aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-11-05curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of boundsDaniel Stenberg
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis
2014-11-05lib544.c: use duphandle for test 545Daniel Stenberg
To verify that curl_easy_duphandle() works fine on a handle that has gotten data stored with *_COPYPOSTFIELDS.
2014-11-04tests: add new feature 'SSLpinning'Daniel Stenberg
... and make test 2034 and 2035 require it, and have it set when built with OpenSSL or GnuTLS.
2014-11-04buildconf: update copyright yearDaniel Stenberg
2014-11-04INSTALL: Consistent spacing in section headings, paragraphs and examplesSteve Holme
2014-11-04buildconf: stop checking for libtoolDaniel Stenberg
As we only use libtoolize, only check for that!
2014-11-04INSTALL: Corrected MIT Kerberos and Heimdal package namesSteve Holme
2014-11-04README: Corrected inconsistent use of --helpSteve Holme
2014-11-04INSTALL: Use GSS-API rather than GSSAPISteve Holme
As implementations are refereed to GSS-API libraries as per the RFC and GSSAPI typically refers to the SASL authentication mechanism. ...and minor rewording on the same paragraph.
2014-11-04README: Added note about using Visual Studio projects out of git repositorySteve Holme
2014-11-04cmake: fix ZLIB_INCLUDE_DIRS useK. R. Walker
CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB Bug: https://github.com/bagder/curl/pull/123
2014-11-04SSL: PolarSSL default min SSL version TLS 1.0Jay Satiro
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure.
2014-11-04opts-Makefile: put more man pages into dist and make hmtl+pdfDaniel Stenberg
2014-11-04curl_multi_setopt.3: refer to stand-alone pagesDaniel Stenberg
... instead of duplicating info.
2014-11-04opts: more multi options as stand-alone man pagesDaniel Stenberg
2014-11-04Makefile.am: two cmake files are goneDaniel Stenberg
8cb010144 removed the CurlCheckCSourceCompiles.cmake and CurlCheckCSourceRuns.cmake files
2014-11-03opts: made stand-alone man-pages for several multi optionsDaniel Stenberg
2014-11-03Curl_single_getsock: fix hold/pause sock handlingCarlo Wood
The previous condition that checked if the socket was marked as readable when also adding a writable one, was incorrect and didn't take the pause bits properly into account.
2014-11-03cmake: fix struct sockaddr_storage checkPeter Wu
CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem to affect the tests, so remove it too[2]. For the non-windows case, remove inet headers as POSIX only requires sys/socket.h. [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-03cmake: clean OtherTests, fixing -WerrorPeter Wu
There were several -Wunused warnings and one duplicate macro definition. The EXTRA_DEFINES variable of the CurlCheckCSources macro was being abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to insert extra C code. Avoid this broken abstraction and use cmake's check_c_source_compiles directly (works fine with CMake 2.8, maybe even cmake 2.6). After cleaning up all related variables (EXTRA_DEFINES, HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate add_headers_include macro and remove duplicate header additions before the struct timeval check. Oh, and now the code is converted to use CheckCSourceRuns and CheckCSourceCompiles, the two curl-specific helpers can be removed. Unfortunately, the cmake output is now slightly more verbose. Before: Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed Since check_c_source_compiles prints the varname, now you see: Performing Test curl_cv_func_send_test Performing Test curl_cv_func_send_test - Failed Tested: int send(int, const void *, size_t, int) Compared cmake output with each other using vimdiff, no functional differences were found. Tested with GCC 4.9.1 and Clang 3.5.0. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-03cmake: fix gethostby{addr,name}_r in CurlTestsPeter Wu
This patch cleans up the automatically-generated (?) code and fixes one case that will always fail due to syntax error. HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing character ("int length;q"). Several parameter type and unused variable warnings popped up. This causes a detection failure with -Werror. Observe that the REENTRANT cases are exactly the same as their non-REENTRANT cases except for a `_REENTRANT` macro definition. Merge all these pieces and build one big main function with different cases, but reusing variables where logical. For the cases where the parameters where NULL, I looked at lib/hostip4.c to get an idea of the parameters types. void-cast variables such as 'rc' to avoid -Wuninitialized errors. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-03cmake: drop _BSD_SOURCE macro usagePeter Wu
autotools does not use features.h nor _BSD_SOURCE. As this macro triggers warnings since glibc 2.20, remove it. It should not have functional differences. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-02RELEASE-NOTES: Synced with d71ea7c01eSteve Holme
Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change as GSSAPI can be confused with the authentication mechanism rather than a GSS-API implementation library such as MIT or Heimdal.
