Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-04-22 | THANKS-filter: a few more alterations to squash | Daniel Stenberg | |
2015-04-22 | contrithanks.sh: helper script for maintaining THANKS | Daniel Stenberg | |
2015-04-21 | http_done: close Negotiate connections when done | Daniel Stenberg | |
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris | |||
2015-04-21 | fix_hostname: zero length host name caused -1 index offset | Daniel Stenberg | |
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck | |||
2015-04-21 | cookie: cookie parser out of boundary memory access | Daniel Stenberg | |
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck | |||
2015-04-21 | ConnectionExists: for NTLM re-use, require credentials to match | Daniel Stenberg | |
CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia | |||
2015-04-21 | openssl: add OPENSSL_NO_SSL3_METHOD check | byronhe | |
2015-04-20 | CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc | Daniel Stenberg | |
Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon | |||
2015-04-20 | configure --with-nss: remove unneeded libs from the fallback | Mostyn Bramley-Moore | |
2015-04-20 | contributors.sh: fix help output, filter out (-prefix from names | Daniel Stenberg | |
2015-04-20 | RELEASE-NOTES: synced with cc0e7ebc3be0 | Daniel Stenberg | |
2015-04-19 | CURLMOPT_TIMERFUNCTION.3: Clarify, add an example | Michael Stapelberg | |
2015-04-19 | vtls/openssl: use https in URLs and a comment typo fixed | Viktor Szakáts | |
2015-04-18 | curl_version_info.3: fixed the 'protocols' variable type | Daniel Stenberg | |
Reported-by: John Marshall Bug: https://github.com/bagder/curl/issues/225 | |||
2015-04-18 | test1423: added missing "file" to server section | Dan Fandrich | |
2015-04-17 | TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods | Daniel Stenberg | |
... and some minor edits | |||
2015-04-17 | Revert "HTTP: don't abort connections with pending Negotiate authentication" | Daniel Stenberg | |
This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov | |||
2015-04-17 | cyassl: Fix include order | Jay Satiro | |
Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html | |||
2015-04-17 | configure --with-nss: drop redundant if statement | Kamil Dudka | |
2015-04-17 | configure --with-nss=PATH: query pkg-config if available | Kamil Dudka | |
Bug: https://github.com/bagder/curl/pull/171 | |||
2015-04-17 | parsecfg: do not continue past a zero termination | Daniel Stenberg | |
When a config file line ends without newline, the parsing function could continue reading beyond that point in memory. Reported-by: Hanno Böck | |||
2015-04-16 | gitignore: Ignore Windows build output directories | Jay Satiro | |
2015-04-15 | RELEASE-NOTES: synced with 1ba6e4c88e0 | Daniel Stenberg | |
2015-04-15 | TODO: 17.9 Choose the name of file in braces for complex URLs | Daniel Stenberg | |
2015-04-15 | TODO: a little caution that maybe not all ideas are still good | Daniel Stenberg | |
2015-04-15 | TODO: 17.8 offer color-coded HTTP header output | Daniel Stenberg | |
2015-04-15 | TODO: 17.7 warning when sending binary output to terminal | Daniel Stenberg | |
2015-04-15 | KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes | Daniel Stenberg | |
2015-04-14 | cyassl: Add support for TLS extension SNI | Jay Satiro | |
2015-04-13 | gitignore: ignore test-driver file | Matthew Hall | |
2015-04-13 | vtls_openssl: improve PKCS#12 load failure error message | Matthew Hall | |
2015-04-13 | vtls_openssl: fix minor typo in PKCS#12 load routine | Matthew Hall | |
2015-04-13 | vtls_openssl: improve client certificate load failure error messages | Matthew Hall | |
2015-04-13 | vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant | Matthew Hall | |
2015-04-13 | BUGS: refer to the github issue tracker now as primary | Daniel Stenberg | |
2015-04-13 | firefox-db2pem: fix wildcard to find Firefox default profile | Daniel Stenberg | |
At some point, Firefox has changed and generates different directory names for the default profile that made this script fail to find them. Bug: https://github.com/bagder/curl/issues/207 Reported-by: sneakyimp | |||
2015-04-11 | cyassl: Include the CyaSSL build config | Jay Satiro | |
CyaSSL >= 2.6.0 may have an options.h that was generated during its build by configure. | |||
2015-04-11 | build: Generate source prerequisites for Visual Studio in generate.bat | Jay Satiro | |
Prior to this change Visual Studio builds could fail due to missing prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. http://curl.haxx.se/mail/lib-2015-04/0034.html | |||
2015-04-09 | lib/makefile.m32: add missing libs to build libcurl.dll | Viktor Szakats | |
Add 'gdi32' and 'crypt32' Windows implibs to avoid failure while building libcurl.dll using the mingw compiler. The same logic is used in 'src/makefile.m32' when building curl.exe. | |||
2015-04-08 | test142[23]: verify that an empty file is stored on success | Kamil Dudka | |
2015-04-08 | src/tool_operate: create output file on successful download | Kamil Dudka | |
... of an empty file Bug: https://github.com/bagder/curl/issues/183 | |||
2015-04-08 | src/tool_cb_wrt: separate fnc for output file creation | Kamil Dudka | |
2015-04-07 | lib/transfer.c: Remove factor of 8 from sleep time calculation | Da-Yoon Chung | |
The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and rate_bps are both in bytes. When using the rate limiting option, curl waits 8 times too long, and then transfers very quickly until the average rate reaches the limit. The average rate follows the limit over time, but the actual traffic is bursty. Thanks-to: Benjamin Gilbert | |||
2015-04-06 | x509asn1: Silence x64 loss-of-data warning on RSA key length assignment | Jay Satiro | |
The key length in bits will always fit in an unsigned long so the loss-of-data warning assigning the result of x64 pointer arithmetic to an unsigned long is unnecessary. | |||
2015-04-06 | cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size | Jay Satiro | |
Also fix it so that all ERR_error_string calls use an error buffer. CyaSSL's implementation of ERR_error_string only writes the error when an error buffer is passed. http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html | |||
2015-04-05 | cyassl: Remove 'Connecting to' message from cyassl_connect_step2 | Jay Satiro | |
Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' messages since cyassl_connect_step2 is called multiple times, typically. The message is superfluous even once since libcurl already informs the user elsewhere in code that it is connecting. | |||
2015-04-05 | checksrc.bat: quotes to support an SRC_DIR with spaces | Viktor Szakats | |
2015-04-03 | hostip: fix compiler warnings | Daniel Stenberg | |
introduced in the previous mini-series of 3 commits | |||
2015-04-03 | actually implement CURLOPT_RESOLVE removals | Stefan Bühler | |
- also log when a CURLOPT_RESOLVE entry couldn't get parsed | |||
2015-04-03 | move Curl_share_lock and ref counting into Curl_fetch_addr | Stefan Bühler | |