aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-04-30schannel: Fix out of bounds arrayJay Satiro
Bug born in changes made several days ago 9a91e80. Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html Reported-by: Brian Chrisman
2015-04-29docs/libcurl: gitignore libcurl-symbols.3Jay Satiro
Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html Reported-by: Michael Osipov
2015-04-29lib/makefile.m32: add arch -m32/-m64 to LDFLAGSViktor Szakats
This fixes using a multi-target mingw distro to build curl .dll for the non-default target. (mirroring the same patch present in src/makefile.m32)
2015-04-29RELEASE-NOTES: synced with cd39b944afcDaniel Stenberg
I've not mentioned the bug fixes that were shipped in 7.42.1 from the 7_42 branch.
2015-04-29THANKS: merged from the 7.42.1 releaseDaniel Stenberg
2015-04-28CURLOPT_HEADEROPT: default to separateDaniel Stenberg
Make the HTTP headers separated by default for improved security and reduced risk for information leakage. Bug: http://curl.haxx.se/docs/adv_20150429.html Reported-by: Yehezkel Horowitz, Oren Souroujon
2015-04-28docs/libcurl: Corrected a typo in the CURLOPT_PROXY_SERVICE_NAME documentationLinus Nielsen
2015-04-28hash: simplify Curl_str_key_compare()Daniel Stenberg
2015-04-28dist: ship CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAMEDaniel Stenberg
2015-04-28Negotiate: custom service names for SPNEGO.Linus Nielsen
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.
2015-04-27http2: unify http_conn variable names to 'c'Daniel Stenberg
2015-04-27ConnectionExists: call it multi-use instead of pipeliningDaniel Stenberg
So that it fits HTTP/2 as well
2015-04-27nss: fix compilation failure with old versions of NSSPaul Howarth
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
2015-04-27sws: init http2 state properlyDaniel Stenberg
It would otherwise cause problems when running tests after 1801 etc.
2015-04-27curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSIONDaniel Stenberg
... as it was previouly undocumented what the pointer was.
2015-04-26runtests: use a DISABLED.local file tooDaniel Stenberg
... and have git ignore that. Allows for a dev to add tests to ignore in local tests and yet don't obstruct a normal git work flow.
2015-04-26schannel.c: Fix typo introduced with 3447c973d0Marc Hoersken
2015-04-26schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL errorMarc Hoersken
Reported-by: Brian Chrisman
2015-04-26schannel: re-indented file to follow curl style betterDaniel Stenberg
white space changes only
2015-04-26Curl_ossl_init: load builtin modulesDaniel Stenberg
To have engine modules work, we must tell openssl to load builtin modules first. Bug: https://github.com/bagder/curl/pull/206
2015-04-26configure: follow-up fix for krb5-configDaniel Stenberg
commit 5b66860652 was incomplete so here's a follow-up fix Reported-by: Dagobert Michelsen Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
2015-04-26openssl: fix serial number outputDaniel Stenberg
The code extracting the cert serial number was broken and didn't display it properly. Bug: https://github.com/bagder/curl/issues/235 Reported-by: dkjjr89
2015-04-26sasl_sspi: Populate domain from the realm in the challengeGrant Pannell
Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-25tool: New option --data-raw to HTTP POST data, '@' allowed.Anthony Avina
Add new option --data-raw which is almost the same as --data but does not have a special interpretation of the @ character. Prior to this change there was no (easy) way to pass the @ character as the first character in POST data without it being interpreted as a special character. Bug: https://github.com/bagder/curl/issues/198 Reported-by: Jens Rantil
2015-04-25test2039: fixed line endings that caused a test failureDan Fandrich
2015-04-24netrc: add unit tests for 'default' supportViktor Szakats
2015-04-24netrc: support 'default' tokenViktor Szakats
The 'default' token has no argument and means to match _any_ domain. It must be placed last if there are 'machine <name>' tokens in the same file. See full description here: https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-24ROADMAP.md: extended the HTTP/2 section, reformattedDaniel Stenberg
Elaborated on several of the remaining HTTP/2 parts and made document use a format that ends up nicer on the web page: http://curl.haxx.se/dev/roadmap.html
2015-04-23curl -z: do not write empty file on unmet conditionKamil Dudka
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. It also introduces a regression test 1424 based on tests 78 and 1423. Reported-by: Viktor Szakats Bug: https://github.com/bagder/curl/issues/237
2015-04-23tool: fixed a comment typoDan Fandrich
2015-04-23README: convert to UTF-8Dan Fandrich
2015-04-22cyassl: Implement public key pinningJay Satiro
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22curl.1: fix typoAlessandro Ghedini
2015-04-22docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, tooKamil Dudka
2015-04-22tests/unit/.gitignore: hide unit1601 and above, tooKamil Dudka
2015-04-22connectionexists: follow-up to fd9d3a1ef1fDaniel Stenberg
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not enabled. Mistake-caught-by: Kamil Dudka
2015-04-22connectionexists: fix build without NTLMDaniel Stenberg
Do not access NTLM-specific struct fields when built without NTLM enabled! bug: http://curl.haxx.se/?i=231 Reported-by: Patrick Rapin
2015-04-22bump: start working toward 7.43.0Daniel Stenberg
2015-04-22nss: implement public key pinning for NSS backendKamil Dudka
Bug: https://bugzilla.redhat.com/1195771
2015-04-22dist: include {src,lib}/checksrc.whitelistDaniel Stenberg
2015-04-22RELEASE-NOTES: updated for 7.42.0Daniel Stenberg
2015-04-22THANKS: added contributors from 7.42.0 release notesDaniel Stenberg
2015-04-22THANKS-filter: a few more alterations to squashDaniel Stenberg
2015-04-22contrithanks.sh: helper script for maintaining THANKSDaniel Stenberg
2015-04-21http_done: close Negotiate connections when doneDaniel Stenberg
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
2015-04-21fix_hostname: zero length host name caused -1 index offsetDaniel Stenberg
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
2015-04-21cookie: cookie parser out of boundary memory accessDaniel Stenberg
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
2015-04-21ConnectionExists: for NTLM re-use, require credentials to matchDaniel Stenberg
CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
2015-04-21openssl: add OPENSSL_NO_SSL3_METHOD checkbyronhe
2015-04-20CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and descDaniel Stenberg
Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon