Daniel Stenberg
58d04252e1
travis: build with sanitize=address,undefined,signed-integer-overflow
...
... using clang
Closes #3190
2018-11-01 09:44:59 +01:00
Daniel Stenberg
832661b3a7
schannel: use Curl_ prefix for global private symbols
...
Curl_verify_certificate() must use the Curl_ prefix since it is globally
available in the lib and otherwise steps outside of our namespace!
Closes #3201
2018-11-01 09:39:45 +01:00
Kamil Dudka
fc2c9a9614
tests: drop http_pipe.py script no longer used
...
It is unused since commit f7208df7d9
.
Closes #3204
2018-11-01 09:13:47 +01:00
Daniel Stenberg
8effa8c2b0
runtests: use the local curl for verifying
...
... revert the mistaken change brought in commit 8440616f53
.
Reported-by: Alessandro Ghedini
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
Closes #3198
2018-10-31 13:48:56 +01:00
Daniel Stenberg
196677150f
RELEASE-NOTES: 7.62.0
2018-10-30 17:54:00 +01:00
Daniel Stenberg
bbed10da65
THANKS: 7.62.0 status
2018-10-30 17:53:59 +01:00
Daniel Gustafsson
1460e89e01
vtls: add MesaLink to curl_sslbackend enum
...
MesaLink support was added in commit 57348eb97d
but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.
Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-30 16:56:51 +01:00
Ruslan Baratov
98d9a33de4
cmake: Remove unused CURL_CONFIG_HAS_BEEN_RUN_BEFORE variable
...
Closes #3191
2018-10-30 11:23:00 +01:00
Daniel Stenberg
350306e472
test2080: verify the fix for CVE-2018-16842
2018-10-30 07:47:50 +01:00
Daniel Stenberg
d530e92f59
voutf: fix bad arethmetic when outputting warnings to stderr
...
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
2018-10-30 07:47:25 +01:00
Tuomo Rinne
e97679a360
cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in
...
Closes #3123
2018-10-29 17:10:31 +01:00
Tuomo Rinne
dd98c1f34b
cmake: add find_dependency call for ZLIB to CMake config file
2018-10-29 17:10:27 +01:00
Tuomo Rinne
fc0672b447
cmake: add support for transitive ZLIB target
2018-10-29 17:10:24 +01:00
Daniel Stenberg
5728229a4f
unit1650: fix "null pointer passed as argument 1 to memcmp"
...
Detected by UndefinedBehaviorSanitizer
Closes #3187
2018-10-29 16:14:40 +01:00
Daniel Stenberg
0c9b09dff4
travis: add a "make tidy" build that runs clang-tidy
...
Closes #3182
2018-10-29 08:11:33 +01:00
Daniel Stenberg
0b58ffe0c9
unit1300: fix stack-use-after-scope AddressSanitizer warning
...
Closes #3186
2018-10-29 08:05:23 +01:00
Daniel Stenberg
f3a24d7916
Curl_auth_create_plain_message: fix too-large-input-check
...
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
2018-10-29 08:05:23 +01:00
Daniel Stenberg
81d135d671
Curl_close: clear data->multi_easy on free to avoid use-after-free
...
Regression from b46cfbc068
(7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
2018-10-29 08:05:23 +01:00
randomswdev
9d8dad1a9d
system.h: use proper setting with Sun C++ as well
...
system.h selects the proper Sun settings when __SUNPRO_C is defined. The
Sun compiler does not define it when compiling C++ files. I'm adding a
check also on __SUNPRO_CC to allow curl to work properly also when used
in a C++ project on Sun Solaris.
Closes #3181
2018-10-27 16:07:24 +02:00
Daniel Stenberg
75b94d77e8
rand: add comment to skip a clang-tidy false positive
2018-10-27 15:59:44 +02:00
Daniel Stenberg
a669e06946
test1651: unit test Curl_extract_certinfo()
...
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
2018-10-27 15:59:43 +02:00
Daniel Stenberg
feea1259e4
x509asn1: always check return code from getASN1Element()
2018-10-27 15:59:43 +02:00
Daniel Stenberg
be20814191
Makefile: add 'tidy' target that runs clang-tidy
...
Available in the root, src and lib dirs.
Closes #3163
2018-10-27 15:59:38 +02:00
Daniel Stenberg
803496fa10
RELEASE-PROCEDURE: adjust the release dates
...
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
2018-10-27 15:14:51 +02:00
Patrick Monnerat
c335b7f1f7
x509asn1: suppress left shift on signed value
...
Use an unsigned variable: as the signed operation behavior is undefined,
this change silents clang-tidy about it.
Ref: https://github.com/curl/curl/pull/3163
Reported-By: Daniel Stenberg
2018-10-27 15:04:50 +02:00
Michael Kaufmann
3793761a37
multi: Fix error handling in the SENDPROTOCONNECT state
...
If Curl_protocol_connect() returns an error code,
handle the error instead of switching to the next state.
Closes #3170
2018-10-27 13:03:50 +02:00
Daniel Stenberg
4441d3c548
RELEASE-NOTES: synced
2018-10-27 11:14:13 +02:00
Daniel Stenberg
44a9e9f80f
openssl: output the correct cipher list on TLS 1.3 error
...
