platform/upstream/curl.git
11 years agoRELEASE-NOTES: synced with acf59be7f09a7
Steve Holme [Mon, 26 Aug 2013 22:27:07 +0000 (23:27 +0100)]
RELEASE-NOTES: synced with acf59be7f09a7

11 years agocurl: added --bearer option to help
Kyle L. Huff [Sun, 25 Aug 2013 17:19:46 +0000 (13:19 -0400)]
curl: added --bearer option to help

Added the --bearer option to the help output

11 years agocurl: added basic SASL XOAUTH2 support
Kyle L. Huff [Sun, 25 Aug 2013 17:18:59 +0000 (13:18 -0400)]
curl: added basic SASL XOAUTH2 support

Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
--bearer option.

Example usage:
  curl --url "imaps://imap.gmail.com:993/INBOX/;UID=1" --ssl-reqd
  --bearer ya29.AHES6Z...OMfsHYI --user username@example.com

11 years agotool_urlglob.c: Fixed compiler warnings
Steve Holme [Mon, 26 Aug 2013 10:41:35 +0000 (11:41 +0100)]
tool_urlglob.c: Fixed compiler warnings

warning: 'variable' may be used uninitialized in this function

11 years agosecurity.h: rename to curl_sec.h to avoid name collision
Daniel Stenberg [Mon, 26 Aug 2013 09:51:18 +0000 (11:51 +0200)]
security.h: rename to curl_sec.h to avoid name collision

I brought back security.h in commit bb5529331334e. As we actually
already found out back in 2005 in commit 62970da675249, the file name
security.h causes problems so I renamed it curl_sec.h instead.

11 years agoruntests.pl: allow -vc point to a separate curl binary to verify with
Daniel Stenberg [Mon, 26 Aug 2013 07:17:55 +0000 (09:17 +0200)]
runtests.pl: allow -vc point to a separate curl binary to verify with

The specified curl binary will then be used to verify the running
server(s) instead of the development version. This is very useful in
some cases when the development version fails to verify correctly as
then the test case may not run at all.

The actual test will still be run with the "normal" curl executable
(unless the test case specifies something differently).

11 years agosmtp: added basic SASL XOAUTH2 support
Kyle L. Huff [Sun, 25 Aug 2013 17:17:58 +0000 (13:17 -0400)]
smtp: added basic SASL XOAUTH2 support

Added the ability to use an XOAUTH2 bearer token [RFC6750] with SMTP for
authentication using RFC6749 "OAuth 2.0 Authorization Framework".

The bearer token is expected to be valid for the user specified in
conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
an advertised auth mechanism of "XOAUTH2", the user and access token are
formatted as a base64 encoded string and sent to the server as
"AUTH XOAUTH2 <bearer token>".

11 years agoimap: added basic SASL XOAUTH2 support
Kyle L. Huff [Sun, 25 Aug 2013 17:17:35 +0000 (13:17 -0400)]
imap: added basic SASL XOAUTH2 support

Added the ability to use an XOAUTH2 bearer token [RFC6750] with IMAP for
authentication using RFC6749 "OAuth 2.0 Authorization Framework".

The bearer token is expected to be valid for the user specified in
conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has
an advertised auth mechanism of "XOAUTH2", the user and access token are
formatted as a base64 encoded string and sent to the server as
"A001 AUTHENTICATE XOAUTH2 <bearer token>".

11 years agosecurity.h: Fixed compilation warning
Steve Holme [Mon, 26 Aug 2013 09:14:16 +0000 (10:14 +0100)]
security.h: Fixed compilation warning

ISO C forbids forward references to 'enum' types

11 years agoKNOWN_BUGS: refer to bug numbers with the existing number series
Daniel Stenberg [Sun, 25 Aug 2013 22:29:33 +0000 (00:29 +0200)]
KNOWN_BUGS: refer to bug numbers with the existing number series

The old numbers would still redirect but who knows for how long...

11 years agooptions: added basic SASL XOAUTH2 support
Kyle L. Huff [Sun, 25 Aug 2013 17:17:20 +0000 (13:17 -0400)]
options: added basic SASL XOAUTH2 support

Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth
2.0 Authorization Framework".

11 years agosasl: added basic SASL XOAUTH2 support
Kyle L. Huff [Sun, 25 Aug 2013 17:17:01 +0000 (13:17 -0400)]
sasl: added basic SASL XOAUTH2 support

Added the ability to generated a base64 encoded XOAUTH2 token
containing: "user=<username>^Aauth=Bearer <bearer token>^A^A"
as per RFC6749 "OAuth 2.0 Authorization Framework".

11 years agoFTP: remove krb4 support
Daniel Stenberg [Fri, 23 Aug 2013 14:16:42 +0000 (16:16 +0200)]
FTP: remove krb4 support

We've announced this pending removal for a long time and we've
repeatedly asked if anyone would care or if anyone objects. Nobody has
objected. It has probably not even been working for a good while since
nobody has tested/used this code recently.

