Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

Daniel Gustafsson
cleanup: fix typo in comment
Daniel Stenberg
win32: make DLL loading a no-op for UWP
Reported-by: Michael Brehm
Fixes #4060
Closes #4072
Gergely Nagy
lib: Use UTF-8 encoding in comments
Some editors and IDEs assume that source files use UTF-8 file encodings.
It also fixes the build with MSVC when /utf-8 command line option is
used (this option is mandatory for some other open-source projects, this
is useful when using the same options is desired for building all
libraries of a project).

Closes https://github.com/curl/curl/pull/4087
Daniel Stenberg
openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
... since that needs UI_OpenSSL() which isn't provided when OpenSSL is
built with OPENSSL_NO_UI_CONSOLE which happens when OpenSSL is built for
UWP (with "VC-WIN32-UWP").

Reported-by: Vasily Lobaskin
Fixes #4073
Closes #4077
Daniel Gustafsson
http: clarify header buffer size calculation
The header buffer size calculation can from static analysis seem to
overlow as it performs an addition between two size_t variables and
stores the result in a size_t variable. Overflow is however guarded
against elsewhere since the input to the addition is regulated by
the maximum read buffer size. Clarify this with a comment since the
question was asked.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Juergen Hoetzel
smb: Use the correct error code for access denied on file open
- Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open.

Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead.

Closes https://github.com/curl/curl/pull/4095
Daniel Gustafsson
CMake: fix typos and spelling
Kyle Edwards
CMake: Convert errant elseif() to else()
CMake interprets an elseif() with no arguments as elseif(FALSE),
resulting in the elseif() block not being executed. That is not what
was intended here. Change the empty elseif() to an else() as it was

Closes #4101
Reported-by: Artalus <artalus-mail@yandex.ru>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Daniel Stenberg
curl: only accept COLUMNS less than 10000
... as larger values would rather indicate something silly (and could
potentially cause buffer problems).

Reported-by: pendrek at hackerone
Closes #4114
configure: fix typo '--disable-http-uath'
Closes #4076
Niklas Hambüchen
docs: fix string suggesting HTTP/2 is not the default
Commit 25fd1057c9c86e3 made HTTP2 the default, and further down in the
man page that new default is mentioned, but the section at the top
contradicted it until now.

Also remove claim that setting the HTTP version is not sensible.

Closes #4075
Daniel Gustafsson
buildconf: fix header filename
The header file inclusion had a typo, it should be .h and not .hd.
Fix by renaming.

Fixes #4102
Reported-by: AceCrow on Github
Daniel Stenberg
Daniel Stenberg
test1521: adapt to SLISTPOINT
The header now has the slist-using options marked as SLISTPOINT so this
makes sure test 1521 understands that.

Follow-up to ae99b4de1c443ae989

Closes #4074
Daniel Stenberg
doh-url.d: added in 7.62.0
Peter Simonyi
http: allow overriding timecond with custom header
With CURLOPT_TIMECONDITION set, a header is automatically added (e.g.
If-Modified-Since).  Allow this to be replaced or suppressed with

Fixes #4103
Closes #4109
Daniel Stenberg
test1173: detect some basic man page format mistakes
Triggered by PR #4111

Closes #4113
openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
Closes #4100
Linos Giannopoulos
libcurl: Add testcase for gopher redirects
The testcase ensures that redirects to CURLPROTO_GOPHER won't be
allowed, by default, in the future. Also, curl is being used
for convenience while keeping the testcases DRY.

The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is
redirected to CURLPROTO_GOPHER

Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
Daniel Gustafsson
nss: don't set unused parameter
The value of the maxPTDs parameter to PR_Init() has since at least
NSPR 2.1, which was released sometime in 1998, been marked ignored
as is accordingly not used in the initialization code.  Setting it
to a value when calling PR_Init() is thus benign, but indicates an
intent which may be misleading. Reset the value to zero to improve

Closes https://github.com/curl/curl/pull/4054
Daniel Stenberg
test1173: make it also check all libcurl option man pages
... and adjust those that cause errors

Closes #4116
Linos Giannopoulos
libcurl: Restrict redirect schemes
All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS
counterpart were allowed for redirect. This vastly broadens the
exploitation surface in case of a vulnerability such as SSRF [1], where
libcurl-based clients are forced to make requests to arbitrary hosts.

