aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-05-30loadlibrary: Only load system DLLs from the system directorySteve Holme
Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802
2016-05-30ssh: fix version number check typoDaniel Stenberg
2016-05-29curl_share_setopt.3: Add min ver needed for ssl session lockJay Satiro
Bug: https://github.com/curl/curl/issues/826 Reported-by: Michael Wallner
2016-05-29ssh: fix build for libssh2 before 1.2.6Daniel Stenberg
The statvfs functionality was added to libssh2 in that version, so we switch off that functionality when built with older libraries. Fixes #831
2016-05-24mbedtls: fix includes so snprintf() worksDaniel Stenberg
Regression from the previous *printf() rearrangements, this file missed to include the correct header to make sure snprintf() works universally. Reported-by: Moti Avrahami Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
2016-05-23checksrc.pl: Added variants of strcat() & strncat() to banned function listSteve Holme
Added support for checking the tchar, unicode and mbcs variants of strcat() and strncat() in the banned function list.
2016-05-23smtp: minor ident (white space) fixesDaniel Stenberg
2016-05-23THANKS: updated after script fixesDaniel Stenberg
Now giving credit properly to github user names, fixed some UTF-8 issues and added names discovered when contrithanks was improved.
2016-05-23THANKS-filter: more name cleanupsDaniel Stenberg
2016-05-23contrithanks.sh: exclude existing names case insensitivelyDaniel Stenberg
2016-05-23contrithanks.sh: use same grep pattern and -a flag as contributors.shDaniel Stenberg
2016-05-23contributors.sh: better grep pattern, use grep -aDaniel Stenberg
2016-05-23THANKS-filter: fix more namesDaniel Stenberg
2016-05-23contrithanks.sh: do the same github fix as contributors.shDaniel Stenberg
from 1577bfa35ba
2016-05-23contributors: Show GitHub username if real name unknownJay Satiro
Prior to this change if a GitHub contributor's real name was unknown they would be omitted from the list. Bug: https://github.com/curl/curl/issues/824
2016-05-21RELEASE-NOTES: synced with 3caaeffbe8ded4Daniel Stenberg
2016-05-20openssl: cleanup must free compression methodsJay Satiro
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak. Bug: https://github.com/curl/curl/issues/817 Reported-by: jveazey@users.noreply.github.com
2016-05-20curl_multibyte: fix compiler errorGisle Vanem
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was getting: f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '(' to follow 'CURL_EXTERN' f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085: 'curl_domalloc': not in formal parameter list
2016-05-20THANKS-filter: make Jan-E get proper creditDaniel Stenberg
2016-05-20winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivityJan-E
Closes #818
2016-05-20libcurl.m4: Avoid obsolete warningAlexander Traud
Closes #821
2016-05-20CURLOPT_CONNECT_TO.3: user must not free the list prematurelyMichael Kaufmann
The connect-to list isn't copied so as long as the handle may be used for a transfer the list must be valid. Bug: https://github.com/curl/curl/pull/819 Reported-by: Michael Kaufmann
2016-05-19RELEASE-NOTES: synced with 48114a8634242cDaniel Stenberg
2016-05-19openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0Daniel Stenberg
See OpenSSL commit 21e001747d4a
2016-05-19http2: use HTTP/2 in the HTTP/1.1-alike headerDaniel Stenberg
... when generating them, not "2.0" as the protocol is called just HTTP/2 and nothing else.
2016-05-19dist: include curl_multi_socket_all.3Jay Satiro
Closes https://github.com/curl/curl/pull/816
2016-05-18bump: Start work on 7.49.1Steve Holme
2016-05-18curlbuild.h.dist: check __LP64__ as well to fix MIPS buildDaniel Stenberg
The preprocessor check that sets up the 32bit defines for non-configure builds didn't work properly for MIPS systems as __mips__ is defined for both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit. Reported-by: Tomas Jakobsson Fixes #813
2016-05-18schannel: fix compile break with MSVC XP toolsetMarcel Raad
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK 7.1 is used. In this case, _USING_V110_SDK71_ is defined. Closes #812
2016-05-18dist: include CHECKSRC.mdDaniel Stenberg
Reported-by: Paul Howarth Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
2016-05-18test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in distDaniel Stenberg
Reported-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
2016-05-17THANKS: 24 new names from 7.49.0 release notesDaniel Stenberg
2016-05-17RELEASE-NOTES: 7.49.0Daniel Stenberg
2016-05-17mbedtls/polarssl: set "hostname" unconditionallyDaniel Stenberg
...as otherwise the TLS libs will skip the CN/SAN check and just allow connection to any server. curl previously skipped this function when SNI wasn't used or when connecting to an IP address specified host. CVE-2016-3739 Bug: https://curl.haxx.se/docs/adv_20160518A.html Reported-by: Moti Avrahami
2016-05-17CURLOPT_RESOLVE.3: fix typoFrank Gevaerts
Closes #811
2016-05-17docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVEDaniel Stenberg
2016-05-17KNOWN_BUGS: GnuTLS backend skips really long certificate fieldsDaniel Stenberg
Closes #762
2016-05-17CURLOPT_HTTPPOST.3: the data needs to be around while in useDaniel Stenberg
2016-05-17openssl: get_cert_chain: fix NULL dereferenceDaniel Stenberg
CID 1361815: Explicit null dereferenced (FORWARD_NULL)
2016-05-17openssl: get_cert_chain: avoid NULL dereferenceDaniel Stenberg
CID 1361811: Explicit null dereferenced (FORWARD_NULL)
2016-05-17dprintf_formatf: fix (false?) Coverity warningDaniel Stenberg
CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when we run over 'workend' but the condition says <= workend and for all I can see it should be safe. Compensating for the warning by adding a byte margin in the buffer. Also, removed the extra brace level indentation in the code and made it so that 'workend' is only assigned once within the function.
2016-05-16RELEASE-NOTES: synced with 2dcb5adc72d6Daniel Stenberg
2016-05-16THANKS-filter: fixed Jonathan CardosoDaniel Stenberg
2016-05-15ftp: fix incorrect out-of-memory code in Curl_pretransferJay Satiro
- Return value type must match function type. s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/ Caught by Travis CI
2016-05-15ftp wildcard: segfault due to init only in multi_performDaniel Stenberg
The proper FTP wildcard init is now more properly done in Curl_pretransfer() and the corresponding cleanup in Curl_close(). The previous place of init/cleanup code made the internal pointer to be NULL when this feature was used with the multi_socket() API, as it was made within the curl_multi_perform() function. Reported-by: Jonathan Cardoso Machado Fixes #800
2016-05-13libcurl-tlibcurl-thread: Update OpenSSL linksJay Satiro
Because the old OpenSSL link now redirects to their master documentation (currently 1.1.0), which does not document the required actions for OpenSSL <= 1.0.2.
2016-05-13darwinssl.c: fix OS X codename typo in commentViktor Szakats
2016-05-13RELEASE-NOTES: synced with 68701e51c1f7Daniel Stenberg
Added 8 bug fixes and 5 more contrbutors
2016-05-13mprintf: Fix processing of width and prec argsJay Satiro
Prior to this change a width arg could be erroneously output, and also width and precision args could not be used together without crashing. "%0*d%s", 2, 9, "foo" Before: "092" After: "09foo" "%*.*s", 5, 2, "foo" Before: crash After: " fo" Test 557 is updated to verify this and more
2016-05-13ConnectionExists: follow-up fix for proxy re-useMichael Kaufmann
Follow-up commit to 5823179 Closes #648