The stuff in krb4.h that was generic enough to be used by other sources
is now present in security.h

11 years agoeasy: define away easy_events() for non-debug builds
Daniel Stenberg [Sun, 25 Aug 2013 17:10:02 +0000 (19:10 +0200)]
easy: define away easy_events() for non-debug builds

11 years agoFAQ: editorial updates
Daniel Stenberg [Sat, 24 Aug 2013 15:13:46 +0000 (17:13 +0200)]
FAQ: editorial updates

Several language fixes. Several reformats that should make the HTML
generation of this document look better.

Reported-by: Dave Thompson
11 years agoRELEASE-NOTES: synced with 22adb46a32bee
Daniel Stenberg [Fri, 23 Aug 2013 13:39:03 +0000 (15:39 +0200)]
RELEASE-NOTES: synced with 22adb46a32bee

11 years agomulti: move on from STATE_DONE faster
Daniel Stenberg [Wed, 21 Aug 2013 21:08:38 +0000 (23:08 +0200)]
multi: move on from STATE_DONE faster

Make sure we always return CURLM_CALL_MULTI_PERFORM when we reach
CURLM_STATE_DONE since the state is transient and it can very well
continue executing as there is nothing to wait for.

Bug: http://curl.haxx.se/mail/lib-2013-08/0211.html
Reported-by: Yi Huang
11 years agocurl.h: name space pollution by "enum type"
Daniel Stenberg [Wed, 21 Aug 2013 20:46:10 +0000 (22:46 +0200)]
curl.h: name space pollution by "enum type"

Renamed to "enum curl_khtype" now. Will break compilation for programs
that rely on the enum name.

Bug: https://github.com/bagder/curl/pull/76
Reported-by: Shawn Landden
11 years agoTFTP: make the CURLOPT_LOW_SPEED* options work
Daniel Stenberg [Thu, 22 Aug 2013 20:40:38 +0000 (22:40 +0200)]
TFTP: make the CURLOPT_LOW_SPEED* options work

... this also makes sure that the progess callback gets called more
often during TFTP transfers.

Added test 1238 to verify.

Bug: http://curl.haxx.se/bug/view.cgi?id=1269
Reported-by: Jo3
11 years agotftpd: support "writedelay" within <servercmd>
Daniel Stenberg [Thu, 22 Aug 2013 17:23:08 +0000 (19:23 +0200)]
tftpd: support "writedelay" within <servercmd>

11 years agotftpd: convert 6 global variables into local ones
Daniel Stenberg [Thu, 22 Aug 2013 11:44:37 +0000 (13:44 +0200)]
tftpd: convert 6 global variables into local ones

11 years agocurl_easy_perform_ev: make it CURL_EXTERN
Gisle Vanem [Wed, 21 Aug 2013 20:19:52 +0000 (22:19 +0200)]
curl_easy_perform_ev: make it CURL_EXTERN

I build curl.exe (using MingW) with '-DCURLDEBUG' and by importing from
libcurl.dll.  Which means the new curl_easy_perform_ev() must be
exported from libcurl.dll.

11 years agoCURLM_ADDED_ALREADY: new error code
Daniel Stenberg [Tue, 20 Aug 2013 10:27:50 +0000 (12:27 +0200)]
CURLM_ADDED_ALREADY: new error code

Doing curl_multi_add_handle() on an easy handle that is already added to
a multi handle now returns this error code. It previously returned
CURLM_BAD_EASY_HANDLE for this condition.

11 years agomulti_init: moved init code here from add_handle
Daniel Stenberg [Tue, 20 Aug 2013 12:48:08 +0000 (14:48 +0200)]
multi_init: moved init code here from add_handle

The closure_handle is "owned" by the multi handle and it is
unconditional so the setting up of it should be in the Curl_multi_handle
function rather than curl_multi_add_handle.

11 years agomulti: remove dns cache creation code from *add_handle
Daniel Stenberg [Tue, 20 Aug 2013 11:21:07 +0000 (13:21 +0200)]
multi: remove dns cache creation code from *add_handle

As it is done unconditionally in multi_init() this code will never run!

11 years agocurl_easy_perform_ev: debug/test function
Daniel Stenberg [Sat, 10 Aug 2013 20:55:59 +0000 (22:55 +0200)]
curl_easy_perform_ev: debug/test function

This function is meant to work *exactly* as curl_easy_perform() but will
use the event-based libcurl API internally instead of
curl_multi_perform(). To avoid relying on an actual event-based library
and to not use non-portable functions (like epoll or similar), there's a
rather inefficient emulation layer implemented on top of Curl_poll()
instead.

There's currently some convenience logging done in curl_easy_perform_ev
which helps when tracking down problems. They may be suitable to remove
or change once things seem to be fine enough.

curl has a new --test-event option when built with debug enabled that
then uses curl_easy_perform_ev() instead of curl_easy_perform(). If
built without debug, using --test-event will only output a warning
message.

