summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* fixup the test syntaxbagder/travis-more-archsDaniel Stenberg2020-07-311-1/+1
|
* fixup only build mesalink for those buildsDaniel Stenberg2020-07-312-14/+16
|
* travis: add ppc64le and s390xDaniel Stenberg2020-07-311-0/+36
|
* connect: remove redundant message about connect failureMarc Hoersken2020-07-311-2/+2
| | | | | | Reviewed-by: Daniel Stenberg Closes #5708
* tests/sshserver.pl: fix compatibility with OpenSSH for WindowsMarc Hoersken2020-07-311-0/+5
| | | | Follow up to #5721
* CI/azure: install libssh2 for use with msys2-based buildsMarc Hoersken2020-07-311-8/+16
| | | | | | | | | This enables building and running the SFTP tests. Unfortunately OpenSSH for Windows does not support SCP (yet). Reviewed-by: Daniel Stenberg Closes #5721
* CI/azure: increase Windows job timeout once againMarc Hoersken2020-07-311-1/+1
| | | | | | | | | Avoid aborted jobs due to performance issues on Azure DevOps. Reviewed-by: Daniel Stenberg Reviewed-by: Jay Satiro Closes #5738
* TODO: Schannel: 'Add option to allow abrupt server closure'Jay Satiro2020-07-301-0/+10
| | | | | | | | | We should offer an option to allow abrupt server closures (server closes SSL transfer without sending a known termination point such as length of transfer or close_notify alert). Abrupt server closures are usually because of misconfigured or very old servers. Closes https://github.com/curl/curl/issues/4427
* url: fix CURLU and location followingJay Satiro2020-07-305-4/+133
| | | | | | | | | | | Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was incorrectly used for the location follow, resulting in infinite requests to the original location. Reported-by: sspiri@users.noreply.github.com Fixes https://github.com/curl/curl/issues/5709 Closes https://github.com/curl/curl/pull/5713
* RELEASE-NOTES: syncedDaniel Stenberg2020-07-301-8/+46
|
* docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentionsdivinity762020-07-302-2/+2
| | | | | | | | it helps make it obvious that most developers don't have to care about the CURLM_CALL_MULTI_PERFORM value (last release using it is nearly 11 years old, November 4 2009) Closes #5744
* tool_cb_wrt: fix outfile mode flags for WindowsJay Satiro2020-07-291-3/+6
| | | | | | | | | | | | | | | | - Use S_IREAD and S_IWRITE mode permission flags to create the file on Windows instead of S_IRUSR, S_IWUSR, etc. Windows only accepts a combination of S_IREAD and S_IWRITE. It does not acknowledge other combinations, for which it may generate an assertion. This is a follow-up to 81b4e99 from yesterday, which improved the existing file check with -J. Ref: https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/open-wopen#remarks Ref: https://github.com/curl/curl/pull/5731 Closes https://github.com/curl/curl/pull/5742
* checksrc: ban gmtime/localtimeDaniel Stenberg2020-07-286-3/+9
| | | | | | | | | They're not thread-safe so they should not be used in libcurl code. Explictly enabled when deemed necessary and in examples and tests Reviewed-by: Nicolas Sterchele Closes #5732
* transfer: fix data_pending for builds with both h2 and h3 enabledDaniel Stenberg2020-07-281-2/+6
| | | | Closes #5734
* curl_multi_setopt: fix compiler warning "result is always false"Daniel Stenberg2020-07-281-3/+1
| | | | | | | | | On systems with 32 bit long the expression is always false. Avoid the warning. Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232 Closes #5736
* curl: improve the existing file check with -JDaniel Stenberg2020-07-283-10/+36
| | | | | | | | | | Previously a file that isn't user-readable but is user-writable would not be properly avoided and would get overwritten. Reported-by: BrumBrum on hackerone Assisted-by: Jay Satiro Bug: https://hackerone.com/reports/926638 Closes #5731
* multi: update comment to say easyp list is linearJonathan Nieder2020-07-281-1/+1
| | | | | | | | | Since 09b9fc900 (multi: remove 'Curl_one_easy' struct, phase 1, 2013-08-02), the easy handle list is not circular but ends with ->next pointing to NULL. Reported-by: Masaya Suzuki <masayasuzuki@google.com> Closes #5737
* CURLOPT_NOBODY.3: fix the syntax for referring to optionsDaniel Stenberg2020-07-271-3/+3
| | | | | | As test 1140 fails otherwise! Follow-up to e1bac81cc815
