1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Commit Graph

2043 Commits

Author SHA1 Message Date
Viktor Szakats
c86e21b624 makefile.m32: add multissl support
Closes https://github.com/curl/curl/pull/1840
2017-08-30 10:44:50 +00:00
Johannes Schindelin
9d96a5f0b5
version: add the CURL_VERSION_MULTI_SSL feature flag
This new feature flag reports When cURL was built with multiple SSL
backends.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 22:56:49 +02:00
Johannes Schindelin
b180a273fa
metalink: allow compiling with multiple SSL backends
Previously, the code assumed that at most one of the SSL backends would
be compiled in, emulating OpenSSL's functions if the configured backend
was not OpenSSL itself.

However, now we allow building with multiple SSL backends and choosing
one at runtime. Therefore, metalink needs to be adjusted to handle this
scenario, too.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-28 14:56:59 +02:00
Daniel Stenberg
f412a5aabb
curl: shorten and clean up CA cert verification error message
The previous message was just too long for ordinary people and it was
encouraging users to use `--insecure` a little too easy.

Based-on-work-by: Frank Denis

Closes #1810
Closes #1817
2017-08-22 23:32:43 +02:00
Marcel Raad
88220adb72
tool_main: turn off MinGW CRT's globbing
By default, the MinGW CRT globs command-line arguments. This prevents
getting a single asterisk into an argument as test 1299 does. Turn off
globbing by setting the global variable _CRT_glob to 0 for MinGW.

Fixes https://github.com/curl/curl/issues/1751
Closes https://github.com/curl/curl/pull/1813
2017-08-22 09:21:23 +02:00
Viktor Szakats
43fb867a58 makefile.m32: add support for libidn2
libidn was replaced with libidn2 last year in configure.
Caveat: libidn2 may depend on a list of further libs.
These can be manually specified via CURL_LDFLAG_EXTRAS.

Closes https://github.com/curl/curl/pull/1815
2017-08-22 07:13:20 +00:00
Johannes Schindelin
1f39245dc8 metalink: adjust source code style
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2017-08-18 08:46:52 +02:00
Daniel Stenberg
6b9bc5a4fe
CURL_SIZEOF_LONG: removed, use only SIZEOF_LONG 2017-08-17 10:27:00 +02:00
Daniel Stenberg
80d9e35598
system.h: remove all CURL_SIZEOF_* defines
... as they're not used externally and internally we check for the sizes
already in configure etc.

Closes #1767
2017-08-17 10:26:53 +02:00
Viktor Szakats
b7b4dc0d49 ssh: add the ability to enable compression (for SCP/SFTP)
The required low-level logic was already available as part of
`libssh2` (via `LIBSSH2_FLAG_COMPRESS` `libssh2_session_flag()`[1]
option.)

This patch adds the new `libcurl` option `CURLOPT_SSH_COMPRESSION`
(boolean) and the new `curl` command-line option `--compressed-ssh`
to request this `libssh2` feature. To have compression enabled, it
is required that the SSH server supports a (zlib) compatible
compression method and that `libssh2` was built with `zlib` support
enabled.

[1] https://www.libssh2.org/libssh2_session_flag.html

Ref: https://github.com/curl/curl/issues/1732
Closes https://github.com/curl/curl/pull/1735
2017-08-17 03:32:00 -04:00
Kamil Dudka
ab2a7079cd zsh.pl: produce a working completion script again
Commit curl-7_54_0-118-g8b2f22e changed the output format of curl --help
to use <file> and <dir> instead of FILE and DIR, which caused zsh.pl to
produce a broken completion script:

% curl --<TAB>
_curl:10: no such file or directory: seconds

Closes #1779
2017-08-15 12:25:46 +02:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Jay Satiro
f87e77b1d8 mkhelp.pl: allow executing this script directly
- Enable execute permission (chmod +x)

- Change interpreter to /usr/bin/env perl

Ref: https://github.com/curl/curl/issues/1743
2017-08-10 13:46:38 -04:00
Daniel Stenberg
a17e7721d2
metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead 2017-08-10 14:54:55 +02:00
Adam Sampson
45a560390c
curl: do bounds check using a double comparison
The fix for this in 8661a0aacc01492e0436275ff36a21734f2541bb wasn't
complete: if the parsed number in num is larger than will fit in a long,
the conversion is undefined behaviour (causing test1427 to fail for me
on IA32 with GCC 7.1, although it passes on AMD64 and ARMv7).  Getting
rid of the cast means the comparison will be done using doubles.

