curl: Fix segfault when -H @headerfile is empty

The curl binary would crash if the -H command line option was given a
filename to read using the @filename syntax but that file was empty.

curl: Fix segfault when -H @headerfile is empty

The curl binary would crash if the -H command line option was given a
filename to read using the @filename syntax but that file was empty.

Closes #2797

show more ...

mime: check Curl_rand_hex's return code

Bug: https://curl.haxx.se/mail/archive-2018-07/0015.html
Reported-by: Jeffrey Walton
Closes #2795

docs/examples: add hiperfifo example using linux epoll/timerfd

Closes #2804

docs/INSTALL.md: minor formatting fixes

Closes #2794

docs/CURLOPT_URL: fix indentation

The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph.

docs/CURLOPT_URL: fix indentation

The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.

Closes #2788

show more ...

docs/CURLOPT_WRITEFUNCTION: size is always 1

For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the

docs/CURLOPT_WRITEFUNCTION: size is always 1

For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.

This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.

Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.

Closes #2787

show more ...

wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random

RNG structure must be freed by call to FreeRng after its use in
Curl_cyassl_random. This call fixes Valgrind failures when running t

wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random

RNG structure must be freed by call to FreeRng after its use in
Curl_cyassl_random. This call fixes Valgrind failures when running the
test suite with wolfSSL.

Closes #2784

show more ...

reuse_conn(): free old_conn->options

This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
connection reuse.

I found this with oss-fuzz on GDAL and curl mas

reuse_conn(): free old_conn->options

This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
connection reuse.

I found this with oss-fuzz on GDAL and curl master:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
I couldn't reproduce with the oss-fuzz original test case, but looking
at curl source code pointed to this well reproducable leak.

Closes #2790

show more ...

system_win32: fix version checking

In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
when run on windows 10.0. This patch addresses that error.

Closes htt

system_win32: fix version checking

In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false
when run on windows 10.0. This patch addresses that error.

Closes https://github.com/curl/curl/pull/2792

show more ...

auth: pick Bearer authentication whenever a token is available

So far, the code tries to pick an authentication method only if
user/password credentials are available, which is not the c

auth: pick Bearer authentication whenever a token is available

So far, the code tries to pick an authentication method only if
user/password credentials are available, which is not the case for
Bearer authentictation...

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754

show more ...

auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token

The Bearer authentication was added to cURL 7.61.0, but there is a
problem: if CURLAUTH_ANY is selected, and the server s

auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token

The Bearer authentication was added to cURL 7.61.0, but there is a
problem: if CURLAUTH_ANY is selected, and the server supports multiple
authentication methods including the Bearer method, we strongly prefer
that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
authentication fails, we will never even try to attempt any other
method.

This is particularly unfortunate when we already know that we do not
have any Bearer token to work with.

Such a scenario happens e.g. when using Git to push to Visual Studio
Team Services (which supports Basic and Bearer authentication among
other methods) and specifying the Personal Access Token directly in the
URL (this aproach is frequently taken by automated builds).

Let's make sure that we have a Bearer token to work with before we
select the Bearer authentication among the available authentication
methods.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754

show more ...

test320: treat curl320.out file as binary

Otherwise, LF line endings are converted to CRLF on Windows,
but no conversion is done for the reply, so the test case fails.

Closes ht

test320: treat curl320.out file as binary

Otherwise, LF line endings are converted to CRLF on Windows,
but no conversion is done for the reply, so the test case fails.

Closes https://github.com/curl/curl/pull/2776

show more ...

vtls: set conn->data when closing TLS

Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS
layer for a connection still needs a Curl_easy handle for the session_id
ca

vtls: set conn->data when closing TLS

Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS
layer for a connection still needs a Curl_easy handle for the session_id
cache etc.

Fixes #2764
Closes #2771

show more ...

tests: fixes for Windows line endlings

Set mode="text" when line endings depend on the system representation.

Closes https://github.com/curl/curl/pull/2772

test214: disable MSYS2's POSIX path conversion for URL

By default, the MSYS2 bash converts all backslashes to forward slashes
in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test

test214: disable MSYS2's POSIX path conversion for URL

By default, the MSYS2 bash converts all backslashes to forward slashes
in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.

Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces

show more ...

http2: several cleanups

- separate easy handle from connections better
- added asserts on a number of places
- added sanity check of pipelines for debug builds

Closes #2751

smb_getsock: always wait for write socket too

... the protocol is doing read/write a lot, so it needs to write often
even when downloading. A more proper fix could check for eactly when

smb_getsock: always wait for write socket too

... the protocol is doing read/write a lot, so it needs to write often
even when downloading. A more proper fix could check for eactly when it
wants to write and only ask for it then.

Without this fix, an SMB download could easily get stuck when the event-driven
API was used.

Closes #2768

show more ...

test1143: disable MSYS2's POSIX path conversion

By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
as a POSIX file list and converts it to a Windows file list.
D

test1143: disable MSYS2's POSIX path conversion

By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
as a POSIX file list and converts it to a Windows file list.
Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.

Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
Closes https://github.com/curl/curl/pull/2765

show more ...

RELEASE-NOTES: sync

... and work toward 7.61.1

CMake: Update scripts to use consistent style

Closes #2727
Reviewed-by: Sergei Nikulov

header output: switch off all styles, not just unbold

... the "unbold" sequence doesn't work on the mac Terminal.

Reported-by: Zero King
Fixes #2736
Closes #2738

darwinssl: add support for ALPN negotiation

test1422: add required file feature

curl configured with --enable-debug --disable-file currently complains
on test1422:
Info: Protocol "file" not supported or disabled in libcurl

test1422: add required file feature

curl configured with --enable-debug --disable-file currently complains
on test1422:
Info: Protocol "file" not supported or disabled in libcurl

Make test1422 dependend on enabled FILE protocol to fix this.

Fixes https://github.com/curl/curl/issues/2741
Closes https://github.com/curl/curl/pull/2742

show more ...

content_encoding: accept up to 4 unknown trailer bytes after raw deflate data

Some servers issue raw deflate data that may be followed by an undocumented
trailer. This commit makes curl

content_encoding: accept up to 4 unknown trailer bytes after raw deflate data

Some servers issue raw deflate data that may be followed by an undocumented
trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
before considering the data is in error.

Reported-by: clbr on github
Fixes #2719

show more ...

smb: fix memory-leak in URL parse error path

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
Closes #2740