Commit Graph

23967 Commits

Author SHA1 Message Date
Daniel Stenberg
885eea10b0
TODO: cmake test suite improvements
Closes #3109
2019-02-14 08:09:31 +01:00
Patrick Monnerat
e916025f32 curl: "Dereference of null pointer"
Rephrase to satisfy scan-build.
2019-02-13 18:44:17 +01:00
Marcel Raad
71786c0505
unit1307: require FTP support
This test doesn't link without FTP support after
fc7ab4835b, which made Curl_fnmatch
unavailable without FTP support.

Closes https://github.com/curl/curl/pull/3565
2019-02-13 08:42:11 +01:00
Daniel Stenberg
a7c228ab89
TODO: TFO support on Windows
Nobody works on this now.

Closes #3378
2019-02-13 08:28:28 +01:00
Daniel Stenberg
bb2444b794
multi: Dereference of null pointer
Mostly a false positive, but this makes the code easier to read anyway.

Detected by scan-build.

Closes #3563
2019-02-13 08:06:35 +01:00
Daniel Stenberg
59e043c592
urlglob: Argument with 'nonnull' attribute passed null
Detected by scan-build.
2019-02-13 08:06:34 +01:00
Jay Satiro
0648070423 schannel: restore some debug output but only for debug builds
Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy
debug output in DEBUGF but omitted a few lines.

Ref: https://github.com/curl/curl/commit/84c10dc#r32292900
2019-02-12 19:54:08 -05:00
Jay Satiro
db239c07af examples/crawler: Fix the Accept-Encoding setting
- Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default
  supported encodings.

Prior to this change the specific encodings of gzip and deflate were set
but there's no guarantee they'd be supported by the user's libcurl.
2019-02-12 18:07:29 -05:00
Daniel Stenberg
179927c12a
mime: put the boundary buffer into the curl_mime struct
... instead of allocating it separately and point to it. It is
fixed-size and always used for each part.

Closes #3561
2019-02-12 22:55:32 +01:00
Daniel Stenberg
84c10dc1ba
schannel: be quiet
Convert numerous infof() calls into debug-build only messages since they
are annoyingly verbose for regular applications. Removed a few.

Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html
Reported-by: Volker Schmid
Closes #3552
2019-02-12 22:53:10 +01:00
Romain Geissler
aa1f1d48f3
Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
Closes #3562
2019-02-12 19:19:55 +01:00
Daniel Stenberg
61496154ce
http2: multi_connchanged() moved from multi.c, only used for h2
Closes #3557
2019-02-12 14:40:37 +01:00
Daniel Stenberg
4854b344e7
curl: "Function call argument is an uninitialized value"
Follow-up to cac0e4a6ad

Detected by scan-build
Closes #3560
2019-02-12 14:39:04 +01:00
Daniel Stenberg
a6d134e17a
pretransfer: don't strlen() POSTFIELDS set for GET requests
... since that data won't be used in the request anyway.

Fixes #3548
Reported-by: Renaud Allard
Close #3549
2019-02-12 14:36:54 +01:00
Daniel Stenberg
aabc7ae5ec
multi: remove verbose "Expire in" ... messages
Reported-by: James Brown
Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html
Closes #3558
2019-02-12 14:13:15 +01:00
Daniel Stenberg
aabe0a7312
mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
Reported-by: MAntoniak on github
Fixes #3553
Closes #3556
2019-02-12 10:27:47 +01:00
Daniel Gustafsson
5c31aebf64 non-ascii.c: fix typos in comments
Fix two occurrences of s/convers/converts/ spotted while reading code.
2019-02-12 10:24:29 +01:00
Daniel Stenberg
fc7ab4835b
fnmatch: disable if FTP is disabled
Closes #3551
2019-02-12 07:50:39 +01:00
Daniel Stenberg
afda140ec5
curl_path: only enabled for SSH builds 2019-02-12 07:50:39 +01:00
Frank Gevaerts
35a8fd2886
tests: add stderr comparison to the test suite
The code is more or less copied from the stdout comparison code, maybe
some better reuse is possible.

test 1457 is adjusted to make the output actually match (by using --silent)
test 506 used <stderr> without actually needing it, so that <stderr> block is removed

Closes #3536
2019-02-11 23:00:50 +01:00
Patrick Monnerat
cac0e4a6ad cli tool: do not use mime.h private structures.
Option -F generates an intermediate representation of the mime structure
that is used later to create the libcurl mime structure and generate
the --libcurl statements.

