1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 14:05:03 -05:00
Commit Graph

2309 Commits

Author SHA1 Message Date
Sergei Nikulov
2c0225e042 cmake: set -d postfix for debug builds if not specified
using -DCMAKE_DEBUG_POSTFIX explicitly

       fixes #2121, obsoletes #2384
2018-05-24 17:25:41 +03:00
Daniel Stenberg
cb529b713f
checksrc: make sure sizeof() is used *with* parentheses
... and unify the source code to adhere.

Closes #2563
2018-05-21 23:21:47 +02:00
Daniel Stenberg
f3d836b736
curl: added --styled-output
It is enabled by default, so --no-styled-output will switch off the
detection/use of bold headers.

Closes #2538
2018-05-21 20:29:12 +02:00
Daniel Stenberg
c1c27625c7
curl: show headers in bold
The feature is only enabled if the output is believed to be a tty.

-J: There's some minor differences and improvements in -J handling, as
now J should work with -i and it actually creates a file first using the
initial name and then *renames* that to the one found in
Content-Disposition (if any).

-i: only shows headers for HTTP transfers now (as documented).
Previously it would also show for pieces of the transfer that were HTTP
(for example when doing FTP over a HTTP proxy).

-i: now shows trailers as well. Previously they were not shown at all.

--libcurl: the CURLOPT_HEADER is no longer set, as the header output is
now done in the header callback.
2018-05-21 20:05:05 +02:00
Daniel Stenberg
27aebcc1d1
checksrc: fix too long line
follow-up to e05ad5d
2018-05-18 17:56:18 +02:00
Aleks
e05ad5dd99
docs: mention HAproxy protocol "version 1"
...as there's also a version 2.

Closes #2579
2018-05-18 17:48:40 +02:00
Daniel Stenberg
c0f704dbae
gcc: disable picky gcc-8 function pointer warnings in two places
Reported-by: Rikard Falkeborn
Bug: #2560
Closes #2569
2018-05-14 23:09:51 +02:00
Rikard Falkeborn
4c735b57f7
tool: Fix format specifiers 2018-05-14 09:42:27 +02:00
Daniel Gustafsson
2f13e3d23d
checksrc: force indentation of lines after an else
This extends the INDENTATION case to also handle 'else' statements
and require proper indentation on the following line. Also fixes the
offending cases found in the codebase.

Closes #2532
2018-04-27 00:51:35 +02:00
Jay Satiro
0f72716676 tool_help: clarify --max-time unit of time is seconds
Before:
 -m, --max-time <time> Maximum time allowed for the transfer

After:
 -m, --max-time <seconds> Maximum time allowed for the transfer
2018-04-21 14:19:37 -04:00
Dan McNulty
8996300211 schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
  when using Schannel to maintain backward compatibility. Previously,
  any curl-ca-bundle.crt file found in that search would have been
  ignored by Schannel. But, with CAINFO support, the file found by
  that search would have been used as the certificate store and
  could cause issues for any users that have curl-ca-bundle.crt in
  the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
  SSL backend is Schannel. We allow setting CA location for schannel
  only when explicitly specified by the user via CURLOPT_CAINFO /
  --cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
  and last SAN, respectively, matches the connection hostname. New test
  certificates have been added for these cases. For 3000, the certificate
  prefix is Server-localhost-firstSAN and for 3001, the certificate
  prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
  validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325
2018-04-18 03:59:47 -04:00
Daniel Gustafsson
94400f32e9 all: Refactor malloc+memset to use calloc
When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.

Closes https://github.com/curl/curl/pull/2497
2018-04-15 03:00:37 -04:00
Stefan Agner
464a019cbe tool_operate: Fix retry on FTP 4xx to ignore other protocols
Only treat response code as FTP response codes in case the
protocol type is FTP.

This fixes an issue where an HTTP download was treated as FTP
in case libcurl returned with 33. This happens when the
download has already finished and the server responses 416:
  HTTP/1.1 416 Requested Range Not Satisfiable

This should not be treated as an FTP error.

Fixes #2464
Closes #2465
2018-04-07 02:57:57 -04:00
Lawrence Matthews
6baeb6df35
CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocol
Add --haproxy-protocol for the command line tool

Closes #2162
2018-03-17 11:50:06 +01:00
luz.paz
236402fc2d
cleanup: misc typos in strings and comments
Found via `codespell`

Closes #2389
2018-03-16 11:08:31 +01:00
Patrick Monnerat
82f0508099 curl tool: accept --compressed also if Brotli is enabled and zlib is not. 2018-03-08 01:39:29 +01:00
Viktor Szakats
7e35eb7729 spelling fixes
Detected using the `codespell` tool.

Also contains one URL protocol upgrade.

Closes https://github.com/curl/curl/pull/2334
2018-02-23 23:29:01 +00:00
Jay Satiro
dd027c80fe lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
- In keeping with the naming of our other connect timeout options rename
  CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.

This change adds the _MS suffix since the option expects milliseconds.
This is more intuitive for our users since other connect timeout options
that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS,
CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS.

The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms.

Follow-up to 2427d94 which added the lib and tool option yesterday.

Ref: https://github.com/curl/curl/pull/2260
2018-02-21 15:16:50 -05:00
Anders Bakken
2427d94c6d url: Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
  eyeball timeout value.

- Add new optval macro CURL_HET_DEFAULT to represent the default happy
  eyeballs timeout value (currently 200 ms).

- Add new tool option --happy-eyeballs-timeout-ms to expose
  CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
  other -timeout options in the tool expect seconds not milliseconds.

Closes https://github.com/curl/curl/pull/2260
2018-02-20 17:51:43 -05:00
Daniel Stenberg
f8e8028b0f
curl --version: show PSL if the run-time lib has it enabled
... not of the #define was set at build-time!
2018-02-18 23:09:24 +01:00
Michael Kaufmann
d25b050379 time-cond: fix reading the file modification time on Windows
On Windows, stat() may adjust the unix file time by a daylight saving time
offset. Avoid this by calling GetFileTime() instead.

Fixes #2164
Closes #2204
2018-02-05 22:02:10 +01:00
Ben Greear
1eb4f5ac9d
build: fix termios issue on android cross-compile
Bug: https://curl.haxx.se/mail/lib-2018-01/0122.html
Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-02-01 08:07:45 +01:00
Daniel Stenberg
fecec1d8ae
curl: add --proxy-pinnedpubkey
To verify a proxy's public key. For when using HTTPS proxies.

Fixes #2192
Closes #2268
2018-01-30 08:00:31 +01:00
Daniel Stenberg
4272a0b0fc
curl_ctype: private is*() type macros and functions
... since the libc provided one are locale dependent in a way we don't
want. Also, the "native" isalnum() (for example) works differently on
different platforms which caused test 1307 failures on macos only.

Closes #2269
2018-01-29 22:56:43 +01:00
Daniel Stenberg
02b7280681
progress-bar: don't use stderr explicitly, use bar->out
Reported-By: Gisle Vanem
Bug: 993dd5651a (commitcomment-27070080)
2018-01-24 15:28:46 +01:00
Gisle Vanem
494f02e08a
Fixes for MSDOS etc.
djgpp do have 'mkdir(dir, mode)'. Other DOS-compilers does not 
But djgpp seems the only choice for MSDOS anyway.

