Professional Documents
Culture Documents
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
Changelog
Bug: https://curl.haxx.se/mail/lib-2018-01/0087.html
Reported-by: John Hascall
Closes #2257
Note: this changes behavior slightly, for the sake of reducing mistakes.
Get screen width from the environment variable COLUMNS first, if set. If
not, use ioctl(). If nether works, assume 79.
Closes #2242
The "-=O=-" ship moves when data is transferred. The four flying
"hashes" move (on a sine wave) on each refresh, independent of data.
Fixes #2237
Closes #2249
Closes #2248
Follow-up to 84fcaa2e7. libressl does not have the API even if it says it is
late OpenSSL version...
Fixes #2246
Closes #2247
.... and avoid advancing the pointer to trigger an out of buffer read.
Detected by OSS-fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5251
Assisted-by: Max Dymond
Fixes #2211
Closes #2240
Reported-by: Chester Liu
Closes #2239
Fixes #2210
Closes #2236
There is no way for the caller to get the duplicated mime tree
handle: it is then set to be automatically destroyed upon freeing the
new easy handle.
Closes #2235
- docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
... and make the max filesize check trigger if the value is too big.
Link order should list libraries after the libraries that use them,
so when we're guessing that we might also need to add -ldl in order
to use -lssl, we should add -ldl after -lssl.
Closes https://github.com/curl/curl/pull/2234
Bug: https://github.com/curl/curl/issues/2225
Reported-by: cmfrolick@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2227
Prior to this change the stored byte count of each trailer was
miscalculated and 1 less than required. It appears any trailer
after the first that was passed to Curl_client_write would be truncated
or corrupted as well as the size. Potentially the size of some
subsequent trailer could be erroneously extracted from the contents of
that trailer, and since that size is used by client write an
out-of-bounds read could occur and cause a crash or be otherwise
processed by client write.
Closes https://github.com/curl/curl/pull/2231
Fixes https://github.com/curl/curl/issues/2217
Closes https://github.com/curl/curl/pull/2221
Closes #2216
Fixes #2200
Closes #2206
Closes https://github.com/curl/curl/pull/2222
Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2
Closes https://github.com/curl/curl/pull/2215
- openssl: fix memory leak of SSLKEYLOGFILE filename
Caught by ASAN.
- Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
Ref: https://github.com/curl/curl/pull/2186#issuecomment-354767080
Ref: https://gcc.gnu.org/onlinedocs/cpp/Common-Predefined-Macros.html
Decoding loop implementation did not concern the case when all
received data is consumed by Brotli decoder and the size of decoded
data internally hold by Brotli decoder is greater than CURL_MAX_WRITE_SIZE.
For content with unencoded length greater than CURL_MAX_WRITE_SIZE this
can result in the loss of data at the end of content.
Closes #2194
Bug: https://curl.haxx.se/mail/lib-2017-12/0057.html
Reported-by: Thomas van Hesteren
Closes https://github.com/curl/curl/pull/2182
- Move the size modifier detection code from limit-rate to its own
function so that it can also be used with max-filesize.
Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html
Closes https://github.com/curl/curl/pull/2179
curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
Closes https://github.com/curl/curl/pull/2186
Closes https://github.com/curl/curl/pull/2185
Bug: https://curl.haxx.se/mail/lib-2017-12/0060.html
Reported-by: Martin Galvan
- When zlib version is < 1.2.0.4, process gzip trailer before considering
extra data as an error.
- Inflate with Z_BLOCK instead of Z_SYNC_FLUSH to maximize correct data
and minimize corrupt data output.
- Do not try to restart deflate decompression in raw mode if output has
started or if the leading data is not available anymore.
- New test 232 checks inflating raw-deflated content.
Closes #2068
Some error codes were not yet defined in brotli 0.6.0: do not issue code
for them in this case.
Bug: #2175
[ci skip]
A scan-build warning.
Bug: #2174
Follow-up to c92d2e1
Closes #2172
... to make it clearer that the options want address-only, while the
headers in an email can also have the real name.
... as I reran the contrithanks script after the mailmap name fixups.
Closes #2173
Fixed undefined symbol of getenv() which does not exist when compiling
for Windows 10 App (CURL_WINDOWS_APP). Replaced getenv() with
curl_getenv() which is aware of getenv() absence when CURL_WINDOWS_APP
is defined.
Closes #2171
Closes #2126
Prune the DNS cache immediately after the dns entry is unlocked in
multi_done. Timed out entries will then get discarded in a more orderly
fashion.
Test506 is updated
Fixes #2169
Closes #2170
Ref: https://github.com/curl/curl/pull/1346#issuecomment-350530901
Closes #1900
Closes https://github.com/curl/curl/pull/2168
These are OS/2-specific things added to the code in the year 2000. They
were always ugly. If there's any user left, they still don't need it
done this way.
Closes #2166
- Allow proxy_ssl to be checked for pending data even when connssl does
not yet have an SSL handle.
[1]: Recall that an https proxy connection starts out in connssl but if
the destination is also https then the proxy SSL backend data is moved
from connssl to proxyssl, which means connssl handle is temporarily
empty until an SSL handle for the destination can be created.
Ref: https://github.com/curl/curl/commit/f4a6238#commitcomment-24396542
Closes https://github.com/curl/curl/pull/1916
Closes #2167
... error messages are _not_ sent to stderr if this is not set.
Fixes #2076
Closes #2125
Make it use a max 10Hz update frequency for this case as well. Return
early if the "point" hasn't moved since last invoke.
Fixes #2158
Closes #2163
Fixes #2088
Closes #2157
... to allow build on older Linux dists (specifically CentOS 4.8 on gcc
4.8.5)
Closes #2160
... to aid debugging openldap library using its built-in debug messages.
Closes #2159
... as in "file://c:\some\path\curl.out"
Fixes #2146
Closes #2155
Closes #2152
If the lock is released before the dealings with the bundle is over, it may
have changed by another thread in the mean time.
Fixes #2132
Fixes #2151
Closes #2139
Fixes #2143
Closes #2153
For this, I enhanced the pingpong test server to be able to send back
responses with LF-only instead of always using CRLF.
Closes #2150
Figured out while reviewing code in the libssh backend. The pointer was
checked for NULL after having been dereferenced, so we know it would
always equal true or it would've crashed.
