aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-04-13imap: Added support for ;auth=<mech> in the URLSteve Holme
Added support for specifying the preferred authentication mechanism in the URL as per RFC-5092.
2013-04-13sasl: Reworked SASL mechanism constantsSteve Holme
... to use left-shifted values, like those defined in curl.h, rather than 16-bit hexadecimal values.
2013-04-13sasl: Added predefined preferred mechanism valuesSteve Holme
In preparation for the upcoming changes to IMAP, POP3 and SMTP added preferred mechanism values.
2013-04-13url: Added support for parsing login options from the URLSteve Holme
As well as parsing the username and password from the URL, added support for parsing the optional options part from the login details, to allow the following supported URL format: schema://username:password;options@example.com/path?q=foobar This will only be used by IMAP, POP3 and SMTP at present but any protocol that may be given login options in the URL will be able to add support for them.
2013-04-13smtp: Fix compiler warningSteve Holme
warning: unused variable 'smtp' introduced in commit 73cbd21b5ee6.
2013-04-12smtp: Moved parsing of url path into separate functionSteve Holme
2013-04-12FTP: handle a 230 welcome responseDaniel Stenberg
...instead of the 220 we otherwise expect. Made the ftpserver.pl support sending a custom "welcome" and then created test 1219 to verify this fix with such a 230 welcome. Bug: http://curl.haxx.se/mail/lib-2013-02/0102.html Reported by: Anders Havn
2013-04-12configure: try pthread_create without -lpthreadDaniel Stenberg
For libc variants without a spearate pthread lib (like bionic), try using pthreads without the pthreads lib first and only if that fails try the -lpthread linker flag. Bug: http://curl.haxx.se/bug/view.cgi?id=1216 Reported by: Duncan
2013-04-12FTP: access files in root dir correctlyDaniel Stenberg
Accessing a file with an absolute path in the root dir but with no directory specified was not handled correctly. This fix comes with four new test cases that verify it. Bug: http://curl.haxx.se/mail/lib-2013-04/0142.html Reported by: Sam Deane
2013-04-12pop3: Reworked the function description for Curl_pop3_write()Steve Holme
2013-04-12pop3: Added function description to pop3_parse_custom_request()Steve Holme
2013-04-12pop3: Moved utility functions to end of pop3.cSteve Holme
2013-04-12darwinssl: add TLS session resumptionNick Zitzmann
This ought to speed up additional TLS handshakes, at least in theory.
2013-04-12imap: Added function description to imap_parse_custom_request()Steve Holme
2013-04-12imap: Moved utility functions to end of imap.c (Part 3/3)Steve Holme
Moved imap_is_bchar() be with the other utility based functions.
2013-04-12imap: Moved utility functions to end of imap.c (Part 2/3)Steve Holme
Moved imap_parse_url_path() and imap_parse_custom_request() to the end of the file allowing all utility functions to be grouped together.
2013-04-12imap: Moved utility functions to end of imap.c (Part 1/3)Steve Holme
Moved imap_atom() and imap_sendf() to the end of the file allowing all utility functions to be grouped together.
2013-04-12imap: Corrected function description for imap_connect()Steve Holme
2013-04-12tests: prevent test206, test1060, and test1061 from failingKamil Dudka
... in case runtests.pl is invoked with non-default -b option Fixes a regression caused by 1e29d275c643ef6aab7948f0f55a7a9397e56b42.
2013-04-12libcurl-share.3: update what it does and does not share.David Strauss
Update sharing interface documentation to provide exhaustive list of what it does and does not share.
2013-04-12THANKS: remove duplicated namesDaniel Stenberg
2013-04-12bump: start working towards next releaseDaniel Stenberg
2013-04-12THANKS: added people from the 7.30.0 RELEASE-NOTESDaniel Stenberg
2013-04-12RELEASE-NOTES: cleaned up for 7.30 (synced with 5c5e1a1cd20)Daniel Stenberg
Most notable the security advisory: http://curl.haxx.se/docs/adv_20130412.html
2013-04-11test1218: another cookie tailmatch testDaniel Stenberg
... and make 1216 also verify it with a file input These tests verify commit 3604fde3d3c9b0d, the fix for the "cookie domain tailmatch" vulnerability. See http://curl.haxx.se/docs/adv_20130412.html
2013-04-11cookie: fix tailmatching to prevent cross-domain leakageYAMADA Yasuharu
Cookies set for 'example.com' could accidentaly also be sent by libcurl to the 'bexample.com' (ie with a prefix to the first domain name). This is a security vulnerabilty, CVE-2013-1944. Bug: http://curl.haxx.se/docs/adv_20130412.html
2013-04-11Enabled MinGW sync resolver builds.Guenter Knauf
2013-04-10if2ip.c: fix compiler warningYang Tse
2013-04-10Fixed lost OpenSSL output with "-t" - followup.Guenter Knauf
The previously applied patch didnt work on Windows; we cant rely on shell commands like 'echo' since they act diffently on each platform and each shell. In order to keep this script platform-independent the code must only use pure Perl.
