Age | Commit message (Collapse) | Author |
|
When a non-empty list is appended to, and used as the returnvalue,
the list pointer can leak in case of an allocation failure in the
curl_slist_append() call. This is correctly handled in curl code
usage but we weren't explicitly pointing it out in the API call
documentation. Fix by extending the RETURNVALUE manpage section
and example code.
Closes #3424
Reported-by: dnivras on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Researched-by: Tae Wong
|
|
Due to a report of a missing name in THANKS I manually went through an
old CHANGES.0 file and added many previously missing names here.
|
|
Reported-by: Tae Wong
|
|
|
|
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.
Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
https://a.com https://b.com
This is probably quite similar to using:
--connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
The project bug tracker is no longer hosted at sourceforge but is now
hosted on the curl Github page. Update the FAQ to reflect.
Closes #3410
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.
Fixes #2873
Closes #3383
|
|
Closes #3354
|
|
|
|
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
options that allow a callback based approach to sending trailing headers
with chunked transfers.
The test server (sws) was updated to take into account the detection of the
end of transfer in the case of trailing headers presence.
Test 1591 checks that trailing headers can be sent using libcurl.
Closes #3350
|
|
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.
Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Reported-by: Tobias Lindgren
Pointed out in #3367
Closes #3368
|
|
|
|
Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition
header without special processing: this may lead to invalid RFC 822
quoted-strings.
7.56.0 introduces escaping of backslashes and double quotes in these names:
mention it in the documentation.
Reported-by: daboul on github
Closes #3361
|
|
Forgetting to bump the year in the copyright clause when hacking has
been quite common among curl developers, but a traditional checksrc
check isn't a good fit as it would penalize anyone hacking on January
1st (among other things). This adds a more selective COPYRIGHTYEAR
check which intends to only cover the currently hacked on changeset.
The check for updated copyright year is currently not enforced on all
files but only on files edited and/or committed locally. This is due to
the amount of files which aren't updated with their correct copyright
year at the time of their respective commit.
To further avoid running this expensive check for every developer, it
adds a new local override mode for checksrc where a .checksrc file can
be used to turn on extended warnings locally.
Closes #3303
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Closes #3335
[ci skip]
|
|
This backpedals back the documents to the state before bountygraph.
Closes #3311
|
|
Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option
making it a manual code-edit operation to turn it back on. The removal
process has thus started and is now documented in docs/DEPRECATE.md so
remove from the TODO to avoid anyone looking for something to pick up
spend cycles on an already in-progress entry.
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
The variable definition had a small typo making it declare another
variable then the intended.
Closes #3304
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
The function does not return the same value as snprintf() normally does,
so readers may be mislead into thinking the code works differently than
it actually does. A different function name makes this easier to detect.
Reported-by: Tomas Hoger
Assisted-by: Daniel Gustafsson
Fixes #3296
Closes #3297
|
|
Delays stripping of trailing dots to after resolving the hostname.
Fixes #3022
Closes #3222
|
|
Closes #3295
|
|
|
|
|
|
|
|
Added a few of the more notable milestones in curl history that were
missing. Primarily more recent ones but I also noted some older that
could be worth mentioning.
[ci skip]
Closes #3257
|
|
Add the identified issue with --proxy-any and proxy servers which
advertise authentication schemes other than the supported one.
Closes #876
Closes #3250
Reported-by: NTMan on Github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Allows an application to pass in a pre-parsed URL via a URL handle.
Closes #3227
|
|
Groff / Troff will display a:
printaf("Errno: %ld\n", error);
as:
printf("Errno: %ld0, error);
when a "\n" is not escaped. Use "\\n" instead.
Closes #3246
|
|
|
|
Closes #3115
|
|
The productname from Microsoft is "Schannel", but in infof/failf
reporting we use "schannel". This removes different versions.
Closes #3243
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Similar to how URL decoding/encoding is done, we could have URL
functions to convert IDN host names to punycode.
Suggested-by: Alexey Melnichuk
Closes #3232
|
|
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
encoding the first to better allow "name=content" for any content.
Reported-by: Alexey Melnichuk
Fixes #3231
Closes #3231
|
|
- for "--netrc", don't ignore the login/password specified with "--user",
only ignore the login/password in the URL.
This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set
Fixes #3213
Closes #3224
|
|
Closes #3199
|
|
...and fix symbol-scan.pl to also scan urlapi.h
Reported-by: Alexey Melnichuk
Fixes #3226
Closes #3230
|
|
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.
Use a better supported TLS library!
Assisted-by: Daniel Gustafsson
Closes #3194
|
|
Closes #3197
|
|
|
|
MesaLink support was added in commit 57348eb97d1b8fc3742e02c but the
backend was never added to the curl_sslbackend enum in curl/curl.h.
This adds the new backend to the enum and updates the relevant docs.
Closes #3195
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
See: https://curl.haxx.se/mail/lib-2018-10/0107.html
|
|
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by: Ricky-Tigg on github
Bug: #3178
|
|
... I'm moving it up one week due to travels. The rest stays.
|
|
Fixes #3171
Closes #3172
|
|
Closes https://github.com/curl/curl/pull/3159
|
|
Retract the previous approach as the sponsors will be the ones to set the
final amounts.
Closes #3152
[ci skip]
|
|
... now there's only BountyGraph.
|