Bug #2143
Closes #2148
Fixes #2142
Closes #2145
The previous code was incorrectly following the libssh2 error detection
for libssh2_sftp_statvfs, which is not correct for libssh's sftp_statvfs.
Fixes #2142
Fixes #2141
- remove superfluous NULL check which otherwise tricks the static code
analyzers to assume NULL pointer dereferences.
- indent mistake
Closes #2134
.. since now mac osx image expects pip2 or pip3, and doesn't know pip:
Ref: https://github.com/travis-ci/travis-ci/issues/8829
Closes https://github.com/curl/curl/pull/2133
This SFTP test fails with libssh back-end due to failure to verify
the peer. Disable peer verification in the test as there seems to
be the intention of the test.
This brings its in sync with the error code returned by the
libssh backend.
libssh2: send the correct CURLE error code on scp file not found
Absent any 'symbol map' or script to limit what gets exported, static
linking of libraries previously resulted in a libcurl with curl's and
those other symbols being (re-)exported.
This did not happen if 'versioned symbols' were enabled (which is not
the default) because then a version script is employed.
Closes #2127
So let's just bite the bullet and allocate the SSL backend-specific
data separately.
Closes #2119
The debug option causes far too many warnings in boringssl's headers
(C++ comments, trailing commas etc). Valgrind triggers some false
positive errors in thread-local data used by boringssl.
Closes #2118
This bit is no longer used. It is not clear what it meant for users to
"init the TLS" in a world with different TLS backends and since the
introduction of multissl, libcurl didn't properly work if inited without
this bit set.
Fixes #2089
Fixes #2083
Closes #2107
CVE-2017-8816
Bug: https://curl.haxx.se/docs/adv_2017-11e7.html
The code would previous read beyond the end of the pattern string if the
match pattern ends with an open bracket when the default pattern
matching function is used.
Detected by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4161
CVE-2017-8817
Bug: https://curl.haxx.se/docs/adv_2017-ae72.html
Prior to this change (since dev 70f1db3, release 7.56) the connectdata
structure was undersized by 4 bytes in 32-bit builds with ssl enabled
because long long * was mistakenly used for alignment instead of
long long, with the intention being an 8 byte boundary. Also long long
may not be an available type.
The undersized connectdata could lead to oob read/write past the end in
what was expected to be the last 4 bytes of the connection's secondary
socket https proxy ssl_backend_data struct (the secondary socket in a
connection is used by ftp, others?).
Closes https://github.com/curl/curl/issues/2093
CVE-2017-8818
Bug: https://curl.haxx.se/docs/adv_2017-af0a.html
With this check present, scan-build warns that we might dereference this
point in other places where it isn't first checked for NULL. Thus, if it
*can* be NULL we have a problem on a few places. However, this pointer
should not be possible to be NULL here so I remove the check and thus
also three different scan-build warnings.
Closes #2111
Closes #2110
Reported by scan-build
Closes #2109
connect: add support for new TCP Fast Open API on Linux
The new API added in Linux 4.11 only requires setting a socket option
before connecting, without the whole sento() machinery.
Notably, this makes it possible to use TFO with SSL connections on Linux
as well, without the need to mess around with OpenSSL (or whatever other
SSL library) internals.
Closes #2056
Fixes #2097
Closes #2108
Bug: https://github.com/curl/curl/issues/2104
Reported-by: Alfonso Martone
Fixes #2106
Reported-by: youngchopin on github
Fixes #2073
Closes #2092
Closes #2098
- BUGS: spellchecked
Closes https://github.com/curl/curl/pull/2096
... so that IPv6 addresses can be passed like they can for connect-to
and how they're used in URLs.
Fixes #2087
Closes #2091
macOS: Fix missing connectx function with Xcode version older than 9.0
Fixes https://github.com/curl/curl/issues/1330
Fixes https://github.com/curl/curl/issues/2080
Closes https://github.com/curl/curl/pull/1336
Closes #2082
Fixes #2079
Closes #2081
Closes #1455
- RELEASE-NOTES: synced with ae7369b6d
Closes #2072
Bug: https://curl.haxx.se/mail/lib-2017-11/0032.html
Reported-By: Michael Felt
Closes #2071
Closes #2069
Closes #1944
Closes https://github.com/curl/curl/pull/2067
Closes #2024
Closes #2043
Closes #2061
Closes #2053
... even when there's no socket to wait for, the timeout can still be
very short.
This bug would happen randomly since packet sizes are arbitrary. A test
of 10,000 transfers had 55 fail (ie 0.55%).
Ref: https://zlib.net/zlib_faq.html#faq05
Closes https://github.com/curl/curl/pull/2060
Since 'conn' won't be NULL in there and we also access the pointer in
there without the check.
Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31
Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.
Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
Bug: https://github.com/curl/curl/pull/2002
Reported-By: Daniel Bankhead
Bug: https://github.com/curl/curl/commit/f121575#commitcomment-25347120
Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.
Bug: https://curl.haxx.se/mail/lib-2017-11/0000.html
Reported-by: Andrew Lambert
Closes https://github.com/curl/curl/pull/2031
closes #2026
s/curlx_tvnow/Curl_now
closes #2033
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.
Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
Daniel Stenberg (29 Oct 2017)
- timeleft: made two more users of Curl_timeleft use timediff_t
The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.
Closes #1879
Closes #1934
Closes #2002
- ROADMAP: cleanup
Removed done stuff. Removed entries no longer considered for the near
term.
Closes #2028
Closes #2021
Closes https://github.com/curl/curl/pull/2023
Closes #2025
Chunked-encoding adds its own overhead which why the bytes sent is not
equal to the file size. Prior to this change if a file was uploaded in
chunked-encoding and its size was known it was possible that the upload
could end prematurely without sending the final few chunks. That would
result in a server hang waiting for the remaining data, likely followed
by a disconnect.
The scope of this bug is limited to some arbitrary file sizes which have
not been determined. One size that triggers the bug is 475020.
Bug: https://github.com/curl/curl/issues/2001
Reported-by: moohoorama@users.noreply.github.com
Closes https://github.com/curl/curl/pull/2010
Closes #2016
Closes #1982
... since the 'tv' stood for timeval and this function does not return a
timeval struct anymore.
