Commit Graph

21785 Commits

Author SHA1 Message Date
Daniel Stenberg
da2af5c04d openssl: fix memory leak in servercert
... when failing to get the server certificate.
2017-04-20 15:46:03 +02:00
Daniel Stenberg
7c145bb2a0 Revert "src/Makefile.am: avoid explicit $<"
This reverts commit 5b4cbcf11d.

Since it broke out-of-tree builds from tarballs. See discussion in #1432
2017-04-20 09:16:12 +02:00
Daniel Stenberg
d88d054e94 bump: start working on next release 2017-04-19 23:16:10 +02:00
Daniel Stenberg
5b4cbcf11d src/Makefile.am: avoid explicit $<
... since apparently "BSD make" doesn't support it.

Reported-by: Thomas Klausner
Fixes #1432
2017-04-19 23:11:44 +02:00
Daniel Stenberg
d957e2189f THANKS: add contributors from 7.54.0 release notes 2017-04-19 07:41:40 +02:00
Daniel Stenberg
a78fc4559f RELEASE-NOTES: curl 7.54.0 2017-04-19 07:41:40 +02:00
Marcel Raad
a4ff8a1a0e
nss: fix MinGW compiler warnings
This fixes 3 warnings issued by MinGW:
1. PR_ImportTCPSocket actually has a paramter of type PROsfd instead of
PRInt32, which is 64 bits on Windows. Fixed this by including the
corresponding header file instead of redeclaring the function, which is
supported even though it is in the private include folder. [1]
2. In 64-bit mode, size_t is 64 bits while CK_ULONG is 32 bits, so an explicit
narrowing cast is needed.
3. Curl_timeleft returns time_t instead of long since commit
21aa32d30d.

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_ImportTCPSocket

Closes https://github.com/curl/curl/pull/1393
2017-04-18 16:38:04 +02:00
Jay Satiro
33cfcfd9f0 TLS: Fix switching off SSL session id when client cert is used
Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl
will each have their own sessionid flag.

Regression since HTTPS-Proxy support was added in cb4e2be. Prior to that
this issue had been fixed in 247d890, CVE-2016-5419.

Bug: https://github.com/curl/curl/issues/1341
Reported-by: lijian996@users.noreply.github.com

The new incarnation of this bug is called CVE-2017-7468 and is documented
here: https://curl.haxx.se/docs/adv_20170419.html
2017-04-18 07:56:34 +02:00
David Benjamin
997504ea50 openssl: don't try to print nonexistant peer private keys
X.509 certificates carry public keys, not private keys. Fields
corresponding to the private half of the key will always be NULL.

Closes #1425
2017-04-17 23:22:51 +02:00
David Benjamin
1c92b5b609 openssl: fix thread-safety bugs in error-handling
ERR_error_string with NULL parameter is not thread-safe. The library
writes the string into some static buffer. Two threads doing this at
once may clobber each other and run into problems. Switch to
ERR_error_string_n which avoids this problem and is explicitly
bounds-checked.

Also clean up some remnants of OpenSSL 0.9.5 around here. A number of
comments (fixed buffer size, explaining that ERR_error_string_n was
added in a particular version) date to when ossl_strerror tried to
support pre-ERR_error_string_n OpenSSLs.

Closes #1424
2017-04-17 23:20:30 +02:00
David Benjamin
47b2f89d7c openssl: make SSL_ERROR_to_str more future-proof
Rather than making assumptions about the values, use a switch-case.

Closes #1424
2017-04-17 23:20:22 +02:00
Daniel Gustafsson
aaa7e05c78 code: fix typos and style in comments
A few random typos, and minor whitespace cleanups, found in comments
while reading code.

Closes #1423
2017-04-17 23:17:50 +02:00
Marcel Raad
c25aba1254
extern-scan.pl: strip trailing CR
This makes test 1135 pass with CRLF checkouts.

Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166
Closes https://github.com/curl/curl/pull/1422
2017-04-17 08:33:04 +02:00
Marcel Raad
5cefe201e9
configure.ac: ignore CR after version numbers
Ignore everything after the version numbers in LIBCURL_VERSION and
LIBCURL_VERSION_NUM to ged rid of the extra CR character.
This makes tests 1022 and 1023 pass on Linux with a CRLF checkout.

Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166
Closes https://github.com/curl/curl/pull/1422
2017-04-17 08:32:45 +02:00
Marcel Raad
a0576e2f36
.gitattributes: force shell scripts to LF
Bash on Linux errors out on CR characters.
This makes tests 1221 and 1222 pass on Linux with a CRLF checkout.

Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166
Closes https://github.com/curl/curl/pull/1422
2017-04-17 08:32:13 +02:00
Marcel Raad
05c9f42e52
unit1303: fix compiler warning
MinGW-w64 complains:
warning: conversion to 'long int' from 'time_t {aka long long int}' may
alter its value [-Wconversion]
Fix this by using the correct type.
2017-04-16 13:54:21 +02:00
Daniel Stenberg
2af10b2c0b RELEASE-NOTES: synced with 1451271e0 2017-04-16 10:37:18 +02:00
Larry Stefani
1451271e08 http2: fix handle leak in error path
Add missing newhandle free call in push_promise().

Closes #1416
2017-04-15 23:37:30 +02:00
Larry Stefani
fc347820a2 mbedtls: fix memory leak in error path
Add missing our_ssl_sessionid free call in mbed_connect_step3().

Closes #1417
2017-04-15 23:29:25 +02:00
Marcel Raad
9168e2470d
curl-compilers.m4: turn implicit function declarations into errors
This adds -Werror-implicit-function-declaration for GCC 2.95+ so that
these errors are visible at the point where they occur instead of only
at link time.
Implicit function declarations are illegal in C99 and C++ anyway, and
the same warning has been turned into an error for ICC in commit
3072c5b8a1.

Ref: https://gcc.gnu.org/onlinedocs/gcc-2.95.2/gcc_2.html#SEC8
Ref: https://curl.haxx.se/mail/lib-2017-04/0001.html
Closes https://github.com/curl/curl/pull/1419
2017-04-15 21:17:56 +02:00
Marcel Raad
e50e2850ba
test1541: also test for CURL_PULL_WS2TCPIP_H
Ref: https://github.com/curl/curl/issues/1408
Closes https://github.com/curl/curl/pull/1412
2017-04-12 11:09:00 +02:00
Marcel Raad
fad74ba4cc
tests/server/util: prefer <poll.h> over <sys/poll.h>
Follow-up to aa573c3c55

Ref: https://github.com/curl/curl/pull/1406
2017-04-12 08:45:54 +02:00
Daniel Stenberg
ab6d23278e Curl_expire_latest: ignore already expired timers
If the existing timer is still in there but has expired, the new timer
should be added.

Reported-by: Rainer Canavan
Bug: https://curl.haxx.se/mail/lib-2017-04/0030.html
Closes #1407
2017-04-11 16:53:33 +02:00
Daniel Stenberg
f79913050d system.h: fix mingw section
Reported-by: Marcel Raad
Fixes #1408
Closes #1409
2017-04-11 15:54:42 +02:00
Marcel Raad
580da62d84
polarssl: unbreak build with versions < 1.3.8
ssl_session_init was only introduced in version 1.3.8, the penultimate
version. The function only contains a memset, so replace it with that.

Suggested-by: Jay Satiro
Fixes https://github.com/curl/curl/issues/1401
2017-04-11 12:56:57 +02:00
Marcel Raad
aa573c3c55
poll: prefer <poll.h> over <sys/poll.h>
The POSIX standard location is <poll.h>. Using <sys/poll.h> results in
warning spam when using the musl standard library.

Closes https://github.com/curl/curl/pull/1406
2017-04-11 08:31:38 +02:00
Alexis La Goutte
5ed16e6a7a openssl: fix this statement may fall through [-Wimplicit-fallthrough=]
Closes #1402
2017-04-10 14:21:49 +02:00
Kamil Dudka
d29e9de146 nss: load CA certificates even with --insecure
... because they may include an intermediate certificate for a client
certificate and the intermediate certificate needs to be presented to
the server, no matter if we verify the peer or not.

Reported-by: thraidh
Closes #851
2017-04-10 13:44:52 +02:00
Daniel Stenberg
764ad34cad RELEASE-NOTES: synced with f9d1e9a27f 2017-04-10 10:24:12 +02:00
Dan Fandrich
f9d1e9a27f libcurl-thread.3: fixed a bad macro that caused test 1140 to fail 2017-04-10 07:42:22 +02:00
Daniel Stenberg
1b9b90d94a libcurl-thread.3: also mention threaded-resolver
Reported-by: Alex Bligh
Bug: https://curl.haxx.se/mail/lib-2017-04/0044.html
2017-04-09 23:09:50 +02:00
Daniel Stenberg
ced57e9a95 .github/stale.yml: enable the stale bot
Issues and PRs with no activity for 180 days will get marked as stale,
and if no further activity happens within 14 more days, the issue gets
closed.

