Jay Satiro
926cb9ff65
schannel: Fix out of bounds array
...
Bug born in changes made several days ago 9a91e80
.
Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html
Reported-by: Brian Chrisman
2015-04-30 01:44:45 -04:00
Jay Satiro
55db5bdff7
docs/libcurl: gitignore libcurl-symbols.3
...
Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html
Reported-by: Michael Osipov
2015-04-29 13:51:42 -04:00
Viktor Szakats
790d1a4816
lib/makefile.m32: add arch -m32/-m64 to LDFLAGS
...
This fixes using a multi-target mingw distro to build curl .dll for the
non-default target.
(mirroring the same patch present in src/makefile.m32)
2015-04-29 13:18:17 -04:00
Daniel Stenberg
1c0f70f534
RELEASE-NOTES: synced with cd39b944af
...
I've not mentioned the bug fixes that were shipped in 7.42.1 from the
7_42 branch.
2015-04-29 08:38:04 +02:00
Daniel Stenberg
cd39b944af
THANKS: merged from the 7.42.1 release
2015-04-29 08:25:12 +02:00
Daniel Stenberg
6ba2e88a64
CURLOPT_HEADEROPT: default to separate
...
Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.
Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
2015-04-28 21:02:37 +02:00
Linus Nielsen
1f8a337e41
docs/libcurl: Corrected a typo in the CURLOPT_PROXY_SERVICE_NAME documentation
2015-04-28 14:47:18 +02:00
Daniel Stenberg
b2ea1bfcd6
hash: simplify Curl_str_key_compare()
2015-04-28 13:10:53 +02:00
Daniel Stenberg
0741271198
dist: ship CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME
2015-04-28 09:03:58 +02:00
Linus Nielsen
97c272e5d1
Negotiate: custom service names for SPNEGO.
...
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Daniel Stenberg
54c394699d
http2: unify http_conn variable names to 'c'
2015-04-27 22:54:34 +02:00
Daniel Stenberg
09a31fabe4
ConnectionExists: call it multi-use instead of pipelining
...
So that it fits HTTP/2 as well
2015-04-27 22:54:34 +02:00
Paul Howarth
d4f62f6c5d
nss: fix compilation failure with old versions of NSS
...
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
2015-04-27 15:37:16 +02:00
Daniel Stenberg
1945f99d59
sws: init http2 state properly
...
It would otherwise cause problems when running tests after 1801 etc.
2015-04-27 08:38:52 +02:00
Daniel Stenberg
b55cb2eef2
curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
...
... as it was previouly undocumented what the pointer was.
2015-04-27 00:29:18 +02:00
Daniel Stenberg
c0700e3c7f
runtests: use a DISABLED.local file too
...
... and have git ignore that. Allows for a dev to add tests to ignore in
local tests and yet don't obstruct a normal git work flow.
2015-04-26 19:59:13 +02:00
Marc Hoersken
92e754de78
schannel.c: Fix typo introduced with 3447c973d0
2015-04-26 19:57:05 +02:00
Marc Hoersken
9a91e8059b
schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
...
Reported-by: Brian Chrisman
2015-04-26 17:59:01 +02:00
Daniel Stenberg
3447c973d0
schannel: re-indented file to follow curl style better
...
white space changes only
2015-04-26 17:40:40 +02:00
Daniel Stenberg
cae43a10cb
Curl_ossl_init: load builtin modules
...
To have engine modules work, we must tell openssl to load builtin
modules first.
Bug: https://github.com/bagder/curl/pull/206
2015-04-26 17:26:31 +02:00
Daniel Stenberg
aa8f613e98
configure: follow-up fix for krb5-config
...
commit 5b66860652
was incomplete so here's a follow-up fix
Reported-by: Dagobert Michelsen
Bug: 5b66860652 (commitcomment-10473445)
2015-04-26 17:04:18 +02:00
Daniel Stenberg
aff153f83a
openssl: fix serial number output
...
The code extracting the cert serial number was broken and didn't display
it properly.
Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
2015-04-26 16:36:19 +02:00
Grant Pannell
59f3f92ba6
sasl_sspi: Populate domain from the realm in the challenge
...
Without this, SSPI based digest auth was broken.
Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-26 16:12:23 +02:00
Anthony Avina
6a7261359b
tool: New option --data-raw to HTTP POST data, '@' allowed.
...
Add new option --data-raw which is almost the same as --data but does
not have a special interpretation of the @ character.
Prior to this change there was no (easy) way to pass the @ character as
the first character in POST data without it being interpreted as a
special character.
Bug: https://github.com/bagder/curl/issues/198
Reported-by: Jens Rantil
2015-04-25 14:51:14 -04:00
Dan Fandrich
f1e0a0aae7
test2039: fixed line endings that caused a test failure
2015-04-25 10:17:46 +02:00
Viktor Szakats
047e6aa05c
netrc: add unit tests for 'default' support
2015-04-24 23:57:55 +02:00
Viktor Szakats
48be87e5f0
netrc: support 'default' token
...