Closes #2011
When using the FTP list parser, ensure that the memory that's
allocated is always freed.
Closes #2006
closes #2008
We don't expect any steps to fail in travis. Exit the script if they do.
Closes #1966
Closes #1998
CVE-2017-1000257
... by using range checks. Among other things, this avoids an undefined
behavior for a left shift that could happen on negative or very large
values.
Closes #1997
Also adjust makefile to renamed files and warn about installation dirs mix-up.
For 32 bit long systems, the max value accepted (2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.
Also updated the man pages for these timeout options to mention the
return code.
Closes #1938
CURL_CC=clang
CURL_AR=llvm-ar
CURL_RANLIB=llvm-ranlib
Closes https://github.com/curl/curl/pull/1993
Closes https://github.com/curl/curl/pull/1992
NOTE: it makes them terribly slow. I recommend only using valgrind for
specific torture tests or using lots of patience.
closes #1980
... we used it only for the fuzzer, which we now have in a separate git
repo.
Closes #1990
Fixes https://github.com/curl/curl/issues/1986
Closes PR https://github.com/curl/curl/pull/1985
Bug: https://github.com/curl/curl/issues/1941
Closes https://github.com/curl/curl/pull/1951
Those were temporary things we'd add and remove for our own convenience
long ago. The last few stayed around for too long as an oversight but
have since been removed. These days we have a running
BORINGSSL_API_VERSION counter which is bumped when we find it
convenient, but 2015-11-19 was quite some time ago, so just check
OPENSSL_IS_BORINGSSL.
Closes #1979
Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600
Ref: #1974
- FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
Reported-by: Christian Schmitz
Closes #1948
Closes #1964
This allows freeing a mime structure bound to the easy handle before
curl_easy_cleanup().
Fixes #1970.
Detected by OSS-fuzz.
Closes #1969
Disable test 1553 for now too, as it causes memory leaks without this
commit!
- remove_handle: call multi_done() first, then clear dns cache pointer
Closes #1960
Test case 1553 managed to reproduce. I had to actually use a host name
to try to resolve to slow it down, as using the normal local server IP
will make libcurl get a connection in the first curl_multi_perform()
loop and then the bug doesn't trigger.
Fixes #1953
Assisted-by: Max Dymond
... fixes a memory leak with at least IMAP when remove_handle is never
called and the transfer is abruptly just abandoned early.
Detected by OSS-fuzz
Assisted-by: Max Dymond
Closes #1954
Closes #1952
The source code is now prepared to handle the case when both
Win32 Crypto and OpenSSL/NSS crypto backends are enabled
at the same time, making it now possible to enable `USE_WIN32_CRYPTO`
whenever the targeted Windows version supports it. Since this
matches the minimum Windows version supported by curl
(Windows 2000), enable it unconditionally for the Win32 platform.
Ref: https://github.com/curl/curl/pull/1840#issuecomment-325682052
Closes https://github.com/curl/curl/pull/1943
Closes https://github.com/curl/curl/pull/1794
Closes #1946
Closes https://github.com/curl/curl/pull/1942
Closes #1923
Closes #1936
Closes #1939
Ref: https://github.com/curl/curl/issues/1002
This means that reusing connections that are secured with a client
certificate is now possible, and the statement "TLS session resumption
is disabled when a client certificate is used" in the old advisory at
https://curl.haxx.se/docs/adv_20170419.html is obsolete.
Closes #1917
Closes #1919
... now with a -formadd suffix. While the new mime API is introduced in
7.56.0 we must acknowledge that lots of users can't upgrade their curl
versions immediately.
... a single double quote could leave the entry path buffer without a zero
terminating byte. CVE-2017-1000254
Fixes https://github.com/curl/curl/issues/1500
Reported-by: Jay Satiro
Fixes https://github.com/curl/curl/pull/1662
Assisted-by: Tom Seddon
Assisted-by: dpull@users.noreply.github.com
Assisted-by: elelel@users.noreply.github.com
Closes https://github.com/curl/curl/pull/1924
... this will let the second occurance override the first.
Otherwise, the test fails when the -b test option is used to set a
different test port range.
- Set and use more necessary options when some protocols are disabled
When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols. In particular, when HTTP is disabled many options aren't set
that are used only by HTTP. However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.
Closes #1930
Ref: #1928
Closes #1922
Closes #1921
Closes #1920
Closes #1918
Daniel Stenberg (27 Sep 2017)
- curl.h: include <sys/select.h> on cygwin too
.. and include the core NTLM header in all NTLM-related source files.
Closes https://github.com/curl/curl/pull/1911
When trying to bump the value with one and the value is already at max,
it causes an integer overflow.
Closes #1908
Detected by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465
Follow up to 7c52b12 which added the entry. The entry had used tabs but
the symbol-scan parser doesn't recognize tabs and would fail the symbol.
In MultiSSL mode (i.e. when more than one SSL backend is compiled
in), we cannot use the compile time flag `USE_NSS` as indicator that
the NSS backend is in use. As far as Metalink is concerned, the SSL
backend is only used for MD5, SHA-1 and SHA-256 calculations,
therefore one of the available SSL backends is selected at compile
time, in a strict order of preference.
Ref: https://github.com/curl/curl/pull/1848
One option would be to use the same SSL backend as was configured
via `curl_global_sslset()`, however, NTLMv2 support would appear
to be available only with some SSL backends. For example, when
eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced
support for NTLMv1 using Windows' Crypt API, it specifically did
*not* introduce NTLMv2 support using Crypt API at the same time.
So let's select one specific SSL backend for NTLM support when
compiled with multiple SSL backends, using a priority order such
that we support NTLMv2 even if only one compiled-in SSL backend can
be used for that.
Ref: https://github.com/curl/curl/pull/1848
Fixes #1902
Closes #1903
... as the test cases themselves do that and it makes it easier to add
crazy test cases.
Test 800 updated to use user name + password that need quoting.
Ref: #1902
Bug:
https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commit
comment-24470367
Reported-by: Marcel Raad
Closes #1906
In some cases the RSA key does not support verifying it because it's
located on a smart card, an engine wants to hide it, ...
Check the flags on the key before trying to verify it.
OpenSSL does the same thing internally; see ssl/ssl_rsa.c
Closes #1904
Coverity CID 1418139 and CID 1418136 found it, but it was also seen in
torture testing.
