Commit Graph

4317 Commits

Author SHA1 Message Date
Katsuhiko YOSHIDA
1f30dc886d
cookies: skip custom cookies when redirecting cross-site
Closes #3417
2019-01-09 15:18:08 +01:00
Daniel Stenberg
89165c1a94
THANKS: fixups and a dedupe
[skip ci]
2019-01-09 11:08:47 +01:00
Daniel Stenberg
d42520f2c8
INTERNALS: correct some outdated function names
Closes #3431
2019-01-03 15:47:00 +01:00
Daniel Stenberg
f2d5e34bae
docs/version.d: mention MultiSSL
Reviewed-by: Daniel Gustafsson
Closes #3432
2019-01-03 15:45:18 +01:00
Rikard Falkeborn
251cabfb4a examples: Update .gitignore
Add a few missing examples to make `make examples` not leave the
workspace in a dirty state.

Closes #3427
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-01-02 14:32:01 +01:00
Daniel Gustafsson
b3e24e26e1 THANKS: add more missing names
Add Adrian Burcea who made the artwork for the curl://up 2018 event
which was held in Stockholm, Sweden.
2019-01-02 13:40:13 +01:00
Daniel Gustafsson
5cc3285574 docs: mention potential leak in curl_slist_append
When a non-empty list is appended to, and used as the returnvalue,
the list pointer can leak in case of an allocation failure in the
curl_slist_append() call. This is correctly handled in curl code
usage but we weren't explicitly pointing it out in the API call
documentation. Fix by extending the RETURNVALUE manpage section
and example code.

Closes #3424
Reported-by: dnivras on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-01-02 12:49:49 +01:00
Daniel Stenberg
01ba09e25a THANKS: dedupe more names
Researched-by: Tae Wong
2019-01-01 17:55:41 +01:00
Daniel Stenberg
47e95c89b7 THANKS: added missing names from year <= 2000
Due to a report of a missing name in THANKS I manually went through an
old CHANGES.0 file and added many previously missing names here.
2018-12-31 20:03:49 +01:00
Daniel Stenberg
2a8801d7ba THANKS: dedupe Guenter Knauf
Reported-by: Tae Wong
2018-12-30 17:59:58 +01:00
Daniel Stenberg
1a6efadce8 THANKS: missing name from the 6.3.1 release! 2018-12-30 17:57:54 +01:00
Claes Jakobsson
d8cae791f4 hostip: support wildcard hosts
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.

Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
  curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
       https://a.com https://b.com

This is probably quite similar to using:
  --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443

Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-27 14:23:53 +01:00
Daniel Gustafsson
b3d111ae15 FAQ: remove mention of sourceforge for github
The project bug tracker is no longer hosted at sourceforge but is now
hosted on the curl Github page. Update the FAQ to reflect.

Closes #3410
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-25 23:20:55 +01:00
Daniel Stenberg
006ff62d8c
http: added options for allowing HTTP/0.9 responses
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.

For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.

Fixes #2873
Closes #3383
2018-12-21 10:49:30 +01:00
Daniel Stenberg
9e6518481c
TODO: Windows: set attribute 'archive' for completed downloads
Closes #3354
2018-12-14 11:18:57 +01:00
Daniel Stenberg
04b69c744c
http: minor whitespace cleanup from f464535b 2018-12-14 10:20:06 +01:00
Ayoub Boudhar
f464535bfd
http: Implement trailing headers for chunked transfers
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
options that allow a callback based approach to sending trailing headers
with chunked transfers.

The test server (sws) was updated to take into account the detection of the
end of transfer in the case of trailing headers presence.

Test 1591 checks that trailing headers can be sent using libcurl.

Closes #3350
2018-12-14 10:10:48 +01:00
Daniel Gustafsson
7a09b52c98 cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-13 09:57:58 +01:00
Daniel Stenberg
fdc5563b6e
docs: fix the --tls-max description
Reported-by: Tobias Lindgren
Pointed out in #3367

Closes #3368
2018-12-13 08:35:55 +01:00
Daniel Stenberg
a58741aab7
THANKS: from the curl 7.62.0 cycle 2018-12-12 08:12:27 +01:00
Patrick Monnerat
37093a21a6 documentation: curl_formadd field and file names are now escaped
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
header without special processing: this may lead to invalid RFC 822
quoted-strings.
7.56.0 introduces escaping of backslashes and double quotes in these names:
mention it in the documentation.

Reported-by: daboul on github
Closes #3361
2018-12-11 15:31:23 +01:00
Daniel Gustafsson
6381708970 checksrc: add COPYRIGHTYEAR check
Forgetting to bump the year in the copyright clause when hacking has
been quite common among curl developers, but a traditional checksrc
check isn't a good fit as it would penalize anyone hacking on January
1st (among other things). This adds a more selective COPYRIGHTYEAR
check which intends to only cover the currently hacked on changeset.

The check for updated copyright year is currently not enforced on all
files but only on files edited and/or committed locally. This is due to
the amount of files which aren't updated with their correct copyright
year at the time of their respective commit.

To further avoid running this expensive check for every developer, it
adds a new local override mode for checksrc where a .checksrc file can
be used to turn on extended warnings locally.

Closes #3303
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-03 23:13:40 +01:00
Daniel Stenberg
847b130244
CHECKSRC.md: document more warnings
Closes #3335
[ci skip]
2018-12-03 09:47:13 +01:00
Daniel Stenberg
4a01a20bdb
SECURITY-PROCESS: bountygraph shuts down
This backpedals back the documents to the state before bountygraph.

