1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 21:15:08 -05:00
Commit Graph

25796 Commits

Author SHA1 Message Date
Peter Wu
06e266e0a5 configure: fix pthread check with static boringssl
A shared boringssl/OpenSSL library requires -lcrypto only for linking.
A static build additionally requires `-ldl -lpthread`. In the latter
case `-lpthread` is added to LIBS which prevented `-pthread` from being
added to CFLAGS. Clear LIBS to fix linking failures for libtest tests.
2020-05-22 21:10:07 +02:00
Daniel Stenberg
f6c6a159f5
Revert "sendf: make failf() use the mvsnprintf() return code"
This reverts commit 74623551f3.

Instead mark the function call with (void). Getting the return code and
using it instead triggered Coverity warning CID 1463596 because
snprintf() can return a negative value...

Closes #5441
2020-05-22 12:34:51 +02:00
Daniel Stenberg
5d965b4898
typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'
Reported-by: Billyzou0741326 on github
Fixes #5432
Closes #5436
2020-05-21 00:05:42 +02:00
Daniel Stenberg
bb79320af7
tests/server/util.h: add extern to silence compiler warning
Follow-up from a3b0699d5c
2020-05-20 15:37:09 +02:00
Daniel Stenberg
c9fddf64c6
typecheck-gcc.h: fix the OFF_T check
The option number also needs to be less than CURLOPTTYPE_BLOB.

Follow-up to cac5374298
Reported-by: Jeroen Ooms
Bug: https://github.com/curl/curl/pull/5365#issuecomment-631084114
2020-05-20 10:08:54 +02:00
Daniel Stenberg
6c889a0dd1
TODO: --dry-run
Closes #5426
2020-05-19 09:46:50 +02:00
Daniel Stenberg
39177b8ef9
TODO: Ratelimit or wait between serial requests
Closes #5406
2020-05-19 09:42:11 +02:00
Daniel Stenberg
33d60d09f3
tool_paramhlp: fixup C89 mistake
Follow-up to c5f0a9db22.
2020-05-19 08:58:33 +02:00
Siva Sivaraman
c5f0a9db22
tool_paramhlp: fixed potentially uninitialized strtol() variable
Seems highly unlikely to actually be possible, but better safe than
sorry.

Closes #5417
2020-05-19 08:55:27 +02:00
Siva Sivaraman
c4df1f75ad
tool_operate: fixed potentially uninitialized variables
... in curl_easy_getinfo() calls. They're harmless but clearing the
variables makes the code safer and comforts the reader.

Closes #5416
2020-05-19 08:53:41 +02:00
Daniel Stenberg
557dde201c
sha256: move assign to the declaration line
Follow-up to fae30656. Should've been squashed with that commit...
2020-05-19 08:52:38 +02:00
Siva Sivaraman
fae3065676
sha256: fixed potentially uninitialized variable
Closes #5414
2020-05-19 08:47:12 +02:00
Daniel Stenberg
74623551f3
sendf: make failf() use the mvsnprintf() return code
... and avoid a strlen() call. Fixes a MonocleAI warning.

Reported-by: MonocleAI
Fixes #5413
Closes #5420
2020-05-19 08:13:31 +02:00
Daniel Stenberg
67521b5ecf
hostip: make Curl_printable_address not return anything
It was not used much anyway and instead we let it store a blank buffer
in case of failure.

Reported-by: MonocleAI
Fixes #5411
Closes #5418
2020-05-19 08:11:46 +02:00
Daniel Stenberg
dbc5c17738
ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)
They're done on purpose, make that visible in the code.
Reported-by: MonocleAI
Fixes #5412
Closes #549
2020-05-19 08:06:41 +02:00
Daniel Stenberg
5646e563ae
TODO: forbid TLS post-handshake auth and do TLS record padding
Closes #5396
Closes #5398
2020-05-18 17:59:18 +02:00
Daniel Stenberg
17b1405b20
RELEASE-NOTES: synced 2020-05-18 11:38:02 +02:00
Daniel Stenberg
3df42ca949
dynbuf: return NULL when there's no buffer length
... as returning a "" is not a good idea as the string is supposed to be
allocated and returning a const string will cause issues.

