]> granicus.if.org Git - curl/log
curl
6 years agoscripts: allow all perl scripts to be run directly
Jay Satiro [Sun, 7 Jan 2018 06:34:46 +0000 (01:34 -0500)]
scripts: allow all perl scripts to be run directly

- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Closes https://github.com/curl/curl/pull/2222

6 years agomail-rcpt.d: fix short-text description
Jay Satiro [Sun, 7 Jan 2018 06:04:36 +0000 (01:04 -0500)]
mail-rcpt.d: fix short-text description

7 years agobuild: remove HAVE_LIMITS_H check
Jay Satiro [Wed, 3 Jan 2018 19:40:52 +0000 (14:40 -0500)]
build: remove HAVE_LIMITS_H check

.. because limits.h presence isn't optional, it's required by C89.

Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2

Closes https://github.com/curl/curl/pull/2215

7 years agoopenssl: fix memory leak of SSLKEYLOGFILE filename
Jay Satiro [Wed, 3 Jan 2018 20:22:41 +0000 (15:22 -0500)]
openssl: fix memory leak of SSLKEYLOGFILE filename

- Free the copy of SSLKEYLOGFILE env returned by curl_getenv during ossl
  initialization.

Caught by ASAN.

7 years agoRevert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
Jay Satiro [Tue, 2 Jan 2018 20:44:08 +0000 (15:44 -0500)]
Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"

This reverts commit c97648b55080343bb371522bf4233e94a2a13a99.

SIZEOF_LONG should not be checked in system.h since that macro is only
defined when building libcurl.

Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080
Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html

7 years agotest1554: improve the error handling
Michael Kaufmann [Sat, 30 Dec 2017 15:51:38 +0000 (16:51 +0100)]
test1554: improve the error handling

7 years agotest1554: add global initialization and cleanup
Michael Kaufmann [Sat, 30 Dec 2017 15:42:57 +0000 (16:42 +0100)]
test1554: add global initialization and cleanup

7 years agocurl_version_info.3: call the argument 'age'
Daniel Stenberg [Fri, 29 Dec 2017 09:13:32 +0000 (22:13 +1300)]
curl_version_info.3: call the argument 'age'

Reported-by: Pete Lomax
Bug: https://curl.haxx.se/mail/lib-2017-12/0074.html

7 years agobrotli: data at the end of content can be lost
Mikalai Ananenka [Mon, 25 Dec 2017 21:17:08 +0000 (00:17 +0300)]
brotli: data at the end of content can be lost

Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.

Closes #2194

7 years agoexamples/cacertinmem: ignore cert-already-exists error
Jay Satiro [Tue, 19 Dec 2017 07:17:39 +0000 (02:17 -0500)]
examples/cacertinmem: ignore cert-already-exists error

- Ignore X509_R_CERT_ALREADY_IN_HASH_TABLE errors in the CTX callback
  since it's possible the cert may have already been loaded by libcurl.

- Remove the EXAMPLE code in the CURLOPT_SSL_CTX_FUNCTION.3 doc.
  Instead have it direct the reader to this cacertinmem.c example.

- Fix the CA certificate to use the right CA for example.com, Digicert.

Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
Reported-by: Thomas van Hesteren
Closes https://github.com/curl/curl/pull/2182

7 years agotool_getparam: Support size modifiers for --max-filesize
Gisle Vanem [Sun, 17 Dec 2017 22:26:10 +0000 (17:26 -0500)]
tool_getparam: Support size modifiers for --max-filesize

- Move the size modifier detection code from limit-rate to its own
  function so that it can also be used with max-filesize.

Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.

