]> granicus.if.org Git - curl/log
curl
7 years agostrtoofft: reduce integer overflow risks globally
Daniel Stenberg [Mon, 14 Aug 2017 21:33:23 +0000 (23:33 +0200)]
strtoofft: reduce integer overflow risks globally

... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758

7 years agotravis: build the examples too
Daniel Stenberg [Mon, 14 Aug 2017 12:05:08 +0000 (14:05 +0200)]
travis: build the examples too

to make sure they keep building warning-free

Closes #1777

7 years agoruntests: match keywords case insensitively
Daniel Stenberg [Mon, 14 Aug 2017 21:05:11 +0000 (23:05 +0200)]
runtests: match keywords case insensitively

7 years agoexamples/ftpuploadresume.c: use portable code
Daniel Stenberg [Mon, 14 Aug 2017 12:00:56 +0000 (14:00 +0200)]
examples/ftpuploadresume.c: use portable code

... converted from the MS specific _snscanf()

7 years agoRELEASE-NOTES/THANKS: curl 7.55.1 release time curl-7_55_1
Daniel Stenberg [Sun, 13 Aug 2017 16:22:06 +0000 (18:22 +0200)]
RELEASE-NOTES/THANKS: curl 7.55.1 release time

7 years agogitignore: ignore .xz now instead of .lzma
Daniel Stenberg [Sun, 13 Aug 2017 16:11:44 +0000 (18:11 +0200)]
gitignore: ignore .xz now instead of .lzma

7 years agocmake: Threads detection update. ref: #1702
Sergei Nikulov [Tue, 1 Aug 2017 17:40:29 +0000 (20:40 +0300)]
cmake: Threads detection update. ref: #1702

Closes #1719

7 years agoipv6_scope: support unique local addresses
Daniel Stenberg [Sun, 13 Aug 2017 15:51:52 +0000 (17:51 +0200)]
ipv6_scope: support unique local addresses

Fixes #1764
Closes #1773
Reported-by: James Slaughter
7 years agocurl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__
Alex Potapenko [Sun, 13 Aug 2017 12:11:12 +0000 (15:11 +0300)]
curl/system.h: GCC doesn't define __ppc__ on PowerPC, uses __powerpc__

Closes #1774

7 years agotest1448: verify redirect to IDN using URL
Daniel Stenberg [Sat, 12 Aug 2017 22:02:49 +0000 (00:02 +0200)]
test1448: verify redirect to IDN using URL

Closes #1772

7 years agoredirect: skip URL encoding for host names
Salah-Eddin Shaban [Sat, 12 Aug 2017 22:02:49 +0000 (00:02 +0200)]
redirect: skip URL encoding for host names

This fixes redirects to IDN URLs

Fixes #1441
Closes #1762
Reported by: David Lord

7 years agotest2032: mark as flaky (again)
Daniel Stenberg [Sat, 12 Aug 2017 22:00:39 +0000 (00:00 +0200)]
test2032: mark as flaky (again)

7 years agotravis: test cmake build on tarball too
Daniel Stenberg [Thu, 10 Aug 2017 11:27:17 +0000 (13:27 +0200)]
travis: test cmake build on tarball too

Could've prevented #1755

7 years agocmake: allow user to override CMAKE_DEBUG_POSTFIX
Simon Warta [Fri, 11 Aug 2017 12:52:43 +0000 (14:52 +0200)]
cmake: allow user to override CMAKE_DEBUG_POSTFIX

Closes #1763

7 years agoconnect-to.d: better language
Daniel Stenberg [Sat, 12 Aug 2017 15:36:12 +0000 (17:36 +0200)]
connect-to.d: better language

7 years agoconnect-to.d: clarified
Daniel Stenberg [Sat, 12 Aug 2017 15:32:33 +0000 (17:32 +0200)]
connect-to.d: clarified

7 years agobagder/Curl_tvdiff_us: fix the math
Daniel Stenberg [Sat, 12 Aug 2017 13:34:59 +0000 (15:34 +0200)]
bagder/Curl_tvdiff_us: fix the math

Regression since adef394ac5 (released in 7.55.0)

Reported-by: Han Qiao
Fixes #1769
Closes #1771

7 years agocurl/system.h: add Oracle Solaris Studio
Daniel Stenberg [Fri, 11 Aug 2017 21:40:27 +0000 (23:40 +0200)]
curl/system.h: add Oracle Solaris Studio

