aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-14url: skip to-be-closed connections when pipeliningRider Linden
No longer attempt to use "doomed" to-be-closed connections when pipelining. Prior to this change connections marked for deletion (e.g. timeout) would be erroneously used, resulting in sporadic crashes. As originally reported and fixed by Carlo Wood (origin unknown). Bug: https://github.com/curl/curl/issues/627 Reported-by: Rider Linden Closes https://github.com/curl/curl/pull/1075 Participation-by: nopjmp@users.noreply.github.com
2016-10-13vtls: only re-use session-ids using the same schemeDaniel Stenberg
To make it harder to do cross-protocol mistakes
2016-10-11dist: add missing cmake modules to the tarballTorben Dannhauer
Closes https://github.com/curl/curl/pull/1070
2016-10-11configure: detect the broken poll() in macOS 10.12Daniel Stenberg
Fixes #1057
2016-10-10dist: remove PDF and HTML converted docs from the releasesDaniel Stenberg
2016-10-10cmake: add nghttp2 supportRemo E
Closes #922
2016-10-10resolve: add error message when resolving using SIGALRMAndreas Streichardt
Closes #1066
2016-10-10GIT-INFO: remove the Mac 10.1-specific detailsDaniel Stenberg
There shouldn't be many devs out there anymore using such outdated macOS versions. And it removes the dead link. Closes #1049
2016-10-10RELEASE-NOTES: spellfixDaniel Stenberg
2016-10-10RELEASE-NOTES: synced with 82720490628cb53aDaniel Stenberg
5 more fixes, 2 more contributors
2016-10-09smb: properly check incoming packet boundariesTobias Stoeckmann
Not all reply messages were properly checked for their lengths, which made it possible to access uninitialized memory (but this does not lead to out of boundary accesses). Closes #1052
2016-10-08test557: verify printf() with 128 and 129 argumentsDaniel Stenberg
2016-10-08mprintf: return error on too many argumentsDaniel Stenberg
128 arguments should be enough for everyone
2016-10-08ftp: fix Curl_ftpsendf()Daniel Stenberg
... it no longer takes printf() arguments since it was only really taken advantage by one user and it was not written and used in a safe way. Thus the 'f' is removed from the function name and the proto is changed. Although the current code wouldn't end up in badness, it was a risk that future changes could end up springf()ing too large data or passing in a format string inadvertently.
2016-10-08formpost: avoid silent snprintf() truncationDaniel Stenberg
The previous use of snprintf() could make libcurl silently truncate some input data and not report that back on overly large input, which could make data get sent over the network in a bad format. Example: $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
2016-10-08TODO: build: Enable PIE and RELRO by defaultDaniel Stenberg
2016-10-08TODO: Support better than MD5 hostkey hash (for ssh)Daniel Stenberg
2016-10-08tests: Fix a small typo in the tests README (#1060)Daniel Gustafsson
The subdirectory for logs in tests/ is named log/ without an 's' at the end.
2016-10-06TODO: Introduce --fail-fast to exit on first transfer failDaniel Stenberg
See #1054
2016-10-06TODO: Leave secure cookies aloneDaniel Stenberg
2016-10-06CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)Rainer Müller
The 'userp' argument is unused in this example code.
2016-10-05TODO: TCP Fast Open for windowsDaniel Stenberg
2016-10-04RELEASE-NOTES: synced with 8fd2a754f0deDaniel Stenberg
2016-10-04CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is addedDaniel Stenberg
2016-10-04memdup: use 'void *' as return and source typeDaniel Stenberg
2016-10-04TODO: Add easy argument to formpost functionsDaniel Stenberg
2016-10-04formpost: trying to attach a directory no longer crashesDaniel Stenberg
The error path would previously add a freed entry to the linked list. Reported-by: Toby Peterson Fixes #1053
2016-10-03cookies: same domain handling changed to match browser behaviorSergei Kuzmin
Cokie with the same domain but different tailmatching property are now considered different and do not replace each other. If header contains following lines then two cookies will be set: Set-Cookie: foo=bar; domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz; domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 This matches Chrome, Opera, Safari, and Firefox behavior. When sending stored tokens to foo.com Chrome, Opera, Firefox store send them in the stored order, while Safari pre-sort the cookies. Closes #1050
2016-10-01FAQ: Fix typos in section 5.14 (#1047)Stephen Brokenshire
Type required for YourClass::func C++ function (using size_t in line with the documentation for CURLOPT_WRITEFUNCTION) and missing second colon when specifying the static function for CURLOPT_WRITEFUNCTION.