For example --max-filesize 1G

Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html

Closes https://github.com/curl/curl/pull/2179

7 years agobuild: Fixed incorrect script termination from commit ad1dc10e61
Steve Holme [Fri, 22 Dec 2017 20:21:40 +0000 (20:21 +0000)]
build: Fixed incorrect script termination from commit ad1dc10e61

7 years agoMakefile.vc: Added our standard copyright header
Steve Holme [Fri, 22 Dec 2017 18:49:37 +0000 (18:49 +0000)]
Makefile.vc: Added our standard copyright header

7 years agowinbuild: Added support for VC15
Steve Holme [Fri, 22 Dec 2017 18:44:35 +0000 (18:44 +0000)]
winbuild: Added support for VC15

7 years agobuild: Added Visual Studio 2017 project files
Steve Holme [Fri, 22 Dec 2017 17:58:41 +0000 (17:58 +0000)]
build: Added Visual Studio 2017 project files

7 years agobuild-wolfssl.bat: Added support for VC15
Steve Holme [Fri, 22 Dec 2017 16:08:54 +0000 (16:08 +0000)]
build-wolfssl.bat: Added support for VC15

7 years agobuild-openssl.bat: Added support for VC15
Steve Holme [Fri, 22 Dec 2017 15:44:19 +0000 (15:44 +0000)]
build-openssl.bat: Added support for VC15

7 years agocurl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
Dimitrios Apostolou [Thu, 21 Dec 2017 17:09:45 +0000 (18:09 +0100)]
curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX

Closes https://github.com/curl/curl/pull/2186

7 years agoexamples/rtsp: fix error handling macros
Mattias Fornander [Wed, 20 Dec 2017 18:48:26 +0000 (11:48 -0700)]
examples/rtsp: fix error handling macros

Closes https://github.com/curl/curl/pull/2185

7 years agocurl_easy_reset: release mime-related data.
Patrick Monnerat [Wed, 20 Dec 2017 18:33:50 +0000 (19:33 +0100)]
curl_easy_reset: release mime-related data.

Move curl_mime_initpart() and curl_mime_cleanpart() calls to lower-level
functions dealing with UserDefined structure contents.
This avoids memory leakages on curl-generated part mime headers.
New test 2073 checks this using the cli tool --next option: it
triggers a valgrind error if bug is present.

Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
Reported-by: Martin Galvan
7 years agocontent_encoding: rework zlib_inflate
Patrick Monnerat [Wed, 20 Dec 2017 15:02:42 +0000 (16:02 +0100)]
content_encoding: rework zlib_inflate

- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.

Closes #2068

7 years agobrotli: allow compiling with version 0.6.0.
Patrick Monnerat [Wed, 20 Dec 2017 14:30:35 +0000 (15:30 +0100)]
brotli: allow compiling with version 0.6.0.

Some error codes were not yet defined in brotli 0.6.0: do not issue code
for them in this case.

7 years agoCURLOPT_READFUNCTION.3: refer to argument with correct name
Daniel Stenberg [Wed, 13 Dec 2017 07:15:15 +0000 (08:15 +0100)]
CURLOPT_READFUNCTION.3: refer to argument with correct name

Bug: #2175

[ci skip]

7 years agorand: add a clang-analyzer work-around
Daniel Stenberg [Tue, 12 Dec 2017 23:45:42 +0000 (00:45 +0100)]
rand: add a clang-analyzer work-around

scan-build would warn on a potential access of an uninitialized
buffer. I deem it a false positive and had to add this somewhat ugly
work-around to silence it.

7 years agokrb5: fix a potential access of uninitialized memory
Daniel Stenberg [Tue, 12 Dec 2017 23:36:39 +0000 (00:36 +0100)]
krb5: fix a potential access of uninitialized memory

A scan-build warning.

7 years agoconncache: fix a return code [regression]
Daniel Stenberg [Tue, 12 Dec 2017 22:53:56 +0000 (23:53 +0100)]
conncache: fix a return code [regression]

This broke in 07cb27c98e. Make sure to return 'result' properly. Pointed
out by scan-build!