Fixes #1752

7 years agodocs: fix typo funtion -> function
Alessandro Ghedini [Sat, 12 Aug 2017 12:37:50 +0000 (13:37 +0100)]
docs: fix typo funtion -> function

Closes #1770

7 years agodocs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description
Alessandro Ghedini [Sat, 12 Aug 2017 12:36:24 +0000 (13:36 +0100)]
docs: fix grammar in CURL_SSLVERSION_MAX_DEFAULT description

7 years agodocs: fix typo stuct -> struct
Alessandro Ghedini [Sat, 12 Aug 2017 12:33:10 +0000 (13:33 +0100)]
docs: fix typo stuct -> struct

7 years agotest1447: require a curl with http support
Dan Fandrich [Sat, 12 Aug 2017 10:52:37 +0000 (12:52 +0200)]
test1447: require a curl with http support

7 years agocurl/system.h: support more architectures
Thomas Petazzoni [Fri, 11 Aug 2017 16:52:37 +0000 (18:52 +0200)]
curl/system.h: support more architectures

The long list of architectures in include/curl/system.h is annoying to
maintain, and needs to be extended for each and every architecture to
support.

Instead, let's rely on the __SIZEOF_LONG__ define of the gcc compiler
(we are in the GNUC condition anyway), which tells us if long is 4
bytes or 8 bytes.

This fixes the build of libcurl 7.55.0 on architectures such as
OpenRISC or ARC.

Closes #1766

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
7 years agotest2033: this went flaky again
Daniel Stenberg [Fri, 11 Aug 2017 21:53:47 +0000 (23:53 +0200)]
test2033: this went flaky again

Suspicion: when we enabled the threaded resolver by default.

7 years agotest1447: verifies the parse proxy fix in 6e0e152ce5c
Daniel Stenberg [Fri, 11 Aug 2017 09:58:34 +0000 (11:58 +0200)]
test1447: verifies the parse proxy fix in 6e0e152ce5c

7 years agoparse_proxy(): fix memory leak in case of invalid proxy server name
Even Rouault [Fri, 11 Aug 2017 09:29:09 +0000 (11:29 +0200)]
parse_proxy(): fix memory leak in case of invalid proxy server name

Fixes the below leak:

$ valgrind --leak-check=full ~/install-curl-git/bin/curl --proxy "http://a:b@/x" http://127.0.0.1
curl: (5) Couldn't resolve proxy name
==5048==
==5048== HEAP SUMMARY:
==5048==     in use at exit: 532 bytes in 12 blocks
==5048==   total heap usage: 5,288 allocs, 5,276 frees, 445,271 bytes allocated
==5048==
==5048== 2 bytes in 1 blocks are definitely lost in loss record 1 of 12
==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5048==    by 0x4E6CB79: parse_login_details (url.c:5614)
==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
==5048==    by 0x4E6EA18: create_conn (url.c:6498)
==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
==5048==    by 0x414025: operate_do (tool_operate.c:1563)
==5048==
==5048== 2 bytes in 1 blocks are definitely lost in loss record 2 of 12
==5048==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==5048==    by 0x4E6CBB6: parse_login_details (url.c:5621)
==5048==    by 0x4E6BA82: parse_proxy (url.c:5091)
==5048==    by 0x4E6C46D: create_conn_helper_init_proxy (url.c:5346)
==5048==    by 0x4E6EA18: create_conn (url.c:6498)
==5048==    by 0x4E6F9B4: Curl_connect (url.c:6967)
==5048==    by 0x4E86D05: multi_runsingle (multi.c:1436)
==5048==    by 0x4E88432: curl_multi_perform (multi.c:2160)
==5048==    by 0x4E7C515: easy_transfer (easy.c:708)
==5048==    by 0x4E7C74A: easy_perform (easy.c:794)
==5048==    by 0x4E7C7B1: curl_easy_perform (easy.c:813)
==5048==    by 0x414025: operate_do (tool_operate.c:1563)

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984
Credit to OSS Fuzz for discovery

Closes #1761

7 years agoRELEASE-NOTES: synced with 37f2195a9
Daniel Stenberg [Fri, 11 Aug 2017 08:30:02 +0000 (10:30 +0200)]
RELEASE-NOTES: synced with 37f2195a9

7 years agocurlver: bump to 7.55.1
Daniel Stenberg [Fri, 11 Aug 2017 08:29:43 +0000 (10:29 +0200)]
curlver: bump to 7.55.1

7 years agoopenssl: fix "error: this statement may fall through"
Daniel Stenberg [Fri, 11 Aug 2017 06:15:16 +0000 (08:15 +0200)]
openssl: fix "error: this statement may fall through"

A gcc7 warning.

