summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* multi_cleanup: call DONE on handles that never got thatbagder/imap-no-remove_handleDaniel Stenberg2017-10-065-20/+171
| | | | | | | | | ... fixes a memory leak with at least IMAP when remove_handle is never called and the transfer is abruptly just abandoned early. Test 1552 added to verify Assisted-by: Max Dymond
* build: fix --disable-crypto-authDaniel Stenberg2017-10-052-1/+11
| | | | | | Reported-by: Wyatt O'Day Fixes #1945 Closes #1947
* darwinssl: add support for TLSv1.3Nick Zitzmann2017-10-052-12/+83
| | | | Closes https://github.com/curl/curl/pull/1794
* docs: fix typo in curl_mime_data_cb man pageFelix Kaiser2017-10-041-1/+1
| | | | Closes #1946
* lib/Makefile.m32: allow customizing dll suffixesViktor Szakats2017-10-041-2/+6
| | | | | | | | | | | | | | - New `CURL_DLL_SUFFIX` envvar will add a suffix to the generated libcurl dll name. Useful to add `-x64` to 64-bit builds so that it can live in the same directory as the 32-bit one. By default this is empty. - New `CURL_DLL_A_SUFFIX` envvar to customize the suffix of the generated import library (implib) for libcurl .dll. It defaults to `dll`, and it's useful to modify that to `.dll` to have the standard naming scheme for mingw-built .dlls, i.e. `libcurl.dll.a`. Closes https://github.com/curl/curl/pull/1942
* fuzzer: move to using external curl-fuzzerMax Dymond2017-10-0432-1145/+20
| | | | | | Use the external curl-fuzzer repository for fuzzing. Closes #1923
* failf: skip the sprintf() if there are no consumersDaniel Stenberg2017-10-041-17/+17
| | | | Closes #1936
* ftp: UBsan fixup 'pointer index expression overflowed'Daniel Stenberg2017-10-041-2/+2
| | | | Closes #1939
* RELEASE-PROCEDURE: update the release scheduleDaniel Stenberg2017-10-041-3/+6
|
* RELEASE-NOTES: curl 7.56.0curl-7_56_0Daniel Stenberg2017-10-041-9/+30
|
* THANKS: added new 7.56.0 contributorsDaniel Stenberg2017-10-041-6/+24
|
* build-openssl.bat: Warn OpenSSL 1.1.0 not yet supportedJay Satiro2017-10-041-0/+11
| | | | Ref: https://github.com/curl/curl/issues/1002
* idn: fix source code commentMichael Kaufmann2017-10-031-1/+1
|
* vtls: compare and clone ssl configs properlyMichael Kaufmann2017-10-032-13/+16
| | | | | | | | | | | | | | | | | | | Compare these settings in Curl_ssl_config_matches(): - verifystatus (CURLOPT_SSL_VERIFYSTATUS) - random_file (CURLOPT_RANDOM_FILE) - egdsocket (CURLOPT_EGDSOCKET) Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(), and copy the setting "sessionid" unconditionally. This means that reusing connections that are secured with a client certificate is now possible, and the statement "TLS session resumption is disabled when a client certificate is used" in the old advisory at https://curl.haxx.se/docs/adv_20170419.html is obsolete. Reviewed-by: Daniel Stenberg Closes #1917
* proxy: read the "no_proxy" variable only if necessaryMichael Kaufmann2017-10-031-9/+8
| | | | | | Reviewed-by: Daniel Stenberg Closes #1919
* libcurl-tutorial: add casts in example to avoid compilation warnings.Patrick Monnerat2017-10-031-1/+2
|
* examples: bring back curl_formadd-using examplesDaniel Stenberg2017-10-033-1/+279
| | | | | | ... now with a -formadd suffix. While the new mime API is introduced in 7.56.0 we must acknowledge that lots of users can't upgrade their curl versions immediately.
* test1153: verify quoted double-qoutes in PWD responseDaniel Stenberg2017-10-022-1/+62
|
* FTP: zero terminate the entry path even on bad inputDaniel Stenberg2017-10-023-2/+67
| | | | | | | | | | ... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
* cmake: disable tests and man generation if perl/nroff not foundSergei Nikulov2017-10-022-31/+46
| | | | | | | | | | | | Fixes https://github.com/curl/curl/issues/1500 Reported-by: Jay Satiro Fixes https://github.com/curl/curl/pull/1662 Assisted-by: Tom Seddon Assisted-by: dpull@users.noreply.github.com Assisted-by: elelel@users.noreply.github.com Closes https://github.com/curl/curl/pull/1924
* libcurl-tutorial: fix two typos.Patrick Monnerat2017-10-021-3/+3
|
* TODO: remove deprecated form API items.Patrick Monnerat2017-10-011-46/+0
|
* libcurl-tutorial: describe MIME API and deprecate form API.Patrick Monnerat2017-10-011-4/+261
| | | | Include a guide to form/mime API conversion.
* cookie: fix memory leak if path was set twice in headerDaniel Stenberg2017-09-303-1/+56
| | | | | | | | | | ... this will let the second occurance override the first. Added test 1161 to verify. Reported-by: Max Dymond Fixes #1932 Closes #1933
* test650: Use variable replacement to set the host address and portDan Fandrich2017-09-301-1/+1
| | | | | Otherwise, the test fails when the -b test option is used to set a different test port range.
* Set and use more necessary options when some protocols are disabledDan Fandrich2017-09-303-34/+40
| | | | | | | | | | | | When curl and libcurl are built with some protocols disabled, they stop setting and receiving some options that don't make sense with those protocols. In particular, when HTTP is disabled many options aren't set that are used only by HTTP. However, some options that appear to be HTTP-only are actually used by other protocols as well (some despite having HTTP in the name) and should be set, but weren't. This change now causes some of these options to be set and used for more (or for all) protocols. In particular, this fixes tests 646 through 649 in an HTTP-disabled build, which use the MIME API in the mail protocols.
