moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 19:45:04 -05:00
Code Issues Releases Wiki Activity
20,756 Commits 10 Branches 144 Tags 113 MiB
27c86c8871
Commit Graph

20756 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonathan
27c86c8871 README.md: polish 
Closes #834
 2016-05-30 11:40:20 +02:00
Daniel Stenberg
602a6bdf6f RELEASE-NOTES: fix vuln link 2016-05-30 08:21:16 +02:00
Daniel Stenberg
cf93a7b364 RELEASE-NOTES: 7.49.1 2016-05-30 08:14:27 +02:00
Steve Holme
6df916d751 loadlibrary: Only load system DLLs from the system directory 
Inspiration provided by: Daniel Stenberg and Ray Satiro

Bug: https://curl.haxx.se/docs/adv_20160530.html

Ref: Windows DLL hijacking with curl, CVE-2016-4802
 2016-05-30 08:14:27 +02:00
Daniel Stenberg
ddf25f6b28 ssh: fix version number check typo 2016-05-30 08:14:27 +02:00
Jay Satiro
694c2dce25 curl_share_setopt.3: Add min ver needed for ssl session lock 
Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner
 2016-05-29 16:27:44 -04:00
Daniel Stenberg
e51798d002 ssh: fix build for libssh2 before 1.2.6 
The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.

Fixes #831
 2016-05-29 00:20:14 +02:00
Daniel Stenberg
b15a17c702 mbedtls: fix includes so snprintf() works 
Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.

Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
 2016-05-24 12:14:18 +02:00
Steve Holme
0a2422753f checksrc.pl: Added variants of strcat() & strncat() to banned function list 
Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.
 2016-05-23 12:13:41 +01:00
Daniel Stenberg
17b1528dc2 smtp: minor ident (white space) fixes 2016-05-23 12:59:58 +02:00
Daniel Stenberg
668fdd1526 THANKS: updated after script fixes 
Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.
 2016-05-23 10:08:34 +02:00
Daniel Stenberg
e0503d9215 THANKS-filter: more name cleanups 2016-05-23 10:08:15 +02:00
Daniel Stenberg
fcfe39236a contrithanks.sh: exclude existing names case insensitively 2016-05-23 10:07:48 +02:00
Daniel Stenberg
9816c67b9b contrithanks.sh: use same grep pattern and -a flag as contributors.sh 2016-05-23 09:14:19 +02:00
Daniel Stenberg
f704d6bf00 contributors.sh: better grep pattern, use grep -a 2016-05-23 09:13:43 +02:00
Daniel Stenberg
1c057f6ecf THANKS-filter: fix more names 2016-05-23 09:13:20 +02:00
Daniel Stenberg
ed62ec59b6 contrithanks.sh: do the same github fix as contributors.sh 
from 1577bfa35b
 2016-05-23 08:50:53 +02:00
Jay Satiro
1577bfa35b contributors: Show GitHub username if real name unknown 
Prior to this change if a GitHub contributor's real name was unknown
they would be omitted from the list.

Bug: https://github.com/curl/curl/issues/824
 2016-05-23 02:42:12 -04:00
Daniel Stenberg
79fde56ae3 RELEASE-NOTES: synced with 3caaeffbe8 2016-05-21 16:05:54 +02:00
Jay Satiro
3caaeffbe8 openssl: cleanup must free compression methods 
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.

Bug: https://github.com/curl/curl/issues/817
Reported-by: jveazey@users.noreply.github.com
 2016-05-20 16:44:01 -04:00
Gisle Vanem
3123dad89c curl_multibyte: fix compiler error 
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
getting:

f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
to follow 'CURL_EXTERN'

f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
'curl_domalloc': not in formal parameter list
 2016-05-20 16:50:04 +02:00
Daniel Stenberg
994146eb1f THANKS-filter: make Jan-E get proper credit 2016-05-20 16:44:34 +02:00
Jan-E
6bdc6092a0 winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity 
Closes #818
 2016-05-20 16:41:59 +02:00
Alexander Traud
fd8d2a0f63 libcurl.m4: Avoid obsolete warning 
Closes #821
 2016-05-20 16:05:39 +02:00
Michael Kaufmann
53ae37088c CURLOPT_CONNECT_TO.3: user must not free the list prematurely 
The connect-to list isn't copied so as long as the handle may be used
for a transfer the list must be valid.