NOTE: curl_easy_perform_ev() is not part if the public API on purpose.
It is only present in debug builds of libcurl and MUST NOT be considered
stable even then. Use it for libcurl-testing purposes only.

runtests.pl now features an -e command line option that makes it use
--test-event for all curl command line tests. The man page is updated.

11 years agotransfer: the recent sessionhandle change broke CURL_DOES_CONVERSIONS
Gisle Vanem [Tue, 20 Aug 2013 09:42:34 +0000 (11:42 +0200)]
transfer: the recent sessionhandle change broke CURL_DOES_CONVERSIONS

11 years agotest1237: verify 1000+ letter user name + passwords
Daniel Stenberg [Tue, 20 Aug 2013 09:23:31 +0000 (11:23 +0200)]
test1237: verify 1000+ letter user name + passwords

11 years agourl: handle arbitrary-length username and password before '@'
Jonathan Nieder [Mon, 19 Aug 2013 08:36:46 +0000 (01:36 -0700)]
url: handle arbitrary-length username and password before '@'

libcurl quietly truncates usernames, passwords, and options from
before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1)
characters to fit in fixed-size buffers on the stack.  Allocate a
buffer large enough to fit the parsed fields on the fly instead to
support longer passwords.

After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH
left, so stop defining that constant while at it.  The hardcoded max
username and password length constants, on the other hand, are still
used in HTTP proxy credential handling (which this patch doesn't
touch).

Reported-by: Colby Ranger
11 years agourl: handle exceptional cases first in parse_url_login()
Jonathan Nieder [Mon, 19 Aug 2013 08:01:26 +0000 (01:01 -0700)]
url: handle exceptional cases first in parse_url_login()

Instead of nesting "if(success)" blocks and leaving the reader in
suspense about what happens in the !success case, deal with failure
cases early, usually with a simple goto to clean up and return from
the function.

No functional change intended.  The main effect is to decrease the
indentation of this function slightly.

11 years agoCurl_setopt: handle arbitrary-length username and password
Jonathan Nieder [Mon, 19 Aug 2013 07:57:54 +0000 (00:57 -0700)]
Curl_setopt: handle arbitrary-length username and password

libcurl truncates usernames, passwords, and options set with
curl_easy_setopt to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters.
This doesn't affect the return value from curl_easy_setopt(), so from
the caller's point of view, there is no sign anything strange has
happened, except that authentication fails.

For example:

  # Prepare a long (300-char) password.
  s=0123456789; s=$s$s$s$s$s$s$s$s$s$s; s=$s$s$s;
  # Start a server.
  nc -l -p 8888 | tee out & pid=$!
  # Tell curl to pass the password to the server.
  curl --user me:$s http://localhost:8888 & sleep 1; kill $pid
  # Extract the password.
  userpass=$(
awk '/Authorization: Basic/ {print $3}' <out |
tr -d '\r' |
base64 -d
  )
  password=${userpass#me:}
  echo ${#password}

Expected result: 300
Actual result: 255

The fix is simple: allocate appropriately sized buffers on the heap
instead of trying to squeeze the provided values into fixed-size
on-stack buffers.

Bug: http://bugs.debian.org/719856
Reported-by: Colby Ranger
11 years agonetrc: handle longer username and password
Jonathan Nieder [Mon, 19 Aug 2013 07:48:24 +0000 (00:48 -0700)]
netrc: handle longer username and password

libcurl truncates usernames and passwords it reads from .netrc to
LOGINSIZE and PASSWORDSIZE (64) characters without any indication to
the user, to ensure the values returned from Curl_parsenetrc fit in a
caller-provided buffer.

Fix the interface by passing back dynamically allocated buffers
allocated to fit the user's input.  The parser still relies on a
256-character buffer to read each line, though.

So now you can include an ~246-character password in your .netrc,
instead of the previous limit of 63 characters.

Reported-by: Colby Ranger
11 years agourl: allocate username, password, and options on the heap
Jonathan Nieder [Mon, 19 Aug 2013 07:39:05 +0000 (00:39 -0700)]
url: allocate username, password, and options on the heap

This makes it possible to increase the size of the buffers when needed
in later patches.  No functional change yet.

11 years agourl: use goto in create_conn() for exception handling
Jonathan Nieder [Mon, 19 Aug 2013 07:38:08 +0000 (00:38 -0700)]
url: use goto in create_conn() for exception handling

Instead of remembering before each "return" statement which temporary
allocations, if any, need to be freed, take care to set pointers to
NULL when no longer needed and use a goto to a common block to exit
the function and free all temporaries.

No functional change intended.  Currently the only temporary buffer in
this function is "proxy" which is already correctly freed when
appropriate, but there will be more soon.

11 years agosasl: allow arbitrarily long username and password
Jonathan Nieder [Mon, 19 Aug 2013 07:36:53 +0000 (00:36 -0700)]
sasl: allow arbitrarily long username and password

Use appropriately sized buffers on the heap instead of fixed-size
buffers on the stack, to allow for longer usernames and passwords.

Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp.
MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.

11 years agoimap: Fixed response check for SEARCH command
Alex McLellan [Tue, 13 Aug 2013 12:13:20 +0000 (13:13 +0100)]
imap: Fixed response check for SEARCH command

Adding this line allows libcurl to return the server response when
performing a search command via a custom request.

11 years agoglob: error out on range overflow
Daniel Stenberg [Fri, 16 Aug 2013 09:52:59 +0000 (11:52 +0200)]
glob: error out on range overflow

The new multiply() function detects range value overflows. 32bit
machines will overflow on a 32bit boundary while 64bit hosts support
ranges up to the full 64 bit range.

Added test 1236 to verify.

Bug: http://curl.haxx.se/bug/view.cgi?id=1267
Reported-by: Will Dietz
11 years agourlglob: better detect unclosed braces, empty lists and overflows
Daniel Stenberg [Thu, 15 Aug 2013 11:05:25 +0000 (13:05 +0200)]
urlglob: better detect unclosed braces, empty lists and overflows

A rather big overhaul and cleanup.

1 - curl wouldn't properly detect and reject globbing that ended with an
open brace if there were brackets or braces before it. Like "{}{" or
"[0-1]{"

2 - curl wouldn't properly reject empty lists so that "{}{}" would
result in curl getting (nil) strings in the output.

3 - By using strtoul() instead of sscanf() the code will now detected
over and underflows. It now also better parses the step argument to only
accept positive numbers and only step counters that is smaller than the
delta between the maximum and minimum numbers.

4 - By switching to unsigned longs instead of signed ints for the
counters, the max values for []-ranges are now very large (on 64bit
machines).

5 - Bumped the maximum number of globs in a single URL to 100 (from 10)

6 - Simplified the code somewhat and now it stores fixed strings as
single- entry lists. That's also one of the reasons why I did (5) as now
all strings between "globs" will take a slot in the array.

Added test 1234 and 1235 to verify. Updated test 87.

This commit fixes three separate bug reports.

Bug: http://curl.haxx.se/bug/view.cgi?id=1264
Bug: http://curl.haxx.se/bug/view.cgi?id=1265
Bug: http://curl.haxx.se/bug/view.cgi?id=1266
Reported-by: Will Dietz
11 years agoVMS: Add RELEASE-NOTES to vms document
John Malmberg [Mon, 12 Aug 2013 02:24:26 +0000 (21:24 -0500)]
VMS: Add RELEASE-NOTES to vms document

Add the curl release notes to the release note document generated for
VMS packages.

Add the different filenames generated by a daily build to the
cleanup procedures.

11 years agotests 2032, 2033: Don't hardcode port in expected output
Tor Arntsen [Thu, 15 Aug 2013 08:55:44 +0000 (10:55 +0200)]
tests 2032, 2033: Don't hardcode port in expected output

11 years agoftp: convert state names to a global array
Daniel Stenberg [Wed, 14 Aug 2013 20:28:32 +0000 (22:28 +0200)]
ftp: convert state names to a global array

... just to make them easier to print in debug ouputs while debugging.
They are still within #ifdef [debugbuild].

11 years ago--help: fix the --sasl-ir in the help output
Daniel Stenberg [Wed, 14 Aug 2013 20:39:58 +0000 (22:39 +0200)]
--help: fix the --sasl-ir in the help output

11 years agoftp_domore_getsock: when passive mode, the second conn is already there
Daniel Stenberg [Wed, 14 Aug 2013 18:36:03 +0000 (20:36 +0200)]
ftp_domore_getsock: when passive mode, the second conn is already there

This makes the socket callback get called with the proper bitmask as
otherwise the application could be left hanging waiting for reading on
an upload connection!

Bug: http://curl.haxx.se/mail/lib-2013-08/0043.html
Reported-by: Bill Doyle
11 years agocurl: make --no-[option] work properly for several options
Daniel Stenberg [Wed, 14 Aug 2013 09:35:42 +0000 (11:35 +0200)]
curl: make --no-[option] work properly for several options

--create-dirs, --crlf, --socks5-gssapi-nec and --sasl-ir

11 years agonss: make sure that NSS is initialized
Kamil Dudka [Mon, 12 Aug 2013 13:14:35 +0000 (15:14 +0200)]
nss: make sure that NSS is initialized

... prior to calling PK11_GenerateRandom()

11 years agomulti: s/easy/data
Daniel Stenberg [Mon, 12 Aug 2013 11:52:58 +0000 (13:52 +0200)]
multi: s/easy/data

With everything being struct SessionHandle pointers now, this rename
makes multi.c use the library-wide practise of calling that pointer
'data' instead of the previously used 'easy'.

11 years agocleanup: removed one function, made one static
Daniel Stenberg [Mon, 5 Aug 2013 08:58:39 +0000 (10:58 +0200)]
cleanup: removed one function, made one static

Moved Curl_easy_addmulti() from easy.c to multi.c, renamed it to
easy_addmulti and made it static.

Removed Curl_easy_initHandleData() and uses of it since it was emptied
in commit cdda92ab67b47d74a.

11 years agoSessionHandle: the protocol specific pointer is now a void *
Daniel Stenberg [Mon, 5 Aug 2013 08:32:08 +0000 (10:32 +0200)]
SessionHandle: the protocol specific pointer is now a void *

All protocol handler structs are now opaque (void *) in the
SessionHandle struct and moved in the request-specific sub-struct
'SingleRequest'. The intension is to keep the protocol specific
knowledge in their own dedicated source files [protocol].c etc.

There's some "leakage" where this policy is violated, to be addressed at
a later point in time.

11 years agourldata: clean up the use of the protocol specific structs
Daniel Stenberg [Sun, 4 Aug 2013 17:34:16 +0000 (19:34 +0200)]
urldata: clean up the use of the protocol specific structs

1 - always allocate the struct in protocol->setup_connection. Some
protocol handlers had to get this function added.

2 - always free at the end of a request. This is also an attempt to keep
less memory in the handle after it is completed.

11 years agoversion number: bump to 7.32.1 for now
Daniel Stenberg [Mon, 12 Aug 2013 11:16:44 +0000 (13:16 +0200)]
version number: bump to 7.32.1 for now

Start working on the next version and up some counters.

11 years agoTHANKS: added contributors from the 7.32.0 release notes
Daniel Stenberg [Sun, 11 Aug 2013 21:43:32 +0000 (23:43 +0200)]
THANKS: added contributors from the 7.32.0 release notes

11 years agotest1228: add 'HTTP proxy' to the keywords
Fabian Keil [Wed, 5 Jun 2013 09:12:06 +0000 (11:12 +0200)]
test1228: add 'HTTP proxy' to the keywords

11 years agotests: add keywords for a couple of FILE tests
Fabian Keil [Tue, 20 Nov 2012 12:51:25 +0000 (13:51 +0100)]
tests: add keywords for a couple of FILE tests

11 years agotests: add 'FAILURE' keywords to tests 1409 and 1410
Fabian Keil [Tue, 20 Nov 2012 12:50:57 +0000 (13:50 +0100)]
tests: add 'FAILURE' keywords to tests 1409 and 1410

11 years agotests: add keywords for a couple of HTTP tests
Fabian Keil [Mon, 19 Nov 2012 16:54:52 +0000 (17:54 +0100)]
tests: add keywords for a couple of HTTP tests

11 years agotests: add keywords for a couple of FTP tests
Fabian Keil [Mon, 19 Nov 2012 16:32:29 +0000 (17:32 +0100)]
tests: add keywords for a couple of FTP tests

11 years agotest1511: consistently terminate headers with CRLF
Fabian Keil [Sun, 11 Aug 2013 17:55:44 +0000 (19:55 +0200)]
test1511: consistently terminate headers with CRLF

11 years agoDISABLED: shut of test 1512 for now
Daniel Stenberg [Sat, 10 Aug 2013 21:55:10 +0000 (23:55 +0200)]
DISABLED: shut of test 1512 for now

It shows intermittent failures and I haven't been able to track them
down yet. Disable this test for now.

11 years agocurl_multi_add_handle.3: ... that timer callback is for event-based
Daniel Stenberg [Fri, 9 Aug 2013 21:53:51 +0000 (23:53 +0200)]
curl_multi_add_handle.3: ... that timer callback is for event-based

11 years agocomments: remove old and wrong multi/easy interface statements
Daniel Stenberg [Fri, 9 Aug 2013 21:39:09 +0000 (23:39 +0200)]
comments: remove old and wrong multi/easy interface statements

11 years agocurl_multi_add_handle.3: mention the CURLMOPT_TIMERFUNCTION use
Daniel Stenberg [Fri, 9 Aug 2013 21:27:43 +0000 (23:27 +0200)]
curl_multi_add_handle.3: mention the CURLMOPT_TIMERFUNCTION use

11 years agoKNOWN_BUGS: 22 and 57 have been fixed and committed
John E. Malmberg [Thu, 8 Aug 2013 21:34:36 +0000 (23:34 +0200)]
KNOWN_BUGS: 22 and 57 have been fixed and committed

11 years agoRELEASE-NOTES: synced with d20def20462e7
Daniel Stenberg [Thu, 8 Aug 2013 14:37:17 +0000 (16:37 +0200)]
RELEASE-NOTES: synced with d20def20462e7

11 years agoglobal dns cache: fix memory leak
Daniel Stenberg [Thu, 8 Aug 2013 14:26:10 +0000 (16:26 +0200)]
global dns cache: fix memory leak

The take down of the global dns cache didn't take CURLOPT_RESOLVE names
into account.

