summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* RELEASE-NOTES: curl 7.47.1 time!curl-7_47_1Daniel Stenberg2016-02-081-0/+2
|
* tool_operhlp: Check for backslashes in get_url_file_nameJay Satiro2016-02-081-1/+5
| | | | | | | | | | Extract the filename from the last slash or backslash. Prior to this change backslashes could be part of the filename. This change needed for the curl tool built for Cygwin. Refer to the CYGWIN addendum in advisory 20160127B. Bug: https://curl.haxx.se/docs/adv_20160127B.html
* RELEASE-NOTES: synced with d6a8869ea34Daniel Stenberg2016-02-071-3/+14
|
* openssl: Fix signed/unsigned mismatch warning in X509V3_extJay Satiro2016-02-061-2/+2
| | | | | | | | sk_X509_EXTENSION_num may return an unsigned integer, however the value will fit in an int. Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896 Reported-by: Gisle Vanem
* TODO: 17.11 -w output to stderrDaniel Stenberg2016-02-071-0/+9
|
* idn_win32: Better error checkingMichael Kaufmann2016-02-061-25/+21
| | | | | | | | | .. also fix a conversion bug in the unused function curl_win32_ascii_to_idn(). And remove wprintfs on error (Jay). Bug: https://github.com/curl/curl/pull/637
* examples/asiohiper: Avoid function name collision on WindowsGisle Vanem2016-02-061-4/+4
| | | | | | | closesocket => close_socket Winsock already has the former. Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html
* examples/htmltitle: Use _stricmp on WindowsGisle Vanem2016-02-061-1/+1
| | | | Bug: https://curl.haxx.se/mail/lib-2016-02/0017.html
* COPYING: clarify that Daniel is not the sole authorDaniel Stenberg2016-02-061-1/+2
| | | | ... done on request and as it is a fair point.
* unit1604: Fix unit setup return codeJay Satiro2016-02-051-1/+1
|
* tool_doswin: Use type SANITIZEcode in sanitize_file_nameJay Satiro2016-02-051-7/+7
|
* tool_doswin: Improve sanitization processingJay Satiro2016-02-0510-129/+780
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add unit test 1604 to test the sanitize_file_name function. - Use -DCURL_STATICLIB when building libcurltool for unit testing. - Better detection of reserved DOS device names. - New flags to modify sanitize behavior: SANITIZE_ALLOW_COLONS: Allow colons SANITIZE_ALLOW_PATH: Allow path separators and colons SANITIZE_ALLOW_RESERVED: Allow reserved device names SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename - Restore sanitization of banned characters from user-specified outfile. Prior to this commit sanitization of a user-specified outfile was temporarily disabled in 2b6dadc because there was no way to allow path separators and colons through while replacing other banned characters. Now in such a case we call the sanitize function with SANITIZE_ALLOW_PATH which allows path separators and colons to pass through. Closes https://github.com/curl/curl/issues/624 Reported-by: Octavio Schroeder
* URLs: change more http to httpsViktor Szakats2016-02-0418-44/+46
|
* sasl_sspi: Fix memory leak in domain populateJay Satiro2016-02-041-0/+1
| | | | | | | Free an existing domain before replacing it. Bug: https://github.com/curl/curl/issues/635 Reported-by: silveja1@users.noreply.github.com
* URLs: follow GitHub project rename (also Travis CI)Viktor Szakats2016-02-0410-17/+17
| | | | Closes #632
* CHANGES.o: fix references to curl.haxx.nuDaniel Stenberg2016-02-031-2/+2
| | | | | I removed the scheme prefix from the URLs references this host name, as we don't own/run that anymore but the name is kept for historic reasons.
* HISTORY: add some info about when we used which host namesDaniel Stenberg2016-02-031-1/+3
|
* URLs: change more http to httpsViktor Szakats2016-02-028-16/+16
|
* URLs: Change more haxx.se URLs from http: to https:Dan Fandrich2016-02-0314-14/+14
|
* RELEASE-NOTES: synced with 4af40b364Daniel Stenberg2016-02-031-9/+13
|
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031026-1270/+1270
|
* configure: update the copyright year range in outputDaniel Stenberg2016-02-021-1/+1
|
* dotdot: allow an empty input string tooDaniel Stenberg2016-02-022-2/+12
| | | | | | | It isn't used by the code in current conditions but for safety it seems sensible to at least not crash on such input. Extended unit test 1395 to verify this too as well as a plain "/" input.
* HTTPS: update a bunch of URLs from HTTP to HTTPSDaniel Stenberg2016-02-0220-93/+93
|
* AppVeyor: updated to handle OpenSSL/WinSSL buildsSergei Nikulov2016-02-011-2/+18
| | | | Closes #621
* tool_operate: Don't sanitize --output path (Windows)Jay Satiro2016-02-011-11/+0
| | | | | | | | | | | | | Due to path separators being incorrectly sanitized in --output pathnames, eg -o c:\foo => c__foo This is a partial revert of 3017d8a until I write a proper fix. The remote-name will continue to be sanitized, but if the user specified an --output with string replacement (#1, #2, etc) that data is unsanitized until I finish a fix. Bug: https://github.com/bagder/curl/issues/624 Reported-by: Octavio Schroeder
* curl.1: Explain remote-name behavior if file already existsJay Satiro2016-01-291-5/+17
| | | | .. also warn about letting the server pick the filename.