7 years agoopenssl: remove CONST_ASN1_BIT_STRING.
David Benjamin [Thu, 10 Aug 2017 20:37:17 +0000 (16:37 -0400)]
openssl: remove CONST_ASN1_BIT_STRING.

Just making the pointer as const works for the pre-1.1.0 path too.

Closes #1759

7 years agomaketgz: remove old *.dist files before making the tarball
Daniel Stenberg [Thu, 10 Aug 2017 20:52:28 +0000 (22:52 +0200)]
maketgz: remove old *.dist files before making the tarball

To avoid "old crap" unintentionally getting shipped.

Bug: https://curl.haxx.se/mail/lib-2017-08/0050.html
Reported-by: Christian Weisgerber
7 years agomkhelp.pl: allow executing this script directly
Jay Satiro [Wed, 9 Aug 2017 06:59:18 +0000 (02:59 -0400)]
mkhelp.pl: allow executing this script directly

- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Ref: https://github.com/curl/curl/issues/1743

7 years agoconfigure: use the threaded resolver backend by default if possible
Daniel Stenberg [Thu, 10 Aug 2017 13:07:40 +0000 (15:07 +0200)]
configure: use the threaded resolver backend by default if possible

Closes #1647

7 years agocmake: move cmake_uninstall.cmake to CMake/
Daniel Stenberg [Thu, 10 Aug 2017 11:24:15 +0000 (13:24 +0200)]
cmake: move cmake_uninstall.cmake to CMake/

Closes #1756

7 years agometalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
Daniel Stenberg [Thu, 10 Aug 2017 12:54:55 +0000 (14:54 +0200)]
metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead

7 years agodist: fix the cmake build by shipping cmake_uninstall.cmake.in too
Daniel Stenberg [Thu, 10 Aug 2017 11:20:26 +0000 (13:20 +0200)]
dist: fix the cmake build by shipping cmake_uninstall.cmake.in too

Fixes #1755

7 years agotravis: verify "make install"
Daniel Stenberg [Wed, 9 Aug 2017 22:13:20 +0000 (00:13 +0200)]
travis: verify "make install"

Help-by: Jay Satiro
Closes #1753

7 years agobuild: check out *.sln files with Windows line endings
Marcel Raad [Wed, 9 Aug 2017 12:11:27 +0000 (14:11 +0200)]
build: check out *.sln files with Windows line endings

Visual Studio doesn't like LF line endings in solution files and always
converts them to CRLF when doing changes to the solution. Notably, this
affects the solutions in the release archive.

Closes https://github.com/curl/curl/pull/1746

7 years agogitignore: ignore top-level .vs folder
Marcel Raad [Wed, 9 Aug 2017 12:07:37 +0000 (14:07 +0200)]
gitignore: ignore top-level .vs folder

This folder is generated when using the CMake build system from within
Visual Studio.

Closes https://github.com/curl/curl/pull/1746

7 years agodigest_sspi: Don't reuse context if the user/passwd has changed
Jay Satiro [Tue, 8 Aug 2017 23:32:19 +0000 (19:32 -0400)]
digest_sspi: Don't reuse context if the user/passwd has changed

Bug: https://github.com/curl/curl/issues/1685
Reported-by: paulharris@users.noreply.github.com
Assisted-by: Isaac Boukris
Closes https://github.com/curl/curl/pull/1742

7 years agodist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST
Adam Sampson [Wed, 9 Aug 2017 09:48:41 +0000 (10:48 +0100)]
dist: Add dictserver.py/negtelnetserver.py to EXTRA_DIST

These weren't included in the 7.55.0 release, but are required in order
to run the full test suite.

Closes #1744

7 years agocurl: do bounds check using a double comparison
Adam Sampson [Wed, 9 Aug 2017 13:11:17 +0000 (14:11 +0100)]
curl: do bounds check using a double comparison

The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7).  Getting
rid of the cast means the comparison will be done using doubles.

It might make more sense for the max argument to also be a double...