The 'default' token has no argument and means to match _any_ domain.
It must be placed last if there are 'machine <name>' tokens in the same file.
See full description here:
https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-24 23:57:37 +02:00
Daniel Stenberg
49726926c6
ROADMAP.md: extended the HTTP/2 section, reformatted
...
Elaborated on several of the remaining HTTP/2 parts and made document
use a format that ends up nicer on the web page:
http://curl.haxx.se/dev/roadmap.html
2015-04-24 10:49:31 +02:00
Kamil Dudka
710a2e99b5
curl -z: do not write empty file on unmet condition
...
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and 1423.
Reported-by: Viktor Szakats
Bug: https://github.com/bagder/curl/issues/237
2015-04-23 14:42:07 +02:00
Dan Fandrich
79478fdb68
tool: fixed a comment typo
2015-04-23 00:09:49 +02:00
Dan Fandrich
81e25b0e25
README: convert to UTF-8
2015-04-23 00:02:49 +02:00
Jay Satiro
0675abbc75
cyassl: Implement public key pinning
...
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22 17:07:19 -04:00
Alessandro Ghedini
26cbd7a1d9
curl.1: fix typo
2015-04-22 21:47:32 +02:00
Kamil Dudka
ba4741842e
docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too
2015-04-22 14:52:16 +02:00
Kamil Dudka
27ace9893c
tests/unit/.gitignore: hide unit1601 and above, too
2015-04-22 14:20:20 +02:00
Daniel Stenberg
85c45d153b
connectionexists: follow-up to fd9d3a1ef1
...
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.
Mistake-caught-by: Kamil Dudka
2015-04-22 13:59:04 +02:00
Daniel Stenberg
fd9d3a1ef1
connectionexists: fix build without NTLM
...
Do not access NTLM-specific struct fields when built without NTLM
enabled!
bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
2015-04-22 13:32:45 +02:00
Daniel Stenberg
d409f094a5
bump: start working toward 7.43.0
2015-04-22 13:32:45 +02:00
Kamil Dudka
b47c17d67c
nss: implement public key pinning for NSS backend
...
Bug: https://bugzilla.redhat.com/1195771
2015-04-22 13:21:31 +02:00
Daniel Stenberg
1fd33e3ec8
dist: include {src,lib}/checksrc.whitelist
2015-04-22 13:16:04 +02:00
Daniel Stenberg
22691f849a
RELEASE-NOTES: updated for 7.42.0
2015-04-22 07:56:12 +02:00
Daniel Stenberg
00e01fc0a7
THANKS: added contributors from 7.42.0 release notes
2015-04-22 07:56:12 +02:00
Daniel Stenberg
aadda65f5e
THANKS-filter: a few more alterations to squash
2015-04-22 07:56:12 +02:00
Daniel Stenberg
7166fd8a60
contrithanks.sh: helper script for maintaining THANKS
2015-04-22 07:56:12 +02:00
Daniel Stenberg
79b9d5f1a4
http_done: close Negotiate connections when done
...
When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.
CVE-2015-3148
Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
2015-04-21 23:20:37 +02:00
Daniel Stenberg
0583e87ada
fix_hostname: zero length host name caused -1 index offset
...
If a URL is given with a zero-length host name, like in "http://:80 " or
just ":80", `fix_hostname()` will index the host name pointer with a -1
offset (as it blindly assumes a non-zero length) and both read and
assign that address.
CVE-2015-3144
Bug: http://curl.haxx.se/docs/adv_20150422D.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
b5f947b8ac
cookie: cookie parser out of boundary memory access
...
The internal libcurl function called sanitize_cookie_path() that cleans
up the path element as given to it from a remote site or when read from
a file, did not properly validate the input. If given a path that
consisted of a single double-quote, libcurl would index a newly
allocated memory area with index -1 and assign a zero to it, thus
destroying heap memory it wasn't supposed to.
CVE-2015-3145
Bug: http://curl.haxx.se/docs/adv_20150422C.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
31be461c6b
ConnectionExists: for NTLM re-use, require credentials to match
...
CVE-2015-3143
Bug: http://curl.haxx.se/docs/adv_20150422A.html
Reported-by: Paras Sethia
2015-04-21 23:20:36 +02:00
byronhe
6088fbce06
openssl: add OPENSSL_NO_SSL3_METHOD check
2015-04-21 15:25:21 -04:00
Daniel Stenberg
cf2d21d86f
CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc
...
Bug: https://github.com/bagder/curl/issues/229
Reported-by: bsammon
2015-04-20 23:40:40 +02:00