* ngtcp2: store address in sockaddr_storageDaniel Stenberg2020-07-271-2/+3
| | | | | Reported-by: Tatsuhiro Tsujikawa Closes #5733
* CURLOPT_NOBODY.3: clarify what setting to 0 meansDaniel Stenberg2020-07-271-6/+16
| | | | | | | ... and mention that HTTP with other methods than HEAD might get a body and there's no option available to stop that. Closes #5729
* setopt: unset NOBODY switches to GET if still HEADDaniel Stenberg2020-07-271-0/+2
| | | | | | | | | | | Unsetting CURLOPT_NOBODY with 0L when doing HTTP has no documented action but before 7.71.0 that used to switch back to GET and with this change (assuming the method is still set to HEAD) this behavior is brought back. Reported-by: causal-agent on github Fixes #5725 Closes #5728
* configure: cleanup wolfssl + pkg-config conflicts when cross compiling.Ehren Bendler2020-07-272-10/+21
| | | | | | | Also choose a different wolfSSL function to test for NTLM support. Fixes #5605 Closes #5682
* configure: show zstd "no" in summary when built without itDaniel Stenberg2020-07-271-0/+1
| | | | | | Reported-by: Marc Hörsken Fixes #5720 Closes #5730
* quiche: handle calling disconnect twiceDaniel Stenberg2020-07-271-2/+8
| | | | | | Reported-by: lilongyan-huawei on github Fixes #5726 Closes #5727
* getinfo: reset retry-after value in initinfoNicolas Sterchele2020-07-275-2/+130
| | | | | | | | | - Avoid re-using retry_after value from preceding request - Add libtest 3010 to verify Reported-by: joey-l-us on github Fixes #5661 Closes #5672
* WIN32: stop forcing narrow-character APIMarcel Raad2020-07-277-16/+38
| | | | | | | | | | Except where the results are only used for character output. getenv is not touched because it's part of the public API, and having it return UTF-8 instead of ANSI would be a breaking change. Fixes https://github.com/curl/curl/issues/5658 Fixes https://github.com/curl/curl/issues/5712 Closes https://github.com/curl/curl/pull/5718
* mprintf: Fix stack overflowsTobias Stoeckmann2020-07-272-1/+16
| | | | | | | | | | | | | | | | | | | | | Stack overflows can occur with precisions for integers and floats. Proof of concepts: - curl_mprintf("%d, %.*1$d", 500, 1); - curl_mprintf("%d, %+0500.*1$f", 500, 1); Ideally, compile with -fsanitize=address which makes this undefined behavior a bit more defined for debug purposes. The format strings are valid. The overflows occur due to invalid arguments. If these arguments are variables with contents controlled by an attacker, the function's stack can be corrupted. Also see CVE-2016-9586 which partially fixed the float aspect. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Closes https://github.com/curl/curl/pull/5722
* mprintf: Fix dollar string handlingTobias Stoeckmann2020-07-271-5/+15
| | | | | | | | | | | | | Verify that specified parameters are in range. If parameters are too large, fail early on and avoid out of boundary accesses. Also do not read behind boundaries of illegal format strings. These are defensive measures since it is expected that format strings are well-formed. Format strings should not be modifiable by user input due to possible generic format string attacks. Closes https://github.com/curl/curl/pull/5722
* ntlm: free target_info before (re-)mallocDaniel Stenberg2020-07-261-0/+1
| | | | | | | | | OSS-Fuzz found a way this could get called again with the pointer still pointing to a malloc'ed memory, leading to a leak. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24379 Closes #5724
* CI/macos: set minimum macOS versionMarcel Raad2020-07-261-3/+17
| | | | | | | This enables some deprecation warnings. Previously, autotools defaulted to 10.8. Closes https://github.com/curl/curl/pull/5723
* RELEASE-NOTES: syncedDaniel Stenberg2020-07-261-7/+54
|
* CI/macos: enable warnings as errors for CMake buildsMarcel Raad2020-07-251-1/+3
| | | | Closes https://github.com/curl/curl/pull/5716
* CMake: fix test for warning suppressionsMarcel Raad2020-07-231-1/+10
| | | | | | | | | | | | | GCC doesn't warn for unknown `-Wno-` options, except if there are other warnings or errors [0]. This was problematic with `CURL_WERROR` as that warning-as-error cannot be suppressed. Notably, this always happened with `-Wno-pedantic-ms-format` when not targeting Windows. So test for the positive form of the warning instead, which should always result in a diagnostic if unknown. [0] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html Closes https://github.com/curl/curl/pull/5714