Reported-by: Daniel Stenberg
Fixes #3532
Closes #3546
2019-02-11 19:10:41 +01:00
Daniel Stenberg
b75fb9b5a6
curlver: bump to 7.64.1-dev 2019-02-11 18:15:13 +01:00
Daniel Stenberg
06f24a0771
RELEASE-NOTES: synced
and bump the version in progress to 7.64.1. If we merge any "change"
before the cut-off date, we update again.
2019-02-11 18:10:53 +01:00
Daniel Gustafsson
3b569f6248 curl: follow-up to 3f16990ec8
Commit 3f16990ec8 followed-up a bug in b49652ac66 but was
inadvertently introducing a new bug in the ternary expression.

Close #3555
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-11 14:22:36 +01:00
Daniel Gustafsson
e5d574c54f dns: release sharelock as soon as possible
There is no benefit to holding the data sharelock when freeing the
addrinfo in case it fails, so ensure releaseing it as soon as we can
rather than holding on to it. This also aligns the code with other
consumers of sharelocks.

Closes #3516
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-11 13:34:11 +01:00
Daniel Stenberg
3f16990ec8
curl: follow-up to b49652ac66
On FreeBSD, return non-zero on error otherwise zero.

Reported-by: Marcel Raad
2019-02-11 12:17:31 +01:00
Daniel Stenberg
982c09b95b
multi: (void)-prefix when ignoring return values
... and added braces to two function calls which fixes warnings if they
are replace by empty macros at build-time.
2019-02-11 11:57:02 +01:00
Daniel Stenberg
b49652ac66
curl: fix FreeBSD compiler warning in the --xattr code
Closes #3550
2019-02-11 11:42:21 +01:00
Daniel Stenberg
38d8e1bd4e
connection_check: set ->data to the transfer doing the check
The http2 code for connection checking needs a transfer to use. Make
sure a working one is set before handler->connection_check() is called.

Reported-by: jnbr on github
Fixes #3541
Closes #3547
2019-02-11 10:34:34 +01:00
Daniel Stenberg
81a9fe4e92
hostip: make create_hostcache_id avoid alloc + free
Closes #3544
2019-02-11 08:57:54 +01:00
Daniel Stenberg
e81cd9028f
scripts/singleuse: script to use to track single-use functions
That is functions that are declared global but are not used from outside
of the file in which it is declared. Such functions should be made
static or even at times be removed.

It also verifies that all used curl_ prefixed functions are "blessed"

Closes #3538
2019-02-11 08:55:47 +01:00
Daniel Stenberg
05b100aee2
cleanup: make local functions static
urlapi: turn three local-only functions into statics

conncache: make conncache_find_first_connection static

multi: make detach_connnection static

connect: make getaddressinfo static

curl_ntlm_core: make hmac_md5 static

http2: make two functions static

http: make http_setup_conn static

connect: make tcpnodelay static

tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds

... and mark Curl_shuffle_addr accordingly.

url: make up_free static

setopt: make vsetopt static

curl_endian: make write32_le static

rtsp: make rtsp_connisdead static

warnless: remove unused functions

memdebug: remove one unused function, made another static
2019-02-10 18:38:57 +01:00
Dan Fandrich
9a36c0ae21 cirrus: Added FreeBSD builds using Cirrus CI.
The build logs will be at https://cirrus-ci.com/github/curl/curl

Some tests are currently failing and so disabled for now. The SSH server
isn't starting for the SSH tests due to unsupported options used in its
config file. The DICT server also is failing on startup.
2019-02-10 16:00:25 +01:00
Daniel Stenberg
9cb126792c
url/idnconvert: remove scan for <= 32 ascii values
The check was added back in fa939220df before the URL parser would catch
these problems and therefore these will never trigger now.

