Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-05-30 | URL parser: allow URLs to use one, two or three slashes | Daniel Stenberg | |
Mostly in order to support broken web sites that redirect to broken URLs that are accepted by browsers. Browsers are typically even more leniant than this as the WHATWG URL spec they should allow an _infinite_ amount. I tested 8000 slashes with Firefox and it just worked. Added test case 1141, 1142 and 1143 to verify the new parser. Closes #791 | |||
2016-05-30 | cmake: Added missing mbedTLS support | Renaud Lehoux | |
Closes #837 | |||
2016-05-30 | mbedtls: removed unused variables | Renaud Lehoux | |
Closes #838 | |||
2016-05-30 | http: add CURLINFO_HTTP_VERSION and %{http_version} | Frank Gevaerts | |
Adds access to the effectively used http version to both libcurl and curl. Closes #799 | |||
2016-05-30 | bump: start the journey toward 7.50.0 | Daniel Stenberg | |
2016-05-30 | openssl: fix build with OPENSSL_NO_COMP | Marcel Raad | |
With OPENSSL_NO_COMP defined, there is no function SSL_COMP_free_compression_methods Closes #836 | |||
2016-05-30 | memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC | Gisle Vanem | |
Fixes #828 | |||
2016-05-30 | README.md: polish | Jonathan | |
Closes #834 | |||
2016-05-30 | RELEASE-NOTES: fix vuln link | Daniel Stenberg | |
2016-05-30 | RELEASE-NOTES: 7.49.1 | Daniel Stenberg | |
2016-05-30 | loadlibrary: Only load system DLLs from the system directory | Steve Holme | |
Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802 | |||
2016-05-30 | ssh: fix version number check typo | Daniel Stenberg | |
2016-05-29 | curl_share_setopt.3: Add min ver needed for ssl session lock | Jay Satiro | |
Bug: https://github.com/curl/curl/issues/826 Reported-by: Michael Wallner | |||
2016-05-29 | ssh: fix build for libssh2 before 1.2.6 | Daniel Stenberg | |
The statvfs functionality was added to libssh2 in that version, so we switch off that functionality when built with older libraries. Fixes #831 | |||
2016-05-24 | mbedtls: fix includes so snprintf() works | Daniel Stenberg | |
Regression from the previous *printf() rearrangements, this file missed to include the correct header to make sure snprintf() works universally. Reported-by: Moti Avrahami Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html | |||
2016-05-23 | checksrc.pl: Added variants of strcat() & strncat() to banned function list | Steve Holme | |
Added support for checking the tchar, unicode and mbcs variants of strcat() and strncat() in the banned function list. | |||
2016-05-23 | smtp: minor ident (white space) fixes | Daniel Stenberg | |
2016-05-23 | THANKS: updated after script fixes | Daniel Stenberg | |
Now giving credit properly to github user names, fixed some UTF-8 issues and added names discovered when contrithanks was improved. | |||
2016-05-23 | THANKS-filter: more name cleanups | Daniel Stenberg | |
2016-05-23 | contrithanks.sh: exclude existing names case insensitively | Daniel Stenberg | |
2016-05-23 | contrithanks.sh: use same grep pattern and -a flag as contributors.sh | Daniel Stenberg | |
2016-05-23 | contributors.sh: better grep pattern, use grep -a | Daniel Stenberg | |
2016-05-23 | THANKS-filter: fix more names | Daniel Stenberg | |
2016-05-23 | contrithanks.sh: do the same github fix as contributors.sh | Daniel Stenberg | |
from 1577bfa35ba | |||
2016-05-23 | contributors: Show GitHub username if real name unknown | Jay Satiro | |
Prior to this change if a GitHub contributor's real name was unknown they would be omitted from the list. Bug: https://github.com/curl/curl/issues/824 | |||
2016-05-21 | RELEASE-NOTES: synced with 3caaeffbe8ded4 | Daniel Stenberg | |