This follows our established policy of not letting stalled bugs "get in
the way": https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs

Closes #1398
2017-04-09 00:08:51 +02:00
Jay Satiro
fa66403280 CURLINFO_SCHEME.3: fix variable type
- Change documented param type to char ** from incorrect long *.
2017-04-08 15:44:39 -04:00
Marcel Raad
e8c3c92d58
INSTALL.md: fix secure transport configure arguments
--without-ssl is needed instead of --with-winssl.
2017-04-08 14:44:18 +02:00
Marcel Raad
45c78ad5b4
vtls: fix unreferenced variable warnings
... by moving the variables into the correct #ifdef block.
2017-04-08 13:40:41 +02:00
Daniel Stenberg
e10db122a2 BUGS: "Bugs in old versions" 2017-04-07 13:33:08 +02:00
Daniel Stenberg
e61c04b457 system.h: add section for tcc
Closes #1397
2017-04-07 10:45:05 +02:00
Marcel Raad
33ca733ee2
schannel: fix compiler warnings
When UNICODE is not defined, the Curl_convert_UTF8_to_tchar macro maps
directly to its argument. As it is declared as a pointer to const and
InitializeSecurityContext expects a pointer to non-const, both MSVC and MinGW
issue a warning about implicitly casting away the const. Fix this by declaring
the variables as pointers to non-const.

Closes https://github.com/curl/curl/pull/1394
2017-04-07 08:57:52 +02:00
Isaac Boukris
1f152a42ae
sspi: print out InitializeSecurityContext() error message
Reported-by: Carsten (talksinmath)

Fixes #1384
Closes #1395
2017-04-07 08:49:20 +02:00
Marcel Raad
aa2e9e9017
gtls: fix compiler warning
Curl_timeleft returns time_t instead of long since commit
21aa32d30d.
2017-04-06 19:34:44 +02:00
Daniel Stenberg
d2bdc98754 test1606: verify speedcheck 2017-04-06 17:38:23 +02:00
Daniel Stenberg
2d5711dc11 low_speed_limit: improved function for longer time periods
Previously, periods of fast speed between periods of slow speed would
not count and could still erroneously trigger a timeout.

Reported-by: Paul Harris
Fixes #1345
Closes #1390
2017-04-06 17:38:23 +02:00
Daniel Stenberg
ae485279a1 system.h: set sizeof long to 4 on "default 32 bit" systems
Triggered a test failure on test 1541 for the build known as
"Linux 4.4 i686 tcc 0.9.26 glibc 2.20"
2017-04-06 17:31:48 +02:00
Marcel Raad
c59fcdac90
nss: fix build after e60fe20fdf
Curl_llist_alloc is now Curl_llist_init.

Closes https://github.com/curl/curl/pull/1391
2017-04-06 12:52:13 +02:00
Daniel Stenberg
1526912b98 INSTALL.cmake: more problems
and mention specific issues where they are discussed
2017-04-06 08:04:32 +02:00
Daniel Stenberg
8761a40fd9 test1541: ignore the curl_off_t variable type name comparison
... the sizes and the formatting strings are what's really important and
avoids problems with int64_t vs "long long".

Bug: https://curl.haxx.se/mail/lib-2017-04/0019.html
2017-04-05 15:14:12 +02:00
Daniel Stenberg
65154588f6 Revert "configure: prefer 'long long' to int64_t for curl_off_t"
This reverts commit 81284374bf.

Due to mingw32 brekage.
2017-04-05 15:08:33 +02:00
Marcel Raad
b547fff566
tool_operate: fix MinGW compiler warning
MinGW complains:
tool_operate.c:197:15: error: comparison is always true due to limited range
of data type [-Werror=type-limits]

Fix this by only doing the comparison if 'long' is large enough to hold the
constant it is compared with.

Closes https://github.com/curl/curl/pull/1378
2017-04-05 13:08:16 +02:00
Marcel Raad
446eaa941d
tool_operate: move filetime code to its own function
Ref: https://github.com/curl/curl/pull/1378
2017-04-05 13:08:15 +02:00
Daniel Stenberg
81284374bf configure: prefer 'long long' to int64_t for curl_off_t
Since it is a native type and it makes it less complicated to find a
matching one in system.h

Bug: https://curl.haxx.se/mail/lib-2017-04/0010.html
Reported-by: Dan Fandrich

Closes #1388
2017-04-05 12:04:29 +02:00