PellesC do have a 'F_OK' defined in it's <unistd.h>.

Update year in Copyright.
2018-01-24 15:02:53 +01:00
Gisle Vanem
a0b5e89445
progress-bar: get screen width on windows 2018-01-23 22:43:41 +01:00
Daniel Stenberg
993dd5651a
curl: progress bar refresh, get width using ioctl()
Get screen width from the environment variable COLUMNS first, if set. If
not, use ioctl(). If nether works, assume 79.

Closes #2242

The "refresh" is for the -# output when no total transfer size is
known. It will now only use a single updated line even for this case:

The "-=O=-" ship moves when data is transferred. The four flying
"hashes" move (on a sine wave) on each refresh, independent of data.
2018-01-22 08:29:37 +01:00
Jay Satiro
e4f86025d6 mail-rcpt.d: fix short-text description 2018-01-07 01:04:36 -05:00
Gisle Vanem
859ac36021 tool_getparam: Support size modifiers for --max-filesize
- Move the size modifier detection code from limit-rate to its own
  function so that it can also be used with max-filesize.

Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.

For example --max-filesize 1G

Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html

Closes https://github.com/curl/curl/pull/2179
2017-12-26 02:01:48 -05:00
Daniel Stenberg
5d0ba70e17
curl: support >256 bytes warning messsages
Bug: #2174
2017-12-12 19:59:29 +01:00
Daniel Stenberg
671f0b506c
Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
This reverts commit 9ffad8eb13.

It was actually added rather recently in 8e8afa82cb due to a crash
that would otherwise happen in the RTSP code. As I don't think we've
fixed that behavior yet, we better keep this work-around until we have
fixed it better.
2017-12-11 00:00:17 +01:00
Daniel Stenberg
179ee78e86
curl: remove __EMX__ #ifdefs
These are OS/2-specific things added to the code in the year 2000. They
were always ugly. If there's any user left, they still don't need it
done this way.

Closes #2166
2017-12-08 23:45:16 +01:00
Daniel Stenberg
9ffad8eb13
curl: don't set CURLOPT_INTERLEAVEDATA
That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
and that option isn't set or used by the curl tool!

Updates the 9 tests that verify --libcurl

Closes #2167
2017-12-08 23:40:54 +01:00
Daniel Stenberg
b5881d1fbd
curl: limit -# update frequency for unknown total size
Make it use a max 10Hz update frequency for this case as well. Return
early if the "point" hasn't moved since last invoke.

Reported-by: Elliot Saba

Fixes #2158
Closes #2163
2017-12-07 17:33:46 +01:00
Daniel Stenberg
d6ec96f7ff
metalink: fix memory-leak and NULL pointer dereference
Reported by scan-build

Closes #2109
2017-11-24 13:30:38 +01:00
John Starks
2671f5f7cf cmake: Correctly include curl.rc in Windows builds (#2064)
Update CMakeLists.txt to add curl.rc to the correct list.
2017-11-10 13:58:10 +03:00
Viktor Szakats
3962a3cfcb src/Makefile.m32: fix typo in brotli lib customization
Ref cc1f443609
2017-11-06 01:05:52 +00:00
Viktor Szakats
cc1f443609 Makefile.m32: allow to customize brotli libs
It adds the ability to link against static brotli libs.

Also fix brotli include path.
2017-11-05 23:02:05 +00:00
Viktor Szakats
609aa62f53 Makefile.m32: add brotli support 2017-11-05 15:32:43 +01:00
Patrick Monnerat
11bf1796cd HTTP: implement Brotli content encoding
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.

Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.

Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
2017-11-05 15:28:16 +01:00
Daniel Stenberg
ee8016b3de curl: speed up handling of many URLs
By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).

Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.

Reported-by: arainchik on github
Fixes #1959
Closes #2052
2017-11-04 20:56:26 +01:00
Daniel Stenberg
90abb74ff0 curl: pass through [] in URLs instead of calling globbing error
Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048
2017-11-04 10:23:27 +01:00
Juro Bystricky
6089aa53e4 mkhelp.pl: support reproducible build
Do not generate line with the current date, such as:

* Generation time: Tue Oct-24 18:01:41 2017

This will improve reproducibility. The generated string is only
part of a comment, so there should be no adverse consequences.

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>

closes #2026
2017-10-30 19:27:49 +01:00
Patrick Monnerat
e240a546a7 cli tool: improve ";type=" handling in -F option arguments 2017-10-29 16:23:06 +01:00
Patrick Monnerat
f82f952d2f cli tool: in -F option arg, comma is a delimiter for files only
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.

Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
2017-10-29 16:23:06 +01:00
Jakub Zakrzewski
1cb4f5d6e8 cmake: Export libcurl and curl targets to use by other cmake projects
The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.

Closes #1879
2017-10-28 17:22:47 +02:00
Viktor Szakats
4440b6ad57 makefile.m32: allow to override gcc, ar and ranlib
Allow to ovverride certain build tools, making it possible to
use LLVM/Clang to build curl. The default behavior is unchanged.
To build with clang (as offered by MSYS2), these settings can
be used:

CURL_CC=clang
CURL_AR=llvm-ar
CURL_RANLIB=llvm-ranlib

Closes https://github.com/curl/curl/pull/1993
2017-10-15 19:42:32 +00:00
Patrick Monnerat
56509055d2 cli tool: use file2memory() to buffer stdin in -F option.
Closes PR https://github.com/curl/curl/pull/1985
2017-10-12 16:42:02 +01:00
Patrick Monnerat
665b3e48bc cli tool: reimplement stdin buffering in -F option.
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.

--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.

Buffering is not supported in deprecated curl_formadd() API.
2017-10-12 14:25:59 +01:00
Kristiyan Tsaklev
c95c92da75
curl: don't pass semicolons when parsing Content-Disposition
Test 1422 updated to verify.

Closes #1964
2017-10-09 10:37:27 +02:00
Dan Fandrich
df7839b68c Set and use more necessary options when some protocols are disabled
When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols.  In particular, when HTTP is disabled many options aren't set
that are used only by HTTP.  However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.
2017-09-30 02:10:54 +02:00
Viktor Szakats
de47158934 metalink: fix NSS issue in MultiSSL builds
In MultiSSL mode (i.e. when more than one SSL backend is compiled
in), we cannot use the compile time flag `USE_NSS` as indicator that
the NSS backend is in use. As far as Metalink is concerned, the SSL
backend is only used for MD5, SHA-1 and SHA-256 calculations,
therefore one of the available SSL backends is selected at compile
time, in a strict order of preference.

Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used
to determine whether the SSL backend used for Metalink is the NSS
backend, and use that to guard the code that wants to de-initialize
the NSS-specific data structure.

Ref: https://github.com/curl/curl/pull/1848
2017-09-22 19:01:28 +00:00
Patrick Monnerat
ee56fdb691 form/mime: field names are not allowed to contain zero-valued bytes.
Also suppress length argument of curl_mime_name() (names are always
zero-terminated).
2017-09-22 01:08:29 +01:00
Daniel Stenberg
299896ca09
curl: check fseek() return code and bail on error
Detected by coverity. CID 1418137.
2017-09-20 12:03:44 +02:00
Daniel Stenberg
697271fc98
curl: make str2udouble not return values on error
... previously it would store a return value even when it returned
error, which could make the value get used anyway!

