This is very handy when updating the RELEASE-NOTES as then we sometimes
have names added manually in the existing list and we use this script to
update the set.
As the curl command-line tool now includes it's own version of strdup(),
for platforms that don't have it, fixed up the git respository Visual
Studio project file generator to not include the version from lib in the
tool project files, rather than having both lib\strdup.[c|h] and
src\tool_strdup.[c|h] present.
Added forward declaration of digestdata to overcome the following
compilation warning:
warning: 'struct digestdata' declared inside parameter list
Additionally made the ntlmdata forward declaration dependent on
USE_NTLM similar to how digestdata and kerberosdata are.
To provide consistent behaviour between the various HTTP authentication
functions use CURLcode based error codes for Curl_input_digest()
especially as the calling code doesn't use the specific error code just
that it failed.
docs/THANKS-filter is a new filter file for converting contributor names
we get or have recorded in alternative formats to the one we already use
in THANKS. To help us show individual contributors using a single
presentation of their names.
The removed names also appear as:
Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
These were previously hard coded, and whilst defined in security.h,
they may or may not be present in old header files given that these
defines were never used in the original code.
Not only that, but there appears to be some ambiguity between the ANSI
and UNICODE NTLM definition name in security.h.
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.
Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.
Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to the SASL authentication mechanism.
...and minor rewording on the same paragraph.
- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
The previous condition that checked if the socket was marked as readable
when also adding a writable one, was incorrect and didn't take the pause
bits properly into account.
There were several -Wunused warnings and one duplicate macro definition.
The EXTRA_DEFINES variable of the CurlCheckCSources macro was being
abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to
insert extra C code. Avoid this broken abstraction and use cmake's
check_c_source_compiles directly (works fine with CMake 2.8, maybe
even cmake 2.6).
After cleaning up all related variables (EXTRA_DEFINES,
HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate
add_headers_include macro and remove duplicate header additions before
the struct timeval check.
Oh, and now the code is converted to use CheckCSourceRuns and
CheckCSourceCompiles, the two curl-specific helpers can be removed.
Unfortunately, the cmake output is now slightly more verbose. Before:
Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test)
Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed
Since check_c_source_compiles prints the varname, now you see:
Performing Test curl_cv_func_send_test
Performing Test curl_cv_func_send_test - Failed
Tested: int send(int, const void *, size_t, int)
Compared cmake output with each other using vimdiff, no functional
differences were found. Tested with GCC 4.9.1 and Clang 3.5.0.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
This patch cleans up the automatically-generated (?) code and fixes one
case that will always fail due to syntax error.
HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing
character ("int length;q"). Several parameter type and unused variable
warnings popped up. This causes a detection failure with -Werror.
Observe that the REENTRANT cases are exactly the same as their
non-REENTRANT cases except for a `_REENTRANT` macro definition.
Merge all these pieces and build one big main function with different
cases, but reusing variables where logical.
For the cases where the parameters where NULL, I looked at
lib/hostip4.c to get an idea of the parameters types.
void-cast variables such as 'rc' to avoid -Wuninitialized errors.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
