1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Commit Graph

21078 Commits

Author SHA1 Message Date
Daniel Stenberg
1671d84b38 vtls: only re-use session-ids using the same scheme
To make it harder to do cross-protocol mistakes
2016-10-13 11:24:16 +02:00
Torben Dannhauer
3b36bd8e1a dist: add missing cmake modules to the tarball
Closes https://github.com/curl/curl/pull/1070
2016-10-11 22:57:36 -04:00
Daniel Stenberg
9297ca49f5 configure: detect the broken poll() in macOS 10.12
Fixes #1057
2016-10-11 11:05:06 +02:00
Daniel Stenberg
358fd32820 dist: remove PDF and HTML converted docs from the releases 2016-10-10 23:33:13 +02:00
Remo E
d522ff4690 cmake: add nghttp2 support
Closes #922
2016-10-10 19:47:31 +02:00
Andreas Streichardt
eb5199317e resolve: add error message when resolving using SIGALRM
Closes #1066
2016-10-10 14:14:20 +02:00
Daniel Stenberg
7cc9c876e8 GIT-INFO: remove the Mac 10.1-specific details
There shouldn't be many devs out there anymore using such outdated macOS
versions. And it removes the dead link.

Closes #1049
2016-10-10 10:29:19 +02:00
Daniel Stenberg
8c2b5580a6 RELEASE-NOTES: spellfix 2016-10-10 08:14:28 +02:00
Daniel Stenberg
f68042a2a5 RELEASE-NOTES: synced with 8272049062
5 more fixes, 2 more contributors
2016-10-10 08:13:01 +02:00
Tobias Stoeckmann
8272049062 smb: properly check incoming packet boundaries
Not all reply messages were properly checked for their lengths, which
made it possible to access uninitialized memory (but this does not lead
to out of boundary accesses).

Closes #1052
2016-10-09 00:14:26 +02:00
Daniel Stenberg
ac8a314913 test557: verify printf() with 128 and 129 arguments 2016-10-08 20:47:44 +02:00
Daniel Stenberg
71588c9aef mprintf: return error on too many arguments
128 arguments should be enough for everyone
2016-10-08 20:47:04 +02:00
Daniel Stenberg
8238ba9c5f ftp: fix Curl_ftpsendf()
... it no longer takes printf() arguments since it was only really taken
advantage by one user and it was not written and used in a safe
way. Thus the 'f' is removed from the function name and the proto is
changed.

Although the current code wouldn't end up in badness, it was a risk that
future changes could end up springf()ing too large data or passing in a
format string inadvertently.
2016-10-08 15:13:46 +02:00
Daniel Stenberg
9885c9508e formpost: avoid silent snprintf() truncation
The previous use of snprintf() could make libcurl silently truncate some
input data and not report that back on overly large input, which could
make data get sent over the network in a bad format.

Example:

 $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
2016-10-08 13:00:45 +02:00
Daniel Stenberg
f74baaf3b3 TODO: build: Enable PIE and RELRO by default 2016-10-08 12:17:26 +02:00
Daniel Stenberg
e11da9f4b7 TODO: Support better than MD5 hostkey hash (for ssh) 2016-10-08 11:51:21 +02:00
Daniel Gustafsson
4f43236a40 tests: Fix a small typo in the tests README (#1060)
The subdirectory for logs in tests/ is named log/ without an 's'
at the end.
2016-10-08 11:39:12 +02:00
Daniel Stenberg
13f3912471 TODO: Introduce --fail-fast to exit on first transfer fail
See #1054
2016-10-06 17:45:06 +02:00
Daniel Stenberg
da1a2d1ac8 TODO: Leave secure cookies alone 2016-10-06 09:40:47 +02:00
Rainer Müller
c271b1c29a CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
The 'userp' argument is unused in this example code.
2016-10-06 08:06:13 +02:00
Daniel Stenberg
2a3bca9aa0 TODO: TCP Fast Open for windows 2016-10-05 11:50:50 +02:00
Daniel Stenberg
6bf909d5ce RELEASE-NOTES: synced with 8fd2a754f0 2016-10-04 23:50:52 +02:00
Daniel Stenberg
15aefc6adc CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added 2016-10-04 23:46:45 +02:00
Daniel Stenberg
8fd2a754f0 memdup: use 'void *' as return and source type 2016-10-04 23:31:25 +02:00
Daniel Stenberg
203c5d5b3c TODO: Add easy argument to formpost functions 2016-10-04 18:34:31 +02:00
Daniel Stenberg
bdf162af25 formpost: trying to attach a directory no longer crashes
The error path would previously add a freed entry to the linked list.

