curl - cURL mirror with patches applied

Age	Commit message (Collapse)	Author
2015-04-22	nss: implement public key pinning for NSS backend	Kamil Dudka
	Bug: https://bugzilla.redhat.com/1195771
2015-04-22	dist: include {src,lib}/checksrc.whitelist	Daniel Stenberg

2015-04-22	RELEASE-NOTES: updated for 7.42.0	Daniel Stenberg

2015-04-22	THANKS: added contributors from 7.42.0 release notes	Daniel Stenberg

2015-04-22	THANKS-filter: a few more alterations to squash	Daniel Stenberg

2015-04-22	contrithanks.sh: helper script for maintaining THANKS	Daniel Stenberg

2015-04-21	http_done: close Negotiate connections when done	Daniel Stenberg
	When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
2015-04-21	fix_hostname: zero length host name caused -1 index offset	Daniel Stenberg
	If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
2015-04-21	cookie: cookie parser out of boundary memory access	Daniel Stenberg
	The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
2015-04-21	ConnectionExists: for NTLM re-use, require credentials to match	Daniel Stenberg
	CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
2015-04-21	openssl: add OPENSSL_NO_SSL3_METHOD check	byronhe

2015-04-20	CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc	Daniel Stenberg
	Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon
2015-04-20	configure --with-nss: remove unneeded libs from the fallback	Mostyn Bramley-Moore

2015-04-20	contributors.sh: fix help output, filter out (-prefix from names	Daniel Stenberg

2015-04-20	RELEASE-NOTES: synced with cc0e7ebc3be0	Daniel Stenberg

2015-04-19	CURLMOPT_TIMERFUNCTION.3: Clarify, add an example	Michael Stapelberg

2015-04-19	vtls/openssl: use https in URLs and a comment typo fixed	Viktor Szakáts

2015-04-18	curl_version_info.3: fixed the 'protocols' variable type	Daniel Stenberg
	Reported-by: John Marshall Bug: https://github.com/bagder/curl/issues/225
2015-04-18	test1423: added missing "file" to server section	Dan Fandrich

2015-04-17	TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods	Daniel Stenberg
	... and some minor edits
2015-04-17	Revert "HTTP: don't abort connections with pending Negotiate authentication"	Daniel Stenberg
	This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
2015-04-17	cyassl: Fix include order	Jay Satiro
	Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html
2015-04-17	configure --with-nss: drop redundant if statement	Kamil Dudka

2015-04-17	configure --with-nss=PATH: query pkg-config if available	Kamil Dudka
	Bug: https://github.com/bagder/curl/pull/171
2015-04-17	parsecfg: do not continue past a zero termination	Daniel Stenberg
	When a config file line ends without newline, the parsing function could continue reading beyond that point in memory. Reported-by: Hanno Böck
2015-04-16	gitignore: Ignore Windows build output directories	Jay Satiro

2015-04-15	RELEASE-NOTES: synced with 1ba6e4c88e0	Daniel Stenberg

2015-04-15	TODO: 17.9 Choose the name of file in braces for complex URLs	Daniel Stenberg

2015-04-15	TODO: a little caution that maybe not all ideas are still good	Daniel Stenberg

2015-04-15	TODO: 17.8 offer color-coded HTTP header output	Daniel Stenberg

2015-04-15	TODO: 17.7 warning when sending binary output to terminal	Daniel Stenberg

2015-04-15	KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes	Daniel Stenberg

2015-04-14	cyassl: Add support for TLS extension SNI	Jay Satiro

2015-04-13	gitignore: ignore test-driver file	Matthew Hall

2015-04-13	vtls_openssl: improve PKCS#12 load failure error message	Matthew Hall

2015-04-13	vtls_openssl: fix minor typo in PKCS#12 load routine	Matthew Hall

2015-04-13	vtls_openssl: improve client certificate load failure error messages	Matthew Hall

2015-04-13	vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant	Matthew Hall

2015-04-13	BUGS: refer to the github issue tracker now as primary	Daniel Stenberg

2015-04-13	firefox-db2pem: fix wildcard to find Firefox default profile	Daniel Stenberg
	At some point, Firefox has changed and generates different directory names for the default profile that made this script fail to find them. Bug: https://github.com/bagder/curl/issues/207 Reported-by: sneakyimp
2015-04-11	cyassl: Include the CyaSSL build config	Jay Satiro
	CyaSSL >= 2.6.0 may have an options.h that was generated during its build by configure.
2015-04-11	build: Generate source prerequisites for Visual Studio in generate.bat	Jay Satiro
	Prior to this change Visual Studio builds could fail due to missing prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. http://curl.haxx.se/mail/lib-2015-04/0034.html
2015-04-09	lib/makefile.m32: add missing libs to build libcurl.dll	Viktor Szakats
	Add 'gdi32' and 'crypt32' Windows implibs to avoid failure while building libcurl.dll using the mingw compiler. The same logic is used in 'src/makefile.m32' when building curl.exe.
2015-04-08	test142[23]: verify that an empty file is stored on success	Kamil Dudka

2015-04-08	src/tool_operate: create output file on successful download	Kamil Dudka
	... of an empty file Bug: https://github.com/bagder/curl/issues/183
2015-04-08	src/tool_cb_wrt: separate fnc for output file creation	Kamil Dudka

2015-04-07	lib/transfer.c: Remove factor of 8 from sleep time calculation	Da-Yoon Chung
	The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and rate_bps are both in bytes. When using the rate limiting option, curl waits 8 times too long, and then transfers very quickly until the average rate reaches the limit. The average rate follows the limit over time, but the actual traffic is bursty. Thanks-to: Benjamin Gilbert
2015-04-06	x509asn1: Silence x64 loss-of-data warning on RSA key length assignment	Jay Satiro
	The key length in bits will always fit in an unsigned long so the loss-of-data warning assigning the result of x64 pointer arithmetic to an unsigned long is unnecessary.
2015-04-06	cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size	Jay Satiro
	Also fix it so that all ERR_error_string calls use an error buffer. CyaSSL's implementation of ERR_error_string only writes the error when an error buffer is passed. http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html
2015-04-05	cyassl: Remove 'Connecting to' message from cyassl_connect_step2	Jay Satiro
	Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' messages since cyassl_connect_step2 is called multiple times, typically. The message is superfluous even once since libcurl already informs the user elsewhere in code that it is connecting.