2016-05-20 | openssl: cleanup must free compression methods | Jay Satiro | |
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak. Bug: https://github.com/curl/curl/issues/817 Reported-by: jveazey@users.noreply.github.com | |||
2016-05-20 | curl_multibyte: fix compiler error | Gisle Vanem | |
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was getting: f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '(' to follow 'CURL_EXTERN' f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085: 'curl_domalloc': not in formal parameter list | |||
2016-05-20 | THANKS-filter: make Jan-E get proper credit | Daniel Stenberg | |
2016-05-20 | winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity | Jan-E | |
Closes #818 | |||
2016-05-20 | libcurl.m4: Avoid obsolete warning | Alexander Traud | |
Closes #821 | |||
2016-05-20 | CURLOPT_CONNECT_TO.3: user must not free the list prematurely | Michael Kaufmann | |
The connect-to list isn't copied so as long as the handle may be used for a transfer the list must be valid. Bug: https://github.com/curl/curl/pull/819 Reported-by: Michael Kaufmann | |||
2016-05-19 | RELEASE-NOTES: synced with 48114a8634242c | Daniel Stenberg | |
2016-05-19 | openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 | Daniel Stenberg | |
See OpenSSL commit 21e001747d4a | |||
2016-05-19 | http2: use HTTP/2 in the HTTP/1.1-alike header | Daniel Stenberg | |
... when generating them, not "2.0" as the protocol is called just HTTP/2 and nothing else. | |||
2016-05-19 | dist: include curl_multi_socket_all.3 | Jay Satiro | |
Closes https://github.com/curl/curl/pull/816 | |||
2016-05-18 | bump: Start work on 7.49.1 | Steve Holme | |
2016-05-18 | curlbuild.h.dist: check __LP64__ as well to fix MIPS build | Daniel Stenberg | |
The preprocessor check that sets up the 32bit defines for non-configure builds didn't work properly for MIPS systems as __mips__ is defined for both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit. Reported-by: Tomas Jakobsson Fixes #813 | |||
2016-05-18 | schannel: fix compile break with MSVC XP toolset | Marcel Raad | |
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK 7.1 is used. In this case, _USING_V110_SDK71_ is defined. Closes #812 | |||
2016-05-18 | dist: include CHECKSRC.md | Daniel Stenberg | |
Reported-by: Paul Howarth Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html | |||
2016-05-18 | test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist | Daniel Stenberg | |
Reported-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html | |||
2016-05-17 | THANKS: 24 new names from 7.49.0 release notes | Daniel Stenberg | |
2016-05-17 | RELEASE-NOTES: 7.49.0 | Daniel Stenberg | |
2016-05-17 | mbedtls/polarssl: set "hostname" unconditionally | Daniel Stenberg | |
...as otherwise the TLS libs will skip the CN/SAN check and just allow connection to any server. curl previously skipped this function when SNI wasn't used or when connecting to an IP address specified host. CVE-2016-3739 Bug: https://curl.haxx.se/docs/adv_20160518A.html Reported-by: Moti Avrahami | |||
2016-05-17 | CURLOPT_RESOLVE.3: fix typo | Frank Gevaerts | |
Closes #811 | |||
2016-05-17 | docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE | Daniel Stenberg | |
2016-05-17 | KNOWN_BUGS: GnuTLS backend skips really long certificate fields | Daniel Stenberg | |
Closes #762 | |||
2016-05-17 | CURLOPT_HTTPPOST.3: the data needs to be around while in use | Daniel Stenberg | |
2016-05-17 | openssl: get_cert_chain: fix NULL dereference | Daniel Stenberg | |
CID 1361815: Explicit null dereferenced (FORWARD_NULL) | |||
2016-05-17 | openssl: get_cert_chain: avoid NULL dereference | Daniel Stenberg | |
CID 1361811: Explicit null dereferenced (FORWARD_NULL) |