Closes #1896
Before merging in the oss-fuzz corpora from Google, there are some changes
to the fuzzer.
- Add a read corpus script, to display corpus files nicely.
- Change the behaviour of the fuzzer so that TLV parse failures all now
go down the same execution paths, which should reduce the size of the
corpora.
- Make unknown TLVs a failure to parse, which should decrease the size
of the corpora as well.
Closes #1881
Bug: https://curl.haxx.se/mail/lib-2017-09/0049.html
Reported-by: Ben Greear
Don't make the fuzzer write out to stdout - instead write some of the
contents to a memory block so we exercise the data output code but
quietly.
Closes #1885
There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.
We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.
Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith
Closes #1894
- libidn isn't used these days, and homebrew doesn't seem to have a
libidn2 package to replace with easily
Closes #1895
Prior to this change it appears the SOCKS5 port parsing was erroneously
used for the SOCKS4 error message, and as a result an incorrect port
would be shown in the error message.
Bug: https://github.com/curl/curl/issues/1892
Reported-by: Jackarain@users.noreply.github.com
Bug: https://curl.haxx.se/mail/lib-2014-07/0033.html
Closes https://github.com/curl/curl/pull/1890
lib/vtls/openssl.c uses OpenSSL APIs from BUF_MEM and BIO APIs. Include
their headers directly rather than relying on other OpenSSL headers
including things.
Closes https://github.com/curl/curl/pull/1891
Bug: https://curl.haxx.se/mail/lib-2017-09/0031.html
Fixes #1880
Closes #1884
Marcel Raad (15 Sep 2017)
- [Isaac Boukris brought this change]
Closes https://github.com/curl/curl/pull/1687
Ref: https://github.com/curl/curl/pull/1687
Closes #1889
Fixes #1887
Reported-by: Oli Kingshott
Closes #1878
- checksrc: detect and warn for lack of spaces next to plus signs
Bug: https://github.com/curl/curl/issues/1877
Reported-by: SBKarr@users.noreply.github.com
If the default write callback is used and no destination has been set, a
NULL pointer would be passed to fwrite()'s 4th argument.
Detected by OSS-fuzz
Closes #1874
The tests for object file/executable file extensions are presumably only
done for the first of these macros in the configure file.
Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515
Reported-by: Marcel Raad
Closes #1873
Now that the form API is deprecated and not used anymore in curl tool,
a lot of its features left untested. Test 650 attempts to check all these
features not tested elsewhere.
Prior to this change it was possible that during the check for the size
of curl_off_t the include path of a user's already installed curl could
come before the include path of the to-be-built curl, resulting in the
system.h of the former being incorrectly included for that check.
Closes https://github.com/curl/curl/pull/1870
Fixes #1853
Closes #1862
Reported-by: Lawrence Wagerfield
OpenSSL: fix yet another mistake while encapsulating SSL backend data
Fixes #1855
Closes #1871
Sadly, there was a crucial error in the manual part, where the wrong
handle was used: rather than connecting ssl[sockindex]' BIO to the
proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason
was an incorrect location to paste "BACKEND->"... d'oh.
[jes: provided the commit message, tested and verified the patch]
... instead of the prefix-less version since WolfSSL 3.12 now uses an
enum with that name that causes build failures for us.
Fixes #1865
Closes #1867
Reported-by: Gisle Vanem
Closes #1868
Today, we know of no one who ever got a SONAME bump auto-detected and we
don't know of anyone who's using the manual bump feature. The auto-
detection is also no longer working since we introduced defining
curl_off_t in system.h (7.55.0).
Closes #1861
Follow-up to c290b8f.
Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313
The second one, written for BoringSSL and new OpenSSL versions:
https://github.com/curl/curl/pull/1346
Note the first one is GPL licensed but the author gave permission to
waive that license for libcurl.
As of right now this feature is disabled by default, and does not have
a configure option to enable it. To enable this feature define
ENABLE_SSLKEYLOGFILE when building libcurl and set environment
variable SSLKEYLOGFILE to a pathname that will receive the keys.
Co-authored-by: Peter Wu
Ref: https://github.com/curl/curl/pull/1030
Ref: https://github.com/curl/curl/pull/1346
Closes https://github.com/curl/curl/pull/1866
Closes #1846
Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html
Closes #1858
... since people copy and paste code from this example and thus they get
an inefficient POST operation without a good reason and sometimes
without understanding why.
As it was added to multi.h simply to not break test 1135, which now has
been disabled due to the mime API addition anyway and su we can now move
the sslset stuff to where the other curl_global_* prototypes are.
The feature is however kept internally for form API compatibility, with
the known caveats it always had.
As a side effect, stdin size is not determined by the cli tool even if
possible and this results in a chunked transfer encoding. Test 173 is
updated accordingly.
Shell profile output makes the SSH server failing and this problem reason
is not easy to find when no hint is given.
The case keyword may be followed by a constant expression and thus should
allow it to start with an open parenthesis.
This enables tests to create more than one file on the client side.
Some calls in different modules were setting the data handle to NULL, causing
segmentation faults when using builds that enable character code conversions.
Automake gets confused if you want to use C++ static libraries with C
code - basically we need to involve the clang++ linker. The easiest way
of achieving this is to rename the C code as C++ code. This gets us a
bit further along the path and ought to be compatible with Google's
version of clang.
Closes #1849
Closes #1842
... so that users can actually write code based on the man page alone,
not having to read the header file.
Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831
Closes https://github.com/curl/curl/pull/1836
Closes #1844
Closes #1845
Closes https://github.com/curl/curl/pull/1840
clarify that the available backends are the ones this build supports
Fixes #1841
Reported-by: Andrei Karas
- HELP-US.md: spelling
Closes #1837
destroy_async_data() assumes that if the flag "done" is not set yet, the
thread itself will clean up once the request is complete. But if an
error (generally OOM) occurs before the thread even has a chance to
start, it will never get a chance to clean up and memory will be leaked.
By clearing "done" only just before starting the thread, the correct
cleanup sequence will happen in all cases.
When multiple SSL backends are active, it does not make sense to favor
one over the others, so let's not: introduce a new prefix for the case
where multiple SSL backends are compiled into cURL.