7 years agocurl: support >256 bytes warning messsages
Daniel Stenberg [Tue, 12 Dec 2017 18:58:47 +0000 (19:58 +0100)]
curl: support >256 bytes warning messsages

Bug: #2174

7 years agolibssh: fix a syntax error in configure.ac
Michael Kaufmann [Sun, 10 Dec 2017 21:30:06 +0000 (22:30 +0100)]
libssh: fix a syntax error in configure.ac

Follow-up to c92d2e1

Closes #2172

7 years agoexamples/smtp-mail.c: use separate defines for options and mail
Daniel Stenberg [Tue, 12 Dec 2017 14:28:05 +0000 (15:28 +0100)]
examples/smtp-mail.c: use separate defines for options and mail

... to make it clearer that the options want address-only, while the
headers in an email can also have the real name.

Assisted-by: Sean MacLennan
7 years agoTHANKS: added missing names
Daniel Stenberg [Tue, 12 Dec 2017 07:44:13 +0000 (08:44 +0100)]
THANKS: added missing names

... as I reran the contrithanks script after the mailmap name fixups.

7 years agomailmap: added/clarified several names
Daniel Stenberg [Tue, 12 Dec 2017 07:18:37 +0000 (08:18 +0100)]
mailmap: added/clarified several names

7 years agosetopt: less *or equal* than INT_MAX/1000 should be fine
Daniel Stenberg [Mon, 11 Dec 2017 14:24:42 +0000 (15:24 +0100)]
setopt: less *or equal* than INT_MAX/1000 should be fine

... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.

Reported-by: Dominik Hölzl
Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html

Closes #2173

7 years agovtls: replaced getenv() with curl_getenv()
dmitrykos [Sun, 10 Dec 2017 18:40:44 +0000 (20:40 +0200)]
vtls: replaced getenv() with curl_getenv()

Fixed undefined symbol of getenv() which does not exist when compiling
for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with
curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP
is defined.

Closes #2171

7 years agoRELEASE-NOTES: synced with 3b9ea70ee
Daniel Stenberg [Mon, 11 Dec 2017 12:52:49 +0000 (13:52 +0100)]
RELEASE-NOTES: synced with 3b9ea70ee

7 years agoTODO: Expose tried IP addresses that failed
Daniel Stenberg [Mon, 11 Dec 2017 12:41:03 +0000 (13:41 +0100)]
TODO: Expose tried IP addresses that failed

Suggested-by: Rainer Canavan
Closes #2126

7 years agocurl.1: mention http:// and https:// as valid proxy prefixes
Daniel Stenberg [Mon, 11 Dec 2017 12:24:42 +0000 (13:24 +0100)]
curl.1: mention http:// and https:// as valid proxy prefixes

7 years agocurl.1: documented two missing valid exit codes
Daniel Stenberg [Mon, 11 Dec 2017 12:11:47 +0000 (13:11 +0100)]
curl.1: documented two missing valid exit codes

7 years agoCURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
Daniel Stenberg [Sun, 10 Dec 2017 22:59:52 +0000 (23:59 +0100)]
CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference

7 years agoRevert "curl: don't set CURLOPT_INTERLEAVEDATA"
Daniel Stenberg [Sun, 10 Dec 2017 22:58:28 +0000 (23:58 +0100)]
Revert "curl: don't set CURLOPT_INTERLEAVEDATA"

This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955.

It was actually added rather recently in 8e8afa82cbb629 due to a crash
that would otherwise happen in the RTSP code. As I don't think we've
fixed that behavior yet, we better keep this work-around until we have
fixed it better.

7 years agotests: mark data files as non-executable in git
Michael Kaufmann [Sun, 10 Dec 2017 21:36:42 +0000 (22:36 +0100)]
tests: mark data files as non-executable in git

7 years agotests: update .gitignore for libtests
Michael Kaufmann [Sun, 10 Dec 2017 21:35:16 +0000 (22:35 +0100)]
tests: update .gitignore for libtests

7 years agomulti_done: prune DNS cache
Daniel Stenberg [Sat, 9 Dec 2017 22:50:05 +0000 (23:50 +0100)]
multi_done: prune DNS cache

Prune the DNS cache immediately after the dns entry is unlocked in
multi_done. Timed out entries will then get discarded in a more orderly
fashion.