Reported-by: Brian Carpenter
Closes #1893
2017-09-18 10:45:29 +02:00
Daniel Stenberg
e5743f08e7
code style: use spaces around pluses 2017-09-11 09:29:50 +02:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Patrick Monnerat
c96d96bc5f mime: drop internal FILE * support.
- The part kind MIMEKIND_FILE and associated code are suppressed.
- Seek data origin offset not used anymore: suppressed.
- MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions
  renamed accordingly.
- Curl_getformdata() processes stdin via a callback.
2017-09-06 13:42:03 +01:00
Patrick Monnerat
63ef436ea1 mime: implement encoders.
curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.
2017-09-05 17:55:51 +01:00
Patrick Monnerat
7e36b30da8 mime: fix signed/unsigned conversions.
Use and generate CURL_ZERO_TERMINATED in curl tool and tests.
2017-09-03 17:51:18 +01:00
Jay Satiro
437475901d tool_formparse: fix some trivial warnings 2017-09-03 12:13:44 -04:00
Patrick Monnerat
efd9301426 mime: use size_t instead of ssize_t in public API interface.
To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED
has been introduced.

Documentation updated accordingly.

symbols in versions updated. Added form API symbols deprecation info.
2017-09-03 16:10:55 +01:00
Patrick Monnerat
1a3f4c1991 mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().
This feature is badly supported in Windows: as a replacement, a caller has
to use curl_mime_data_cb() with fread, fseek and possibly fclose
callbacks to process opened files.

The cli tool and documentation are updated accordingly.

The feature is however kept internally for form API compatibility, with
the known caveats it always had.

As a side effect, stdin size is not determined by the cli tool even if
possible and this results in a chunked transfer encoding. Test 173 is
updated accordingly.
2017-09-03 14:45:43 +01:00
Patrick Monnerat
045b076ae8 mime: fix some implicit curl_off_t --> size_t conversion warnings. 2017-09-03 10:18:58 +01:00
Patrick Monnerat
fec7a858b8 mime: use in curl cli tool instead of form API.
Extended -F option syntax to support multipart mail messages.
-F keyword headers= added to include custom headers in parts.
Documentation upgraded.
2017-09-02 18:17:33 +01:00
Viktor Szakats
c86e21b624 makefile.m32: add multissl support
Closes https://github.com/curl/curl/pull/1840
2017-08-30 10:44:50 +00:00
Johannes Schindelin
9d96a5f0b5
version: add the CURL_VERSION_MULTI_SSL feature flag
This new feature flag reports When cURL was built with multiple SSL
backends.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 22:56:49 +02:00
Johannes Schindelin
b180a273fa
metalink: allow compiling with multiple SSL backends
Previously, the code assumed that at most one of the SSL backends would
be compiled in, emulating OpenSSL's functions if the configured backend
was not OpenSSL itself.

However, now we allow building with multiple SSL backends and choosing
one at runtime. Therefore, metalink needs to be adjusted to handle this
scenario, too.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 14:56:59 +02:00
Daniel Stenberg
f412a5aabb
curl: shorten and clean up CA cert verification error message
The previous message was just too long for ordinary people and it was
encouraging users to use `--insecure` a little too easy.

Based-on-work-by: Frank Denis

Closes #1810
Closes #1817
2017-08-22 23:32:43 +02:00
Marcel Raad
88220adb72
tool_main: turn off MinGW CRT's globbing
By default, the MinGW CRT globs command-line arguments. This prevents
getting a single asterisk into an argument as test 1299 does. Turn off
globbing by setting the global variable _CRT_glob to 0 for MinGW.

Fixes https://github.com/curl/curl/issues/1751
Closes https://github.com/curl/curl/pull/1813
2017-08-22 09:21:23 +02:00
Viktor Szakats
43fb867a58 makefile.m32: add support for libidn2
libidn was replaced with libidn2 last year in configure.
Caveat: libidn2 may depend on a list of further libs.
These can be manually specified via CURL_LDFLAG_EXTRAS.

Closes https://github.com/curl/curl/pull/1815
2017-08-22 07:13:20 +00:00
Johannes Schindelin
1f39245dc8 metalink: adjust source code style
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-18 08:46:52 +02:00
Daniel Stenberg
6b9bc5a4fe
CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG 2017-08-17 10:27:00 +02:00
Daniel Stenberg
80d9e35598
system.h: remove all CURL_SIZEOF_* defines
... as they're not used externally and internally we check for the sizes
already in configure etc.

Closes #1767
2017-08-17 10:26:53 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Kamil Dudka
ab2a7079cd zsh.pl: produce a working completion script again
Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help
to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to
produce a broken completion script:

% curl --<TAB>
_curl:10: no such file or directory: seconds

Closes #1779
2017-08-15 12:25:46 +02:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Jay Satiro
f87e77b1d8 mkhelp.pl: allow executing this script directly
- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Ref: https://github.com/curl/curl/issues/1743
2017-08-10 13:46:38 -04:00
Daniel Stenberg
a17e7721d2
metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead 2017-08-10 14:54:55 +02:00
Adam Sampson
45a560390c
curl: do bounds check using a double comparison
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7).  Getting
rid of the cast means the comparison will be done using doubles.

It might make more sense for the max argument to also be a double...

Fixes #1750
Closes #1749
2017-08-09 19:24:16 +02:00
Viktor Szakats
13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Daniel Stenberg
5c7455fe76 curl: detect and bail out early on parameter integer overflows
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.

Fixes #1730
Closes #1736
2017-08-07 09:38:45 +02:00
Daniel Stenberg
453e7a7a03 glob: do not continue parsing after a strtoul() overflow range
Added test 1289 to verify.

CVE-2017-1000101

Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
2017-08-07 09:24:30 +02:00
Daniel Stenberg
d6c8def82a getparameter: avoid returning uninitialized 'usedarg'
Fixes #1728
2017-08-05 11:52:27 +02:00
Jay Satiro
de6de94c9a tool_help: clarify --include is only for response headers
Follow-up to 171f8de.

Ref: https://github.com/curl/curl/issues/1704
2017-07-29 01:33:25 -04:00
Ryan Winograd
793e831bbf make: fix docs build on OpenBSD
Ref: #1591
2017-07-10 13:54:02 +02:00
Jay Satiro
af0216251b curl_setup_once: Remove ERRNO/SET_ERRNO macros
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.

I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.

Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589
2017-07-10 02:09:27 -04:00
Jay Satiro
17da675002 tool_getparam: fix potentially uninitialized err 2017-07-09 12:04:42 -04:00
Marcel Raad
f601f42787
tool_cb_wrt: fix variable shadowing warning
GCC 4.4 complains:
tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global
declaration
/usr/include/unistd.h:782: error: shadowed declaration is here

Fix this by renaming the variable.

