summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* THANKS: synced with 7.51.0curl-7_51_0Daniel Stenberg2016-11-021-1/+23
|
* RELEASE-NOTES: 7.51.0Daniel Stenberg2016-11-022-7/+8
|
* ftp_done: don't clobber the passed in error codeDaniel Stenberg2016-11-021-4/+5
| | | | Coverity CID 1374359 pointed out the unused result value.
* ftp: remove dead code in ftp_doneDaniel Stenberg2016-11-021-2/+0
| | | | Coverity CID 1374358
* generate.bat: Include include/curl in libcurl VS projectsJay Satiro2016-11-011-0/+1
| | | | .. because including those headers helps Visual Studio's Intellisense.
* generate.bat: Remove strcase.[ch] from curl tool VS projectsJay Satiro2016-11-011-2/+0
| | | | | | | | ..because they're no longer needed in the tool build. strcase is still built by the libcurl project and exports curl_str(n)equal which is used by the curl tool. Bug: https://github.com/curl/curl/commit/9363f1a#all_commit_comments
* metalink: simplify the hex parsing functionDaniel Stenberg2016-11-021-14/+8
| | | | ... and now it avoids using the libcurl toupper() function
* file: fix compiler warningMichael Kaufmann2016-11-011-1/+1
| | | | follow-up to 46133aa5
* strcase: fixed Metalink builds by redefining checkprefix()Dan Fandrich2016-11-011-1/+1
| | | | | | | ...to use the public function curl_strnequal(). This isn't ideal because it adds extra overhead to any internal calls to checkprefix. follow-up to 95bd2b3e
* curl.1: typoDaniel Stenberg2016-11-011-1/+1
|
* curl.1: expand on how multiple uses of -o looksDaniel Stenberg2016-11-011-1/+11
| | | | | Suggested-by: Dan Jacobson Issue: https://github.com/curl/curl/issues/1097
* tests/util: get a private strncasecompare cloneDaniel Stenberg2016-10-315-9/+93
| | | | | ... since the curlx_* code no longer provides one and we don't link libcurl to these test servers.
* strcase: make the tool use curl_str[n]equal insteadDaniel Stenberg2016-10-318-31/+27
| | | | | | | | As they are after all part of the public API. Saves space and reduces complexity. Remove the strcase defines from the curlx_ family. Suggested-by: Dan Fandrich Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
* gskit, nss: do not include strequal.hKamil Dudka2016-10-312-2/+2
| | | | follow-up to 811a693b80
* strcasecompare: include curl.h in strcase.cDan Fandrich2016-10-311-0/+3
| | | | | | | This should fix the "warning: 'curl_strequal' redeclared without dllimport attribute: previous dllimport ignored" message and subsequent link error on Windows because of the missing CURL_EXTERN on the prototype.
* strcase: fix the remaining rawstr usersDaniel Stenberg2016-10-314-7/+7
|
* msvc builds: s/rawstr/strcaseDaniel Stenberg2016-10-312-9/+9
| | | | Follow-up to 811a693b
* strcasecompare: replaced remaining rawstr.h with strcase.hDan Fandrich2016-10-316-7/+6
| | | | This is a followup to commit 811a693b
* digest_sspi: fix includeMarcel Raad2016-10-311-1/+1
| | | | Fix compile break from 811a693b80
* libauthretry: use the external function curl_strequalDan Fandrich2016-10-311-4/+3
| | | | The internal version strcasecompare isn't available outside libcurl
* RELEASE-NOTES: synced with d14538d2501ef0daDaniel Stenberg2016-10-311-4/+37
|
* configure: raise the default minimum version for macos to 10.8Daniel Stenberg2016-10-311-1/+1
| | | | | follow-up to 4f8d0b6f02aa7043. Since the darwinssl code breaks otherwise. If you build without darwinssl 10.5 works fine.
* unit1301: keep testing curl_strequalDaniel Stenberg2016-10-311-7/+7
| | | | as that is still part of the API, fix from 8fe4bd084412f30
* ldap: fix includeDaniel Stenberg2016-10-311-1/+0
| | | | Fix bug from 811a693b80
* url: remove unconditional idn2.h includeDaniel Stenberg2016-10-311-2/+0
| | | | Mistake brought by 9c91ec778104a
* curl_strequal: part of public API/ABI, needs to be keptDaniel Stenberg2016-10-314-9/+20
| | | | | | These two public functions have been mentioned as deprecated since a very long time but since they are still part of the API and ABI we need to keep them around.