However, some users may want to override that default without patching
the source code.
version: if built with more than one SSL backend, report all of them
To discern the active one from the inactive ones, put the latter into
parentheses.
This new feature flag reports When cURL was built with multiple SSL
backends.
Previously, the code assumed that at most one of the SSL backends would
be compiled in, emulating OpenSSL's functions if the configured backend
was not OpenSSL itself.
However, now we allow building with multiple SSL backends and choosing
one at runtime. Therefore, metalink needs to be adjusted to handle this
scenario, too.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Let's add a compile time safe API to select an SSL backend. This
function needs to be called *before* curl_global_init(), and can be
called only once.
If SSL is used before the function was called, it will use whatever the
CURL_SSL_BACKEND environment variable says (or default to the first
available SSL backend), and if a subsequent call to
curl_global_sslset() disagrees with the previous choice, it will fail
with CURLSSLSET_TOO_LATE.
Just like with the HTTP/2 push functions, we have to add the function
declaration of curl_global_sslset() function to the header file
*multi.h* because VMS and OS/400 require a stable order of functions
declared in include/curl/*.h (where the header files are sorted
alphabetically). This looks a bit funny, but it cannot be helped.
Let's factor out the latter into a publicly visible struct. This
information will be used in the upcoming API to set the SSL backend
globally.
Git for Windows, for example, uses cURL to perform clones, fetches and
pushes via HTTPS, and some users strongly prefer OpenSSL, while other
users really need to use Secure Channel because it offers
enterprise-ready tools to manage credentials via Windows' Credential
Store.
The current Git for Windows versions use the ugly work-around of
building libcurl once with OpenSSL support and once with Secure Channel
support, and switching out the binaries in the installer depending on
the user's choice.
Therefore, the Git for Windows project has a vested interest in teaching
cURL to make the SSL backend a *runtime* option.
For the moment, the backend can be configured using the environment
variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and
"schannel").
So far, all of the SSL backends' private data has been declared as
part of the ssl_connect_data struct, in one big #if .. #elif .. #endif
block.
This can only work as long as the SSL backend is a compile-time option,
something we want to change in the next commits.
Therefore, let's encapsulate the exact data needed by each SSL backend
into a private struct, and let's avoid bleeding any SSL backend-specific
information into urldata.h. This is also necessary to allow multiple SSL
backends to be compiled in at the same time, as e.g. OpenSSL's and
CyaSSL's headers cannot be included in the same .c file.
To avoid too many malloc() calls, we simply append the private structs
to the connectdata struct in allocate_conn().
In preparation for making the SSL backend a runtime option, let's make
the access of said private data a bit more abstract so that it can be
adjusted later in an easy manner.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This broke the build when SSPI was enabled, unless Secure Channel was
used as SSL backend, because it just so happens that Secure Channel also
requires "curl_sspi.h" to be #included.
This is also required for an upcoming patch that moves all the Secure
Channel-specific stuff out of urldata.h and encapsulates it properly in
vtls/schannel.c instead.
This will also allow for switching SSL backends as a runtime option.
vtls: move SSL backends' private constants out of their header files
These functions are all available via the Curl_ssl struct now, no need
to declare them separately anymore.
The connect_finish() function (like many other functions after it) calls
the Curl_axtls_close() function; While this is not a problem now
(because axtls.h declares the latter function), a patch looming in the
immediate future with make all of these functions file-local.
vtls: use the Curl_ssl struct to access all SSL backends' functionality
This is the first step to unify the SSL backend handling. Now all the
SSL backend-specific functionality is accessed via a global instance of
the Curl_ssl struct.
The idea of introducing the Curl_ssl struct was to unify how the SSL
backends are declared and called. To this end, we now provide an
instance of the Curl_ssl struct for each and every SSL backend.
This will make the upcoming multissl backend much easier to implement.
- strtooff: fix build for systems with long long but no strtoll option
Closes #1829
... as the previous fixed length 128 bytes buffer was sometimes too
small.
Fixes #1823
Closes #1831
... to get the event/revent defines that might be used for the poll
struct.
Fixes https://github.com/curl/curl/issues/1832
When working on this code I found the previous setup a bit weird while
using proper defines increases readability.
Closes #1824
Fixes #1818
Closes #1820
Jay Satiro (23 Aug 2017)
- config-tpf: define SIZEOF_LONG
Bug: https://github.com/curl/curl/issues/1816
Bug: #1816
The previous message was just too long for ordinary people and it was
encouraging users to use `--insecure` a little too easy.
Closes #1810
Closes #1817
Fixes https://github.com/curl/curl/issues/1751
Closes https://github.com/curl/curl/pull/1813
Closes https://github.com/curl/curl/pull/1815
closes #1799
Fixes
==9752==
==9752== HEAP SUMMARY:
==9752== 505 bytes in 1 blocks are definitely lost in loss record 11 of 11
==9752== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-
linux.so)
==9752== by 0x4E61CED: Curl_urldecode (in /home/even/install-curl-
git/lib/libcurl.so.4.4.0)
==9752== by 0x4E75868: tftp_state_machine (in /home/even/install-curl-
git/lib/libcurl.so.4.4.0)
==9752== by 0x4E761B6: tftp_do (in /home/even/install-curl-
git/lib/libcurl.so.4.4.0)
==9752== by 0x4E711B6: multi_runsingle (in /home/even/install-curl-
git/lib/libcurl.so.4.4.0)
==9752== by 0x4E71D00: curl_multi_perform (in /home/even/install-curl-
git/lib/libcurl.so.4.4.0)
==9752== by 0x4E6950D: curl_easy_perform (in /home/even/install-curl-
git/lib/libcurl.so.4.4.0)
==9752== by 0x40E0B7: operate_do (in /home/even/install-curl-git/bin/curl)
==9752== by 0x40E849: operate (in /home/even/install-curl-git/bin/curl)
==9752== by 0x402693: main (in /home/even/install-curl-git/bin/curl)
Fixes https://oss-fuzz.com/v2/testcase-detail/5232311106797568
Credit to OSS Fuzz
Closes #1808
This ensures that global data allocations are freed so Valgrind stays
happy. This was a problem with at least PolarSSL and mbedTLS.
