1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-18 23:45:11 -05:00
Commit Graph

23542 Commits

Author SHA1 Message Date
Daniel Stenberg
f864bd8c88
build: fix 'make install' with configure, install docs/libcurl/* too
Broken since d24838d4da

Reported-by: Bernard Spil
2017-08-09 10:29:49 +02:00
Daniel Stenberg
2679562dc7
RELEASE-NOTES: curl 7.55.0 2017-08-09 07:50:35 +02:00
Daniel Stenberg
7417029e19
THANKS: 20 new contributors in 7.55.0 2017-08-09 07:50:35 +02:00
Viktor Szakats
13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Daniel Stenberg
58845f2e2e
configure: fix recv/send/select detection on Android
... since they now provide several functions as
__attribute__((overloadable)), the argument detection logic need
updates.

Patched-by: destman at github

Fixes #1738
Closes #1739
2017-08-08 21:40:16 +02:00
Marcel Raad
18eac3df1b
ax_code_coverage.m4: update to latest version
This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d
from August 01, 2017. Notably, this removes the lconv version whitelist.

Closes https://github.com/curl/curl/pull/1716
2017-08-08 08:43:26 +02:00
Daniel Stenberg
581011a3d2 test1427: verify command line parser integer overflow detection 2017-08-07 09:38:57 +02:00
Daniel Stenberg
5c7455fe76 curl: detect and bail out early on parameter integer overflows
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.

Fixes #1730
Closes #1736
2017-08-07 09:38:45 +02:00
Daniel Stenberg
453e7a7a03 glob: do not continue parsing after a strtoul() overflow range
Added test 1289 to verify.

CVE-2017-1000101

Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
2017-08-07 09:24:30 +02:00
Daniel Stenberg
358b2b131a tftp: reject file name lengths that don't fit
... and thereby avoid telling send() to send off more bytes than the
size of the buffer!

CVE-2017-1000100

Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault

Credit to OSS-Fuzz for the discovery
2017-08-07 09:24:30 +02:00
Even Rouault
c9332fa5e8 file: output the correct buffer to the user
Regression brought by 7c312f84ea (April 2017)

CVE-2017-1000099

Bug: https://curl.haxx.se/docs/adv_20170809C.html

Credit to OSS-Fuzz for the discovery
2017-08-07 09:24:30 +02:00
Daniel Stenberg
fa48987356
easy_events: make event data static
First: this function is only used in debug-builds and not in
release/real builds. It is used to drive tests using the event-based
API.

A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
funtion returns, namely when curl_multi_remove_handle() is called.

Reported-by: Brian Carpenter
2017-08-06 23:42:50 +02:00
Daniel Stenberg
d6c8def82a getparameter: avoid returning uninitialized 'usedarg'
Fixes #1728
2017-08-05 11:52:27 +02:00
Isaac Boukris
0b11660234
gssapi: fix memory leak of output token in multi round context
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733
2017-08-05 00:23:24 +02:00
Marcel Raad
61046e7bd5
darwinssl: fix compiler warning
clang complains:
vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
[-Werror,-Wextra-tokens]

This breaks the darwinssl build on Travis. Fix it by making this token
a comment.

Closes https://github.com/curl/curl/pull/1734
2017-08-05 00:11:01 +02:00
Marcel Raad
54aef857b3
CMake: fix CURL_WERROR for MSVC
When using CURL_WERROR in MSVC builds, the debug flags were overridden
by the release flags and /WX got added twice in debug mode.

Closes https://github.com/curl/curl/pull/1715
2017-08-04 12:01:24 +02:00
Daniel Stenberg
26e02eae4b
RELEASE-NOTES: synced with 561e9217c 2017-08-04 10:32:38 +02:00
Daniel Stenberg
561e9217c7 test1010: verify that #1718 is fixed
... by doing two transfers in nocwd mode and check that there's no
superfluous CWD command.
2017-08-04 10:01:23 +02:00
Daniel Stenberg
2ccd65af3b FTP: skip unnecessary CWD when in nocwd mode
... when reusing a connection. If it didn't do any CWD previously.

Fixes #1718
2017-08-04 10:01:23 +02:00
Marcel Raad
b7386c0ac9
travis: explicitly specify dist
This makes the builds more reproducible as travis is currently rolling
out trusty as default dist [1]. Specifically, this avoids coverage
check failures when trusty is used as seen in [2] until we figure out
what's wrong.

[1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming
[2] https://github.com/curl/curl/pull/1692

Closes https://github.com/curl/curl/pull/1725
2017-08-04 09:59:42 +02:00
Daniel Stenberg
fdb163c73a travis: BUILD_TYPE => T
(to make the full line appear nicer on travis web UI)
2017-08-04 00:07:08 +02:00
Daniel Stenberg
2b7ce3f56d travis: add osx build with darwinssl
Closes #1706
2017-08-04 00:07:08 +02:00
Daniel Stenberg
af271ce9b9 darwin: silence compiler warnings
With a clang pragma and three type fixes

Fixes #1722
2017-08-04 00:07:02 +02:00
Daniel Stenberg
6f6cfc90be
BUILD.WINDOWS: mention buildconf.bat for builds off git 2017-08-03 13:50:44 +02:00
Daniel Stenberg
fa2f134cbd darwinssl: fix curlssl_sha256sum() compiler warnings on first argument 2017-08-03 10:24:06 +02:00
Daniel Stenberg
58752b78c7 test130: verify comments in .netrc 2017-08-03 10:04:16 +02:00
Gisle Vanem
a8e1c2e466 netrc: skip lines starting with '#'
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
2017-08-03 10:04:16 +02:00
Marcel Raad
866e02935d
CMake: set MSVC warning level to 4
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
consistent with the Visual Studio and NMake builds. Disable level 4
warning C4127 for the library and additionally C4306 for the test
servers to get a clean CURL_WERROR build as that warning is raised in
some macros in older Visual Studio versions.

Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711
2017-08-03 08:39:23 +02:00
Daniel Stenberg
70934885d0 CURLOPT_NETRC.3: fix typo in 7e48aa3861
Reported-by: Viktor Szakats
2017-08-02 15:29:27 +02:00
Daniel Stenberg
7e48aa3861 CURLOPT_NETRC.3: mention the file name on windows
... and CURLOPT_NETRC_FILE(3).
2017-08-02 14:34:26 +02:00
Daniel Stenberg
1767adf439 travis: build osx with libressl too 2017-08-02 12:50:30 +02:00
Daniel Stenberg
23b4a05210 travis: build osx with openssl too 2017-08-02 12:50:30 +02:00
Daniel Stenberg
920f777fc8 tests/server/util: fix curltime mistake from 4dee50b9c8 2017-08-02 11:53:27 +02:00
Marcel Raad
0139545607
curl_threads: fix MSVC compiler warning
Use LongToHandle to convert from long to HANDLE in the Win32
implementation.
This should fix the following warning when compiling with
MSVC 11 (2012) in 64-bit mode:
lib\curl_threads.c(113): warning C4306:
'type cast' : conversion from 'long' to 'HANDLE' of greater size

Closes https://github.com/curl/curl/pull/1717
2017-08-01 17:22:30 +02:00
Daniel Stenberg
62495ff31a BUGS: improved phrasing about security bugs
Reported-by: Max Dymond
2017-08-01 15:06:08 +02:00
Daniel Stenberg
821a0854f6 BUGS: clarify how to report security related bugs 2017-08-01 14:39:13 +02:00
Brad Spencer
164a09368d multi: fix request timer management
There are some bugs in how timers are managed for a single easy handle
that causes the wrong "next timeout" value to be reported to the
application when a new minimum needs to be recomputed and that new
minimum should be an existing timer that isn't currently set for the
easy handle.  When the application drives a set of easy handles via the
`curl_multi_socket_action()` API (for example), it gets told to wait the
wrong amount of time before the next call, which causes requests to
linger for a long time (or, it is my guess, possibly forever).

Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
2017-08-01 13:39:38 +02:00
Jay Satiro
53d137d94a curl_setup: Define CURL_NO_OLDIES for building libcurl
.. to catch accidental use of deprecated error codes.

Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
2017-08-01 02:56:48 -04:00
Jeremy Tan
f262b3586c configure: fix the check for IdnToUnicode
Fixes #1669
Closes #1713
2017-08-01 01:04:45 +02:00
Daniel Stenberg
909283ae5a http: fix response code parser to avoid integer overflow
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.

Closes #1714
Reported-by: Brian Carpenter
2017-07-31 18:37:43 +02:00
Dwarakanath Yadavalli
512f8c774a libcurl: Stop using error codes defined under CURL_NO_OLDIES
Fixes https://github.com/curl/curl/issues/1688
Closes https://github.com/curl/curl/pull/1712
2017-07-31 02:59:05 -04:00
Jay Satiro
436cd490fc include.d: clarify --include is only for response headers
Follow-up to 171f8de and de6de94.

Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
Reported-by: Daniel Stenberg
2017-07-30 02:29:36 -04:00
jasjuang
27e2a4733c cmake: support make uninstall
Closes #1674
2017-07-30 01:56:14 +02:00
Daniel Stenberg
e88f133298 RELEASE-NOTES: synced with 001701c47 2017-07-30 01:25:57 +02:00
Marcel Raad
001701c47e
AppVeyor: now really use CURL_WERROR
It was misspelled as CURL_ERROR in commit
2d86e8d128.

Closes https://github.com/curl/curl/pull/1686
2017-07-29 18:47:18 +02:00
Jay Satiro
de6de94c9a tool_help: clarify --include is only for response headers
Follow-up to 171f8de.

Ref: https://github.com/curl/curl/issues/1704
2017-07-29 01:33:25 -04:00
Jay Satiro
f8614af527 splay: fix signed/unsigned mismatch warning
Follow-up to 4dee50b.

Ref: https://github.com/curl/curl/pull/1693
2017-07-29 01:13:42 -04:00
Daniel Stenberg
171f8ded26 include.d: clarify that it concerns the response headers
Reported-by: olesteban at github
Fixes #1704
2017-07-28 18:22:50 +02:00
Johannes Schindelin
1cfa4cd427 curl_rtmp: fix a compiler warning
The headers of librtmp declare the socket as `int`, and on Windows, that
disagrees with curl_socket_t.

Bug: #1652

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-07-28 16:41:29 +02:00
Daniel Stenberg
0018221532 test1323: verify curlx_tvdiff 2017-07-28 15:51:36 +02:00