]> granicus.if.org Git - curl/log
curl
6 years agotest1452: mark as flaky bagder/test1452-flaky
Daniel Stenberg [Tue, 4 Sep 2018 15:18:54 +0000 (17:18 +0200)]
test1452: mark as flaky

makes it not run in the CI builds

6 years agocookie tests: treat files as text
Marcel Raad [Thu, 23 Aug 2018 11:11:20 +0000 (13:11 +0200)]
cookie tests: treat files as text

Fixes test failures because of wrong line endings on Windows.

6 years agolibcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
Daniel Stenberg [Tue, 21 Aug 2018 12:52:17 +0000 (14:52 +0200)]
libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation

Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to
avoid the risk of getting a SIGPIPE.

Either way, a multi-threaded application that uses libcurl/openssl needs
to have a signhandler for or ignore SIGPIPE on its own.

Based on discussions in #2800
Closes #2904

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 22 Aug 2018 08:52:06 +0000 (10:52 +0200)]
RELEASE-NOTES: synced

6 years agoTests: fixes for Windows
Marcel Raad [Wed, 22 Aug 2018 10:26:21 +0000 (12:26 +0200)]
Tests: fixes for Windows

- test 1268 requires unix sockets
- test 2072 must be disabled also for MSYS/MinGW

6 years agohttp2: abort the send_callback if not setup yet
Daniel Stenberg [Wed, 22 Aug 2018 07:47:22 +0000 (09:47 +0200)]
http2: abort the send_callback if not setup yet

When Curl_http2_done() gets called before the http2 data is setup all
the way, we cannot send anything and this should just return an error.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012

6 years agohttp2: remove four unused nghttp2 callbacks
Daniel Stenberg [Tue, 21 Aug 2018 08:07:38 +0000 (10:07 +0200)]
http2: remove four unused nghttp2 callbacks

Closes #2903

6 years agox509asn1: use FALLTHROUGH
Daniel Stenberg [Tue, 21 Aug 2018 20:26:36 +0000 (22:26 +0200)]
x509asn1: use FALLTHROUGH

... as no other comments are accepted since 014ed7c22f51463

6 years agotest1148: disable if decimal separator is not point
Marcel Raad [Tue, 24 Jul 2018 21:26:45 +0000 (23:26 +0200)]
test1148: disable if decimal separator is not point

Modifying the locale with environment variables doesn't work for native
Windows applications. Just disable the test in this case if the decimal
separator is something different than a point. Use a precheck with a
small C program to achieve that.

Closes https://github.com/curl/curl/pull/2786

6 years agoEnable more GCC warnings
Marcel Raad [Sat, 7 Jul 2018 07:00:29 +0000 (09:00 +0200)]
Enable more GCC warnings

This enables the following additional warnings:
-Wold-style-definition
-Warray-bounds=2 instead of the default 1
-Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not
 respected for older versions
-Wunused-const-variable, which enables level 2 instead of the default 1
-Warray-bounds also in debug mode through -ftree-vrp
-Wnull-dereference also in debug mode through
 -fdelete-null-pointer-checks

Closes https://github.com/curl/curl/pull/2747

6 years agocurl-compilers: enable -Wimplicit-fallthrough=4 for GCC
Marcel Raad [Mon, 9 Jul 2018 16:52:05 +0000 (18:52 +0200)]
curl-compilers: enable -Wimplicit-fallthrough=4 for GCC

This enables level 4 instead of the default level 3, which of the
currently used comments only allows /* FALLTHROUGH */ to silence the
warning.

Closes https://github.com/curl/curl/pull/2747

6 years agocurl-compilers: enable -Wbad-function-cast on GCC
Marcel Raad [Mon, 9 Jul 2018 16:43:55 +0000 (18:43 +0200)]
curl-compilers: enable -Wbad-function-cast on GCC

This warning used to be enabled only for clang as it's a bit stricter
on GCC. Silence the remaining occurrences and enable it on GCC too.