11 years agoglobal dns cache: didn't work [regression]
Daniel Stenberg [Thu, 8 Aug 2013 11:01:16 +0000 (13:01 +0200)]
global dns cache: didn't work [regression]

CURLOPT_DNS_USE_GLOBAL_CACHE broke in commit c43127414d89ccb (been
broken since the libcurl 7.29.0 release). While this option has been
documented as deprecated for almost a decade and nobody even reported
this bug, it should remain functional.

Added test case 1512 to verify

11 years agopackages/vms: update VMS build files
John Malmberg [Thu, 8 Aug 2013 11:11:29 +0000 (13:11 +0200)]
packages/vms: update VMS build files

VMS modified files either missing from a previous commit and changes
to remove references to CVS repositories.

11 years agoFTP: renamed several local functions
Daniel Stenberg [Thu, 8 Aug 2013 10:19:01 +0000 (12:19 +0200)]
FTP: renamed several local functions

The previous naming scheme ftp_state_post_XXXX() wasn't really helpful
as it wasn't always immediately after 'xxxx' and it wasn't easy to
understand what it does based on such a name.

This new one is instead ftp_state_yyyy() where yyyy describes what it
does or sends.

11 years agomk-ca-bundle.1: don't install on make install
Daniel Stenberg [Thu, 8 Aug 2013 07:45:51 +0000 (09:45 +0200)]
mk-ca-bundle.1: don't install on make install

Since the mk-ca-bundle tool itself isn't installed with make install,
there's no point in installing its documentation.

Bug: http://curl.haxx.se/mail/lib-2013-08/0057.html
Reported-by: Guenter Knauf
11 years agopackages/vms/Makefile.am: add latest file additions to EXTRA_DIST
Yang Tse [Wed, 7 Aug 2013 10:21:56 +0000 (12:21 +0200)]
packages/vms/Makefile.am: add latest file additions to EXTRA_DIST

11 years agoBuilding_vms_pcsi_kit
John Malmberg [Wed, 7 Aug 2013 04:10:40 +0000 (23:10 -0500)]
Building_vms_pcsi_kit

These are the files needed to build VMS distribution packages known as
PCSI kits.

Also minor update to the existing files, mainly to the documentation and
file clean up code.

11 years agoLIBCURL-STRUCTS: new document
Daniel Stenberg [Tue, 6 Aug 2013 12:13:33 +0000 (14:13 +0200)]
LIBCURL-STRUCTS: new document

This is the first version of this new document, detailing the seven
perhaps most important internal structs in libcurl source code:

  1.1 SessionHandle
  1.2 connectdata
  1.3 Curl_multi
  1.4 Curl_handler
  1.5 conncache
  1.6 Curl_share
  1.7 CookieInfo

11 years agoCONTRIBUTE: minor language polish
Daniel Stenberg [Tue, 6 Aug 2013 12:12:45 +0000 (14:12 +0200)]
CONTRIBUTE: minor language polish

11 years agoFTP: when EPSV gets a 229 but fails to connect, retry with PASV
Daniel Stenberg [Mon, 5 Aug 2013 21:49:53 +0000 (23:49 +0200)]
FTP: when EPSV gets a 229 but fails to connect, retry with PASV

This is a regression as this logic used to work. It isn't clear when it
broke, but I'm assuming in 7.28.0 when we went all-multi internally.

This likely never worked with the multi interface. As the failed
connection is detected once the multi state has reached DO_MORE, the
Curl_do_more() function was now expanded somewhat so that the
ftp_do_more() function can request to go "back" to the previous state
when it makes another attempt - using PASV.

Added test case 1233 to verify this fix. It has the little issue that it
assumes no service is listening/accepting connections on port 1...

Reported-by: byte_bucket in the #curl IRC channel
11 years agomd5: remove use of CommonCrypto-to-OpenSSL macros for the benefit of Leopard
Nick Zitzmann [Tue, 6 Aug 2013 01:47:56 +0000 (19:47 -0600)]
md5: remove use of CommonCrypto-to-OpenSSL macros for the benefit of Leopard

For some reason, OS X 10.5's GCC suddenly stopped working correctly with
macros that change MD5_Init etc. in the code to CC_MD5_Init etc., so I
worked around this by removing use of the macros and inserting static
functions that just call CommonCrypto's implementations of the functions
instead.

11 years agoSimplify check for trusted certificates.
Guenter Knauf [Mon, 5 Aug 2013 11:02:27 +0000 (13:02 +0200)]
Simplify check for trusted certificates.

This changes the previous check for untrusted certs to a check for
certs explicitely marked as trusted.
The change is backward-compatible (tested with certdata.txt v1.80).

11 years agoconfigure: warn on bad env variable use, don't error
Daniel Stenberg [Mon, 5 Aug 2013 07:31:59 +0000 (09:31 +0200)]
configure: warn on bad env variable use, don't error

Use XC_CHECK_BUILD_FLAGS instead XC_CHECK_USER_FLAGS.