* test1160: verifies cookie leak for large cookiesDaniel Stenberg2017-09-292-0/+50
| | | | The fix done in 20ea22ff735
* cookie: fix memory leak on oversized rejectionDaniel Stenberg2017-09-291-1/+1
| | | | | | | | | Regression brought by 2bc230de63b Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513 Assisted-by: Max Dymond Closes #1930
* connect: fix race condition with happy eyeballs timeoutAnders Bakken2017-09-291-1/+1
| | | | | | | | | | | The timer should be started after conn->connecttime is set. Otherwise the timer could expire without this condition being true: /* should we try another protocol family? */ if(i == 0 && conn->tempaddr[1] == NULL && curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { Ref: #1928
* docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MSMichael Kaufmann2017-09-282-0/+8
| | | | Closes #1922
* docs: clarify the use of environment variables for proxyMichael Kaufmann2017-09-282-1/+7
| | | | Closes #1921
* http: add custom empty headers to repeated requestsMichael Kaufmann2017-09-282-3/+15
| | | | Closes #1920
* reuse_conn: don't copy flags that are known to be equalMichael Kaufmann2017-09-281-2/+0
| | | | | | | | A connection can only be reused if the flags "conn_to_host" and "conn_to_port" match. Therefore it is not necessary to copy these flags in reuse_conn(). Closes #1918
* curl.h: include <sys/select.h> on cygwin tooDaniel Stenberg2017-09-271-0/+1
| | | | | | | | | | | When building with -std=c++14 on cygwin, this header won't be automatically included as it otherwise is. The <sys/select.h> include decision should ideally be reversed and be avoided where that header file doesn't exist. Reported-by: Ian Fette Fixes #1925
* RELEASE-NOTES: synced with d8ab5dc50Daniel Stenberg2017-09-251-10/+21
|
* tests: adjust .gitignore for new testsMichael Kaufmann2017-09-241-0/+3
|
* ntlm: move NTLM_NEEDS_NSS_INIT define into core NTLM headerJay Satiro2017-09-235-9/+12
| | | | | | | | | .. and include the core NTLM header in all NTLM-related source files. Follow up to 6f86022. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT but did not include vtls.h where it was defined. Closes https://github.com/curl/curl/pull/1911
* file_range: avoid integer overflow when figuring out byte rangeDaniel Stenberg2017-09-231-0/+3
| | | | | | | | | | | When trying to bump the value with one and the value is already at max, it causes an integer overflow. Closes #1908 Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 Assisted-by: Max Dymond
* tests: fix a compiler warning in test 643Michael Kaufmann2017-09-231-4/+4
|
* symbols-in-versions: fix CURLSSLSET_NO_BACKENDS entryJay Satiro2017-09-231-1/+1
| | | | | | | - Use spaces instead of tabs as the delimiter. Follow up to 7c52b12 which added the entry. The entry had used tabs but the symbol-scan parser doesn't recognize tabs and would fail the symbol.
* metalink: fix NSS issue in MultiSSL buildsViktor Szakats2017-09-221-1/+4
| | | | | | | | | | | | | | | | In MultiSSL mode (i.e. when more than one SSL backend is compiled in), we cannot use the compile time flag `USE_NSS` as indicator that the NSS backend is in use. As far as Metalink is concerned, the SSL backend is only used for MD5, SHA-1 and SHA-256 calculations, therefore one of the available SSL backends is selected at compile time, in a strict order of preference. Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used to determine whether the SSL backend used for Metalink is the NSS backend, and use that to guard the code that wants to de-initialize the NSS-specific data structure. Ref: https://github.com/curl/curl/pull/1848
* ntlm: use strict order for SSL backend #if branchesViktor Szakats2017-09-224-36/+73
| | | | | | | | | | | | | | | | | | | With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848
* symbols-in-versions: add CURLSSLSET_NO_BACKENDSDaniel Stenberg2017-09-221-1/+2
| | | | ...fixup from b8e0fe19ec
* imap: quote atoms properly when escaping charactersDaniel Stenberg2017-09-222-4/+4
| | | | | | | Updates test 800 to verify Fixes #1902 Closes #1903
* tests: make the imap server not verify user+passwordDaniel Stenberg2017-09-223-14/+8
| | | | | | | | | | | ... as the test cases themselves do that and it makes it easier to add crazy test cases. Test 800 updated to use user name + password that need quoting. Test 856 updated to trigger an auth fail differently. Ref: #1902
* vtls: provide curl_global_sslset() even in non-SSL buildsDaniel Stenberg2017-09-223-4/+18
| | | | | | | | | ... it just returns error: Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367 Reported-by: Marcel Raad Closes #1906
* form/mime: field names are not allowed to contain zero-valued bytes.Patrick Monnerat2017-09-2221-102/+94
| | | | | Also suppress length argument of curl_mime_name() (names are always zero-terminated).
* openssl: only verify RSA private key if supportedDirk Feytons2017-09-211-6/+22
| | | | | | | | | In some cases the RSA key does not support verifying it because it's located on a smart card, an engine wants to hide it, ... Check the flags on the key before trying to verify it. OpenSSL does the same thing internally; see ssl/ssl_rsa.c Closes #1904
* examples/post-callback: use long for CURLOPT_POSTFIELDSIZEMarcel Raad2017-09-211-1/+1
| | | | Otherwise, typecheck-gcc.h warns on MinGW-w64.
* mime: rephrase the multipart output state machine (#1898) ...Patrick Monnerat2017-09-201-2/+5
| | | | ... in hope coverity will like it much.
View Lorry Controller Status