Commit Graph

21094 Commits

Author SHA1 Message Date
Daniel Stenberg
1e3161a20d polarssl: fix unaligned SSL session-id lock 2016-10-18 13:14:11 +02:00
Daniel Stenberg
ace237ae4e Curl_polarsslthreadlock_thread_setup: clear array at init
... since if it fails to init the entire array and then tries to clean
it up, it would attempt to work on an uninitialized pointer.
2016-10-18 13:05:43 +02:00
Daniel Stenberg
8e8afa82cb curl: set INTERLEAVEDATA too
As otherwise the callback could be called with a NULL pointer when RTSP
data is provided.
2016-10-18 12:09:56 +02:00
Daniel Stenberg
9a509680f6 gopher: properly return error for poll failures 2016-10-18 11:14:48 +02:00
Daniel Stenberg
8a6e89a9eb select: switch to macros in uppercase
Curl_select_ready() was the former API that was replaced with
Curl_select_check() a while back and the former arg setup was provided
with a define (in order to leave existing code unmodified).

Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most
common shortcuts where only one socket is checked. They're also more
visibly macros.
2016-10-18 11:05:45 +02:00
Daniel Stenberg
a05906190c select: use more proper macro-looking names
... so that it becomes more obvious in the code what is what. Also added
a typecast for one of the calculations.
2016-10-18 09:46:10 +02:00
Daniel Stenberg
9aa2afc3a5 Curl_socket_check: add extra check to avoid integer overflow 2016-10-18 09:45:34 +02:00
Daniel Stenberg
d18c546454 maketgz: make it support "only" generating version info
... to allow you to update the local repository with the given version
number data.
2016-10-17 09:29:46 +02:00
Jay Satiro
aec0c993cb url: skip to-be-closed connections when pipelining (follow-up)
- Change back behavior so that pipelining is considered possible for
connections that have not yet reached the protocol level.

This is a follow-up to e5f0b1a which had changed the behavior of
checking if pipelining is possible to ignore connections that had
'bits.close' set. Connections that have not yet reached the protocol
level also have that bit set, and we need to consider pipelining
possible on those connections.
2016-10-17 02:44:39 -04:00
Daniel Stenberg
9291a34d5d HTTP2: mention the tool's limited support 2016-10-17 08:01:44 +02:00
Daniel Stenberg
f7d6bdca6c RELEASE-NOTES: synced with a1a5cd0487 2016-10-16 13:31:42 +02:00
David Woodhouse
a1a5cd0487 curl: do not set CURLOPT_SSLENGINEDEFAULT automatically
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in
OpenSSL. Just don't get involved; there's no need to be making the
engine methods the default anyway.

https://github.com/OpenSC/libp11/pull/108
https://github.com/openssl/openssl/pull/1639

Merges #1042
2016-10-16 13:18:07 +02:00
Daniel Stenberg
96e3c07744 KNOWN_BUGS: two more existing problems 2016-10-16 12:55:40 +02:00
Marcel Raad
422db18f15
win: fix Universal Windows Platform build
This fixes a merge error in commit 7f3df80 caused by commit 332e8d6.

Additionally, this changes Curl_verify_windows_version for Windows App
builds to assume to always be running on the target Windows version.
There seems to be no way to determine the Windows version from a
UWP app. Neither GetVersion(Ex), nor VerifyVersionInfo, nor the
Version Helper functions are supported.

Bug: https://github.com/curl/curl/pull/820#issuecomment-250889878
Reported-by: Paul Joyce

Closes https://github.com/curl/curl/pull/1048
2016-10-16 12:09:12 +02:00
Daniel Stenberg
4ddc772b30 KNOWN_BUGS: minor formatting edit 2016-10-16 11:53:54 +02:00
Rider Linden
e5f0b1ab43 url: skip to-be-closed connections when pipelining
No longer attempt to use "doomed" to-be-closed connections when
pipelining. Prior to this change connections marked for deletion (e.g.
timeout) would be erroneously used, resulting in sporadic crashes.

As originally reported and fixed by Carlo Wood (origin unknown).

Bug: https://github.com/curl/curl/issues/627
Reported-by: Rider Linden

Closes https://github.com/curl/curl/pull/1075
Participation-by: nopjmp@users.noreply.github.com
2016-10-14 03:16:46 -04:00
Daniel Stenberg
1671d84b38 vtls: only re-use session-ids using the same scheme
To make it harder to do cross-protocol mistakes
2016-10-13 11:24:16 +02:00
Torben Dannhauer
3b36bd8e1a dist: add missing cmake modules to the tarball
Closes https://github.com/curl/curl/pull/1070
2016-10-11 22:57:36 -04:00
Daniel Stenberg
9297ca49f5 configure: detect the broken poll() in macOS 10.12
Fixes #1057
2016-10-11 11:05:06 +02:00
Daniel Stenberg
358fd32820 dist: remove PDF and HTML converted docs from the releases 2016-10-10 23:33:13 +02:00
Remo E
d522ff4690 cmake: add nghttp2 support
Closes #922
2016-10-10 19:47:31 +02:00
Andreas Streichardt
eb5199317e resolve: add error message when resolving using SIGALRM
Closes #1066
2016-10-10 14:14:20 +02:00
Daniel Stenberg
7cc9c876e8 GIT-INFO: remove the Mac 10.1-specific details
There shouldn't be many devs out there anymore using such outdated macOS
versions. And it removes the dead link.