For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based
protocol by URL-encoding a payload in the URI. Gopher will open a TCP
connection and send the payload.

Only HTTP/HTTPS and FTP are allowed. All other protocols have to be
explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS.

[1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/

Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>

Closes #4094
Jan Chren
configure: fix --disable-code-coverage
This fixes the case when --disable-code-coverage supplied to ./configure
would result in coverage="yes" being set.

Closes #4099
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Shankar Jadhavar
winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG
- Made changes so that ENABLE_OPENSSL_AUTO_LOAD_CONFIG will be honored.

- Also removed some ^M chars from file.

Prior to this change while building on Windows platform even if we pass
the ENABLE_OPENSSL_AUTO_LOAD_CONFIG option with value as "no" it does

Closes https://github.com/curl/curl/pull/4086
Daniel Stenberg
KNOWN_BUGS: Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname
Closes #3284
Bjarni Ingi Gislason
docs: Fix missing lines caused by undefined macros
- Escape apostrophes at line start.

Some lines begin with a "'" (apostrophe, single quote), which is then
interpreted as a control character in *roff.

Such lines are interpreted as being a call to a macro, and if
undefined, the lines are removed from the output.

Bug: https://bugs.debian.org/926352
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>

Submitted-by: Alessandro Ghedini

Closes https://github.com/curl/curl/pull/4111
curl_multi_wait.3: escape backslash in example
The backslash in the character Line Feed must be escaped.

The current man-page outputs the code as following:

fprintf(stderr, "curl_multi failed, code %d.0, mc);

The commit fixes it as follow:

fprintf(stderr, "curl_multi failed, code %d\n", mc);

Closes #4079
Jay Satiro
docs: Fix links to OpenSSL docs
OpenSSL changed their manual locations and does not redirect to the new

Bug: https://curl.haxx.se/mail/lib-2019-06/0056.html
Reported-by: Daniel Stenberg
Stephan Szabo
tests: update fixed IP for hostip/clientip split
These tests give differences for me on linux when using a hostip
pointing to the external ip address for the local machine.

Closes #4070
Daniel Stenberg
dist: add manpage-syntax.pl
follow-up to 7fb66c403
Gisle Vanem
system_win32: fix clang warning
- Declare variable in header as extern.

Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597
Daniel Stenberg
http2: call done_sending on end of upload
To make sure a HTTP/2 stream registers the end of stream.

Bug #4043 made me find this problem but this fix doesn't correct the
reported issue.

Closes #4068
Daniel Gustafsson
nss: support using libnss on macOS
The file suffix for dynamically loadable objects on macOS is .dylib,
which need to be added for the module definitions in order to get the
NSS TLS backend to work properly on macOS.

Closes https://github.com/curl/curl/pull/4046
Caleb Raitto
Fix an issue where example builds a curl_slist, but fails to actually
use it, or free it.

Closes https://github.com/curl/curl/pull/4090
Daniel Gustafsson
nss: only cache valid CRL entries
Change the logic around such that we only keep CRLs that NSS actually
ended up caching around for later deletion.  If CERT_CacheCRL() fails
then there is little point in delaying the freeing of the CRL as it
is not used.

Closes https://github.com/curl/curl/pull/4053
Daniel Stenberg
KNOWN_BUGS: Don't clear digest for single realm
Closes #3267
Daniel Gustafsson
headers: Remove no longer exported functions
There were a leftover few prototypes of Curl_ functions that we used to
export but no longer do, this removes those prototypes and cleans up any
comments still referring to them.

Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free()
Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn()
were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c.
Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3.

For the remainder, I didn't trawl the Git logs hard enough to capture
their exact time of deletion, but they were all gone: Curl_splayprint(),
Curl_http2_send_request(), Curl_global_host_cache_dtor(),
Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(),
Curl_http_auth_stage() and Curl_close_connections().

Closes #4096
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Daniel Gustafsson
Daniel Gustafsson
DEPRECATE: fixup versions and spelling
Correctly set the July 17 version to 7.65.2, and update spelling to
be consistent. Also fix a typo.

Closes https://github.com/curl/curl/pull/4107
Daniel Stenberg
libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults
follow-up to 6080ea098