Closes https://github.com/curl/curl/pull/2747

6 years agoconfigure: conditionally enable pedantic-errors
Marcel Raad [Mon, 9 Jul 2018 16:38:23 +0000 (18:38 +0200)]
configure: conditionally enable pedantic-errors

Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
pedantic-errors was synonymous to -Werror=pedantic [0], which is still
the case for clang [1]. With GCC 5, it became complementary [2].

Also fix a resulting error in acinclude.m4 as main's return type was
missing, which is illegal in C99.

[0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
[1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
[2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html

Closes https://github.com/curl/curl/pull/2747

6 years agoRemove unused definitions
Marcel Raad [Mon, 9 Jul 2018 16:28:26 +0000 (18:28 +0200)]
Remove unused definitions

Closes https://github.com/curl/curl/pull/2747

6 years agox509asn1: make several functions static
Daniel Stenberg [Tue, 21 Aug 2018 07:44:22 +0000 (09:44 +0200)]
x509asn1: make several functions static

and remove the private SIZE_T_MAX define and use the generic one.

Closes #2902

6 years agoINTERNALS: require GnuTLS >= 2.11.3
Daniel Stenberg [Tue, 21 Aug 2018 08:45:20 +0000 (10:45 +0200)]
INTERNALS: require GnuTLS >= 2.11.3

Since the public pinning support was brought in e644866caf4. GnuTLS
2.11.3 was released in October 2010.

Figured out in #2890

6 years agohttp2: avoid set_stream_user_data() before stream is assigned
Daniel Stenberg [Mon, 20 Aug 2018 11:19:08 +0000 (13:19 +0200)]
http2: avoid set_stream_user_data() before stream is assigned

... before the stream is started, we have it set to -1.

Fixes #2894
Closes #2898

6 years agoSSLCERTS: improve the openssl command line
Daniel Stenberg [Mon, 20 Aug 2018 12:05:28 +0000 (14:05 +0200)]
SSLCERTS: improve the openssl command line

... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.

6 years agodocs/SECURITY-PROCESS: now we name the files after the CVE id
Daniel Stenberg [Mon, 20 Aug 2018 09:49:58 +0000 (11:49 +0200)]
docs/SECURITY-PROCESS: now we name the files after the CVE id

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sat, 18 Aug 2018 22:06:44 +0000 (00:06 +0200)]
RELEASE-NOTES: synced

6 years agoupload: change default UPLOAD_BUFSIZE to 64KB
Daniel Stenberg [Fri, 17 Aug 2018 09:36:12 +0000 (11:36 +0200)]
upload: change default UPLOAD_BUFSIZE to 64KB

To make uploads significantly faster in some circumstances.

Part 2 of #2888
Closes #2892

6 years agoupload: allocate upload buffer on-demand
Daniel Stenberg [Thu, 16 Aug 2018 22:49:37 +0000 (00:49 +0200)]
upload: allocate upload buffer on-demand

Saves 16KB on the easy handle for operations that don't need that
buffer.

Part 1 of #2888

6 years agovtls: reinstantiate engine on duplicated handles
Laurent Bonnans [Fri, 17 Aug 2018 15:39:01 +0000 (17:39 +0200)]
vtls: reinstantiate engine on duplicated handles

Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the engine
name in the internal url state and setting the engine from its name
inside curl_easy_duphandle.

Reported-by: Anton Gerasimov
Signed-of-by: Laurent Bonnans
Fixes #2829
Closes #2833

6 years agohttp2: make sure to send after RST_STREAM
Daniel Stenberg [Thu, 16 Aug 2018 11:21:11 +0000 (13:21 +0200)]
http2: make sure to send after RST_STREAM

If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.