Test506 is updated

Reported-by: Oleg Pudeyev
Fixes #2169
Closes #2170

7 years agomailmap: fixup two old git Author "aliases"
Daniel Stenberg [Sun, 10 Dec 2017 10:22:33 +0000 (11:22 +0100)]
mailmap: fixup two old git Author "aliases"

7 years agoopenssl: Disable file buffering for Win32 SSLKEYLOGFILE
Jay Satiro [Sun, 10 Dec 2017 07:48:41 +0000 (02:48 -0500)]
openssl: Disable file buffering for Win32 SSLKEYLOGFILE

Prior to this change SSLKEYLOGFILE used line buffering on WIN32 just
like it does for other platforms. However, the Windows CRT does not
actually support line buffering (_IOLBF) and will use full buffering
(_IOFBF) instead. We can't use full buffering because multiple processes
may be writing to the file and that could lead to corruption, and since
full buffering is the only buffering available this commit disables
buffering for Windows SSLKEYLOGFILE entirely (_IONBF).

Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901

7 years agoRESOLVE: output verbose text when trying to set a duplicate name
Daniel Stenberg [Sat, 9 Dec 2017 23:41:57 +0000 (00:41 +0100)]
RESOLVE: output verbose text when trying to set a duplicate name

... to help users understand what is or isn't done!

7 years agoCURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
Daniel Stenberg [Sat, 9 Dec 2017 22:34:07 +0000 (23:34 +0100)]
CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE

7 years agosftp: allow quoted commands to use relative paths
John DeHelian [Fri, 8 Dec 2017 16:31:01 +0000 (11:31 -0500)]
sftp: allow quoted commands to use relative paths

Closes #1900

7 years agoCURLOPT_PRIVATE.3: fix grammar
richardthe3rd [Fri, 8 Dec 2017 23:34:18 +0000 (23:34 +0000)]
CURLOPT_PRIVATE.3: fix grammar

- Change "never does nothing" double-negative to "never does anything".

Closes https://github.com/curl/curl/pull/2168

7 years agocurl: remove __EMX__ #ifdefs
Daniel Stenberg [Fri, 8 Dec 2017 14:39:25 +0000 (15:39 +0100)]
curl: remove __EMX__ #ifdefs

These are OS/2-specific things added to the code in the year 2000. They
were always ugly. If there's any user left, they still don't need it
done this way.

Closes #2166

7 years agoopenssl: improve data-pending check for https proxy
Jay Satiro [Sun, 24 Sep 2017 05:42:37 +0000 (01:42 -0400)]
openssl: improve data-pending check for https proxy

- Allow proxy_ssl to be checked for pending data even when connssl does
  not yet have an SSL handle.

This change is for posterity. Currently there doesn't seem to be a code
path that will cause a pending data check when proxyssl could have
pending data and the connssl handle doesn't yet exist [1].

[1]: Recall that an https proxy connection starts out in connssl but if
the destination is also https then the proxy SSL backend data is moved
from connssl to proxyssl, which means connssl handle is temporarily
empty until an SSL handle for the destination can be created.

Ref: https://github.com/curl/curl/commit/f4a6238#commitcomment-24396542

Closes https://github.com/curl/curl/pull/1916

7 years agocurl: don't set CURLOPT_INTERLEAVEDATA
Daniel Stenberg [Fri, 8 Dec 2017 15:07:01 +0000 (16:07 +0100)]
curl: don't set CURLOPT_INTERLEAVEDATA

That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
and that option isn't set or used by the curl tool!

Updates the 9 tests that verify --libcurl

Closes #2167

7 years agocurl.h: remove incorrect comment about ERRORBUFFER
Daniel Stenberg [Fri, 8 Dec 2017 15:56:06 +0000 (16:56 +0100)]
curl.h: remove incorrect comment about ERRORBUFFER

... error messages are _not_ sent to stderr if this is not set.