Ref #1012
Figured-out-by: Tatsuhiro Tsujikawa
Closes #868
Fixes #1797
Closes #1798
Reported-by: Ryan Schmidt
Closes #1803
Fixes #1804
Also-fixed-by: Gergely Nagy
... as they're not used externally and internally we check for the sizes
already in configure etc.
Closes #1767
- ftp: fix CWD when doing multicwd then nocwd on same connection
Fixes #1782
Closes #1787
Reported-by: Peter Lamare
[1] https://www.libssh2.org/libssh2_session_flag.html
Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
- examples/ftpuploadresume: checksrc compliance
Closes https://github.com/curl/curl/pull/1793
Closes #1790
closes #1747
Closes #1786
Closes https://github.com/curl/curl/issues/1784
Related changes:
Closes #1785
% curl --<TAB>
_curl:10: no such file or directory: seconds
Closes #1779
Closes #1777
Closes #1719
Fixes #1764
Closes #1773
Reported-by: James Slaughter
Closes #1774
Closes #1772
Fixes #1441
Closes #1762
Reported by: David Lord
Closes #1763
- connect-to.d: clarified
Fixes #1752
Closes #1770
Closes #1766
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2984
Credit to OSS Fuzz for discovery
Closes #1761
A gcc7 warning.
Just making the pointer as const works for the pre-1.1.0 path too.
Closes #1759
Ref: https://github.com/curl/curl/issues/1743
Closes #1647
Closes #1756
Fixes #1755
Visual Studio doesn't like LF line endings in solution files and always
converts them to CRLF when doing changes to the solution. Notably, this
affects the solutions in the release archive.
Closes https://github.com/curl/curl/pull/1746
This folder is generated when using the CMake build system from within
Visual Studio.
Closes https://github.com/curl/curl/pull/1746
Bug: https://github.com/curl/curl/issues/1685
Reported-by: paulharris@users.noreply.github.com
Closes https://github.com/curl/curl/pull/1742
Daniel Stenberg (9 Aug 2017)
- [Adam Sampson brought this change]
These weren't included in the 7.55.0 release, but are required in order
to run the full test suite.
Closes #1744
It might make more sense for the max argument to also be a double...
Fixes #1750
Closes #1749
Closes #1741
Fixes #1738
Closes #1739
Closes https://github.com/curl/curl/pull/1716
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.
Fixes #1730
Closes #1736
CVE-2017-1000101
Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
... and thereby avoid telling send() to send off more bytes than the
size of the buffer!
CVE-2017-1000100
Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault
CVE-2017-1000099
Bug: https://curl.haxx.se/docs/adv_20170809C.html
Fixes #1728
Closes https://github.com/curl/curl/pull/1733
clang complains:
vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
[-Werror,-Wextra-tokens]
This breaks the darwinssl build on Travis. Fix it by making this token
a comment.
Closes https://github.com/curl/curl/pull/1734
When using CURL_WERROR in MSVC builds, the debug flags were overridden
by the release flags and /WX got added twice in debug mode.
Closes https://github.com/curl/curl/pull/1715
... by doing two transfers in nocwd mode and check that there's no
superfluous CWD command.
Fixes #1718
[1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming
[2] https://github.com/curl/curl/pull/1692
Closes https://github.com/curl/curl/pull/1725
(to make the full line appear nicer on travis web UI)
Closes #1706
Fixes #1722
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711
Closes https://github.com/curl/curl/pull/1717
There are some bugs in how timers are managed for a single easy handle
that causes the wrong "next timeout" value to be reported to the
application when a new minimum needs to be recomputed and that new
minimum should be an existing timer that isn't currently set for the
easy handle. When the application drives a set of easy handles via the
`curl_multi_socket_action()` API (for example), it gets told to wait the
wrong amount of time before the next call, which causes requests to
linger for a long time (or, it is my guess, possibly forever).
Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
Fixes #1669
Closes #1713
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.
Closes #1714
Reported-by: Brian Carpenter
Jay Satiro (31 Jul 2017)
- [Dwarakanath Yadavalli brought this change]
Fixes https://github.com/curl/curl/issues/1688
Closes https://github.com/curl/curl/pull/1712
Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
Reported-by: Daniel Stenberg
Closes #1674
Closes https://github.com/curl/curl/pull/1686
Follow-up to 171f8de.
Ref: https://github.com/curl/curl/issues/1704
Follow-up to 4dee50b.
Ref: https://github.com/curl/curl/pull/1693
The headers of librtmp declare the socket as `int`, and on Windows, that
disagrees with curl_socket_t.
Bug: #1652
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
... to make all libcurl internals able to use the same data types for
the struct members. The timeval struct differs subtly on several
platforms so it makes it cumbersome to use everywhere.
Ref: #1652
Closes #1693
... which made --tlsv1.2 not work because it would blank the max tls
version variable.
- multi: mention integer overflow risk if using > 500 million sockets
Reported-by: ovidiu-benea@users.noreply.github.com
Closes #1675
Closes #1683
Closes https://github.com/curl/curl/pull/1682
Bug: https://github.com/curl/curl/commit/eb16305#commitcomment-23035670
Reported-by: Gisle Vanem
Closes https://github.com/curl/curl/pull/1667
Closes https://github.com/curl/curl/pull/1673
Closes https://github.com/curl/curl/pull/1666
Daniel Stenberg (12 Jul 2017)
- [Max Dymond brought this change]
Closes https://github.com/curl/curl/pull/1677
Ref: https://github.com/curl/curl/issues/1562
Closes https://github.com/curl/curl/pull/1672
Closes https://github.com/curl/curl/pull/1671
Ref: #1591
Closes https://github.com/curl/curl/pull/1664
[1] https://www.gnu.org/software/libtool/manual/html_node/Wrapper-
executables.html
Closes https://github.com/curl/curl/pull/1665
I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.
Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589
Closes https://github.com/curl/curl/pull/1661
Closes #1653
Closes #1649
Add a basic telnet server for negotiating some telnet options before
echoing back any data that's sent to it.
Closes #1645
I added a selection of torture and event tests that run "fast enough"
Fixes #1612
Reported-by: Jeroen Ooms
Bug: https://github.com/curl/curl/issues/828#issuecomment-313475151
- http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD
Make the name reflect its use better, and add a short comment describing
what it's for.
... and make sure inet_pton is always checked for when *not* using Windows,
which is a regression from 4fc6ebe18.
