aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-09-14curl_easy_unescape: deny negative string lengths as inputDaniel Stenberg
CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14curl_easy_escape: deny negative string lengths as inputDaniel Stenberg
CVE-2016-7167 Bug: https://curl.haxx.se/docs/adv_20160914.html
2016-09-14curl: make --create-dirs on windows grok both forward and backward slashesDaniel Stenberg
Reported-by: Ryan Scott Fixes #1007
2016-09-13RELEASE-NOTES: synced with 665694979b6Daniel Stenberg
2016-09-12mbedtls: switch off NTLM in build if md4 isn't availableTony Kelman
NTLM support with mbedTLS was added in 497e7c9 but requires that mbedTLS is built with the MD4 functions available, which it isn't in default builds. This now adapts if the funtion isn't there and builds libcurl without NTLM support if so. Fixes #1004
2016-09-12CODE_STYLE: fix long-line guidelineJay Satiro
- Change maximum allowed line length from 80 to 79.
2016-09-11CODE_STYLE: add column alignment sectionJay Satiro
Note that since the added examples are for column alignment I had to encapsulate with ~~~c markdown to preserve their alignment.
2016-09-11cmake: fix curl-config --static-libsPeter Wu
The `curl-config --static-libs` command should not output paths like -l/usr/lib/libssl.so, instead print the absolute path without `-l`. This also removes the confusing message "Static linking is broken" which was printed because curl-config --static-libs was disfunctional even though the static libcurl.a library works properly. Fixes https://github.com/curl/curl/issues/841
2016-09-11http: refuse to pass on response body with NO_NODY was setDaniel Stenberg
... like when a HTTP/0.9 response comes back without any headers at all and just a body this now prevents that body from being sent to the callback etc. Adapted test 1144 to verify. Fixes #973 Assisted-by: Ray Satiro
2016-09-11RELEASE-NOTES: synced with 257bf3ac67eb6Daniel Stenberg
2016-09-10CMake: Don't build unit tests if private symbols are hiddenJakub Zakrzewski
This only excludes building unit tests from default build ( 'all' Make target or "Build Solution" in VisualStudio). The projects and Make targets will still be generated and shown in supporting IDEs. Fixes https://github.com/curl/curl/issues/981 Reported-by: Randy Armstrong Closes https://github.com/curl/curl/pull/990
2016-09-10CMake: Try to (un-)hide private library symbolsJakub Zakrzewski
Detect support for compiler symbol visibility flags and apply those according to CURL_HIDDEN_SYMBOLS option. It should work true to the autotools build except it tries to unhide symbols on Windows when requested and prints warning if it fails. Ref: https://github.com/curl/curl/issues/981#issuecomment-242665951 Reported-by: Daniel Stenberg
2016-09-09openssl: fix bad memory free (regression)Daniel Stenberg
... by partially reverting f975f06033b1. The allocation could be made by OpenSSL so the free must be made with OPENSSL_free() to avoid problems. Reported-by: Harold Stuart Fixes #1005
2016-09-09http2: support > 64bit sized uploadsDaniel Stenberg
... by making sure we don't count down the "upload left" counter when the uploaded size is unknown and then it can be allowed to continue forever. Fixes #996
2016-09-07errors: new alias CURLE_WEIRD_SERVER_REPLY (8)Jay Satiro
Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as more of a generic "failed to parse" introduce an alias without FTP in the name. Closes https://github.com/curl/curl/pull/975
2016-09-07bump: toward 7.51.0Daniel Stenberg
2016-09-07HISTORY: remove ascii logo to render nicer on webDaniel Stenberg
2016-09-07curl: whitelist use of strtok() in non-threaded contextDaniel Stenberg
2016-09-07checksrc: detect strtok() useDaniel Stenberg
... as that function slipped through once before.
2016-09-07mk-ca-bundle.pl: use SHA256 instead of SHA1Viktor Szakats
This hash is used to verify the original downloaded certificate bundle and also included in the generated bundle's comment header. Also rename related internal symbols to algorithm-agnostic names.
2016-09-07RELEASE-NOTES: curl 7.50.2 releaseDaniel Stenberg
2016-09-07THANKS: updated for 7.50.2Daniel Stenberg
2016-09-06openssl: fix CURLINFO_SSL_VERIFYRESULTGaurav Malhotra
CURLINFO_SSL_VERIFYRESULT does not get the certificate verification result when SSL_connect fails because of a certificate verification error. This fix saves the result of SSL_get_verify_result so that it is returned by CURLINFO_SSL_VERIFYRESULT. Closes https://github.com/curl/curl/pull/995
2016-09-06darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993)Daniel Gustafsson
While noErr and errSecSuccess are defined as the same value, the API documentation states that SecPKCS12Import() returns errSecSuccess if there were no errors in importing. Ensure that a future change of the defined value doesn't break (however unlikely) and be consistent with the API docs.
