aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-11-06RELEASE-NOTES: synced with 68542e72a9Daniel Stenberg
2014-11-06curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEYDaniel Stenberg
Reported-by: Christian Hägele Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
2014-11-05build: Fixed Visual Studio project file generation of strdup.[c|h]Steve Holme
As the curl command-line tool now includes it's own version of strdup(), for platforms that don't have it, fixed up the git respository Visual Studio project file generator to not include the version from lib in the tool project files, rather than having both lib\strdup.[c|h] and src\tool_strdup.[c|h] present.
2014-11-05tool_strdup.c: include the tool strdup.hDaniel Stenberg
... not the lib/ one that the tool no longer uses!
2014-11-05THANKS-filter: added another Michał Górny version we've usedDaniel Stenberg
2014-11-05contributors.sh: split lists using " and "Daniel Stenberg
... and require the space after the filtering to make the filter able to remove names.
2014-11-05http_digest: Fixed memory leaks from commit 6f8d8131b1Steve Holme
2014-11-05sasl: Fixed compilation warning from commit 25264131e2Steve Holme
Added forward declaration of digestdata to overcome the following compilation warning: warning: 'struct digestdata' declared inside parameter list Additionally made the ntlmdata forward declaration dependent on USE_NTLM similar to how digestdata and kerberosdata are.
2014-11-05sasl: Fixed HTTP digest challenges with spaces between auth parametersSteve Holme
Broken as part of the rework, in commit 7e6d51a73c, to assist with the addition of HTTP digest via Windows SSPI.
2014-11-05http_digest: Fixed compilation errors from commit 6f8d8131b1Steve Holme
error: invalid operands to binary warning: pointer targets in assignment differ in signedness
2014-11-05http_digest: Moved response generation into SASL moduleSteve Holme
2014-11-05http_digest: Moved challenge decoding into SASL moduleSteve Holme
2014-11-05http_digest: Moved clean-up function into SASL moduleSteve Holme
2014-11-05http_digest: Moved algorithm definitions to SASL moduleSteve Holme
2014-11-05ssh: Fixed build on platforms where R_OK is not definedGisle Vanem
Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html Reported-by: Jan Ehrhardt
2014-11-05strdup: Removed irrelevant commentSteve Holme
...as Curl_memdup() duplicates an area of fix size memory, that may be binary, and not a null terminated string.
2014-11-05url.c: Fixed compilation warningSteve Holme
conversion from 'curl_off_t' to 'size_t', possible loss of data
2014-11-05http_digest: Use CURLcode instead of CURLdigestSteve Holme
To provide consistent behaviour between the various HTTP authentication functions use CURLcode based error codes for Curl_input_digest() especially as the calling code doesn't use the specific error code just that it failed.
2014-11-05contributors.sh: filter common alternative name spellingsDaniel Stenberg
docs/THANKS-filter is a new filter file for converting contributor names we get or have recorded in alternative formats to the one we already use in THANKS. To help us show individual contributors using a single presentation of their names.
2014-11-05THANKS: added missing contributor from 2012Daniel Stenberg
2014-11-05Remove duplicate names.Frank Gevaerts
The removed names also appear as: Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su, S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
2014-11-05sspi: Define authentication package name constantsSteve Holme
These were previously hard coded, and whilst defined in security.h, they may or may not be present in old header files given that these defines were never used in the original code. Not only that, but there appears to be some ambiguity between the ANSI and UNICODE NTLM definition name in security.h.
2014-11-05Adjust OS400-specific support to last releasePatrick Monnerat
2014-11-05THANKS: added two missing names and removed a duplicateDaniel Stenberg
./contributors.sh found these extra ones that somehow had fallen through the cracks and never gotten added here. Reported-by: Frank Gevaerts
2014-11-05bump: towards next releaseDaniel Stenberg
2014-11-05THANKS: added names from 7.39.0 release notesDaniel Stenberg
2014-11-05RELEASE-NOTES: 7.39.0 release (commit b3875606925)Daniel Stenberg
2014-11-05curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of boundsDaniel Stenberg
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis
2014-11-05lib544.c: use duphandle for test 545Daniel Stenberg
To verify that curl_easy_duphandle() works fine on a handle that has gotten data stored with *_COPYPOSTFIELDS.
