Daniel Stenberg
95addfe828
RELEASE-NOTES: 7.50.1
2016-08-03 00:34:27 +02:00
Daniel Stenberg
11ec5ad435
TLS: only reuse connections with the same client cert
...
CVE-2016-5420
Bug: https://curl.haxx.se/docs/adv_20160803B.html
2016-08-03 00:34:27 +02:00
Daniel Stenberg
247d890da8
TLS: switch off SSL session id when client cert is used
...
CVE-2016-5419
Bug: https://curl.haxx.se/docs/adv_20160803A.html
Reported-by: Bru Rom
Contributions-by: Eric Rescorla and Ray Satiro
2016-08-03 00:34:27 +02:00
Daniel Stenberg
75dc096e01
curl_multi_cleanup: clear connection pointer for easy handles
...
CVE-2016-5421
Bug: https://curl.haxx.se/docs/adv_20160803C.html
Reported-by: Marcelo Echeverria and Fernando Muñoz
2016-08-03 00:34:27 +02:00
Daniel Stenberg
9cb1059f92
KNOWN_BUGS: SOCKS proxy not working via IPv6
...
Closes #835
2016-08-03 00:24:08 +02:00
Daniel Stenberg
ac09c422d3
KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
...
Closes #768
2016-08-03 00:21:42 +02:00
Daniel Stenberg
80ab2b5ad9
KNOWN_BUGS: transfer-encoding: chunked in HTTP/2
...
Closes #662
2016-08-03 00:19:53 +02:00
Daniel Stenberg
52276b51e0
TODO: Provide cmake config-file
...
Closes #885
2016-08-03 00:15:58 +02:00
Patrick Monnerat
a0c2ab9370
os400: define BUILDING_LIBCURL in make script.
2016-08-02 14:21:31 +02:00
Daniel Stenberg
2136a6a892
RELEASE-NOTES: synced with aa9f536a18
2016-08-01 23:40:27 +02:00
Thomas Glanzmann
aa9f536a18
mbedtls: Fix debug function name
...
This patch is necessary so that curl compiles if MBEDTLS_DEBUG is
defined.
Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html
2016-08-01 13:16:42 -04:00
Sergei Nikulov
120fe1a22d
travis: fix OSX build by re-installing libtool
...
Apparently due to a broken homebrew install
fixes #934
Closes #939
2016-08-01 15:08:53 +02:00
Martin Vejnár
608b11a91f
win32: fix a potential memory leak in Curl_load_library
...
If a call to GetSystemDirectory fails, the `path` pointer that was
previously allocated would be leaked. This makes sure that `path` is
always freed.
Closes #938
2016-08-01 10:43:10 +02:00
Daniel Stenberg
d6604524ad
include: revert 9adf3c4
and make public types void * again
...
Many applications assume the actual contents of the public types and use
that do for example forward declarations (saving them from including our
public header) which then breaks when we switch from void * to a struct
*.
I'm not convinced we were wrong, but since this practise seems
widespread enough I'm willing to (partly) step down.
Now libcurl uses the struct itself when it is built and it allows
applications to use the struct type if CURL_STRICTER is defined at the
time of the #include.
Reported-by: Peter Frühberger
Fixes #926
2016-07-31 22:59:22 +02:00
Yonggang Luo
2bbed9c4f0
cmake: Fix for schannel support
...
The check_library_exists_concat do not check crypt32 library properly.
So include it directly.
Bug: https://github.com/curl/curl/pull/917
Reported-by: Yonggang Luo
Bug: https://github.com/curl/curl/issues/935
Reported-by: Alain Danteny
2016-07-28 03:36:13 -04:00
Jay Satiro
cb9ba5cf8d
Revert "travis: Install libtool for OS X builds"
...
Didn't work.
This reverts commit 50723585ed
.
2016-07-28 00:52:44 -04:00
Jay Satiro
50723585ed
travis: Install libtool for OS X builds
...
CI is failing due to missing libtoolize, so I'm trying this.
2016-07-28 00:36:55 -04:00
Viktor Szakats
17bf323221
TODO: minor typo in last commit
...
merged #931
2016-07-26 16:40:12 +02:00
Daniel Stenberg
f3cad5bbf2
TODO: Timeout idle connections from the pool
2016-07-26 16:03:15 +02:00
Patrick Monnerat
ea88694184
os400: minimum supported OS version: V6R1M0.
...
Do not log compilation informational messages.
2016-07-25 18:58:23 +02:00
Jay Satiro
6b130d6be6
tests: Fix for http/2 feature
...
Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html
Reported-by: Paul Howarth
2016-07-24 02:49:47 -04:00
Steve Holme
1979008703
README: Mention wolfSSL in the 'Dependencies' section
2016-07-23 21:34:46 +01:00
Steve Holme
3fc845914a
vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO
...
As SPNEGO is only defined when these pre-processor variables are defined
there is no need to query them explicitly.
2016-07-23 21:29:16 +01:00
Steve Holme
25bf71ab07
spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
...
Typo introduced in commit ad5e9bfd5d
.
2016-07-23 21:29:16 +01:00
Daniel Stenberg
c7468e8ea2
SECURITY: mention how to get windows-specific CVEs
...
... and make the distros link a proper link
2016-07-22 01:47:13 +02:00
Dan Fandrich
47fa8f0dae
test558: fix test by stripping file paths from FD lines
2016-07-21 17:06:04 +02:00
Kamil Dudka
5e26d9ceea
tests: distribute the http2-server.pl script, too
2016-07-21 13:07:27 +02:00
Kamil Dudka
8b9ba132f0
docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too
2016-07-21 13:06:17 +02:00
Daniel Stenberg
001f8d06fe
bump: start working on 7.50.1
2016-07-21 11:16:08 +02:00
Daniel Stenberg
79e63a53bb
RELEASE-NOTES: version 7.50.0 ready
2016-07-21 10:53:38 +02:00
Daniel Stenberg
d78cf1f03a
THANKS: 13 new contributors from the 7.50.0 release
2016-07-21 10:53:38 +02:00
Jay Satiro
af8eb69cb2
winbuild: fix embedded manifest option
...
Embedded manifest option didn't work due to typo.
Reported-by: Stefan Kanthak
2016-07-21 01:37:29 -04:00
Jay Satiro
c5cffce56e
vauth: Fix memleak by freeing credentials if out of memory
...
This is a follow up to the parent commit dcdd4be
which fixes one leak
but creates another by failing to free the credentials handle if out of
memory. Also there's a second location a few lines down where we fail to
do same. This commit fixes both of those issues.
2016-07-20 22:00:45 -04:00
Saurav Babu
dcdd4be352
vauth: Fixed memory leak due to function returning without free
...
This patch allocates memory to "output_token" only when it is required
so that memory is not leaked if function returns.
2016-07-20 23:21:49 +02:00
Daniel Stenberg
c6d3fa11e6
test558: updated after ipv6-check move
...
Follow-up commit to c50980807c
to make this test pass.
2016-07-20 23:06:03 +02:00
Jay Satiro
4ee203542d
connect: disable TFO on Linux when using SSL
...
- Linux TFO + TLS is not implemented yet.
Bug: https://github.com/curl/curl/issues/907
2016-07-20 02:49:19 -04:00
Daniel Stenberg
57ac61a469
ROADMAP: QUIC and TLS 1.3
2016-07-19 23:10:39 +02:00
Daniel Stenberg
545562f13e
RELEASE-NOTES: synced with c50980807c
2016-07-19 23:04:26 +02:00
Brian Prodoehl
c50980807c
curl_global_init: Check if IPv6 works
...
- Curl_ipv6works() is not thread-safe until after the first call, so
call it once during global init to avoid a possible race condition.
Bug: https://github.com/curl/curl/issues/915
PR: https://github.com/curl/curl/pull/918
2016-07-18 02:42:28 -04:00
Timothy Polich
16fe3f6b0a
CURLMOPT_SOCKETFUNCTION.3: fix typo
...
Closes https://github.com/curl/curl/pull/914
2016-07-14 02:58:59 -04:00
Miroslav Franc
bf430ecdef
library: Fix memory leaks found during static analysis
...
Closes https://github.com/curl/curl/pull/913
2016-07-14 02:52:56 -04:00
Viktor Szakats
bcc8f485e5
cookie.c: Fix misleading indentation
...
Closes https://github.com/curl/curl/pull/911
2016-07-13 03:09:20 -04:00
Jay Satiro
f9eed596a3
FAQ: Update FTP directory listing section for MLSD command
...
Explain how some FTP servers support the machine readable listing
format MLSD from RFC 3659 and compare it to LIST.
Ref: https://github.com/curl/curl/issues/906
2016-07-09 03:05:55 -04:00
Sergei Nikulov
7c9cfd6c51
Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING
...
Closes #892
2016-07-01 09:53:22 +02:00
Daniel Stenberg
c4f108ece8
TODO: 17.4 also brings more HTTP/2 support
2016-06-30 23:45:49 +02:00
Daniel Stenberg
a194e6c9ae
TODO: try next proxy if one doesn't work
...
Closes #896
2016-06-30 23:42:06 +02:00
Daniel Stenberg
6655e30691
conn: don't free easy handle data in handler->disconnect
...
Reported-by: Gou Lingfeng
Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html
2016-06-29 23:13:09 +02:00
Daniel Stenberg
e89489d8f4
test1244: test different proxy ports same URL
2016-06-29 23:06:32 +02:00
Daniel Stenberg
306192ba55
curl_global_init.3: improved formatting of the flags
2016-06-29 16:00:46 +02:00
Daniel Stenberg
bbd99a277b
curl_global_init.3: expand on the SSL and WIN32 bits purpose
...
Reported-by: Richard Gray
Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html
2016-06-29 15:57:44 +02:00