2016-09-06docs: Fix link to CONTRIBUTE in Github contribution guidelines (#994)Daniel Gustafsson
2016-09-05openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000LMarcel Raad
With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is now called OpenSSL_version_num(). [1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html [2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html Closes #992
2016-09-05RELEASE-NOTES: synced with 3d4c0c8b9bc1dDaniel Stenberg
2016-09-05http2: return EOF when done uploading without known sizeDaniel Stenberg
Fixes #982
2016-09-05http2: skip the content-length parsing, detect unknown sizeDaniel Stenberg
2016-09-05http2: minor white space editDaniel Stenberg
2016-09-05http2: use named define instead of magic constant in read callbackDaniel Stenberg
2016-09-05configure: make the cpp -P detection not clobber CPPFLAGSCraig Davison
CPPPFLAGS is now CPPPFLAG. Fixes CURL_CHECK_DEF. Fixes #958
2016-09-04speed caps: not based on average speeds anymoreOlivier Brunel
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE & CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits with the cumulative average speed of the entire transfer; While this might work at times with good/constant connections, in other cases it can result to the limits simply being "ignored" for more than "short bursts" (as told in man page). Consider a download that goes on much slower than the limit for some time (because bandwidth is used elsewhere, server is slow, whatever the reason), then once things get better, curl would simply ignore the limit up until the average speed (since the beginning of the transfer) reached the limit. This could prove the limit useless to effectively avoid using the entire bandwidth (at least for quite some time). So instead, we now use a "moving starting point" as reference, and every time at least as much as the limit as been transferred, we can reset this starting point to the current position. This gets a good limiting effect that applies to the "current speed" with instant reactivity (in case of sudden speed burst). Closes #971
2016-09-03HISTORY.md: the multi socket was put in the wrong year!Daniel Stenberg
2016-09-03tool_helpers.c: fix comment typo (#989)Mark Hamilton
2016-09-03libtest/test.h: fix typo (#988)Mark Hamilton
2016-09-01CURLMOPT_PIPELINING.3: languageDaniel Stenberg
2016-09-01CURLMOPT_PIPELINING.3: extended and clarifiedDaniel Stenberg
Especially in regards to the multiplexing part.
2016-08-31curl_sspi.c: Updated function description commentsSteve Holme
* Added description to Curl_sspi_free_identity() * Added parameter and return explanations to Curl_sspi_global_init() * Added parameter explaination to Curl_sspi_global_cleanup()
2016-08-31README: Corrected the supported Visual Studio versionsSteve Holme
Missed from commit 8356022d17.
2016-08-31KNOWN_BUGS: Move the Visual Studio project shortcomings from local READMESteve Holme
2016-08-31KNOWN_BUGS: Expand 6.4 to include Kerberos V5Steve Holme
...and discuss a possible solution.
2016-08-30connect: fix #ifdefs for debug versions of conn/streamclose() macrosDaniel Stenberg
CURLDEBUG is for the memory debugging DEBUGBUILD is for the extra debug stuff Pointed-out-by: Steve Holme
2016-08-29KNOWN_BUGS: mention some cmake "support gaps"Daniel Stenberg
2016-08-28darwinssl: add documentation stating that the --cainfo option is intended ↵Nick Zitzmann
for backward compatibility only In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead.
2016-08-28http2: return CURLE_HTTP2_STREAM for unexpected stream closeDaniel Stenberg
Follow-up to c3e906e9cd0f, seems like a more appropriate error code Suggested-by: Jay Satiro
2016-08-28http2: handle closed streams when uploadingTatsuhiro Tsujikawa
Fixes #986
2016-08-28http2: make sure stream errors don't needlessly close the connectionDaniel Stenberg
With HTTP/2 each transfer is made in an indivial logical stream over the connection, making most previous errors that caused the connection to get forced-closed now instead just kill the stream and not the connection. Fixes #941
2016-08-27Curl_verify_windows_version: minor edit to avoid compiler warningsDaniel Stenberg
... instead of if() before the switch(), add a default to the switch so that the compilers don't warn on "warning: enumeration value 'PLATFORM_DONT_CARE' not handled in switch" anymore.
2016-08-27RELEASE-NOTES: Added missing fix from commit 15592143fSteve Holme