summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* test1650: make it depend on http/2bagder/test1650-without-h2Daniel Stenberg2018-09-302-0/+12
| | | | | | Follow-up to 570008c99da0ccbb as it gets link errors. Reported-by: Michael Kaufmann
* doh: only build if h2 enabledDaniel Stenberg2018-09-301-1/+29
| | | | | | | | The DoH spec says "HTTP/2 [RFC7540] is the minimum RECOMMENDED version of HTTP for use with DoH". Reported-by: Marcel Raad Closes #3066
* test2100: require http2 to runDaniel Stenberg2018-09-292-1/+1
| | | | | | Reported-by: Marcel Raad Fixes #3064 Closes #3065
* multi: fix memory leak in content encoding related error pathDaniel Stenberg2018-09-291-3/+7
| | | | | | | | ... a missing multi_done() call. Credit to OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10728 Closes #3063
* travis: bump the Secure Transport build to use xcode 10Daniel Stenberg2018-09-291-1/+1
| | | | | | | | | | Due to an issue with travis (https://github.com/travis-ci/travis-ci/issues/9956) we've been using Xcode 9.2 for darwinssl builds for a while. Now xcode 10 is offered as an alternative and as it builds curl+darwinssl fine that seems like a better choice. Closes #3062
* curl: enabled Windows VT Support and UTF-8 outputRich Turner2018-09-293-0/+70
| | | | | | | Enabled Console VT support (if running OS supports VT) in tool_main.c. Fixes #3008 Closes #3011
* multi: fix location URL memleak in error pathDaniel Stenberg2018-09-281-1/+4
| | | | | Follow-up to #3044 - fix a leak OSS-Fuzz detected Closes #3057
* cmake: fixed path used in generation of docs/tests during curl build through ↵Sergei Nikulov2018-09-283-4/+5
| | | | add_subdicectory(...)
* cmake: Backport to work with CMake 3.0 againBrad King2018-09-281-2/+11
| | | | | | | | | | | | Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake: bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix issue #2746. This broke support for users on older versions of CMake even if they just want to build curl and do not care whether transitive dependencies work. Backport the logic to work with CMake 3.0 again by implementing the fix only when the version of CMake is at least 3.4.
* curl_threads: fix classic MinGW compile breakMarcel Raad2018-09-271-3/+11
| | | | | | | | | | | Classic MinGW still has _beginthreadex's return type as unsigned long instead of uintptr_t [0]. uintptr_t is not even defined because of [1]. [0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167 [1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90 Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807 Closes https://github.com/curl/curl/pull/3051
* configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSEDaniel Stenberg2018-09-263-11/+11
| | | | | | | fix a few leftovers Fixes #3006 Closes #3049
* example/htmltidy: fix include paths of tidy librariesDoron Behar2018-09-261-2/+2
| | | | Closes #3050
* RELEASE-NOTES: syncedDaniel Stenberg2018-09-261-7/+27
|
* Curl_http2_done: fix memleak in error pathDaniel Stenberg2018-09-251-6/+8
| | | | | | | | | | Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for early failures. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669 Closes #3046
* http: fix memleak in rewind error pathDaniel Stenberg2018-09-251-8/+7
| | | | | | | | | If the rewind would fail, a strdup() would not get freed. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665 Closes #3044
* test320: fix regression in [ci skip]Viktor Szakats2018-09-241-2/+2
| | | | | | | | The value in question is coming directly from `gnutls-serv`, so it cannot be modified freely. Reported-by: Marcel Raad Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004
* Curl_retry_request: fix memory leakDaniel Stenberg2018-09-241-2/+7
| | | | | | | Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648 Closes #3042
* openssl: load built-in engines tooDaniel Stenberg2018-09-241-1/+1
| | | | | | | | Regression since 38203f1 Reported-by: Jean Fabrice Fixes #3023 Closes #3040
* OpenSSL: enable TLS 1.3 post-handshake authChristian Heimes2018-09-241-0/+6