2014-11-04tests: add new feature 'SSLpinning'Daniel Stenberg
... and make test 2034 and 2035 require it, and have it set when built with OpenSSL or GnuTLS.
2014-11-04buildconf: update copyright yearDaniel Stenberg
2014-11-04INSTALL: Consistent spacing in section headings, paragraphs and examplesSteve Holme
2014-11-04buildconf: stop checking for libtoolDaniel Stenberg
As we only use libtoolize, only check for that!
2014-11-04INSTALL: Corrected MIT Kerberos and Heimdal package namesSteve Holme
2014-11-04README: Corrected inconsistent use of --helpSteve Holme
2014-11-04INSTALL: Use GSS-API rather than GSSAPISteve Holme
As implementations are refereed to GSS-API libraries as per the RFC and GSSAPI typically refers to the SASL authentication mechanism. ...and minor rewording on the same paragraph.
2014-11-04README: Added note about using Visual Studio projects out of git repositorySteve Holme
2014-11-04cmake: fix ZLIB_INCLUDE_DIRS useK. R. Walker
CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB Bug: https://github.com/bagder/curl/pull/123
2014-11-04SSL: PolarSSL default min SSL version TLS 1.0Jay Satiro
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure.
2014-11-04opts-Makefile: put more man pages into dist and make hmtl+pdfDaniel Stenberg
2014-11-04curl_multi_setopt.3: refer to stand-alone pagesDaniel Stenberg
... instead of duplicating info.
2014-11-04opts: more multi options as stand-alone man pagesDaniel Stenberg
2014-11-04Makefile.am: two cmake files are goneDaniel Stenberg
8cb010144 removed the CurlCheckCSourceCompiles.cmake and CurlCheckCSourceRuns.cmake files
2014-11-03opts: made stand-alone man-pages for several multi optionsDaniel Stenberg
2014-11-03Curl_single_getsock: fix hold/pause sock handlingCarlo Wood
The previous condition that checked if the socket was marked as readable when also adding a writable one, was incorrect and didn't take the pause bits properly into account.
2014-11-03cmake: fix struct sockaddr_storage checkPeter Wu
CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem to affect the tests, so remove it too[2]. For the non-windows case, remove inet headers as POSIX only requires sys/socket.h. [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-03cmake: clean OtherTests, fixing -WerrorPeter Wu
There were several -Wunused warnings and one duplicate macro definition. The EXTRA_DEFINES variable of the CurlCheckCSources macro was being abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to insert extra C code. Avoid this broken abstraction and use cmake's check_c_source_compiles directly (works fine with CMake 2.8, maybe even cmake 2.6). After cleaning up all related variables (EXTRA_DEFINES, HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate add_headers_include macro and remove duplicate header additions before the struct timeval check. Oh, and now the code is converted to use CheckCSourceRuns and CheckCSourceCompiles, the two curl-specific helpers can be removed. Unfortunately, the cmake output is now slightly more verbose. Before: Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed Since check_c_source_compiles prints the varname, now you see: Performing Test curl_cv_func_send_test Performing Test curl_cv_func_send_test - Failed Tested: int send(int, const void *, size_t, int) Compared cmake output with each other using vimdiff, no functional differences were found. Tested with GCC 4.9.1 and Clang 3.5.0. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-03cmake: fix gethostby{addr,name}_r in CurlTestsPeter Wu
This patch cleans up the automatically-generated (?) code and fixes one case that will always fail due to syntax error. HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing character ("int length;q"). Several parameter type and unused variable warnings popped up. This causes a detection failure with -Werror. Observe that the REENTRANT cases are exactly the same as their non-REENTRANT cases except for a `_REENTRANT` macro definition. Merge all these pieces and build one big main function with different cases, but reusing variables where logical. For the cases where the parameters where NULL, I looked at lib/hostip4.c to get an idea of the parameters types. void-cast variables such as 'rc' to avoid -Wuninitialized errors. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-03cmake: drop _BSD_SOURCE macro usagePeter Wu
autotools does not use features.h nor _BSD_SOURCE. As this macro triggers warnings since glibc 2.20, remove it. It should not have functional differences. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-02RELEASE-NOTES: Synced with d71ea7c01eSteve Holme
Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change as GSSAPI can be confused with the authentication mechanism rather than a GSS-API implementation library such as MIT or Heimdal.