Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-09-13 | openssl: close_notify on the FTP data connection doesn't mean closure | Daniel Stenberg | |
For FTPS transfers, curl gets close_notify on the data connection without that being a signal to close the control connection! Regression since 3f5da4e59a556fc (7.65.0) Reported-by: Zenju on github Reviewed-by: Jay Satiro Fixes #4329 Closes #4340 | |||
2019-09-12 | docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag | Jimmy Gaussen | |
Closes #4338 | |||
2019-09-12 | RELEASE-NOTES: synced | Daniel Stenberg | |
2019-09-12 | curlver: bump to 7.66.1 | Daniel Stenberg | |
2019-09-12 | setopt: make it easier to add new enum values | Zenju | |
... by using the *_LAST define names better. Closes #4321 | |||
2019-09-12 | asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris | Daniel Stenberg | |
Reported-by: Dagobert Michelsen Fixes #4328 Closes #4333 | |||
2019-09-11 | winbuild/MakefileBuild.vc: Add vssh | Bernhard Walle | |
Without that modification, the Windows build using the makefiles doesn't work. Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu> Fixes #4322 Closes #4323 | |||
2019-09-11 | winbuild/MakefileBuild.vc: Fix line endings | Bernhard Walle | |
The file had mixed line endings. Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu> | |||
2019-09-11 | ldap: Stop using wide char version of ldapp_err2string | Jay Satiro | |
Despite ldapp_err2string being documented by MS as returning a PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and returns PWCHAR (wchar_t *). We have lots of code that expects ldap_err2string to return char *, most of it failf used like this: failf(data, "LDAP local: Some error: %s", ldap_err2string(rc)); Closes https://github.com/curl/curl/pull/4272 | |||
2019-09-10 | RELEASE-NOTES: curl 7.66.0 | Daniel Stenberg | |
2019-09-10 | THANKS: from the 7.66.0 release | Daniel Stenberg | |
2019-09-10 | curl: make sure the parallel transfers do them all | Daniel Stenberg | |
The logic could erroneously break the loop too early before all transfers had been transferred. Reported-by: Tom van der Woerdt Fixes #4316 Closes #4317 | |||
2019-09-10 | urlapi: one colon is enough for the strspn() input (typo) | Daniel Stenberg | |
2019-09-10 | urlapi: verify the IPv6 numerical address | Daniel Stenberg | |
It needs to parse correctly. Otherwise it could be tricked into letting through a-f using host names that libcurl would then resolve. Like '[ab.be]'. Reported-by: Thomas Vegas Closes #4315 | |||
2019-09-10 | openssl: use SSL_CTX_set_<min|max>_proto_version() when available | Clément Notin | |
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use when available. Existing code is preserved for older versions of OpenSSL. Closes #4304 | |||
2019-09-10 | openssl: indent, re-organize and add comments | Clément Notin | |
2019-09-10 | sspi: fix memory leaks | migueljcrum | |
Closes #4299 | |||
2019-09-10 | travis: disable ngtcp2 builds (again) | Daniel Stenberg | |
2019-09-09 | Curl_fillreadbuffer: avoid double-free trailer buf on error | Daniel Stenberg | |
Reviewed-by: Jay Satiro Reported-by: Thomas Vegas Closes #4307 | |||
2019-09-09 | tool_setopt: handle a libcurl build without netrc support | Daniel Stenberg | |
Reported-by: codesniffer13 on github Fixes #4302 Closes #4305 | |||
2019-09-09 | security:read_data fix bad realloc() | Daniel Stenberg | |
... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html | |||
2019-09-09 | tftp: Alloc maximum blksize, and use default unless OACK is received | Thomas Vegas | |
Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482 | |||