| | | | | | | | | | OpenSSL 1.1.1 requires clients to opt-in for post-handshake authentication. Fixes: https://github.com/curl/curl/issues/3026 Signed-off-by: Christian Heimes <christian@python.org> Closes https://github.com/curl/curl/pull/3027
* Curl_dedotdotify(): always nul terminate returned string.Even Rouault2018-09-242-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes potential out-of-buffer access on "file:./" URL $ valgrind curl "file:./" ==24516== Memcheck, a memory error detector ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info ==24516== Command: /home/even/install-curl-git/bin/curl file:./ ==24516== ==24516== Conditional jump or move depends on uninitialised value(s) ==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24516== by 0x4EBB315: seturl (urlapi.c:801) ==24516== by 0x4EBB568: parseurl (urlapi.c:861) ==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199) ==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044) ==24516== by 0x4E67AEF: create_conn (url.c:3613) ==24516== by 0x4E68A4F: Curl_connect (url.c:4119) ==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440) ==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173) ==24516== by 0x4E7558C: easy_transfer (easy.c:686) ==24516== by 0x4E75801: easy_perform (easy.c:779) ==24516== by 0x4E75868: curl_easy_perform (easy.c:798) Was originally spotted by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637 Credit to OSS-Fuzz Closes #3039
* update URLs in testsViktor Szakats2018-09-235-6/+6
| | | | | | - and one in docs/MANUAL as well Closes https://github.com/curl/curl/pull/3038
* whitespace fixesViktor Szakats2018-09-23231-983/+772
| | | | | | | | | | | - replace tabs with spaces where possible - remove line ending spaces - remove double/triple newlines at EOF - fix a non-UTF-8 character - cleanup a few indentations/line continuations in manual examples Closes https://github.com/curl/curl/pull/3037
* http: add missing return code checkDaniel Stenberg2018-09-231-6/+3
| | | | | | | | Detected by Coverity. CID 1439610. Follow-up from 46e164069d1a523 Closes #3034
* ftp: don't access pointer before NULL checkDaniel Stenberg2018-09-231-2/+1
| | | | | | Detected by Coverity. CID 1439611. Follow-up from 46e164069d1a523
* unit1650: fix out of boundary accessDaniel Stenberg2018-09-231-4/+4
| | | | | Fixes #2987 Closes #3035
* docs/examples: URL updatesViktor Szakats2018-09-2336-113/+114
| | | | | | | | - also update two URLs outside of docs/examples - fix spelling of filename persistant.c - fix three long lines that started failing checksrc.pl Closes https://github.com/curl/curl/pull/3036
* examples/Makefile.m32: sync with core [ci skip]Viktor Szakats2018-09-222-56/+127
| | | | | | | | also: - fix two warnings in synctime.c (one of them Windows-specific) - upgrade URLs in synctime.c and remove a broken one Closes https://github.com/curl/curl/pull/3033
* examples/parseurl.c: show off the URL API a bitDaniel Stenberg2018-09-222-1/+79
| | | | Closes #3030
* SECURITY-PROCESS: mention the bountygraph program [ci skip]Daniel Stenberg2018-09-221-4/+21
| | | | Closes #3032
* url: use the URL API internally as wellDaniel Stenberg2018-09-2222-918/+376
| | | | | | ... to make it a truly unified URL parser. Closes #3017
* URL and mailmap updates, remove an obsolete directory [ci skip]Viktor Szakats2018-09-2217-101/+21
| | | | Closes https://github.com/curl/curl/pull/3031
* RELEASE-NOTES: syncedDaniel Stenberg2018-09-221-4/+17
|
* configure: force-use -lpthreads on HPUXDaniel Stenberg2018-09-211-0/+10
| | | | | | | | | When trying to detect pthreads use on HPUX the checks will succeed without the correct -l option but then end up failing at run-time. Reported-by: Eason-Yu on github Fixes #2697 Closes #3025
* Curl_saferealloc: Fixed typo in docblockErik Minekus2018-09-211-1/+1
| | | | Closes #3029
* urlapi: fix support for address scope in IPv6 numerical addressesDaniel Stenberg2018-09-213-6/+9
| | | | Closes #3024
* GnutTLS: TLS 1.3 supportLoganaden Velvindron2018-09-211-9/+62
| | | | Closes #2971
* TODO: c-ares and CURLOPT_OPENSOCKETFUNCTIONDaniel Stenberg2018-09-201-7/+8
