Age | Commit message (Collapse) | Author |
|
The overflow has no real world impact.
Just avoid it for "best practice".
Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
Closes #3184
|
|
When not actually following the redirect and the target URL is only
stored for later retrieval, curl always accepted "non-supported"
schemes. This was a regression from 46e164069d1a5230.
Reported-by: Brad King
Fixes #3210
Closes #3215
|
|
Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to
fix the typo in the name, but missed to update the OpenVMS package
files which still looked for the old name.
Closes #3217
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
To make it easier to understand other people's and remote builds etc.
Closes #3207
|
|
|
|
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.
Use a better supported TLS library!
Assisted-by: Daniel Gustafsson
Closes #3194
|
|
Closes #3197
|
|
... using clang
Closes #3190
|
|
Curl_verify_certificate() must use the Curl_ prefix since it is globally
available in the lib and otherwise steps outside of our namespace!
Closes #3201
|
|
It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135.
Closes #3204
|
|
... revert the mistaken change brought in commit 8440616f53.
Reported-by: Alessandro Ghedini
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
Closes #3198
|
|
|
|
|
|
MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.
Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Closes #3191
|
|
|
|
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
|
|
Closes #3123
|
|
|
|
|
|
Detected by UndefinedBehaviorSanitizer
Closes #3187
|
|
Closes #3182
|
|
Closes #3186
|
|
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
|
|
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
|
|
system.h selects the proper Sun settings when __SUNPRO_C is defined. The
Sun compiler does not define it when compiling C++ files. I'm adding a
check also on __SUNPRO_CC to allow curl to work properly also when used
in a C++ project on Sun Solaris.
Closes #3181
|
|
|
|
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
|
|
|
|
Available in the root, src and lib dirs.
Closes #3163
|
|
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
|
|
Use an unsigned variable: as the signed operation behavior is undefined,
this change silents clang-tidy about it.
Ref: https://github.com/curl/curl/pull/3163
Reported-By: Daniel Stenberg
|
|
If Curl_protocol_connect() returns an error code,
handle the error instead of switching to the next state.
Closes #3170
|
|
|
|
When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".
Reported-by: Ricky-Tigg on github
Fixes #3178
Closes #3180
|
|
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by: Ricky-Tigg on github
Bug: #3178
|
|
This is required for gnutls-serv, which enables a few more tests.
Closes https://github.com/curl/curl/pull/2958
|
|
Ensure to clear the session object in case the libssh2 initialization
fails.
It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.
Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
... I'm moving it up one week due to travels. The rest stays.
|
|
Closes #3176
|
|
Detected by clang-tidy
Closes #3176
|
|
Fixes #3171
Closes #3172
|
|
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/becfe1233ff2b6b0c3e1b6a10048b55b68c2539f#commitcomment-31008819
Closes #3161
|
|
Reported-by: Dima Pasechnik
Fixes #3143
Closes #3174
|
|
Compiling on _WIN32 and with USE_LWIPSOCK, causes this error:
curl_rtmp.c(223,3): error: use of undeclared identifier 'setsockopt'
setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
^
curl_rtmp.c(41,32): note: expanded from macro 'setsockopt'
#define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e)
^
Closes #3155
|
|
Follow-up to #3166 which did the cmake part of this. This type/define is
not used.
Closes #3168
|
|
Remove variables:
* HAVE_SOCKLEN_T
* CURL_SIZEOF_CURL_SOCKLEN_T
* CURL_TYPEOF_CURL_SOCKLEN_T
Closes #3166
|
|
The "connecting" function is used by multiple protocols, not only FTP
|
|
- Change the inout parameters after all needed memory has been
allocated. Do not change them if something goes wrong.
- Free the allocated temporary strings if strdup() fails.
Closes #3122
|
|
Closes #3162
|