WIN32 only controls the optional win32
initialization (which is Winsock initialization, according to our doc).

The only users affected by this change are those that don't pass
CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the
risk of a potential crash.

Ref: https://github.com/curl/curl/pull/3573

Fixes https://github.com/curl/curl/issues/3313
Closes https://github.com/curl/curl/pull/3575

5 years agocookie: Add support for cookie prefixes
Daniel Gustafsson [Sat, 16 Feb 2019 23:09:30 +0000 (00:09 +0100)]
cookie: Add support for cookie prefixes

The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
and how they should affect cookie initialization, which has been
adopted by the major browsers. This adds support for the two prefixes
defined, __Host- and __Secure, and updates the testcase with the
supplied examples from the draft.

Closes #3554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agombedtls: release sessionid resources on error
Daniel Gustafsson [Sat, 16 Feb 2019 21:30:31 +0000 (22:30 +0100)]
mbedtls: release sessionid resources on error

If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.

Closes: #3574
Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agocli tool: refactor encoding conversion sequence for switch case fallthrough.
Patrick Monnerat [Sat, 16 Feb 2019 01:04:24 +0000 (02:04 +0100)]
cli tool: refactor encoding conversion sequence for switch case fallthrough.

5 years agoversion.c: silent scan-build even when librtmp is not enabled
Patrick Monnerat [Fri, 15 Feb 2019 19:19:00 +0000 (20:19 +0100)]
version.c: silent scan-build even when librtmp is not enabled

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 15 Feb 2019 22:33:47 +0000 (23:33 +0100)]
RELEASE-NOTES: synced

5 years agoCurl_now: figure out windows version in win32_init
Daniel Stenberg [Thu, 14 Feb 2019 16:08:29 +0000 (17:08 +0100)]
Curl_now: figure out windows version in win32_init

... and avoid use of static variables that aren't thread safe.

Fixes regression from e9ababd4f5a (present in the 7.64.0 release)

Reported-by: Paul Groke
Fixes #3572
Closes #3573

5 years agounit1307: just fail without FTP support
Marcel Raad [Thu, 14 Feb 2019 08:35:54 +0000 (09:35 +0100)]
unit1307: just fail without FTP support

I missed to check this in with commit
71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test.
This fixes the actual linker error.

Closes https://github.com/curl/curl/pull/3568

5 years agotravis: enable valgrind for the iconv tests too
Daniel Stenberg [Thu, 14 Feb 2019 15:13:27 +0000 (16:13 +0100)]
travis: enable valgrind for the iconv tests too

Closes #3571

5 years agotravis: add scan-build
Daniel Stenberg [Mon, 20 Nov 2017 22:31:05 +0000 (23:31 +0100)]
travis: add scan-build

Closes #3564

5 years agoexamples/sftpuploadresume: Value stored to 'result' is never read
Daniel Stenberg [Thu, 14 Feb 2019 11:30:25 +0000 (12:30 +0100)]
examples/sftpuploadresume: Value stored to 'result' is never read

Detected by scan-build

5 years agoexamples/http2-upload: cleaned up
Daniel Stenberg [Thu, 14 Feb 2019 11:28:23 +0000 (12:28 +0100)]
examples/http2-upload: cleaned up

Fix scan-build warnings, no globals, no silly handle scan. Also remove
handles from the multi before cleaning up.

5 years agoexamples/http2-download: cleaned up
Daniel Stenberg [Thu, 14 Feb 2019 11:19:40 +0000 (12:19 +0100)]
examples/http2-download: cleaned up

To avoid scan-build warnings and global variables.

5 years agoexamples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
Daniel Stenberg [Thu, 14 Feb 2019 10:53:02 +0000 (11:53 +0100)]
examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'

Detected by scan-build

5 years agoexamples/httpcustomheader: Value stored to 'res' is never read
Daniel Stenberg [Thu, 14 Feb 2019 10:50:12 +0000 (11:50 +0100)]
examples/httpcustomheader: Value stored to 'res' is never read

Detected by scan-build

5 years agoexamples: remove superfluous null-pointer checks
Daniel Stenberg [Thu, 14 Feb 2019 10:48:43 +0000 (11:48 +0100)]
examples: remove superfluous null-pointer checks

in ftpget, ftpsget and sftpget, so that scan-build stops warning for
potential NULL pointer dereference below!

Detected by scan-build

5 years agostrip_trailing_dot: make sure NULL is never used for strlen
Daniel Stenberg [Wed, 13 Feb 2019 12:20:41 +0000 (13:20 +0100)]
strip_trailing_dot: make sure NULL is never used for strlen

scan-build warning: Null pointer passed as an argument to a 'nonnull'
parameter

5 years agoconnection_check: restore original conn->data after the check
Jay Satiro [Tue, 12 Feb 2019 04:00:00 +0000 (23:00 -0500)]
connection_check: restore original conn->data after the check

- Save the original conn->data before it's changed to the specified
  data transfer for the connection check and then restore it afterwards.