7 years agoconfigure: add AX_CODE_COVERAGE only if using gcc
Michael Felt [Wed, 29 Nov 2017 17:18:19 +0000 (17:18 +0000)]
configure: add AX_CODE_COVERAGE only if using gcc

Fixes #2076
Closes #2125

7 years agocurl: limit -# update frequency for unknown total size
Daniel Stenberg [Thu, 7 Dec 2017 08:29:58 +0000 (09:29 +0100)]
curl: limit -# update frequency for unknown total size

Make it use a max 10Hz update frequency for this case as well. Return
early if the "point" hasn't moved since last invoke.

Reported-by: Elliot Saba
Fixes #2158
Closes #2163

7 years agoBINDINGS: another PostgreSQL client
Daniel Stenberg [Thu, 7 Dec 2017 10:09:21 +0000 (11:09 +0100)]
BINDINGS: another PostgreSQL client

...the former link is dead.

Reported-by: Frank Gevaerts
7 years agoCONNECT: keep close connection flag in http_connect_state struct
Zachary Seguin [Wed, 6 Dec 2017 03:15:31 +0000 (22:15 -0500)]
CONNECT: keep close connection flag in http_connect_state struct

Fixes #2088
Closes #2157

7 years agoinclude: get netinet/in.h before linux/tcp.h
Per Malmberg [Wed, 6 Dec 2017 08:11:05 +0000 (09:11 +0100)]
include: get netinet/in.h before linux/tcp.h

... to allow build on older Linux dists (specifically CentOS 4.8 on gcc
4.8.5)

Closes #2160

7 years agoopenldap: fix checksrc nits
Daniel Stenberg [Wed, 6 Dec 2017 13:58:26 +0000 (14:58 +0100)]
openldap: fix checksrc nits

7 years agoopenldap: add commented out debug possibilities
Stepan Broz [Wed, 6 Dec 2017 07:54:35 +0000 (08:54 +0100)]
openldap: add commented out debug possibilities

... to aid debugging openldap library using its built-in debug messages.

Closes #2159

7 years agoexamples: move threaded-shared-conn.c to the "complicated" ones
Daniel Stenberg [Wed, 6 Dec 2017 13:49:12 +0000 (14:49 +0100)]
examples: move threaded-shared-conn.c to the "complicated" ones

... due it relying on pthreads to link.

7 years agoRELEASE-NOTES: synced with b261c44e8
Daniel Stenberg [Wed, 6 Dec 2017 07:46:11 +0000 (08:46 +0100)]
RELEASE-NOTES: synced with b261c44e8

... and bump next release version to 7.58.0

7 years agoURL: tolerate backslash after drive letter for FILE:
Jan-E [Tue, 5 Dec 2017 09:10:59 +0000 (10:10 +0100)]
URL: tolerate backslash after drive letter for FILE:

... as in "file://c:\some\path\curl.out"

Reviewed-by: Matthew Kerwin
Closes #2154

7 years agotests: added netinet/in6.h includes in test servers
Randall S. Becker [Tue, 5 Dec 2017 17:34:58 +0000 (11:34 -0600)]
tests: added netinet/in6.h includes in test servers

7 years agoconfigure: check for netinet/in6.h
Randall S. Becker [Tue, 5 Dec 2017 16:41:27 +0000 (10:41 -0600)]
configure: check for netinet/in6.h

Needed by HPE NonStop NSE and NSX systems

Fixes #2146
Closes #2155

7 years agocurl-config: add --ssl-backends
Daniel Stenberg [Thu, 30 Nov 2017 07:57:36 +0000 (08:57 +0100)]
curl-config: add --ssl-backends

Lists all SSL backends that were enabled at build-time.

Suggested-by: Oleg Pudeyev
Fixes #2128

7 years agoconncache: only allow multiplexing within same multi handle
Daniel Stenberg [Tue, 5 Dec 2017 07:39:31 +0000 (08:39 +0100)]
conncache: only allow multiplexing within same multi handle

Connections that are used for HTTP/1.1 Pipelining or HTTP/2 multiplexing
only get additional transfers added to them if the existing connection
is held by the same multi or easy handle. libcurl does not support doing
HTTP/2 streams in different threads using a shared connection.

