summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* THANKS: update at 7.56.1 release timeDaniel Stenberg2017-10-231-0/+8
|
* mk-ca-bundle: Remove URL for auroraJon DeVree2017-10-221-2/+0
| | | | | Aurora is no longer used by Mozilla https://hacks.mozilla.org/2017/04/simplifying-firefox-release-channels/
* mk-ca-bundle: Fix URL for NSSJon DeVree2017-10-221-1/+1
| | | | | | | The 'tip' is the most recent branch committed to, this should be 'default' like the URLs for the browser are. Closes #1998
* imap: if a FETCH response has no size, don't call write callbackDaniel Stenberg2017-10-221-0/+5
| | | | | | | CVE-2017-1000257 Reported-by: Brian Carpenter and 0xd34db347 Also detected by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3586
* ftp: reject illegal IP/port in PASV 227 responseDaniel Stenberg2017-10-202-10/+7
| | | | | | | | | | ... by using range checks. Among other things, this avoids an undefined behavior for a left shift that could happen on negative or very large values. Closes #1997 Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3694
* test653: check reuse of easy handle after mime data changePatrick Monnerat2017-10-204-2/+161
| | | | See issue #1999
* mime: do not reuse previously computed multipart sizePatrick Monnerat2017-10-201-1/+1
| | | | | | | The contents might have changed: size must be recomputed. Reported-by: moteus on github Fixes #1999
* test308: disable if MultiSSL feature enabledPatrick Monnerat2017-10-191-0/+1
| | | | | Even if OpenSSL is enabled, it might not be the default backend when multi-ssl is enabled, causing the test to fail.
* runtests: support MultiSSL client featurePatrick Monnerat2017-10-191-0/+15
|
* vtls: change struct Curl_ssl `close' field name to `close_one'.Patrick Monnerat2017-10-1912-14/+14
| | | | | On OS/400, `close' is an ASCII system macro that corrupts the code if not used in a context not targetting the close() system API.
* os400: add missing symbols in config file.Patrick Monnerat2017-10-193-5/+13
| | | | Also adjust makefile to renamed files and warn about installation dirs mix-up.
* test652: curl_mime_data + base64 encoder with large contentsPatrick Monnerat2017-10-194-1/+491
|
* mime: limit bas64-encoded lines length to 76 charactersPatrick Monnerat2017-10-192-4/+4
|
* RELEASE-NOTES: synced with f121575c0Daniel Stenberg2017-10-161-4/+24
|
* setopt: range check most long optionsDaniel Stenberg2017-10-161-39/+154
| | | | | ... filter early instead of risking "funny values" having to be dealt with elsewhere.
* setopt: avoid integer overflows when setting millsecond valuesDaniel Stenberg2017-10-164-10/+26
| | | | | | | | | | | | | ... that are multiplied by 1000 when stored. For 32 bit long systems, the max value accepted (2147483 seconds) is > 596 hours which is unlikely to ever be set by a legitimate application - and previously it didn't work either, it just caused undefined behavior. Also updated the man pages for these timeout options to mention the return code. Closes #1938
* makefile.m32: allow to override gcc, ar and ranlibViktor Szakats2017-10-152-7/+24
| | | | | | | | | | | | | Allow to ovverride certain build tools, making it possible to use LLVM/Clang to build curl. The default behavior is unchanged. To build with clang (as offered by MSYS2), these settings can be used: CURL_CC=clang CURL_AR=llvm-ar CURL_RANLIB=llvm-ranlib Closes https://github.com/curl/curl/pull/1993
* ldap: silence clang warningViktor Szakats2017-10-151-1/+3
| | | | | | | Use memset() to initialize a structure to avoid LLVM/Clang warning: ldap.c:193:39: warning: missing field 'UserLength' initializer [-Wmissing-field-initializers] Closes https://github.com/curl/curl/pull/1992
* runtests: use valgrind for torture as wellDaniel Stenberg2017-10-141-8/+34
| | | | | NOTE: it makes them terribly slow. I recommend only using valgrind for specific torture tests or using lots of patience.
* memdebug: trace send, recv and socketDaniel Stenberg2017-10-145-18/+73
| | | | | | ... to allow them to be included in torture tests too. closes #1980
* configure: remove the C++ compiler checkDaniel Stenberg2017-10-141-1/+0
| | | | | | | ... we used it only for the fuzzer, which we now have in a separate git repo. Closes #1990
* mime: do not call failf() if easy handle is NULL.Patrick Monnerat2017-10-131-1/+2
|
* test651: curl_formadd with huge COPYCONTENTSDaniel Stenberg2017-10-134-2/+172
|
* mime: fix the content reader to handle >16K data properlyDaniel Stenberg2017-10-131-2/+1
| | | | | Reported-by: Jeroen Ooms Closes #1988
* mime: keep "text/plain" content type if user-specified.Patrick Monnerat2017-10-127-27/+35
| | | | | | Include test cases in 554, 587, 650. Fixes https://github.com/curl/curl/issues/1986
* cli tool: use file2memory() to buffer stdin in -F option.Patrick Monnerat2017-10-121-38/+15
| | | | Closes PR https://github.com/curl/curl/pull/1985
* cli tool: reimplement stdin buffering in -F option.Patrick Monnerat2017-10-123-14/+153
| | | | | | | | | | | | If stdin is not a regular file, its content is memory-buffered to enable a possible data "rewind". In all cases, stdin data size is determined before real use to avoid having an unknown part's size. --libcurl generated code is left as an unbuffered stdin fread/fseek callback part with unknown data size. Buffering is not supported in deprecated curl_formadd() API.
* winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2Daniel Stenberg2017-10-121-0/+1
|
* HELP-US: the label "PR-welcome" is now renamed to "help wanted"Daniel Stenberg2017-10-121-3/+3
| | | | following the new github "standard"
* RELEASE-NOTES: synced with 5505df7d2Daniel Stenberg2017-10-111-5/+30
|
* url: Update current connection SSL verify params in setoptArtak Galoyan2017-10-111-0/+30
| | | | | | | | | | | | | | | | Now VERIFYHOST, VERIFYPEER and VERIFYSTATUS options change during active connection updates the current connection's (i.e.'connectdata' structure) appropriate ssl_config (and ssl_proxy_config) structures variables, making these options effective for ongoing connection. This functionality was available before and was broken by the following change: "proxy: Support HTTPS proxy and SOCKS+HTTP(s)" CommitId: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151. Bug: https://github.com/curl/curl/issues/1941 Closes https://github.com/curl/curl/pull/1951
* openssl: don't use old BORINGSSL_YYYYMM macrosDavid Benjamin2017-10-111-3/+2
| | | | | | | | | | | Those were temporary things we'd add and remove for our own convenience long ago. The last few stayed around for too long as an oversight but have since been removed. These days we have a running BORINGSSL_API_VERSION counter which is bumped when we find it convenient, but 2015-11-19 was quite some time ago, so just check OPENSSL_IS_BORINGSSL. Closes #1979
* test950; verify SMTP with custom requestDaniel Stenberg2017-10-102-1/+44
|
* ftpserver: support case insensitive commandsDaniel Stenberg2017-10-101-1/+1
|
* smtp_done: free data before returning (on send failure)Daniel Stenberg2017-10-101-3/+3
| | | | | | | | | | ... as otherwise it could leak that memory. Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600 Assisted-by: Max Dymond Closes #1977
* FTP: URL decode path for dir listing in nocwd modeDaniel Stenberg2017-10-103-13/+64
| | | | | | | | Reported-by: Zenju on github Test 244 added to verify Fixes #1974 Closes #1976
* test298: verify --ftp-method nowcwd with URL encoded pathDaniel Stenberg2017-10-091-1/+1
| | | | Ref: #1974
* CURLOPT_XFERINFODATA.3: fix duplicate see alsoDaniel Stenberg2017-10-091-2/+2
|
* CURLOPT_NOPROGRESS.3: also refer to xferinfofunctionDaniel Stenberg2017-10-091-5/+5
|
* FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTIONDaniel Stenberg2017-10-091-1/+1
|
* openssl: enable PKCS12 support for !BoringSSLDaniel Stenberg2017-10-093-7/+5
| | | | | | | | | Enable PKCS12 for all non-boringssl builds without relying on configure or cmake checks. Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html Reported-by: Christian Schmitz Closes #1948
* curl: don't pass semicolons when parsing Content-DispositionKristiyan Tsaklev2017-10-092-10/+7
| | | | | | Test 1422 updated to verify. Closes #1964
* mime: properly unbind mime structure in curl_mime_free().Patrick Monnerat2017-10-091-0/+1
| | | | | | | This allows freeing a mime structure bound to the easy handle before curl_easy_cleanup(). Fixes #1970.
* RTSP: avoid integer overflow on funny RTSP responseDaniel Stenberg2017-10-093-3/+60
| | | | | | | | | ... like a very large non-existing RTSP version number. Added test 577 to verify. Detected by OSS-fuzz. Closes #1969
* ftpserver: properly reset $ftptargetdir.Patrick Monnerat2017-10-081-1/+1
|
* test643: verify curl_mime_subparts() rejects cyclic additions.Patrick Monnerat2017-10-081-0/+27
|
* mime: refuse to add subparts to one of their own descendants.Patrick Monnerat2017-10-081-0/+15
| | | | | Reported-by: Alexey Melnichuk Fixes #1962
* mime: avoid resetting a part's encoder when part's contents change.Patrick Monnerat2017-10-081-1/+0
|
* mime: improve unbinding top multipart from easy handle.Patrick Monnerat2017-10-083-13/+45
| | | | Also avoid dangling pointers in referencing parts.
* RELEASE-NOTES: synced with a4c1c75da30af1Daniel Stenberg2017-10-081-177/+36
|