Closes #1049
2016-10-10 10:29:19 +02:00
Daniel Stenberg
8c2b5580a6 RELEASE-NOTES: spellfix 2016-10-10 08:14:28 +02:00
Daniel Stenberg
f68042a2a5 RELEASE-NOTES: synced with 8272049062
5 more fixes, 2 more contributors
2016-10-10 08:13:01 +02:00
Tobias Stoeckmann
8272049062 smb: properly check incoming packet boundaries
Not all reply messages were properly checked for their lengths, which
made it possible to access uninitialized memory (but this does not lead
to out of boundary accesses).

Closes #1052
2016-10-09 00:14:26 +02:00
Daniel Stenberg
ac8a314913 test557: verify printf() with 128 and 129 arguments 2016-10-08 20:47:44 +02:00
Daniel Stenberg
71588c9aef mprintf: return error on too many arguments
128 arguments should be enough for everyone
2016-10-08 20:47:04 +02:00
Daniel Stenberg
8238ba9c5f ftp: fix Curl_ftpsendf()
... it no longer takes printf() arguments since it was only really taken
advantage by one user and it was not written and used in a safe
way. Thus the 'f' is removed from the function name and the proto is
changed.

Although the current code wouldn't end up in badness, it was a risk that
future changes could end up springf()ing too large data or passing in a
format string inadvertently.
2016-10-08 15:13:46 +02:00
Daniel Stenberg
9885c9508e formpost: avoid silent snprintf() truncation
The previous use of snprintf() could make libcurl silently truncate some
input data and not report that back on overly large input, which could
make data get sent over the network in a bad format.

Example:

 $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
2016-10-08 13:00:45 +02:00
Daniel Stenberg
f74baaf3b3 TODO: build: Enable PIE and RELRO by default 2016-10-08 12:17:26 +02:00
Daniel Stenberg
e11da9f4b7 TODO: Support better than MD5 hostkey hash (for ssh) 2016-10-08 11:51:21 +02:00
Daniel Gustafsson
4f43236a40 tests: Fix a small typo in the tests README (#1060)
The subdirectory for logs in tests/ is named log/ without an 's'
at the end.
2016-10-08 11:39:12 +02:00
Daniel Stenberg
13f3912471 TODO: Introduce --fail-fast to exit on first transfer fail
See #1054
2016-10-06 17:45:06 +02:00
Daniel Stenberg
da1a2d1ac8 TODO: Leave secure cookies alone 2016-10-06 09:40:47 +02:00
Rainer Müller
c271b1c29a CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
The 'userp' argument is unused in this example code.
2016-10-06 08:06:13 +02:00
Daniel Stenberg
2a3bca9aa0 TODO: TCP Fast Open for windows 2016-10-05 11:50:50 +02:00
Daniel Stenberg
6bf909d5ce RELEASE-NOTES: synced with 8fd2a754f0 2016-10-04 23:50:52 +02:00
Daniel Stenberg
15aefc6adc CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added 2016-10-04 23:46:45 +02:00
Daniel Stenberg
8fd2a754f0 memdup: use 'void *' as return and source type 2016-10-04 23:31:25 +02:00
Daniel Stenberg
203c5d5b3c TODO: Add easy argument to formpost functions 2016-10-04 18:34:31 +02:00
Daniel Stenberg
bdf162af25 formpost: trying to attach a directory no longer crashes
The error path would previously add a freed entry to the linked list.

Reported-by: Toby Peterson

Fixes #1053
2016-10-04 09:13:02 +02:00
Sergei Kuzmin
54e48b14e1 cookies: same domain handling changed to match browser behavior
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other.  If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.

Closes #1050
2016-10-03 16:49:35 +02:00
Stephen Brokenshire
2a1d538963 FAQ: Fix typos in section 5.14 (#1047)
Type required for YourClass::func C++ function (using size_t in line
with the documentation for CURLOPT_WRITEFUNCTION) and missing second
colon when specifying the static function for CURLOPT_WRITEFUNCTION.
2016-10-01 17:36:50 +02:00
Sebastian Mundry
9eda44a200 KNOWN_BUGS: Fix typos in section 5.8.
Closes #1046
2016-09-30 20:50:55 +02:00
mundry
dd42963a52 CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045) 2016-09-30 20:49:48 +02:00
Daniel Stenberg
7ea1469468 curl.1: --trace supports % for sending to stderr! 2016-09-30 17:17:48 +02:00
Daniel Stenberg
bd742adb6f KNOWN_BUGS: 5.8 configure finding libs in wrong directory 2016-09-26 11:44:00 +02:00
Dan Fandrich
1e7b79731b configure: Fixed builds with libssh2 in a custom location
A libssh2 library in the standard system location was being used in
preference to the desired one while linking.
2016-09-24 08:52:01 +02:00
Daniel Stenberg
cd7f562bdc SECURITY: remove the top ascii logo 2016-09-23 22:11:55 +02:00