Closes #2152

7 years agothreaded-shared-conn.c: fixed typo in commenta
Daniel Stenberg [Tue, 5 Dec 2017 22:35:08 +0000 (23:35 +0100)]
threaded-shared-conn.c: fixed typo in commenta

7 years agothreaded-shared-conn.c: new example
Daniel Stenberg [Tue, 5 Dec 2017 22:31:47 +0000 (23:31 +0100)]
threaded-shared-conn.c: new example

7 years agoconncache: fix several lock issues
Daniel Stenberg [Sat, 2 Dec 2017 13:27:00 +0000 (14:27 +0100)]
conncache: fix several lock issues

If the lock is released before the dealings with the bundle is over, it may
have changed by another thread in the mean time.

Fixes #2132
Fixes #2151
Closes #2139

7 years agolibssh: remove dead code in sftp_qoute
Daniel Stenberg [Tue, 5 Dec 2017 08:14:04 +0000 (09:14 +0100)]
libssh: remove dead code in sftp_qoute

... by removing a superfluous NULL pointer check that also confuses
Coverity.

Fixes #2143
Closes #2153

7 years agosasl_getmesssage: make sure we have a long enough string to pass
Daniel Stenberg [Thu, 30 Nov 2017 23:45:46 +0000 (00:45 +0100)]
sasl_getmesssage: make sure we have a long enough string to pass

For pop3/imap/smtp, added test 891 to somewhat verify the pop3
case.

For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.

Closes #2150

7 years agolibssh2: remove dead code from SSH_SFTP_QUOTE
Daniel Stenberg [Mon, 4 Dec 2017 08:00:34 +0000 (09:00 +0100)]
libssh2: remove dead code from SSH_SFTP_QUOTE

Figured out while reviewing code in the libssh backend. The pointer was
checked for NULL after having been dereferenced, so we know it would
always equal true or it would've crashed.

Pointed-out-by: Nikos Mavrogiannopoulos
Bug #2143
Closes #2148

7 years agossh-libssh.c: please checksrc
Daniel Stenberg [Mon, 4 Dec 2017 09:48:01 +0000 (10:48 +0100)]
ssh-libssh.c: please checksrc

7 years agolibssh: fixed dereference in statvfs access
Nikos Mavrogiannopoulos [Mon, 4 Dec 2017 08:24:06 +0000 (09:24 +0100)]
libssh: fixed dereference in statvfs access

The behavior is now equivalent to ssh.c when SSH_SFTP_QUOTE_STATVFS
handling fails.

Fixes #2142

7 years agoRESOURCES: update spec names
Guitared [Sun, 3 Dec 2017 12:46:44 +0000 (19:46 +0700)]
RESOURCES: update spec names

Closes #2145

7 years agolibssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
Nikos Mavrogiannopoulos [Sun, 3 Dec 2017 11:05:45 +0000 (12:05 +0100)]
libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS

The previous code was incorrectly following the libssh2 error detection
for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs.

Fixes #2142

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh: no need to call sftp_get_error as ssh_get_error is sufficient
Nikos Mavrogiannopoulos [Sun, 3 Dec 2017 10:58:27 +0000 (11:58 +0100)]
libssh: no need to call sftp_get_error as ssh_get_error is sufficient

Fixes #2141

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh: fix minor static code analyzer nits
Daniel Stenberg [Sat, 2 Dec 2017 22:27:22 +0000 (23:27 +0100)]
libssh: fix minor static code analyzer nits

- remove superfluous NULL check which otherwise tricks the static code
analyzers to assume NULL pointer dereferences.