* curl.h: update CURLINFO_LASTONEJay Satiro2020-07-231-1/+1
| | | | | | | | | CURLINFO_LASTONE should have been updated when CURLINFO_EFFECTIVE_METHOD was added. Reported-by: xwxbug@users.noreply.github.com Fixes https://github.com/curl/curl/issues/5711
* CI/azure: unconditionally enable warnings-as-errors with autotoolsMarc Hoersken2020-07-221-2/+2
| | | | | | | Reviewed-by: Marcel Raad Follow up to #5694 Closes #5706
* doh: remove redundant castMarcel Raad2020-07-211-2/+2
| | | | Closes https://github.com/curl/curl/pull/5704
* CI/macos: unconditionally enable warnings-as-errors with autotoolsMarcel Raad2020-07-191-3/+6
| | | | | | Previously, warnings were only visible in the output for most jobs. Closes https://github.com/curl/curl/pull/5694
* util: silence conversion warningsMarcel Raad2020-07-193-3/+3
| | | | | | | | | | timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might be a 64-bit integer. This is the case when building for recent macOS versions, for example. Just treat tv_usec as an int, which should hopefully always be sufficient on systems with `HAVE_CLOCK_GETTIME_MONOTONIC`. Closes https://github.com/curl/curl/pull/5695
* md(4|5): don't use deprecated macOS functionsMarcel Raad2020-07-192-2/+6
| | | | | | | They are marked as deprecated for -mmacosx-version-min >= 10.15, which might result in warnings-as-errors. Closes https://github.com/curl/curl/pull/5695
* strdup: remove the odd strlen checkDaniel Stenberg2020-07-182-18/+8
| | | | | | | It confuses code analyzers with its use of -1 for unsigned value. Also, a check that's not normally used in strdup() code - and not necessary. Closes #5697
* travis: update quiche builds for new boringssl layoutAlessandro Ghedini2020-07-183-8/+6
| | | | | | | | | | This is required after https://github.com/cloudflare/quiche/pull/593 moved BoringSSL around slightly. This also means that Go is not needed to build BoringSSL anymore (the one provided by quiche anyway). Closes #5691
* configure: allow disabling warningsMarcel Raad2020-07-171-48/+74
| | | | | | | | | | When using `--enable-warnings`, it was not possible to disable warnings via CFLAGS that got explicitly enabled. Now warnings are not enabled anymore if they are explicitly disabled (or enabled) in CFLAGS. This works for at least GCC, clang, and TCC as they have corresponding `-Wno-` options for every warning. Closes https://github.com/curl/curl/pull/5689
* ngtcp2: adjust to recent sockaddr updatesDaniel Stenberg2020-07-162-9/+7
| | | | Closes #5690
* page-header: provide protocol details in the curl.1 man pageDaniel Stenberg2020-07-161-0/+49
| | | | | | | | | Add protocol and version specific information about all protocols curl supports. Fixes #5679 Reported-by: tbugfinder on github Closes #5686
* docs: Update a few leftover mentions of DarwinSSLDaniel Gustafsson2020-07-164-7/+7
| | | | | | | | | Commit 76a9c3c4be10b3d4d379d5b23ca76806bbae536a renamed DarwinSSL to the more correct/common name Secure Transport, but a few mentions in the docs remained. Closes #5688 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* file2memory: use a define instead of -1 unsigned valueDaniel Stenberg2020-07-161-2/+2
| | | | | | | | | ... to use the maximum value for 'size_t' when detecting integer overflow. Changed the limit to max/4 as already that seems unreasonably large. Codacy didn't like the previous approach. Closes #5683
* CURL_PUSH_ERROROUT: allow the push callback to fail the parent streamDaniel Stenberg2020-07-165-21/+28
| | | | | | | | | ... by adding support for a new dedicated return code. Suggested-by: Jonathan Cardoso Assisted-by: Erik Johansson URL: https://curl.haxx.se/mail/lib-2020-06/0099.html Closes #5636
* nss: fix build with disabled proxy supportBaruch Siach2020-07-141-9/+35
| | | | | | | Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is defined. Closes #5667
* test1139: make it display the difference on test failuresbagder/test1119Daniel Stenberg2020-07-142-3/+9
|
* test1119: verify stdout in the testDaniel Stenberg2020-07-142-0/+9
| | | | | | | So that failures will be displayed in the terminal, as it makes test failures visually displayed easier and faster. Closes #5644