etlegacy/etlegacy-libs
0
0
Fork 0
mirror of https://github.com/etlegacy/etlegacy-libs.git synced 2025-02-24 04:01:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
etlegacy-libs/curl/CHANGES
Remy Marquis cf4eae3ded updated to cURL 7.40
2015-01-23 16:30:59 +01:00

5326 lines
172 KiB
Text
Raw Blame History

_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
Changelog
Version 7.40.0 (7 Jan 2015)
Daniel Stenberg (7 Jan 2015)
- RELEASE-NOTES: version 7.40.0
- darwinssl: fix session ID keys to only reuse identical sessions
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.
Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
- tests: make sure CRLFs can't be used in URLs passed to proxy
Bug: http://curl.haxx.se/docs/adv_20150108B.html
- url-parsing: reject CRLFs within URLs
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
Steve Holme (7 Jan 2015)
- ldap: Convert attribute output to UTF-8 when Unicode
- ldap: Convert DN output to UTF-8 when Unicode
Daniel Stenberg (7 Jan 2015)
- hostip: remove 'stale' argument from Curl_fetch_addr proto
Also, remove the log output of the resolved name is NOT in the cache in
the spirit of only telling when something is actually happening.
Steve Holme (7 Jan 2015)
- ldap/imap: Fixed spelling mistake in comments and variable names
Reported-by: Michael Osipov
Daniel Stenberg (7 Jan 2015)
- RELEASE-NOTES: updated with ./contributors.sh output
Dan Fandrich (5 Jan 2015)
- curl_multibyte.h: Eliminated some trailing whitespace
Steve Holme (4 Jan 2015)
- RELEASE-NOTES: Synced with ea93252ef1
- ldap: Fixed Unicode usage for all Win32 builds
Otherwise, the fixes in the previous commits would only be applicable
to IDN and SSPI based builds and not others such as OpenSSL with LDAP
enabled.
- ldap: Fixed memory leak from commit efb64fdf80
- ldap: Fix memory leak from commit 3a805c5cc1
- ldap: Fixed attribute variable warnings when Unicode is enabled
Use 'TCHAR *' for local attribute variable rather than 'char *'.
- ldap: Fixed DN variable warnings when Unicode is enabled
Use 'TCHAR *' for local DN variable rather than 'char *'.
- ldap: Remove the unescape_elements() function
Due to the recent modifications this function is no longer used.
- ldap.c: Fixed compilation warning
ldap.c:98: warning: extra tokens at end of #endif directive
- ldap: Fixed support for Unicode filter in Win32 search call
- ldap.c: Fixed compilation warning
ldap.c:802: warning: comparison between signed and unsigned integer
expressions
- ldap: Fixed support for Unicode attributes in Win32 search call
- ldap: Fixed memory leak from commit efb64fdf80
The unescapped DN was not freed after a successful character conversion.
- ldap.c: Fixed compilation error
ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
just 1
- ldap.c: Fixed compilation warning
ldap.c:89: warning: extra tokens at end of #endif directive
- ldap: Fixed support for Unicode DN in Win32 search call
- ldap: Fixed Unicode user and password in Win32 bind calls
- ldap: Fixed Unicode host name in Win32 initialisation calls
- ldap: Use host.dispname for infof() connection failure messages
As host.name may be encoded use dispname for infof() failure messages.
- ldap: Prefer 'CURLcode result' for curl result codes
- ldap: Pass write length in all Curl_client_write() calls
As we get the length for the DN and attribute variables, and we know
the length for the line terminator, pass the length values rather than
zero as this will save Curl_client_write() from having to perform an
additional strlen() call.
- ldap: Fixed attribute memory leaks on failed client write
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
- ldap: Fixed DN memory leaks on failed client write
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
[8]') to parameter of type 'char *' converts
between pointers to integer types with different
sign
- ntlm: Use extend_key_56_to_64() for all cryptography engines
Rather than duplicate the code in setup_des_key() for OpenSSL and in
extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
the same, use extend_key_56_to_64() for all engines.
- RELEASE-NOTES: Synced with 34f0bd110f
- curl_ntlm_core.c: Fixed compilation warning
curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
but not used
- endian: Fixed bit-shift in 64-bit integer read functions
From commit 43792592ca and 4bb5a351b2.
Reported-by: Michael Osipov
- smb: Use endian functions for reading NBT and message size values
- endian: Added big endian read functions
- endian: Added 64-bit integer read function
- COPYING: Bumped copyright year to 2015
- version: Bump copyright year to 2015
- smb.c: Fixed compilation warnings
smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
char *' converts between pointers to integer types with
different sign
smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
char *' converts between pointers to integer types with
different sign
smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
char *' converts between pointers to integer types with
different sign
- smb: Use endian functions for reading length and offset values
- endian: Added 16-bit integer write function
- endian: Fixed Linux compilation issues
Having files named endian.[c|h] seemed to cause issues under Linux so
renamed them both to have the curl_ prefix in the filenames.
- [Julien Nabet brought this change]
lib1900.c: Fixed cppcheck error
lib1900.c:182: (style) Array index 'handlenum' is used before limits
check
Bug: https://github.com/bagder/curl/pull/133
- endian: Added standard function descriptions
- endian: Renamed functions for curl API naming convention
- endian: Moved write functions to new module
- endian: Moved read functions to new module
- endian: Introduced endian module
To allow the little endian functions, currently used in two of the NTLM
source files, to be used by other modules such as the SMB module.
- sepheaders.c: Applied curl oding standards
- [Julien Nabet brought this change]
sepheaders.c: Fixed resource leak on failure
- vtls: Use '(void) arg' for unused parameters
Prefer void for unused parameters, rather than assigning an argument to
itself as a) unintelligent compilers won't optimize it out, b) it can't
be used for const parameters, c) it will cause compilation warnings for
clang with -Wself-assign and d) is inconsistent with other areas of the
curl source code.
- smb.c: Fixed compilation warning
smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
alter its value
- [Bill Nagel brought this change]
smb: Use the connection's upload buffer
Use the connection's upload buffer instead of allocating our own send
buffer.
- RELEASE-NOTES: Synced with 1933f9d33c
- schannel: Moved the ISC return flag definitions to the SSPI module
Moved our Initialize Security Context return attribute definitions to
the SSPI module, as a) these can be used by other SSPI based providers
and b) the ISC required attributes are defined there.
- [Bill Nagel brought this change]
smb: Close the connection after a failed client write
- darwinssl: Fixed compilation warning
vtls.c:683:43: warning: unused parameter 'data'
- sockfilt.c: Fixed compilation warnings
sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter
its value
sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter
its value
sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter
its value
sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter
its value
- test1509: Fixed compilation warning
lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may
alter its value
- test556: Fixed compilation warning
lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may
alter its value
- sasl_gssapi: Fixed use of dummy username with real username
- vtls: Fixed compilation warning and an ignored return code
curl_schannel.h:123: warning: right-hand operand of comma expression
has no effect
Some instances of the curlssl_close_all() function were declared with a
void return type whilst others as int. The schannel version returned
CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
return code was ignored by the calling function Curl_ssl_close_all().
For the time being and to keep the internal API consistent, changed all
declarations to use a void return type.
To reduce code we might want to consider removing the unimplemented
versions and use a void #define like schannel does.
Daniel Stenberg (28 Dec 2014)
- TODO: 2.3 Better support for same name resolves
Steve Holme (28 Dec 2014)
- test1520: Fixed initial teething problems
* Missing initialisation of upload status caused a seg fault
* Missing data termination caused corrupt data to be uploaded
* Data verification should be performed in <upload> element
* Added missing recipient list cleanup
- test1520: Fixed compilation errors
- tests: Added test for bug #1456
- checksrc.bat: Fixed a problem opening files with spaces in the filename
- openldap: Prefer use of 'CURLcode result'
- openldap: Use 'LDAPMessage *msg' for messages
This frees up the 'result' variable for CURLcode based result codes.
- nss: Don't ignore Curl_extract_certinfo() OOM failure
- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
- nss: Use 'CURLcode result' for curl result codes
...and don't use CURLE_OK in failure/success comparisons.
- getinfo: Code style policing
- getinfo: Use 'CURLcode result' for curl result codes
- darwinssl: Use 'CURLcode result' for curl result codes
- polarssl: Use 'CURLcode result' for curl result codes
- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries
As this feature has been implemented for 7.40.0.
- asiohiper.cpp: No need to initialise members of ConnInfo
...as calloc() automatically clears the area of memory with zeros.
- asiohiper.cpp: Updated for curl coding standards
...with the exception of the start of block statement curly brackets.
- code/docs: Use correct case for IPv4 and IPv6
For consistency, as we seem to have a bit of a mixed bag, changed all
instances of ipv4 and ipv6 in comments and documentations to use the
correct case.
- runtests: Fixed detection of Unix Sockets feature
...following change in curl --version output.
- code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported
if2ip.c:119: warning: unused parameter 'remote_scope_id'
...and some minor code style policing in the same function.
- vtls: Don't set cert info count until memory allocation is successful
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
member variable to the requested count, which could then be used
incorrectly as libcurl closes down.
- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type
The return type for this function was 0 on success and 1 on error. This
was then examined by the calling functions and, in most cases, used to
return CURLE_OUT_OF_MEMORY.
Instead use CURLcode for the return type and return the out of memory
error directly, propagating it up the call stack.
- configure: Use camel case for UNIX sockets feature output
To match the curl --version output.
Marc Hoersken (26 Dec 2014)
- sockfilt.c: Reduce the number of individual memory allocations
Merge multiple internal arrays into one, even if some variables
will not not be used. They are all created with the number of
file descriptors as their size.
Also fix possible thread handle leak in CloseHandle-loop.
- sockfilt.c: Replace 100ms sleep with thread throttle
Improves performance of test cases 574 and 575 by 50%.
A value of zero causes the thread to relinquish the remainder
of its time slice to any other thread of equal priority that is
ready to run. If there are no other threads of equal priority
ready to run, the function returns immediately, and the thread
continues execution.
http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx
Steve Holme (25 Dec 2014)
- tool_help: Use camel case for UNIX sockets feature output
In line with the other features listed in the --version output,
capitalise the UNIX socket feature.
- vtls: Use bool for Curl_ssl_getsessionid() return type
The return type of this function is a boolean value, and even uses a
bool internally, so use bool in the function declaration as well as
the variables that store the return value, to avoid any confusion.
- schannel: Minor code style policing for casts
- schannel: Prefer 'CURLcode result' for curl result codes
- cyassl: Prefer 'CURLcode result' for curl result codes
- tool_xattr: Use 'CURLcode result' for curl result codes
- curl_ntlm_core.c: Fixed compilation warnings
curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of
'CryptImportKey' differ in signedness
curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from
incompatible pointer type
curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam'
from incompatible pointer type
- RELEASE-NOTES: Synced with 8830df8b66
- gtls: Use preferred 'CURLcode result'
- openldap: Use standard naming for setup connection function
Renamed ldap_setup() to ldap_setup_connection() to follow more widely
used function naming.
- rtmp: Use standard naming for setup connection function
Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely
used function naming.
- smb: Use standard naming for setup connection function
Renamed smb_setup() to smb_setup_connection() to follow more widely
used function naming.
- config-win32.h: Fixed line length > 79 columns
- openssl: Prefer we don't use NULL in comparisons
- build: Removed WIN32 definition from the Visual Studio projects
As this pre-processor definition is defined in curl_setup.h there is no
need to include it in the Visual Studio project files.
- build: Removed WIN64 definition from the libcurl Visual Studio projects
Removed the WIN64 pre-processor definition from the libcurl project
files as:
* WIN64 is not used in our source code
* The curl projects files don't define it
* It isn't required by or used in the platform SDK
* For backwards compatability curl_setup.h defines WIN32
* The compiler automatically defines _WIN64 for x64 builds
Historically Visual Studio projects have defined WIN32, in addition to
the compiler defined _WIN32 definition, and I had incorrectly changed
that to WIN64 for the x64 libcurl builds but not in the curl projects.
As such, it is questionable whether this should be defined or not. For
more information see the following cache of a discussion that took
place on the microsoft.public.vc.mfc newsgroup:
http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html
- openssl.c Fix for compilation errors with older versions of OpenSSL
openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
Daniel Stenberg (22 Dec 2014)
- [John Malmberg brought this change]
Fix comment edit in vms/backup_gnv_curl_src.com
packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port.
- curl: show size of inhibited data when using -v
To offer some more info and yet it doesn't use more lines.
- openssl: fix SSL/TLS versions in verbose output
- openssl: make it compile against openssl 1.1.0-DEV master branch
Marc Hoersken (22 Dec 2014)
- sshserver.pl: clarify and streamline variable names
Daniel Stenberg (21 Dec 2014)
- openssl: warn for SRP set if SSLv3 is used, not for TLS version
... as it requires TLS and it was was left to warn on the default from
when default was SSL...
- smb: use memcpy() instead of strncpy()
... as it never copies the trailing zero anyway and always just the four
bytes so let's not mislead anyone into thinking it is actually treated
as a string.
Coverity CID: 1260214
- [John E. Malmberg brought this change]
VMS: Updates for 0740-0D1220
lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
More defines to set symbols to uppercase.
src/tool_main.c : Fix parameter to vms_special_exit() call.
packages/vms/ :
backup_gnv_curl_src.com : Fix the error message to have the correct package.
build_curl-config_script.com : Rewrite to be more accurate.
build_libcurl_pc.com : Use tool_version.h now.
build_vms.com : Fix to handle lib/vtls directory.
curl_gnv_build_steps.txt : Updated build procedure documentation.
generate_config_vms_h_curl.com :
* VAX does not support 64 bit ints, so no NTLM support for now.
* VAX HP SSL port is ancient, needs some help.
* Disable NGHTTP2 for now, not ported to VMS.
* Disable UNIX_SOCKETS, not available on VMS yet.
* HP GSSAPI port does not have gss_nt_service_name.
gnv_link_curl.com : Update for new curl structure.
pcsi_product_gnv_curl.com : Set up to optionally do a complete build.
Marc Hoersken (21 Dec 2014)
- sockfilt.c: use non-Ex functions that are available before WinXP
It was initially reported by Guenter that GetFileSizeEx
requires (_WIN32_WINNT >= 0x0500) to be true.
- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files
Second patch to enable Windows support using Cygwin-based OpenSSH.
Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7.
- tests: support spaces in paths to SSH, SSHD and SFTP binaries
First patch to enable Windows support using Cygwin-based OpenSSH.
Steve Holme (20 Dec 2014)
- non-ascii: Reduce variable usage
Removed 'next' variable in Curl_convert_form(). Rather than setting it
from 'form->next' and using that to set 'form' after the conversion
just use 'form = form->next' instead.
- non-ascii: Prefer while loop rather than a do loop
This also removes the need to check that the 'form' argument is valid.
- non-ascii: Reduce variable scope
As 'result' isn't used out side the conversion callback code and
previously caused variable shadowing in the libiconv based code.
- non-ascii: We prefer 'CURLcode result'
This also fixes a variable shadowing issue when HAVE_ICONV is defined
as rc was declared for the result code of libiconv based functions.
Marc Hoersken (19 Dec 2014)
- secureserver.pl: clean up formatting of config and fix verbose output
Verbose output was not matching the actual configuration file,
because FIPS and Windows conditions were ignored.
- secureserver.pl: update Windows detection and fix path conversion
- secureserver.pl: make OpenSSL CApath and cert absolute path values
Recent stunnel versions (5.08) seem to have trouble with relative
paths on Windows. This turns the relative paths into absolute ones.
Patrick Monnerat (18 Dec 2014)
- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code.
- [Kyle J. McKay brought this change]
parseurlandfillconn(): fix improper non-numeric scope_id stripping.
Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/
- IPV6: address scope != scope id
There was a confusion between these: this commit tries to disambiguate them.
- Scope can be computed from the address itself.
- Scope id is scope dependent: it is currently defined as 1-based local
interface index for link-local scoped addresses, and as a site index(?) for
(obsolete) site-local addresses. Linux only supports it for link-local
addresses.
The URL parser properly parses a scope id as an interface index, but stores it
in a field named "scope": confusion. The field has been renamed into "scope_id".
Curl_if2ip() used the scope id as it was a scope. This caused failures
to bind to an interface.
Scope is now computed from the addresses and Curl_if2ip() matches them.
If redundantly specified in the URL, scope id is check for mismatch with
the interface index.
This commit should fix SF bug #1451.
- connect: singleipconnect(): properly try other address families after failure
Daniel Stenberg (16 Dec 2014)
- SFTP: work-around servers that return zero size on STAT
Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html
Pathed-by: Marc Renault
- glob_next_url: make the loop count upwards
As the former contruct apparently caused a compiler warning, mentioned
in d8efde07e556c.
- tool_operate: we prefer 'CURLcode result'
- tool_urlglob: unify return codes to use CURLcode
There was a mix of GlobCode, CURLcode and ints and they were mostly
passing around CURLcode errors. This change makes the functions use only
CURLcode and removes the GlobCode type completely.
- tool_urlglob.c: partly reverse dc19789444
The loop in glob_next_url() needs to be done backwards to maintain the
logic. dc19789444 caused test 1235 to fail.
- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME
- [Jay Satiro brought this change]
opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and
CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one
that will be used.
Prior to this change that behavior was only noted in the
CURLOPT_TIMEOUT_MS doc.
Nick Zitzmann (15 Dec 2014)
- darwinssl: fix incorrect usage of aprintf()
Commit b13923f changed an snprintf() to use aprintf(), but the API usage
wasn't correct, and was causing a crash to occur. This fixes it.
Steve Holme (14 Dec 2014)
- copyright: Updated the copyright year following recent updates
Daniel Stenberg (14 Dec 2014)
- tool_urlglob.c: reverse two loops
By counting from 0 and up instead of backwards like before, we remove
the need for the "funny" check of the unsigned variable when decreased
passed zero. Easier to read and less risk for compiler warnings.
Marc Hoersken (14 Dec 2014)
- tool_urlglob.c: Added braces to clarify the conditions
- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
The >= 0 is actually not required, since i underflows and
the for-loop is stopped using the < condition, but this
makes the VS2012 compiler and code analysis happy.
- tool_binmode.c: Explicitly ignore the return code of setmode
Fixes code analysis warning C6031:
return value ignored: <function> could return unexpected value
- lib: Fixed multiple code analysis warnings if SAL are available
warning C28252: Inconsistent annotation for function:
parameter has another annotation on this instance
Steve Holme (14 Dec 2014)
- smb.c: Fixed code analysis warning
smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted,
then cast to 64-bit value. Result may not be an expected
value
Marc Hoersken (14 Dec 2014)
- tool_util.c: Use GetTickCount64 if it is available
Steve Holme (14 Dec 2014)
- smb: Use HAVE_PROCESS_H for process.h inclusion
Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H
pre-processor define when including process.h.
Daniel Stenberg (14 Dec 2014)
- darwinssl: aprintf() to allocate the session key
... to avoid using a fixed memory size that risks being too large or too
small.
Marc Hoersken (14 Dec 2014)
- curl_schannel: Improvements to memory re-allocation strategy
- do not grow memory by doubling its size
- do not leak previously allocated memory if reallocation fails
- replace while-loop with a single check to make sure
that the requested amount of data fits into the buffer
Bug: http://curl.haxx.se/bug/view.cgi?id=1450
Reported-by: Warren Menzer
Steve Holme (14 Dec 2014)
- asyn-ares: We prefer use of 'CURLcode result'
Marc Hoersken (14 Dec 2014)
- curl_schannel.c: Data may be available before connection shutdown
Steve Holme (14 Dec 2014)
- http2: Use 'CURLcode result' for curl result codes
- asyn-thread: We prefer 'CURLcode result'
- smb: Fixed unnecessary initialisation of struct member variables
There is no need to set the 'state' and 'result' member variables to
SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc()
as calloc() initialises the contents to zero.
- ntlm: Fixed return code for bad type-2 Target Info
Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security
buffers just like we do for bad decodes.
- ntlm: Remove unnecessary casts in readshort_le()
I don't think both of my fix ups from yesterday were needed to fix the
compilation warning, so remove the one that I think is unnecessary and
let the next Android autobuild prove/disprove it.
- curl_ntlm_msgs.c: Another attempt to fix compilation warning
curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from
'int' may alter its value
Guenter Knauf (13 Dec 2014)
- synctime.c: added own user-agent string.
Steve Holme (13 Dec 2014)
- smb.c: Fixed line longer than 79 columns
- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11
curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from
'int' may alter its value
Guenter Knauf (13 Dec 2014)
- mk-ca-bundle.pl: restored forced run again.
- synctime.c: removed another timeserver URL.
worldtimeserver.com seems also no longer available.
- synctime.c: fixed timeserver URLs.
For getting the date header its not necessary to access special
pages or even CGI scripts - all pages including the main index
reply with the date header, therefore shortened URLs to domain.
Removed worldtime.com; added pool.ntp.org.
Steve Holme (13 Dec 2014)
- ftp.c: Fixed compilation warning when no verbose string support
ftp.c:819: warning: unused parameter 'lineno'
- smb: Added state change functions to assist with debugging
For debugging purposes, and as per other protocols within curl, added
state change functions rather than changing the states directly.
- ntlm: Use short integer when decoding 16-bit values
- RELEASE-NOTES: Synced with 6291a16b20
- smtp.c: Fixed compilation warnings
smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string
does not append to the string
smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string
does not append to the string
smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string
does not append to the string
Used array index notation instead.
- smb: Disable SMB when 64-bit integers are not supported
This fixes compilation issues with compilers that don't support 64-bit
integers through long long or __int64.
- ntlm: Disable NTLM v2 when 64-bit integers are not supported
This fixes compilation issues with compilers that don't support 64-bit
integers through long long or __int64 which was introduced in commit
07b66cbfa4.
- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
Previously USE_NTLM2SESSION would only be defined automatically when
USE_NTRESPONSES wasn't already defined. Separated the two definitions
so that the user can manually set USE_NTRESPONSES themselves but
USE_NTLM2SESSION is defined automatically if they don't define it.
- smtp.c: Fixed line longer than 79 columns
- config-win32.h: Don't enable Windows Crypt API if using OpenSSL
As the OpenSSL and NSS Crypto engines are prefered by the core NTLM
routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT
automatically when either OpenSSL or NSS are in use - doing so would
disable NTLM2Session responses in NTLM type-3 messages.
- smtp: Fixed inappropriate free of the scratch buffer
If the scratch buffer was allocated in a previous call to
Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
call and no action taken by that call, then an attempt would be made to
try and free the buffer which, by now, would be part of the data->state
structure.
This bug was introduced in commit 4bd860a001.
- smtp: Fixed dot stuffing when EOL characters were at end of input buffers
Fixed a problem with the CRLF. detection when multiple buffers were
used to upload an email to libcurl and the line ending character(s)
appeared at the end of each buffer. This meant any lines which started
with . would not be escaped into .. and could be interpreted as the end
of transmission string instead.
This only affected libcurl based applications that used a read function
and wasn't reproducible with the curl command-line tool.
Bug: http://curl.haxx.se/bug/view.cgi?id=1456
Assisted-by: Patrick Monnerat
Daniel Stenberg (11 Dec 2014)
- telnet: fix "cast increases required alignment of target type"
- ntlm_wb_response: fix "statement not reached"
... and I could use a break instead of a goto to end the loop.
Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html
Reported-by: Tor Arntsen
Steve Holme (10 Dec 2014)
- RELEASE-NOTES: Synced with 1cc5194337
Added some bug fixes that I had missed in previous synchronisations.
Daniel Stenberg (10 Dec 2014)
- Curl_unix2addr: avoid using the variable name 'sun'
I suspect this causes compile failures on Solaris:
Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html
Steve Holme (10 Dec 2014)
- url.c: Fixed compilation warning when USE_NTLM is not defined
url.c:3078: warning: variable 'credentialsMatch' set but not used
- parsedate.c: Fixed compilation warning
parsedate.c:548: warning: 'parsed' may be used uninitialized in this
function
As curl_getdate() returns -1 when parsedate() fails we can initialise
parsed to -1.
Daniel Stenberg (10 Dec 2014)
- TODO: Cache negative name resolves
Worth exploring
- ldap: check Curl_client_write() return codes
There might be one or two memory leaks left in the error paths.
- ldap: rename variables to comply to curl standards
Dan Fandrich (10 Dec 2014)
- sws.c: Fixed 'rc' may be used uninitialized warning
- cookies: Improved OOM handling in cookies
This fixes the test 506 torture test. The internal cookie API really
ought to be improved to separate cookie parsing errors (which may be
ignored) with OOM errors (which should be fatal).
Guenter Knauf (9 Dec 2014)
- synctime.c: fixed user-agent setting.
Some websites meanwhile refuse to reply to requests from ancient
browsers like IE6, therefore I've comment out this setting, but
also fixed the string to now fake IE8 if someone enables it.
Daniel Stenberg (9 Dec 2014)
- smb: fix unused return code warning
Patrick Monnerat (9 Dec 2014)
- Curl_client_write() & al.: chop long data, convert data only once.
Guenter Knauf (9 Dec 2014)
- VC build: added sspi define for winssl-zlib builds.
Daniel Stenberg (9 Dec 2014)
- schannel_recv: return the correct code
Bug: http://curl.haxx.se/bug/view.cgi?id=1462
Reported-by: Tae Hyoung Ahn
- http2: avoid logging neg "failure" if h2 was not requested
- openldap: do not ignore Curl_client_write() return codes
- compile: warn on unused return code from Curl_client_write()
Patrick Monnerat (8 Dec 2014)
- SMB: Fix a data size mismatch that broke SMB on big-endian platforms
Steve Holme (7 Dec 2014)
- smb: Fixed Windows autoconf builds following commit eb88d778e7
As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO
either explicitly through --enable-win32-cypto or automatically on
_WIN32 based platforms, subsequent builds broke with the following
error message:
"Can't compile NTLM support without a crypto library."
- RELEASE-NOTES: Synced with 526603ff05
- [Bill Nagel brought this change]
smb: Build with SSPI enabled
Build SMB/CIFS protocol support when SSPI is enabled.
- [Bill Nagel brought this change]
ntlm: Use Windows Crypt API
Allow the use of the Windows Crypt API for NTLMv1 functions.
Dan Fandrich (7 Dec 2014)
- cookie.c: Refactored cleanup code to simplify
Also, fixed the outdated comments on the cookie API.
- get_url_file_name: Fixed crash on OOM on debug build
This caused a null-pointer dereference which caused a few dozen
torture tests to fail.
Steve Holme (6 Dec 2014)
- sws.c: Fixed compilation warning
sws.c:2191 warning: 'rc' may be used uninitialized in this function
- ftp.c: Fixed compilation warnings when proxy support disabled
ftp.c:1827 warning: unused parameter 'newhost'
ftp.c:1827 warning: unused parameter 'newport'
- smb: Fixed a problem with large file transfers
Fixed an issue with the message size calculation where the raw bytes
from the buffer were interpreted as signed values rather than unsigned
values.
Reported-by: Gisle Vanem
Assisted-by: Bill Nagel
- smb: Moved the URL decoding into a separate function
- smb: Fixed URL encoded URLs not working
- Makefile.inc: Added our standard header and updated file formatting
- Makefile.inc: Updated file formatting
Aligned continuation character and used space as the separator
character as per other makefile files.
- curl_md4.h: Updated copyright year following recent edit
...and minor layout adjustment.
Patrick Monnerat (5 Dec 2014)
- SMB: Fix big endian problems. Make it OS/400 aware.
- OS400: enable NTLM authentication
Steve Holme (5 Dec 2014)
- multi.c: Fixed compilation warning
multi.c:2695: warning: declaration of `exp' shadows a global declaration
Guenter Knauf (5 Dec 2014)
- build: updated dependencies in makefiles.
Steve Holme (5 Dec 2014)
- sasl: Corrected formatting of function descriptions
- sasl_gssapi: Added missing function description
- RELEASE-NOTES: Provided better descriptions
As it is often difficult to choose the best description for a single
feature when it spans many commits, updated the descriptions for the
recent SMB/CIFS protocol and GSS-API additions.
- sasl_sspi: Corrected some typos
- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data
Don't use a hard coded size of 4 for the security layer and buffer size
in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
we have done in the sasl_gssapi module.
- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it
Reduced the amount of free's required for the decoded challenge message
in Curl_sasl_create_gssapi_security_message() as a result of coding it
differently in the sasl_gssapi module.
- gssapi: Corrected typo in comments
- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message()
Daniel Stenberg (4 Dec 2014)
- [Stefan Bühler brought this change]
http_perhapsrewind: don't abort CONNECT requests
...they never have a body
- [Stefan Bühler brought this change]
HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
Sending NTLM/Negotiate header again after successful authentication
breaks the connection with certain Proxies and request types (POST to MS
Forefront).
- [Stefan Bühler brought this change]
HTTP: don't abort connections with pending Negotiate authentication
... similarly to how NTLM works as Negotiate is in fact often NTLM with
another name.
- [Stefan Bühler brought this change]
fix gdb libtool invocation path
Steve Holme (4 Dec 2014)
- sasl_gssapi: Fixed missing include from commit d3cca934ee
Daniel Stenberg (4 Dec 2014)
- [Jay Satiro brought this change]
examples: remove sony.com from 10-at-a-time
Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR
for the sony website because it ends the connection when the request is
missing a user agent.
Steve Holme (4 Dec 2014)
- sasl_gssapi: Fixed missing decoding debug failure message
- sasl_gssapi: Fixed honouring of no mutual authentication
- sasl_sspi: Added more Kerberos V5 decoding debug failure messages
Daniel Stenberg (4 Dec 2014)
- [Anthon Pang brought this change]
docs: Fix FAILONERROR typos
It returns error for >= 400 HTTP responses.
Bug: https://github.com/bagder/curl/pull/129
- [Peter Wu brought this change]
tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output
Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as
option in the file generated by --libcurl.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
opts: fix CURLOPT_UNIX_SOCKET_PATH formatting
Add .nf and .fi such that the code gets wrapped in a pre on the web.
Fixed grammar, fixed formatting of the "See also" items.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Patrick Monnerat (4 Dec 2014)
- OS400: enable Unix sockets.
Daniel Stenberg (3 Dec 2014)
- RELEASE-NOTES: synced with b216427e73b5e9
- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am
- updateconninfo: clear destination struct before getsockname()
Otherwise we may read uninitialized bytes later in the unix-domain
sockets case.
- curl.1: added --unix-socket
- [Peter Wu brought this change]
tool: add --unix-socket option
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.
One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).
This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.
A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).
A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.
[0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
[1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
[2]: http://sourceforge.net/p/curl/feature-requests/53/
[3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
[4]: https://github.com/Soulou/curl-unix-socket
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
tests: add two HTTP over UNIX socket tests
test1435: a simple test that checks whether a HTTP request can be
performed over the UNIX socket. The hostname/port are interpreted
by sws and should be ignored by cURL.
test1436: test for the ability to do two requests to the same host,
interleaved with one to a different hostname.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
tests: add HTTP UNIX socket server testing support
The variable `$ipvnum` can now contain "unix" besides the integers 4
and 6 since the variable. Functions which receive this parameter
have their `$port` parameter renamed to `$port_or_path` to support a
path to the UNIX domain socket (as a "port" is only meaningful for TCP).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
sws: try to remove socket and retry bind
If sws is killed it might leave a stale socket file on the filesystem
which would cause an EADDRINUSE error. After this patch, it is checked
whether the socket is really stale and if so, the socket file gets
removed and another bind is executed.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
sws: add UNIX domain socket support
This extends sws with a --unix-socket option which causes the port to
be ignored (as the server now listens on the path specified by
--unix-socket). This feature will be available in the following patch
that enables checking for UNIX domain socket support.
Proxy support (CONNECT) is not considered nor tested. It does not make
sense anyway, first connecting through a TCP proxy, then let that TCP
proxy connect to a UNIX socket.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
sws: restrict TCP_NODELAY to IP sockets
TCP_NODELAY does not make sense for Unix sockets, so enable it only if
the socket is using IP.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Dan Fandrich (3 Dec 2014)
- [Dave Reisner brought this change]
curl.1: fix trivial typo
Steve Holme (3 Dec 2014)
- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message()
- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup()
- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function
Added helper function for returning a GSS-API compatible SPN.
Daniel Stenberg (3 Dec 2014)
- NSS: enable the CAPATH option
Bug: http://curl.haxx.se/bug/view.cgi?id=1457
Patch-by: Tomasz Kojm
Steve Holme (3 Dec 2014)
- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds
- sasl_gssapi: Added GSS-API based Kerberos V5 variables
- sws.c: Fixed compilation warning when IPv6 is disabled
sws.c:69: warning: comma at end of enumerator list
- sasl_gssapi: Made log_gss_error() a common GSS-API function
Made log_gss_error() a common function so that it can be used in both
the http_negotiate code as well as the curl_sasl_gssapi code.
- sasl_gssapi: Introduced GSS-API based SASL module
Added the initial version of curl_sasl_gssapi.c and updated the project
files in preparation for adding GSS-API based Kerberos V5 support.
- smb: Don't try to connect with empty credentials
On some platforms curl would crash if no credentials were used. As such
added detection of such a use case to prevent this from happening.
Reported-by: Gisle Vanem
- smb.c: Coding policing of pointer usage
- configure: Fixed inclusion of SMB when no crypto engines available
Guenter Knauf (1 Dec 2014)
- build: in Makefile.m32 simplified autodetection.
Daniel Stenberg (30 Nov 2014)
- [Peter Wu brought this change]
sws: move away from IPv4/IPv4-only assumption
Instead of depending the socket domain type on use_ipv6, specify the
domain type (AF_INET / AF_INET6) as variable. An enum is used here with
switch to avoid compiler warnings in connect_to, complaining that rc
is possibly undefined (which is not possible as socket_domain is
always set).
Besides abstracting the socket type, make the debugging messages be
independent on IP (introduce location_str which points to "port XXXXX").
Rename "ipv_inuse" to "socket_type" and tighten the scope (main).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
lib/connect: restrict IP/TCP options to said sockets
This patch prepares for adding UNIX domain sockets support.
TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not
apply these to other socket types. bindlocal only works for IP sockets
(independent of TCP/UDP), so filter that out too for other types.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- smb.c: use size_t as input argument types for msg sizes
This fixes warnings about conversions to int
Steve Holme (30 Nov 2014)
- version: The next release will become 7.40.0
- [Bill Nagel brought this change]
docs: Updated for the SMB protocol
This patch updates the documentation for the SMB/CIFS protocol.
- curl tool: Exclude SMB from the protocol redirect
As local files could be accessed through \\localhost\c$.
- [Bill Nagel brought this change]
curl tool: Enable support for the SMB protocol
This patch enables SMB/CIFS support in the curl command-line tool.
- smb.c: Fixed compilation warnings
smb.c:398: warning: comparison of integers of different signs:
'ssize_t' (aka 'long') and 'unsigned long'
smb.c:443: warning: comparison of integers of different signs:
'ssize_t' (aka 'long') and 'unsigned long'
- libcurl: Exclude SMB from the protocol redirect
As local files could be accessed through \\localhost\c$.
- [Bill Nagel brought this change]
libcurl: Enable support for the SMB protocol
This patch enables SMB/CIFS support in libcurl.
- smb.c: Fixed compilation warnings
smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned
int' may alter its value
smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned
int' may alter its value
smb.c:482: warning: conversion to 'short unsigned int' from 'int' may
alter its value
smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may
alter its value
smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may
alter its value
smb.c:550: warning: conversion to 'short unsigned int' from 'int' may
alter its value
- smb.c: Renamed SMB command message variables to avoid compiler warnings
smb.c:489: warning: declaration of 'close' shadows a global declaration
smb.c:511: warning: declaration of 'read' shadows a global declaration
smb.c:528: warning: declaration of 'write' shadows a global declaration
- smb.c: Fixed compilation warnings
smb.c:212: warning: unused parameter 'done'
smb.c:380: warning: ISO C does not allow extra ';' outside of a function
smb.c:812: warning: unused parameter 'premature'
smb.c:822: warning: unused parameter 'dead'
- smb.c: Fixed compilation warnings
smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short',
possible loss of data
smb.c:425: warning: conversion from '__int64' to 'unsigned short',
possible loss of data
smb.c:452: warning: conversion from '__int64' to 'unsigned short',
possible loss of data
- smb.c: Fixed compilation warnings
smb.c:162: error: comma at end of enumerator list
smb.c:469: warning: conversion from 'size_t' to 'unsigned short',
possible loss of data
smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int',
possible loss of data
smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int',
possible loss of data
- [Bill Nagel brought this change]
smb: Added initial SMB functionality
Initial implementation of the SMB/CIFS protocol.
- [Bill Nagel brought this change]
smb: Added SMB handler interfaces
Added the SMB and SMBS handler interface structures and associated
functions required for SMB/CIFS operation.
- transfer: Code style policing
Prefer ! rather than NULL in if statements, added comments and updated
function spacing, argument spacing and line spacing to be more readble.
- transfer: Fixed existing scratch buffer being checked for NULL twice
If the scratch buffer already existed when the CRLF conversion was
performed then the buffer pointer would be checked twice for NULL. This
second check is only necessary if the call to malloc() was performed by
the first check.
- smtp: Fixed dot stuffing being performed when no new data read
Whilst I had moved the dot stuffing code from being performed before
CRLF conversion takes place to after it, in commit 4bd860a001, I had
moved it outside the 'when something read' block of code when meant
it could perform the dot stuffing twice on partial send if nread
happened to contain the right values. It also meant the function could
potentially read past the end of buffer. This was highlighted by the
following warning:
warning: `nread' might be used uninitialized in this function
Daniel Stenberg (29 Nov 2014)
- smb.h: fixed picky compiler warning
smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic]
Steve Holme (29 Nov 2014)
- tests: Disable test 1013 until SMB is fully added
- [Bill Nagel brought this change]
smb: Added SMB protocol and port definitions
Added the necessary protocol and port definitions in order to support
SMB/CIFS.
- [Bill Nagel brought this change]
smb: Added internal SMB definitions and structures
Added the internal definitions and structures necessary for SMB/CIFS
support.
- [Bill Nagel brought this change]
smb: Added SMB connection structure
Added the connection structure that will be required in urldata.h for
SMB/CIFS based connections.
- [Bill Nagel brought this change]
smb: Added initial source files for SMB
Added the initial source files and updated the relevant project files in
order to support SMB/CIFS.
- [Bill Nagel brought this change]
smb: Added configuration options for SMB
Added --enable-smb and --disable-smb configuration options for the
upcoming SMB/CIFS protocol support.
Daniel Stenberg (28 Nov 2014)
- [Peter Wu brought this change]
runtests.pl: fix startup of IPv6 servers
Commit curl-7_23_1-143-g8218064 changed the parameter of
responsive_http_server to accept types other than IPv6 (converting
from a boolean to a string), but only considered the lower-case "ipv6"
and not the "IPv6" variant. This caused all servers to start in IPv4
mode instead.
This patch converts the remaining cases to "ipv6". While not strictly
necessary for the run*server variants, these got also converted for
consistency and to prevent future errors.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
runtests.pl: fix warning message, remove duplicate value
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Steve Holme (27 Nov 2014)
- http.c: Fixed compilation warnings from features being disabled
warning: unused variable 'data'
warning: variable 'addcookies' set but not used
...and some very minor coding style policing.
- RELEASE-NOTES: Synced with c5399c827d
- tests: Added SMTP with --crlf test case
- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion
- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob()
...and some comment typos!
- smtp: Added support for the conversion of Unix newlines during mail send
Added support for the automatic conversion of Unix newlines to CRLF
during mail uploads.
Feature: http://curl.haxx.se/bug/view.cgi?id=1456
- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols
Daniel Stenberg (25 Nov 2014)
- curl*3: added small examples
and some minor edits
- libcurl.3: fix formatting
refer to functions with the man page section properly
- man pages: SEE ALSO curl_multi_wait
- curl_multi_wait.3: clarify numfds being used if not NULL
- multi-single.c: switch to use curl_multi_wait
Makes the example much easier and straight-forward!
- testcurl: bump the version of this script!
- testcurl: skip reading the setup file if given enough cmdline info
This makes it much easier to run multiple tests in the same directory,
just altering the command lines used.
- select.c: fix compilation for VxWorks
Reported-by: Brian
Bug: http://curl.haxx.se/bug/view.cgi?id=1455
Patrick Monnerat (24 Nov 2014)
- [moparisthebest brought this change]
SSL: Add PEM format support for public key pinning
Kamil Dudka (24 Nov 2014)
- Revert "repository: ignore patch files generated by git"
This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61.
Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738
Steve Holme (23 Nov 2014)
- multi.c: Fixed compilation warnings when no verbose string support
warning: variable 'connection_id' set but not used
warning: unused parameter 'lineno'
- RELEASE-NOTES: Synced with 1450712e76
- sasl: Tidied up some parameter comments
- sasl: Reduced the need for two sets of NTLM functions
- ntlm: Moved NSS initialisation to base decode function
- http_ntlm: Fixed additional NSS initialisation call when decoding type-2
After commit 48d19acb7c the HTTP code would call Curl_nss_force_init()
twice when decoding a NTLM type-2 message, once directly and the other
through the call to Curl_sasl_decode_ntlm_type2_message().
- ntlm: Fixed static'ness of local decode function
- ntlm: Corrected some parameter names and comments
- runtests.pl: Re-aligned feature support comments
- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature
In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto
feature.
...and converted tab characters, from commit 4b4e8a5853, to spaces.
- runtests.pl: Added support for SPNEGO
- runtests.pl: Added Kerberos detection
- runtests.pl: Added GSS-API detection
- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list
- FILEFORMAT: Added test requires feature not present information
Such as !SSPI as we do for the NTLM and Digest tests.
Daniel Stenberg (20 Nov 2014)
- http.c: log if it notices HTTP 1.1 after a upgrade to http2
- test1801: first real http2 test case
- sws: initial tiny steps toward http2 support
- FILEFORMAT: mention the new upgrade support
- test1800: first plain-text http2 test case
Verifies the upgrade request, but gets a plain 1.1 response
- [Tatsuhiro Tsujikawa brought this change]
http: Disable pipelining for HTTP/2 and upgraded connections
This commit disables pipelining for HTTP/2 or upgraded connections. For
HTTP/2, we do not support multiplexing. In general, requests cannot be
pipelined in an upgraded connection, since it is now different protocol.
- [Brad Harder brought this change]
CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
Steve Holme (19 Nov 2014)
- multi-uv.c: Updated for curl coding standards
- conncache: Fixed specifiers in infof() for long and size_t variables
- [Peter Wu brought this change]
cmake: add Kerberos to the supported features
Updated following commit eda919f and a4b7f71.
Acked-by: Brad King <brad.king@kitware.com>
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
Updated following changes in commit f0d860d.
Acked-by: Brad King <brad.king@kitware.com>
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Daniel Stenberg (19 Nov 2014)
- RELEASE-NOTES: synced with cb13fad733e
- [Jay Satiro brought this change]
examples: Wait recommended 100ms when no file descriptors are ready
Prior to this change when no file descriptors were ready on platforms
other than Windows the multi examples would sleep whatever was in
timeout, which may or may not have been less than the minimum
recommended value [1] of 100ms.
[1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html
- [Waldek Kozba brought this change]
multi-uv.c: close the file handle after download
- [Jon Spencer brought this change]
multi: inform about closed sockets before they are closed
When the connection code decides to close a socket it informs the multi
system via the Curl_multi_closed function. The multi system may, in
turn, invoke the CURLMOPT_SOCKETFUNCTION function with
CURL_POLL_REMOVE. This happens after the socket has already been
closed. Reorder the code so that CURL_POLL_REMOVE is called before the
socket is closed.
Guenter Knauf (19 Nov 2014)
- build: in Makefile.m32 moved target autodetection.
Moved target autodetection block after defining CC macro.
- build: in Makefile.m32 simplify platform flags.
- build: in Makefile.m32 try to detect 64bit target.
Daniel Stenberg (19 Nov 2014)
- [Brad King brought this change]
CMake: Simplify if() conditions on check result variables
Remove use of an old hack that takes advantage of the auto-dereference
behavior of the if() command to detect if a variable is defined. The
hack has the form:
if("${VAR} MATCHES "^${VAR}$")
where "${VAR}" is a macro argument reference. Use if(DEFINED) instead.
This also avoids warnings for CMake Policy CMP0054 in CMake 3.1.
- TODO-RELEASE: removed
- [Carlo Wood brought this change]
debug: added new connection cache output, plus fixups
Debug output 'typo' fix.
Don't print an extra "0x" in
* Pipe broke: handle 0x0x2546d88, url = /
Add debug output.
Print the number of connections in the connection cache when
adding one, and not only when one is removed.
Fix typos in comments.
- multi: move the ending condition into the loop as well
... as it was before I changed the loop in commit e04ccbd50. It caused
test 2030 and 2032 to fail.
Steve Holme (18 Nov 2014)
- multi: Prefer we don't use CURLE_OK and NULL in comparisons
Daniel Stenberg (18 Nov 2014)
- multi_runsingle: use 'result' for local CURLcode storage
... and assign data->result only at the end. Makes the code more compact
(easier to read) and more similar to other code.
- multi_runsingle: rename result to rc
save 'result' for CURLcode types
- multi: make multi_runsingle loop internally
simplifies the use of this function at little cost.
- [Carlo Wood brought this change]
multi: when leaving for timeout, close accordingly
Fixes the problem when a transfer in a pipeline times out.
Guenter Knauf (18 Nov 2014)
- build: in Makefile.m32 add -m32 flag for 32bit.
- mk-ca-bundle.vbs: update copyright year.
- build: in Makefile.m32 pass -F flag to windres.
Steve Holme (17 Nov 2014)
- config-win32: Fixed build targets for the VS2012+ Windows XP toolset
Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had
forgotten to include the relevant pre-processor definitions.
- sasl_sspi: Removed note about the NTLM functions being a wrapper
- connect.c: Fixed compilation warning when no verbose string support
warning: unused parameter 'reason'
- easy.c: Fixed compilation warning when no verbose string support
warning: unused parameter 'easy'
- win32: Updated some legacy APIs to use the newer extended versions
Updated the usage of some legacy APIs, that are preventing curl from
compiling for Windows Store and Windows Phone build targets.
Suggested-by: Stefan Neis
Feature: http://sourceforge.net/p/curl/feature-requests/82/
- config-win32: Introduce build targets for VS2012+
Visual Studio 2012 introduced support for Windows Store apps as well as
supporting Windows Phone 8. Introduced build targets that allow more
modern APIs to be used as certain legacy ones are not available on these
new platforms.
- sasl_sspi: Fixed compilation warnings when no verbose string support
- sasl_sspi: Added base64 decoding debug failure messages
Just like in the NTLM code, added infof() failure messages for
DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.
- ntlm: Moved the SSPI based Type-3 message generation into the SASL module
- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module
- ntlm: Moved the SSPI based Type-1 message generation into the SASL module
- [Michael Osipov brought this change]
kerberos: Use symbol qualified with _KERBEROS5
For consistency renamed USE_KRB5 to USE_KERBEROS5.
Daniel Stenberg (15 Nov 2014)
- [Jay Satiro brought this change]
examples: Don't call select() to sleep on windows
Windows does not support using select() for sleeping without a dummy
socket. Instead use Windows' Sleep() and sleep for 100ms which is the
minimum suggested value in the curl_multi_fdset() doc.
Prior to this change the multi examples would exit prematurely since
select() would error instead of sleeping when called without an fd.
Reported-by: Johan Lantz
Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html
- [Tatsuhiro Tsujikawa brought this change]
http2: Don't send Upgrade headers when we already do HTTP/2
Steve Holme (15 Nov 2014)
- sasl: Corrected Curl_sasl_build_spn() function description
There was a mismatch in function parameter names.
- tool: Removed krb4 from the supported features
Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33,
so would not be output with --version, removed krb4 from the supported
features output.
- [Michael Osipov brought this change]
tool: Use Kerberos for supported features
- urldata: Don't define sec_complete when no GSS-API support present
This variable is only used with HAVE_GSSAPI is defined by the FTP code
so let's place the definition with the other GSS-API based variables.
- [Michael Osipov brought this change]
docs: Use consistent naming for Kerberos
- TODO: Lets support QOP options in GSSAPI authentication
- sasl_sspi: Corrected a couple of comment typos
- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file
Rather than define the function as extern in the source files that use
it, moved the function declaration into the SASL header file just like
the Digest and NTLM clean-up functions.
Additionally, added a function description comment block.
- sasl_sspi: Added missing RFC reference for HTTP Digest authentication
- ntlm: Clean-up and standardisation of base64 decoding
- ntlm: We prefer 'CURLcode result'
Daniel Stenberg (13 Nov 2014)
- [Brad King brought this change]
CMake: Restore order-dependent library checks
Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies,
2014-08-22) and add a comment explaining the purpose of the original
code.
The check_library_exists_concat macro is intended to be called multiple
times on a sequence of possibly dependent libraries. Later libraries
may depend on earlier libraries when they are static. They cannot be
safely linked in reverse order on some platforms.
Signed-off-by: Brad King <brad.king@kitware.com>
- [Brad King brought this change]
CMake: Restore order-dependent header checks
Revert commit 1269df2e3b (Cmake: Don't check for all headers each
time, 2014-08-15) and add a comment explaining the purpose of the
original code.
The check_include_file_concat macro is intended to be called multiple
times on a sequence of possibly dependent headers. Later headers
may depend on earlier headers to provide declarations. They cannot
be safely included independently on some platforms.
For example, many POSIX APIs document including sys/types.h before some
other headers. Also on some OS X versions sys/socket.h must be included
before net/if.h or the check for the latter will fail.
Signed-off-by: Brad King <brad.king@kitware.com>
- [Peter Wu brought this change]
test22: expand a backtick command
This is the only user of the backtick operator in the command. As the
commands will soon not be executed by a shell anymore (but by perl),
replace the command with its output.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- RELEASE-NOTES: synced with 2ee3c63b13
- http2: fix switched macro when http2 is not enabled
- [Tatsuhiro Tsujikawa brought this change]
http2: Deal with HTTP/2 data inside response header buffer
Previously if HTTP/2 traffic is appended to HTTP Upgrade response header
(thus they are in the same buffer), the trailing HTTP/2 traffic is not
processed and lost. The appended data is most likely SETTINGS frame.
If it is lost, nghttp2 library complains server does not obey the HTTP/2
protocol and issues GOAWAY frame and curl eventually drops connection.
This commit fixes this problem and now trailing data is processed.
Steve Holme (11 Nov 2014)
- configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
Commit fe0f8967bf fixed a problem with krb5 not being defined as a
supported feature when HAVE_GSSAPI is defined, however, it should
only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
SPNEGO is listed as a feature.
Daniel Stenberg (10 Nov 2014)
- multi: removed Curl_multi_set_easy_connection
It isn't used anywhere!
Reported-by: Carlo Wood
- [Peter Wu brought this change]
symbol-scan.pl: do not require autotools
Makes test1119 pass when building with cmake.
configurehelp.pm is generated by configure (autotools). As cmake does
not provide a separate variable for the C preprocessor, default to cpp.
Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan:
use configure script knowledge about how to run the C preprocessor"),
this tool would also use 'cpp'.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: add ENABLE_THREADED_RESOLVER, rename ARES
Fix detection of the AsynchDNS feature which not just depends on
pthreads support, but also on whether USE_POSIX_THREADS is set or not.
Caught by test 1014.
This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to
--enable-threaded-resolver of autotools) which also needs a check for
HAVE_PTHREAD_H.
For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES
(--enable-ares). Checks that test for the availability actually use
USE_ARES instead as that is the result of whether a-res is available or
not (in practice this does not matter as CARES is marked as required
package, but nevertheless it is better to write the intent).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: build libhostname for test suite
Used by some test cases via LD_PRELOAD in order to fake the host name.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: fix HAVE_GETHOSTNAME definition
Otherwise Curl_gethostname always fails. Windows has gethostname
since Vista according to
http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but
accordings to byte_bucket's VC 2005 documentation, it is available even
in Windows 95. (possibly after installing a Platform SDK, the
Windows Server 2003 SP1 Platform SDK should be sufficient).
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
tests: fix libhostname visibility
I noticed that a patched cmake build would pass tests with a fake local
hostname, but the autotools build skips them:
got unexpected host name back, LD_PRELOAD failed
It turns out that -fvisibility=hidden hides the symbol, and since the
tests are not part of libcurl, it fails too. Just remove the LIBCURL
guard.
Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093,
"curl.h: stricter CURL_EXTERN linkage decorations logic").
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
tests: fix memleak in server/resolve.c
This makes LeakSanitizer happy.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- configure: assume krb5 when gss-api works
To please test 1014 while we work out if this is truly the a correct
assumption.
Steve Holme (9 Nov 2014)
- vtls.h: Fixed compiler warning when compiled without SSL
vtls.c:185:46: warning: unused parameter 'data'
- RELEASE-NOTES: Synced with 2fbf23875f
- ntlm: Added separate SSPI based functions
In preparation for moving the NTLM message code into the SASL module,
and separating the native code from the SSPI code, added functions that
simply call the functions in curl_ntlm_msg.c.
- http_ntlm: Use the SASL functions instead
In preparation for moving the NTLM message code into the SASL module
use the SASL functions in the HTTP code instead.
Daniel Stenberg (9 Nov 2014)
- libssh2: detect features based on version, not configure checks
... so that non-configure builds get the correct functions too based on
the libssh2 version used.
- [Nobuhiro Ban brought this change]
SSH: use the port number as well for known_known checks
... if the libssh2 version is new enough.
Bug: http://curl.haxx.se/bug/view.cgi?id=1448
Steve Holme (9 Nov 2014)
- INSTALL: Updated pre-processor references to the old VC6 project files
Reworked the two sections that discuss modifying the Visual Studio pre-
processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the
project files references as they have been superseded by a more thorough
set of project files for VC6 through VC12, but to also give the correct
reference to this setting in later versions of Visual Studio.
- INSTALL: Added email protocols to the "Disabling in Win32 builds" section
- configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined
- build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
USE_NTLM would only be defined if: HTTP support was enabled, NTLM and
cryptography weren't disabled, and either a supporting cryptography
library or Windows SSPI was being compiled against.
This means it was not possible to build libcurl without HTTP support
and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather
than introduce a new SASL pre-processor definition, removed the HTTP
prerequisite just like USE_SPNEGO and USE_KRB5.
Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP
as it is only available to HTTP at present.
This bug dates back to August 2011 when I started to add support for
NTLM to SMTP.
- ntlm: Removed an unnecessary free of native Target Info
Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is
longer required.
- ntlm: Moved the native Target Info clean-up from HTTP specific function
- ntlm: Moved SSPI clean-up code into SASL module
- Makefile.dist: Added support for WinIDN
- Makefile.vc6: Added support for WinIDN
- Makefile.dist: Added some missing SSPI configurations
- Makefile.dist: Separated the groups of SSL configurations from each other
- Makefile.dist: Grouped the x64 configurations next to their x86 counterparts
- curl.h: Tidy up of CURL_VERSION_* flags
As the list has gotten a little messy and hard to read, especially with
the introduction of deprecated items, aligned the values and comments
into clean columns and reworked some of the comments in the process.
- curl_tool: Added krb5 to the supported features
- configure: Added krb5 to the supported features
- version info: Added Kerberos V5 to the supported features
Guenter Knauf (7 Nov 2014)
- mk-ca-bundle.vbs: switch to new certdata.txt url.
Steve Holme (7 Nov 2014)
- RELEASE-NOTES: Synced with dcad09e125
- http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1
Fixed a couple of memory leaks as a result of moving code that used to
populate allocuserpwd and relied on it's clean up.
- docs: Updated following the addition of SSPI based HTTP digest auth
- sasl_sspi: Tidy up of the existing digest code
Following the addition of SSPI support for HTTP digest, synchronised
elements of the email digest code with that of the new HTTP code.
- http_digest: Post SSPI support tidy up
Post tidy up to ensure commonality of code style and variable names.
Dan Fandrich (6 Nov 2014)
- test552: Don't run HTTP digest tests for SSPI based builds
Technical difficulties prevented this from going into the
previous commit.
Steve Holme (6 Nov 2014)
- tests: Don't run HTTP digest tests for SSPI based builds
Added !SSPI to the features list of the HTTP digest tests, as SSPI
based builds now use the Windows SSPI messaging API rather than the
internal functions, and we can't control the random numbers that get
used as part of the digest.
Daniel Stenberg (6 Nov 2014)
- curl.1: show zone index use in a URL
Steve Holme (6 Nov 2014)
- http_digest: Fixed auth retry loop when SSPI based authentication fails
- http_digest: Reworked the SSPI based input token storage
Reworked the input token (challenge message) storage as what is passed
to the buf and desc in the response generation are typically blobs of
data rather than strings, so this is more in keeping with other areas
of the SSPI code, such as the NTLM message functions.
- sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9
Added void reference to unused 'data' parameter back to fix compilation
warning.
- sspi: Align definition values to even columns as we use 2 char spacing
- sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE
Some versions of Microsoft's sspi.h don't define this.
- sasl: Removed non-SSPI Digest functions and defines from SSPI based builds
Introduced in commit 7e6d51a73c these functions and definitions are only
required by the internal challenge-response functions now.
- sasl_sspi: Added HTTP digest response generation code
- http_digest: Added SSPI based challenge decoding code
- http_digest: Added SSPI based clean-up code
- http_digest: Added SSPI based authentication functions
This temporarily breaks HTTP digest authentication in SSPI based builds,
causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will
resume normal operation.
- http_digest: Added required SSPI based variables to digest structure
Daniel Stenberg (6 Nov 2014)
- [Frank Gevaerts brought this change]
contributors.sh: --releasenotes reads in names from RELEASE-NOTES
This is very handy when updating the RELEASE-NOTES as then we sometimes
have names added manually in the existing list and we use this script to
update the set.
- RELEASE-NOTES: synced with 68542e72a9
- curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY
Reported-by: Christian Hägele
Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
Steve Holme (5 Nov 2014)
- build: Fixed Visual Studio project file generation of strdup.[c|h]
As the curl command-line tool now includes it's own version of strdup(),
for platforms that don't have it, fixed up the git respository Visual
Studio project file generator to not include the version from lib in the
tool project files, rather than having both lib\strdup.[c|h] and
src\tool_strdup.[c|h] present.
Daniel Stenberg (5 Nov 2014)
- tool_strdup.c: include the tool strdup.h
... not the lib/ one that the tool no longer uses!
- THANKS-filter: added another Michał Górny version we've used
- contributors.sh: split lists using " and "
... and require the space after the filtering to make the filter able to
remove names.
Steve Holme (5 Nov 2014)
- http_digest: Fixed memory leaks from commit 6f8d8131b1
- sasl: Fixed compilation warning from commit 25264131e2
Added forward declaration of digestdata to overcome the following
compilation warning:
warning: 'struct digestdata' declared inside parameter list
Additionally made the ntlmdata forward declaration dependent on
USE_NTLM similar to how digestdata and kerberosdata are.
- sasl: Fixed HTTP digest challenges with spaces between auth parameters
Broken as part of the rework, in commit 7e6d51a73c, to assist with the
addition of HTTP digest via Windows SSPI.
- http_digest: Fixed compilation errors from commit 6f8d8131b1
error: invalid operands to binary
warning: pointer targets in assignment differ in signedness
- http_digest: Moved response generation into SASL module
- http_digest: Moved challenge decoding into SASL module
- http_digest: Moved clean-up function into SASL module
- http_digest: Moved algorithm definitions to SASL module
- [Gisle Vanem brought this change]
ssh: Fixed build on platforms where R_OK is not defined
Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html
Reported-by: Jan Ehrhardt
- strdup: Removed irrelevant comment
...as Curl_memdup() duplicates an area of fix size memory, that may be
binary, and not a null terminated string.
- url.c: Fixed compilation warning
conversion from 'curl_off_t' to 'size_t', possible loss of data
- http_digest: Use CURLcode instead of CURLdigest
To provide consistent behaviour between the various HTTP authentication
functions use CURLcode based error codes for Curl_input_digest()
especially as the calling code doesn't use the specific error code just
that it failed.
Daniel Stenberg (5 Nov 2014)
- contributors.sh: filter common alternative name spellings
docs/THANKS-filter is a new filter file for converting contributor names
we get or have recorded in alternative formats to the one we already use
in THANKS. To help us show individual contributors using a single
presentation of their names.
- THANKS: added missing contributor from 2012
- [Frank Gevaerts brought this change]
Remove duplicate names.
The removed names also appear as:
Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien
Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su,
S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
Steve Holme (5 Nov 2014)
- sspi: Define authentication package name constants
These were previously hard coded, and whilst defined in security.h,
they may or may not be present in old header files given that these
defines were never used in the original code.
Not only that, but there appears to be some ambiguity between the ANSI
and UNICODE NTLM definition name in security.h.
Patrick Monnerat (5 Nov 2014)
- Adjust OS400-specific support to last release
Daniel Stenberg (5 Nov 2014)
- THANKS: added two missing names and removed a duplicate
./contributors.sh found these extra ones that somehow had fallen
through the cracks and never gotten added here.
Reported-by: Frank Gevaerts
- bump: towards next release
- THANKS: added names from 7.39.0 release notes
Version 7.39.0 (5 Nov 2014)
Daniel Stenberg (5 Nov 2014)
- RELEASE-NOTES: 7.39.0 release (commit b3875606925)
- curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.
Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.
Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
- lib544.c: use duphandle for test 545
To verify that curl_easy_duphandle() works fine on a handle that has
gotten data stored with *_COPYPOSTFIELDS.
- tests: add new feature 'SSLpinning'
... and make test 2034 and 2035 require it, and have it set when built
with OpenSSL or GnuTLS.
- buildconf: update copyright year
Steve Holme (4 Nov 2014)
- INSTALL: Consistent spacing in section headings, paragraphs and examples
Daniel Stenberg (4 Nov 2014)
- buildconf: stop checking for libtool
As we only use libtoolize, only check for that!
Steve Holme (4 Nov 2014)
- INSTALL: Corrected MIT Kerberos and Heimdal package names
- README: Corrected inconsistent use of --help
- INSTALL: Use GSS-API rather than GSSAPI
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to the SASL authentication mechanism.
...and minor rewording on the same paragraph.
- README: Added note about using Visual Studio projects out of git repository
Daniel Stenberg (4 Nov 2014)
- [K. R. Walker brought this change]
cmake: fix ZLIB_INCLUDE_DIRS use
CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see
http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB
Bug: https://github.com/bagder/curl/pull/123
- [Jay Satiro brought this change]
SSL: PolarSSL default min SSL version TLS 1.0
- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
- opts-Makefile: put more man pages into dist and make hmtl+pdf
- curl_multi_setopt.3: refer to stand-alone pages
... instead of duplicating info.
- opts: more multi options as stand-alone man pages
- Makefile.am: two cmake files are gone
8cb010144 removed the CurlCheckCSourceCompiles.cmake and
CurlCheckCSourceRuns.cmake files
- opts: made stand-alone man-pages for several multi options
- [Carlo Wood brought this change]
Curl_single_getsock: fix hold/pause sock handling
The previous condition that checked if the socket was marked as readable
when also adding a writable one, was incorrect and didn't take the pause
bits properly into account.
- [Peter Wu brought this change]
cmake: fix struct sockaddr_storage check
CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which
was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion
of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem
to affect the tests, so remove it too[2].
For the non-windows case, remove inet headers as POSIX only requires
sys/socket.h.
[1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx
[2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: clean OtherTests, fixing -Werror
There were several -Wunused warnings and one duplicate macro definition.
The EXTRA_DEFINES variable of the CurlCheckCSources macro was being
abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to
insert extra C code. Avoid this broken abstraction and use cmake's
check_c_source_compiles directly (works fine with CMake 2.8, maybe
even cmake 2.6).
After cleaning up all related variables (EXTRA_DEFINES,
HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate
add_headers_include macro and remove duplicate header additions before
the struct timeval check.
Oh, and now the code is converted to use CheckCSourceRuns and
CheckCSourceCompiles, the two curl-specific helpers can be removed.
Unfortunately, the cmake output is now slightly more verbose. Before:
Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test)
Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed
Since check_c_source_compiles prints the varname, now you see:
Performing Test curl_cv_func_send_test
Performing Test curl_cv_func_send_test - Failed
Tested: int send(int, const void *, size_t, int)
Compared cmake output with each other using vimdiff, no functional
differences were found. Tested with GCC 4.9.1 and Clang 3.5.0.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: fix gethostby{addr,name}_r in CurlTests
This patch cleans up the automatically-generated (?) code and fixes one
case that will always fail due to syntax error.
HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing
character ("int length;q"). Several parameter type and unused variable
warnings popped up. This causes a detection failure with -Werror.
Observe that the REENTRANT cases are exactly the same as their
non-REENTRANT cases except for a `_REENTRANT` macro definition.
Merge all these pieces and build one big main function with different
cases, but reusing variables where logical.
For the cases where the parameters where NULL, I looked at
lib/hostip4.c to get an idea of the parameters types.
void-cast variables such as 'rc' to avoid -Wuninitialized errors.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: drop _BSD_SOURCE macro usage
autotools does not use features.h nor _BSD_SOURCE. As this macro
triggers warnings since glibc 2.20, remove it. It should not have
functional differences.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Steve Holme (2 Nov 2014)
- RELEASE-NOTES: Synced with d71ea7c01e
Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change
as GSSAPI can be confused with the authentication mechanism rather than
a GSS-API implementation library such as MIT or Heimdal.
- build: Added WinIDN build configuration options
Added support for WinIDN build configurations to the VC6 project files.
- build: Added WinIDN build configuration options
Added support for WinIDN build configurations to the VC7 and VC7.1
project files.
- build: Fixed the pre-processor separator in Visual Studio project files
A left over from the VC6 project files, so mainly cosmetic in Visual
Studio .NET as it can handle both comma and semi-colon characters for
separating multiple pre-processor definitions.
However, the IDE uses semi-colons if the value is edited, and as such,
this may cause problems in future for anyone updating the files or
merging patches.
Used the Visual Studio IDE to correct the separator character.
- build: Added optional specific version generation of VC project files
..when working from the git repository. This is particularly useful
for single development environments where the project files for all
supported versions of Visual Studio may not be required.
- [Jay Satiro brought this change]
build-openssl.bat: Fix x64 release build
Prior to this change if x64 release was specified a failed attempt was
made to build x86 release instead.
- CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number
- CURLOPT_SASL_IR.3: Added supported mechanism information
...and removed duplication of what protocols are supported from the
description text.
- opts: Use common wording for MAIL related names
- opts: Use common wording for TLS user/password option names
...and revised the proxy wording a little as well.
- CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing
...and corrected a related typo in curl_easy_setopt.3.
Guenter Knauf (2 Nov 2014)
- RELEASE-NOTES: removed obsolete entry; fixed entry.
Steve Holme (2 Nov 2014)
- RELEASE-NOTES: Synced with e7da67f5d3
- docs: Added mention of Kerberos for CURL_VERSION_SSPI
As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP,
POP3 and SMTP authentication since v7.38.0.
- CURL_VERSION_KERBEROS4: Mark as deprecated
Support for Kerberos V4 was removed in v7.33.0.
- sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
Typically the USE_WINDOWS_SSPI definition would not be used when the
CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
data structures and functions would incorrectly be used when they
shouldn't be.
Introduced a new USE_KRB5 definition that takes into account the use of
CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
- openssl: Use 'CURLcode result'
More CURLcode fixes.
Daniel Stenberg (1 Nov 2014)
- resume: consider a resume from [content-length] to be OK
Basically since servers often then don't respond well to this and
instead send the full contents and then libcurl would instead error out
with the assumption that the server doesn't support resume. As the data
is then already transfered, this is now considered fine.
Test case 1434 added to verify this. Test case 1042 slightly modified.
Reported-by: hugo
Bug: http://curl.haxx.se/bug/view.cgi?id=1443
Steve Holme (1 Nov 2014)
- openssl: Use 'CURLcode result'
More standardisation of CURLcode usage and coding style.