11 years agoRevert "configure: don't error out on variable confusions, just warn"
Daniel Stenberg [Mon, 5 Aug 2013 07:28:44 +0000 (09:28 +0200)]
Revert "configure: don't error out on variable confusions, just warn"

This reverts commit 6b27703b5f525eccdc0a8409f51de8595c75132a.

11 years agoformadd: wrong pointer for file name when CURLFORM_BUFFERPTR used
Daniel Stenberg [Sun, 4 Aug 2013 21:27:27 +0000 (23:27 +0200)]
formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used

The internal function that's used to detect known file extensions for
the default Content-Type got the the wrong pointer passed in when
CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that
strlen() would be used which could lead to an out-of-bounds read (and
thus segfault). In most cases it would only lead to it not finding or
using the correct default content-type.

It also showed that test 554 and test 587 were testing for the
previous/wrong behavior and now they're updated as well.

Bug: http://curl.haxx.se/bug/view.cgi?id=1262
Reported-by: Konstantin Isakov
11 years agoSkip more untrusted certificates.
Guenter Knauf [Sun, 4 Aug 2013 19:30:11 +0000 (21:30 +0200)]
Skip more untrusted certificates.

Christian Heimes brought to our attention that the certdata.txt
format has recently changed [1], causing ca-bundle.crt created
with mk-ca-bundle.[pl|vbs] to include untrusted certs.

[1] http://lists.debian.org/debian-release/2012/11/msg00411.html

11 years agoconfigure: don't error out on variable confusions, just warn
Daniel Stenberg [Sun, 4 Aug 2013 08:28:26 +0000 (10:28 +0200)]
configure: don't error out on variable confusions, just warn

11 years agoconfigure: rephrase the notice in _XC_CHECK_VAR_*
Daniel Stenberg [Sat, 3 Aug 2013 21:39:23 +0000 (23:39 +0200)]
configure: rephrase the notice in _XC_CHECK_VAR_*

Instead of claiming it is an error, we call it a "note" to reduce the
severity level. But the following text now says the [variable] "*should*
only be used to specify"... instead of previously having said "may".

11 years agomulti: remove data->state.current_conn struct field
Daniel Stenberg [Fri, 2 Aug 2013 22:03:52 +0000 (00:03 +0200)]
multi: remove data->state.current_conn struct field

Not needed

11 years agomulti: remove the one_easy struct field
Daniel Stenberg [Fri, 2 Aug 2013 10:25:18 +0000 (12:25 +0200)]
multi: remove the one_easy struct field

Since the merge of SessionHandle with Curl_one_easy, this indirection
isn't used anymore.

11 years agomulti: rename all Curl_one_easy to SessionHandle
Daniel Stenberg [Fri, 2 Aug 2013 10:21:11 +0000 (12:21 +0200)]
multi: rename all Curl_one_easy to SessionHandle

11 years agomulti: remove the multi_pos struct field
Daniel Stenberg [Fri, 2 Aug 2013 10:12:20 +0000 (12:12 +0200)]
multi: remove the multi_pos struct field

Since Curl_one_easy is really a SessionHandle now, this indirection
doesn't exist anymore.

11 years agomulti: remove easy_handle struct field
Daniel Stenberg [Fri, 2 Aug 2013 10:03:39 +0000 (12:03 +0200)]
multi: remove easy_handle struct field

It isn't needed anymore

11 years agomulti: remove 'Curl_one_easy' struct, phase 1
Daniel Stenberg [Thu, 1 Aug 2013 22:09:59 +0000 (00:09 +0200)]
multi: remove 'Curl_one_easy' struct, phase 1

The motivation for having a separate struct that keep track of an easy
handle when using the multi handle was removed when we switched to
always using the multi interface internally. Now they were just two
separate struct that was always allocated for each easy handle.

This first step just moves the Curl_one_easy struct members into the
SessionHandle struct and hides this somehow (== keeps the source code
changes to a minimum) by defining Curl_one_easy to SessionHandle

The biggest changes in this commit are:

 1 - the linked list of easy handles had to be changed somewhat due
     to the new struct layout. This made the main linked list pointer
     get renamed to 'easyp' and there's also a new pointer to the last
     node, called easylp. It is no longer circular but ends with ->next
     pointing to NULL. New nodes are still added last.

 2 - easy->state is now called easy->mstate to avoid name collision

11 years agoRevert "DOCS: Added IMAP URL example for listing new messages"
Steve Holme [Fri, 2 Aug 2013 13:25:21 +0000 (14:25 +0100)]
Revert "DOCS: Added IMAP URL example for listing new messages"

This reverts commit 82ab5f1b0c7c3f as this was the wrong place to
document the complexity of IMAP URLs and Custom Requests.

11 years agoDOCS: Added IMAP URL example for listing new messages
Steve Holme [Fri, 2 Aug 2013 09:08:55 +0000 (10:08 +0100)]
DOCS: Added IMAP URL example for listing new messages

In addition to listing the folder contents, in the URL examples, added
an example to list the new messages waiting in the user's inbox.