Fixes #2882
Closes #2887
Researched-by: Michael Kaufmann
6 years agotest1268: check the stderr output as "text"
Daniel Stenberg [Thu, 16 Aug 2018 21:05:09 +0000 (23:05 +0200)]
test1268: check the stderr output as "text"

Follow-up to 099f37e9c57

Pointed-out-by: Marcel Raad
6 years agourldata: remove unused pipe_broke struct field
Daniel Stenberg [Sun, 12 Aug 2018 17:36:56 +0000 (19:36 +0200)]
urldata: remove unused pipe_broke struct field

This struct field is never set TRUE in any existing code path. This
change removes the field completely.

Closes #2871

6 years agocurl: warn the user if a given file name looks like an option
Daniel Stenberg [Wed, 15 Aug 2018 07:17:43 +0000 (09:17 +0200)]
curl: warn the user if a given file name looks like an option

... simply because this is usually a sign of the user having omitted the
file name and the next option is instead "eaten" by the parser as a file
name.

Add test1268 to verify

Closes #2885

6 years agohttp2: check nghttp2_session_set_stream_user_data return code
Daniel Stenberg [Tue, 14 Aug 2018 13:28:29 +0000 (15:28 +0200)]
http2: check nghttp2_session_set_stream_user_data return code

Might help bug #2688 debugging

Closes #2880

6 years agotravis: revert back to gcc-7 for coverage builds
Daniel Stenberg [Wed, 15 Aug 2018 09:13:26 +0000 (11:13 +0200)]
travis: revert back to gcc-7 for coverage builds

... since the gcc-8 ones seem to fail frequently.

Follow-up from b85207199544ca

Closes #2886

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 15 Aug 2018 11:59:07 +0000 (13:59 +0200)]
RELEASE-NOTES: synced

... and now listed in alphabetical order!

6 years agoCMake: CMake config files are defining CURL_STATICLIB for static builds
Adrien [Wed, 1 Aug 2018 12:02:26 +0000 (14:02 +0200)]
CMake: CMake config files are defining CURL_STATICLIB for static builds

This change allows to use the CMake config files generated by Curl's
CMake scripts for static builds of the library.
The symbol CURL_STATIC lib must be defined to compile downstream,
thus the config package is the perfect place to do so.

Fixes #2817
Closes #2823
Reported-by: adnn on github
Reviewed-by: Sergei Nikulov
6 years agoTODO: host name sections in config files
Daniel Stenberg [Wed, 15 Aug 2018 07:17:03 +0000 (09:17 +0200)]
TODO: host name sections in config files

6 years agossh-libssh: fix infinite connect loop on invalid private key
Kamil Dudka [Tue, 14 Aug 2018 10:47:18 +0000 (12:47 +0200)]
ssh-libssh: fix infinite connect loop on invalid private key

Added test 656 (based on test 604) to verify the fix.

Bug: https://bugzilla.redhat.com/1595135

Closes #2879

6 years agossh-libssh: reduce excessive verbose output about pubkey auth
Kamil Dudka [Tue, 14 Aug 2018 11:14:49 +0000 (13:14 +0200)]
ssh-libssh: reduce excessive verbose output about pubkey auth

The verbose message "Authentication using SSH public key file" was
printed each time the ssh_userauth_publickey_auto() was called, which
meant each time a packet was transferred over network because the API
operates in non-blocking mode.

This patch makes sure that the verbose message is printed just once
(when the authentication state is entered by the SSH state machine).

6 years agotravis: disable h2 torture tests for "coverage"
Daniel Stenberg [Tue, 14 Aug 2018 06:39:00 +0000 (08:39 +0200)]
travis: disable h2 torture tests for "coverage"

Since they started to fail almost 100% since a few days.

Closes #2876

6 years agotravis: update to GCC 8
Marcel Raad [Thu, 9 Aug 2018 12:48:28 +0000 (14:48 +0200)]
travis: update to GCC 8

Closes https://github.com/curl/curl/pull/2869

6 years agohttp: fix for tiny "HTTP/0.9" response
Daniel Stenberg [Mon, 13 Aug 2018 10:12:14 +0000 (12:12 +0200)]
http: fix for tiny "HTTP/0.9" response

Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting 0.9 properly.

