summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* zsh.pl: produce a working completion script againKamil Dudka2017-08-151-1/+1
| | | | | | | | | | | Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to produce a broken completion script: % curl --<TAB> _curl:10: no such file or directory: seconds Closes #1779
* strtoofft: reduce integer overflow risks globallyDaniel Stenberg2017-08-142-5/+16
| | | | | | | ... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
* mkhelp.pl: allow executing this script directlyJay Satiro2017-08-101-1/+1
| | | | | | | | - Enable execute permission (chmod +x) - Change interpreter to /usr/bin/env perl Ref: https://github.com/curl/curl/issues/1743
* metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ insteadDaniel Stenberg2017-08-101-1/+1
|
* curl: do bounds check using a double comparisonAdam Sampson2017-08-091-1/+1
| | | | | | | | | | | | | The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't complete: if the parsed number in num is larger than will fit in a long, the conversion is undefined behaviour (causing test1427 to fail for me on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7). Getting rid of the cast means the comparison will be done using doubles. It might make more sense for the max argument to also be a double... Fixes #1750 Closes #1749
* docs/comments: Update to secure URL versionsViktor Szakats2017-08-082-2/+2
| | | | Closes #1741
* curl: detect and bail out early on parameter integer overflowsDaniel Stenberg2017-08-075-14/+36
| | | | | | | | | Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736
* glob: do not continue parsing after a strtoul() overflow rangeDaniel Stenberg2017-08-071-1/+4
| | | | | | | | | Added test 1289 to verify. CVE-2017-1000101 Bug: https://curl.haxx.se/docs/adv_20170809A.html Reported-by: Brian Carpenter
* getparameter: avoid returning uninitialized 'usedarg'Daniel Stenberg2017-08-052-3/+3
| | | | Fixes #1728
* tool_help: clarify --include is only for response headersJay Satiro2017-07-291-1/+1
| | | | | | Follow-up to 171f8de. Ref: https://github.com/curl/curl/issues/1704
* make: fix docs build on OpenBSDRyan Winograd2017-07-101-0/+3
| | | | Ref: #1591
* curl_setup_once: Remove ERRNO/SET_ERRNO macrosJay Satiro2017-07-102-3/+3
| | | | | | | | | | | | Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError for Win32 and regular errno otherwise. I reviewed the code and found no justifiable reason for conflating errno on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno, and any Win32 multithreaded CRT supports thread-local errno. Fixes https://github.com/curl/curl/issues/895 Closes https://github.com/curl/curl/pull/1589
* tool_getparam: fix potentially uninitialized errJay Satiro2017-07-091-1/+2
|
* tool_cb_wrt: fix variable shadowing warningMarcel Raad2017-07-091-3/+3
| | | | | | | | | | | GCC 4.4 complains: tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global declaration /usr/include/unistd.h:782: error: shadowed declaration is here Fix this by renaming the variable. Closes https://github.com/curl/curl/pull/1661
* tool_sleep: typecast to avoid macos compiler warningDaniel Stenberg2017-07-041-2/+2
| | | | | | tool_sleep.c:54:24: error: implicit conversion loses integer precision: 'long' to '__darwin_suseconds_t' (aka 'int') [-Werror,-Wshorten-64-to-32]
* make: build the docs subdir only from within srcDaniel Stenberg2017-06-301-4/+2
| | | | | | | | ... and don't build at all in include Prompted-by-work-by: Simon Warta Ref: #1590 Closes #1591
* curl --socks5-{basic,gssapi}: control socks5 authKamil Dudka2017-06-286-0/+30
| | | | Closes https://github.com/curl/curl/pull/1454
* tool_getparam: fix memory leak on test 1147 OOM (torture tests)Jay Satiro2017-06-261-1/+3
| | | | | Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872 Reported-by: Dan Fandrich
* --request-target: instead of --strip-path-slashDaniel Stenberg2017-06-215-14/+13
| | | | | | | | | | | | | | ... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH. This option instead provides the full "alternative" target to use in the request, instead of extracting the path from the URL. Test 1298 and 1299 updated accordingly. Idea-by: Evert Pot Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373 Closes #1593
* http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASHDaniel Stenberg2017-06-194-1/+11
| | | | | | | | | | | ... to enable sending "OPTIONS *" which wasn't possible previously. This option currently only works for HTTP. Added test cases 1298 + 1299 to verify Fixes #1280 Closes #1462
* automake: use $(MKHELP) variable instead if constant mkhelp.plSimon Warta2017-06-191-1/+1
| | | | this improves symmetry with the rule above
* mkhelp.pl: fix script name in usage textSimon Warta2017-06-191-1/+1
|
* tool_wrte_cb: remove check for config == NULLDaniel Stenberg2017-06-171-3/+0
| | | | | | | | | | ... as it really cannot have reached this far with config being NULL, thus this is unnecesary and misleading. Bug: https://news.ycombinator.com/item?id=14577585 and https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356 Forwarded-to-us-by: Jakub Wilk
* curl: prevent binary output spewed to terminalDaniel Stenberg2017-06-166-10/+46
| | | | | | | | | ... unless "--output -" is used. Binary detection is done by simply checking for a binary zero in early data. Added test 1425 1426 to verify. Closes #1512
* Makefile.m32: enable -W for MinGW32 buildMarcel Raad2017-06-161-1/+1
| | | | | | The configure-based build also has this in addition to -Wall. Closes https://github.com/curl/curl/pull/1578
* curl: allow --header and --proxy-header read from fileDaniel Stenberg2017-06-151-6/+36
| | | | | | | | So many headers can be provided as @filename. Suggested-by: Timothe Litt Closes #1486
* includes: remove curl/curlbuild.h and curl/curlrules.hDaniel Stenberg2017-06-142-6/+2
| | | | | | | | Rely entirely on curl/system.h now. Introduced in Aug 2008 with commit 14240e9e109f. Now gone. Fixes #1456
* urlglob: fix division by zeroDaniel Stenberg2017-06-131-1/+5
| | | | | | | | The multiply() function that is used to avoid integer overflows, was itself reason for a possible division by zero error when passed a specially formatted glob. Reported-by: GwanYeong Kim
* FindWin32CACert: Use a temporary buffer on the stackMichael Kaufmann2017-06-111-8/+2
| | | | | | | | | | | | Don't malloc() the temporary buffer, and use the correct type: SearchPath() works with TCHAR, but SearchPathA() works with char. Set the buffer size to MAX_PATH, because the terminating null byte is already included in MAX_PATH. Reviewed-by: Daniel Stenberg Reviewed-by: Marcel Raad Closes #1548
* metalink: remove unused printf() argumentDaniel Stenberg2017-06-071-2/+2
|
* tool_util: remove unused tvdiff_secs and remove tool_ prefixDaniel Stenberg2017-06-032-39/+9
| | | | Closes #1532
* build: provide easy code coverage measuringDaniel Stenberg2017-06-021-0/+4
| | | | Closes #1528
* time: fix type conversions and compiler warningsMichael Kaufmann2017-05-242-11/+2
| | | | | | | | | Fix bugs and compiler warnings on systems with 32-bit long and 64-bit time_t. Reviewed-by: Daniel Stenberg Closes #1499
* mkhelp.pl: do not add current time into curl binaryBernhard M. Wiedemann2017-05-171-1/+1
| | | | | | | | ... as part of hugehelpgz rodata to make build reproducible. See https://reproducible-builds.org/ for why this is good Closes #1490
* curl: show the libcurl release date in --version outputDaniel Stenberg2017-05-141-0/+6
| | | | | | | | | | | | | | | | | ... and support and additional "security patched" date for those who enhance older versions that way. Pass on the define CURL_PATCHSTAMP with a date for that. Building with non-release headers shows the date as [unreleased]. Also: this changes the date format generated in the curlver.h file to be "YYYY-MM-DD" (no name of the day or month, no time, no time zone) to make it easier on the eye and easier to parse. Example (new) date string: 2017-05-09 Suggested-by: Brian Childs Closes #1474
* tool: fix remaining -Wcast-qual warningsMarcel Raad2017-05-093-8/+8
| | | | Avoid casting away low-level const.
