curl - cURL mirror with patches applied

Age	Commit message (Collapse)	Author
2015-04-26	schannel.c: Fix typo introduced with 3447c973d0	Marc Hoersken

2015-04-26	schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error	Marc Hoersken
	Reported-by: Brian Chrisman
2015-04-26	schannel: re-indented file to follow curl style better	Daniel Stenberg
	white space changes only
2015-04-26	Curl_ossl_init: load builtin modules	Daniel Stenberg
	To have engine modules work, we must tell openssl to load builtin modules first. Bug: https://github.com/bagder/curl/pull/206
2015-04-26	configure: follow-up fix for krb5-config	Daniel Stenberg
	commit 5b66860652 was incomplete so here's a follow-up fix Reported-by: Dagobert Michelsen Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
2015-04-26	openssl: fix serial number output	Daniel Stenberg
	The code extracting the cert serial number was broken and didn't display it properly. Bug: https://github.com/bagder/curl/issues/235 Reported-by: dkjjr89
2015-04-26	sasl_sspi: Populate domain from the realm in the challenge	Grant Pannell
	Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-25	tool: New option --data-raw to HTTP POST data, '@' allowed.	Anthony Avina
	Add new option --data-raw which is almost the same as --data but does not have a special interpretation of the @ character. Prior to this change there was no (easy) way to pass the @ character as the first character in POST data without it being interpreted as a special character. Bug: https://github.com/bagder/curl/issues/198 Reported-by: Jens Rantil
2015-04-25	test2039: fixed line endings that caused a test failure	Dan Fandrich

2015-04-24	netrc: add unit tests for 'default' support	Viktor Szakats

2015-04-24	netrc: support 'default' token	Viktor Szakats
	The 'default' token has no argument and means to match _any_ domain. It must be placed last if there are 'machine <name>' tokens in the same file. See full description here: https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-24	ROADMAP.md: extended the HTTP/2 section, reformatted	Daniel Stenberg
	Elaborated on several of the remaining HTTP/2 parts and made document use a format that ends up nicer on the web page: http://curl.haxx.se/dev/roadmap.html
2015-04-23	curl -z: do not write empty file on unmet condition	Kamil Dudka
	This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. It also introduces a regression test 1424 based on tests 78 and 1423. Reported-by: Viktor Szakats Bug: https://github.com/bagder/curl/issues/237
2015-04-23	tool: fixed a comment typo	Dan Fandrich

2015-04-23	README: convert to UTF-8	Dan Fandrich

2015-04-22	cyassl: Implement public key pinning	Jay Satiro
	Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22	curl.1: fix typo	Alessandro Ghedini

2015-04-22	docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too	Kamil Dudka

2015-04-22	tests/unit/.gitignore: hide unit1601 and above, too	Kamil Dudka

2015-04-22	connectionexists: follow-up to fd9d3a1ef1f	Daniel Stenberg
	PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not enabled. Mistake-caught-by: Kamil Dudka
2015-04-22	connectionexists: fix build without NTLM	Daniel Stenberg
	Do not access NTLM-specific struct fields when built without NTLM enabled! bug: http://curl.haxx.se/?i=231 Reported-by: Patrick Rapin
2015-04-22	bump: start working toward 7.43.0	Daniel Stenberg

2015-04-22	nss: implement public key pinning for NSS backend	Kamil Dudka
	Bug: https://bugzilla.redhat.com/1195771
2015-04-22	dist: include {src,lib}/checksrc.whitelist	Daniel Stenberg

2015-04-22	RELEASE-NOTES: updated for 7.42.0	Daniel Stenberg

2015-04-22	THANKS: added contributors from 7.42.0 release notes	Daniel Stenberg

2015-04-22	THANKS-filter: a few more alterations to squash	Daniel Stenberg

2015-04-22	contrithanks.sh: helper script for maintaining THANKS	Daniel Stenberg

2015-04-21	http_done: close Negotiate connections when done	Daniel Stenberg
	When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
2015-04-21	fix_hostname: zero length host name caused -1 index offset	Daniel Stenberg
	If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
2015-04-21	cookie: cookie parser out of boundary memory access	Daniel Stenberg
	The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
2015-04-21	ConnectionExists: for NTLM re-use, require credentials to match	Daniel Stenberg
	CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
2015-04-21	openssl: add OPENSSL_NO_SSL3_METHOD check	byronhe

2015-04-20	CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc	Daniel Stenberg
	Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon
2015-04-20	configure --with-nss: remove unneeded libs from the fallback	Mostyn Bramley-Moore

2015-04-20	contributors.sh: fix help output, filter out (-prefix from names	Daniel Stenberg

2015-04-20	RELEASE-NOTES: synced with cc0e7ebc3be0	Daniel Stenberg

2015-04-19	CURLMOPT_TIMERFUNCTION.3: Clarify, add an example	Michael Stapelberg

2015-04-19	vtls/openssl: use https in URLs and a comment typo fixed	Viktor Szakáts

2015-04-18	curl_version_info.3: fixed the 'protocols' variable type	Daniel Stenberg
	Reported-by: John Marshall Bug: https://github.com/bagder/curl/issues/225
2015-04-18	test1423: added missing "file" to server section	Dan Fandrich

2015-04-17	TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods	Daniel Stenberg
	... and some minor edits
2015-04-17	Revert "HTTP: don't abort connections with pending Negotiate authentication"	Daniel Stenberg
	This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
2015-04-17	cyassl: Fix include order	Jay Satiro
	Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html
2015-04-17	configure --with-nss: drop redundant if statement	Kamil Dudka

2015-04-17	configure --with-nss=PATH: query pkg-config if available	Kamil Dudka
	Bug: https://github.com/bagder/curl/pull/171
2015-04-17	parsecfg: do not continue past a zero termination	Daniel Stenberg
	When a config file line ends without newline, the parsing function could continue reading beyond that point in memory. Reported-by: Hanno Böck
2015-04-16	gitignore: Ignore Windows build output directories	Jay Satiro

2015-04-15	RELEASE-NOTES: synced with 1ba6e4c88e0	Daniel Stenberg

2015-04-15	TODO: 17.9 Choose the name of file in braces for complex URLs	Daniel Stenberg