Closes https://github.com/curl/curl/pull/1661
2017-07-09 14:38:10 +02:00
Daniel Stenberg
c1d1a3448f tool_sleep: typecast to avoid macos compiler warning
tool_sleep.c:54:24: error: implicit conversion loses integer precision:
'long' to '__darwin_suseconds_t' (aka 'int')
[-Werror,-Wshorten-64-to-32]
2017-07-04 10:27:36 +02:00
Daniel Stenberg
d24838d4da make: build the docs subdir only from within src
... and don't build at all in include

Prompted-by-work-by: Simon Warta
Ref: #1590
Closes #1591
2017-06-30 17:09:01 +02:00
Kamil Dudka
ce2c3ebda2 curl --socks5-{basic,gssapi}: control socks5 auth
Closes https://github.com/curl/curl/pull/1454
2017-06-28 08:03:00 +02:00
Jay Satiro
922f800603 tool_getparam: fix memory leak on test 1147 OOM (torture tests)
Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872
Reported-by: Dan Fandrich
2017-06-26 01:05:02 -04:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Simon Warta
8621b61045 automake: use $(MKHELP) variable instead if constant mkhelp.pl
this improves symmetry with the rule above
2017-06-19 12:28:39 +02:00
Simon Warta
fb470a2e40 mkhelp.pl: fix script name in usage text 2017-06-19 12:28:28 +02:00
Daniel Stenberg
d4cc240c19 tool_wrte_cb: remove check for config == NULL
... as it really cannot have reached this far with config being NULL,
thus this is unnecesary and misleading.

Bug: https://news.ycombinator.com/item?id=14577585 and
https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356

Forwarded-to-us-by: Jakub Wilk
2017-06-17 23:58:03 +02:00
Daniel Stenberg
5385450afd curl: prevent binary output spewed to terminal
... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.

Added test 1425 1426 to verify.

Closes #1512
2017-06-16 23:38:13 +02:00
Marcel Raad
ce2cc568f8
Makefile.m32: enable -W for MinGW32 build
The configure-based build also has this in addition to -Wall.

Closes https://github.com/curl/curl/pull/1578
2017-06-16 22:32:22 +02:00
Daniel Stenberg
84b9458837 curl: allow --header and --proxy-header read from file
So many headers can be provided as @filename.

Suggested-by: Timothe Litt

Closes #1486
2017-06-15 11:09:40 +02:00
Daniel Stenberg
73a2fcea0b includes: remove curl/curlbuild.h and curl/curlrules.h
Rely entirely on curl/system.h now.

Introduced in Aug 2008 with commit 14240e9e10. Now gone.

Fixes #1456
2017-06-14 11:07:33 +02:00
Daniel Stenberg
5fa028e508 urlglob: fix division by zero
The multiply() function that is used to avoid integer overflows, was
itself reason for a possible division by zero error when passed a
specially formatted glob.

Reported-by: GwanYeong Kim
2017-06-13 09:25:45 +02:00
Michael Kaufmann
e8fecf2614 FindWin32CACert: Use a temporary buffer on the stack
Don't malloc() the temporary buffer, and use the correct type:
SearchPath() works with TCHAR, but SearchPathA() works with char.
Set the buffer size to MAX_PATH, because the terminating null byte
is already included in MAX_PATH.

Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad

Closes #1548
2017-06-11 17:32:02 +02:00
Daniel Stenberg
f7ee701c61 metalink: remove unused printf() argument 2017-06-07 14:35:26 +02:00
Daniel Stenberg
5233de9ac6 tool_util: remove unused tvdiff_secs and remove tool_ prefix
Closes #1532
2017-06-03 00:11:59 +02:00
Daniel Stenberg
f6e0f4556e build: provide easy code coverage measuring
Closes #1528
2017-06-02 13:15:06 +02:00
Michael Kaufmann
8ab22a7453 time: fix type conversions and compiler warnings
Fix bugs and compiler warnings on systems with 32-bit long and
64-bit time_t.

Reviewed-by: Daniel Stenberg

Closes #1499
2017-05-24 22:56:22 +02:00
Bernhard M. Wiedemann
b4cfda8a4a mkhelp.pl: do not add current time into curl binary
... as part of hugehelpgz rodata to make build reproducible.

See https://reproducible-builds.org/ for why this is good

Closes #1490
2017-05-17 23:17:07 +02:00
Daniel Stenberg
180c75eb63 curl: show the libcurl release date in --version output
... and support and additional "security patched" date for those who
enhance older versions that way. Pass on the define CURL_PATCHSTAMP with
a date for that.

Building with non-release headers shows the date as [unreleased].

Also: this changes the date format generated in the curlver.h file to be
"YYYY-MM-DD" (no name of the day or month, no time, no time zone) to
make it easier on the eye and easier to parse. Example (new) date
string: 2017-05-09

Suggested-by: Brian Childs

Closes #1474
2017-05-14 17:10:04 +02:00
Marcel Raad
4dc8499494
tool: fix remaining -Wcast-qual warnings
Avoid casting away low-level const.
2017-05-09 19:20:28 +02:00
Daniel Stenberg
8b2f22ed29 curl: generate the --help output
... using the docs/cmdline-opts/gen.pl script, so that we get all the
command line option documentation from the same source.

The generation of the list has to be done manually and pasted into the
source code.

Closes #1465
2017-05-08 23:30:29 +02:00
Marcel Raad
dc1a1b5055
tool_msgs: remove wrong cast
Commit 481e0de00a changed the variable
type from int to size_t, so don't cast the result of strlen to int
anymore.
2017-05-08 20:23:44 +02:00
Marcel Raad
f67aa4d31c
tool_parsecfg: fix -Wcast-qual warning
Don't convert string literal to char * before assigning it to
const char *.
2017-05-07 20:27:12 +02:00
Daniel Stenberg
a8e388dd10 curl: remove tool_writeenv.[ch]
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS
support and its platform specific behavior has been annoying ever
since. Added in commit c3c8bbd3b2, mostly unchanged since
then. Most probably not actually used for years.

Closes #1463
2017-05-06 23:13:08 +02:00
Daniel Stenberg
ff10852158 curl: fix warning "comma at end of enumerator list" 2017-05-04 15:49:38 +02:00
Daniel Stenberg
913c3c8f54 curl: non-boolean command line args reject --no- prefixes
... and instead properly respond with an error message to the user
instead of silently ignoring.

Fixes #1453
Closes #1458
2017-05-02 23:09:54 +02:00
Jay Satiro
5b13619da4 tool: Fix missing prototype warnings for CURL_DOES_CONVERSIONS
- Include tool_convert.h where needed.

Bug: https://github.com/curl/curl/issues/1460
Reported-by: Gisle Vanem
2017-05-01 14:48:45 -04:00
Marcel Raad
c3513f7e83
tool_cb_prg: fix double-promotion warning
clang complains:
tool_cb_prg.c:86:22: error: implicit conversion increases
floating-point precision: 'float' to 'double'
[-Werror,-Wdouble-promotion]

Fix this by using a double instead of a float constant.
2017-05-01 11:46:44 +02:00
Dan Fandrich
4da846a41e tool_operate: use utimes instead of obsolescent utime when available 2017-04-27 22:34:12 +02:00
Daniel Stenberg
96ece5c0ee curl: set a 100K buffer size by default
Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian
Linux.

Before (middle performing run out 9):

 real    0m28.078s
 user    0m11.240s
 sys     0m12.876s

After (middle performing run out 9)

 real    0m26.356s (93.9%)
 user    0m5.324s  (47.4%)
 sys     0m8.368s  (65.0%)

Also, doing SFTP over a 200 millsecond latency link is now about 6 times
faster.