Fixes #1750
Closes #1749

7 years agomake install: add 8 missing man pages to the installation
Daniel Stenberg [Wed, 9 Aug 2017 09:31:10 +0000 (11:31 +0200)]
make install: add 8 missing man pages to the installation

7 years agobuild: fix 'make install' with configure, install docs/libcurl/* too
Daniel Stenberg [Wed, 9 Aug 2017 08:28:06 +0000 (10:28 +0200)]
build: fix 'make install' with configure, install docs/libcurl/* too

Broken since d24838d4da9faa

Reported-by: Bernard Spil
7 years agoRELEASE-NOTES: curl 7.55.0 curl-7_55_0
Daniel Stenberg [Tue, 8 Aug 2017 07:32:36 +0000 (09:32 +0200)]
RELEASE-NOTES: curl 7.55.0

7 years agoTHANKS: 20 new contributors in 7.55.0
Daniel Stenberg [Tue, 8 Aug 2017 07:32:36 +0000 (09:32 +0200)]
THANKS: 20 new contributors in 7.55.0

7 years agodocs/comments: Update to secure URL versions
Viktor Szakats [Tue, 8 Aug 2017 19:22:34 +0000 (19:22 +0000)]
docs/comments: Update to secure URL versions

Closes #1741

7 years agoconfigure: fix recv/send/select detection on Android
Daniel Stenberg [Tue, 8 Aug 2017 15:36:49 +0000 (17:36 +0200)]
configure: fix recv/send/select detection on Android

... since they now provide several functions as
__attribute__((overloadable)), the argument detection logic need
updates.

Patched-by: destman at github
Fixes #1738
Closes #1739

7 years agoax_code_coverage.m4: update to latest version
Marcel Raad [Mon, 31 Jul 2017 18:44:04 +0000 (20:44 +0200)]
ax_code_coverage.m4: update to latest version

This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d
from August 01, 2017. Notably, this removes the lconv version whitelist.

Closes https://github.com/curl/curl/pull/1716

7 years agotest1427: verify command line parser integer overflow detection
Daniel Stenberg [Sun, 6 Aug 2017 19:33:25 +0000 (21:33 +0200)]
test1427: verify command line parser integer overflow detection

7 years agocurl: detect and bail out early on parameter integer overflows
Daniel Stenberg [Sun, 6 Aug 2017 18:10:40 +0000 (20:10 +0200)]
curl: detect and bail out early on parameter integer overflows

Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.

Fixes #1730
Closes #1736

7 years agoglob: do not continue parsing after a strtoul() overflow range
Daniel Stenberg [Tue, 1 Aug 2017 15:16:07 +0000 (17:16 +0200)]
glob: do not continue parsing after a strtoul() overflow range

Added test 1289 to verify.

CVE-2017-1000101

Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
7 years agotftp: reject file name lengths that don't fit
Daniel Stenberg [Tue, 1 Aug 2017 15:16:46 +0000 (17:16 +0200)]
tftp: reject file name lengths that don't fit

... and thereby avoid telling send() to send off more bytes than the
size of the buffer!

CVE-2017-1000100

Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault
Credit to OSS-Fuzz for the discovery

7 years agofile: output the correct buffer to the user
Even Rouault [Tue, 1 Aug 2017 15:17:06 +0000 (17:17 +0200)]
file: output the correct buffer to the user

Regression brought by 7c312f84ea930d8 (April 2017)

CVE-2017-1000099

Bug: https://curl.haxx.se/docs/adv_20170809C.html

Credit to OSS-Fuzz for the discovery

7 years agoeasy_events: make event data static
Daniel Stenberg [Sun, 6 Aug 2017 21:42:50 +0000 (23:42 +0200)]
easy_events: make event data static

First: this function is only used in debug-builds and not in
release/real builds. It is used to drive tests using the event-based
API.

A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
funtion returns, namely when curl_multi_remove_handle() is called.

Reported-by: Brian Carpenter
7 years agogetparameter: avoid returning uninitialized 'usedarg'
Daniel Stenberg [Fri, 4 Aug 2017 09:49:27 +0000 (11:49 +0200)]
getparameter: avoid returning uninitialized 'usedarg'

Fixes #1728

7 years agogssapi: fix memory leak of output token in multi round context
Isaac Boukris [Fri, 21 Jul 2017 23:00:46 +0000 (02:00 +0300)]
gssapi: fix memory leak of output token in multi round context

When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733

7 years agodarwinssl: fix compiler warning
Marcel Raad [Fri, 4 Aug 2017 20:47:16 +0000 (22:47 +0200)]
darwinssl: fix compiler warning

clang complains:
vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
[-Werror,-Wextra-tokens]

This breaks the darwinssl build on Travis. Fix it by making this token
a comment.