| | | | | | Removed DoH. Closes #2734
* vtls: fix ssl version "or later" behavior change for many backendsJay Satiro2018-09-208-18/+1
| | | | | | | | | | | | | | | | | | | | | | | - Treat CURL_SSLVERSION_MAX_NONE the same as CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use the minimum version also as the maximum. This is a follow-up to 6015cef which changed the behavior of setting the SSL version so that the requested version would only be the minimum and not the maximum. It appears it was (mostly) implemented in OpenSSL but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to mean use just TLS v1.0 and now it means use TLS v1.0 *or later*. - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL. Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was erroneously treated as always TLS 1.3, and would cause an error if OpenSSL was built without TLS 1.3 support. Co-authored-by: Daniel Gustafsson Fixes https://github.com/curl/curl/issues/2969 Closes https://github.com/curl/curl/pull/3012
* certs: generate tests certs with sha256 digest algorithmDaniel Stenberg2018-09-2038-825/+835
| | | | | | | | As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs: "SSL certificate problem: CA signature digest algorithm too weak" Closes #3014
* urlapi: document the error codes, remove two unused onesDaniel Stenberg2018-09-194-28/+59
| | | | | Assisted-by: Daniel Gustafsson Closes #3019
* urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptanceDaniel Stenberg2018-09-195-12/+79
| | | | | | | | | | | | | | | In order for this API to fully work for libcurl itself, it now offers a CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host name prefix just like libcurl always did. If there's no known prefix, it will guess "http://". Separately, it relaxes the check of the host name so that IDN host names can be passed in as well. Both these changes are necessary for libcurl itself to use this API. Assisted-by: Daniel Gustafsson Closes #3018
* nss: try to connect even if libnssckbi.so fails to loadKamil Dudka2018-09-191-2/+3
| | | | | | | | | One can still use CA certificates stored in NSS database. Reported-by: Maxime Legros Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html Closes #3016
* urlapi: don't set value which is never readDaniel Gustafsson2018-09-191-1/+0
| | | | | | | | | In the CURLUPART_URL case, there is no codepath which invokes url decoding so remove the assignment of the urldecode variable. This fixes the deadstore bug-report from clang static analysis. Closes #3015 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* todo: Update reference to already done itemDaniel Gustafsson2018-09-191-1/+2
| | | | | | | | TODO item 1.1 was implemented in commit 946ce5b61f, update reference to it with instead referencing the implemented option. Closes #3013 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* RELEASE-NOTES: syncedDaniel Stenberg2018-09-181-9/+58
|
* cmake: don't require OpenSSL if USE_OPENSSL=OFFslodki2018-09-181-2/+2
| | | | | | | | | User must have OpenSSL installed even if not used by libcurl at all since 7.61.1 release. Broken at 7867aaa9a01decf93711428462335be8cef70212 Reviewed-by: Sergei Nikulov Closes #3001
* curl_multi_wait: call getsock before figuring out timeoutDaniel Stenberg2018-09-181-7/+7
| | | | | | | .... since getsock may update the expiry timer. Fixes #2996 Closes #3000
* examples/http2-pushinmemory: receive HTTP/2 pushed files in memoryDaniel Stenberg2018-09-182-1/+189
| | | | Closes #3004
* darwinssl: Fix realloc memleakDaniel Gustafsson2018-09-181-1/+2
| | | | | | | | | | The reallocation was using the input pointer for the return value, which leads to a memory leak on reallication failure. Fix by instead use the safe internal API call Curl_saferealloc(). Closes #3005 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
* examples: Fix memory leaks from realloc errorsKruzya2018-09-175-12/+29
| | | | | Make sure to not overwrite the reallocated pointer in realloc() calls to avoid a memleak on memory errors.
View Lorry Controller Status