- fix fallthrough in switch()

- indent mistake

7 years agoopenssl: pkcs12 is supported by boringssl
Daniel Stenberg [Fri, 1 Dec 2017 09:17:50 +0000 (10:17 +0100)]
openssl: pkcs12 is supported by boringssl

Removes another #ifdef for BoringSSL

Pointed-out-by: David Benjamin
Closes #2134

7 years agotravis: use pip2 instead of pip
Jay Satiro [Fri, 1 Dec 2017 08:03:26 +0000 (03:03 -0500)]
travis: use pip2 instead of pip

.. since now mac osx image expects pip2 or pip3, and doesn't know pip:

0.01s$ pip install --user cpp-coveralls
/Users/travis/.travis/job_stages: line 57: pip: command not found

Ref: https://github.com/travis-ci/travis-ci/issues/8829

Closes https://github.com/curl/curl/pull/2133

7 years agolib582: do not verify host for SFTP
Nikos Mavrogiannopoulos [Tue, 14 Nov 2017 18:11:59 +0000 (19:11 +0100)]
lib582: do not verify host for SFTP

This SFTP test fails with libssh back-end due to failure to verify
the peer. Disable peer verification in the test as there seems to
be the intention of the test.

Note that the libssh back-end automatically verifies the peer's
host using the default known_hosts file.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh: added SFTP support
Nikos Mavrogiannopoulos [Tue, 31 Oct 2017 17:30:36 +0000 (18:30 +0100)]
libssh: added SFTP support

The SFTP back-end supports asynchronous reading only, limited
to 32-bit file length. Writing is synchronous with no other
limitations.

This also brings keyboard-interactive authentication.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agosymbols-in-versions: added new symbols with 7.56.3 version
Nikos Mavrogiannopoulos [Sun, 5 Nov 2017 08:59:38 +0000 (09:59 +0100)]
symbols-in-versions: added new symbols with 7.56.3 version

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years ago.travis.yml: added build --with-libssh
Nikos Mavrogiannopoulos [Tue, 31 Oct 2017 07:44:24 +0000 (08:44 +0100)]
.travis.yml: added build --with-libssh

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
7 years agolibssh2: return CURLE_UPLOAD_FAILED on failure to upload
Nikos Mavrogiannopoulos [Sun, 5 Nov 2017 14:06:30 +0000 (15:06 +0100)]
libssh2: return CURLE_UPLOAD_FAILED on failure to upload

This brings its in sync with the error code returned by the
libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
7 years agolibssh2: send the correct CURLE error code on scp file not found
Nikos Mavrogiannopoulos [Thu, 26 Oct 2017 09:08:43 +0000 (11:08 +0200)]
libssh2: send the correct CURLE error code on scp file not found

That also updates tests to expect the right error code

libssh2 back-end returns CURLE_SSH error if the remote file
is not found. Expect instead CURLE_REMOTE_FILE_NOT_FOUND
which is sent by the libssh backend.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
7 years agoAdded support for libssh SSH SCP back-end
Nikos Mavrogiannopoulos [Mon, 23 Oct 2017 11:49:23 +0000 (13:49 +0200)]
Added support for libssh SSH SCP back-end

libssh is an alternative library to libssh2.
https://www.libssh.org/

That patch set also introduces support for ECDSA
ed25519 keys, as well as gssapi authentication.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
7 years agoRELEASE-NOTES: synced with af8cc7a69
Daniel Stenberg [Fri, 1 Dec 2017 09:37:05 +0000 (10:37 +0100)]
RELEASE-NOTES: synced with af8cc7a69

7 years agocurlver: towards 7.57.1
Daniel Stenberg [Fri, 1 Dec 2017 09:36:48 +0000 (10:36 +0100)]
curlver: towards 7.57.1

7 years agolib: don't export all symbols, just everything curl_*
W. Mark Kubacki [Wed, 29 Nov 2017 23:43:38 +0000 (00:43 +0100)]
lib: don't export all symbols, just everything curl_*

Absent any 'symbol map' or script to limit what gets exported, static
linking of libraries previously resulted in a libcurl with curl's and
those other symbols being (re-)exported.