2014-11-02build: Added WinIDN build configuration optionsSteve Holme
Added support for WinIDN build configurations to the VC6 project files.
2014-11-02build: Added WinIDN build configuration optionsSteve Holme
Added support for WinIDN build configurations to the VC7 and VC7.1 project files.
2014-11-02build: Fixed the pre-processor separator in Visual Studio project filesSteve Holme
A left over from the VC6 project files, so mainly cosmetic in Visual Studio .NET as it can handle both comma and semi-colon characters for separating multiple pre-processor definitions. However, the IDE uses semi-colons if the value is edited, and as such, this may cause problems in future for anyone updating the files or merging patches. Used the Visual Studio IDE to correct the separator character.
2014-11-02build: Added optional specific version generation of VC project filesSteve Holme
..when working from the git repository. This is particularly useful for single development environments where the project files for all supported versions of Visual Studio may not be required.
2014-11-02build-openssl.bat: Fix x64 release buildJay Satiro
Prior to this change if x64 release was specified a failed attempt was made to build x86 release instead.
2014-11-02CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version numberSteve Holme
2014-11-02CURLOPT_SASL_IR.3: Added supported mechanism informationSteve Holme
...and removed duplication of what protocols are supported from the description text.
2014-11-02opts: Use common wording for MAIL related namesSteve Holme
2014-11-02opts: Use common wording for TLS user/password option namesSteve Holme
...and revised the proxy wording a little as well.
2014-11-02CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusingSteve Holme
...and corrected a related typo in curl_easy_setopt.3.
2014-11-02RELEASE-NOTES: removed obsolete entry; fixed entry.Guenter Knauf
2014-11-02RELEASE-NOTES: Synced with e7da67f5d3Steve Holme
2014-11-02docs: Added mention of Kerberos for CURL_VERSION_SSPISteve Holme
As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP, POP3 and SMTP authentication since v7.38.0.
2014-11-02CURL_VERSION_KERBEROS4: Mark as deprecatedSteve Holme
Support for Kerberos V4 was removed in v7.33.0.
2014-11-02sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is usedSteve Holme
Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2014-11-02openssl: Use 'CURLcode result'Steve Holme
More CURLcode fixes.
2014-11-01resume: consider a resume from [content-length] to be OKDaniel Stenberg
Basically since servers often then don't respond well to this and instead send the full contents and then libcurl would instead error out with the assumption that the server doesn't support resume. As the data is then already transfered, this is now considered fine. Test case 1434 added to verify this. Test case 1042 slightly modified. Reported-by: hugo Bug: http://curl.haxx.se/bug/view.cgi?id=1443
2014-11-01openssl: Use 'CURLcode result'Steve Holme
More standardisation of CURLcode usage and coding style.
2014-11-01openssl: Use 'CURLcode result'Steve Holme
...and some minor code style changes.
2014-11-01ftplistparser: We prefer 'CURLcode result'Steve Holme
2014-10-31opts: Use common wording for user/password option namesSteve Holme
2014-10-31CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." textSteve Holme
As this is covered by the PROTOCOLS section and saves having to update two parts of the document with the same information in future.
2014-10-31CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPISteve Holme
As implementations are refereed to GSS-API libraries as per the RFC and GSSAPI typically refers to an authentication mechanism.
2014-10-31CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol listSteve Holme
Added missing IMAP to the protocol list.
2014-10-30code cleanup: Use 'CURLcode result'Steve Holme
2014-10-30curl_easy_setopt.3: Fixed lots of typosSteve Holme
2014-10-30curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONSSteve Holme
...as this option affects more that just FTP.