aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-18Curl_socket_check: add extra check to avoid integer overflowDaniel Stenberg
2016-10-17maketgz: make it support "only" generating version infoDaniel Stenberg
... to allow you to update the local repository with the given version number data.
2016-10-17url: skip to-be-closed connections when pipelining (follow-up)Jay Satiro
- Change back behavior so that pipelining is considered possible for connections that have not yet reached the protocol level. This is a follow-up to e5f0b1a which had changed the behavior of checking if pipelining is possible to ignore connections that had 'bits.close' set. Connections that have not yet reached the protocol level also have that bit set, and we need to consider pipelining possible on those connections.
2016-10-17HTTP2: mention the tool's limited supportDaniel Stenberg
2016-10-16RELEASE-NOTES: synced with a1a5cd04877fd6fdDaniel Stenberg
2016-10-16curl: do not set CURLOPT_SSLENGINEDEFAULT automaticallyDavid Woodhouse
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in OpenSSL. Just don't get involved; there's no need to be making the engine methods the default anyway. https://github.com/OpenSC/libp11/pull/108 https://github.com/openssl/openssl/pull/1639 Merges #1042
2016-10-16KNOWN_BUGS: two more existing problemsDaniel Stenberg
2016-10-16win: fix Universal Windows Platform buildMarcel Raad
This fixes a merge error in commit 7f3df80 caused by commit 332e8d6. Additionally, this changes Curl_verify_windows_version for Windows App builds to assume to always be running on the target Windows version. There seems to be no way to determine the Windows version from a UWP app. Neither GetVersion(Ex), nor VerifyVersionInfo, nor the Version Helper functions are supported. Bug: https://github.com/curl/curl/pull/820#issuecomment-250889878 Reported-by: Paul Joyce Closes https://github.com/curl/curl/pull/1048
2016-10-16KNOWN_BUGS: minor formatting editDaniel Stenberg
2016-10-14url: skip to-be-closed connections when pipeliningRider Linden
No longer attempt to use "doomed" to-be-closed connections when pipelining. Prior to this change connections marked for deletion (e.g. timeout) would be erroneously used, resulting in sporadic crashes. As originally reported and fixed by Carlo Wood (origin unknown). Bug: https://github.com/curl/curl/issues/627 Reported-by: Rider Linden Closes https://github.com/curl/curl/pull/1075 Participation-by: nopjmp@users.noreply.github.com
2016-10-13vtls: only re-use session-ids using the same schemeDaniel Stenberg
To make it harder to do cross-protocol mistakes
2016-10-11dist: add missing cmake modules to the tarballTorben Dannhauer
Closes https://github.com/curl/curl/pull/1070
2016-10-11configure: detect the broken poll() in macOS 10.12Daniel Stenberg
Fixes #1057
2016-10-10dist: remove PDF and HTML converted docs from the releasesDaniel Stenberg
2016-10-10cmake: add nghttp2 supportRemo E
Closes #922
2016-10-10resolve: add error message when resolving using SIGALRMAndreas Streichardt
Closes #1066
2016-10-10GIT-INFO: remove the Mac 10.1-specific detailsDaniel Stenberg
There shouldn't be many devs out there anymore using such outdated macOS versions. And it removes the dead link. Closes #1049
2016-10-10RELEASE-NOTES: spellfixDaniel Stenberg
2016-10-10RELEASE-NOTES: synced with 82720490628cb53aDaniel Stenberg
5 more fixes, 2 more contributors
2016-10-09smb: properly check incoming packet boundariesTobias Stoeckmann
Not all reply messages were properly checked for their lengths, which made it possible to access uninitialized memory (but this does not lead to out of boundary accesses). Closes #1052
2016-10-08test557: verify printf() with 128 and 129 argumentsDaniel Stenberg
2016-10-08mprintf: return error on too many argumentsDaniel Stenberg
128 arguments should be enough for everyone
2016-10-08ftp: fix Curl_ftpsendf()Daniel Stenberg
... it no longer takes printf() arguments since it was only really taken advantage by one user and it was not written and used in a safe way. Thus the 'f' is removed from the function name and the proto is changed. Although the current code wouldn't end up in badness, it was a risk that future changes could end up springf()ing too large data or passing in a format string inadvertently.
2016-10-08formpost: avoid silent snprintf() truncationDaniel Stenberg
The previous use of snprintf() could make libcurl silently truncate some input data and not report that back on overly large input, which could make data get sent over the network in a bad format. Example: $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
2016-10-08TODO: build: Enable PIE and RELRO by defaultDaniel Stenberg
2016-10-08TODO: Support better than MD5 hostkey hash (for ssh)Daniel Stenberg
2016-10-08tests: Fix a small typo in the tests README (#1060)Daniel Gustafsson
The subdirectory for logs in tests/ is named log/ without an 's' at the end.
2016-10-06TODO: Introduce --fail-fast to exit on first transfer failDaniel Stenberg
See #1054
2016-10-06TODO: Leave secure cookies aloneDaniel Stenberg
2016-10-06CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)Rainer Müller
The 'userp' argument is unused in this example code.
2016-10-05TODO: TCP Fast Open for windowsDaniel Stenberg
2016-10-04RELEASE-NOTES: synced with 8fd2a754f0deDaniel Stenberg
2016-10-04CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is addedDaniel Stenberg
2016-10-04memdup: use 'void *' as return and source typeDaniel Stenberg
2016-10-04TODO: Add easy argument to formpost functionsDaniel Stenberg
2016-10-04formpost: trying to attach a directory no longer crashesDaniel Stenberg
The error path would previously add a freed entry to the linked list. Reported-by: Toby Peterson Fixes #1053
2016-10-03cookies: same domain handling changed to match browser behaviorSergei Kuzmin
Cokie with the same domain but different tailmatching property are now considered different and do not replace each other. If header contains following lines then two cookies will be set: Set-Cookie: foo=bar; domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz; domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 This matches Chrome, Opera, Safari, and Firefox behavior. When sending stored tokens to foo.com Chrome, Opera, Firefox store send them in the stored order, while Safari pre-sort the cookies. Closes #1050
2016-10-01FAQ: Fix typos in section 5.14 (#1047)Stephen Brokenshire
Type required for YourClass::func C++ function (using size_t in line with the documentation for CURLOPT_WRITEFUNCTION) and missing second colon when specifying the static function for CURLOPT_WRITEFUNCTION.
2016-09-30KNOWN_BUGS: Fix typos in section 5.8.Sebastian Mundry
Closes #1046
2016-09-30CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045)mundry
2016-09-30curl.1: --trace supports % for sending to stderr!Daniel Stenberg
2016-09-26KNOWN_BUGS: 5.8 configure finding libs in wrong directoryDaniel Stenberg
2016-09-24configure: Fixed builds with libssh2 in a custom locationDan Fandrich
A libssh2 library in the standard system location was being used in preference to the desired one while linking.
2016-09-23SECURITY: remove the top ascii logoDaniel Stenberg
2016-09-22New libcurl option to keep sending on errorMichael Kaufmann
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether sending the request body shall be completed when the server responds early with an error status code. This is suitable for manual NTLM authentication. Reviewed-by: Jay Satiro Closes https://github.com/curl/curl/pull/904
2016-09-22nss: add chacha20-poly1305 cipher suites if supported by NSSKamil Dudka
2016-09-22nss: add cipher suites using SHA384 if supported by NSSKamil Dudka
2016-09-22nss: fix typo in ecdhe_rsa_null cipher suite stringKamil Dudka
As it seems to be a rarely used cipher suite (for securely established but _unencrypted_ connections), I believe it is fine not to provide an alias for the misspelled variant.
2016-09-21docs: Remove that --proto is just used for initial retrievalJay Satiro
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not override protocols denied by --proto and CURLOPT_PROTOCOLS. - Add a test to enforce: --proto deny must override --proto-redir allow Closes https://github.com/curl/curl/pull/1031
2016-09-21dist: add CurlSymbolHiding.cmake to the tarballDaniel Stenberg
Follow-up to 6140dfcf3e784 Reported-by: Alexander Sinditskiy