cmake: fixed path used in generation of docs/tests during curl build through add_subdicectory(...)

cmake: Backport to work with CMake 3.0 again

Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets
instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake

cmake: Backport to work with CMake 3.0 again

Changes in commit 7867aaa9a0 (cmake: link curl to the OpenSSL targets
instead of lib absolute paths, 2018-07-17) and commit f826b4ce98 (cmake:
bumped minimum version to 3.4, 2018-07-19) required CMake 3.4 to fix
issue #2746. This broke support for users on older versions of CMake
even if they just want to build curl and do not care whether transitive
dependencies work.

Backport the logic to work with CMake 3.0 again by implementing the
fix only when the version of CMake is at least 3.4.

show more ...

curl_threads: fix classic MinGW compile break

Classic MinGW still has _beginthreadex's return type as unsigned long
instead of uintptr_t [0]. uintptr_t is not even defined because of [1]

curl_threads: fix classic MinGW compile break

Classic MinGW still has _beginthreadex's return type as unsigned long
instead of uintptr_t [0]. uintptr_t is not even defined because of [1].

[0] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l167
[1] https://sourceforge.net/p/mingw/mingw-org-wsl/ci/wsl-5.1-release/tree/mingwrt/include/process.h#l90

Bug: https://github.com/curl/curl/issues/2924#issuecomment-424334807
Closes https://github.com/curl/curl/pull/3051

show more ...

configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE

fix a few leftovers

Fixes #3006
Closes #3049

example/htmltidy: fix include paths of tidy libraries

Closes #3050

RELEASE-NOTES: synced

Curl_http2_done: fix memleak in error path

Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
early failures.

Detected by OSS-Fuzz

Bug: https://bug

Curl_http2_done: fix memleak in error path

Free 'header_recvbuf' unconditionally even if 'h2' isn't (yet) set, for
early failures.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10669
Closes #3046

show more ...

http: fix memleak in rewind error path

If the rewind would fail, a strdup() would not get freed.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detai

http: fix memleak in rewind error path

If the rewind would fail, a strdup() would not get freed.

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10665
Closes #3044

show more ...

test320: fix regression in [ci skip]

The value in question is coming directly from `gnutls-serv`, so it cannot
be modified freely.

Reported-by: Marcel Raad
Ref: https://gith

test320: fix regression in [ci skip]

The value in question is coming directly from `gnutls-serv`, so it cannot
be modified freely.

Reported-by: Marcel Raad
Ref: https://github.com/curl/curl/commit/6ae6b2a533e8630afbb21f570305bd4ceece6348#commitcomment-30621004

show more ...

Curl_retry_request: fix memory leak

Detected by OSS-Fuzz

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10648
Closes #3042

openssl: load built-in engines too

Regression since 38203f1

Reported-by: Jean Fabrice
Fixes #3023
Closes #3040

OpenSSL: enable TLS 1.3 post-handshake auth

OpenSSL 1.1.1 requires clients to opt-in for post-handshake
authentication.

Fixes: https://github.com/curl/curl/issues/3026
Signe

OpenSSL: enable TLS 1.3 post-handshake auth

OpenSSL 1.1.1 requires clients to opt-in for post-handshake
authentication.

Fixes: https://github.com/curl/curl/issues/3026
Signed-off-by: Christian Heimes <christian@python.org>

Closes https://github.com/curl/curl/pull/3027

show more ...

Curl_dedotdotify(): always nul terminate returned string.

This fixes potential out-of-buffer access on "file:./" URL

$ valgrind curl "file:./"
==24516== Memcheck, a memory error

Curl_dedotdotify(): always nul terminate returned string.

This fixes potential out-of-buffer access on "file:./" URL

$ valgrind curl "file:./"
==24516== Memcheck, a memory error detector
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==24516== Command: /home/even/install-curl-git/bin/curl file:./
==24516==
==24516== Conditional jump or move depends on uninitialised value(s)
==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24516== by 0x4EBB315: seturl (urlapi.c:801)
==24516== by 0x4EBB568: parseurl (urlapi.c:861)
==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199)
==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044)
==24516== by 0x4E67AEF: create_conn (url.c:3613)
==24516== by 0x4E68A4F: Curl_connect (url.c:4119)
==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440)
==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173)
==24516== by 0x4E7558C: easy_transfer (easy.c:686)
==24516== by 0x4E75801: easy_perform (easy.c:779)
==24516== by 0x4E75868: curl_easy_perform (easy.c:798)

Was originally spotted by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
Credit to OSS-Fuzz

Closes #3039

show more ...

update URLs in tests

- and one in docs/MANUAL as well

Closes https://github.com/curl/curl/pull/3038

whitespace fixes

- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few inde

whitespace fixes

- replace tabs with spaces where possible
- remove line ending spaces
- remove double/triple newlines at EOF
- fix a non-UTF-8 character
- cleanup a few indentations/line continuations
in manual examples

Closes https://github.com/curl/curl/pull/3037

show more ...

http: add missing return code check

Detected by Coverity. CID 1439610.

Follow-up from 46e164069d1a523

Closes #3034

ftp: don't access pointer before NULL check

Detected by Coverity. CID 1439611.

Follow-up from 46e164069d1a523

unit1650: fix out of boundary access

Fixes #2987
Closes #3035

docs/examples: URL updates

- also update two URLs outside of docs/examples
- fix spelling of filename persistant.c
- fix three long lines that started failing checksrc.pl

Cl

docs/examples: URL updates

- also update two URLs outside of docs/examples
- fix spelling of filename persistant.c
- fix three long lines that started failing checksrc.pl

Closes https://github.com/curl/curl/pull/3036

show more ...

examples/Makefile.m32: sync with core [ci skip]

also:
- fix two warnings in synctime.c (one of them Windows-specific)
- upgrade URLs in synctime.c and remove a broken one

Cl

examples/Makefile.m32: sync with core [ci skip]

also:
- fix two warnings in synctime.c (one of them Windows-specific)
- upgrade URLs in synctime.c and remove a broken one

Closes https://github.com/curl/curl/pull/3033

show more ...

examples/parseurl.c: show off the URL API a bit

Closes #3030

SECURITY-PROCESS: mention the bountygraph program [ci skip]

Closes #3032

url: use the URL API internally as well

... to make it a truly unified URL parser.

Closes #3017

URL and mailmap updates, remove an obsolete directory [ci skip]

Closes https://github.com/curl/curl/pull/3031

RELEASE-NOTES: synced