aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-11-06http_digest: Reworked the SSPI based input token storageSteve Holme
Reworked the input token (challenge message) storage as what is passed to the buf and desc in the response generation are typically blobs of data rather than strings, so this is more in keeping with other areas of the SSPI code, such as the NTLM message functions.
2014-11-06sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9Steve Holme
Added void reference to unused 'data' parameter back to fix compilation warning.
2014-11-06sspi: Align definition values to even columns as we use 2 char spacingSteve Holme
2014-11-06sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLESteve Holme
Some versions of Microsoft's sspi.h don't define this.
2014-11-06sasl: Removed non-SSPI Digest functions and defines from SSPI based buildsSteve Holme
Introduced in commit 7e6d51a73c these functions and definitions are only required by the internal challenge-response functions now.
2014-11-06sasl_sspi: Added HTTP digest response generation codeSteve Holme
2014-11-06http_digest: Added SSPI based challenge decoding codeSteve Holme
2014-11-06http_digest: Added SSPI based clean-up codeSteve Holme
2014-11-06http_digest: Added SSPI based authentication functionsSteve Holme
This temporarily breaks HTTP digest authentication in SSPI based builds, causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will resume normal operation.
2014-11-06http_digest: Added required SSPI based variables to digest structureSteve Holme
2014-11-06contributors.sh: --releasenotes reads in names from RELEASE-NOTESFrank Gevaerts
This is very handy when updating the RELEASE-NOTES as then we sometimes have names added manually in the existing list and we use this script to update the set.
2014-11-06RELEASE-NOTES: synced with 68542e72a9Daniel Stenberg
2014-11-06curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEYDaniel Stenberg
Reported-by: Christian Hägele Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html
2014-11-05build: Fixed Visual Studio project file generation of strdup.[c|h]Steve Holme
As the curl command-line tool now includes it's own version of strdup(), for platforms that don't have it, fixed up the git respository Visual Studio project file generator to not include the version from lib in the tool project files, rather than having both lib\strdup.[c|h] and src\tool_strdup.[c|h] present.
2014-11-05tool_strdup.c: include the tool strdup.hDaniel Stenberg
... not the lib/ one that the tool no longer uses!
2014-11-05THANKS-filter: added another Michał Górny version we've usedDaniel Stenberg
2014-11-05contributors.sh: split lists using " and "Daniel Stenberg
... and require the space after the filtering to make the filter able to remove names.
2014-11-05http_digest: Fixed memory leaks from commit 6f8d8131b1Steve Holme
2014-11-05sasl: Fixed compilation warning from commit 25264131e2Steve Holme
Added forward declaration of digestdata to overcome the following compilation warning: warning: 'struct digestdata' declared inside parameter list Additionally made the ntlmdata forward declaration dependent on USE_NTLM similar to how digestdata and kerberosdata are.
2014-11-05sasl: Fixed HTTP digest challenges with spaces between auth parametersSteve Holme
Broken as part of the rework, in commit 7e6d51a73c, to assist with the addition of HTTP digest via Windows SSPI.
2014-11-05http_digest: Fixed compilation errors from commit 6f8d8131b1Steve Holme
error: invalid operands to binary warning: pointer targets in assignment differ in signedness
2014-11-05http_digest: Moved response generation into SASL moduleSteve Holme
2014-11-05http_digest: Moved challenge decoding into SASL moduleSteve Holme
2014-11-05http_digest: Moved clean-up function into SASL moduleSteve Holme
2014-11-05http_digest: Moved algorithm definitions to SASL moduleSteve Holme
2014-11-05ssh: Fixed build on platforms where R_OK is not definedGisle Vanem
Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html Reported-by: Jan Ehrhardt
2014-11-05strdup: Removed irrelevant commentSteve Holme
...as Curl_memdup() duplicates an area of fix size memory, that may be binary, and not a null terminated string.
2014-11-05url.c: Fixed compilation warningSteve Holme
conversion from 'curl_off_t' to 'size_t', possible loss of data
2014-11-05http_digest: Use CURLcode instead of CURLdigestSteve Holme
To provide consistent behaviour between the various HTTP authentication functions use CURLcode based error codes for Curl_input_digest() especially as the calling code doesn't use the specific error code just that it failed.
2014-11-05contributors.sh: filter common alternative name spellingsDaniel Stenberg
docs/THANKS-filter is a new filter file for converting contributor names we get or have recorded in alternative formats to the one we already use in THANKS. To help us show individual contributors using a single presentation of their names.
2014-11-05THANKS: added missing contributor from 2012Daniel Stenberg
2014-11-05Remove duplicate names.Frank Gevaerts
The removed names also appear as: Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su, S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder
2014-11-05sspi: Define authentication package name constantsSteve Holme
These were previously hard coded, and whilst defined in security.h, they may or may not be present in old header files given that these defines were never used in the original code. Not only that, but there appears to be some ambiguity between the ANSI and UNICODE NTLM definition name in security.h.
2014-11-05Adjust OS400-specific support to last releasePatrick Monnerat
2014-11-05THANKS: added two missing names and removed a duplicateDaniel Stenberg
./contributors.sh found these extra ones that somehow had fallen through the cracks and never gotten added here. Reported-by: Frank Gevaerts
2014-11-05bump: towards next releaseDaniel Stenberg
2014-11-05THANKS: added names from 7.39.0 release notesDaniel Stenberg
2014-11-05RELEASE-NOTES: 7.39.0 release (commit b3875606925)Daniel Stenberg
2014-11-05curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of boundsDaniel Stenberg
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis
2014-11-05lib544.c: use duphandle for test 545Daniel Stenberg
To verify that curl_easy_duphandle() works fine on a handle that has gotten data stored with *_COPYPOSTFIELDS.
2014-11-04tests: add new feature 'SSLpinning'Daniel Stenberg
... and make test 2034 and 2035 require it, and have it set when built with OpenSSL or GnuTLS.
2014-11-04buildconf: update copyright yearDaniel Stenberg
2014-11-04INSTALL: Consistent spacing in section headings, paragraphs and examplesSteve Holme
2014-11-04buildconf: stop checking for libtoolDaniel Stenberg
As we only use libtoolize, only check for that!
2014-11-04INSTALL: Corrected MIT Kerberos and Heimdal package namesSteve Holme
2014-11-04README: Corrected inconsistent use of --helpSteve Holme
2014-11-04INSTALL: Use GSS-API rather than GSSAPISteve Holme
As implementations are refereed to GSS-API libraries as per the RFC and GSSAPI typically refers to the SASL authentication mechanism. ...and minor rewording on the same paragraph.
2014-11-04README: Added note about using Visual Studio projects out of git repositorySteve Holme
2014-11-04cmake: fix ZLIB_INCLUDE_DIRS useK. R. Walker
CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB Bug: https://github.com/bagder/curl/pull/123
2014-11-04SSL: PolarSSL default min SSL version TLS 1.0Jay Satiro
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure.