| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Broken since d24838d4da9faa
Reported-by: Bernard Spil
|
|
|
|
|
|
Closes #1741
|
|
... since they now provide several functions as
__attribute__((overloadable)), the argument detection logic need
updates.
Patched-by: destman at github
Fixes #1738
Closes #1739
|
|
This updates the script to aad5ad5fedb306b39f901a899b7bd305b66c418d
from August 01, 2017. Notably, this removes the lconv version whitelist.
Closes https://github.com/curl/curl/pull/1716
|
|
|
|
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.
Fixes #1730
Closes #1736
|
|
Added test 1289 to verify.
CVE-2017-1000101
Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
|
|
... and thereby avoid telling send() to send off more bytes than the
size of the buffer!
CVE-2017-1000100
Bug: https://curl.haxx.se/docs/adv_20170809B.html
Reported-by: Even Rouault
Credit to OSS-Fuzz for the discovery
|
|
Regression brought by 7c312f84ea930d8 (April 2017)
CVE-2017-1000099
Bug: https://curl.haxx.se/docs/adv_20170809C.html
Credit to OSS-Fuzz for the discovery
|
|
First: this function is only used in debug-builds and not in
release/real builds. It is used to drive tests using the event-based
API.
A pointer to the local struct is passed to CURLMOPT_TIMERDATA, but the
CURLMOPT_TIMERFUNCTION calback can in fact be called even after this
funtion returns, namely when curl_multi_remove_handle() is called.
Reported-by: Brian Carpenter
|
|
Fixes #1728
|
|
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.
Closes https://github.com/curl/curl/pull/1733
|
|
clang complains:
vtls/darwinssl.c:40:8: error: extra tokens at end of #endif directive
[-Werror,-Wextra-tokens]
This breaks the darwinssl build on Travis. Fix it by making this token
a comment.
Closes https://github.com/curl/curl/pull/1734
|
|
When using CURL_WERROR in MSVC builds, the debug flags were overridden
by the release flags and /WX got added twice in debug mode.
Closes https://github.com/curl/curl/pull/1715
|
|
|
|
... by doing two transfers in nocwd mode and check that there's no
superfluous CWD command.
|
|
... when reusing a connection. If it didn't do any CWD previously.
Fixes #1718
|
|
This makes the builds more reproducible as travis is currently rolling
out trusty as default dist [1]. Specifically, this avoids coverage
check failures when trusty is used as seen in [2] until we figure out
what's wrong.
[1] https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming
[2] https://github.com/curl/curl/pull/1692
Closes https://github.com/curl/curl/pull/1725
|
|
(to make the full line appear nicer on travis web UI)
|
|
Closes #1706
|
|
With a clang pragma and three type fixes
Fixes #1722
|
|
|
|
|
|
|
|
Bug: https://curl.haxx.se/mail/lib-2017-08/0008.html
|
|
The MSVC warning level defaults to 3 in CMake. Change it to 4, which is
consistent with the Visual Studio and NMake builds. Disable level 4
warning C4127 for the library and additionally C4306 for the test
servers to get a clean CURL_WERROR build as that warning is raised in
some macros in older Visual Studio versions.
Ref: https://github.com/curl/curl/pull/1667#issuecomment-314082794
Closes https://github.com/curl/curl/pull/1711
|
|
Reported-by: Viktor Szakats
|
|
... and CURLOPT_NETRC_FILE(3).
|
|
|
|
|
|
|
|
Use LongToHandle to convert from long to HANDLE in the Win32
implementation.
This should fix the following warning when compiling with
MSVC 11 (2012) in 64-bit mode:
lib\curl_threads.c(113): warning C4306:
'type cast' : conversion from 'long' to 'HANDLE' of greater size
Closes https://github.com/curl/curl/pull/1717
|
|
Reported-by: Max Dymond
|
|
|
|
There are some bugs in how timers are managed for a single easy handle
that causes the wrong "next timeout" value to be reported to the
application when a new minimum needs to be recomputed and that new
minimum should be an existing timer that isn't currently set for the
easy handle. When the application drives a set of easy handles via the
`curl_multi_socket_action()` API (for example), it gets told to wait the
wrong amount of time before the next call, which causes requests to
linger for a long time (or, it is my guess, possibly forever).
Bug: https://curl.haxx.se/mail/lib-2017-07/0033.html
|
|
.. to catch accidental use of deprecated error codes.
Ref: https://github.com/curl/curl/issues/1688#issuecomment-316764237
|
|
Fixes #1669
Closes #1713
|
|
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.
Closes #1714
Reported-by: Brian Carpenter
|
|
Fixes https://github.com/curl/curl/issues/1688
Closes https://github.com/curl/curl/pull/1712
|
|
Follow-up to 171f8de and de6de94.
Bug: https://github.com/curl/curl/commit/de6de94#commitcomment-23370851
Reported-by: Daniel Stenberg
|
|
Closes #1674
|
|
|
|
It was misspelled as CURL_ERROR in commit
2d86e8d1286e0fbe3d811e2e87fa0b5e53722db4.
Closes https://github.com/curl/curl/pull/1686
|
|
Follow-up to 171f8de.
Ref: https://github.com/curl/curl/issues/1704
|
|
Follow-up to 4dee50b.
Ref: https://github.com/curl/curl/pull/1693
|
|
Reported-by: olesteban at github
Fixes #1704
|
|
The headers of librtmp declare the socket as `int`, and on Windows, that
disagrees with curl_socket_t.
Bug: #1652
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
