Age | Commit message (Collapse) | Author |
|
- for "--netrc", don't ignore the login/password specified with "--user",
only ignore the login/password in the URL.
This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set
Fixes #3213
Closes #3224
|
|
|
|
Fixes #3211
Fixes #3175
Closes #3212
|
|
Closes #3199
|
|
The previous coding used a format string whose output depended on the
current locale of the environment running the test. Since the gist of
the test is to have a format string, with the actual formatting being
less important, switch to a more stable formatstring with decimals.
Reported-by: Marcel Raad
Closes #3234
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2.
This commit caused test failures on appveyor/windows. Work on fixing them is
in #3235.
|
|
...and fix symbol-scan.pl to also scan urlapi.h
Reported-by: Alexey Melnichuk
Fixes #3226
Closes #3230
|
|
The internal buffer in infof() is limited to 2048 bytes of payload plus
an additional byte for NULL termination. Servers with very long error
messages can however cause truncation of the string, which currently
isn't very clear, and leads to badly formatted output.
This appends a "...\n" (or just "..." in case the format didn't with a
newline char) marker to the end of the string to clearly show
that it has been truncated.
Also include a unittest covering infof() to try and catch any bugs
introduced in this quite important function.
Closes #3216
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
|
|
The function identifying a leading "scheme" part of the URL considered a few
letters ending with a colon to be a scheme, making something like "short:80"
to become an unknown scheme instead of a short host name and a port number.
Extended test 1560 to verify.
Reported-by: Hagai Auro
Fixes #3220
Closes #3223
|
|
Regression from 46e164069d1a52. Extended test 1560 to verify.
Reported-by: tpaukrt on github
Fixes #3218
Closes #3219
|
|
on Linux. To make sure the test suite runs with its newly build tool and
doesn't require an external one present.
Bug: #3198
Closes #3200
|
|
The overflow has no real world impact.
Just avoid it for "best practice".
Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
Closes #3184
|
|
When not actually following the redirect and the target URL is only
stored for later retrieval, curl always accepted "non-supported"
schemes. This was a regression from 46e164069d1a5230.
Reported-by: Brad King
Fixes #3210
Closes #3215
|
|
Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to
fix the typo in the name, but missed to update the OpenVMS package
files which still looked for the old name.
Closes #3217
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
To make it easier to understand other people's and remote builds etc.
Closes #3207
|
|
|
|
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.
Use a better supported TLS library!
Assisted-by: Daniel Gustafsson
Closes #3194
|
|
Closes #3197
|
|
... using clang
Closes #3190
|
|
Curl_verify_certificate() must use the Curl_ prefix since it is globally
available in the lib and otherwise steps outside of our namespace!
Closes #3201
|
|
It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135.
Closes #3204
|
|
... revert the mistaken change brought in commit 8440616f53.
Reported-by: Alessandro Ghedini
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
Closes #3198
|
|
|
|
|
|
MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.
Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Closes #3191
|
|
|
|
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html
|
|
Closes #3123
|
|
|
|
|
|
Detected by UndefinedBehaviorSanitizer
Closes #3187
|
|
Closes #3182
|
|
Closes #3186
|
|
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html
|
|
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
|
|
system.h selects the proper Sun settings when __SUNPRO_C is defined. The
Sun compiler does not define it when compiling C++ files. I'm adding a
check also on __SUNPRO_CC to allow curl to work properly also when used
in a C++ project on Sun Solaris.
Closes #3181
|
|
|
|
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
|
|
|
|
Available in the root, src and lib dirs.
Closes #3163
|
|
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
|
|
Use an unsigned variable: as the signed operation behavior is undefined,
this change silents clang-tidy about it.
Ref: https://github.com/curl/curl/pull/3163
Reported-By: Daniel Stenberg
|
|
If Curl_protocol_connect() returns an error code,
handle the error instead of switching to the next state.
Closes #3170
|
|
|
|
When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".
Reported-by: Ricky-Tigg on github
Fixes #3178
Closes #3180
|
|
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by: Ricky-Tigg on github
Bug: #3178
|
|
This is required for gnutls-serv, which enables a few more tests.
Closes https://github.com/curl/curl/pull/2958
|
|
Ensure to clear the session object in case the libssh2 initialization
fails.
It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.
Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|