- openssl: Use 'CURLcode result'
...and some minor code style changes.
- ftplistparser: We prefer 'CURLcode result'
- opts: Use common wording for user/password option names
- CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text
As this is covered by the PROTOCOLS section and saves having to update
two parts of the document with the same information in future.
- CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI
As implementations are refereed to GSS-API libraries as per the RFC and
GSSAPI typically refers to an authentication mechanism.
- CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list
Added missing IMAP to the protocol list.
- code cleanup: Use 'CURLcode result'
- curl_easy_setopt.3: Fixed lots of typos
- curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS
...as this option affects more that just FTP.
Guenter Knauf (30 Oct 2014)
- build: added Watcom support to build with WinSSL.
Daniel Stenberg (30 Oct 2014)
- CURLOPT_PINNEDPUBLICKEY.3: added details
Steve Holme (30 Oct 2014)
- CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list
Whilst the description included information about SMTP, the protocol
list only showed "TTP, FTP, IMAP, POP3".
- CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3
Daniel Stenberg (29 Oct 2014)
- openssl: enable NPN separately from ALPN
... and allow building with nghttp2 but completely without NPN and ALPN,
as nghttp2 can still be used for plain-text HTTP.
Reported-by: Lucas Pardue
- configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
... since the conditional in the code are now based on OpenSSL versions
instead to better support non-configure builds.
- opts: added some "SEE ALSO" references
Steve Holme (29 Oct 2014)
- RELEASE-NOTES: Synced with 32913182dc
- vtls.c: Fixed compilation warning
conversion from 'size_t' to 'unsigned int', possible loss of data
- sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when
acquiring the credentials handle fails. This is then consistent with
the code prior to commit f7e24683c4 when log-in credentials were empty.
- sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
Fixed the ability to use the current log-in credentials with DIGEST-MD5.
I had previously disabled this functionality in commit 607883f13c as I
couldn't get this to work under Windows 8, however, from testing HTTP
Digest authentication through Windows SSPI and then further testing of
this code I have found it works in Windows 7.
Some further investigation is required to see what the differences are
between Windows 7 and 8, but for now enable this functionality as the
code will return an error when AcquireCredentialsHandle() fails.
Kamil Dudka (29 Oct 2014)
- transfer: drop the code handling the ssl_connect_retry flag
Its last use has been removed by the previous commit.
- nss: drop the code for libcurl-level downgrade to SSLv3
This code was already deactivated by commit
ec783dc142129d3860e542b443caaa78a6172d56.
- openssl: fix a line length warning
Guenter Knauf (29 Oct 2014)
- Added NetWare support to build with nghttp2.
- Fixed error message since we require ALPN support.
- Check for ALPN via OpenSSL version number.
This check works also with to non-configure platforms.
Steve Holme (28 Oct 2014)
- sasl_sspi: Fixed typo in comment
- code cleanup: We prefer 'CURLcode result'
Daniel Stenberg (28 Oct 2014)
- TODO: consider supporting STAT
- mk-ca-bundle: spell fix "version"
- HTTP: return larger than 3 digit response codes too
HTTP 1.1 is clearly specified to only allow three digit response codes,
and libcurl used sscanf("%3d") for that purpose. This made libcurl
support smaller numbers but not larger. It does now, but we will not
make any specific promises nor document this further since it is going
outside of what HTTP is.
Bug: http://curl.haxx.se/bug/view.cgi?id=1441
Reported-by: Balaji
- src/: remove version.h.dist from gitignore
It has not been used since commit f7bfdbab in 2011
Steve Holme (26 Oct 2014)
- ntlm: We prefer 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
Guenter Knauf (26 Oct 2014)
- Cosmetics: lowercase non-special subroutine names.
Steve Holme (26 Oct 2014)
- RELEASE-NOTES: Synced with 07ac29a058
- http_negotiate: We prefer 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
- http_negotiate: Fixed missing check for USE_SPNEGO
- sspi: Synchronization of cleanup code between auth mechanisms
- sspi: Renamed max token length variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
- sspi: Renamed expiry time stamp variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
- sspi: Only call CompleteAuthToken() when complete is needed
Don't call CompleteAuthToken() after InitializeSecurityContext() has
returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
function should be called again after receiving a response back from
the server.
This only affected the Digest and NTLM authentication code.
Dan Fandrich (26 Oct 2014)
- Added the "flaky" keyword to a number of tests
Each shows evidence of flakiness on at least one platform on
the autobuilds. Users can use this keyword to skip these tests
if desired.
Steve Holme (26 Oct 2014)
- ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
For consistency with other areas of the NTLM code propagate all errors
from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just
CURLE_OUT_OF_MEMORY.
- ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
- ntlm: Use 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
- ntlm: Only define ntlm data structure when USE_NTLM is defined
- ntlm: Changed handles to be dynamic like other SSPI handles
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
- ntlm: Renamed handle variables to match other SSPI structures
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
- ntlm: Renamed SSPI based input token variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
- ntlm: We prefer 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
- build: Added WinIDN build configuration options
Added support for WinIDN build configurations to the VC8 and VC9
project files.
Nick Zitzmann (24 Oct 2014)
- darwinssl: detect possible future removal of SSLv3 from the framework
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
Patrick Monnerat (24 Oct 2014)
- gskit.c: remove SSLv3 from SSL default.
- gskit.c: use 'CURLcode result'
Daniel Stenberg (24 Oct 2014)
- [Jay Satiro brought this change]
SSL: Remove SSLv3 from SSL default due to POODLE attack
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.
- Update CURLOPT_SSLVERSION doc
- pipelining: only output "is not blacklisted" in debug builds
- *.3: add/extend "SEE ALSO" sections
- curl_easy_pause.3: minor wording edit
- curl_getdate.3: provide a "SEE ALSO" section
- curl_global_init.3: minor formatting fix, add version info
- url.c: use 'CURLcode result'
- code cleanup: we prefer 'CURLcode result'
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.
Also, unify code for checking for CURLcode errors with:
if(result) or if(!result)
instead of
if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
- Curl_add_timecondition: skip superfluous varible assignment
Detected by cppcheck.
- Curl_pp_flushsend: skip superfluous assignment
Detected by cppcheck.
- Curl_pp_readresp: remove superfluous assignment
Variable already assigned a few lines up.
Detected by cppcheck.
- Curl_proxyCONNECT: remove superfluous statement
The variable is already assigned, skip the duplicate assignment.
Pointed out by cppcheck.
Guenter Knauf (24 Oct 2014)
- Added MinGW support to build with nghttp2.
- Added VC ssh2 target to main Makefile.
- Some cosmetics and simplifies.
- Remove dependency on openssl and cut.
Prefer usage of Perl modules for sha1 calculation since there
might be systems where openssl is not installed or not in path.
If openssl is used for sha1 calculation then dont rely on cut
since it is usually not available on other systems than Linux.
Daniel Stenberg (23 Oct 2014)
- RELEASE-NOTES: synced with e116d0a62
- CURLOPT_RESOLVE.3: add an example
- gnutls: removed dead code
Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
- Curl_rand: Uninitialized variable: r
This is not actually used uninitialized but we silence warnings.
Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
- opts: provide more and updated examples
- CURLOPT_RANGE.3: works for SFTP as well
... and added a small example
- curl.1: edited for clarity
- CURLOPT_SSLVERSION.3: provide an example
- docs/libcurl/ABI: more markdown friendly
- docs: edited lots of libcurl docs for clarity
- opts: added examples
- HISTORY: two glimpses in 2014
Kamil Dudka (20 Oct 2014)
- nss: reset SSL handshake state machine
... when the handshake succeeds
This fixes a connection failure when FTPS handle is reused.
Daniel Stenberg (20 Oct 2014)
- [Peter Wu brought this change]
cmake: generate pkg-config and curl-config
Initial work to generate a pkg-config and curl-config script. Static
linking (`curl-config --static-libs` and `pkg-config --shared --libs
libcurl`) is broken and therefore disabled.
CONFIGURE_OPTIONS does not make sense for CMake, use an empty string
for now.
At least `curl-config --features` and `curl-config --protocols` work
which is needed by runtests.pl.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: use LIBCURL_VERSION from curlver.h
This matches the behavior from autotools. The auxiliary major, minor
and patch components are not needed anymore and therefore removed.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
For compatibility with autoconf, it will be used later for curl-config
and pkg-config. Not all features and or protocols can be enabled as
these are missing additional checks (see new TODOs).
SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=)
and manually verified/modified. SUPPORT_FEATURES is manually added.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- cmake: add CMake/Macros.cmake to the release tarball
- test545: make it not use a trailing zero
CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not
require a trailing zero of the data and by making sure this test doesn't
use one we know it works (combined with valgrind).
Steve Holme (16 Oct 2014)
- ntlm: Fixed empty type-2 decoded message info text
Updated the info text when the base-64 decode of the type-2 message
returns a null buffer to be more specific.
- ntlm: Fixed empty/bad base-64 decoded buffer return codes
- ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
Daniel Stenberg (16 Oct 2014)
- httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features
... and only do a single request for clarity.
Steve Holme (15 Oct 2014)
- sasl_sspi: Fixed some typos
- sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO
Daniel Stenberg (15 Oct 2014)
- [Bruno Thomsen brought this change]
mk-ca-bundle: added SHA-384 signature algorithm
Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.
[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
Patrick Monnerat (14 Oct 2014)
- OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope
- Implement pinned public key in GSKit backend
Daniel Stenberg (14 Oct 2014)
- CURLOPT_TLSAUTH_*.3: fix reference typos
- cleanups: reduce variable scope
cppcheck pointed these out.
- singleipconnect: remove dead assignment never used
cppcheck pointed this out.
- pinning: minor code style policing
Patrick Monnerat (13 Oct 2014)
- Factorize pinned public key code into generic file handling and backend specific
- vtls: remove QsoSSL
- gskit: supply dummy randomization function
- vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation
Daniel Stenberg (13 Oct 2014)
- [Peter Wu brought this change]
tests: move TESTCASES to Makefile.inc, add show for cmake
This change allows runtests.pl to be run from the CMake builddir:
export srcdir=/tmp/curl/tests;
perl -I$srcdir $srcdir/runtests.pl -l
In order to make this possible, all test cases have been moved from
Makefile.am to Makefile.inc.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: enable IPv6 by default if available
ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
struct sockaddr_in6 is not found in netinet/in.h.
Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
platform checks even though POSIX requires a thread-safe getaddrinfo.
Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
cmake: build tool_hugehelp (ENABLE_MANUAL)
Rather than always outputting an empty manual page for the '-M' option,
generate a full manual page as done by autotools. For simplicity in
CMake, always generate the gzipped page as it will not be used anyway
when zlib is not available.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- [Peter Wu brought this change]
tests/http_pipe.py: Python 3 support
The 2to3 tool converted socketserver (which I manually fixed up with an
import fallback) and the print(e) line. The xrange option was converted
to range, but it seems better to use the '*' operator here for
simplicity.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
- SECURITY: slightly nicer markdown format
- RELEASE-PROCEDURE: better markdown, more content
- RELEASE-NOTES: synced with 6637b237e6eb
... and bumped the planned release version.
- vtls: have vtls.h include the backend header files
It turned out some features were not enabled in the build since for
example url.c #ifdefs on features that are defined on a per-backend
basis but vtls.h didn't include the backend headers.
CURLOPT_CERTINFO was one such feature that was accidentally disabled.
- test2036: verify -O with no slash at all in the URL
Similar to test 76 but that test's URL has a slash just no file name
part.
- get_url_file_name: make no slash equal empty string
- get_url_file_name: never return a NULL string *and* OK
Change 987a4a73 assumes that as it simplifies life in the calling
function.
Reported-by: Fabian Keil
- [Jakub Zakrzewski brought this change]
Cmake: Build with GSSAPI (MIT or Heimdal)
It tries hard to recognise SDK's on different platforms. On windows MIT
Kerberos installs SDK with other things and puts path into registry.
Heimdal have separate zip archive. On linux pkg-config is tried, then
krb5-config script and finally old-style libs and headers detection.
Command line args:
* CMAKE_USE_GSSAPI - enables GSSAPI detection
* GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation
(the one with include and lib directories)
- [Jakub Zakrzewski brought this change]
Cmake: Got rid of setup_curl_dependencies
There is no need for such function. Include_directories propagate by
themselves and having a function with one simple link statement makes
little sense.
- [Jakub Zakrzewski brought this change]
Cmake: Avoid cycle directory dependencies.
Because we prepended libraries to list, CMake had troubles resolving
link directory order as it detected some cycles. Appending to list ensures
that dependencies will preceed dependees.
- [Jakub Zakrzewski brought this change]
Cmake: Fix library list provided to cURL tests.
The list must be set after those nice CMake tests as we mess with
CMAKE_REQUIRED_LIBRARIES there.
- [Jakub Zakrzewski brought this change]
Cmake: Check for OpenSSL before OpenLDAP.
OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first
may result in undefined symbols. Of course, the found OpenSSL libraries
must also be linked whenever OpenLDAP is.
- curl_multi_fdset.3: improved the formatting slightly
- curl_multi_fdset: explain the fd_set arguments
Kamil Dudka (8 Oct 2014)
- nss: do not fail if a CRL is already cached
This fixes a copy-paste mistake from commit 2968f957.
Patrick Monnerat (8 Oct 2014)
- OS400: upgrade interface for pinned public key (no implementation yet)
Daniel Stenberg (8 Oct 2014)
- FormAdd: precaution against memdup() of NULL pointer
Coverity CID 252518. This function is in general far too complicated for
its own good and really should be broken down into several smaller
funcitons instead - but I'm adding this protection here now since it
seems there's a risk the code flow can end up here and dereference a
NULL pointer.
- operate: avoid NULL dereference
Coverity CID 1241948. dumpeasysrc() would get called with
config->current set to NULL which could be dereferenced by a warnf()
call.
- do_sec_send: remove dead code
Coverity CID 1241951. The condition 'len >= 0' would always be true at
that point and thus not necessary to check for.
- krb5_encode: remove unused argument
Coverity CID 1241957. Removed the unused argument. As this struct and
pointer now are used only for krb5, there's no need to keep unused
function arguments around.
- operate_do: skip superfluous check for NULL pointer
Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL
file name pointer so skip the check for that - it tricks coverity into
believing it can happen and it then warns later on when we use 'outfile'
without checking for NULL.
- curl_easy_getinfo.3: spell-fix
Reported-By: Luan Cestari
- [moparisthebest brought this change]
GnuTLS: Implement public key pinning
- [moparisthebest brought this change]
SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).
Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
- multi_runsingle: fix possible memory leak
Coverity CID 1202837. 'newurl' can in fact be allocated even when
Curl_retry_request() returns failure so free it if need be.
- ares::Curl_resolver_cancel: skip checking for NULL conn
Coverity CID 1243581. 'conn' will never be NULL here, and if it would be
the subsequent statement would dereference it!
- parseconfig: skip a NULL check
Coverity CID 1154198. This NULL check implies that the pointer _can_ be
NULL at this point, which it can't. Thus it is dead code. It tricks
static analyzers to warn about dereferencing the pointer since the code
seems to imply it can be NULL.
- [Waldek Kozba brought this change]
multi-uv.c: call curl_multi_info_read() better
Improves it for low-latency cases (like the communication with
localhost)
- tool_go_sleep: use (void) to spell out we ignore the return value
Coverity CID 1222080.
- ssh_statemach_act: split out assignment from check
just a minor code style thing to make the code clearer
Marc Hoersken (4 Oct 2014)
- curl_schannel.c: Fixed possible memory or handle leak
First try to fix possible memory leaks, in this case:
Only connssl->ctxt xor onnssl->cred being initialized.
Daniel Stenberg (4 Oct 2014)
- getparameter: remove dead code
Coverity CID 1061126. 'parse' will always be non-NULL here.
- getparameter: comment a switch FALLTHROUGH
Coverity CID 1061118. Point out that it is on purpose.
- choose_mech: fix return code
Coverity CID 1241950. The pointer is never NULL but it might point to
NULL.
- Curl_sec_read_msg: spell out that we ignore return code
Coverity CID 1241947. Since if sscanf() fails, the previously set value
remains set.
- nonblock: call with (void) to show we ignore the return code
Coverity pointed out several of these.
- parse_proxy: remove dead code.
Coverity CID 982331.
- Curl_debug: document switch fallthroughs
- curl_multi_remove_handle: remove dead code
Coverify CID 1157776. Removed a superfluous if() that always evaluated
true (and an else clause that never ran), and then re-indented the
function accordingly.
- Curl_pipeline_server_blacklisted: handle a NULL server name
Coverity CID 1215284. The server name is extracted with
Curl_copy_header_value() and passed in to this function, and
copy_header_value can actually can fail and return NULL.
- ssh: comment "fallthrough" in switch statement
- [Jeremy Lin brought this change]
ssh: improve key file search
For private keys, use the first match from: user-specified key file
(if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa
Note that the previous code only looked for id_dsa files. id_rsa is
now generally preferred, as it supports larger key sizes.
For public keys, use the user-specified key file, if provided.
Otherwise, try to extract the public key from the private key file.
This means that passing --pubkey is typically no longer required,
and makes the key-handling behavior more like OpenSSH.
- CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list
- detect_proxy: fix possible single-byte memory leak
Coverity CID 1202836. If the proxy environment variable returned an empty
string, it would be leaked. While an empty string is not really a proxy, other
logic in this function already allows a blank string to be returned so allow
that here to avoid the leak.
- multi_runsingle: fix memory leak
Coverity CID 1202837. There's a potential risk that 'newurl' gets
overwritten when it was already pointing to allocated memory.
- pop3_perform_authentication: fix memory leak
Coverity CID 1215287. There's a potential risk for a memory leak in
here, and moving the free call to be unconditional seems like a cheap
price to remove the risk.
- imap_perform_authentication: fix memory leak
Coverity CID 1215296. There's a potential risk for a memory leak in
here, and moving the free call to be unconditional seems like a cheap
price to remove the risk.
- wait_or_timeout: return failure when Curl_poll() fails
Coverity detected this. CID 1241954. When Curl_poll() returns a negative value
'mcode' was uninitialized. Pretty harmless since this is debug code only and
would at worst cause an error to _not_ be returned...
- curl.1: mention quoting in the URL section
and separate the example URLs with newlines
Steve Holme (30 Sep 2014)
- [Bill Nagel brought this change]
smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that
sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL
appears to require the same pointer on a write that follows a retry
(CURLE_AGAIN) as discussed here:
http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr
Daniel Stenberg (30 Sep 2014)
- RELEASE-NOTES: synced with 53cbea22310f15
- file: reject paths using embedded %00
Mostly because we use C strings and they end at a binary zero so we know
we can't open a file name using an embedded binary zero.
Reported-by: research@g0blin.co.uk
Dan Fandrich (26 Sep 2014)
- test506: Fixed a couple of memory leaks in test
Daniel Stenberg (25 Sep 2014)
- [Yousuke Kimoto brought this change]
CURLOPT_COOKIELIST: Added "RELOAD" command
- [Michael Wallner brought this change]
CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303
- threaded-resolver: revert Curl_expire_latest() switch
The switch to using Curl_expire_latest() in commit cacdc27f52b was a
mistake and was against the advice even mentioned in that commit. The
comparison in asyn-thread.c:Curl_resolver_is_resolved() makes
Curl_expire() the suitable function to use.
Bug: http://curl.haxx.se/bug/view.cgi?id=1426
Reported-By: graysky
- libcurl docs: improvements all over
Steve Holme (19 Sep 2014)
- build: Added WinIDN build configuration options
Added initial support for WinIDN build configurations to the VC10+
project files.
Daniel Stenberg (19 Sep 2014)
- tutorial: signals aren't used for the threaded resolver
- FAQ: update the pronunciation section
As we weren't using the correct phonetic description and doing it correctly
involves funny letters that I'm sure will cause problems for people in a text
document so I instead rephrased it and link to a WAV file with a person
actually saying 'curl'.
Reported-By: Dimitar Boevski
- CURLOPT_COOKIE*: added more cross-references
- BINDINGS: add node-libcurl
Reported-By: Jonathan Cardoso Machado
URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
- README.http2: updated to reflect current status
- formdata: removed unnecessary USE_SSLEAY use
- curlssl: make tls backend symbols use curlssl in the name
- url: let the backend decide CURLOPT_SSL_CTX_ support
... to further remove specific TLS backend knowledge from url.c
- vtls: have the backend tell if it supports CERTINFO
- [Catalin Patulea brought this change]
configure: allow --with-ca-path with PolarSSL too
Missed this in af45542c.
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
- CURLOPT_CAPATH: return failure if set without backend support
- [Tatsuhiro Tsujikawa brought this change]
http2: Fix busy loop when EOF is encountered
Previously we did not handle EOF from underlying transport socket and
wrongly just returned error code CURL_AGAIN from http2_recv, which
caused busy loop since socket has been closed. This patch adds the
code to handle EOF situation and tells the upper layer that we got
EOF.
Steve Holme (13 Sep 2014)
- build: Added batch wrapper to checksrc.pl
- RELEASE-NOTES: Synced with bd3df5ec6d
- [Marcel Raad brought this change]
sasl_sspi: Fixed Unicode build
Bug: http://curl.haxx.se/bug/view.cgi?id=1422
Verified-by: Steve Holme
Daniel Stenberg (12 Sep 2014)
- libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines
The former link was turned into a 404 at some point.
Reported-By: Askar Safin
- contributors.sh: split list of names at comma
... to support a list of names provided in a commit message.
Steve Holme (12 Sep 2014)
- [Ulrich Telle brought this change]
ntlm: Fixed HTTP proxy authentication when using Windows SSPI
Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix
bug in NTLM handshake for HTTP proxy authentication.
NTLM handshake for HTTP proxy authentication failed with error
SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy
servers on generating the NTLM Type-3 message.
The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according
to the observations and suggestions made in a bug report for the
QT project (https://bugreports.qt-project.org/browse/QTBUG-17322).
Removing all the flags solved the problem.
Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html
Reported-by: Ulrich Telle
Assisted-by: Steve Holme, Daniel Stenberg
Daniel Stenberg (12 Sep 2014)
- [Ray Satiro brought this change]
newlines: fix mixed newlines to LF-only
I use the curl repo mainly on Windows with the typical Windows git
checkout which converts the LF line endings in the curl repo to CRLF
automatically on checkout. The automatic conversion is not done on files
in the repo with mixed line endings. I recently noticed some weird
output with projects/build-openssl.bat that I traced back to mixed line
endings, so I scanned the repo and there are files (excluding the
test data) that have mixed line endings.
I used this command below to do the scan. Unfortunately it's not as easy
as git grep, at least not on Windows. This gets the names of all the
files in the repo's HEAD, gets each of those files raw from HEAD, checks
for mixed line endings of both LF and CRLF, and prints the name if
mixed. I excluded path tests/data/test* because those can have mixed
line endings if I understand correctly.
for f in `git ls-tree --name-only --full-tree -r HEAD`;
do if [ -n "${f##tests/data/test*}" ];
then git show "HEAD:$f" | \
perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/';
if [ $? -ne 0 ];
then echo "$f";
fi;
fi;
done
- [Viktor Szakáts brought this change]
mk-ca-bundle.pl: converted tabs to spaces, deleted trailing spaces
- ROADMAP: markdown eats underscores
It interprets them as italic indictors unless we backtick the word.
- ROADMAP: tiny formatting edit for nicer web output
Steve Holme (10 Sep 2014)
- ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions
- INTERNALS: Added email and updated Kerberos details
- FEATURES: Updated Kerberos details
Added support for Kerberos 5 to the email protocols following the recent
additions in 7.38.0.
Removed Kerberos 4 as this has been gone for a while now.
Daniel Stenberg (10 Sep 2014)
- [Paul Howarth brought this change]
openssl: build fix for versions < 0.9.8e
Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html
- mk-ca-bundle.pl: first, try downloading HTTPS with curl
As a sort of step forward, this script will now first try to get the
data from the HTTPS URL using curl, and only if that fails it will
switch back to the HTTP transfer using perl's native LWP functionality.
To reduce the risk of this script being tricked.
Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so
we can't really ever completely disable HTTP, but chances are that most
users already have a ca cert bundle that trusts the mozilla.org site
that this script downloads from.
A future version of this script will probably switch to require a
dedicated "insecure" command line option to allow downloading over HTTP
(or unverified HTTPS).
- LICENSE-MIXING: removed krb4 info
krb4 has been dropped since a while now
- bump: on the 7.38.1-DEV train now!
- SSLCERTS: minor updates
Edited format to look better on the web, added a "it is about trust"
section.
Version 7.38.0 (10 Sep 2014)
Daniel Stenberg (10 Sep 2014)
- dist: two cmake files are no more
CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b
- RELEASE-NOTES: final update for 7.38.0
- cookies: reject incoming cookies set for TLDs
Test 61 was modified to verify this.
CVE-2014-3620
Reported-by: Tim Ruehsen
URL: http://curl.haxx.se/docs/adv_20140910B.html
- [Tim Ruehsen brought this change]
cookies: only use full host matches for hosts used as IP address
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.
CVE-2014-3613
Bug: http://curl.haxx.se/docs/adv_20140910A.html
- HISTORY: fix the 1998 title position
- HISTORY: extended and now markdown
- SSLCERTS: converted to markdown
Only minor edits to make it generate nice HTML output using markdown, as
this document serves both in source release tarballs as on the web site.
URL: http://curl.haxx.se/docs/sslcerts.html
- ftp-wildcard.c: spell fix
Reported-By: Frank Gevaerts
- RELEASE-NOTES: synced with 921a0c22a6f
- THANKS: synced with RELEASE-NOTES for 921a0c22a6f
- polarassl: avoid memset() when clearing the first byte is enough
- [Catalin Patulea brought this change]
polarssl: support CURLOPT_CAPATH / --capath
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
- SECURITY: eh, make more sense!
- SECURITY: how to join the curl-security list
- RELEASE-NOTES: fix the required nghttp2 version typo
- [Brandon Casey brought this change]
Ensure progress.size_dl/progress.size_ul are always >= 0
Historically the default "unknown" value for progress.size_dl and
progress.size_ul has been zero, since these values are initialized
implicitly by the calloc that allocates the curl handle that these
variables are a part of. Users of curl that install progress
callbacks may expect these values to always be >= 0.
Currently it is possible for progress.size_dl and progress.size_ul
to by set to a value of -1, if Curl_pgrsSetDownloadSize() or
Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few
places currently do, and a following patch will add more). So
lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize()
so they make sure that these variables always contain a value that
is >= 0.
Updates test579 and test599.
Signed-off-by: Brandon Casey <drafnel@gmail.com>
Steve Holme (7 Sep 2014)
- tests: Added test1420 to the makefile
- test1420: Removed unnecessary CURLOPT setting
- tests: Added more "Clear Text" authentication keywords
- tests: Updated "based on" text due to email test renumbering
- tests: For consistency added --libcurl to test name
- tests: Added --libcurl for IMAP test case
- multi.c: Avoid invalid memory read after free() from commit 3c8c873252
As the current element in the list is free()d by Curl_llist_remove(),
when the associated connection is pending, reworked the loop to avoid
accessing the next element through e->next afterward.
- multi.c: Fixed compilation warning from commit 3c8c873252
warning: implicit conversion from enumeration type 'CURLMcode' to
different enumeration type 'CURLcode'
- url.c: Use CURLAUTH_NONE constant rather than 0
Small follow up to commit 898808fa8c to use auth constants rather than
hard code value when clearing picked authentication mechanism.
- RELEASE-NOTES: Synced with fd1ce3856a
Nick Zitzmann (4 Sep 2014)
- [Vilmos Nebehaj brought this change]
darwinssl: Use CopyCertSubject() to check CA cert.
SecCertificateCopyPublicKey() is not available on iPhone. Use
CopyCertSubject() instead to see if the certificate returned by
SecCertificateCreateWithData() is valid.
Reported-by: Toby Peterson
Steve Holme (4 Sep 2014)
- RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI
Daniel Stenberg (4 Sep 2014)
- MAIL-ETIQUETTE: "1.8 I posted, now what?"
- CURLOPT_CA*: better refering between *CAINFO and *CAPATH
... and a minor wording edit
- THANKS: added Dennis Clarke
Dennis Clarke from Blastwave.org for ensuring that nightly builds run
smooth on Solaris!
- curl_multi_cleanup: remove superfluous NULL assigns
... as the struct is free()d in the end anyway. It was first pointed out
to me that one of the ->msglist assignments were supposed to have been
->pending but was a copy and paste mistake when I realized none of the
clearing of pointers had to be there.
- multi: convert CURLM_STATE_CONNECT_PEND handling to a list
... instead of scanning through all handles, stash only the actual
handles that are in that state in the new ->pending list and scan that
list only. It should be mostly empty or very short. And only used for
pipelining.
This avoids a rather hefty slow-down especially notable if you add many
handles to the same multi handle. Regression introduced in commit
0f147887 (version 7.30.0).
Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html
Reported-by: David Meyer
- RELEASE-NOTES: synced with e608324f9f9
- [Andre Heinecke brought this change]
polarssl: implement CURLOPT_SSLVERSION
Forwards the setting as minimum ssl version (if set) to polarssl. If
the server does not support the requested version the SSL Handshake will
fail.
Bug: http://curl.haxx.se/bug/view.cgi?id=1419
nickzman (1 Sep 2014)
- Merge pull request #115 from ldx/darwinsslfixpr
darwinssl: now accepts cacert bundles in PEM format in addition to single certs
Vilmos Nebehaj (1 Sep 2014)
- Check CA certificate in curl_darwinssl.c.
SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
if the buffer holds an invalid or corrupt certificate. Call
SecCertificateCopyPublicKey() to make sure cacert is a valid
certificate.
Daniel Stenberg (31 Aug 2014)
- low-speed-limit: avoid timeout flood
Introducing Curl_expire_latest(). To be used when we the code flow only
wants to get called at a later time that is "no later than X" so that
something can be checked (and another timeout be added).
The low-speed logic for example could easily be made to set very many
expire timeouts if it would be called faster or sooner than what it had
set its own timer and this goes for a few other timers too that aren't
explictiy checked for timer expiration in the code.
If there's no condition the code that says if(time-passed >= TIME), then
Curl_expire_latest() is preferred to Curl_expire().
If there exists such a condition, it is on the other hand important that
Curl_expire() is used and not the other.
Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html
Reported-by: Florian Weimer
- [Michael Wallner brought this change]
resolve: cache lookup for async resolvers
While waiting for a host resolve, check if the host cache may have
gotten the name already (by someone else), for when the same name is
resolved by several simultanoues requests.
The resolver thread occasionally gets stuck in getaddrinfo() when the
DNS or anything else is crappy or slow, so when a host is found in the
DNS cache, leave the thread alone and let itself cleanup the mess.
Vilmos Nebehaj (30 Aug 2014)
- Fix CA certificate bundle handling in darwinssl.
If the --cacert option is used with a CA certificate bundle that
contains multiple CA certificates, iterate through it, adding each
certificate as a trusted root CA.
Daniel Stenberg (29 Aug 2014)
- [Askar Safin brought this change]
getinfo-times: Typo fixed
- [Askar Safin brought this change]
libcurl.3: Typo fixed
- curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen
- curl.1: add an example for -H
- FAQ: mention -w in the 4.20 answer as well
- FAQ: 4.20 curl doesn't return error for HTTP non-200 responses
- CURLOPT_NOBODY.3: clarify this option is for downloads
When enabling CURLOPT_NOBODY, libcurl effectively switches off upload
mode and will do a download (without a body). This is now better
explained in this man page.
Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html
Reported-by: John Coffey
- INTERNALS: nghttp2 must be 0.6.0 or later
- [Tatsuhiro Tsujikawa brought this change]
Compile with latest nghttp2
Dan Fandrich (26 Aug 2014)
- THANKS: removed a few more duplicates
Daniel Stenberg (26 Aug 2014)
- RELEASE-NOTES: synced with 007242257683a
... and bumped the contributor amount after recount
- THANKS: added 52 missing contributors
I re-ran contributors.sh on all changes since 7.10 and I found these
contributors who are mentioned in the commits but never were added to
THANKS before!
I also removed a couple of duplicates (mostly due to different
spellings).
- contributors: grep and sort case insensitively
- [Michael Osipov brought this change]
configure.ac: Add support for recent GSS-API implementations for HP-UX
By default, configure script assumes that libcurl will use the
HP-supplied GSS-API implementation which does not have krb5-config.
If a dev needs a more recent version which has that config script,
the change will allow to pass an appropriate GSSAPI_ROOT.
- CONNECT: close proxy connections that fail to CONNECT
This is usually due to failed auth. There's no point in us keeping such
a connection alive since it shouldn't be re-used anyway.
Bug: http://curl.haxx.se/bug/view.cgi?id=1381
Reported-by: Marcel Raad
- RELEASE-NOTES: added two missing HTTP/2 bug fixes
And renamed all http2 references to HTTP/2 in this file
- RELEASE-NOTES: synced with f646e9075f47
- [Jakub Zakrzewski brought this change]
Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows
At this point I can build libcurl on windows. It provides at least the same
list of protocols as for linux build and works with our software.
- [Jakub Zakrzewski brought this change]
Cmake: Removed repeated content from ending blocks
They are unnecesary in modern CMake and removing them improves readability.
- [Jakub Zakrzewski brought this change]
Cmake: Removed some useless empty SET statements.
Undefined variables resolve to empty strings and we do not ever test if
the variable is defined thus those SETs are superfluous.
- [Jakub Zakrzewski brought this change]
Cmake: Removed useless comments from CMakeLists.txt
They look like some relics after changes.
- [Jakub Zakrzewski brought this change]
Cmake: Don't check for all headers each time
One header at a time is the right way. Apart from that the output on
windows goes from:
...
-- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
-- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h
- found
-- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
ock2.h
-- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
ock2.h - found
-- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
o.h
-- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi
o.h - found
-- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
ows.h
-- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind
ows.h - found
-- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
ock.h
-- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins
ock.h - found
-- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
filio.h
-- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
filio.h - not found
-- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
ioctl.h
-- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
ioctl.h - not found
-- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/
resource.h
...
To much nicer:
...
-- Looking for ws2tcpip.h
-- Looking for ws2tcpip.h - found
-- Looking for winsock2.h
-- Looking for winsock2.h - found
-- Looking for stdio.h
-- Looking for stdio.h - found
-- Looking for windows.h
-- Looking for windows.h - found
-- Looking for winsock.h
-- Looking for winsock.h - found
-- Looking for sys/filio.h
-- Looking for sys/filio.h - not found
-- Looking for sys/ioctl.h
-- Looking for sys/ioctl.h - not found
-- Looking for sys/resource.h
- [Jakub Zakrzewski brought this change]
Cmake: Append OpenSSL include directory to search path
At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2.
Supported protocols are at least:
HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP
(those are the ones we have regression tests for
in our product's testsuite)
- [Jakub Zakrzewski brought this change]
Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code.
- [Jakub Zakrzewski brought this change]
Cmake: LibSSH2 detection and use.
- [Jakub Zakrzewski brought this change]
Cmake: Moved macros out of the main CMakeLists.txt
- [Jakub Zakrzewski brought this change]
Cmake: Added missing protocol-disable switches
They already have their defines in config.h. This makes it possible to
disable the protocols from command line during configure step.
- [Jakub Zakrzewski brought this change]
Cmake: Made boolean defines be defined to "1" instead of "ON"
It's by convention, for compatibility and because the comments say so.
Just mabe someone have written a test like "#if HAVE_XX==1"
- [Jakub Zakrzewski brought this change]
Cmake: Require at least CMake 2.8.
CMake 2.6 is already a bit old. Many bugs have been fixed since
its release. We use 2.8 in our company and we have no intention
of polluting our environment with old software, so 2.6 would
not be tested. This shouldn't be a problem since all one need
to build CMake from source is C and C++ compiler.
- disconnect: don't touch easy-related state on disconnects
This was done to make sure NTLM state that is bound to a connection
doesn't survive and gets used for the subsequent request - but
disconnects can also be done to for example make room in the connection
cache and thus that connection is not strictly related to the easy
handle's current operation.
The http authentication state is still kept in the easy handle since all
http auth _except_ NTLM is connection independent and thus survive over
multiple connections.
Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
Reported-by: Paras S
- curl.1: clarify --limit-rate's effect on both directions
Bug: http://curl.haxx.se/bug/view.cgi?id=1414
Reported-by: teo8976
- curl.1: mention the --post30x options within the --location desc
Dan Fandrich (22 Aug 2014)
- sasl: Fixed a memory leak on OOM
Daniel Stenberg (22 Aug 2014)
- [Frank Meier brought this change]
NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed
since NTLM requires multiple requests that re-use the same connection
for the authentication to work
Solution: Ignore the forbid reuse flag in case the NTLM authentication
handshake is in progress, according to the NTLM state flag.
Fixed known bug #77.
Steve Holme (22 Aug 2014)
- openssl.c: Fixed longer than 79 columns
- openssl.c: Fixed compilation warning
warning: declaration of 'minor' shadows a global declaration
Daniel Stenberg (21 Aug 2014)
- [Haris Okanovic brought this change]
win32: Fixed WinSock 2 #if
A conditionally compiled block in connect.c references WinSock 2
symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef
HAVE_WINSOCK2_H`.
Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html
- Curl_disconnect: don't free the URL
The URL is not a property of the connection so it should not be freed in
the connection disconnect but in the Curl_close() that frees the easy
handle.
Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html
Reported-by: Paras S
- help output: minor whitespace edits
Should've been amended in the previous commit but wasn't due to a
mistake.
- [Zearin brought this change]
help output: use ≥2 spaces between option and description
... and some other cleanups
- FAQ: some actually sometimes get paid...
Steve Holme (17 Aug 2014)
- sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge
- sasl_sspi: Renamed GSSAPI mutual authentication parameter
...From "mutual" to "mutual_auth" which better describes what it is.
- sasl_sspi: Corrected some of the GSSAPI security message error codes
Corrected a number of the error codes that can be returned from the
Curl_sasl_create_gssapi_security_message() function when things go
wrong.
It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the
inbound security challenge can't be decoded correctly or doesn't
contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when
EncryptMessage() fails. Unfortunately the previous error code of
CURLE_RECV_ERROR was a copy and paste mistakes on my part and should
have been correct in commit 4b491c675f :(
- docs: Escaped single backslash
- TODO: Updated following GSSAPI (Kerberos V5) additions
Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other
authentication mechanisms" following recent additions.
Added SASL 14.2 GSSAPI via GSS-API libraries.
- CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information
This repeats what has already been documented in both the curl manpage
and CURLOPT_USERPWD documentation but is provided here for completeness
as someone may not especially read the latter when using libcurl.
- CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes
Added information about Kerberos V5 requiring the domain part in the
user name.
Mentioned that the user name can be specified in UPN format, and not
just in Down-Level Logon Name format, following the information
added in commit 7679cb3fa8 reworking the exisitng information in the
process.
- docs: Added Kerberos V5 and NTLM domain information to --user
- docs: Added Kerberos V5 to the --user SSPI current credentials usage
- sasl_sspi: Tell the server we don't support a GSSAPI receive buffer
- smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
- pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
- imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI
- email: Added mutual authentication flag
Daniel Stenberg (15 Aug 2014)
- RELEASE-NOTES: synced with 0187c9e11d079
- http: fix the Content-Range: parser
... to handle "*/[total]". Also, removed the strange hack that made
CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
CURLE_OK.
Reported-by: Dimitrios Siganos
Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
Steve Holme (14 Aug 2014)
- email: Introduced the GSSAPI states
- curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f
warning: unused variable 'resp'
warning: no previous prototype for 'Curl_sasl_gssapi_cleanup'
- SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064
* curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f
warning: declaration of 'result' shadows a previous local
- curl_sasl.h: Fixed compilation error from commit 4b491c675f
warning: 'struct kerberos5data' declared inside parameter list
Due to missing forward declaration.
- urldata.h: Fixed compilation warnings from commit 3ec253532e
warning: extra tokens at end of #endif directive
- sasl_sspi: Added GSSAPI message functions
- urldata: Introduced a GSSAPI (Kerberos V5) data structure
Added a kerberos5data structure which is similar in nature to the
ntlmdata and negotiatedata structures.
- sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module
In preparation for the upcoming SSPI implementation of GSSAPI
authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from
socks_sspi.c to curl_sspi.h allowing it to be shared amongst other
SSPI based code.
Daniel Stenberg (13 Aug 2014)
- mk-ca-bundle.pl: add missing $
- mk-ca-bundle.pl: switched to using hg.mozilla.org
... as mxr.mozilla.org is due to be retired.
The new host doesn't support If-Modified-Since nor ETags, meaning that
the script will now defer to download and do a post-transfer checksum
check to see if a new output is to be generated. The new output format
will hold the SHA1 checksum of the source file for that purpose.
We call this version 1.22
Reported-by: Ed Morley
Bug: http://curl.haxx.se/bug/view.cgi?id=1409
- [Jose Alf brought this change]
openssl: fix version report for the 0.9.8 branch
Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8,
starting from openssl-0.9.8za.
- [Frank Meier brought this change]
create_conn: prune dead connections
Bringing back the old functionality that was mistakenly removed when the
connection cache was remade. When creating a new connection, all the
existing ones are checked and those that are known to be dead get
disconnected for real and removed from the connection cache. It helps
the cache from holding on to very many stale connections and aids in
keeping down the number of system sockets in wait states.
Help-by: Jonatan Vela <jonatan.vela@ergon.ch>
Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html
Kamil Dudka (11 Aug 2014)
- docs/SSLCERTS: update the section about NSS database
Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html
Reported-by: David Shaw
Daniel Stenberg (11 Aug 2014)
- [Peter Wang brought this change]
Curl_poll + Curl_wait_ms: fix timeout return value
Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check
in commits b61e8b8 and c771968:
When poll or select are interrupted and coincides with the timeout
elapsing, the functions return -1 indicating an error instead of 0 for
the timeout.
Steve Holme (10 Aug 2014)
- config-tpf.h: Fixed up line lengths > 79 characters
- config-symbian.h: Fixed up line lengths > 79 characters
- tool_hugehelp.c.cvs: Added copyright
Added copyright due to warning from checksrc.pl.
- RELEASE-NOTES: Synced with cd6ecf6a89
- sasl_sspi: Fixed hard coded buffer for response generation
Given the SSPI package info query indicates a token size of 4096 bytes,
updated to use a dynamic buffer for the response message generation
rather than a fixed buffer of 1024 bytes.
- sasl_sspi: Fixed missing free of challenge buffer on SPN failure
- http_negotiate_sspi: Tidy up to remove the get_gss_name() function
Due to the reduction of code in commit 3b924b29 of get_gss_name() the
function isn't necessary anymore.
- http_negotiate_sspi: Use a dynamic buffer for SPN generation
Updated to use a dynamic buffer for the SPN generation via the recently
introduced Curl_sasl_build_spn() function rather than a fixed buffer of
1024 characters, which should have been more than enough, but by using
the new function removes the need for another variable sname to do the
wide character conversion in Unicode builds.
- sasl: Tidy up to rename SPN variable from URI
- sasl: Use a dynamic buffer for SPN generation
Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer
for the SPN generation via the recently introduced Curl_sasl_build_spn()
function rather than a fixed buffer of 128 characters.
- sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
Curl_sasl_create_digest_md5_message() would simply cast the SPN variable
to a TCHAR when calling InitializeSecurityContext(). This meant that,
under Unicode builds, it would not be valid wide character string.
Updated to use the recently introduced Curl_sasl_build_spn() function
which performs the correct conversion for us.
- sasl: Introduced Curl_sasl_build_spn() for building a SPN
Various parts of the libcurl source code build a SPN for inclusion in
authentication data. This information is either used by our own native
generation routines or passed to authentication functions in third-party
libraries such as SSPI. However, some of these instances use fixed
buffers rather than dynamically allocated ones and not all of those that
should, convert to wide character strings in Unicode builds.
Implemented a common function that generates a SPN and performs the
wide character conversion where necessary.
- sasl_sspi: Fixed memory leak with not releasing Package Info struct
Curl_sasl_create_digest_md5_message() wouldn't free the Package Info
structure after QuerySecurityPackageInfo() had allocated it.
- [Michael Osipov brought this change]
docs: Update SPNEGO and GSS-API related doc sections
Reflect recent changes in SPNEGO and GSS-API code in the docs.
Update them with appropriate namings and remove visible spots for
GSS-Negotiate.
- sspi: Minor code tidy up to standardise coding style
Following the recent changes and in attempt to align the SSPI based
authentication code performed the following:
* Use NULL and SECBUFFVERSION rather than hard coded constants.
* Avoid comparison of zero in if statements.
* Standardised the buf and desc setup code.
- schannel: Fixed compilation warning in vtls.c
vtls.c:688:43: warning: unused parameter 'data'
- tool_getparam.c: Fixed compilation warning
warning: `orig_opt' might be used uninitialized in this function
- RELEASE-NOTES: Synced with 159c3aafd8
Daniel Stenberg (8 Aug 2014)
- curl_ntlm_msgs: make < 80 columns wide
Steve Holme (8 Aug 2014)
- ntlm: Fixed hard coded buffer for SSPI based auth packet generation
Given the SSPI package info query indicates a token size of 2888 bytes,
and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
for the Type-1 and Type-3 message generation rather than a fixed buffer
of 1024 bytes.
- ntlm: Added support for SSPI package info query
Just as with the SSPI implementations of Digest and Negotiate added a
package info query so that libcurl can a) return a more appropriate
error code when the NTLM package is not supported and b) it can be of
use later to allocate a dynamic buffer for the Type-1 and Type-3
output tokens rather than use a fixed buffer of 1024 bytes.
Daniel Stenberg (7 Aug 2014)
- http2: added some more logging for debugging stream problems
- [Tatsuhiro Tsujikawa brought this change]
HTTP/2: Reset promised stream, not its associated stream.
- [Tatsuhiro Tsujikawa brought this change]
HTTP/2: Move :authority before non-pseudo header fields
- http2: show the received header for better debugging
- openssl: replace call to OPENSSL_config
OPENSSL_config() is "strongly recommended" to use but unfortunately that
function makes an exit() call on wrongly formatted config files which
makes it hard to use in some situations. OPENSSL_config() itself calls
CONF_modules_load_file() and we use that instead and we ignore its
return code!
Reported-by: Jan Ehrhardt
Bug: http://curl.haxx.se/bug/view.cgi?id=1401
Dan Fandrich (7 Aug 2014)
- [Fabian Keil brought this change]
runtests.pl: Pad test case numbers with up to three zeroes
Test case numbers with four digits have been available for a
while now.
Steve Holme (7 Aug 2014)
- docs: Added Negotiate to the SSPI current credentials usage description
- TODO: HTTP Digest via Windows SSPI
- TODO: FTP GSSAPI via Windows SSPI
- http_negotiate_sspi: Fixed specific username and password not working
Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
Reported-by: Leonardo Rosati
- http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8
If the server rejects our authentication attempt and curl hasn't
called CompleteAuthToken() then the status variable will be
SEC_I_CONTINUE_NEEDED and not SEC_E_OK.
As such the existing detection mechanism for determining whether or not
the authentication process has finished is not sufficient.
However, the WWW-Authenticate: Negotiate header line will not contain
any data when the server has exhausted the negotiation, so we can use
that coupled with the already allocated context pointer.
Daniel Stenberg (5 Aug 2014)
- RELEASE-NOTES: synced with 5b37db44a3eb
Dan Fandrich (5 Aug 2014)
- parsedate.c: fix the return code for an overflow edge condition
Daniel Stenberg (5 Aug 2014)
- [Toby Peterson brought this change]
darwinssl: don't use strtok()
The GetDarwinVersionNumber() function uses strtok, which is not
thread-safe.
- Curl_ossl_version: adapted to detect BoringSSL
This seems to be the way it should work. Right now we can't build with
BoringSSL and try this out properly due to a minor API breakage.
- Curl_ossl_version: detect and show libressl
LibreSSL is otherwise OpenSSL API compliant (so far)
- [Tatsuhiro Tsujikawa brought this change]
HTTP/2: Fix infinite loop in readwrite_data()
To prevent infinite loop in readwrite_data() function when stream is
reset before any response body comes, reset closed flag to false once
it is evaluated to true.
Dan Fandrich (3 Aug 2014)
- gtls: only define Curl_gtls_seed if Nettle is not being used
- ssl: provide Curl_ssl_backend even if no SSL library is available
Daniel Stenberg (2 Aug 2014)
- [Tatsuhiro Tsujikawa brought this change]
HTTP2: Support expect: 100-continue
"Expect: 100-continue", which was once deprecated in HTTP/2, is now
resurrected in HTTP/2 draft 14. This change adds its support to
HTTP/2 code. This change also includes stricter header field
checking.
- CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it
- FEATURES: minor update
- openssl: make ossl_send return CURLE_OK better
Previously it only returned a CURLcode for errors, which is when it
returns a different size than what was passed in to it.
The http2 code only checked the curlcode and thus failed.
- RELEASE-NOTES: synced with 7bb4c8cadb5d0
- [Michael Wallner brought this change]
CURLOPT_HEADEROPT.3: typo: do -> to
- [Marcel Raad brought this change]
schannel: use CryptGenRandom for random numbers
This function is available for every Windows version since Windows 95/NT.
reference:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx
- curl_version_info.3: 'ssl_version_num' is always 0
... and has been so since 2005
- ssl: generalize how the ssl backend identifier is set
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.
Dan Fandrich (31 Jul 2014)
- axtls: define curlssl_random using axTLS's PRNG
- cyassl: fix the test for ASN_NO_SIGNER_E
It's an enum so a macro test won't work. The CyaSSL changelog doesn't
say exactly when this error code was introduced, but it's likely
to be 2.7.0.
- cyassl: use RNG_GenerateBlock to generate a good random number
- opts: fixed some typos
- smtp: fixed a segfault during test 1320 torture test
Under these circumstances, the connection hasn't been fully established
and smtp_connect hasn't been called, yet smtp_done still calls the state
machine which dereferences the NULL conn pointer in struct pingpong.
Daniel Stenberg (30 Jul 2014)
- vtls: repair build without TLS support
... by defining Curl_ssl_random() properly
- polarssl: provide a (weak) random function
This now provides a weak random function since PolarSSL doesn't have a
quick and easy way to provide a good one. It does however provide the
framework to make one so it _can_ and _should_ be done...
- [Michael Wallner brought this change]
curl_tlsinfo -> curl_tlssessioninfo
- cyassl: use the default (weeker) random
I couldn't find any dedicated function in its API to get a "good" random
with.
- cyassl: made it compile with version 2.0.6 again
ASN_NO_SIGNER_E didn't exist back then!
- vtls: make the random function mandatory in the TLS backend
To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.
This commit makes sure it works for darwinssl, gnutls, nss and openssl.
- libcurl.m4: include the standard source header
... with permission from David Shaw
Kamil Dudka (28 Jul 2014)
- nss: do not check the version of NSS at run time
The minimal required version of NSS is 3.14.x so it does not make sense
to check for NSS 3.12.0+ at run time.
Daniel Stenberg (28 Jul 2014)
- [Anthon Pang brought this change]
curl.h: bring back CURLE_OBSOLETE16
Removing defines, even obsolete ones that haven't been used for a very
long time, still break a lot of applications.