Reported-by: Brian Carpenter
Follow-up to ed35d6590e
Closes #5405
2020-05-17 23:20:56 +02:00
Peter Wu
2c598cc778 travis: upgrade to bionic, clang-9, improve readability
Changes, partially to reduce build failures from external dependencies:
 - Upgrade Ubuntu and drop unnecessary third-party repos.
 - Properly clone apt config to ensure retries.
 - Upgrade to clang-9 from the standard repos.
 - Use Ubuntu 20.04 focal for the libssh build, use of ssh_get_publickey
   fails on -Werror=deprecated-declarations in Ubuntu 18.04. Do not use
   focal everywhere yet since Travis CI has not documented this option.
   In focal, python-impacket (Py2.7) has been removed, leaving only
   python3-impacket. Since it is only needed for SMB tests and not SSH,
   skip it for the libssh job since it might need more work.
 - apt: Remove gcc-8 and libstdc++-8-dev, already installed via g++-8.

Non-functional cleanups:
 - Simplify test matrix, drop redundant os and compiler keys.
 - Deprecation fixes: remove sudo, rename matrix -> jobs.
 - Every job has an 'env' key, put this key first in a list item.

Closes #5370
2020-05-16 13:41:17 +02:00
Peter Wu
1753e4140b travis: whitespace-only changes for consistency
Automatically apply a consistent indentation with:

    python3 -c 'from ruamel.yaml import YAML;y=YAML();d=y.load(open(".travis.yml"));y.width=500;y.dump(d,open(".travis.yml.new","w"))'

followed by manually re-indenting three comments.

Closes #5370
2020-05-16 13:40:48 +02:00
Peter Wu
a158a09166 CMake: add libssh build support
Closes #5372
2020-05-15 21:58:12 +02:00
Daniel Stenberg
a384e870bc
KNOWN_BUGS: wolfssh: publickey auth doesn't work
Closes #4820
2020-05-15 17:01:32 +02:00
Daniel Stenberg
938228dda2
KNOWN_BUGS: OS400 port requires deprecated IBM library
Closes #5176
2020-05-15 16:58:45 +02:00
Vyron Tsingaras
34a5400de1
http2: keep trying to send pending frames after req.upload_done
Fixes #1410
Closes #5401
2020-05-15 15:49:18 +02:00
Gilles Vollant
cac5374298
setopt: support certificate options in memory with struct curl_blob
This change introduces a generic way to provide binary data in setopt
options, called BLOBs.

This change introduces these new setopts:

CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.

Reviewed-by: Daniel Stenberg
Closes #5357
2020-05-15 13:03:59 +02:00
Daniel Stenberg
8df455479f
source cleanup: remove all custom typedef structs
- Stick to a single unified way to use structs
 - Make checksrc complain on 'typedef struct {'
 - Allow them in tests, public headers and examples

 - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
   typedef different types/structs depending on build conditions.

Closes #5338
2020-05-15 08:54:42 +02:00
Daniel Stenberg
5d54b5e697
travis: remove the .checksrc fiddling 2020-05-15 08:54:26 +02:00
Daniel Stenberg
449e54b483
ftp: make domore_getsock() return the secondary socket properly
Previously, after PASV and immediately after the data connection has
connected, the function would only return the control socket to wait for
which then made the data connection simply timeout and not get polled
correctly. This become obvious when running test 1631 and 1632 event-
based.
2020-05-15 08:28:56 +02:00
Daniel Stenberg
9e95ca10b5
test1632: verify FTP through HTTPS-proxy with connection re-use 2020-05-15 08:28:56 +02:00
Daniel Stenberg
c6ce51169e
test1631: verify FTP download through HTTPS-proxy 2020-05-15 08:28:56 +02:00
Daniel Stenberg
a3b0699d5c
sws: as last resort, get test number from server cmd file
If it can't be found in the request. Also support --cmdfile to set it to
a custom file name.

runtests.pl always writes this file with the test number in it since a
while back.
2020-05-15 08:28:56 +02:00
Daniel Stenberg
f002c850d9
ftp: shut down the secondary connection properly when SSL is used
Reported-by: Neal Poole
Fixes #5340
Closes #5385
2020-05-15 08:28:55 +02:00
Marcel Raad
aa6cf7f3b6
KNOWN_BUGS: adapt 5.5 to recent changes
It only applies to non-Unicode builds now.
Also merge 5.10 into it as it's effectively a duplicate.

Closes https://github.com/curl/curl/pull/3784
2020-05-14 18:13:38 +02:00
Marcel Raad
ffdddb45d9
curl_setup: support Unicode functions to open files on Windows
Use them only if `_UNICODE` is defined, in which case command-line
arguments have been converted to UTF-8.