2013-04-09test1217: verify parsing 257 responses with "rubbish" before pathDaniel Stenberg
Test 1217 verifies commit e0fb2d86c9f78, and without that change this test fails.
2013-04-09FTP: handle "rubbish" in front of directory name in 257 responsesBill Middlecamp
When doing PWD, there's a 257 response which apparently some servers prefix with a comment before the path instead of after it as is otherwise the norm. Failing to parse this, several otherwise legitimate use cases break. Bug: http://curl.haxx.se/mail/lib-2013-04/0113.html
2013-04-09Fixed ares-enabled builds with static makefiles.Guenter Knauf
2013-04-09Fixed lost OpenSSL output with "-t".Guenter Knauf
The OpenSSL pipe wrote to the final CA bundle file, but the encoded PEM output wrote to a temporary file. Consequently, the OpenSSL output was lost when the temp file was renamed to the final file at script finish (overwriting the final file written earlier by openssl). Patch posted to the list by Richard Michael (rmichael edgeofthenet org).
2013-04-09test1216: test tailmatching cookie domainsDaniel Stenberg
This test is an attempt to repeat the problem YAMADA Yasuharu reported at http://curl.haxx.se/mail/lib-2013-04/0108.html
2013-04-09RELEASe-NOTES: synced with 29fdb2700f797Daniel Stenberg
added "tcpkeepalive on Mac OS X"
2013-04-08darwinssl: disable insecure ciphers by defaultNick Zitzmann
I noticed that aria2's SecureTransport code disables insecure ciphers such as NULL, anonymous, IDEA, and weak-key ciphers used by SSLv3 and later. That's a good idea, and now we do the same thing in order to prevent curl from accessing a "secure" site that only negotiates insecure ciphersuites.
2013-04-08tcpkeepalive: Support CURLOPT_TCP_KEEPIDLE on OSXRobert Wruck
MacOS X doesn't have TCP_KEEPIDLE/TCP_KEEPINTVL but only a single TCP_KEEPALIVE (see http://developer.apple.com/library/mac/#DOCUMENTATION/Darwin/Reference/ManPages/man4/tcp.4.html). Here is a patch for CURLOPT_TCP_KEEPIDLE on OSX platforms.
2013-04-08configure: remove CURL_CHECK_FUNC_RECVFROMDaniel Stenberg
1 - We don't use the results from the test and we never did. recvfrom() is only used by the TFTP code and it has not caused any problems. 2 - the CURL_CHECK_FUNC_RECVFROM function is extremely slow
2013-04-08RELEASE-NOTES: Corrected duplicate NTLM memory leaksSteve Holme
2013-04-08RELEASE-NOTES: Removed trailing full stopSteve Holme
2013-04-08proxy: make ConnectionExists() check credential of proxyconnections tooFabian Keil
Previously it only compared credentials if the requested needle connection wasn't using a proxy. This caused NTLM authentication failures when using proxies as the authentication code wasn't send on the connection where the challenge arrived. Added test 1215 to verify: NTLM server authentication through a proxy (This is a modified copy of test 67)
2013-04-08RELEASE-NOTES: sync with 704a5dfca9Daniel Stenberg
2013-04-08TODO-RELEASE: cleaned up, not really maintained latelyDaniel Stenberg
2013-04-07if2ip.c: Fixed another warning: unused parameter 'remote_scope'Marc Hoersken
2013-04-07cookie.c: Made cookie sort function more deterministicMarc Hoersken
Since qsort implementations vary with regards to handling the order of similiar elements, this change makes the internal sort function more deterministic by comparing path length first, then domain length and finally the cookie name. Spotted with testcase 62 on Windows.
2013-04-07curl_schannel.c: Follow up on memory leak fix ae4558dMarc Hoersken
2013-04-07Revert "getpart.pm: Strip carriage returns to fix Windows support"Marc Hoersken
This reverts commit e51b23c925a2721cf7c29b2b376d3d8903cfb067. As discussed on the mailinglist, this was not the correct approach.
2013-04-07http_negotiate.c: Fixed passing argument from incompatible pointer typeMarc Hoersken
2013-04-06ftp.c: Added missing brackets around ABOR command logicMarc Hoersken
2013-04-06sockfilt.c: Fixed detection of client-side connection closeMarc Hoersken
WINSOCK only: Since FD_CLOSE is only signaled once, it may trigger at the same time as FD_READ. Data actually being available makes it impossible to detect that the connection was closed by checking that recv returns zero. Another recv attempt could block the connection if it was not closed. This workaround abuses exceptfds in conjunction with readfds to signal that the connection has actually closed.