aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-05-30URL parser: allow URLs to use one, two or three slashesDaniel Stenberg
Mostly in order to support broken web sites that redirect to broken URLs that are accepted by browsers. Browsers are typically even more leniant than this as the WHATWG URL spec they should allow an _infinite_ amount. I tested 8000 slashes with Firefox and it just worked. Added test case 1141, 1142 and 1143 to verify the new parser. Closes #791
2016-05-30cmake: Added missing mbedTLS supportRenaud Lehoux
Closes #837
2016-05-30mbedtls: removed unused variablesRenaud Lehoux
Closes #838
2016-05-30http: add CURLINFO_HTTP_VERSION and %{http_version}Frank Gevaerts
Adds access to the effectively used http version to both libcurl and curl. Closes #799
2016-05-30bump: start the journey toward 7.50.0Daniel Stenberg
2016-05-30openssl: fix build with OPENSSL_NO_COMPMarcel Raad
With OPENSSL_NO_COMP defined, there is no function SSL_COMP_free_compression_methods Closes #836
2016-05-30memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNCGisle Vanem
Fixes #828
2016-05-30README.md: polishJonathan
Closes #834
2016-05-30RELEASE-NOTES: fix vuln linkDaniel Stenberg
2016-05-30RELEASE-NOTES: 7.49.1Daniel Stenberg
2016-05-30loadlibrary: Only load system DLLs from the system directorySteve Holme
Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802
2016-05-30ssh: fix version number check typoDaniel Stenberg
2016-05-29curl_share_setopt.3: Add min ver needed for ssl session lockJay Satiro
Bug: https://github.com/curl/curl/issues/826 Reported-by: Michael Wallner
2016-05-29ssh: fix build for libssh2 before 1.2.6Daniel Stenberg
The statvfs functionality was added to libssh2 in that version, so we switch off that functionality when built with older libraries. Fixes #831
2016-05-24mbedtls: fix includes so snprintf() worksDaniel Stenberg
Regression from the previous *printf() rearrangements, this file missed to include the correct header to make sure snprintf() works universally. Reported-by: Moti Avrahami Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
2016-05-23checksrc.pl: Added variants of strcat() & strncat() to banned function listSteve Holme
Added support for checking the tchar, unicode and mbcs variants of strcat() and strncat() in the banned function list.
2016-05-23smtp: minor ident (white space) fixesDaniel Stenberg
2016-05-23THANKS: updated after script fixesDaniel Stenberg
Now giving credit properly to github user names, fixed some UTF-8 issues and added names discovered when contrithanks was improved.
2016-05-23THANKS-filter: more name cleanupsDaniel Stenberg
2016-05-23contrithanks.sh: exclude existing names case insensitivelyDaniel Stenberg
2016-05-23contrithanks.sh: use same grep pattern and -a flag as contributors.shDaniel Stenberg
2016-05-23contributors.sh: better grep pattern, use grep -aDaniel Stenberg
2016-05-23THANKS-filter: fix more namesDaniel Stenberg
2016-05-23contrithanks.sh: do the same github fix as contributors.shDaniel Stenberg
from 1577bfa35ba
2016-05-23contributors: Show GitHub username if real name unknownJay Satiro
Prior to this change if a GitHub contributor's real name was unknown they would be omitted from the list. Bug: https://github.com/curl/curl/issues/824
2016-05-21RELEASE-NOTES: synced with 3caaeffbe8ded4Daniel Stenberg
2016-05-20openssl: cleanup must free compression methodsJay Satiro
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak. Bug: https://github.com/curl/curl/issues/817 Reported-by: jveazey@users.noreply.github.com
2016-05-20curl_multibyte: fix compiler errorGisle Vanem
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was getting: f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '(' to follow 'CURL_EXTERN' f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085: 'curl_domalloc': not in formal parameter list
2016-05-20THANKS-filter: make Jan-E get proper creditDaniel Stenberg
2016-05-20winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivityJan-E
Closes #818
2016-05-20libcurl.m4: Avoid obsolete warningAlexander Traud
Closes #821
2016-05-20CURLOPT_CONNECT_TO.3: user must not free the list prematurelyMichael Kaufmann
The connect-to list isn't copied so as long as the handle may be used for a transfer the list must be valid. Bug: https://github.com/curl/curl/pull/819 Reported-by: Michael Kaufmann
2016-05-19RELEASE-NOTES: synced with 48114a8634242cDaniel Stenberg
2016-05-19openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0Daniel Stenberg
See OpenSSL commit 21e001747d4a
2016-05-19http2: use HTTP/2 in the HTTP/1.1-alike headerDaniel Stenberg
... when generating them, not "2.0" as the protocol is called just HTTP/2 and nothing else.
2016-05-19dist: include curl_multi_socket_all.3Jay Satiro
Closes https://github.com/curl/curl/pull/816
2016-05-18bump: Start work on 7.49.1Steve Holme
2016-05-18curlbuild.h.dist: check __LP64__ as well to fix MIPS buildDaniel Stenberg
The preprocessor check that sets up the 32bit defines for non-configure builds didn't work properly for MIPS systems as __mips__ is defined for both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit. Reported-by: Tomas Jakobsson Fixes #813
2016-05-18schannel: fix compile break with MSVC XP toolsetMarcel Raad
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK 7.1 is used. In this case, _USING_V110_SDK71_ is defined. Closes #812
2016-05-18dist: include CHECKSRC.mdDaniel Stenberg
Reported-by: Paul Howarth Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
2016-05-18test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in distDaniel Stenberg
Reported-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
2016-05-17THANKS: 24 new names from 7.49.0 release notesDaniel Stenberg
2016-05-17RELEASE-NOTES: 7.49.0Daniel Stenberg
2016-05-17mbedtls/polarssl: set "hostname" unconditionallyDaniel Stenberg
...as otherwise the TLS libs will skip the CN/SAN check and just allow connection to any server. curl previously skipped this function when SNI wasn't used or when connecting to an IP address specified host. CVE-2016-3739 Bug: https://curl.haxx.se/docs/adv_20160518A.html Reported-by: Moti Avrahami
2016-05-17CURLOPT_RESOLVE.3: fix typoFrank Gevaerts
Closes #811
2016-05-17docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVEDaniel Stenberg
2016-05-17KNOWN_BUGS: GnuTLS backend skips really long certificate fieldsDaniel Stenberg
Closes #762
2016-05-17CURLOPT_HTTPPOST.3: the data needs to be around while in useDaniel Stenberg
2016-05-17openssl: get_cert_chain: fix NULL dereferenceDaniel Stenberg
CID 1361815: Explicit null dereferenced (FORWARD_NULL)
2016-05-17openssl: get_cert_chain: avoid NULL dereferenceDaniel Stenberg
CID 1361811: Explicit null dereferenced (FORWARD_NULL)