Closes #1446
2017-04-25 11:02:19 +02:00
Dan Fandrich
80a87e8abc Makefile: avoid use of GNU-specific form of $<
$< is only allowed in implicit rules in some non-GNU makes (e.g. BSD,
AIX) so avoid use elsewhere by referencing the dependent curl.1 file
directly instead. This is somewhat tricky because the file is supplied
in the packaged tar ball (but not in git) but must still be able to be
rebuilt when its dependencies change. The right thing must happen in
both tar ball and git source trees, as well as in both in-tree and
out-of-tree builds.
2017-04-24 21:38:11 +02:00
Daniel Stenberg
7c145bb2a0 Revert "src/Makefile.am: avoid explicit $<"
This reverts commit 5b4cbcf11d.

Since it broke out-of-tree builds from tarballs. See discussion in #1432
2017-04-20 09:16:12 +02:00
Daniel Stenberg
5b4cbcf11d src/Makefile.am: avoid explicit $<
... since apparently "BSD make" doesn't support it.

Reported-by: Thomas Klausner
Fixes #1432
2017-04-19 23:11:44 +02:00
Marcel Raad
aa573c3c55
poll: prefer <poll.h> over <sys/poll.h>
The POSIX standard location is <poll.h>. Using <sys/poll.h> results in
warning spam when using the musl standard library.

Closes https://github.com/curl/curl/pull/1406
2017-04-11 08:31:38 +02:00
Marcel Raad
b547fff566
tool_operate: fix MinGW compiler warning
MinGW complains:
tool_operate.c:197:15: error: comparison is always true due to limited range
of data type [-Werror=type-limits]

Fix this by only doing the comparison if 'long' is large enough to hold the
constant it is compared with.

Closes https://github.com/curl/curl/pull/1378
2017-04-05 13:08:16 +02:00
Marcel Raad
446eaa941d
tool_operate: move filetime code to its own function
Ref: https://github.com/curl/curl/pull/1378
2017-04-05 13:08:15 +02:00
Marcel Raad
d40f4e15e7
tool: fix Windows Unicode build
... by explicitly calling the ANSI versions of Windows API functions where
required.
2017-04-04 23:04:29 +02:00
Hanno Böck
baaf0ba358 curl: fix callback functions to match prototype
The function tool_debug_cb doesn't match curl_debug_callback in curl.h
(unsigned vs. signed char* for 3rd param).

Bug: https://curl.haxx.se/mail/lib-2017-03/0120.html
2017-03-30 14:59:14 +02:00
Alexis La Goutte
244e0a36bd gcc7: fix ‘*’ in boolean context, suggest ‘&&’ instead [-Wint-in-bool-context]
Closes #1371
2017-03-30 14:29:08 +02:00
Hanno Böck
aced311d18 curl: fix callback argument inconsistency
As you can see the callback definition uses a char* for the first
argument, while the function uses a void*.

URL: https://curl.haxx.se/mail/lib-2017-03/0116.html
2017-03-29 10:05:12 +02:00
Maksim Stsepanenka
d1ddda7e75 make: use the variable MAKE for recursive calls
Closes #1366
2017-03-29 08:17:13 +02:00
klemens
f7df67cff0 spelling fixes
Closes #1356
2017-03-26 23:56:23 +02:00
Daniel Stenberg
8e65877870 curl: check for end of input in writeout backslash handling
Reported-by: Brian Carpenter

Added test 1442 to verify
2017-03-25 23:48:57 +01:00
Dan Fandrich
ae22034d0d mkhelp: disable compression if the perl gzip module is unavailable
This is nowadays included with the base perl distribution, but wasn't
prior to about perl 5.14
2017-03-23 21:11:41 +01:00
Peter Wu
84a226a30b cmake: build manual pages (including curl.1)
Also make Perl mandatory to allow building the docs.

While CMakeLists.txt could probably read the list of manual pages from
Makefile.am, actually putting those in CMakeLists.txt is cleaner so that
is what is done here.

Fixes #1230
Ref: https://github.com/curl/curl/pull/1288
2017-03-21 14:49:53 +01:00
Jay Satiro
98afec033e tool_operate: Fix showing HTTPS-Proxy options on CURLE_SSL_CACERT
- Show the HTTPS-proxy options on CURLE_SSL_CACERT if libcurl was built
  with HTTPS-proxy support.

Prior to this change those options were shown only if an HTTPS-proxy was
specified by --proxy, but that did not take into account environment
variables such as http_proxy, https_proxy, etc. Follow-up to e1187c4.

Bug: https://github.com/curl/curl/issues/1331
Reported-by: Nehal J Wani
2017-03-16 18:23:31 -04:00
Dan Fandrich
3627769d14 build: removed redundant DEPENDENCIES from makefiles 2017-03-14 12:13:03 +01:00
Sylvestre Ledru
66de563482 Improve code readbility
... by removing the else branch after a return, break or continue.

Closes #1310
2017-03-13 23:11:45 +01:00
Dan Fandrich
1890d59905 tool_writeout: fixed a buffer read overrun on --write-out
If a % ended the statement, the string's trailing NUL would be skipped
and memory past the end of the buffer would be accessed and potentially
displayed as part of the --write-out output. Added tests 1440 and 1441
to check for this kind of condition.

Reported-by: Brian Carpenter
2017-03-12 08:28:31 +01:00
Desmond O. Chang
d2bcf1e3e2 url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing
  proxy CONNECT response headers from the user callback functions
  CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION.

- Add new tool option --suppress-connect-headers to expose
  CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT
  response headers from --dump-header and --include.

Assisted-by: Jay Satiro
Assisted-by: CarloCannas@users.noreply.github.com
Closes https://github.com/curl/curl/pull/783
2017-03-12 01:32:33 -05:00
Dan Fandrich
b1dc45a822 build: fixed making man page in out-of-tree tarball builds
The man page taken from the release package is found in a different
location than if it's built from source. It must be referenced as $< in
the rule to get its correct location in the VPATH.
2017-03-09 22:55:28 +01:00
Dan Fandrich
9f3bc40f7f mkhelp: simplified the gzip code
This eliminates the need for an external gzip program, which wasn't
working with Busybox's gzip, anyway. It now compresses using perl's
IO::Compress::Gzip
2017-03-09 22:52:51 +01:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Alexis La Goutte
cbff751e95 build: fix gcc7 implicit fallthrough warnings
Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know
it's expected and won't warn on [-Wimplicit-fallthrough=].

Closes https://github.com/curl/curl/pull/1297
2017-03-03 03:09:46 -05:00
Jay Satiro
b259646ea1 url: Improve CURLOPT_PROXY_CAPATH error handling
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option
  is not supported, which is the same as what we already do for
  CURLOPT_CAPATH.

- Change the curl tool to handle CURLOPT_PROXY_CAPATH error
  CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the
  same as what we already do for CURLOPT_CAPATH.

- Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the
  respective CAPATH option is not supported by the SSL library.

Ref: https://github.com/curl/curl/pull/1257
2017-02-21 22:24:40 -05:00
Michael Kaufmann
ddedc1b3f3 string formatting: fix 4 printf-style format strings 2017-02-19 14:13:42 +01:00
Jay Satiro
7a9f5748bc tool_urlglob: Allow a glob range with the same start and stop
For example allow ranges like [1-1] and [a-a] etc.

Regression since 5ca96cb.