... by checking the POLLIN define, as the header file checks don't work
on Windows.
inet_pton() exists on Windows and gets used by our cmake builds. Make
sure the correct header file is included to avoid compiler warnings.
Closes #1639
Closes #1572
Fixes #1640
Bug: https://curl.haxx.se/mail/lib-2017-07/0005.html
Closes #1643
bug: https://curl.haxx.se/mail/lib-2017-07/0005.html
When scanning for which LDAP libraries to use, try the -lldap -llber
combination before the reversed order since it has a greater chance of
working when linking with libcurl statically.
Fixes #1619
Closes #1634
Reported-by: David E. Narváez
closes #1638
Add test 1451 which does some very basic SMB testing using the impacket
SMB server.
Closes #1630
Import impacket 0.9.15 for use in SMB testing. This was generated by
doing "pip2.7 install -t . impacket"
Closes #1637
so let's use long long constant types in order to prevent undesired overflow
failures.
Bug: https://curl.haxx.se/mail/lib-2017-07/0003.html
Closes #1636
... since CURLOPT_URL should follow the same rules as other options:
they remain set until changed or cleared.
Fixes #1631
Closes #1632
Reported-by: Pavel Rochnyak
The size of the `long` data type can be shorter than that of pointer
types. This is the case most notably on Windows.
Simply use the trick of performing pointer arithmetic with the NULL
pointer: to convert an integer `i` to a pointer, simply take the
address of the `i`th element of a hypothetical character array
starting at address NULL. To convert back, simply cast the pointer
difference.
Closes #1617
Bug: #1616
Closes #1633
- [Per Malmberg brought this change]
Closes #1621
Bug: #1616
Closes #1629
Closes #1615
The test.h file is no longer in the same directory as the source file,
so that directory needs to be added to the include path.
Fixes #1627
Closes #1628
Add a connection check function to HTTP2 based off RTSP. This causes
PINGs to be handled the next time the connection is reused.
Closes #1521
Fixes #1620
Closes #1616
Bug: https://github.com/curl/curl/pull/1602#issuecomment-310267370
Fixes #1623
Closes https://github.com/curl/curl/pull/1454
... instead of having the generated code checked in. This saves space in
the tarball but primarily automatically adapts to newly added options.
Closes #1614
Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872
Reported-by: Dan Fandrich
Closes https://github.com/curl/curl/pull/1611
Closes #1610
- progress: progress.timespent needs to be us
Ref: https://trac.macports.org/wiki/XcodeVersionInfo
Fixes https://github.com/curl/curl/issues/1606
Closes https://github.com/curl/curl/pull/1607
The compressed output size seems to be a tad bit smaller, but generally
xz seems more preferred these days and is used directly by for example
gentoo instead of bz2.
Closes #1604
This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.
Test 1298 and 1299 updated accordingly.
Closes #1593
Closes https://github.com/curl/curl/pull/1595
Closes https://github.com/curl/curl/pull/1592
Bug:
https://github.com/curl/curl/commit/73a2fcea0b4adea6ba342cd7ed1149782c214ae3#commit
comment-22655993
Closes #1588
Also added return value checks to make sure no unexpected return codes
are used.
CURLINFO_CONTENT_LENGTH_DOWNLOAD_T
CURLINFO_CONTENT_LENGTH_UPLOAD_T
CURLINFO_SIZE_DOWNLOAD_T
CURLINFO_SIZE_UPLOAD_T
CURLINFO_SPEED_DOWNLOAD_T
CURLINFO_SPEED_UPLOAD_T
Closes #1511
Fixes #1584
Closes #1585
... also updated the CURLOPT_PREQUOTE.3 man page to mention the correct
protocol support.
Closes #1514
... as it really cannot have reached this far with config being NULL,
thus this is unnecesary and misleading.
Closes #1512
Closes https://github.com/curl/curl/pull/1578
Closes https://github.com/curl/curl/pull/1578
Closes https://github.com/curl/curl/pull/1578
- curl-compilers.m4: enable double-promotion warning
Closes https://github.com/curl/curl/pull/1578
Closes https://github.com/curl/curl/pull/1578
Closes #1579
... the previous code would reset the header length wrongly (since
5113ad0424). This makes test 1060 reliable again.
Also: make sws send even smaller chunks of data to increase the
likeliness of this happening.
Bug: https://github.com/curl/curl/issues/1254
Closes #1546
Both these tests run the same underlying test code: libntlmconnect.c -
this test code made some assumptions about socket ordering when it used
curl_easy_fdset() and when we changed timing or got accidental changes
in libcurl the tests would fail.
The tests verify that the different transfers keep using the same
connections, which I now instead made sure by adding the number of bytes
each transfer gets and then verifies that they always get the same
amount as when these tests worked.
Closes #1576
Closes #1569
- test1061: mark as flaky
Closes https://github.com/curl/curl/pull/1571
Bug: https://github.com/curl/curl/pull/1577
Reported-by: Matteo B.
Fixes #1476
... all other non-HTTP protocol schemes are now defaulting to "tunnel
trough" mode if a HTTP proxy is specified. In reality there are no HTTP
proxies out there that allow those other schemes.
Closes #1505
... to make it really apparent if there's any user using this on purpose.
Closes #1542
When this define was set, libcurl would check the environment variable
named CURL_CA_BUNDLE at run-time and use that CA cert bundle. This
feature was only defined by the watcom and m32 makefiles and caused
inconsistent behaviours among libcurls built on different platforms.
The curl tool does already feature its own similar logic and the library
does not really need it, and it isn't documented libcurl behavior. So
this change removes it.
Ref: #1538
Closes #1486
Closes #1547
Bug #1556
Reported-by: Paul Harris
Closes #1559
Fixes #1531
The maketgz script now makes sure the generated hugehelp.c file in the
tarball is newer than the generated curl.1 man page, so that it doesn't
have to get unnecessarily rebuilt first thing in a typical build. It
thus also removes the need for perl to build off a plain release
tarball.
Fixes #1565
Fixes #1456
Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html
Bug: https://github.com/curl/curl/issues/1540
Advisory: https://curl.haxx.se/docs/adv_20170614.html
Don't malloc() the temporary buffer, and use the correct type:
SearchPath() works with TCHAR, but SearchPathA() works with char.