It might make more sense for the max argument to also be a double...

Fixes #1750
Closes #1749
2017-08-09 19:24:16 +02:00
Viktor Szakats
13ef623a81
docs/comments: Update to secure URL versions
Closes #1741
2017-08-08 21:41:07 +02:00
Daniel Stenberg
5c7455fe76 curl: detect and bail out early on parameter integer overflows
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.

Fixes #1730
Closes #1736
2017-08-07 09:38:45 +02:00
Daniel Stenberg
453e7a7a03 glob: do not continue parsing after a strtoul() overflow range
Added test 1289 to verify.

CVE-2017-1000101

Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
2017-08-07 09:24:30 +02:00
Daniel Stenberg
d6c8def82a getparameter: avoid returning uninitialized 'usedarg'
Fixes #1728
2017-08-05 11:52:27 +02:00
Jay Satiro
de6de94c9a tool_help: clarify --include is only for response headers
Follow-up to 171f8de.

Ref: https://github.com/curl/curl/issues/1704
2017-07-29 01:33:25 -04:00
Ryan Winograd
793e831bbf make: fix docs build on OpenBSD
Ref: #1591
2017-07-10 13:54:02 +02:00
Jay Satiro
af0216251b curl_setup_once: Remove ERRNO/SET_ERRNO macros
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.

I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.

Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589
2017-07-10 02:09:27 -04:00
Jay Satiro
17da675002 tool_getparam: fix potentially uninitialized err 2017-07-09 12:04:42 -04:00
Marcel Raad
f601f42787
tool_cb_wrt: fix variable shadowing warning
GCC 4.4 complains:
tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global
declaration
/usr/include/unistd.h:782: error: shadowed declaration is here

Fix this by renaming the variable.

Closes https://github.com/curl/curl/pull/1661
2017-07-09 14:38:10 +02:00
Daniel Stenberg
c1d1a3448f tool_sleep: typecast to avoid macos compiler warning
tool_sleep.c:54:24: error: implicit conversion loses integer precision:
'long' to '__darwin_suseconds_t' (aka 'int')
[-Werror,-Wshorten-64-to-32]
2017-07-04 10:27:36 +02:00
Daniel Stenberg
d24838d4da make: build the docs subdir only from within src
... and don't build at all in include

Prompted-by-work-by: Simon Warta
Ref: #1590
Closes #1591
2017-06-30 17:09:01 +02:00
Kamil Dudka
ce2c3ebda2 curl --socks5-{basic,gssapi}: control socks5 auth
Closes https://github.com/curl/curl/pull/1454
2017-06-28 08:03:00 +02:00
Jay Satiro
922f800603 tool_getparam: fix memory leak on test 1147 OOM (torture tests)
Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872
Reported-by: Dan Fandrich
2017-06-26 01:05:02 -04:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Simon Warta
8621b61045 automake: use $(MKHELP) variable instead if constant mkhelp.pl
this improves symmetry with the rule above
2017-06-19 12:28:39 +02:00
Simon Warta
fb470a2e40 mkhelp.pl: fix script name in usage text 2017-06-19 12:28:28 +02:00
Daniel Stenberg
d4cc240c19 tool_wrte_cb: remove check for config == NULL
... as it really cannot have reached this far with config being NULL,
thus this is unnecesary and misleading.

Bug: https://news.ycombinator.com/item?id=14577585 and
https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356

Forwarded-to-us-by: Jakub Wilk
2017-06-17 23:58:03 +02:00
Daniel Stenberg
5385450afd curl: prevent binary output spewed to terminal
... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.

Added test 1425 1426 to verify.

Closes #1512
2017-06-16 23:38:13 +02:00
Marcel Raad
ce2cc568f8
Makefile.m32: enable -W for MinGW32 build
The configure-based build also has this in addition to -Wall.