2019-09-09 | tftp: return error when packet is too small for options | Thomas Vegas | |
2019-09-05 | KNOWN_BUGS/TODO: cleanup and remove outdated issues | Daniel Stenberg | |
2019-09-04 | RELEASE-NOTES: synced | Daniel Stenberg | |
2019-09-03 | netrc: free 'home' on error | Daniel Stenberg | |
Follow-up to f9c7ba9096ec2 Coverity CID 1453474 Closes #4291 | |||
2019-09-03 | urldata: avoid 'generic', use dedicated pointers | Daniel Stenberg | |
For the 'proto' union within the connectdata struct. Closes #4290 | |||
2019-09-03 | cleanup: move functions out of url.c and make them static | Daniel Stenberg | |
Closes #4289 | |||
2019-09-03 | smtp: check for and bail out on too short EHLO response | Daniel Stenberg | |
Otherwise, a three byte response would make the smtp_state_ehlo_resp() function misbehave. Credit to OSS-Fuzz Bug: https://crbug.com/oss-fuzz/16918 Assisted-by: Max Dymond Closes #4287 | |||
2019-09-02 | smb: init *msg to NULL in smb_send_and_recv() | Daniel Stenberg | |
... it might otherwise return OK from this function leaving that pointer uninitialized. Bug: https://crbug.com/oss-fuzz/16907 Closes #4286 | |||
2019-09-02 | ROADMAP: updated after recent user poll | Daniel Stenberg | |
In rough prio order | |||
2019-08-31 | THANKS: remove duplicate | Daniel Stenberg | |
2019-08-31 | Curl_addr2string: take an addrlen argument too | Daniel Stenberg | |
This allows the function to figure out if a unix domain socket has a file name or not associated with it! When a socket is created with socketpair(), as done in the fuzzer testing, the path struct member is uninitialized and must not be accessed. Bug: https://crbug.com/oss-fuzz/16699 Closes #4283 | |||
2019-08-31 | CMake: remove needless newlines at end of gss variables | Rolf Eike Beer | |
2019-08-31 | CI: remove duplicate configure flag for LGTM.com | Rolf Eike Beer | |
2019-08-31 | CMake: use platform dependent name for dlopen() library | Rolf Eike Beer | |
Closes #4279 | |||
2019-08-30 | quiche: expire when poll returned data | Daniel Stenberg | |
... to make sure we continue draining the queue until empty Closes #4281 | |||
2019-08-30 | quiche: decrease available buffer size, don't assign it! | Daniel Stenberg | |
Found-by: Jeremy Lainé | |||
2019-08-29 | RELEASE-NOTES: synced | Daniel Stenberg | |
2019-08-29 | curl: fix include conditions | lufia | |
2019-08-29 | plan9: fix installation instructions | lufia | |
Closes #4276 | |||
2019-08-29 | ngtcp2: on h3 stream close, call expire | Daniel Stenberg | |
... to trigger a new read to detect the stream close! Closes #4275 | |||
2019-08-29 | ngtcp2: build latest ngtcp2 and ngtcp2_crypto_openssl | Tatsuhiro Tsujikawa | |
Closes #4278 | |||
2019-08-28 | ngtcp2: set flow control window to stream buffer size | Daniel Stenberg | |
Closes #4274 | |||
2019-08-28 | CURLOPT_HEADERFUNCTION.3: clarify | Christopher Head | |
Closes #4273 | |||
2019-08-28 | CURLINFO docs: mention that in redirects times are added | Daniel Stenberg | |
Suggested-by: Brandon Dong Fixes #4250 Closes #4269 | |||
2019-08-28 | travis: enable ngtcp2 builds again | Daniel Stenberg | |
Switched to the openssl-quic-draft-22 openssl branch. Closes #4271 | |||
2019-08-27 | HTTP3: switched openssl branch to use | Daniel Stenberg | |
2019-08-27 | ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl | Tatsuhiro Tsujikawa | |
Closes #4270 | |||
2019-08-26 | http2: when marked for closure and wanted to close == OK | Daniel Stenberg | |
It could otherwise return an error even when closed correctly if GOAWAY had been received previously. Reported-by: Tom van der Woerdt Fixes #4267 Closes #4268 |