Closes #3311
2018-11-30 22:50:36 +01:00
Daniel Gustafsson
436b50f2f7 TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entry
Commit 7c5837e792 deprecated the option
making it a manual code-edit operation to turn it back on. The removal
process has thus started and is now documented in docs/DEPRECATE.md so
remove from the TODO to avoid anyone looking for something to pick up
spend cycles on an already in-progress entry.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-29 12:15:04 +01:00
Daniel Gustafsson
8802ad965d cmdline-opts/gen.pl: define the correct varname
The variable definition had a small typo making it declare another
variable then the intended.

Closes #3304
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-26 09:56:49 +01:00
Daniel Stenberg
ae7a09db20
CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times 2018-11-23 16:55:33 +01:00
Daniel Stenberg
dcd6f81025
snprintf: renamed and we now only use msnprintf()
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.

Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
2018-11-23 08:26:51 +01:00
Tobias Hintze
5b4cce2e36
host names: allow trailing dot in name resolve, then strip it
Delays stripping of trailing dots to after resolving the hostname.

Fixes #3022
Closes #3222
2018-11-22 13:40:51 +01:00
UnknownShadow200
2366697806
CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
Closes #3295
2018-11-22 00:05:05 +01:00
Romain Fliedel
47ccb2d204
examples/ephiperfifo: report error when epoll_ctl fails 2018-11-20 19:58:41 +01:00
Han Han
89d2e95f78 docs: add more description to unified ssl error codes 2018-11-19 15:57:44 -08:00
Daniel Stenberg
f7fa04d7f3
docs: expanded on some CURLU details 2018-11-11 00:10:56 +01:00
Daniel Stenberg
a1aabed817
HISTORY: add some milestones
Added a few of the more notable milestones in curl history that were
missing. Primarily more recent ones but I also noted some older that
could be worth mentioning.

[ci skip]
Closes #3257
2018-11-09 17:46:05 +01:00
Daniel Gustafsson
10c91b6660 KNOWN_BUGS: add --proxy-any connection issue
Add the identified issue with --proxy-any and proxy servers which
advertise authentication schemes other than the supported one.

Closes #876
Closes #3250
Reported-by: NTMan on Github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-09 16:50:39 +01:00
Jim Fuller
5c4fe0d826
setopt: add CURLOPT_CURLU
Allows an application to pass in a pre-parsed URL via a URL handle.

Closes #3227
2018-11-09 15:47:28 +01:00
Gisle Vanem
073332b525
docs: ESCape "\n" codes
Groff / Troff will display a:
 printaf("Errno: %ld\n", error);
as:
  printf("Errno: %ld0, error);

when a "\n" is not escaped. Use "\\n" instead.

Closes #3246
2018-11-09 15:38:52 +01:00
Gisle Vanem
08b1a851cc
More "\n" ESCaping 2018-11-07 13:32:17 +01:00
Frank Gevaerts
e431daf013
curl: add %{stderr} and %{stdout} for --write-out
Closes #3115
2018-11-07 11:09:55 +01:00
Daniel Gustafsson
8a49b291cb winssl: be consistent in Schannel capitalization
The productname from Microsoft is "Schannel", but in infof/failf
reporting we use "schannel". This removes different versions.

Closes #3243
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-07 10:11:13 +01:00
Daniel Stenberg
64f9d391ed
TODO: Have the URL API offer IDN decoding
Similar to how URL decoding/encoding is done, we could have URL
functions to convert IDN host names to punycode.

Suggested-by: Alexey Melnichuk
Closes #3232
2018-11-07 08:46:34 +01:00
Daniel Stenberg
9aa8ff2895
urlapi: only skip encoding the first '=' with APPENDQUERY set
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
encoding the first to better allow "name=content" for any content.

Reported-by: Alexey Melnichuk
Fixes #3231
Closes #3231
2018-11-07 08:28:48 +01:00
Michael Kaufmann
53db15ba55 netrc: don't ignore the login name specified with "--user"
- for "--netrc", don't ignore the login/password specified with "--user",
  only ignore the login/password in the URL.
  This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set

Fixes #3213
Closes #3224
2018-11-05 20:34:01 +01:00
Daniel Stenberg
29c05ce9c3
TODO: 2.6 multi upkeep
Closes #3199
2018-11-05 09:54:18 +01:00
Daniel Stenberg
66dc1570db
symbols-in-versions: add missing CURLU_ symbols
...and fix symbol-scan.pl to also scan urlapi.h

Reported-by: Alexey Melnichuk
Fixes #3226
Closes #3230
2018-11-04 23:15:12 +01:00
Daniel Stenberg
302d125b42
axtls: removed
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
2018-11-01 10:29:53 +01:00
marcosdiazr
7f4c358541
schannel: make CURLOPT_CERTINFO support using Issuer chain
Closes #3197
2018-11-01 10:21:51 +01:00
Daniel Stenberg
bbed10da65
THANKS: 7.62.0 status 2018-10-30 17:53:59 +01:00
Daniel Gustafsson
1460e89e01 vtls: add MesaLink to curl_sslbackend enum
MesaLink support was added in commit 57348eb97d but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.

Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-10-30 16:56:51 +01:00
Daniel Stenberg
803496fa10
RELEASE-PROCEDURE: adjust the release dates
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
2018-10-27 15:14:51 +02:00