11 years agopackages/vms/Makefile.am: add latest file additions to EXTRA_DIST
Yang Tse [Thu, 1 Aug 2013 11:57:00 +0000 (13:57 +0200)]
packages/vms/Makefile.am: add latest file additions to EXTRA_DIST

11 years agoAdd in the files needed to build libcurl shared images on VMS.
John Malmberg [Thu, 1 Aug 2013 03:35:19 +0000 (22:35 -0500)]
Add in the files needed to build libcurl shared images on VMS.

Update the packages/vms/readme file to be current.

Also some files for the GNV based build were either missing or needed an
update.

curl_crtl_init.c is a special file that is run before main() to
set up the proper C runtime behavior.

generate_vax_transfer.com generates the VAX transfer vector modules from
the gnv_libcurl_symbols.opt file.

gnv_conftest.c_first is a helper file needed for configure scripts to
come up with the expected answers on VMS.

gnv_libcurl_symbols.opt is the public symbols for the libcurl shared
image.

gnv_link_curl.com builds the shared libcurl image and rebuilds other
programs to use it.

macro32_exactcase.patch is a hack to make a local copy of the VMS Macro32
assembler case sensitive, which is needed to build the VAX transfer modules.

report_openssl_version.c is a tool for help verify that the libcurl
shared image is being built for a minium version of openssl.

11 years agocurl: second follow-up for commit 5af2bfb9
Yang Tse [Thu, 1 Aug 2013 10:25:01 +0000 (12:25 +0200)]
curl: second follow-up for commit 5af2bfb9

Display progress-bar unconditionally on first call

11 years agocurl: follow-up for commit 5af2bfb9
Yang Tse [Wed, 31 Jul 2013 13:36:56 +0000 (15:36 +0200)]
curl: follow-up for commit 5af2bfb9

Use tvnow() and tvdiff() to avoid introducing new linkage issues

11 years agocurl: --progress-bar max update frequency now at 5Hz
Daniel Stenberg [Wed, 31 Jul 2013 07:06:15 +0000 (09:06 +0200)]
curl: --progress-bar max update frequency now at 5Hz

11 years agocurl: make --progress-bar update the line less frequently
Daniel Stenberg [Tue, 30 Jul 2013 22:17:56 +0000 (00:17 +0200)]
curl: make --progress-bar update the line less frequently

Also, use memset() instead of a lame loop.

The previous logic that tried to avoid too many updates were very
ineffective for really fast transfers, as then it could easily end up
doing hundreds of updates per second that would make a significant
impact in transfer performance!

Bug: http://curl.haxx.se/mail/archive-2013-07/0031.html
Reported-by: Marc Doughty
11 years agodarwinssl: added LFs to some strings passed into infof()
Nick Zitzmann [Wed, 31 Jul 2013 02:32:18 +0000 (20:32 -0600)]
darwinssl: added LFs to some strings passed into infof()

(This doesn't need to appear in the release notes.) I noticed a few places
where infof() was called, and there should've been an LF at the end of the
string, but there wasn't.

11 years agodarwinssl: fix build error in crypto authentication under Snow Leopard
Nick Zitzmann [Wed, 31 Jul 2013 02:25:38 +0000 (20:25 -0600)]
darwinssl: fix build error in crypto authentication under Snow Leopard

It turns out Snow Leopard not only has SecItemCopyMatching() defined in
a header not included by the omnibus header, but it won't work for our
purposes, because searching for SecIdentityRef objects wasn't added
to that API until Lion. So we now use the old SecKeychainSearch API
instead if the user is building under, or running under, Snow Leopard.

Bug: http://sourceforge.net/p/curl/bugs/1255/
Reported by: Edward Rudd

11 years agomd5 & metalink: use better build macros on Apple operating systems
Nick Zitzmann [Wed, 31 Jul 2013 02:20:20 +0000 (20:20 -0600)]
md5 & metalink: use better build macros on Apple operating systems

Previously we used __MAC_10_X and __IPHONE_X to mark digest-generating
code that was specific to OS X and iOS. Now we use
__MAC_OS_X_VERSION_MAX_ALLOWED and __IPHONE_OS_VERSION_MAX_ALLOWED
instead of those macros.

Bug: http://sourceforge.net/p/curl/bugs/1255/
Reported by: Edward Rudd

11 years agotool_operhlp.c: fix add_file_name_to_url() OOM handling
Yang Tse [Mon, 29 Jul 2013 16:23:38 +0000 (18:23 +0200)]
tool_operhlp.c: fix add_file_name_to_url() OOM handling

11 years agotool_operate.c: fix brace placement for vi/emacs delimiter matching
Yang Tse [Mon, 29 Jul 2013 14:32:29 +0000 (16:32 +0200)]
tool_operate.c: fix brace placement for vi/emacs delimiter matching