| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Fix regression caused by 21080e1
Reported-by: Chih-Hsuan Yen
Fixes #4122
Closes #4124
|
|
|
|
|
|
|
|
|
|
- Find package "Brotli" instead of "BROTLI" since the former is the
casing used for CMake/FindBrotli.cmake, and otherwise find_package
may fail on a case-sensitive file system.
Fixes https://github.com/curl/curl/issues/4117
|
|
AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've
cautioned against using it for that purpose and included a workaround.
Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html
Reported-by: Christopher Head
Closes https://github.com/curl/curl/issues/3814
|
|
Closes https://github.com/curl/curl/pull/4118
|
|
If the SSL backend is Schannel and the user specifies an Schannel CALG_
that is not supported by the protocol or the server then curl returns
CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH.
Fixes https://github.com/curl/curl/issues/3389
Closes https://github.com/curl/curl/pull/4106
|
|
PK11_IsPresent() checks for the token for the given slot is available,
and sets needlogin flags for the PK11_Authenticate() call. Should it
return false, we should however treat it as an error and bail out.
Closes https://github.com/curl/curl/pull/4110
|
|
Since 7.54 --tlsv1. options use the specified version or later, however
older versions of curl documented it as using just the specified version
which may or may not have happened depending on the TLS library.
Document this discrepancy to allay confusion for users familiar with the
old documentation that expect just the specified version.
Fixes https://github.com/curl/curl/issues/4097
Closes https://github.com/curl/curl/pull/4119
|
|
- Allow FTPS on redirect.
- Update default allowed redirect protocols in documentation.
Follow-up to 6080ea0.
Ref: https://github.com/curl/curl/pull/4094
Closes https://github.com/curl/curl/pull/4115
|
|
... and adjust those that cause errors
Closes #4116
|
|
... as larger values would rather indicate something silly (and could
potentially cause buffer problems).
Reported-by: pendrek at hackerone
Closes #4114
|
|
follow-up to 7fb66c403
|
|
Triggered by PR #4111
Closes #4113
|
|
- Escape apostrophes at line start.
Some lines begin with a "'" (apostrophe, single quote), which is then
interpreted as a control character in *roff.
Such lines are interpreted as being a call to a macro, and if
undefined, the lines are removed from the output.
Bug: https://bugs.debian.org/926352
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Submitted-by: Alessandro Ghedini
Closes https://github.com/curl/curl/pull/4111
|
|
follow-up to 6080ea098
|
|
The testcase ensures that redirects to CURLPROTO_GOPHER won't be
allowed, by default, in the future. Also, curl is being used
for convenience while keeping the testcases DRY.
The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is
redirected to CURLPROTO_GOPHER
Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
|
|
All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS
counterpart were allowed for redirect. This vastly broadens the
exploitation surface in case of a vulnerability such as SSRF [1], where
libcurl-based clients are forced to make requests to arbitrary hosts.
For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based
protocol by URL-encoding a payload in the URI. Gopher will open a TCP
connection and send the payload.
Only HTTP/HTTPS and FTP are allowed. All other protocols have to be
explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS.
[1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/
Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr>
Closes #4094
|
|
Closes #4100
|
|
With CURLOPT_TIMECONDITION set, a header is automatically added (e.g.
If-Modified-Since). Allow this to be replaced or suppressed with
CURLOPT_HTTPHEADER.
Fixes #4103
Closes #4109
|
|
- Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open.
Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead.
Closes https://github.com/curl/curl/pull/4095
|
|
Correctly set the July 17 version to 7.65.2, and update spelling to
be consistent. Also fix a typo.
Closes https://github.com/curl/curl/pull/4107
|
|
- Declare variable in header as extern.
Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597
|
|
There were a leftover few prototypes of Curl_ functions that we used to
export but no longer do, this removes those prototypes and cleans up any
comments still referring to them.
Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free()
Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn()
were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c.
Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3.
For the remainder, I didn't trawl the Git logs hard enough to capture
their exact time of deletion, but they were all gone: Curl_splayprint(),
Curl_http2_send_request(), Curl_global_host_cache_dtor(),
Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(),
Curl_http_auth_stage() and Curl_close_connections().
Closes #4096
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
CMake interprets an elseif() with no arguments as elseif(FALSE),
resulting in the elseif() block not being executed. That is not what
was intended here. Change the empty elseif() to an else() as it was
intended.
Closes #4101
Reported-by: Artalus <artalus-mail@yandex.ru>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
The header file inclusion had a typo, it should be .h and not .hd.
Fix by renaming.
Fixes #4102
Reported-by: AceCrow on Github
|
|
This fixes the case when --disable-code-coverage supplied to ./configure
would result in coverage="yes" being set.
Closes #4099
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
The file suffix for dynamically loadable objects on macOS is .dylib,
which need to be added for the module definitions in order to get the
NSS TLS backend to work properly on macOS.
Closes https://github.com/curl/curl/pull/4046
|
|
The value of the maxPTDs parameter to PR_Init() has since at least
NSPR 2.1, which was released sometime in 1998, been marked ignored
as is accordingly not used in the initialization code. Setting it
to a value when calling PR_Init() is thus benign, but indicates an
intent which may be misleading. Reset the value to zero to improve
clarity.
Closes https://github.com/curl/curl/pull/4054
|
|
Change the logic around such that we only keep CRLs that NSS actually
ended up caching around for later deletion. If CERT_CacheCRL() fails
then there is little point in delaying the freeing of the CRL as it
is not used.
Closes https://github.com/curl/curl/pull/4053
|
|
Some editors and IDEs assume that source files use UTF-8 file encodings.
It also fixes the build with MSVC when /utf-8 command line option is
used (this option is mandatory for some other open-source projects, this
is useful when using the same options is desired for building all
libraries of a project).
Closes https://github.com/curl/curl/pull/4087
|
|
Fix an issue where example builds a curl_slist, but fails to actually
use it, or free it.
Closes https://github.com/curl/curl/pull/4090
|
|
- Made changes so that ENABLE_OPENSSL_AUTO_LOAD_CONFIG will be honored.
- Also removed some ^M chars from file.
Prior to this change while building on Windows platform even if we pass
the ENABLE_OPENSSL_AUTO_LOAD_CONFIG option with value as "no" it does
not set the CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG flag.
Closes https://github.com/curl/curl/pull/4086
|
|
|
|
OpenSSL changed their manual locations and does not redirect to the new
locations.
Bug: https://curl.haxx.se/mail/lib-2019-06/0056.html
Reported-by: Daniel Stenberg
|
|
The backslash in the character Line Feed must be escaped.
The current man-page outputs the code as following:
fprintf(stderr, "curl_multi failed, code %d.0, mc);
The commit fixes it as follow:
fprintf(stderr, "curl_multi failed, code %d\n", mc);
Closes #4079
|
|
... since that needs UI_OpenSSL() which isn't provided when OpenSSL is
built with OPENSSL_NO_UI_CONSOLE which happens when OpenSSL is built for
UWP (with "VC-WIN32-UWP").
Reported-by: Vasily Lobaskin
Fixes #4073
Closes #4077
|
|
The header now has the slist-using options marked as SLISTPOINT so this
makes sure test 1521 understands that.
Follow-up to ae99b4de1c443ae989
Closes #4074
|
|
Reported-by: Michael Brehm
Fixes #4060
Closes #4072
|
|
Closes #4076
|
|
Commit 25fd1057c9c86e3 made HTTP2 the default, and further down in the
man page that new default is mentioned, but the section at the top
contradicted it until now.
Also remove claim that setting the HTTP version is not sensible.
Closes #4075
|
|
|
|
These tests give differences for me on linux when using a hostip
pointing to the external ip address for the local machine.
Closes #4070
|