* urldata: Error on missing SSL backend-specific connect infoGisle Vanem2016-01-291-20/+13
|
* bump: towards the next (7.47.1 ?)Daniel Stenberg2016-01-282-111/+14
|
* cmake: fixed when OpenSSL enabled on Windows and schannel detectedSergei Nikulov2016-01-281-7/+14
| | | | Closes #617
* urldata: moved common variable out of ifdefSergei Nikulov2016-01-281-10/+1
| | | | Closes https://github.com/bagder/curl/pull/618
* tool_doswin: silence unused function warningViktor Szakats2016-01-281-0/+4
| | | | | | | tool_doswin.c:185:14: warning: 'msdosify' defined but not used [-Wunused-function] Closes https://github.com/bagder/curl/pull/616
* getredirect.c: fix variable nameDaniel Stenberg2016-01-271-1/+1
| | | | Reported-by: Bernard Spil
* examples/Makefile.inc: specify programs without .c!curl-7_47_0Daniel Stenberg2016-01-271-1/+1
|
* THANKS: 6 new contributors from 7.47.0 release notesDaniel Stenberg2016-01-261-0/+6
|
* NTLM: Fix ConnectionExists to compare Proxy credentialsIsaac Boukris2016-01-261-22/+40
| | | | | | | | | | | | | | | Proxy NTLM authentication should compare credentials when re-using a connection similar to host authentication, as it authenticate the connection. Example: curl -v -x http://proxy:port http://host/ -U good_user:good_pwd --proxy-ntlm --next -x http://proxy:port http://host/ [-U fake_user:fake_pwd --proxy-ntlm] CVE-2016-0755 Bug: http://curl.haxx.se/docs/adv_20160127A.html
* curl: avoid local drive traversal when saving file (Windows)Ray Satiro2016-01-264-58/+187
| | | | | | | | | | | curl does not sanitize colons in a remote file name that is used as the local file name. This may lead to a vulnerability on systems where the colon is a special path character. Currently Windows/DOS is the only OS where this vulnerability applies. CVE-2016-0754 Bug: http://curl.haxx.se/docs/adv_20160127B.html
* RELEASE-NOTES: 7.47.0Daniel Stenberg2016-01-261-3/+9
|
* FAQ: language fix in 4.19Daniel Stenberg2016-01-251-1/+1
|
* FAQ: Update to point to GitHubpaulehoffman2016-01-241-4/+7
| | | | | | Current FAQ didn't make it clear where the main repo is. Closes #612
* maketgz: generate date stamp with LC_TIME=CDaniel Stenberg2016-01-241-2/+2
| | | | bug: http://curl.haxx.se/mail/lib-2016-01/0123.html
* curl_multi_socket_action.3: line wrapDaniel Stenberg2016-01-241-2/+3
|
* RELEASE-NOTES: synced with d58ba66eecebDaniel Stenberg2016-01-241-6/+7
|
* TODO: "Create remote directories" for SMBSteve Holme2016-01-211-0/+6
|
* mbedtls: Fix pinned key return value on failJay Satiro2016-01-181-49/+66
| | | | | | | | | | | | | | | | | | | | | | | - Switch from verifying a pinned public key in a callback during the certificate verification to inline after the certificate verification. The callback method had three problems: 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH was not returned. 2. If peer certificate verification was disabled the pinned key verification did not take place as it should. 3. (related to #2) If there was no certificate of depth 0 the callback would not have checked the pinned public key. Though all those problems could have been fixed it would have made the code more complex. Instead we now verify inline after the certificate verification in mbedtls_connect_step2. Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html Ref: https://github.com/bagder/curl/pull/601
* tests: Add a test for pinnedpubkey fail even when insecureJay Satiro2016-01-182-1/+42
| | | | | Because disabling the peer verification (--insecure) must not disable the public key pinning check (--pinnedpubkey).
* CURLINFO_RESPONSE_CODE.3: add exampleDaniel Schauenberg2016-01-161-1/+13
|
* ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULLKamil Dudka2016-01-153-6/+11
| | | | | | | | | | | | The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle empty strings specially since curl-7_25_0-31-g05a443a but the behavior was unintentionally removed in curl-7_38_0-47-gfa7d04f. This commit restores the original behavior and clarifies it in the documentation that NULL and "" have both the same meaning when passed to CURLOPT_SSH_PUBLIC_KEYFILE. Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html
* RELEASE-NOTES: synced with 35083ca60ed035aDaniel Stenberg2016-01-141-5/+36
|
* openssl: improved error detection/reportingDaniel Stenberg2016-01-141-25/+18
| | | | | | ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL 1.1.0+ returned a new func number of another cerfificate fail so this required a fix and this is the better way to catch this error anyway.
View Lorry Controller Status