Test 1266 and 1267 added to verify.

Fixes #2420
Closes #2872

6 years agodocs: add disallow-username-in-url.d and haproxy-protocol.d on the list
Kamil Dudka [Thu, 9 Aug 2018 13:22:11 +0000 (15:22 +0200)]
docs: add disallow-username-in-url.d and haproxy-protocol.d on the list

... to make make the files appear in distribution tarballs

Closes #2856

6 years ago.travis.yml: verify that man pages can be regenerated
Kamil Dudka [Thu, 9 Aug 2018 15:16:19 +0000 (17:16 +0200)]
.travis.yml: verify that man pages can be regenerated

... when curl is built from distribution tarball

Closes #2856

6 years agoSplit non-portable part off test 1133
Marcel Raad [Wed, 8 Aug 2018 20:43:27 +0000 (22:43 +0200)]
Split non-portable part off test 1133

Split off testing file names with double quotes into new test 1158.
Disable it for MSYS using a precheck as it doesn't support file names
with double quotes (but Cygwin does, for example).

Fixes https://github.com/curl/curl/issues/2796
Closes https://github.com/curl/curl/pull/2854

6 years agoprojects: Improve Windows perl detection in batch scripts
Jay Satiro [Sat, 11 Aug 2018 20:33:12 +0000 (16:33 -0400)]
projects: Improve Windows perl detection in batch scripts

- Determine if perl is in the user's PATH by running perl.exe.

Prior to this change detection was done by checking the PATH for perl/
but that did not work in all cases (eg git install includes perl but
not in perl/ path).

Bug: https://github.com/curl/curl/pull/2865
Reported-by: Daniel Jeliński
6 years agodocs: Improve the manual pages of some callbacks
Michael Kaufmann [Sat, 11 Aug 2018 11:52:18 +0000 (13:52 +0200)]
docs: Improve the manual pages of some callbacks

- CURLOPT_HEADERFUNCTION: add newlines
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
  how to set it

Closes https://github.com/curl/curl/pull/2868

6 years agoGCC: silence -Wcast-function-type uniformly
Marcel Raad [Fri, 10 Aug 2018 15:32:01 +0000 (17:32 +0200)]
GCC: silence -Wcast-function-type uniformly

Pointed-out-by: Rikard Falkeborn
Closes https://github.com/curl/curl/pull/2860

6 years agoSilence GCC 8 cast-function-type warnings
Marcel Raad [Thu, 9 Aug 2018 15:19:24 +0000 (17:19 +0200)]
Silence GCC 8 cast-function-type warnings

On Windows, casting between unrelated function types is fine and
sometimes even necessary, so just use an intermediate cast to
(void (*) (void)) to silence the warning as described in [0].

[0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html

Closes https://github.com/curl/curl/pull/2860

6 years agoCURLINFO_SIZE_UPLOAD: fix missing counter update
Daniel Stenberg [Fri, 10 Aug 2018 11:57:50 +0000 (13:57 +0200)]
CURLINFO_SIZE_UPLOAD: fix missing counter update

Adds test 1522 for verification.

Reported-by: cjmsoregan
Fixes #2847
Closes #2864

6 years agoDocumentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug
Daniel Jelinski [Fri, 10 Aug 2018 21:24:17 +0000 (23:24 +0200)]
Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bug

Closes #2867

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 10 Aug 2018 21:27:37 +0000 (23:27 +0200)]
RELEASE-NOTES: synced

6 years agoopenssl: fix potential NULL pointer deref in is_pkcs11_uri
Daniel Stenberg [Fri, 10 Aug 2018 15:43:31 +0000 (17:43 +0200)]
openssl: fix potential NULL pointer deref in is_pkcs11_uri

Follow-up to 298d2565e
Coverity CID 1438387

6 years agotravis: execute "set -eo pipefail" for coverage build
Marcel Raad [Fri, 10 Aug 2018 02:30:51 +0000 (04:30 +0200)]
travis: execute "set -eo pipefail" for coverage build

Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and
0b87c963252d3504552ee0c8cf4402bd65a80af5.