Reported-by: Toby Peterson

Fixes #1053
2016-10-04 09:13:02 +02:00
Sergei Kuzmin
54e48b14e1 cookies: same domain handling changed to match browser behavior
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other.  If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.

Closes #1050
2016-10-03 16:49:35 +02:00
Stephen Brokenshire
2a1d538963 FAQ: Fix typos in section 5.14 (#1047)
Type required for YourClass::func C++ function (using size_t in line
with the documentation for CURLOPT_WRITEFUNCTION) and missing second
colon when specifying the static function for CURLOPT_WRITEFUNCTION.
2016-10-01 17:36:50 +02:00
Sebastian Mundry
9eda44a200 KNOWN_BUGS: Fix typos in section 5.8.
Closes #1046
2016-09-30 20:50:55 +02:00
mundry
dd42963a52 CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045) 2016-09-30 20:49:48 +02:00
Daniel Stenberg
7ea1469468 curl.1: --trace supports % for sending to stderr! 2016-09-30 17:17:48 +02:00
Daniel Stenberg
bd742adb6f KNOWN_BUGS: 5.8 configure finding libs in wrong directory 2016-09-26 11:44:00 +02:00
Dan Fandrich
1e7b79731b configure: Fixed builds with libssh2 in a custom location
A libssh2 library in the standard system location was being used in
preference to the desired one while linking.
2016-09-24 08:52:01 +02:00
Daniel Stenberg
cd7f562bdc SECURITY: remove the top ascii logo 2016-09-23 22:11:55 +02:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Kamil Dudka
d1f1c857ad nss: add chacha20-poly1305 cipher suites if supported by NSS 2016-09-22 10:20:12 +02:00
Kamil Dudka
049aa92546 nss: add cipher suites using SHA384 if supported by NSS 2016-09-22 10:17:26 +02:00
Kamil Dudka
7591220270 nss: fix typo in ecdhe_rsa_null cipher suite string
As it seems to be a rarely used cipher suite (for securely established
but _unencrypted_ connections), I believe it is fine not to provide an
alias for the misspelled variant.
2016-09-22 10:17:26 +02:00
Jay Satiro
36e53ec6ff docs: Remove that --proto is just used for initial retrieval
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.

- Add a test to enforce: --proto deny must override --proto-redir allow

Closes https://github.com/curl/curl/pull/1031
2016-09-21 17:23:24 -04:00
Daniel Stenberg
82279c82c8 dist: add CurlSymbolHiding.cmake to the tarball
Follow-up to 6140dfcf3e

Reported-by: Alexander Sinditskiy
2016-09-21 23:17:39 +02:00
Daniel Stenberg
aab94da619 curl_global_cleanup.3: don't unload the lib with sub threads running
Discussed in #997

Assisted-by: Jay Satiro
2016-09-20 23:00:52 +02:00
Daniel Stenberg
88e3743dde MAIL-ETIQUETTE: language 2016-09-20 15:37:46 +02:00
Jay Satiro
22cfeac730 easy: Reset all statistical session info in curl_easy_reset
Bug: https://github.com/curl/curl/issues/1017
Reported-by: Jeroen Ooms
2016-09-20 01:14:01 -04:00
Daniel Stenberg
6834ebaaa3 RELEASE-NOTES: synced with 79607eec51 2016-09-19 23:58:55 +02:00
Daniel Gustafsson
79607eec51 darwinssl: Fix typo in comment
Closes https://github.com/curl/curl/pull/1028
2016-09-19 17:06:00 -04:00
Bernard Spil
01c8db47aa libressl: fix version output
LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all
versions returning `LibreSSL/2.0.0` for any LibreSSL version.

This change provides a local OpenSSL_version_num function replacement
returning LIBRESSL_VERSION_NUMBER instead.

Closes #1029
2016-09-19 22:47:35 +02:00
rugk
31dd3bf674 TODO: Add PINNEDPUBLICKEY - HPKP compatibility, HSTS & HPKP
Closes #1025
Closes #1026
Closes #1027
2016-09-19 16:58:33 +02:00
Daniel Stenberg
a2b360f890 openssl: don't call ERR_remote_thread_state on >= 1.1.0
Follow-up fix to d9321562
2016-09-19 14:32:59 +02:00
Daniel Stenberg
de71e68000 openssl: don’t call CRYTPO_cleanup_all_ex_data
The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called
multiple times without crashing - and other libs might call it! We
basically cannot call it without risking a crash. The function is a
no-op since OpenSSL 1.1.0.

Not calling this function only risks a small memory leak with OpenSSL <
1.1.0.

Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html
Reported-by: Todd Short
2016-09-19 11:33:14 +02:00
Daniel Stenberg
fb0032a33e TODO: Support SSLKEYLOGFILE 2016-09-19 10:29:00 +02:00