This did not happen if 'versioned symbols' were enabled (which is not
the default) because then a version script is employed.

This limits exports to everything starting in 'curl_*'., which is
what "libcurl.vers" exports.

This avoids strange side-effects such as with mixing methods
from system libraries and those erroneously offered by libcurl.

Closes #2127

7 years agoSSL: Avoid magic allocation of SSL backend specific data
Johannes Schindelin [Tue, 28 Nov 2017 00:21:59 +0000 (01:21 +0100)]
SSL: Avoid magic allocation of SSL backend specific data

Originally, my idea was to allocate the two structures (or more
precisely, the connectdata structure and the four SSL backend-specific
strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so
that they all could be free()d together.

However, getting the alignment right is tricky. Too tricky.

So let's just bite the bullet and allocate the SSL backend-specific
data separately.

As a consequence, we now have to be very careful to release the memory
allocated for the SSL backend-specific data whenever we release any
connectdata.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2119

7 years agoexamples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
Daniel Stenberg [Fri, 1 Dec 2017 06:52:24 +0000 (07:52 +0100)]
examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL

Reported-by: Dima Tisnek
7 years agotravis: add boringssl build
Daniel Stenberg [Mon, 27 Nov 2017 18:55:25 +0000 (19:55 +0100)]
travis: add boringssl build

Uses a separate build without --enable-debug and no valgrind.

The debug option causes far too many warnings in boringssl's headers
(C++ comments, trailing commas etc).  Valgrind triggers some false
positive errors in thread-local data used by boringssl.

Closes #2118

7 years agoRELEASE-NOTES: curl 7.57.0 curl-7_57_0
Daniel Stenberg [Sun, 26 Nov 2017 13:30:56 +0000 (14:30 +0100)]
RELEASE-NOTES: curl 7.57.0

7 years agoTHANKS: added contributors from 7.57.0 release
Daniel Stenberg [Sun, 26 Nov 2017 13:37:22 +0000 (14:37 +0100)]
THANKS: added contributors from 7.57.0 release

7 years agoopenssl: fix boringssl build again
Daniel Stenberg [Mon, 27 Nov 2017 18:39:09 +0000 (19:39 +0100)]
openssl: fix boringssl build again

commit d3ab7c5a21e broke the boringssl build since it doesn't have
RSA_flags(), so we disable that code block for boringssl builds.

Reported-by: W. Mark Kubacki
Fixes #2117

7 years agocurl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided
Daniel Stenberg [Mon, 27 Nov 2017 09:40:31 +0000 (10:40 +0100)]
curl_ntlm_core.c: use the limits.h's SIZE_T_MAX if provided

7 years agolibcurl-share.3: the connection cache is shareable now
Daniel Stenberg [Mon, 27 Nov 2017 08:42:39 +0000 (09:42 +0100)]
libcurl-share.3: the connection cache is shareable now

7 years agoglobal_init: ignore CURL_GLOBAL_SSL's absense
Daniel Stenberg [Thu, 23 Nov 2017 16:02:48 +0000 (17:02 +0100)]
global_init: ignore CURL_GLOBAL_SSL's absense

This bit is no longer used. It is not clear what it meant for users to
"init the TLS" in a world with different TLS backends and since the
introduction of multissl, libcurl didn't properly work if inited without
this bit set.

Not a single user responded to the call for users of it:
https://curl.haxx.se/mail/lib-2017-11/0072.html

Reported-by: Evgeny Grin
Assisted-by: Jay Satiro
Fixes #2089
Fixes #2083
Closes #2107

7 years agontlm: avoid integer overflow for malloc size
Daniel Stenberg [Mon, 6 Nov 2017 22:51:52 +0000 (23:51 +0100)]
ntlm: avoid integer overflow for malloc size

Reported-by: Alex Nichols
Assisted-by: Kamil Dudka and Max Dymond
CVE-2017-8816

Bug: https://curl.haxx.se/docs/adv_2017-11e7.html