When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".
Reported-by: Ricky-Tigg on github
Fixes #3178
Closes #3180
2018-10-27 10:46:38 +02:00
Daniel Stenberg
067992baa7
docs/CIPHERS: fix the TLS 1.3 cipher names
...
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by: Ricky-Tigg on github
Bug: #3178
2018-10-27 10:46:36 +02:00
Marcel Raad
ac85e49d7a
travis: install gnutls-bin package
...
This is required for gnutls-serv, which enables a few more tests.
Closes https://github.com/curl/curl/pull/2958
2018-10-27 08:41:18 +02:00
Daniel Gustafsson
5c8c310edb
ssh: free the session on init failures
...
Ensure to clear the session object in case the libssh2 initialization
fails.
It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.
Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-26 15:39:15 +02:00
Daniel Stenberg
a0c2779d61
docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
...
... I'm moving it up one week due to travels. The rest stays.
2018-10-26 14:12:44 +02:00
Daniel Gustafsson
68348461dc
openssl: make 'done' a proper boolean
...
Closes #3176
2018-10-26 13:51:25 +02:00
Daniel Stenberg
ebfe02f73c
gtls: Values stored to but never read
...
Detected by clang-tidy
Closes #3176
2018-10-26 13:51:07 +02:00
Alexey Eremikhin
bbce45fb00
curl.1: --ipv6 mutexes ipv4 (fixed typo)
...
Fixes #3171
Closes #3172
2018-10-26 08:45:08 +02:00
Daniel Stenberg
ae925ddcc3
tool_main: make TerminalSettings static
...
Reported-by: Gisle Vanem
Bug: becfe1233f (commitcomment-31008819)
Closes #3161
2018-10-26 00:59:50 +02:00
Daniel Stenberg
abfdf6a0b7
curl-config.in: remove dependency on bc
...
Reported-by: Dima Pasechnik
Fixes #3143
Closes #3174
2018-10-26 00:06:19 +02:00
Gisle Vanem
639d052e44
rtmp: fix for compiling with lwIP
...
Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt'
setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
^
curl_rtmp.c(41,32): note: expanded from macro 'setsockopt'
#define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
^
Closes #3155
2018-10-26 00:04:02 +02:00
Daniel Stenberg
25d287d1e5
configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
...
Follow-up to #3166 which did the cmake part of this. This type/define is
not used.
Closes #3168
2018-10-25 13:18:23 +02:00
Ruslan Baratov
b04e624038
cmake: remove unused variables
...
Remove variables:
* HAVE_SOCKLEN_T
* CURL_SIZEOF_CURL_SOCKLEN_T
* CURL_TYPEOF_CURL_SOCKLEN_T
Closes #3166
2018-10-25 13:18:23 +02:00
Michael Kaufmann
daabc91581
urldata: Fix comment in header
...
The "connecting" function is used by multiple protocols, not only FTP
2018-10-25 13:04:03 +02:00
Michael Kaufmann
d48e6b7f95
netrc: free temporary strings if memory allocation fails
...
- Change the inout parameters after all needed memory has been
allocated. Do not change them if something goes wrong.
- Free the allocated temporary strings if strdup() fails.
Closes #3122
2018-10-25 12:54:55 +02:00
Ruslan Baratov
4f2541f975
config: Remove unused SIZEOF_VOIDP
...
Closes #3162
2018-10-24 11:20:57 +02:00
Daniel Stenberg
eecfe974b7
RELEASE-NOTES: synced
2018-10-24 09:22:18 +02:00
Gisle Vanem
eda0998894
Fix for compiling with lwIP (3)
...
lwIP on Windows does not have a WSAIoctl() function.
But it do have a SO_SNDBUF option to lwip_setsockopt(). But it currently does nothing.
2018-10-23 12:55:07 +02:00
Daniel Stenberg
6535b9303d
Curl_follow: return better errors on URL problems
...
... by making the converter function global and accessible.
Closes #3153
2018-10-23 11:43:41 +02:00
Daniel Stenberg
ca10fae6fc
Curl_follow: remove remaining free(newurl)
...
Follow-up to 05564e750e
. This function no longer frees the passed-in
URL.
Reported-by: Michael Kaufmann
Bug: 05564e750e (commitcomm)
ent-30985666
2018-10-23 11:43:41 +02:00
Daniel Gustafsson
06d8f16b87
headers: end all headers with guard comment
...
Most headerfiles end with a /* <headerguard> */ comment, but it was
missing from some. The comment isn't the most important part of our
code documentation but consistency has an intrinsic value in itself.
This adds header guard comments to the files that were lacking it.
Closes #3158
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-23 10:02:24 +02:00
Jay Satiro
a023dfa19a
CIPHERS.md: Mention the options used to set TLS 1.3 ciphers
...
Closes https://github.com/curl/curl/pull/3159
2018-10-23 03:37:37 -04:00
Daniel Stenberg
db1338474c
docs/BUG-BOUNTY: the sponsors actually decide the amount
...
Retract the previous approach as the sponsors will be the ones to set the
final amounts.
Closes #3152
[ci skip]
2018-10-20 12:07:52 +02:00