Bug: https://github.com/curl/curl/pull/819
Reported-by: Michael Kaufmann
 2016-05-20 00:14:38 -04:00
Daniel Stenberg
46c4ad36ed RELEASE-NOTES: synced with 48114a8634 2016-05-19 14:01:30 +02:00
Daniel Stenberg
48114a8634 openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 
See OpenSSL commit 21e001747d4a
 2016-05-19 11:39:59 +02:00
Daniel Stenberg
8243a9581b http2: use HTTP/2 in the HTTP/1.1-alike header 
... when generating them, not "2.0" as the protocol is called just
HTTP/2 and nothing else.
 2016-05-19 11:16:30 +02:00
Jay Satiro
194b97b390 dist: include curl_multi_socket_all.3 
Closes https://github.com/curl/curl/pull/816
 2016-05-19 03:13:07 -04:00
Steve Holme
1c86f14030 bump: Start work on 7.49.1 2016-05-18 17:47:38 +01:00
Daniel Stenberg
63e1f060a2 curlbuild.h.dist: check __LP64__ as well to fix MIPS build 
The preprocessor check that sets up the 32bit defines for non-configure
builds didn't work properly for MIPS systems as __mips__ is defined for
both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.

Reported-by: Tomas Jakobsson
Fixes #813
 2016-05-18 14:10:36 +02:00
Marcel Raad
125827e60e schannel: fix compile break with MSVC XP toolset 
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
7.1 is used. In this case, _USING_V110_SDK71_ is defined.

Closes #812
 2016-05-18 12:52:41 +02:00
Daniel Stenberg
fe3db2e43b dist: include CHECKSRC.md 
Reported-by: Paul Howarth
Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
 2016-05-18 10:35:15 +02:00
Daniel Stenberg
54e4c6c396 test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist 
Reported-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
 2016-05-18 09:17:53 +02:00
Daniel Stenberg
67fe54d918 THANKS: 24 new names from 7.49.0 release notes 2016-05-17 14:51:35 +02:00
Daniel Stenberg
a45e71f0c7 RELEASE-NOTES: 7.49.0 2016-05-17 14:51:35 +02:00
Daniel Stenberg
6efd2fa529 mbedtls/polarssl: set "hostname" unconditionally 
...as otherwise the TLS libs will skip the CN/SAN check and just allow
connection to any server. curl previously skipped this function when SNI
wasn't used or when connecting to an IP address specified host.

CVE-2016-3739

Bug: https://curl.haxx.se/docs/adv_20160518A.html
Reported-by: Moti Avrahami
 2016-05-17 14:48:17 +02:00
Frank Gevaerts
5db313985e CURLOPT_RESOLVE.3: fix typo 
Closes #811
 2016-05-17 14:28:12 +02:00
Daniel Stenberg
ab5a68937b docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE 2016-05-17 13:17:07 +02:00
Daniel Stenberg
9f475f7b9d KNOWN_BUGS: GnuTLS backend skips really long certificate fields 
Closes #762
 2016-05-17 11:13:48 +02:00
Daniel Stenberg
d415bdb883 CURLOPT_HTTPPOST.3: the data needs to be around while in use 2016-05-17 11:08:10 +02:00
Daniel Stenberg
675c30abc2 openssl: get_cert_chain: fix NULL dereference 
CID 1361815: Explicit null dereferenced (FORWARD_NULL)
 2016-05-17 09:34:33 +02:00
Daniel Stenberg
8132fe11b3 openssl: get_cert_chain: avoid NULL dereference 
CID 1361811: Explicit null dereferenced (FORWARD_NULL)
 2016-05-17 09:14:06 +02:00
Daniel Stenberg
b499073406 dprintf_formatf: fix (false?) Coverity warning 
CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
we run over 'workend' but the condition says <= workend and for all I
can see it should be safe. Compensating for the warning by adding a byte
margin in the buffer.

Also, removed the extra brace level indentation in the code and made it
so that 'workend' is only assigned once within the function.
 2016-05-17 09:06:32 +02:00
Daniel Stenberg
2639c3920d RELEASE-NOTES: synced with 2dcb5adc72 2016-05-16 09:05:03 +02:00
Daniel Stenberg
2dcb5adc72 THANKS-filter: fixed Jonathan Cardoso 2016-05-16 09:04:13 +02:00
Jay Satiro
b49edf5f02 ftp: fix incorrect out-of-memory code in Curl_pretransfer 
- Return value type must match function type.

s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/

Caught by Travis CI
 2016-05-15 23:48:47 -04:00
Daniel Stenberg
cba9621342 ftp wildcard: segfault due to init only in multi_perform 
The proper FTP wildcard init is now more properly done in Curl_pretransfer()
and the corresponding cleanup in Curl_close().

The previous place of init/cleanup code made the internal pointer to be NULL
when this feature was used with the multi_socket() API, as it was made within
the curl_multi_perform() function.

Reported-by: Jonathan Cardoso Machado
Fixes #800
 2016-05-15 00:37:36 +02:00
Jay Satiro
e1372418cd libcurl-tlibcurl-thread: Update OpenSSL links 
Because the old OpenSSL link now redirects to their master documentation
(currently 1.1.0), which does not document the required actions for
OpenSSL <= 1.0.2.
 2016-05-13 16:01:35 -04:00
Viktor Szakats
bf418d2df0 darwinssl.c: fix OS X codename typo in comment 2016-05-13 09:59:17 +02:00