Closes https://github.com/curl/curl/pull/2862

6 years agolib1502: fix memory leak in torture test
Daniel Stenberg [Fri, 10 Aug 2018 11:18:17 +0000 (13:18 +0200)]
lib1502: fix memory leak in torture test

Reported-by: Marcel Raad
Fixes #2861
Closes #2863

6 years agodocs: mention NULL is fine input to several functions
Daniel Stenberg [Thu, 9 Aug 2018 14:37:39 +0000 (16:37 +0200)]
docs: mention NULL is fine input to several functions

Fixes #2837
Closes #2858
Reported-by: Markus Elfring
6 years agoREADME.md: add LGTM.com code quality grade for C/C++
Bas van Schaik [Thu, 9 Aug 2018 14:20:34 +0000 (15:20 +0100)]
README.md: add LGTM.com code quality grade for C/C++

Closes #2857

6 years agotest1531: Add timeout
Rikard Falkeborn [Tue, 7 Aug 2018 22:10:10 +0000 (00:10 +0200)]
test1531: Add timeout

Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is
looping going on, we might as well add timing instead of removing it.

Closes #2853

6 years agotest1540: Remove unused macro TEST_HANG_TIMEOUT
Rikard Falkeborn [Tue, 7 Aug 2018 20:13:16 +0000 (22:13 +0200)]
test1540: Remove unused macro TEST_HANG_TIMEOUT

The macro has never been used, and it there is not really any place
where it would make sense to add timing checks.

Closes #2852

6 years agoasyn-thread: Remove unused macro
Rikard Falkeborn [Sun, 5 Aug 2018 20:47:53 +0000 (22:47 +0200)]
asyn-thread: Remove unused macro

The macro seems to never have been used.

Closes #2852

6 years agohttp_proxy: Remove unused macro SELECT_TIMEOUT
Rikard Falkeborn [Sun, 5 Aug 2018 20:29:29 +0000 (22:29 +0200)]
http_proxy: Remove unused macro SELECT_TIMEOUT

Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22.

Closes #2852

6 years agoformdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
Rikard Falkeborn [Sun, 5 Aug 2018 19:56:50 +0000 (21:56 +0200)]
formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT

Its usage was removed in
84ad1fd3047815f9c6e78728bb351b828eac10b1.

Closes #2852

6 years agotelnet: Remove unused macros TELOPTS and TELCMDS
Rikard Falkeborn [Sun, 5 Aug 2018 19:53:34 +0000 (21:53 +0200)]
telnet: Remove unused macros TELOPTS and TELCMDS

Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51.

Closes #2852

6 years agoopenssl: fix debug messages
Daniel Jelinski [Mon, 6 Aug 2018 21:35:33 +0000 (23:35 +0200)]
openssl: fix debug messages

Fixes #2806
Closes #2843

6 years agoconfigure: fix for -lpthread detection with OpenSSL and pkg-config
Daniel Stenberg [Wed, 8 Aug 2018 12:42:29 +0000 (14:42 +0200)]
configure: fix for -lpthread detection with OpenSSL and pkg-config

... by making sure it uses the -I provided by pkg-config!

Reported-by: pszemus on github
Fixes #2848
Closes #2850

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 8 Aug 2018 12:54:16 +0000 (14:54 +0200)]
RELEASE-NOTES: synced

6 years agowindows: follow up to the buffer-tuning 1ba1dba7
Daniel Stenberg [Wed, 8 Aug 2018 12:43:26 +0000 (14:43 +0200)]
windows: follow up to the buffer-tuning 1ba1dba7

Somehow I didn't include the amended version of the previous fix. This
is the missing piece.

Pointed-out-by: Viktor Szakats
6 years agowindows: implement send buffer tuning
Daniel Jelinski [Thu, 19 Jul 2018 12:07:59 +0000 (14:07 +0200)]
windows: implement send buffer tuning

Significantly enhances upload performance on modern Windows versions.

Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html
Closes #2762
Fixes #2224

6 years agossl: set engine implicitly when a PKCS#11 URI is provided
Anderson Toshiyuki Sasaki [Mon, 19 Feb 2018 13:31:06 +0000 (14:31 +0100)]
ssl: set engine implicitly when a PKCS#11 URI is provided

This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.

Acked-by: Nikos Mavrogiannopoulos
Closes #2333

6 years agoCMake: Respect BUILD_SHARED_LIBS
Ruslan Baratov [Tue, 10 Jul 2018 09:54:34 +0000 (12:54 +0300)]
CMake: Respect BUILD_SHARED_LIBS

Use standard CMake variable BUILD_SHARED_LIBS instead of introducing
custom option CURL_STATICLIB.

Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml.

Reviewed-by: Sergei Nikulov
Closes #2755

6 years agocmake: bumped minimum version to 3.4
John Butterfield [Thu, 19 Jul 2018 17:46:43 +0000 (10:46 -0700)]
cmake: bumped minimum version to 3.4

Closes #2753

6 years agocmake: link curl to the OpenSSL targets instead of lib absolute paths
John Butterfield [Tue, 17 Jul 2018 08:13:18 +0000 (01:13 -0700)]
cmake: link curl to the OpenSSL targets instead of lib absolute paths

Reviewed-by: Jakub Zakrzewski
Reviewed-by: Sergei Nikulov
Closes #2753

6 years agotravis: build darwinssl on macos 10.12
Daniel Stenberg [Tue, 7 Aug 2018 11:17:22 +0000 (13:17 +0200)]
travis: build darwinssl on macos 10.12

... as building on 10.13.x before 10.13.4 leads to link errors.

Assisted-by: Nick Zitzmann
Fixes #2835
Closes #2845

6 years agoDEPRECATE: remove release date from 7.62.0
Daniel Stenberg [Fri, 3 Aug 2018 22:21:16 +0000 (00:21 +0200)]
DEPRECATE: remove release date from 7.62.0

Since it will slip and the version is the important part there, not the
date.

6 years agolib/Makefile: only do symbol hiding if told to
Daniel Stenberg [Thu, 2 Aug 2018 13:05:11 +0000 (15:05 +0200)]
lib/Makefile: only do symbol hiding if told to

This restores the ability to build a static lib with
--disable-symbol-hiding to keep non-curl_ symbols.

Researched-by: Dan Fandrich
Reported-by: Ran Mozes
Fixes #2830
Closes #2831

6 years agohostip: fix unused variable warning
Marcel Raad [Thu, 2 Aug 2018 06:24:27 +0000 (08:24 +0200)]
hostip: fix unused variable warning

addresses is only used in an infof call, which is a macro expanding to
nothing if CURL_DISABLE_VERBOSE_STRINGS is set.

6 years agotest1307: disabled
Daniel Stenberg [Wed, 1 Aug 2018 22:57:01 +0000 (00:57 +0200)]
test1307: disabled

Turns out that since we're using the native fnmatch function now when
available, and they simply disagree on a huge number of test patterns
that make it hard to test this function like this...

Fixes #2825

6 years agosmb: don't mark it done in smb_do
Daniel Stenberg [Wed, 1 Aug 2018 11:06:21 +0000 (13:06 +0200)]
smb: don't mark it done in smb_do

Follow-up to 09e401e01bf9. The SMB protocol handler needs to use its
doing function too, which requires smb_do() to not mark itself as
done...