Closes #3539
2019-02-09 23:39:58 +01:00
Daniel Stenberg
f260b9e932
urlapi: reduce variable scope, remove unreachable 'break'
Both nits pointed out by codacy.com

Closes #3540
2019-02-09 23:33:36 +01:00
Alessandro Ghedini
b3cc8017b7 zsh.pl: escape ':' character
':' is interpreted as separator by zsh, so if used as part of the argument
or option's description it needs to be escaped.

The problem can be reproduced as follows:

 % curl --reso<TAB>
 % curl -E <TAB>

Bug: https://bugs.debian.org/921452
2019-02-07 21:51:53 +00:00
Alessandro Ghedini
dbd32f3241 zsh.pl: update regex to better match curl -h output
The current regex fails to match '<...>' arguments properly (e.g. those
with spaces in them), which causes an completion script with wrong
descriptions for some options.

Here's a diff of the generated completion script, comparing the previous
version to the one with this fix:

--- /usr/share/zsh/vendor-completions/_curl	2019-01-15 20:47:40.000000000 +0000
+++ _curl	2019-02-05 20:57:29.453349040 +0000
@@ -9,48 +9,48 @@

 _arguments -C -S \
   --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
+  --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
   {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
   {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
   {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
   --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
-  --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
+  --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
   {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
   --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
   --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
-  --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
   --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
   --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
-  --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
-  --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
+  --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
   --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
   --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
+  --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
   --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
+  --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
   {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
   --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
   --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
-  --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
+  --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
   --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
   --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
-  --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
   {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
   --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
   --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
   {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
-  --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
-  --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
-  {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
-  --location-trusted'[--location, and send auth to other hosts]':'Like' \
+  --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
   --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
   {-O,--remote-name}'[Write output to a file named as the remote file]' \
+  --retry-connrefused'[Retry on connection refused (use with --retry)]' \
+  --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
   --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
   --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
   --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
   {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
+  {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
   {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
   --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
   --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
-  --ignore-content-length'[the size of the remote resource]':'Ignore' \
   {-k,--insecure}'[Allow insecure server connections when using SSL]' \
+  --location-trusted'[Like --location, and send auth to other hosts]' \
   --mail-auth'[Originator address of the original email]':'<address>' \
   --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
   --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
@@ -62,18 +62,19 @@
   --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
   --cacert'[CA certificate to verify peer against]':'<file>':_files \
   {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
+  --ignore-content-length'[Ignore the size of the remote resource]' \
   {-i,--include}'[Include protocol response headers in the output]' \
   --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
   --unix-socket'[Connect through this Unix domain socket]':'<path>' \
   {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
-  --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
   {-o,--output}'[Write to file instead of stdout]':'<file>':_files \
-  {-J,--remote-header-name}'[the header-provided filename]':'Use' \
+  --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
   --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
   {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
   {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
   --capath'[CA directory to verify peer against]':'<dir>':_files \
   {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
+  --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
   --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
   {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
   --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
@@ -81,52 +82,49 @@
   {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
   --egd-file'[EGD socket path for random data]':'<file>':_files \
   --fail-early'[Fail on first transfer error, do not continue]' \
-  --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
-  --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
+  {-J,--remote-header-name}'[Use the header-provided filename]' \
   --retry-max-time'[Retry only within this period]':'<seconds>' \
   --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
   --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
-  --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
-  --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
   --cert-status'[Verify the status of the server certificate]' \
