| Age | Commit message (Collapse) | Author | 
|---|
|  | Fixes #2380 | 
|  |  | 
|  | Detected by Coverity Analysis:
Error: IDENTIFIER_TYPO:
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo:
* Identifier "SuportedMech" is only known to be referenced here, or in copies of this code.
* Identifier "SupportedMech" is referenced elsewhere at least 4 times.
curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech".
curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech".
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function).
curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"?
Closes #2379 | 
|  | Reported-by: Aron Bergman
Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html
[ci skip] | 
|  | This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248.
The assignment really needs to be there or we risk working with an
uninitialized pointer. | 
|  | follow-up to 72a0f62 | 
|  | To sync it with changes made for the libssh2 project.
Also cleanup some whitespace. | 
|  |  | 
|  |  | 
|  | ... don't consider it an error!
Assisted-by: Jay Satiro
Reported-by: Łukasz Domeradzki
Fixes #2365
Closes #2375 | 
|  |  | 
|  |  | 
|  | CVE-2018-1000121
Reported-by: Dario Weisser
Bug: https://curl.haxx.se/docs/adv_2018-97a2.html | 
|  | Refuse to operate when given path components featuring byte values lower
than 32.
Previously, inserting a %00 sequence early in the directory part when
using the 'singlecwd' ftp method could make curl write a zero byte
outside of the allocated buffer.
Test case 340 verifies.
CVE-2018-1000120
Reported-by: Duy Phan Thanh
Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html | 
|  | CVE-2018-1000122
Bug: https://curl.haxx.se/docs/adv_2018-b047.html
Detected by OSS-fuzz | 
|  |  | 
|  | ... and make sure to avoid integer overflows with really large values.
Reported-by: 刘佩东
Fixes #2371
Closes #2373 | 
|  |  | 
|  |  | 
|  | follow-up to e04417d | 
|  |  | 
|  | Reported-by: Michael Kaufmann
Fixes #2357
Closes #2362 | 
|  | ... as it is interesting for many users. | 
|  |  | 
|  |  | 
|  |  | 
|  | Closes #2349 | 
|  |  | 
|  | Check for existence of import and static libraries with documented names
and use them if they do. Fallback to previous names.
According to
https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on
Windows, the names of the import library is "zdll.lib" and static
library is "zlib.lib".
closes #2354 | 
|  | gss_seal/gss_unseal have been deprecated in favor of
gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first
version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June
1996 already says "GSS_Wrap() (formerly GSS_Seal())" and
"GSS_Unwrap() (formerly GSS_Unseal())".
Use the nondeprecated functions to avoid deprecation warnings.
[1] https://tools.ietf.org/html/rfc2078
[2] https://tools.ietf.org/html/rfc1964
Closes https://github.com/curl/curl/pull/2356 | 
|  |  | 
|  |  | 
|  | Added test 1265 that verifies.
Reported-by: steelman on github
Fixes #2353
Closes #2355 | 
|  | ... so that the CI and more detects compiler warnings/errors properly!
Closes #2337 | 
|  | On MinGW and Cygwin, GCC and clang have been complaining about macro
redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this
by undefining the macros before redefining them as suggested in
https://github.com/curl/curl/pull/2269.
Suggested-by: Daniel Stenberg | 
|  |  | 
|  | When targeting x64, MinGW-w64 complains about conversions between
32-bit long and 64-bit pointers. Fix this by reusing the
GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic
from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST /
CURLX_INTEGER_TO_POINTER_CAST.
Closes https://github.com/curl/curl/pull/2341 | 
|  | Update clang to version 3.9 and GCC to version 6.
Closes https://github.com/curl/curl/pull/2345 | 
|  | Fixes #2342 | 
|  | - Add OpenSSL 1.1.1 to the header/library version lists.
- Detect OpenSSL 1.1.1 library using its function ERR_clear_last_mark,
  which was added in that version.
Prior to this change an erroneous header/library mismatch was caused by
lack of OpenSSL 1.1.1 detection. I tested using openssl-1.1.1-pre1. | 
|  | Closes https://github.com/curl/curl/pull/2335 | 
|  | Detected using the `codespell` tool.
Also contains one URL protocol upgrade.
Closes https://github.com/curl/curl/pull/2334 | 
|  | Reported-by: Stefan Kanthak and Rod Widdowson
Fixes #2325 | 
|  | - Add macros to the top of the makefile for rc and mt utilities so that
  it is easier to change their locations.
Bug: https://curl.haxx.se/mail/lib-2018-02/0075.html
Reported-by: Stefan Kanthak
Closes https://github.com/curl/curl/issues/2329 | 
|  |  | 
|  |  | 
|  | Co-authored-by: Stefan Kanthak
Closes https://github.com/curl/curl/issues/2330
Closes https://github.com/curl/curl/pull/2331 | 
|  |  | 
|  |  | 
|  | - Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that
  will be called every time before a new resolve request is started
  (ie before a host is resolved) with a pointer to backend-specific
  resolver data. Currently this is only useful for ares.
- Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to
  pass to the resolver start callback.
Closes https://github.com/curl/curl/pull/2311 |