Closes #2822

6 years agogeneral: fix printf specifiers
Rikard Falkeborn [Tue, 31 Jul 2018 21:13:17 +0000 (23:13 +0200)]
general: fix printf specifiers

Closes #2818

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 31 Jul 2018 15:23:58 +0000 (17:23 +0200)]
RELEASE-NOTES: synced

6 years agomailmap: Daniel Jelinski
Daniel Stenberg [Tue, 31 Jul 2018 15:22:44 +0000 (17:22 +0200)]
mailmap: Daniel Jelinski

6 years agoHTTP: Don't attempt to needlessly decompress redirect body
Harry Sintonen [Thu, 26 Jul 2018 22:04:29 +0000 (01:04 +0300)]
HTTP: Don't attempt to needlessly decompress redirect body

This change fixes a regression where redirect body would needlessly be
decompressed even though it was to be ignored anyway. As it happens this
causes secondary issues since there appears to be a bug in apache2 that
it in certain conditions generates a corrupt zlib response. The
regression was created by commit:
dbcced8e32b50c068ac297106f0502ee200a1ebd

Discovered-by: Harry Sintonen
Closes #2798

6 years agocurl: use Content-Disposition before the "URL end" for -OJ
Daniel Stenberg [Mon, 30 Jul 2018 22:27:50 +0000 (00:27 +0200)]
curl: use Content-Disposition before the "URL end" for -OJ

Regression introduced in 7.61.0

Reported-by: Thomas Klausner
Fixes #2783
Closes #2813

6 years agoretry: return error if rewind was necessary but didn't happen
Daniel Jelinski [Mon, 30 Jul 2018 07:30:10 +0000 (09:30 +0200)]
retry: return error if rewind was necessary but didn't happen

Fixes #2801
Closes #2812

6 years agohttp2: clear the drain counter in Curl_http2_done
Daniel Stenberg [Sun, 29 Jul 2018 10:30:29 +0000 (12:30 +0200)]
http2: clear the drain counter in Curl_http2_done

Reported-by: Andrei Virtosu
Fixes #2800
Closes #2809

6 years agosmb: fix memory leak on early failure
Daniel Stenberg [Sun, 29 Jul 2018 15:58:10 +0000 (17:58 +0200)]
smb: fix memory leak on early failure

... by making sure connection related data (->share) is stored in the
connection and not in the easy handle.

Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
Fixes #2769
Closes #2810

6 years agotravis: run a 'make checksrc' too
Daniel Stenberg [Mon, 30 Jul 2018 11:40:09 +0000 (13:40 +0200)]
travis: run a 'make checksrc' too

... to make sure the examples are all checked.

Closes #2811

6 years agoexamples/ephiperfifo: checksrc compliance
Jay Satiro [Sun, 29 Jul 2018 19:06:00 +0000 (15:06 -0400)]
examples/ephiperfifo: checksrc compliance

6 years agosws: handle EINTR when calling select()
Michael Kaufmann [Sun, 29 Jul 2018 11:47:31 +0000 (13:47 +0200)]
sws: handle EINTR when calling select()

Closes https://github.com/curl/curl/pull/2808

6 years agotest1157: follow-up to 35ecffb9
Daniel Stenberg [Sun, 29 Jul 2018 10:29:39 +0000 (12:29 +0200)]
test1157: follow-up to 35ecffb9

Ignore the user-agent line.
Pointed-out-by: Marcel Raad
6 years agotests/http_pipe.py: Use /usr/bin/env to find python
Michael Kaufmann [Sun, 29 Jul 2018 10:22:57 +0000 (12:22 +0200)]
tests/http_pipe.py: Use /usr/bin/env to find python

6 years agoTODO: Support Authority Information Access certificate extension (AIA)
Daniel Stenberg [Sat, 28 Jul 2018 21:26:42 +0000 (23:26 +0200)]
TODO: Support Authority Information Access certificate extension (AIA)

Closes #2793

6 years agoconn_free: updated comment to clarify
Daniel Stenberg [Sat, 28 Jul 2018 21:17:01 +0000 (00:17 +0300)]
conn_free: updated comment to clarify

Let's call it disassociate instead of disconnect since the latter term
is used so much for (TCP) connections already.