Bug: https://github.com/bagder/curl/pull/106
Dan Fandrich (26 Jul 2014)
- [Fabian Keil brought this change]
tests: Fix a couple of incomplete response lines
- [Fabian Keil brought this change]
runtests.pl: Remove filteroff() which hasn't been used since 2001
- [Fabian Keil brought this change]
runtests.pl: Don't expect $TESTDIR/DISABLED to exist
If a non-standard $TESTDIR is used the file may not be necessary.
Previously a "missing" file resulted in the warning:
readline() on closed filehandle D at ./runtests.pl line 4940.
- [Fabian Keil brought this change]
getpart.pm: Fix a comment typo
Daniel Stenberg (25 Jul 2014)
- c-ares: fix build without IPv6 support
Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html
Reported-by: Spork Schivago
- Curl_base64url_encode: unit-tested in 1302
- base64: added Curl_base64url_encode()
This is now used by the http2 code. It has two different symbols at the
end of the base64 table to make the output "url safe".
Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62
- [Marcel Raad brought this change]
SSPI Negotiate: Fix 3 memory leaks
Curl_base64_decode allocates the output string by itself and two other
strings were not freed either.
- symbols: CURL_VERSION_GSSNEGOTIATE is deprecated
- test1013.pl: GSS-Negotiate doesn't exist as a feature anymore
- [Sergey Nikulov brought this change]
libtest: fixed duplicated line in Makefile
Bug: https://github.com/bagder/curl/pull/105
Patrick Monnerat (23 Jul 2014)
- GSSAPI: remove useless *_MECHANISM defines.
Daniel Stenberg (23 Jul 2014)
- findprotocol: show unsupported protocol within quotes
... to aid when for example prefixed with a space or other weird
character.
Patrick Monnerat (23 Jul 2014)
- GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date.
Daniel Stenberg (23 Jul 2014)
- [Marcel Raad brought this change]
conncache: fix compiler warning
warning C4267: '=' : conversion from 'size_t' to 'long', possible loss
of data
The member connection_id of struct connectdata is a long (always a
32-bit signed integer on Visual C++) and the member next_connection_id
of struct conncache is a size_t, so one of them should be changed to
match the other.
This patch the size_t in struct conncache to long (the less invasive
change as that variable is only ever used in a single code line).
Bug: http://curl.haxx.se/bug/view.cgi?id=1399
- RELEASE-NOTES: synced with 81cd24adb8b
- http2: more and better error checking
1 - fixes the warnings when built without http2 support
2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.
Dan Fandrich (23 Jul 2014)
- cyassl.c: return the correct error code on no CA cert
CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
is requested.
Daniel Stenberg (23 Jul 2014)
- symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0
- test1013.pl: remove SPNEGO/GSS-API tweaks
No longer necessary after Michael Osipov's rework
- http_negotiate: remove unused variable
- [Michael Osipov brought this change]
docs: Improve inline GSS-API naming in code documentation
- [Michael Osipov brought this change]
curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
- CURL_VERSION_GSSNEGOTIATE is deprecated which
is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
CURUL_VERSION_SPNEGO now.
- Remove display of feature 'GSS-Negotiate'
- [Michael Osipov brought this change]
configure/features: Add feature and version info for GSS-API and SPNEGO
- [Michael Osipov brought this change]
HTTP: Remove checkprefix("GSS-Negotiate")
That auth mech has never existed neither on MS nor on Unix side.
There is only Negotiate over SPNEGO.
- [Michael Osipov brought this change]
curl_gssapi: Add macros for common mechs and pass them appropriately
Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from
HTTP, FTP and SOCKS on Unix
- CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design
This reverts commit cb3e6dfa3511 and instead fixes the problem
differently.
The reverted commit addressed a test failure in test 1021 by simplifying
and generalizing the code flow in a way that damaged the
performance. Now we modify the flow so that Curl_proxyCONNECT() again
does as much as possible in one go, yet still do test 1021 with and
without valgrind. It failed due to mistakes in the multi state machine.
Bug: http://curl.haxx.se/bug/view.cgi?id=1397
Reported-by: Paul Saab
- [Marcel Raad brought this change]
url.c: use the preferred symbol name: *READDATA
with CURL_NO_OLDIES defined, it doesn't compile because this deprecated
symbol (*INFILE) is used
Bug: http://curl.haxx.se/bug/view.cgi?id=1398
Dan Fandrich (19 Jul 2014)
- [Alessandro Ghedini brought this change]
CURLOPT_CHUNK_BGN_FUNCTION: fix typo
Kamil Dudka (18 Jul 2014)
- [Alessandro Ghedini brought this change]
build: link curl to NSS libraries when NSS support is enabled
This fixes a build failure on Debian caused by commit
24c3cdce88f39731506c287cb276e8bf4a1ce393.
Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
Steve Holme (17 Jul 2014)
- build: Removed unnecessary XML Documentation file directive from VC8 to VC12
The curl tool project files for VC8 to VC12 would set this setting to
$(IntDir) which is the Visual Studio default value. To avoid confusion
when viewing settings from within Visual Studio and for consistency
with the libcurl project files removed this setting.
Conflicts:
projects/Windows/VC10/src/curlsrc.tmpl
projects/Windows/VC11/src/curlsrc.tmpl
projects/Windows/VC12/src/curlsrc.tmpl
projects/Windows/VC8/src/curlsrc.tmpl
projects/Windows/VC9/src/curlsrc.tmpl
- build: Removed unnecessary Precompiled Header file directive in VC7 to VC12
The curl tool project files for VC7 to VC12 would set this settings to
$(IntDir)$(TargetName).pch which is the Visual Studio default value. To
avoid confusion when viewing settings from within Visual Studio and for
consistency with the libcurl project files removed this setting.
Conflicts:
projects/Windows/VC10/src/curlsrc.tmpl
projects/Windows/VC11/src/curlsrc.tmpl
projects/Windows/VC12/src/curlsrc.tmpl
projects/Windows/VC8/src/curlsrc.tmpl
projects/Windows/VC9/src/curlsrc.tmpl
- build: Removed unnecessary ASM and Object file directives in VC7 to VC12
The curl tool project files for VC7 to VC12 would set these settings to
$(IntDir) which is the Visual Studio default value. To avoid confusion
when viewing settings from within Visual Studio and for consistency
with the libcurl project files removed these two settings.
Daniel Stenberg (17 Jul 2014)
- [Dave Reisner brought this change]
src/Makefile.am: add .DELETE_ON_ERROR
This prevents targets like tool_hugehelp.c from leaving around
half-constructed files if the rule fails with GNU make.
Reported-by: Rafaël Carré <funman@videolan.org>
- THANKS: added new contributors from 7.37.1 announcement
Dan Fandrich (17 Jul 2014)
- testcurl.pl: log the value of --runtestopts in the test header
Daniel Stenberg (16 Jul 2014)
- RELEASE-NOTES: cleared, working towards next release
- curl_gssapi.c: make line shorter than 80 columns
- [David Woodhouse brought this change]
Fix negotiate auth to proxies to track correct state
- [David Woodhouse brought this change]
Don't abort Negotiate auth when the server has a response for us
It's wrong to assume that we can send a single SPNEGO packet which will
complete the authentication. It's a *negotiation* — the clue is in the
name. So make sure we handle responses from the server.
Curl_input_negotiate() will already handle bailing out if it thinks the
state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
talking to us, so we should avoid endless loops that way.
- [David Woodhouse brought this change]
Don't clear GSSAPI state between each exchange in the negotiation
GSSAPI doesn't work very well if we forget everything ever time.
XX: Is Curl_http_done() the right place to do the final cleanup?
- [David Woodhouse brought this change]
Use SPNEGO for HTTP Negotiate
This is the correct way to do SPNEGO. Just ask for it
Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket
isn't available. Of course, we bail out when the server responds with the
challenge packet, since we don't expect that. But I'll fix that bug next...
- [David Woodhouse brought this change]
Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.
A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.
But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).
Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.
So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".
You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.
The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Workâ„¢.
That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
- [David Woodhouse brought this change]
ntlm_wb: Avoid invoking ntlm_auth helper with empty username
- [David Woodhouse brought this change]
ntlm_wb: Fix hard-coded limit on NTLM auth packet size
Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit
a hard limit once let's just make it cope by reallocating as necessary.
Version 7.37.1 (16 Jul 2014)
Daniel Stenberg (16 Jul 2014)
- RELEASE-NOTES: synced with 4cb2521595
- test506: verify aa6884845168
After the fixed cookie lock deadlock, this test now passes and it
detects double-locking and double-unlocking of mutexes.
- [Yousuke Kimoto brought this change]
cookie: avoid mutex deadlock
... by removing the extra mutex locks around th call to
Curl_flush_cookies() which takes care of the locking itself already.
Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html
- gnutls: fix compiler warning
conversion to 'int' from 'long int' may alter its value
Dan Fandrich (15 Jul 2014)
- test320: strip off the actual negotiated cipher width
It's irrelevant to the test, and will change depending on which SSL
library is being used by libcurl.
- gnutls: detect lack of SRP support in GnuTLS at run-time and try without
Reported-by: David Woodhouse
Daniel Stenberg (14 Jul 2014)
- [Michał Górny brought this change]
configure: respect host tool prefix for krb5-config
Use ${host_alias}-krb5-config if available. This improves cross-
compilation support and fixes multilib on Gentoo (at least).
- [David Woodhouse brought this change]
gnutls: handle IP address in cert name check
Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function
didn't actually check IP addresses in SubjectAltName, even though it was
explicitly documented as doing so. So do it ourselves...
Dan Fandrich (14 Jul 2014)
- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r
Daniel Stenberg (14 Jul 2014)
- RELEASE-NOTES: next one is called 7.37.1
Dan Fandrich (13 Jul 2014)
- gnutls: improved error message if setting cipher list fails
Reported-by: David Woodhouse
- netrc: fixed thread safety problem by using getpwuid_r if available
The old way using getpwuid could cause problems in programs that enable
reading from netrc files simultaneously in multiple threads.
Reported-by: David Woodhouse
- RELEASE-NOTES: add the reporter of the previous bug fix
- netrc: treat failure to find home dir same as missing netrc file
This previously caused a fatal error (with a confusing error code, at
that).
Reported by: Glen A Johnson Jr.
Steve Holme (12 Jul 2014)
- RELEASE-NOTES: Synced with aaaf9e50ec
- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions
Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html
Reported-by: David Woodhouse
- build: Fixed overridden compiler PDB settings in VC7 to VC12
The curl tool project files for VC7 to VC12 would override the default
setting with the output filename being the same as the linker PDB file.
As such the compiler file would be overwritten with the linker file
for all debug builds.
To avoid this overwrite and for consistency with the libcurl project
files, removed the setting to force the default filename to be used.
Dan Fandrich (12 Jul 2014)
- tests: added globbing keyword to URL globbing tests
- Fixed some "statement not reached" warnings
- gnutls: fixed a couple of uninitialized variable references
- gnutls: fixed compilation against versions < 2.12.0
The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but
the code path in which they're referenced here is only ever used for
somewhat older GnuTLS versions. This caused undeclared identifier errors
when compiling against those.
- gnutls: explicitly added SRP to the priority string
This seems to have become necessary for SRP support to work starting
with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS
before the function that takes this priority string, there should be no
issue with backward compatibility.
- tests: adjust for capitalization differences in newer gnutls-serv
- test320/1/2/4: fix the port number substitution variables
These tests have been broken since commit 1958fe57 in Oct. 2011
- tests: document more test identifiers and variables
- gnutls: ignore invalid certificate dates with VERIFYPEER disabled
This makes the behaviour consistent with what happens if a date can
be extracted from the certificate but is expired.
Steve Holme (10 Jul 2014)
- CURLOPT_UPLOAD: Corrected argument type
Daniel Stenberg (9 Jul 2014)
- FAQ: expand the thread-safe section
... with a mention of *NOSIGNAL, based on talk in bug #1386
Dan Fandrich (9 Jul 2014)
- url.c: Fixed memory leak on OOM
This showed itself on some systems with torture failures
in tests 1060 and 1061
- Update instances of some obsolete CURLOPTs to their new names
Daniel Stenberg (5 Jul 2014)
- [Marcel Raad brought this change]
compiler warnings: potentially uninitialized variables
... pointed out by MSVC2013
Bug: http://curl.haxx.se/bug/view.cgi?id=1391
Kamil Dudka (4 Jul 2014)
- nss: make the list of CRL items global
Otherwise NSS could use an already freed item for another connection.
- nss: fix a memory leak when CURLOPT_CRLFILE is used
- nss: make crl_der allocated on heap
... and spell it as crl_der instead of crlDER
- nss: let nss_{cache,load}_crl return CURLcode
- tool: oops, forgot to include <plarenas.h>
... that contains the declaration of PL_ArenaFinish()
- tool: call PL_ArenaFinish() on exit if NSPR is used
This prevents valgrind from reporting still reachable memory allocated
by NSPR arenas (mainly the freelist).
Reported-by: Hubert Kario
Daniel Stenberg (3 Jul 2014)
- [Dimitrios Siganos brought this change]
example: use correct type (long) for CURLOPT_FOLLOWLOCATION
- [Dimitrios Siganos brought this change]
Document type of argument for CURLOPT_FOLLOWLOCATION.
- [Dimitrios Siganos brought this change]
Document type of argument for CURLOPT_ERRORBUFFER.
- [Dimitrios Siganos brought this change]
Document type of argument for CURLOPT_COPYPOSTFIELDS.
- [Dimitrios Siganos brought this change]
Document type of argument for CURLOPT_ADDRESS_SCOPE.
- curl.1: minor language fix
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html
- [Ray Satiro brought this change]
progress callback: skip last callback update on errors
When an error has been detected, skip the final forced call to the
progress callback by making sure to pass the current return code
variable in the Curl_done() call in the CURLM_STATE_DONE state.
This avoids the "extra" callback that could occur even if you returned
error from the progress callback.
Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html
Reported by: Jonathan Cardoso Machado
Dan Fandrich (2 Jul 2014)
- opts: fixed some CURLOPT references so they get turned into links
Kamil Dudka (2 Jul 2014)
- tool: call PR_Cleanup() on exit if NSPR is used
This prevents valgrind from reporting possibly lost memory that NSPR
uses for file descriptor cache and other globally allocated internal
data structures.
- nss: make the fallback to SSLv3 work again
This feature was unintentionally disabled by commit ff92fcfb.
- nss: do not abort on connection failure
... due to calling SSL_VersionRangeGet() with NULL file descriptor
reported-by: upstream tests 305 and 404
Dan Fandrich (1 Jul 2014)
- opts: Document the socket callback function parameters
Steve Holme (28 Jun 2014)
- opts: Fixed some typos
Dan Fandrich (25 Jun 2014)
- curl_easy_setopt.3: fixed the error code for an unsupported option
- opts: added some DEFAULT and RETURN VALUE sections
Daniel Stenberg (21 Jun 2014)
- libcurl docs: man page edits
mainly to improve how the web versions render
Dan Fandrich (21 Jun 2014)
- curl_easy_setopt.3: fixed some typos
Daniel Stenberg (21 Jun 2014)
- lib man pages: update easy setopt option references
... by using the "\fIopt(3)\fP" syntax they will be linked properly when
the web version of the page is generated.
- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default
- [Colin Hogben brought this change]
lib: documentation updates in README.hostip
c-ares now does support IPv6;
avoid implying threaded resolver is Windows-only;
two referenced source files were renamed in 7de2f92
- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception
... to the always-copy-char *-argument.
And fix some minor mistakes.
- curl_easy_setopt.3: refer to the individual man pages
With all the new individual option man pages created, this now refers to
each separate one instead of duplicaing the info. Also makes this page
easier to overview.
Dan Fandrich (21 Jun 2014)
- opts: fixed mancheck for out-of-tree builds
Daniel Stenberg (21 Jun 2014)
- curl_easy_setopt.3: shorten
shorten descriptions, mostly refer to the separate descriptions
- CURLOPT_DNS_LOCAL_IP4.3: better short desc
Dan Fandrich (20 Jun 2014)
- opts: document CURLE_OUT_OF_MEMORY among other return values
- opts: fixed some typos
Daniel Stenberg (20 Jun 2014)
- opts: various corrections
- opts: add the rest of the options
... and fixed mancheck to ignore obsolete options
- opts: the final bunch of options as man pages
Now all current options have their own man pages.
- opts: 37 additional man pages
- CURLOPT_URL: move up the text from "Notes"
- ROADMAP: removed, now ROADMAP.md
- ROADMAP.md: make it markdown formatted
- ROADMAP: initial commit of "curl the next few years"
To be further discussed, debated and edited
- opts: more man pages
- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T'
- opts: makefile now includes all current man pages
- opts: 11 more man pages
Dan Fandrich (18 Jun 2014)
- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE
- opts: fixed a couple of typos
Patrick Monnerat (18 Jun 2014)
- OS400: make it compilable again. Make RPG binding up to date.
- buildconf: do not search tools in current directory.
Dan Fandrich (18 Jun 2014)
- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx
This is consistent with the existing obsolete error code naming
convention.
Daniel Stenberg (18 Jun 2014)
- opts: 16 more man pages
Reference in a new issue View git blame Copy permalink