Set the buffer size to MAX_PATH, because the terminating null byte
is already included in MAX_PATH.
Closes #1548
Closes #1561
... and return error instead of triggering an assert() when being way
out of range.
Closes https://github.com/curl/curl/pull/1541
Closes #1557
- asyn-ares: s/Curl_expire_latest/Curl_expire
With the introduction of expire IDs and the fact that existing timers
can be removed now and thus never expire, the concept with adding a
"latest" timer is not working anymore as it risks to not expire at all.
So, to be certain the timers actually are in line and will expire, the
plain Curl_expire() needs to be used. The _latest() function was added
as a sort of shortcut in the past that's quite simply not necessary
anymore.
Follow-up to 31b39c40cf90
Closes #1555
Bug: https://curl.haxx.se/mail/lib-2017-06/0017.html
... as it would previously just get the "now" timestamp before the
transfer starts and then not update it again.
Closes #1550
Closes #1544
Some small changes were necessary to avoid asserts and NULL accesses
when doing this.
The perl script needs to be manually rerun when we add new options.
Closes #1543
This was the only remaining use of toupper in the entire source code.
Closes https://github.com/curl/curl/pull/1539
Closes #1534
GCC 7 complained:
‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context]
- libtest: fix implicit-fallthrough warnings with GCC 7
Closes https://github.com/curl/curl/pull/1536
Closes #1532
Found when updating test 1395, which I did to increase test coverage of
this source file...
Closes #1535
Closes #1530
... the torture ones are commented out only because they are slooooow.
Closes #1528
Fixes https://github.com/curl/curl/issues/846
Fixes #1524
"clang -dumpversion" always returns "4.2.1", the GCC version that clang
was initially compatible to. Use "clang -v" instead, which returns the
actual clang version.
Fixes https://github.com/curl/curl/issues/1522
Closes https://github.com/curl/curl/pull/1523
Use CURLMcode for variable 'res' and cast to int where necessary
instead of the other way around. Other tests do the same.
This fixes the following clang warning:
lib583.c:68:15: warning: cast from function call of type 'CURLMcode' to
non-matching type 'int' [-Wbad-function-cast]
- CURLOPT_STREAM_DEPENDS.3: typo
Ref: https://github.com/curl/curl/issues/1516
Closes https://github.com/curl/curl/pull/1517
Fixes #1208
... with a strlen() if no size was set, and do this in the pretransfer
function so that the info is set early. Otherwise, the default strlen()
done on the POSTFIELDS data never sets state.infilesize.
Closes https://github.com/curl/curl/issues/1516
This hasn't been used in over a decade. <precheck> can still be used to
run commands before the main test.
Closes #1509
follow-up to f31760e63b4e
Fix bugs and compiler warnings on systems with 32-bit long and
64-bit time_t.
Closes #1499
Closes #1321
Fixes #1489
Closes #1497
Fixed a syntax error with setting cache variables (The type and
docstring were missing), resulting in build errors. Quoted the
CURL_CA_PATH and CURL_CA_BUNDLE otherwise the path was written without
quotes in C code, resulting in build errors.
Closes #1503
follow-up to 4cdb1be8246c
Closes #1461
Pass the invalid domain name on stdin. On some systems, the test
framework cannot pass invalid UTF-8 sequences on the command line.
Closes #1488
Closes #1495
Closes #1479
Bug: https://curl.haxx.se/mail/lib-2017-04/0024.html
Closes #1253
- cmdline-opts/write-out.d: s/-L/--location
Since the man page generator wants the long option name version to
generate the proper output.
Closes #1490
Fixes #1450
Closes #1400
follow-up to 5ddad099b42b50
... and support and additional "security patched" date for those who
enhance older versions that way. Pass on the define CURL_PATCHSTAMP with
a date for that.
Also: this changes the date format generated in the curlver.h file to be
"YYYY-MM-DD" (no name of the day or month, no time, no time zone) to
make it easier on the eye and easier to parse. Example (new) date
string: 2017-05-09
Closes #1474
- lib510: don't write past the end of the buffer if it's too small
... I found them in the commit logs from the early years
Fixes #1484
It now returns a bitmask so that the caller can differentiate which kind
the connection allows.
Fixes #1481
Closes #1483
Reported-by: stootill at github
Closes https://github.com/curl/curl/pull/1475
... since the total amount is low this is faster, easier and reduces
memory overhead.
Closes #1472
- multi: assign IDs to all timers and make each timer singleton
B) prevents a lot of superfluous loops for timers that expires "in vain"
when it has actually already been extended to fire later on
Closes #1478
Include the test number in the names of files written out by tests to
reduce the chance of accidental duplication and to make it more clear
which test is associated with which file.
This is already added by the test suite; it's not clear why all these
tests had it, unless it's cargo-culting.
... to really make sure the boundary fits in the target buffer.
The generation of the list has to be done manually and pasted into the
source code.
Closes #1465
When the random seed is purposely made predictable for testing purposes
by using the CURL_ENTROPY environment variable, process that data in an
endian agnostic way so the the initial random seed is the same
regardless of endianness.
Fixes #1315
Closes #1468
... to also make it update when we remove files, like we did for
--environment in commit a8e388dd1095.
Closes https://github.com/curl/curl/pull/1469
[1] https://msdn.microsoft.com/en-us/library/windows/desktop/ms740141.aspx
The cases this warns about are handled elsewhere, so just use an
intermediate variable to silence the warning.
Fixes #1471
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS
support and its platform specific behavior has been annoying ever
since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since
then. Most probably not actually used for years.
Closes #1463
Closes #1466
Windows does not allow setting the locale with environment variables (as
the test attempted to do), so the test failed when run with a user
locale that has a comma as radixchar. Changed the test to call
setlocale() explicitly to ensure that a known working locale is set even
on Windows.
Closes https://github.com/curl/curl/pull/1464
Fix the following warnings when building the tests by using the correct
types:
cast from 'const char *' to 'void *' drops const qualifier
[-Wcast-qual]
implicit conversion changes signedness [-Wsign-conversion]
Closes https://github.com/curl/curl/pull/1452
Closes https://github.com/curl/curl/pull/1452
Closes #1389
... and instead properly respond with an error message to the user
instead of silently ignoring.
Fixes #1453
Closes #1458