-  --ftp-create-dirs'[the remote dirs if not present]':'Create' \
   {-:,--next}'[Make next URL use its separate set of options]' \
   --proxy-key-type'[Private key file type for proxy]':'<type>' \
-  --remote-name-all'[the remote file name for all URLs]':'Use' \
   {-X,--request}'[Specify request command to use]':'<command>' \
   --retry'[Retry request if transient problems occur]':'<num>' \
-  --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
   --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
   --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
   --create-dirs'[Create necessary local directory hierarchy]' \
+  --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
   --max-redirs'[Maximum number of redirects allowed]':'<num>' \
   {-n,--netrc}'[Must read .netrc for user name and password]' \
+  {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
   --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
   --sasl-ir'[Enable initial response in SASL authentication]' \
-  --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
+  --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
+  --ssl-allow-beast'[Allow security flaw to improve interop]' \
+  --ftp-create-dirs'[Create the remote dirs if not present]' \
   --interface'[Use network INTERFACE (or address)]':'<name>' \
   --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
   --netrc-file'[Specify FILE for netrc]':'<filename>':_files \
   {-N,--no-buffer}'[Disable buffering of the output stream]' \
   --proxy-service-name'[SPNEGO proxy service name]':'<name>' \
-  --styled-output'[styled output for HTTP headers]':'Enable' \
+  --remote-name-all'[Use the remote file name for all URLs]' \
+  --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
   --max-filesize'[Maximum file size to download]':'<bytes>' \
   --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
   --no-keepalive'[Disable TCP keepalive on the connection]' \
   {-#,--progress-bar}'[Display transfer progress as a bar]' \
-  {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
-  --proxy-anyauth'[any proxy authentication method]':'Pick' \
   {-Q,--quote}'[Send command(s) to server before transfer]' \
-  --request-target'[the target for this request]':'Specify' \
+  --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
   {-u,--user}'[Server user and password]':'<user:password>' \
   {-K,--config}'[Read config from a file]':'<file>':_files \
   {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
   --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
-  --disallow-username-in-url'[username in url]':'Disallow' \
   --krb'[Enable Kerberos with security <level>]':'<level>' \
   --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
   --proxy-digest'[Use Digest authentication on the proxy]' \
   --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
+  --styled-output'[Enable styled output for HTTP headers]' \
   {-b,--cookie}'[Send cookies from string/file]':'<data>' \
   --data-urlencode'[HTTP POST data url encoded]':'<data>' \
   --delegation'[GSS-API delegation permission]':'<LEVEL>' \
@@ -134,7 +132,10 @@
   --post301'[Do not switch to GET after following a 301]' \
   --post302'[Do not switch to GET after following a 302]' \
   --post303'[Do not switch to GET after following a 303]' \
+  --proxy-anyauth'[Pick any proxy authentication method]' \
+  --request-target'[Specify the target for this request]' \
   --trace-time'[Add time stamps to trace/verbose output]' \
+  --disallow-username-in-url'[Disallow username in url]' \
   --dns-servers'[DNS server addrs to use]':'<addresses>' \
   {-G,--get}'[Put the post data in the URL and use GET]' \
   --limit-rate'[Limit transfer speed to RATE]':'<speed>' \
@@ -148,21 +149,21 @@
   --metalink'[Process given URLs as metalink XML file]' \
   --tr-encoding'[Request compressed transfer encoding]' \
   --xattr'[Store metadata in extended file attributes]' \
-  --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
   --pass'[Pass phrase for the private key]':'<phrase>' \
   --proxy-ntlm'[Use NTLM authentication on the proxy]' \
   {-S,--show-error}'[Show error even when -s is used]' \
-  --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
+  --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
   --form-string'[Specify multipart MIME data]':'<name=string>' \
   --login-options'[Server login options]':'<options>' \
   --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
-  --tftp-no-options'[not send any TFTP options]':'Do' \
   {-v,--verbose}'[Make the operation more talkative]' \
+  --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
   --proxy-key'[Private key for HTTPS proxy]':'<key>' \
   {-F,--form}'[Specify multipart MIME data]':'<name=content>' \
   --mail-from'[Mail from this address]':'<address>' \
   --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
   --proto'[Enable/disable PROTOCOLS]':'<protocols>' \
+  --tftp-no-options'[Do not send any TFTP options]' \
   --tlsauthtype'[TLS authentication type]':'<type>' \
   --doh-url'[Resolve host names over DOH]':'<URL>' \
   --no-sessionid'[Disable SSL session-ID reusing]' \
@@ -173,14 +174,13 @@
   --ftp-ssl-ccc'[Send CCC after authenticating]' \
   {-4,--ipv4}'[Resolve names to IPv4 addresses]' \
   {-6,--ipv6}'[Resolve names to IPv6 addresses]' \
-  --netrc-optional'[either .netrc or URL]':'Use' \
   --service-name'[SPNEGO service name]':'<name>' \
   {-V,--version}'[Show version number and quit]' \
   --data-ascii'[HTTP POST ASCII data]':'<data>' \
   --ftp-account'[Account data string]':'<data>' \
-  --compressed-ssh'[SSH compression]':'Enable' \
   --disable-eprt'[Inhibit using EPRT or LPRT]' \
   --ftp-method'[Control CWD usage]':'<method>' \
+  --netrc-optional'[Use either .netrc or URL]' \
   --pubkey'[SSH Public key file name]':'<key>' \
   --raw'[Do HTTP "raw"; no transfer decoding]' \
   --anyauth'[Pick any authentication method]' \
@@ -189,6 +189,7 @@
   --no-alpn'[Disable the ALPN TLS extension]' \
   --tcp-nodelay'[Use the TCP_NODELAY option]' \
   {-B,--use-ascii}'[Use ASCII/text transfer]' \
+  --compressed-ssh'[Enable SSH compression]' \
   --digest'[Use HTTP Digest Authentication]' \
   --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
   --engine'[Crypto engine to use]':'<name>' \
2019-02-07 21:51:53 +00:00
Marcel Raad
91e397b242
tool_operate: fix typecheck warning
Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
tool_operate.c: In function 'operate_do':
../include/curl/typecheck-gcc.h:47:9: error: call to
'_curl_easy_setopt_err_long' declared with attribute warning:
curl_easy_setopt expects a long argument for this option [-Werror]