6 years agotest1157: test -H from empty file
Daniel Stenberg [Sat, 28 Jul 2018 20:47:16 +0000 (22:47 +0200)]
test1157: test -H from empty file

Verifies bugfix #2797

6 years agocurl: Fix segfault when -H @headerfile is empty
Tobias Blomberg [Thu, 26 Jul 2018 21:22:49 +0000 (23:22 +0200)]
curl: Fix segfault when -H @headerfile is empty

The curl binary would crash if the -H command line option was given a
filename to read using the @filename syntax but that file was empty.

Closes #2797

6 years agomime: check Curl_rand_hex's return code
Daniel Stenberg [Thu, 26 Jul 2018 13:55:59 +0000 (16:55 +0300)]
mime: check Curl_rand_hex's return code

Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
Reported-by: Jeffrey Walton
Closes #2795

6 years agodocs/examples: add hiperfifo example using linux epoll/timerfd
Josh Bialkowski [Fri, 27 Jul 2018 22:46:19 +0000 (15:46 -0700)]
docs/examples: add hiperfifo example using linux epoll/timerfd

Closes #2804

6 years agodocs/INSTALL.md: minor formatting fixes
Darío Hereñú [Thu, 26 Jul 2018 01:57:55 +0000 (22:57 -0300)]
docs/INSTALL.md: minor formatting fixes

Closes #2794

6 years agodocs/CURLOPT_URL: fix indentation
Christopher Head [Wed, 25 Jul 2018 06:40:11 +0000 (23:40 -0700)]
docs/CURLOPT_URL: fix indentation

The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.

Closes #2788

6 years agodocs/CURLOPT_WRITEFUNCTION: size is always 1
Christopher Head [Wed, 25 Jul 2018 05:47:23 +0000 (22:47 -0700)]
docs/CURLOPT_WRITEFUNCTION: size is always 1

For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Closes #2787

6 years agowolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
Carie Pointer [Fri, 20 Jul 2018 20:00:09 +0000 (13:00 -0700)]
wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random

RNG structure must be freed by call to FreeRng after its use in
Curl_cyassl_random. This call fixes Valgrind failures when running the
test suite with wolfSSL.

Closes #2784

6 years agoreuse_conn(): free old_conn->options
Even Rouault [Wed, 25 Jul 2018 09:22:51 +0000 (11:22 +0200)]
reuse_conn(): free old_conn->options

This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
connection reuse.

I found this with oss-fuzz on GDAL and curl master:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
I couldn't reproduce with the oss-fuzz original test case, but looking
at curl source code pointed to this well reproducable leak.

Closes #2790

6 years agosystem_win32: fix version checking
djelinski [Wed, 25 Jul 2018 12:01:55 +0000 (14:01 +0200)]
system_win32: fix version checking

In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
when run on windows 10.0. This patch addresses that error.

Closes https://github.com/curl/curl/pull/2792

6 years agoauth: pick Bearer authentication whenever a token is available
Johannes Schindelin [Fri, 20 Jul 2018 16:17:43 +0000 (18:17 +0200)]
auth: pick Bearer authentication whenever a token is available

So far, the code tries to pick an authentication method only if
user/password credentials are available, which is not the case for
Bearer authentictation...

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754

6 years agoauth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
Johannes Schindelin [Tue, 17 Jul 2018 12:52:53 +0000 (14:52 +0200)]
auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token

The Bearer authentication was added to cURL 7.61.0, but there is a
problem: if CURLAUTH_ANY is selected, and the server supports multiple
authentication methods including the Bearer method, we strongly prefer
that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
authentication fails, we will never even try to attempt any other
method.

This is particularly unfortunate when we already know that we do not
have any Bearer token to work with.

Such a scenario happens e.g. when using Git to push to Visual Studio
Team Services (which supports Basic and Bearer authentication among
other methods) and specifying the Personal Access Token directly in the
URL (this aproach is frequently taken by automated builds).

Let's make sure that we have a Bearer token to work with before we
select the Bearer authentication among the available authentication
methods.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754