* strcase: s/strequal/strcasecompareDaniel Stenberg2016-10-313-16/+16
| | | | some more follow-ups to 811a693b80
* ldap: fix strcase useDaniel Stenberg2016-10-311-1/+1
| | | | follow-up to 811a693b80
* test165: adapted to the libidn2 use and IDNA2008 fixDaniel Stenberg2016-10-311-2/+8
|
* cookie: replace use of fgets() with custom versionDaniel Stenberg2016-10-311-1/+30
| | | | | | | | | ... that will ignore lines that are too long to fit in the buffer. CVE-2016-8615 Bug: https://curl.haxx.se/docs/adv_20161102A.html Reported-by: Cure53
* strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg2016-10-3153-410/+291
| | | | | We had some confusions on when each function was used. We should not act differently on different locales anyway.
* strcasecompare: is the new name for strequal()Daniel Stenberg2016-10-3136-111/+98
| | | | | | | ... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
* ftp: check for previous patch must be case sensitive!Daniel Stenberg2016-10-311-1/+1
| | | | | ... otherwise example.com/PATH and example.com/path would be assumed to be the same and they usually aren't!
* SSH: check md5 fingerprint case sensitivelyDaniel Stenberg2016-10-311-1/+1
|
* connectionexists: use case sensitive user/password comparisonsDaniel Stenberg2016-10-311-6/+6
| | | | | | | CVE-2016-8616 Bug: https://curl.haxx.se/docs/adv_20161102B.html Reported-by: Cure53
* base64: check for integer overflow on large inputDaniel Stenberg2016-10-311-0/+5
| | | | | | | CVE-2016-8617 Bug: https://curl.haxx.se/docs/adv_20161102C.html Reported-by: Cure53
* krb5: avoid realloc(0)Daniel Stenberg2016-10-311-3/+6
| | | | | | | | | | | If the requested size is zero, bail out with error instead of doing a realloc() that would cause a double-free: realloc(0) acts as a free() and then there's a second free in the cleanup path. CVE-2016-8619 Bug: https://curl.haxx.se/docs/adv_20161102E.html Reported-by: Cure53
* aprintf: detect wrap-around when growing allocationDaniel Stenberg2016-10-311-3/+6
| | | | | | | | | | On 32bit systems we could otherwise wrap around after 2GB and allocate 0 bytes and crash. CVE-2016-8618 Bug: https://curl.haxx.se/docs/adv_20161102D.html Reported-by: Cure53
* range: reject char globs with missing end like '[L-]'Daniel Stenberg2016-10-311-15/+19
| | | | | | ... which previously would lead to out of boundary reads. Reported-by: Luật Nguyễn
* glob_next_url: make sure to stay within the given output bufferDaniel Stenberg2016-10-311-6/+11
|
* range: prevent negative end number in a glob rangeDaniel Stenberg2016-10-311-0/+7
| | | | | | | CVE-2016-8620 Bug: https://curl.haxx.se/docs/adv_20161102F.html Reported-by: Luật Nguyễn
* parsedate: handle cut off numbers betterDaniel Stenberg2016-10-313-6/+20
| | | | | | | | | ... and don't read outside of the given buffer! CVE-2016-8621 bug: https://curl.haxx.se/docs/adv_20161102G.html Reported-by: Luật Nguyễn
* escape: avoid using curl_easy_unescape() internallyDaniel Stenberg2016-10-317-86/+90
| | | | Since the internal Curl_urldecode() function has a better API.
* unescape: avoid integer overflowDaniel Stenberg2016-10-313-9/+18
| | | | | | | CVE-2016-8622 Bug: https://curl.haxx.se/docs/adv_20161102H.html Reported-by: Cure53
* cookies: getlist() now holds deep copies of all cookiesDaniel Stenberg2016-10-313-24/+43
| | | | | | | | | | | Previously it only held references to them, which was reckless as the thread lock was released so the cookies could get modified by other handles that share the same cookie jar over the share interface. CVE-2016-8623 Bug: https://curl.haxx.se/docs/adv_20161102I.html Reported-by: Cure53
* TODO: remove IDNA2008Daniel Stenberg2016-10-311-7/+0
|
* idn: switch to libidn2 use and IDNA2008 supportDaniel Stenberg2016-10-318-254/+66
| | | | | | | CVE-2016-8625 Bug: https://curl.haxx.se/docs/adv_20161102K.html Reported-by: Christian Heimes
* test1246: verify URL parsing with host name ending with '#'Daniel Stenberg2016-10-312-1/+65
|
* urlparse: accept '#' as end of host nameDaniel Stenberg2016-10-311-5/+5
| | | | | | | | | | 'http://example.com#@127.0.0.1/x.txt' equals a request to example.com for the '/' document with the rest of the URL being a fragment. CVE-2016-8624 Bug: https://curl.haxx.se/docs/adv_20161102J.html Reported-by: Fernando Muñoz
* INTERNALS: better markdown (follow-up)Jay Satiro2016-10-311-35/+36
| | | | | | - Wrap more words with underscores in backticks. Follow-up to 13f4913.
View Lorry Controller Status