Closes https://github.com/curl/curl/pull/3534
2019-02-07 18:36:53 +01:00
Chris Araman
927a5bd1b4 url: close TLS before removing conn from cache
- Fix potential crashes in schannel shutdown.

Ensure any TLS shutdown messages are sent before removing the
association between the connection and the easy handle. Reverts
@bagder's previous partial fix for #3412.

Fixes https://github.com/curl/curl/issues/3412
Fixes https://github.com/curl/curl/issues/3505
Closes https://github.com/curl/curl/pull/3531
2019-02-06 13:33:21 -05:00
Daniel Gustafsson
fef38a0898 INTERNALS.md: fix subsection depth and link
The Kerberos subsection was mistakenly a subsubsection under FTP, and
the curlx subsection was missing an anchor for the TOC link.

Closes #3529
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-06 10:29:14 +01:00
Daniel Stenberg
f3294d9d86
RELEASE-NOTES: 7.64.0 2019-02-06 07:57:13 +01:00
Daniel Stenberg
1c986c068d
RELEASE-PROCEDURE: update the release calendar 2019-02-06 07:57:13 +01:00
Daniel Stenberg
f3e5a91e44
THANKS: 7.64.0 status 2019-02-06 07:57:12 +01:00
Daniel Gustafsson
55e962cacb ROADMAP: remove already performed item
Commit 7a09b52c98 introduced support
for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
the entry was removed from the TODO it was mistakenly left here.
Fix by removing and rewording the entry slightly.

Closes #3530
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-05 23:20:56 +01:00
Etienne Simard
e49ca2a115 CONTRIBUTE.md: Fix grammatical errors
Fix grammatical errors making the document read better. Also fixes
a typo.

Closes #3525
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-02-05 11:56:04 +01:00
Julian Z
2568441cab
docs: use $(INSTALL_DATA) to install man page
Fixes #3518
Closes #3522
2019-02-04 23:39:18 +01:00
Ladar Levison
53400f5a41 runtests.pl: Fix perl call to include srcdir
- Use explicit include opt for perl calls.

Prior to this change some scripts couldn't find their dependencies.

At the top, perl is called using with the "-Isrcdir" option, and it
works:

https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183

But on line 3868, that option is omitted. This caused problems for me,
as the symbol-scan.pl script in particular couldn't find its
dependencies properly:

https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868

This patch fixes that oversight by making calls to perl sub-shells
uniform.

Closes https://github.com/curl/curl/pull/3496
2019-02-04 13:02:29 -05:00
Daniel Gustafsson
39df4073e5
smtp: avoid risk of buffer overflow in strtol
If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.

Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823
2019-02-04 08:22:32 +01:00
Daniel Stenberg
50c9484278
ntlm: fix *_type3_message size check to avoid buffer overflow
Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
Reported-by: Wenxiang Qian
CVE-2019-3822
2019-02-04 08:22:32 +01:00
Daniel Stenberg
b780b30d13
NTLM: fix size check condition for type2 received data
Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
Reported-by: Wenxiang Qian
CVE-2018-16890
2019-02-04 08:22:31 +01:00