Bug: https://github.com/curl/curl/issues/1238
Reported-by: R. Dennis Steed
2017-02-15 02:31:09 -05:00
Nick Draffen
690935390c curl: fix typo in time condition warning message
The warning message had a typo. The argument long form is --time-cond
not --timecond

Closes #1263
2017-02-14 22:50:15 +01:00
Jay Satiro
e1187c42a4 tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to
the user explaining possible solutions such as --cacert and --insecure.

This change appends to that message similar options --proxy-cacert and
--proxy-insecure when there's a specified HTTPS proxy.

Closes https://github.com/curl/curl/issues/1258
2017-02-11 16:35:47 -05:00
Dan Fandrich
edb2d02855 cmdline-opts: Fixed build and test in out of source tree builds 2017-02-06 23:37:05 +01:00
Jay Satiro
a49d2d0e25 OS400: Fix symbols
- s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY
  Follow-up to 7907a2b and 845522c.

- Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY.

- Add id for CURLOPT_ABSTRACT_UNIX_SOCKET.

Bug: https://github.com/curl/curl/issues/1237
Reported-by: jonrumsey@users.noreply.github.com
2017-02-01 18:28:29 -05:00
Daniel Stenberg
8611d985ee VC: remove the makefile.vc6 build infra
The winbuild/ build files is now the single MSVC makefile build choice.

Closes #1215
2017-01-23 14:27:32 +01:00
Daniel Stenberg
4c49b83597 docs/curl.1: generate from the cmdline-opts script 2017-01-23 13:57:54 +01:00
Viktor Szakats
df86db7dee *.rc: escape non-ASCII/non-UTF-8 character for clarity
Closes https://github.com/curl/curl/pull/1217
2017-01-19 11:35:48 +00:00
Isaac Boukris
1d786faee1 unix_socket: add support for abstract unix domain socket
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.

In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.

On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.

Also add new --abstract-unix-socket tool parameter.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
2017-01-13 16:25:20 +01:00
Isaac Boukris
a301cbb655 curl: reset the easy handle at --next
So that only "global" options (verbose mostly) survive into the next
transfer, and the others have to be set again unless default is fine.
2017-01-13 15:33:24 +01:00
Jay Satiro
ee3c83f39c tool_operate: Fix --remote-time incorrect times on Windows
- Use Windows API SetFileTime to set the file time instead of utime.

Avoid utime on Windows if possible because it may apply a daylight
saving time offset to our UTC file time.

Bug: https://curl.haxx.se/mail/archive-2016-11/0033.html
Reported-by: Tim

Closes https://github.com/curl/curl/pull/1121
2016-12-28 21:19:40 -05:00
Daniel Stenberg
aa6db9642e curl: remove superfluous include file
The <netinet/tcp.h> is a leftover from the past when TCP socket options
were set in this file. This include causes build issues on AIX 4.3.

Reported-by: Kim Minjoong

Closes #1178
2016-12-27 22:02:14 +01:00
Jay Satiro
c2402b6e02 tests: checksrc compliance 2016-12-19 02:31:59 -05:00
Daniel Stenberg
de0cd5e55a tool_getparam.c: make comments use the up-to-date option names 2016-12-17 23:49:11 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
642398c651 curl: normal socks proxies still use CURLOPT_PROXY
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be
asked for specially. (Needs new code.)

Unified proxy type to a single variable in the config struct.
2016-12-16 15:34:14 +01:00
Daniel Stenberg
7907a2bec9 CURLOPT_SOCKS_PROXYTYPE: removed
This was added as part of the SOCKS+HTTPS proxy merge but there's no
need to support this as we prefer to have the protocol specified as a
prefix instead.
2016-12-16 15:10:19 +01:00
Daniel Stenberg
1c3e8bbfed checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
2016-12-14 01:29:44 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Daniel Stenberg
cee0fb3247 curl: support zero-length argument strings in config files
... like 'user-agent = ""'

Adjusted test 71 to verify.
2016-12-02 11:25:35 +01:00
Daniel Stenberg
720ea577dc curl: remove --proxy-ssl* options
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS
proxy. Those protocols are insecure by design and deprecated.
2016-11-28 00:07:45 +01:00
Okhin Vasilij
a4b2f7aafd curl_version_info: add CURL_VERSION_HTTPS_PROXY
Closes #1142
2016-11-26 17:28:53 +01:00
Jay Satiro
a6618b5250 tool_urlglob: Improve sanity check in glob_range
Prior to this change we depended on errno if strtol could not perform a
conversion. POSIX says EINVAL *may* be set. Some implementations like
Microsoft's will not set it if there's no conversion.

Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
2016-11-24 22:25:46 -05:00
Jay Satiro
4bda3e04b2 tool_help: Change description for --retry-connrefused
Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409
2016-11-24 22:15:14 -05:00
Frank Gevaerts
ba410f6c64 add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
Adds access to the effectively used protocol/scheme to both libcurl and
curl, both in string and numeric (CURLPROTO_*) form.

Note that the string form will be uppercase, as it is just the internal
string.

As these strings are declared internally as const, and all other strings
returned by curl_easy_getinfo() are de-facto const as well, string
handling in getinfo.c got const-ified.

Closes #1137
2016-11-25 00:45:18 +01:00
Daniel Stenberg
8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg
dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Jay Satiro
03d707fc5f tool_help: Clarify --dump-header only writes received headers 2016-11-16 01:52:01 -05:00
Daniel Stenberg
0744506cd2 curl: add --fail-early to help output
Fixes test 1139 failures

Follow-up to f82bbe01c8
2016-11-15 08:32:53 +01:00
Daniel Stenberg
8c630ef059 glob: fix [a-c] globbing regression
Brought in ee4f76606c

Added test case 1280 to verify

Reported-by: Dave Reisner

Bug: ee4f76606c (commitcomment-19823146)
2016-11-15 08:22:54 +01:00
Daniel Stenberg
f82bbe01c8 curl: add --fail-early
Exit with an error on the first transfer error instead of continuing to
do the rest of the URLs.

Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-14 08:35:40 +01:00
Daniel Hwang
cdfda3ee82 curl: Add --retry-connrefused
to consider ECONNREFUSED as a transient error.

Closes #1064
2016-11-11 10:00:54 +01:00
Kamil Dudka
a110a03b43 curl: introduce the --tlsv1.3 option to force TLS 1.3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 12:07:11 +01:00
Daniel Stenberg
27302abb94 s/cURL/curl
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
2016-11-07 10:36:23 +01:00
Mauro Rappa
ebeffe81d8 curl -w: added more decimal digits to timing counters
Now showing microsecond resolution.

Closes #1106
2016-11-05 12:50:15 +01:00
Daniel Stenberg
6b52b7eb2b metalink: simplify the hex parsing function
... and now it avoids using the libcurl toupper() function
2016-11-02 00:31:49 +01:00
Daniel Stenberg
95bd2b3e7f strcase: make the tool use curl_str[n]equal instead
As they are after all part of the public API. Saves space and reduces
complexity. Remove the strcase defines from the curlx_ family.

Suggested-by: Dan Fandrich
Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31 21:51:19 +01:00
Daniel Stenberg
309d6e80d0 msvc builds: s/rawstr/strcase
Follow-up to 811a693b
2016-10-31 13:35:26 +01:00
Daniel Stenberg
8fe4bd0844 curl_strequal: part of public API/ABI, needs to be kept
These two public functions have been mentioned as deprecated since a
very long time but since they are still part of the API and ABI we need
to keep them around.
2016-10-31 09:45:17 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
502acba2af strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
Daniel Stenberg
ee4f76606c range: reject char globs with missing end like '[L-]'
... which previously would lead to out of boundary reads.

Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
Daniel Stenberg
269a889104 glob_next_url: make sure to stay within the given output buffer 2016-10-31 08:46:35 +01:00
Daniel Stenberg
fbb5f1aa03 range: prevent negative end number in a glob range
CVE-2016-8620

Bug: https://curl.haxx.se/docs/adv_20161102F.html
Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
Daniel Stenberg
0f1996321f s/cURL/curl
The tool was never called cURL, only the project. But even so, we have
more and more over time switched to just use lower case.
2016-10-18 13:59:54 +02:00
Daniel Stenberg
8e8afa82cb curl: set INTERLEAVEDATA too
As otherwise the callback could be called with a NULL pointer when RTSP
data is provided.
2016-10-18 12:09:56 +02:00
David Woodhouse
a1a5cd0487 curl: do not set CURLOPT_SSLENGINEDEFAULT automatically
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in
OpenSSL. Just don't get involved; there's no need to be making the
engine methods the default anyway.

https://github.com/OpenSC/libp11/pull/108
https://github.com/openssl/openssl/pull/1639

Merges #1042
2016-10-16 13:18:07 +02:00
Daniel Stenberg
ffa0709a88 curl: make --create-dirs on windows grok both forward and backward slashes
Reported-by: Ryan Scott

Fixes #1007
2016-09-14 07:48:43 +02:00
Daniel Stenberg
b965090963 curl: whitelist use of strtok() in non-threaded context 2016-09-07 10:43:40 +02:00
Mark Hamilton
9a84dc31de tool_helpers.c: fix comment typo (#989) 2016-09-03 23:14:07 +02:00
David Woodhouse
01f69232b0 curl: allow "pkcs11:" prefix for client certificates
RFC7512 provides a standard method to reference certificates in PKCS#11
tokens, by means of a URI starting 'pkcs11:'.

We're working on fixing various applications so that whenever they would
have been able to use certificates from a file, users can simply insert
a PKCS#11 URI instead and expect it to work. This expectation is now a
part of the Fedora packaging guidelines, for example.

This doesn't work with cURL because of the way that the colon is used
to separate the certificate argument from the passphrase. So instead of

   curl -E 'pkcs11:manufacturer=piv_II;id=%01' …

I instead need to invoke cURL with the colon escaped, like this:

   curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …

This is suboptimal because we want *consistency* — the URI should be
usable in place of a filename anywhere, without having strange
differences for different applications.

This patch therefore disables the processing in parse_cert_parameter()
when the string starts with 'pkcs11:'. It means you can't pass a
passphrase with an unescaped PKCS#11 URI, but there's no need to do so
because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
the URI itself.

Also, if users are already using RFC7512 URIs with the colon escaped as
in the above example — even providing a passphrase for cURL to handling
instead of using a pin-value attribute, that will continue to work
because their string will start 'pkcs11\:' and won't match the check.

What *does* break with this patch is the extremely unlikely case that a
user has a file which is in the local directory and literally named
just "pkcs11", and they have a passphrase on it. If that ever happened,
the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-08-17 11:35:16 +02:00
Daniel Stenberg
4732ca5724 CURLOPT_TCP_NODELAY: now enabled by default
After a few wasted hours hunting down the reason for slowness during a
TLS handshake that turned out to be because of TCP_NODELAY not being
set, I think we have enough motivation to toggle the default for this
option. We now enable TCP_NODELAY by default and allow applications to
switch it off.

This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be
used to disable it.

Thanks-to: Tim Rühsen
Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-08-05 00:12:57 +02:00
Kamil Dudka
584d0121c3 tool_urlglob: fix off-by-one error in glob_parse()
... causing SIGSEGV while parsing URL with too many globs.
Minimal example:

$ curl $(for i in $(seq 101); do printf '{a}'; done)

Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757
2016-06-03 13:07:22 +02:00
Viktor Szakats
55ab64ed1a makefile.m32: add crypt32 for winssl builds
Dependency added by 6cabd78

Closes #849
2016-06-01 10:39:13 +02:00
Daniel Stenberg
6dbc23cfd8 curl: fix -q [regression]
This broke in 7.49.0 with commit e200034425

Fixes #842
2016-05-31 14:25:40 +02:00
Frank Gevaerts
071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version}
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
2016-05-30 22:58:51 +02:00
Jay Satiro
b9728bca54 tool_cb_hdr: Fix --remote-header-name with schemeless URL
- Move the existing scheme check from tool_operate.

In the case of --remote-header-name we want to parse Content-disposition
for a filename, but only if the scheme is http or https. A recent
adjustment 0dc4d8e was made to account for schemeless URLs however it's
not 100% accurate. To remedy that I've moved the scheme check to the
header callback, since at that point the library has already determined
the scheme.

Bug: https://github.com/curl/curl/issues/760
Reported-by: Kai Noda
2016-05-01 16:07:04 -04:00
Jay Satiro
0dc4d8e42e curl -J: make it work even without http:// scheme on URL
It does open up a miniscule risk that one of the other protocols that
libcurl could use would send back a Content-Disposition header and then
curl would act on it even if not HTTP.

A future mitigation for this risk would be to allow the callback to ask
libcurl which protocol is being used.

Verified with test 1312

Closes #760
2016-04-29 15:24:10 +02:00
Daniel Stenberg
a744591d60 curl: show the long option version of -q in the -h list 2016-04-29 00:31:37 +02:00
Daniel Stenberg
ce7826f613 curl: remove "--socks" as "--socks5" turned 8
In commit 2e42b0a252 (Jan 2008) we made the option "--socks" deprecated
and it has not been documented since. The more explicit socks options
(like --socks4 or --socks5) should be used.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d0f42e5273 curl: remove --http-request
It was mentioned as deprecated already in commit ae1912cb0d from
1999. It has not been documented in this millennium.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
9b1ed2ea8e curl: mention --ntlm-wb in -h list 2016-04-29 00:31:37 +02:00
Daniel Stenberg
c6eb7b6301 curl: -h output lacked --proxy-header 2016-04-29 00:31:37 +02:00
Daniel Stenberg
10ea631390 curl: use --telnet-option as documented
The code said "telnet-options" but no documentation ever said so. It
worked fine since the code is fine with a unique match of the first
part.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d6fa190503 getparam: remove support for --ftpport
It has been deprecated and undocumented since commit ad5ead8bed (Dec
2003). --ftp-port is the proper long option name.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
e200034425 curl: make --disable work as long form of -q
To make the aliases list reflect reality.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
b499973c7b aliases: remove trailing space from capath string 2016-04-29 00:31:37 +02:00
Daniel Stenberg
388c6b5e75 cmdline parse: only single letter options have single-letter strings
... moved around options so that parsing the code to find all
single-letter options easier.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
3c1e84f569 curl: make --ftp-create-dirs retry on failure
The underlying libcurl option used for this feature is
CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir
creation, but it was never set to do that by the command line tool.

Now it does.

Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html
Reported-by: John Wanghui
Help-by: Leif W
2016-04-22 15:25:13 +02:00
Daniel Stenberg
5470c86845 src/checksrc.whitelist: removed 2016-04-19 08:56:06 +02:00
Daniel Stenberg
2dd018f450 tool_operate: switch to inline checksrc ignore 2016-04-19 08:56:06 +02:00
Alessandro Ghedini
d49087f6bc tool: add --tcp-fastopen option 2016-04-18 23:17:19 +02:00
Daniel Stenberg
a542536cf6 checksrc: pass on -D so the whitelists are found correctly 2016-04-18 20:10:52 +02:00
Daniel Stenberg
ab493af731 checksrc/makefile.am: use $top_srcdir to find source files
... to properly support out of source tree builds.
2016-04-18 14:58:11 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Daniel Stenberg
f86f50f05a makefile.vc6: use d suffix on debug object
To allow both release and debug builds in parallel.

Reported-by: Rod Widdowson

Fixes #769
2016-04-17 17:16:21 +02:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Steve Holme
43116218c0 url: Corrected comments following 9d89a0387 2016-04-09 05:33:03 +01:00
Steve Holme
d6b4de083f checksrc: Fix issue with the autobuilds not picking up the whitelist 2016-04-08 20:32:40 +01:00
Daniel Stenberg
a8b51a179a lib/src: fix the checksrc invoke
... now works correctly when invoke from the root makefile
2016-04-03 23:07:30 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Diego Bes
324a97ecf8 http2: support "prior knowledge", no upgrade from HTTP/1.1
Supports HTTP/2 over clear TCP

- Optimize switching to HTTP/2 by removing calls to init and setup
before switching. Switching will eventually call setup and setup calls
init.

- Supports new version to “force” the use of HTTP/2 over clean TCP

- Add common line parameter “--http2-prior-knowledge” to the Curl
  command line tool.
2016-03-31 22:23:11 +02:00
Jay Satiro
67a762928e tool_operate: remove mixed declaration
This is a follow up to the previous commit.
2016-03-28 16:46:26 -04:00
Daniel Stenberg
ab86007df4 curl: warn for --capath use if not supported by libcurl
Closes #492
2016-03-28 20:28:23 +02:00
Daniel Stenberg
4ef6d6b1bc curl: glob_range: no need to check unsigned variable for negative
cppcheck warned:

[src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n'
is less than zero.
2016-03-14 10:51:25 +01:00
Viktor Szakats
6c7a5b9603 makefile.m32: add missing libs for static -winssl-ssh2 builds
Bug: https://github.com/curl/curl/pull/693
2016-03-05 21:50:12 -05:00
Viktor Szakats
05401b9a3b makefile.m32: fix to allow -ssh2-winssl combination
In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
(OpenSSL) option, with no way to override it with -winssl. Since both
libssh2 and curl support using Windows's built-in SSL backend, modify
the logic to allow that combination.
2016-03-05 13:40:34 -05:00
Viktor Szakats
d678bd6f60 makefile.m32: allow to pass .dll/.exe-specific LDFLAGS
using envvars `CURL_LDFLAG_EXTRAS_DLL` and
`CURL_LDFLAG_EXTRAS_EXE` respectively. This
is useful f.e. to pass ASLR-related extra
options, that are required to make this
feature work when using the mingw toolchain.

Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985

Closes https://github.com/curl/curl/pull/689
2016-03-01 17:46:16 -05:00
Jay Satiro
186546f1c5 TFTP: add option to suppress TFTP option requests (Part 2)
- Add tests.

- Add an example to CURLOPT_TFTP_NO_OPTIONS.3.

- Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.

Bug: https://github.com/curl/curl/issues/481
2016-02-23 03:01:07 -05:00
Viktor Szakats
91cfcc5d6f src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support
Sync with lib/Makefile.m32 which already uses those variables.

Bug: https://github.com/curl/curl/pull/670
2016-02-20 15:45:39 -05:00
Jay Satiro
4fc80f3e75 tool_doswin: Support for literal path prefix \\?\
For example something like --output \\?\C:\foo
2016-02-09 03:28:58 -05:00
Jay Satiro
c3aac48919 tool_urlglob: Allow reserved dos device names (Windows)
Allow --output to reserved dos device names without the device prefix
for backwards compatibility.

Example: --output NUL can be used instead of --output \\.\NUL

Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863
Reported-by: Gisle Vanem
2016-02-08 15:09:42 -05:00
Jay Satiro
d572d2664d tool_operhlp: Check for backslashes in get_url_file_name
Extract the filename from the last slash or backslash. Prior to this
change backslashes could be part of the filename.

This change needed for the curl tool built for Cygwin. Refer to the
CYGWIN addendum in advisory 20160127B.

Bug: https://curl.haxx.se/docs/adv_20160127B.html
2016-02-08 03:14:04 -05:00
Jay Satiro
9b6598ed08 tool_doswin: Use type SANITIZEcode in sanitize_file_name 2016-02-05 02:22:24 -05:00
Jay Satiro
4520534e6d tool_doswin: Improve sanitization processing
- Add unit test 1604 to test the sanitize_file_name function.

- Use -DCURL_STATICLIB when building libcurltool for unit testing.

- Better detection of reserved DOS device names.

- New flags to modify sanitize behavior:

SANITIZE_ALLOW_COLONS: Allow colons
SANITIZE_ALLOW_PATH: Allow path separators and colons
SANITIZE_ALLOW_RESERVED: Allow reserved device names
SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename

- Restore sanitization of banned characters from user-specified outfile.

Prior to this commit sanitization of a user-specified outfile was
temporarily disabled in 2b6dadc because there was no way to allow path
separators and colons through while replacing other banned characters.
Now in such a case we call the sanitize function with
SANITIZE_ALLOW_PATH which allows path separators and colons to pass
through.


Closes https://github.com/curl/curl/issues/624
Reported-by: Octavio Schroeder
2016-02-05 01:44:27 -05:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Jay Satiro
2b6dadc52d tool_operate: Don't sanitize --output path (Windows)
Due to path separators being incorrectly sanitized in --output
pathnames, eg -o c:\foo => c__foo

This is a partial revert of 3017d8a until I write a proper fix. The
remote-name will continue to be sanitized, but if the user specified an
--output with string replacement (#1, #2, etc) that data is unsanitized
until I finish a fix.

Bug: https://github.com/bagder/curl/issues/624
Reported-by: Octavio Schroeder
2016-02-01 04:11:46 -05:00
Viktor Szakats
1597af51b1 tool_doswin: silence unused function warning
tool_doswin.c:185:14: warning: 'msdosify' defined but not used
[-Wunused-function]

Closes https://github.com/bagder/curl/pull/616
2016-01-28 02:45:36 -05:00
Ray Satiro
3017d8a8d8 curl: avoid local drive traversal when saving file (Windows)
curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

CVE-2016-0754

Bug: http://curl.haxx.se/docs/adv_20160127B.html
2016-01-26 23:42:55 +01:00
Daniel Stenberg
bfe6f1f788 Makefile.inc: s/curl_SOURCES/CURL_FILES
This allows the root Makefile.am to include the Makefile.inc without
causing automake to warn on it (variables named *_SOURCES are
magic). curl_SOURCES is then instead assigned properly in
src/Makefile.am only.

Closes #577
2015-12-23 12:07:50 +01:00
Daniel Stenberg
b4a39491ca curl --expect100-timeout: added
This is the new command line option to set the value for the existing
libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-12-15 13:59:56 +01:00