This is a follow-up to 38d8e1b 2019-02-11.

History:

It was discovered a month ago that before checking whether to extract a
dead connection that that connection should be associated with a "live"
transfer for the check (ie original conn->data ignored and set to the
passed in data). A fix was landed in 54b201b which did that and also
cleared conn->data after the check. The original conn->data was not
restored, so presumably it was thought that a valid conn->data was no
longer needed.

Several days later it was discovered that a valid conn->data was needed
after the check and follow-up fix was landed in bbae24c which partially
reverted the original fix and attempted to limit the scope of when
conn->data was changed to only when pruning dead connections. In that
case conn->data was not cleared and the original conn->data not
restored.

A month later it was discovered that the original fix was somewhat
correct; a "live" transfer is needed for the check in all cases
because original conn->data could be null which could cause a bad deref
at arbitrary points in the check. A fix was landed in 38d8e1b which
expanded the scope to all cases. conn->data was not cleared and the
original conn->data not restored.

A day later it was discovered that not restoring the original conn->data
may lead to busy loops in applications that use the event interface, and
given this observation it's a pretty safe assumption that there is some
code path that still needs the original conn->data. This commit is the
follow-up fix for that, it restores the original conn->data after the
connection check.

Assisted-by: tholin@users.noreply.github.com
Reported-by: tholin@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/3542
Closes #3559

5 years agomemdebug: bring back curl_mark_sclose
Daniel Stenberg [Thu, 14 Feb 2019 16:34:55 +0000 (17:34 +0100)]
memdebug: bring back curl_mark_sclose

Used by debug builds with NSS.

Reverted from 05b100aee247bb

5 years agotransfer.c: do not compute length of undefined hex buffer.
Patrick Monnerat [Thu, 14 Feb 2019 15:03:24 +0000 (16:03 +0100)]
transfer.c: do not compute length of undefined hex buffer.

On non-ascii platforms, the chunked hex header was measured for char code
conversion length, even for chunked trailers that do not have an hex header.
In addition, the efective length is already known: use it.
Since the hex length can be zero, only convert if needed.

Reported by valgrind.

5 years agoKNOWN_BUGS: Cannot compile against a static build of OpenLDAP
Daniel Stenberg [Thu, 14 Feb 2019 14:36:43 +0000 (15:36 +0100)]
KNOWN_BUGS: Cannot compile against a static build of OpenLDAP

Closes #2367

5 years agox509asn1: "Dereference of null pointer"
Patrick Monnerat [Thu, 14 Feb 2019 13:54:01 +0000 (14:54 +0100)]
x509asn1: "Dereference of null pointer"

Detected by scan-build (false positive).

5 years agoconfigure: show features as well in the final summary
Daniel Stenberg [Thu, 14 Feb 2019 10:45:49 +0000 (11:45 +0100)]
configure: show features as well in the final summary

Closes #3569

5 years agoKNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10
Daniel Stenberg [Thu, 14 Feb 2019 09:49:22 +0000 (10:49 +0100)]
KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10

Closes #2905

5 years agoKNOWN_BUGS: Deflate error after all content was received
Daniel Stenberg [Thu, 14 Feb 2019 09:46:18 +0000 (10:46 +0100)]
KNOWN_BUGS: Deflate error after all content was received

Closes #2719

5 years agogssapi: fix deprecated header warnings
Daniel Stenberg [Wed, 13 Feb 2019 12:48:18 +0000 (13:48 +0100)]
gssapi: fix deprecated header warnings

Heimdal includes on FreeBSD spewed out lots of them. Less so now.

Closes #3566

5 years agoTODO: Upgrade to websockets
Daniel Stenberg [Thu, 14 Feb 2019 07:30:49 +0000 (08:30 +0100)]
TODO: Upgrade to websockets

Closes #3523

5 years agoTODO: cmake test suite improvements
Daniel Stenberg [Thu, 14 Feb 2019 07:09:31 +0000 (08:09 +0100)]
TODO: cmake test suite improvements

Closes #3109

5 years agocurl: "Dereference of null pointer"
Patrick Monnerat [Wed, 13 Feb 2019 17:44:17 +0000 (18:44 +0100)]
curl: "Dereference of null pointer"

Rephrase to satisfy scan-build.

5 years agounit1307: require FTP support
Marcel Raad [Wed, 13 Feb 2019 07:35:15 +0000 (08:35 +0100)]
unit1307: require FTP support

This test doesn't link without FTP support after
fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch
unavailable without FTP support.

Closes https://github.com/curl/curl/pull/3565

5 years agoTODO: TFO support on Windows
Daniel Stenberg [Wed, 13 Feb 2019 07:28:28 +0000 (08:28 +0100)]
TODO: TFO support on Windows

Nobody works on this now.

Closes #3378