Closes https://github.com/curl/curl/pull/1578
2017-06-16 22:32:22 +02:00
Daniel Stenberg
84b9458837 curl: allow --header and --proxy-header read from file
So many headers can be provided as @filename.

Suggested-by: Timothe Litt

Closes #1486
2017-06-15 11:09:40 +02:00
Daniel Stenberg
73a2fcea0b includes: remove curl/curlbuild.h and curl/curlrules.h
Rely entirely on curl/system.h now.

Introduced in Aug 2008 with commit 14240e9e10. Now gone.

Fixes #1456
2017-06-14 11:07:33 +02:00
Daniel Stenberg
5fa028e508 urlglob: fix division by zero
The multiply() function that is used to avoid integer overflows, was
itself reason for a possible division by zero error when passed a
specially formatted glob.

Reported-by: GwanYeong Kim
2017-06-13 09:25:45 +02:00
Michael Kaufmann
e8fecf2614 FindWin32CACert: Use a temporary buffer on the stack
Don't malloc() the temporary buffer, and use the correct type:
SearchPath() works with TCHAR, but SearchPathA() works with char.
Set the buffer size to MAX_PATH, because the terminating null byte
is already included in MAX_PATH.

Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad

Closes #1548
2017-06-11 17:32:02 +02:00
Daniel Stenberg
f7ee701c61 metalink: remove unused printf() argument 2017-06-07 14:35:26 +02:00
Daniel Stenberg
5233de9ac6 tool_util: remove unused tvdiff_secs and remove tool_ prefix
Closes #1532
2017-06-03 00:11:59 +02:00
Daniel Stenberg
f6e0f4556e build: provide easy code coverage measuring
Closes #1528
2017-06-02 13:15:06 +02:00
Michael Kaufmann
8ab22a7453 time: fix type conversions and compiler warnings
Fix bugs and compiler warnings on systems with 32-bit long and
64-bit time_t.

Reviewed-by: Daniel Stenberg

Closes #1499
2017-05-24 22:56:22 +02:00
Bernhard M. Wiedemann
b4cfda8a4a mkhelp.pl: do not add current time into curl binary
... as part of hugehelpgz rodata to make build reproducible.

See https://reproducible-builds.org/ for why this is good

Closes #1490
2017-05-17 23:17:07 +02:00
Daniel Stenberg
180c75eb63 curl: show the libcurl release date in --version output
... and support and additional "security patched" date for those who
enhance older versions that way. Pass on the define CURL_PATCHSTAMP with
a date for that.

Building with non-release headers shows the date as [unreleased].

Also: this changes the date format generated in the curlver.h file to be
"YYYY-MM-DD" (no name of the day or month, no time, no time zone) to
make it easier on the eye and easier to parse. Example (new) date
string: 2017-05-09

Suggested-by: Brian Childs

Closes #1474
2017-05-14 17:10:04 +02:00
Marcel Raad
4dc8499494
tool: fix remaining -Wcast-qual warnings
Avoid casting away low-level const.
2017-05-09 19:20:28 +02:00
Daniel Stenberg
8b2f22ed29 curl: generate the --help output
... using the docs/cmdline-opts/gen.pl script, so that we get all the
command line option documentation from the same source.

The generation of the list has to be done manually and pasted into the
source code.

Closes #1465
2017-05-08 23:30:29 +02:00
Marcel Raad
dc1a1b5055
tool_msgs: remove wrong cast
Commit 481e0de00a changed the variable
type from int to size_t, so don't cast the result of strlen to int
anymore.
2017-05-08 20:23:44 +02:00
Marcel Raad
f67aa4d31c
tool_parsecfg: fix -Wcast-qual warning
Don't convert string literal to char * before assigning it to
const char *.
2017-05-07 20:27:12 +02:00
Daniel Stenberg
a8e388dd10 curl: remove tool_writeenv.[ch]
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS
support and its platform specific behavior has been annoying ever
since. Added in commit c3c8bbd3b2, mostly unchanged since
then. Most probably not actually used for years.

Closes #1463
2017-05-06 23:13:08 +02:00