2016-09-30KNOWN_BUGS: Fix typos in section 5.8.Sebastian Mundry
Closes #1046
2016-09-30CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045)mundry
2016-09-30curl.1: --trace supports % for sending to stderr!Daniel Stenberg
2016-09-26KNOWN_BUGS: 5.8 configure finding libs in wrong directoryDaniel Stenberg
2016-09-24configure: Fixed builds with libssh2 in a custom locationDan Fandrich
A libssh2 library in the standard system location was being used in preference to the desired one while linking.
2016-09-23SECURITY: remove the top ascii logoDaniel Stenberg
2016-09-22New libcurl option to keep sending on errorMichael Kaufmann
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether sending the request body shall be completed when the server responds early with an error status code. This is suitable for manual NTLM authentication. Reviewed-by: Jay Satiro Closes https://github.com/curl/curl/pull/904
2016-09-22nss: add chacha20-poly1305 cipher suites if supported by NSSKamil Dudka
2016-09-22nss: add cipher suites using SHA384 if supported by NSSKamil Dudka
2016-09-22nss: fix typo in ecdhe_rsa_null cipher suite stringKamil Dudka
As it seems to be a rarely used cipher suite (for securely established but _unencrypted_ connections), I believe it is fine not to provide an alias for the misspelled variant.
2016-09-21docs: Remove that --proto is just used for initial retrievalJay Satiro
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not override protocols denied by --proto and CURLOPT_PROTOCOLS. - Add a test to enforce: --proto deny must override --proto-redir allow Closes https://github.com/curl/curl/pull/1031
2016-09-21dist: add CurlSymbolHiding.cmake to the tarballDaniel Stenberg
Follow-up to 6140dfcf3e784 Reported-by: Alexander Sinditskiy
2016-09-20curl_global_cleanup.3: don't unload the lib with sub threads runningDaniel Stenberg
Discussed in #997 Assisted-by: Jay Satiro
2016-09-20MAIL-ETIQUETTE: languageDaniel Stenberg
2016-09-20easy: Reset all statistical session info in curl_easy_resetJay Satiro
Bug: https://github.com/curl/curl/issues/1017 Reported-by: Jeroen Ooms
2016-09-19RELEASE-NOTES: synced with 79607eec51055Daniel Stenberg
2016-09-19darwinssl: Fix typo in commentDaniel Gustafsson
Closes https://github.com/curl/curl/pull/1028
2016-09-19libressl: fix version outputBernard Spil
LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all versions returning `LibreSSL/2.0.0` for any LibreSSL version. This change provides a local OpenSSL_version_num function replacement returning LIBRESSL_VERSION_NUMBER instead. Closes #1029
2016-09-19TODO: Add PINNEDPUBLICKEY - HPKP compatibility, HSTS & HPKPrugk
Closes #1025 Closes #1026 Closes #1027
2016-09-19openssl: don't call ERR_remote_thread_state on >= 1.1.0Daniel Stenberg
Follow-up fix to d9321562
2016-09-19openssl: don’t call CRYTPO_cleanup_all_ex_dataDaniel Stenberg
The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called multiple times without crashing - and other libs might call it! We basically cannot call it without risking a crash. The function is a no-op since OpenSSL 1.1.0. Not calling this function only risks a small memory leak with OpenSSL < 1.1.0. Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html Reported-by: Todd Short