aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-04-26Curl_ossl_init: load builtin modulesDaniel Stenberg
To have engine modules work, we must tell openssl to load builtin modules first. Bug: https://github.com/bagder/curl/pull/206
2015-04-26configure: follow-up fix for krb5-configDaniel Stenberg
commit 5b66860652 was incomplete so here's a follow-up fix Reported-by: Dagobert Michelsen Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
2015-04-26openssl: fix serial number outputDaniel Stenberg
The code extracting the cert serial number was broken and didn't display it properly. Bug: https://github.com/bagder/curl/issues/235 Reported-by: dkjjr89
2015-04-26sasl_sspi: Populate domain from the realm in the challengeGrant Pannell
Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-25tool: New option --data-raw to HTTP POST data, '@' allowed.Anthony Avina
Add new option --data-raw which is almost the same as --data but does not have a special interpretation of the @ character. Prior to this change there was no (easy) way to pass the @ character as the first character in POST data without it being interpreted as a special character. Bug: https://github.com/bagder/curl/issues/198 Reported-by: Jens Rantil
2015-04-25test2039: fixed line endings that caused a test failureDan Fandrich
2015-04-24netrc: add unit tests for 'default' supportViktor Szakats
2015-04-24netrc: support 'default' tokenViktor Szakats
The 'default' token has no argument and means to match _any_ domain. It must be placed last if there are 'machine <name>' tokens in the same file. See full description here: https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-24ROADMAP.md: extended the HTTP/2 section, reformattedDaniel Stenberg
Elaborated on several of the remaining HTTP/2 parts and made document use a format that ends up nicer on the web page: http://curl.haxx.se/dev/roadmap.html
2015-04-23curl -z: do not write empty file on unmet conditionKamil Dudka
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. It also introduces a regression test 1424 based on tests 78 and 1423. Reported-by: Viktor Szakats Bug: https://github.com/bagder/curl/issues/237
2015-04-23tool: fixed a comment typoDan Fandrich
2015-04-23README: convert to UTF-8Dan Fandrich
2015-04-22cyassl: Implement public key pinningJay Satiro
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22curl.1: fix typoAlessandro Ghedini
2015-04-22docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, tooKamil Dudka
2015-04-22tests/unit/.gitignore: hide unit1601 and above, tooKamil Dudka
2015-04-22connectionexists: follow-up to fd9d3a1ef1fDaniel Stenberg
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not enabled. Mistake-caught-by: Kamil Dudka
2015-04-22connectionexists: fix build without NTLMDaniel Stenberg
Do not access NTLM-specific struct fields when built without NTLM enabled! bug: http://curl.haxx.se/?i=231 Reported-by: Patrick Rapin
2015-04-22bump: start working toward 7.43.0Daniel Stenberg
2015-04-22nss: implement public key pinning for NSS backendKamil Dudka
Bug: https://bugzilla.redhat.com/1195771
2015-04-22dist: include {src,lib}/checksrc.whitelistDaniel Stenberg
2015-04-22RELEASE-NOTES: updated for 7.42.0Daniel Stenberg
2015-04-22THANKS: added contributors from 7.42.0 release notesDaniel Stenberg
2015-04-22THANKS-filter: a few more alterations to squashDaniel Stenberg
2015-04-22contrithanks.sh: helper script for maintaining THANKSDaniel Stenberg
2015-04-21http_done: close Negotiate connections when doneDaniel Stenberg
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
2015-04-21fix_hostname: zero length host name caused -1 index offsetDaniel Stenberg
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
2015-04-21cookie: cookie parser out of boundary memory accessDaniel Stenberg
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
2015-04-21ConnectionExists: for NTLM re-use, require credentials to matchDaniel Stenberg
CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
2015-04-21openssl: add OPENSSL_NO_SSL3_METHOD checkbyronhe
2015-04-20CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and descDaniel Stenberg
Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon
2015-04-20configure --with-nss: remove unneeded libs from the fallbackMostyn Bramley-Moore
2015-04-20contributors.sh: fix help output, filter out (-prefix from namesDaniel Stenberg
2015-04-20RELEASE-NOTES: synced with cc0e7ebc3be0Daniel Stenberg
2015-04-19CURLMOPT_TIMERFUNCTION.3: Clarify, add an exampleMichael Stapelberg
2015-04-19vtls/openssl: use https in URLs and a comment typo fixedViktor Szakáts
2015-04-18curl_version_info.3: fixed the 'protocols' variable typeDaniel Stenberg
Reported-by: John Marshall Bug: https://github.com/bagder/curl/issues/225
2015-04-18test1423: added missing "file" to server sectionDan Fandrich
2015-04-17TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methodsDaniel Stenberg
... and some minor edits
2015-04-17Revert "HTTP: don't abort connections with pending Negotiate authentication"Daniel Stenberg
This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
2015-04-17cyassl: Fix include orderJay Satiro
Prior to this change CyaSSL's build options could redefine some generic build symbols. http://curl.haxx.se/mail/lib-2015-04/0069.html
2015-04-17configure --with-nss: drop redundant if statementKamil Dudka
2015-04-17configure --with-nss=PATH: query pkg-config if availableKamil Dudka
Bug: https://github.com/bagder/curl/pull/171
2015-04-17parsecfg: do not continue past a zero terminationDaniel Stenberg
When a config file line ends without newline, the parsing function could continue reading beyond that point in memory. Reported-by: Hanno Böck
2015-04-16gitignore: Ignore Windows build output directoriesJay Satiro
2015-04-15RELEASE-NOTES: synced with 1ba6e4c88e0Daniel Stenberg
2015-04-15TODO: 17.9 Choose the name of file in braces for complex URLsDaniel Stenberg
2015-04-15TODO: a little caution that maybe not all ideas are still goodDaniel Stenberg
2015-04-15TODO: 17.8 offer color-coded HTTP header outputDaniel Stenberg
2015-04-15TODO: 17.7 warning when sending binary output to terminalDaniel Stenberg