* curl: generate the --help outputDaniel Stenberg2017-05-081-249/+429
| | | | | | | | | | ... using the docs/cmdline-opts/gen.pl script, so that we get all the command line option documentation from the same source. The generation of the list has to be done manually and pasted into the source code. Closes #1465
* tool_msgs: remove wrong castMarcel Raad2017-05-081-1/+1
| | | | | | Commit 481e0de00a9003b9c5220b120e3fc302d9b0932d changed the variable type from int to size_t, so don't cast the result of strlen to int anymore.
* tool_parsecfg: fix -Wcast-qual warningMarcel Raad2017-05-071-1/+1
| | | | | Don't convert string literal to char * before assigning it to const char *.
* curl: remove tool_writeenv.[ch]Daniel Stenberg2017-05-068-170/+2
| | | | | | | | | ... and USE_ENVIRONMENT and --environment. It was once added for RISC OS support and its platform specific behavior has been annoying ever since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since then. Most probably not actually used for years. Closes #1463
* curl: fix warning "comma at end of enumerator list"Daniel Stenberg2017-05-041-1/+1
|
* curl: non-boolean command line args reject --no- prefixesDaniel Stenberg2017-05-023-221/+230
| | | | | | | | ... and instead properly respond with an error message to the user instead of silently ignoring. Fixes #1453 Closes #1458
* tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONSJay Satiro2017-05-013-1/+5
| | | | | | | - Include tool_convert.h where needed. Bug: https://github.com/curl/curl/issues/1460 Reported-by: Gisle Vanem
* tool_cb_prg: fix double-promotion warningMarcel Raad2017-05-011-1/+1
| | | | | | | | | clang complains: tool_cb_prg.c:86:22: error: implicit conversion increases floating-point precision: 'float' to 'double' [-Werror,-Wdouble-promotion] Fix this by using a double instead of a float constant.
* tool_operate: use utimes instead of obsolescent utime when availableDan Fandrich2017-04-271-0/+11
|
* curl: set a 100K buffer size by defaultDaniel Stenberg2017-04-251-3/+7
| | | | | | | | | | | | | | | | | | | | | | Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian Linux. Before (middle performing run out 9): real 0m28.078s user 0m11.240s sys 0m12.876s After (middle performing run out 9) real 0m26.356s (93.9%) user 0m5.324s (47.4%) sys 0m8.368s (65.0%) Also, doing SFTP over a 200 millsecond latency link is now about 6 times faster. Closes #1446
* Makefile: avoid use of GNU-specific form of $<Dan Fandrich2017-04-241-8/+7
| | | | | | | | | | $< is only allowed in implicit rules in some non-GNU makes (e.g. BSD, AIX) so avoid use elsewhere by referencing the dependent curl.1 file directly instead. This is somewhat tricky because the file is supplied in the packaged tar ball (but not in git) but must still be able to be rebuilt when its dependencies change. The right thing must happen in both tar ball and git source trees, as well as in both in-tree and out-of-tree builds.
* Revert "src/Makefile.am: avoid explicit $<"Daniel Stenberg2017-04-201-4/+6
| | | | | | This reverts commit 5b4cbcf11d5100ff793a8e9edbaa6fe1fc7495f5. Since it broke out-of-tree builds from tarballs. See discussion in #1432
* src/Makefile.am: avoid explicit $<Daniel Stenberg2017-04-191-6/+4
| | | | | | | ... since apparently "BSD make" doesn't support it. Reported-by: Thomas Klausner Fixes #1432
* poll: prefer <poll.h> over <sys/poll.h>Marcel Raad2017-04-111-3/+3
| | | | | | | The POSIX standard location is <poll.h>. Using <sys/poll.h> results in warning spam when using the musl standard library. Closes https://github.com/curl/curl/pull/1406
View Lorry Controller Status