Closes https://github.com/curl/curl/pull/3784
2020-05-14 18:13:37 +02:00
Marcel Raad
9e5669f388
tool: support UTF-16 command line on Windows
- use `wmain` instead of `main` when `_UNICODE` is defined [0]
- define `argv_item_t` as `wchar_t *` in this case
- use the curl_multibyte gear to convert the command-line arguments to
  UTF-8

This makes it possible to pass parameters with characters outside of
the current locale on Windows, which is required for some tests, e.g.
the IDN tests. Out of the box, this currently only works with the
Visual Studio project files, which default to Unicode, and winbuild
with the `ENABLE_UNICODE` option.

[0] https://devblogs.microsoft.com/oldnewthing/?p=40643

Ref: https://github.com/curl/curl/issues/3747
Closes https://github.com/curl/curl/pull/3784
2020-05-14 18:13:36 +02:00
Marcel Raad
a55c835e6b
curl_multibyte: add to curlx
This will also be needed in the tool and tests.

Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512
Closes https://github.com/curl/curl/pull/3784
2020-05-14 18:13:27 +02:00
Daniel Stenberg
600a8cded4
url: make the updated credentials URL-encoded in the URL
Found-by: Gregory Jefferis
Reported-by: Jeroen Ooms
Added test 1168 to verify. Bug spotted when doing a redirect.
Bug: https://github.com/jeroen/curl/issues/224
Closes #5400
2020-05-14 17:59:47 +02:00
Daniel Stenberg
e2a7a6bb9e
tests: add https-proxy support to the test suite
Initial test 1630 added with basic HTTPS-proxy use. HTTPS-proxy is like
HTTP proxy but with a full TLS connection to the proxy.

Closes #5399
2020-05-14 16:21:31 +02:00
Daniel Stenberg
61504b5ef9
mailmap: James Fuller 2020-05-14 08:55:00 +02:00
Major_Tom
8e762199b0
vauth/cleartext: fix theoretical integer overflow
Fix theoretical integer overflow in Curl_auth_create_plain_message.

The security impact of the overflow was discussed on hackerone. We
agreed this is more of a theoretical vulnerability, as the integer
overflow would only be triggerable on systems using 32-bits size_t with
over 4GB of available memory space for the process.

Closes #5391
2020-05-14 08:36:35 +02:00
Jay Satiro
f9983a6f9e curl.1: Quote globbed URLs
- Quote the globbing example URLs that contain characters [] {} since
  otherwise they may be interpreted as shell metacharacters.

Bug: https://github.com/curl/curl/issues/5388
Reported-by: John Simpson

Closes https://github.com/curl/curl/pull/5394
2020-05-13 18:24:34 -04:00
Daniel Stenberg
66b0775763
checksrc: enhance the ASTERISKSPACE and update code accordingly
Fine: "struct hello *world"

Not fine: "struct hello* world" (and variations)

Closes #5386
2020-05-14 00:02:05 +02:00
Daniel Stenberg
f3f5d82e28
docs/options-in-versions: which version added each cmdline option
Added test 971 to verify that the list is in sync with the files in
cmdline-opts. The check also verifies that .d-files that uses Added:
specify the same version number as the options-in-versions file does.

Closes #5381
2020-05-13 23:58:36 +02:00
Daniel Stenberg
72b1aaf9da
docs: unify protocol lists
We boast support for 25 transfer protocols. Make sure the lists are
consistent

Closes #5384
2020-05-13 16:51:19 +02:00
Daniel Stenberg
81a54b12c6
OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN
... to avoid an OpenSSL bug that otherwise makes the CRL check to fail.

Reported-by: Michael Kaufmann
Fixes #5374
Closes #5376
2020-05-13 16:39:36 +02:00
Daniel Stenberg
9242bee3fe
tls13-ciphers.d: shorten the Arg 2020-05-13 16:37:29 +02:00
Daniel Stenberg
63b524c4ec
sasl-authzid.d: add Arg: and shorten the desc 2020-05-13 16:37:28 +02:00
Daniel Stenberg
16d8ff77a1
cert-type.d: mention the available types in the desc 2020-05-13 16:37:28 +02:00
Daniel Stenberg
cd35371163
tool: shorten 3 --help descriptions
--happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort

gen.pl already warned about these lines but we didn't listen

Closes #5379
2020-05-13 16:37:22 +02:00
Daniel Stenberg
32aade5c91
configure: the wolfssh backend does not provide SCP
Closes #5387
2020-05-13 16:35:33 +02:00