Age | Commit message (Collapse) | Author |
|
|
|
... don't consider it an error!
Assisted-by: Jay Satiro
Reported-by: Łukasz Domeradzki
Fixes #2365
Closes #2375
|
|
|
|
|
|
CVE-2018-1000121
Reported-by: Dario Weisser
Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
|
|
Refuse to operate when given path components featuring byte values lower
than 32.
Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.
Test case 340 verifies.
CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
|
|
CVE-2018-1000122
Bug: https://curl.haxx.se/docs/adv_2018-b047.html
Detected by OSS-fuzz
|
|
|
|
... and make sure to avoid integer overflows with really large values.
Reported-by: 刘佩东
Fixes #2371
Closes #2373
|
|
|
|
|
|
follow-up to e04417d
|
|
|
|
Reported-by: Michael Kaufmann
Fixes #2357
Closes #2362
|
|
... as it is interesting for many users.
|
|
|
|
|
|
|
|
Closes #2349
|
|
|
|
Check for existence of import and static libraries with documented names
and use them if they do. Fallback to previous names.
According to
https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on
Windows, the names of the import library is "zdll.lib" and static
library is "zlib.lib".
closes #2354
|
|
gss_seal/gss_unseal have been deprecated in favor of
gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first
version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June
1996 already says "GSS_Wrap() (formerly GSS_Seal())" and
"GSS_Unwrap() (formerly GSS_Unseal())".
Use the nondeprecated functions to avoid deprecation warnings.
[1] https://tools.ietf.org/html/rfc2078
[2] https://tools.ietf.org/html/rfc1964
Closes https://github.com/curl/curl/pull/2356
|
|
|
|
|
|
Added test 1265 that verifies.
Reported-by: steelman on github
Fixes #2353
Closes #2355
|
|
... so that the CI and more detects compiler warnings/errors properly!
Closes #2337
|
|
On MinGW and Cygwin, GCC and clang have been complaining about macro
redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this
by undefining the macros before redefining them as suggested in
https://github.com/curl/curl/pull/2269.
Suggested-by: Daniel Stenberg
|
|
|
|
When targeting x64, MinGW-w64 complains about conversions between
32-bit long and 64-bit pointers. Fix this by reusing the
GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic
from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST /
CURLX_INTEGER_TO_POINTER_CAST.
Closes https://github.com/curl/curl/pull/2341
|
|
Update clang to version 3.9 and GCC to version 6.
Closes https://github.com/curl/curl/pull/2345
|
|
Fixes #2342
|
|
- Add OpenSSL 1.1.1 to the header/library version lists.
- Detect OpenSSL 1.1.1 library using its function ERR_clear_last_mark,
which was added in that version.
Prior to this change an erroneous header/library mismatch was caused by
lack of OpenSSL 1.1.1 detection. I tested using openssl-1.1.1-pre1.
|
|
Closes https://github.com/curl/curl/pull/2335
|
|
Detected using the `codespell` tool.
Also contains one URL protocol upgrade.
Closes https://github.com/curl/curl/pull/2334
|
|
Reported-by: Stefan Kanthak and Rod Widdowson
Fixes #2325
|
|
- Add macros to the top of the makefile for rc and mt utilities so that
it is easier to change their locations.
Bug: https://curl.haxx.se/mail/lib-2018-02/0075.html
Reported-by: Stefan Kanthak
Closes https://github.com/curl/curl/issues/2329
|
|
|
|
|
|
Co-authored-by: Stefan Kanthak
Closes https://github.com/curl/curl/issues/2330
Closes https://github.com/curl/curl/pull/2331
|
|
|
|
|
|
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that
will be called every time before a new resolve request is started
(ie before a host is resolved) with a pointer to backend-specific
resolver data. Currently this is only useful for ares.
- Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to
pass to the resolver start callback.
Closes https://github.com/curl/curl/pull/2311
|
|
- In keeping with the naming of our other connect timeout options rename
CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.
This change adds the _MS suffix since the option expects milliseconds.
This is more intuitive for our users since other connect timeout options
that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS,
CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS.
The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms.
Follow-up to 2427d94 which added the lib and tool option yesterday.
Ref: https://github.com/curl/curl/pull/2260
|
|
SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says
PLAIN should be used instead if available.
|
|
|
|
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
eyeball timeout value.
- Add new optval macro CURL_HET_DEFAULT to represent the default happy
eyeballs timeout value (currently 200 ms).
- Add new tool option --happy-eyeballs-timeout-ms to expose
CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
other -timeout options in the tool expect seconds not milliseconds.
Closes https://github.com/curl/curl/pull/2260
|
|
Follow-up to 50d1b33.
Caught by AppVeyor.
|
|
|
|
This enables users to preresolve but still take advantage of happy
eyeballs and trying multiple addresses if some are not connecting.
Ref: https://github.com/curl/curl/pull/2260
|
|
URL: https://curl.haxx.se/mail/lib-2018-02/0072.html
|