curl - cURL mirror with patches applied

Age	Commit message (Collapse)	Author
2014-05-04	curl_ntlm_core: Fixed use of long long for VC6 and VC7	Steve Holme
	Commit 07b66cbfa4 unfortunately broke native NTLM message support in compilers, such as VC6, VC7 and others, that don't support long long type declarations. This commit fixes VC6 and VC7 as they support the __int64 extension, however, we should consider an additional fix for other compilers that don't support this.
2014-05-04	config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up	Steve Holme
	Fixed the HAVE_LONGLONG declaration as long long is supported in Visual Studio .NET 2003 (VC7.1) onwards.
2014-05-04	openssl: biomem->data is not zero terminated	Daniel Stenberg
	So printf(%s) on it or reading before bounds checking is wrong, fixing it. Could previously lead to reading out of boundary. Reported-by: Török Edwin
2014-05-03	easy_perform: spelling mistake in error message	Daniel Stenberg

2014-04-28	copyright: Updated following recent edits	Steve Holme

2014-04-29	Added a few more const where possible	Dan Fandrich

2014-04-27	http2: Compile with latest nghttp2	Tatsuhiro Tsujikawa
	commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required
2014-04-26	INFILESIZE: fields in UserDefined must not be changed run-time	Daniel Stenberg
	set.infilesize in this case was modified in several places, which could lead to repeated requests using the same handle to get unintendent/wrong consequences based on what the previous request did!
2014-04-25	nss: propagate blocking direction from NSPR I/O	Kamil Dudka
	... during the non-blocking SSL handshake
2014-04-23	handler: make 'protocol' always specified as a single bit	Daniel Stenberg
	This makes the findprotocol() function work as intended so that libcurl can properly be restricted to not support HTTP while still supporting HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS bits in the protocol field. This fixes --proto and --proto-redir for most SSL protocols. This is done by adding a few new convenience defines that groups HTTP and HTTPS, FTP and FTPS etc that should then be used when the code wants to check for both protocols at once. PROTO_FAMILY_[protocol] style. Bug: https://github.com/bagder/curl/pull/97 Reported-by: drizzt
2014-04-23	cyassl: Use error-ssl.h when available	Dan Fandrich
	Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use whichever one is available.
2014-04-22	gtls: fix NULL pointer dereference	Daniel Stenberg
	gnutls_x509_crt_import() must not be called with a NULL certificate Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html Reported-by: Damian Dixon
2014-04-22	curl_global_init_mem: bump initialized even if already initialized	Daniel Stenberg
	As this makes curl_global_init_mem() behave the same way as curl_global_init() already does in that aspect - the same number of curl_global_cleanup() calls is then required to again decrease the counter and then eventually do the cleanup. Bug: http://curl.haxx.se/bug/view.cgi?id=1362 Reported-by: Tristan
2014-04-22	nss: implement non-blocking SSL handshake	Kamil Dudka

2014-04-22	nss: split Curl_nss_connect() into 4 functions	Kamil Dudka

2014-04-19	multi.c: fix possible invalid memory access in case nfds overflows	Marc Hoersken
	ufds might not be allocated in case nfds overflows to zero while extra_nfds is still non-zero. udfs is then accessed within the extra_nfds-based for loop.
2014-04-19	netrc.c: fix multiple possible dereferences of null pointers	Marc Hoersken

2014-04-19	parsedate.c: check sscanf result before passing it to strlen	Marc Hoersken

2014-04-19	telnet.c: check sscanf results before passing them to snprintf	Marc Hoersken

2014-04-19	telnet.c: fix possible use of uninitialized variable	Marc Hoersken

2014-04-19	telnet.c: fix possible use of non-null-terminated strings	Marc Hoersken

2014-04-19	url.c: fix possible use of non-null-terminated string with strlen	Marc Hoersken
	Follow up on b0e742544be22ede33206a597b22682e51e0c676
2014-04-19	url.c: fix possible use of non-null-terminated string with strlen	Marc Hoersken

2014-04-18	connect.c: fix multiple possible dereferences of null pointers	Marc Hoersken
	In case the first address in the tempaddr array is NULL, the code would previously dereference an unchecked null pointer.
2014-04-18	tftp.c: fix possible dereference of null pointer	Marc Hoersken

2014-04-18	socks_sspi.c: added pointer guards to FreeContextBuffer calls	Marc Hoersken
	The FreeContextBuffer SAL declaration does not declare the pointer as optional, therefore it must not be NULL.
2014-04-18	md5.c: fix use of uninitialized variable	Marc Hoersken

2014-04-18	curl_schannel.c: added explicit cast of structure pointers	Marc Hoersken

2014-04-18	curl_schannel.c: fix possible dereference of null pointer	Marc Hoersken

2014-04-18	imap: Extended FETCH support to include PARTIAL URL specifier	Steve Holme

2014-04-18	url.c: Fixed typo in comment	Steve Holme

2014-04-18	imap: Expanded mailbox SEARCH support to use URL query strings	Steve Holme

2014-04-18	imap: Added support for parsing URL query strings	Steve Holme
	Added support for parsing query strings from the URL as defined by RFC-5092.
2014-04-18	imap: Introduced the SEARCH state	Steve Holme

2014-04-18	imap: Fixed untagged response detection when no data after command	Steve Holme
	Should a command return untagged responses that contained no data then the imap_matchresp() function would not detect them as valid responses, as it wasn't taking the CRLF characters into account at the end of each line.
2014-04-17	README.http2: mention some alt-svc thoughts	Daniel Stenberg

2014-04-14	url: only use if_nametoindex() if IFNAMSIZ is available	Dan Fandrich

2014-04-08	sas: Added DIGEST-MD5 qop-option validation in native challange handling	Steve Holme
	Given that we presently support "auth" and not "auth-int" or "auth-conf" for native challenge-response messages, added client side validation of the quality-of-protection options from the server's challenge message.
2014-04-06	strerror: fix comment about vxworks' strerror_r buffer size	Daniel Stenberg
	Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html Reported-by: Jeroen Koekkoek
2014-04-06	sasl: Added forward declaration of structures following recent changes	Steve Holme
	To avoid urldata.h being included from the header file or that the source file has the correct include order as highlighted by one of the auto builds recently.
2014-04-06	sasl: Fixed compilation warning	Steve Holme
	warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06	sasl: Added curl_memory.h include as per test 1132	Steve Holme

2014-04-06	sasl: Fixed compilation warning in SSPI builds	Steve Holme
	warning: 'sasl_digest_get_key_value' defined but not used
2014-04-06	sasl: Corrected missing free of decoded challenge message from 607883f13c	Steve Holme

2014-04-06	sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092	Steve Holme

2014-04-06	sasl: Post DIGEST-MD5 SSPI code tidy up	Steve Holme
	* Added comments to SSPI NTLM message generation * Added comments to native DIGEST-MD5 code * Removed redundant identity pointer
2014-04-06	sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code	Steve Holme
	When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not be included, regardless of whether USE__WINDOWS_SSPI is defined or not. This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM in curl_setup.h.
2014-04-06	sasl: Added support for DIGEST-MD5 via Windows SSPI	Steve Holme

2014-04-06	http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined	Steve Holme

2014-04-06	Makefile.vc6: Added curl_sasl_sspi.c	Steve Holme