Closes https://github.com/curl/curl/pull/1734

7 years agoCMake: fix CURL_WERROR for MSVC
Marcel Raad [Tue, 18 Jul 2017 16:31:41 +0000 (18:31 +0200)]
CMake: fix CURL_WERROR for MSVC

When using CURL_WERROR in MSVC builds, the debug flags were overridden
by the release flags and /WX got added twice in debug mode.

Closes https://github.com/curl/curl/pull/1715

7 years agoRELEASE-NOTES: synced with 561e9217c
Daniel Stenberg [Fri, 4 Aug 2017 08:32:38 +0000 (10:32 +0200)]
RELEASE-NOTES: synced with 561e9217c

7 years agotest1010: verify that #1718 is fixed
Daniel Stenberg [Thu, 3 Aug 2017 21:50:02 +0000 (23:50 +0200)]
test1010: verify that #1718 is fixed

... by doing two transfers in nocwd mode and check that there's no
superfluous CWD command.

7 years agoFTP: skip unnecessary CWD when in nocwd mode
Daniel Stenberg [Thu, 3 Aug 2017 21:48:57 +0000 (23:48 +0200)]
FTP: skip unnecessary CWD when in nocwd mode

... when reusing a connection. If it didn't do any CWD previously.

Fixes #1718

7 years agotravis: explicitly specify dist
Marcel Raad [Thu, 3 Aug 2017 09:01:25 +0000 (11:01 +0200)]
travis: explicitly specify dist

This makes the builds more reproducible as travis is currently rolling
out trusty as default dist [1]. Specifically, this avoids coverage
check failures when trusty is used as seen in [2] until we figure out
what's wrong.

[1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming
[2] https://github.com/curl/curl/pull/1692

Closes https://github.com/curl/curl/pull/1725

7 years agotravis: BUILD_TYPE => T
Daniel Stenberg [Thu, 3 Aug 2017 22:04:39 +0000 (00:04 +0200)]
travis: BUILD_TYPE => T

(to make the full line appear nicer on travis web UI)

7 years agotravis: add osx build with darwinssl
Daniel Stenberg [Thu, 3 Aug 2017 22:04:39 +0000 (00:04 +0200)]
travis: add osx build with darwinssl

Closes #1706

7 years agodarwin: silence compiler warnings
Daniel Stenberg [Thu, 3 Aug 2017 22:04:39 +0000 (00:04 +0200)]
darwin: silence compiler warnings

With a clang pragma and three type fixes

Fixes #1722

7 years agoBUILD.WINDOWS: mention buildconf.bat for builds off git
Daniel Stenberg [Thu, 3 Aug 2017 11:50:03 +0000 (13:50 +0200)]
BUILD.WINDOWS: mention buildconf.bat for builds off git

7 years agodarwinssl: fix curlssl_sha256sum() compiler warnings on first argument
Daniel Stenberg [Wed, 2 Aug 2017 21:22:53 +0000 (23:22 +0200)]
darwinssl: fix curlssl_sha256sum() compiler warnings on first argument

7 years agotest130: verify comments in .netrc
Daniel Stenberg [Wed, 2 Aug 2017 12:25:21 +0000 (14:25 +0200)]
test130: verify comments in .netrc

7 years agonetrc: skip lines starting with '#'
Gisle Vanem [Wed, 2 Aug 2017 12:24:51 +0000 (14:24 +0200)]
netrc: skip lines starting with '#'

Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html

7 years agoCMake: set MSVC warning level to 4
Marcel Raad [Tue, 18 Jul 2017 16:46:53 +0000 (18:46 +0200)]
CMake: set MSVC warning level to 4

The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
consistent with the Visual Studio and NMake builds. Disable level 4
warning C4127 for the library and additionally C4306 for the test
servers to get a clean CURL_WERROR build as that warning is raised in
some macros in older Visual Studio versions.

Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711

7 years agoCURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2
Daniel Stenberg [Wed, 2 Aug 2017 13:29:27 +0000 (15:29 +0200)]
CURLOPT_NETRC.3: fix typo in 7e48aa386156f9c2

Reported-by: Viktor Szakats
7 years agoCURLOPT_NETRC.3: mention the file name on windows
Daniel Stenberg [Wed, 2 Aug 2017 12:34:26 +0000 (14:34 +0200)]
CURLOPT_NETRC.3: mention the file name on windows

... and CURLOPT_NETRC_FILE(3).

7 years agotravis: build osx with libressl too
Daniel Stenberg [Wed, 2 Aug 2017 08:32:15 +0000 (10:32 +0200)]
travis: build osx with libressl too

7 years agotravis: build osx with openssl too
Daniel Stenberg [Wed, 2 Aug 2017 08:28:00 +0000 (10:28 +0200)]
travis: build osx with openssl too

7 years agotests/server/util: fix curltime mistake from 4dee50b9c80f9
Daniel Stenberg [Wed, 2 Aug 2017 09:53:27 +0000 (11:53 +0200)]
tests/server/util: fix curltime mistake from 4dee50b9c80f9

7 years agocurl_threads: fix MSVC compiler warning
Marcel Raad [Tue, 1 Aug 2017 09:56:41 +0000 (11:56 +0200)]
curl_threads: fix MSVC compiler warning

Use LongToHandle to convert from long to HANDLE in the Win32
implementation.
This should fix the following warning when compiling with
MSVC 11 (2012) in 64-bit mode:
lib\curl_threads.c(113): warning C4306:
'type cast' : conversion from 'long' to 'HANDLE' of greater size

Closes https://github.com/curl/curl/pull/1717

7 years agoBUGS: improved phrasing about security bugs
Daniel Stenberg [Tue, 1 Aug 2017 13:06:08 +0000 (15:06 +0200)]
BUGS: improved phrasing about security bugs

Reported-by: Max Dymond
7 years agoBUGS: clarify how to report security related bugs
Daniel Stenberg [Tue, 1 Aug 2017 12:39:13 +0000 (14:39 +0200)]
BUGS: clarify how to report security related bugs

7 years agomulti: fix request timer management
Brad Spencer [Sat, 29 Jul 2017 14:44:39 +0000 (16:44 +0200)]
multi: fix request timer management

There are some bugs in how timers are managed for a single easy handle
that causes the wrong "next timeout" value to be reported to the
application when a new minimum needs to be recomputed and that new
minimum should be an existing timer that isn't currently set for the
easy handle.  When the application drives a set of easy handles via the
`curl_multi_socket_action()` API (for example), it gets told to wait the
wrong amount of time before the next call, which causes requests to
linger for a long time (or, it is my guess, possibly forever).

Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html

7 years agocurl_setup: Define CURL_NO_OLDIES for building libcurl
Jay Satiro [Tue, 1 Aug 2017 06:56:48 +0000 (02:56 -0400)]
curl_setup: Define CURL_NO_OLDIES for building libcurl

.. to catch accidental use of deprecated error codes.

Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237

7 years agoconfigure: fix the check for IdnToUnicode
Jeremy Tan [Mon, 31 Jul 2017 11:24:38 +0000 (21:24 +1000)]
configure: fix the check for IdnToUnicode

Fixes #1669
Closes #1713

7 years agohttp: fix response code parser to avoid integer overflow
Daniel Stenberg [Mon, 31 Jul 2017 15:11:18 +0000 (17:11 +0200)]
http: fix response code parser to avoid integer overflow

test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.

Closes #1714
Reported-by: Brian Carpenter
7 years agolibcurl: Stop using error codes defined under CURL_NO_OLDIES
Dwarakanath Yadavalli [Mon, 31 Jul 2017 05:52:04 +0000 (11:22 +0530)]
libcurl: Stop using error codes defined under CURL_NO_OLDIES

Fixes https://github.com/curl/curl/issues/1688
Closes https://github.com/curl/curl/pull/1712

7 years agoinclude.d: clarify --include is only for response headers
Jay Satiro [Sun, 30 Jul 2017 06:29:36 +0000 (02:29 -0400)]
include.d: clarify --include is only for response headers

Follow-up to 171f8de and de6de94.

Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
Reported-by: Daniel Stenberg
7 years agocmake: support make uninstall
jasjuang [Mon, 10 Jul 2017 23:17:15 +0000 (16:17 -0700)]
cmake: support make uninstall

Closes #1674

7 years agoRELEASE-NOTES: synced with 001701c47
Daniel Stenberg [Sat, 29 Jul 2017 23:25:57 +0000 (01:25 +0200)]
RELEASE-NOTES: synced with 001701c47

7 years agoAppVeyor: now really use CURL_WERROR
Marcel Raad [Tue, 18 Jul 2017 17:06:55 +0000 (19:06 +0200)]
AppVeyor: now really use CURL_WERROR

It was misspelled as CURL_ERROR in commit
2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4.

Closes https://github.com/curl/curl/pull/1686

7 years agotool_help: clarify --include is only for response headers
Jay Satiro [Sat, 29 Jul 2017 05:33:25 +0000 (01:33 -0400)]
tool_help: clarify --include is only for response headers

Follow-up to 171f8de.

Ref: https://github.com/curl/curl/issues/1704

7 years agosplay: fix signed/unsigned mismatch warning
Jay Satiro [Sat, 29 Jul 2017 05:13:42 +0000 (01:13 -0400)]
splay: fix signed/unsigned mismatch warning

Follow-up to 4dee50b.

Ref: https://github.com/curl/curl/pull/1693

7 years agoinclude.d: clarify that it concerns the response headers
Daniel Stenberg [Fri, 28 Jul 2017 16:22:50 +0000 (18:22 +0200)]
include.d: clarify that it concerns the response headers

Reported-by: olesteban at github
Fixes #1704

7 years agocurl_rtmp: fix a compiler warning
Johannes Schindelin [Fri, 7 Jul 2017 09:52:48 +0000 (11:52 +0200)]
curl_rtmp: fix a compiler warning

The headers of librtmp declare the socket as `int`, and on Windows, that
disagrees with curl_socket_t.

Bug: #1652

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
7 years agotest1323: verify curlx_tvdiff
Daniel Stenberg [Fri, 28 Jul 2017 13:49:36 +0000 (15:49 +0200)]
test1323: verify curlx_tvdiff

7 years agotimeval: struct curltime is a struct timeval replacement
Daniel Stenberg [Fri, 28 Jul 2017 13:49:36 +0000 (15:49 +0200)]
timeval: struct curltime is a struct timeval replacement

... to make all libcurl internals able to use the same data types for
the struct members. The timeval struct differs subtly on several
platforms so it makes it cumbersome to use everywhere.

Ref: #1652
Closes #1693

7 years agodarwinssl: fix variable type mistake (regression)
Daniel Stenberg [Thu, 27 Jul 2017 16:30:11 +0000 (18:30 +0200)]
darwinssl: fix variable type mistake (regression)

... which made --tlsv1.2 not work because it would blank the max tls
version variable.

Reported-by: Nick Miyake
Bug: #1703

7 years agomulti: mention integer overflow risk if using > 500 million sockets
Daniel Stenberg [Wed, 26 Jul 2017 23:13:47 +0000 (01:13 +0200)]
multi: mention integer overflow risk if using > 500 million sockets

Reported-by: ovidiu-benea@users.noreply.github.com
Closes #1675
Closes #1683

7 years agochecksrc: escape open brace in regex
Daniel Stenberg [Wed, 26 Jul 2017 23:13:19 +0000 (01:13 +0200)]
checksrc: escape open brace in regex

... to silence warning.

7 years agonss: fix a possible use-after-free in SelectClientCert()
Kamil Dudka [Wed, 19 Jul 2017 16:02:26 +0000 (18:02 +0200)]
nss: fix a possible use-after-free in SelectClientCert()

... causing a SIGSEGV in showit() in case the handle used to initiate
the connection has already been freed.

This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.

Reported-by: Rob Sanders
Bug: https://bugzilla.redhat.com/1436158

7 years agonss: unify the coding style of nss_send() and nss_recv()
Kamil Dudka [Thu, 20 Jul 2017 06:05:59 +0000 (08:05 +0200)]
nss: unify the coding style of nss_send() and nss_recv()

No changes in behavior intended by this commit.

7 years agotests/server/resolve.c: fix deprecation warning
Marcel Raad [Sun, 16 Jul 2017 12:28:10 +0000 (14:28 +0200)]
tests/server/resolve.c: fix deprecation warning

MSVC warns that gethostbyname is deprecated. Always use getaddrinfo
instead to fix this when IPv6 is enabled, also for IPv4 resolves. This
is also consistent with what libcurl does.

Closes https://github.com/curl/curl/pull/1682