summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* dist: include {src,lib}/checksrc.whitelistDaniel Stenberg2015-04-222-8/+8
|
* RELEASE-NOTES: updated for 7.42.0curl-7_42_0Daniel Stenberg2015-04-221-6/+16
|
* THANKS: added contributors from 7.42.0 release notesDaniel Stenberg2015-04-221-0/+21
|
* THANKS-filter: a few more alterations to squashDaniel Stenberg2015-04-221-1/+3
|
* contrithanks.sh: helper script for maintaining THANKSDaniel Stenberg2015-04-221-0/+57
|
* http_done: close Negotiate connections when doneDaniel Stenberg2015-04-211-1/+7
| | | | | | | | | | | | | When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
* fix_hostname: zero length host name caused -1 index offsetDaniel Stenberg2015-04-211-1/+1
| | | | | | | | | | | | If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
* cookie: cookie parser out of boundary memory accessDaniel Stenberg2015-04-211-5/+7
| | | | | | | | | | | | | | The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
* ConnectionExists: for NTLM re-use, require credentials to matchDaniel Stenberg2015-04-211-1/+1
| | | | | | | CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
* openssl: add OPENSSL_NO_SSL3_METHOD checkbyronhe2015-04-211-0/+5
|
* CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and descDaniel Stenberg2015-04-201-1/+1
| | | | | Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon
* configure --with-nss: remove unneeded libs from the fallbackMostyn Bramley-Moore2015-04-201-1/+1
|
* contributors.sh: fix help output, filter out (-prefix from namesDaniel Stenberg2015-04-201-3/+4
|
* RELEASE-NOTES: synced with cc0e7ebc3be0Daniel Stenberg2015-04-201-2/+13
|
* CURLMOPT_TIMERFUNCTION.3: Clarify, add an exampleMichael Stapelberg2015-04-191-9/+47
|
* vtls/openssl: use https in URLs and a comment typo fixedViktor Szakáts2015-04-191-8/+8
|
* curl_version_info.3: fixed the 'protocols' variable typeDaniel Stenberg2015-04-181-2/+2
| | | | | Reported-by: John Marshall Bug: https://github.com/bagder/curl/issues/225
* test1423: added missing "file" to server sectionDan Fandrich2015-04-181-0/+1
|
* TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methodsDaniel Stenberg2015-04-171-3/+54
| | | | ... and some minor edits
* Revert "HTTP: don't abort connections with pending Negotiate authentication"Daniel Stenberg2015-04-171-82/+30
| | | | | | | This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
* cyassl: Fix include orderJay Satiro2015-04-171-5/+14
| | | | | | | Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html
* configure --with-nss: drop redundant if statementKamil Dudka2015-04-171-40/+36
|
* configure --with-nss=PATH: query pkg-config if availableKamil Dudka2015-04-171-5/+25
| | | | Bug: https://github.com/bagder/curl/pull/171
* parsecfg: do not continue past a zero terminationDaniel Stenberg2015-04-171-16/+19
| | | | | | | When a config file line ends without newline, the parsing function could continue reading beyond that point in memory. Reported-by: Hanno Böck
* gitignore: Ignore Windows build output directoriesJay Satiro2015-04-161-0/+2
|
* RELEASE-NOTES: synced with 1ba6e4c88e0Daniel Stenberg2015-04-151-7/+20
|
* TODO: 17.9 Choose the name of file in braces for complex URLsDaniel Stenberg2015-04-151-0/+13
|
* TODO: a little caution that maybe not all ideas are still goodDaniel Stenberg2015-04-151-0/+5
|
* TODO: 17.8 offer color-coded HTTP header outputDaniel Stenberg2015-04-151-0/+7
|
* TODO: 17.7 warning when sending binary output to terminalDaniel Stenberg2015-04-151-0/+7
|
* KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxesDaniel Stenberg2015-04-151-0/+6
|
* cyassl: Add support for TLS extension SNIJay Satiro2015-04-141-0/+31
|
* gitignore: ignore test-driver fileMatthew Hall2015-04-131-0/+1
|
* vtls_openssl: improve PKCS#12 load failure error messageMatthew Hall2015-04-131-1/+3
|
* vtls_openssl: fix minor typo in PKCS#12 load routineMatthew Hall2015-04-131-1/+1
|
* vtls_openssl: improve client certificate load failure error messagesMatthew Hall2015-04-131-2/+8
|
* vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constantMatthew Hall2015-04-131-3/+0
|
* BUGS: refer to the github issue tracker now as primaryDaniel Stenberg2015-04-131-4/+2
|
* firefox-db2pem: fix wildcard to find Firefox default profileDaniel Stenberg2015-04-131-2/+2
| | | | | | | | At some point, Firefox has changed and generates different directory names for the default profile that made this script fail to find them. Bug: https://github.com/bagder/curl/issues/207 Reported-by: sneakyimp
* cyassl: Include the CyaSSL build configJay Satiro2015-04-112-0/+7
| | | | | CyaSSL >= 2.6.0 may have an options.h that was generated during its build by configure.
* build: Generate source prerequisites for Visual Studio in generate.batJay Satiro2015-04-111-1/+116
| | | | | | | Prior to this change Visual Studio builds could fail due to missing prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. http://curl.haxx.se/mail/lib-2015-04/0034.html
* lib/makefile.m32: add missing libs to build libcurl.dllViktor Szakats2015-04-091-0/+3
| | | | | | | Add 'gdi32' and 'crypt32' Windows implibs to avoid failure while building libcurl.dll using the mingw compiler. The same logic is used in 'src/makefile.m32' when building curl.exe.
* test142[23]: verify that an empty file is stored on successKamil Dudka2015-04-083-1/+120
|
* src/tool_operate: create output file on successful downloadKamil Dudka2015-04-083-0/+12
| | | | | | ... of an empty file Bug: https://github.com/bagder/curl/issues/183
* src/tool_cb_wrt: separate fnc for output file creationKamil Dudka2015-04-081-32/+39
|
* lib/transfer.c: Remove factor of 8 from sleep time calculationDa-Yoon Chung2015-04-071-1/+1
| | | | | | | | | | The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and rate_bps are both in bytes. When using the rate limiting option, curl waits 8 times too long, and then transfers very quickly until the average rate reaches the limit. The average rate follows the limit over time, but the actual traffic is bursty. Thanks-to: Benjamin Gilbert
* x509asn1: Silence x64 loss-of-data warning on RSA key length assignmentJay Satiro2015-04-061-1/+1
| | | | | | The key length in bits will always fit in an unsigned long so the loss-of-data warning assigning the result of x64 pointer arithmetic to an unsigned long is unnecessary.
* cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer sizeJay Satiro2015-04-061-4/+9
| | | | | | | | Also fix it so that all ERR_error_string calls use an error buffer. CyaSSL's implementation of ERR_error_string only writes the error when an error buffer is passed. http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html
* cyassl: Remove 'Connecting to' message from cyassl_connect_step2Jay Satiro2015-04-051-3/+0
| | | | | | | Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' messages since cyassl_connect_step2 is called multiple times, typically. The message is superfluous even once since libcurl already informs the user elsewhere in code that it is connecting.
* checksrc.bat: quotes to support an SRC_DIR with spacesViktor Szakats2015-04-051-6/+6
|
View Lorry Controller Status