| Age | Commit message (Collapse) | Author |
|---|
|
By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
as a POSIX file list and converts it to a Windows file list.
Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
Closes https://github.com/curl/curl/pull/2765
|
|
... and work toward 7.61.1
|
|
Closes #2727
Reviewed-by: Sergei Nikulov
|
|
... the "unbold" sequence doesn't work on the mac Terminal.
Reported-by: Zero King
Fixes #2736
Closes #2738
|
|
|
|
curl configured with --enable-debug --disable-file currently complains
on test1422:
Info: Protocol "file" not supported or disabled in libcurl
Make test1422 dependend on enabled FILE protocol to fix this.
Fixes https://github.com/curl/curl/issues/2741
Closes https://github.com/curl/curl/pull/2742
|
|
Some servers issue raw deflate data that may be followed by an undocumented
trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
before considering the data is in error.
Reported-by: clbr on github
Fixes #2719
|
|
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369
Closes #2740
|
|
The definition of CALG_TLS1PRF has been fixed in the 5.1 branch:
https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5
|
|
+ The hackerone bounty and its process
- We don't and can't handle pre-notification
|
|
It was previously erroneously skipped in some situations.
libtest/libntlmconnect.c wrongly depended on wrong behavior (that it
would get a zero timeout) when no handles are "running" in a multi
handle. That behavior is no longer present with this fix. Now libcurl
will always return a -1 timeout when all handles are completed.
Closes #2733
|
|
On multiplexed connections, transfers can be removed from anywhere not
just at the head as for pipelines.
|
|
|
|
... as the usage needs to be counted.
|
|
Commit 38203f1585da changed engine detection to be version-based,
with a baseline of openssl 1.0.1. This does in fact break builds
with openssl 1.0.0, which has engine support - the configure script
detects that ENGINE_cleanup() is available - but <openssl/engine.h>
doesn't get included to declare it.
According to upstream documentation, engine support was added to
mainstream openssl builds as of version 0.9.7:
https://github.com/openssl/openssl/blob/master/README.ENGINE
This commit drops the version test down to 1.0.0 as version 1.0.0d
is the oldest version I have to test with.
Closes #2732
|
|
Original MinGW's w32api has a sytax error in its definition of
CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF
until this bug [1] is fixed.
[0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h
[1] https://osdn.net/projects/mingw/ticket/38391
Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043
Closes https://github.com/curl/curl/pull/2728
|
|
Apparently the C => HTML converter on the web site doesn't quite like it
otherwise.
Reported-by: Jeroen Ooms
|
|
|
|
Closes #2724
|
|
... and not the other way around, which this previously said.
Reported-by: Vasiliy Faronov
Fixes #2723
Closes #2726
|
|
Reviewed-by: Jakub Zakrzewski
Closes #2715
|
|
Follow-up to 82ce416.
Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
|
|
|
|
MinGW warns:
/lib/vtls/schannel.c:219:64: warning: signed and unsigned type in
conditional expression [-Wsign-compare]
Fix this by casting the ptrdiff_t to size_t as we know it's positive.
Closes https://github.com/curl/curl/pull/2721
|
|
Original MinGW's w32api has CryptHashData's second parameter as BYTE *
instead of const BYTE *.
Closes https://github.com/curl/curl/pull/2721
|
|
They are not defined in the original MinGW's <wincrypt.h>.
Closes https://github.com/curl/curl/pull/2721
|
|
Otherwise, only part of it gets pulled in through <windows.h> on
original MinGW.
Fixes https://github.com/curl/curl/issues/2361
Closes https://github.com/curl/curl/pull/2721
|
|
When size_t is not a typedef for unsigned long (as usually the case on
Windows), GCC emits -Wformat warnings when using lu and lx format
specifiers with size_t. Silence them with explicit casts to
unsigned long.
Closes https://github.com/curl/curl/pull/2721
|
|
... not the read buffer size, as that can be set smaller and thus cause
a buffer overflow! CVE-2018-0500
Reported-by: Peter Wu
Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
|
|
Closes #2718
|
|
...but GCC users lose out on TLS 1.3 support, since we can't weak-link
enumeration constants.
Fixes #2656
Closes #2703
|
|
Variable 'output_var' is not used and can be removed.
Function 'collect_true' renamed to 'count_true'.
|
|
Closes #2711
|
|
|
|
... because otherwise not everything get closed down correctly.
Fixes #2708
Closes #2712
|
|
Closes #2713
|
|
|
|
Closes #2706
|
|
|
|
|
|
|
|
|
|
|
|
Closes #2704
|
|
telnet.c(1401,28): warning: cast from function call of type 'int' to
non-matching type 'HANDLE' (aka 'void *') [-Wbad-function-cast]
Fixes #2696
Closes #2700
|
|
|
|
Closes #2698
|
|
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.
Reported-by: Andreas Olsson
Assisted-by: Gaurav Malhotra
Fixes #2691
Closes #2694
|
|
|
|
Reported-by: Andreas Olsson
Fixes #2692
Closes #2693
|
