moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-04 08:35:05 -05:00
Code Issues Releases Wiki Activity
20,771 Commits 10 Branches 144 Tags 113 MiB
873b4346ba
Commit Graph

20771 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Kircher
873b4346ba libcurl-multi.3: fix small typo 
Closes #850
 2016-06-01 23:04:16 +02:00
Viktor Szakats
55ab64ed1a makefile.m32: add crypt32 for winssl builds 
Dependency added by 6cabd78

Closes #849
 2016-06-01 10:39:13 +02:00
Ivan Avdeev
31c521b047 vtls: fix ssl session cache race condition 
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: https://github.com/curl/curl/issues/815
Fixes #815
Closes #847
 2016-06-01 09:40:55 +02:00
Andrew Kurushin
6cabd78531 schannel: add CURLOPT_CERTINFO support 
Closes #822
 2016-06-01 08:50:01 +02:00
Daniel Stenberg
c444ace556 RELEASE-NOTES: synced with 142ee9fa15 2016-05-31 23:33:48 +02:00
Daniel Stenberg
142ee9fa15 openssl: rename the private SSL_strerror 
... to make it not look like an OpenSSL function
 2016-05-31 19:54:35 +02:00
Michael Kaufmann
7108e53fb5 openssl: Use correct buffer sizes for error messages 
Closes #844
 2016-05-31 19:52:45 +02:00
Daniel Stenberg
6dbc23cfd8 curl: fix -q [regression] 
This broke in 7.49.0 with commit e200034425

Fixes #842
 2016-05-31 14:25:40 +02:00
Daniel Stenberg
5409e1d793 URL parser: allow URLs to use one, two or three slashes 
Mostly in order to support broken web sites that redirect to broken URLs
that are accepted by browsers.

Browsers are typically even more leniant than this as the WHATWG URL
spec they should allow an _infinite_ amount. I tested 8000 slashes with
Firefox and it just worked.

Added test case 1141, 1142 and 1143 to verify the new parser.

Closes #791
 2016-05-30 23:13:55 +02:00
Renaud Lehoux
ed8b8f2456 cmake: Added missing mbedTLS support 
Closes #837
 2016-05-30 23:09:52 +02:00
Renaud Lehoux
2072b4ae4f mbedtls: removed unused variables 
Closes #838
 2016-05-30 23:05:51 +02:00
Frank Gevaerts
071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version} 
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
 2016-05-30 22:58:51 +02:00
Daniel Stenberg
4bffaad85f bump: start the journey toward 7.50.0 2016-05-30 22:55:54 +02:00
Marcel Raad
c9b4e6e859 openssl: fix build with OPENSSL_NO_COMP 
With OPENSSL_NO_COMP defined, there is no function
SSL_COMP_free_compression_methods

Closes #836
 2016-05-30 15:31:14 +02:00
Gisle Vanem
9a1593501c memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC 
Fixes #828
 2016-05-30 11:43:04 +02:00
Jonathan
27c86c8871 README.md: polish 
Closes #834
 2016-05-30 11:40:20 +02:00
Daniel Stenberg
602a6bdf6f RELEASE-NOTES: fix vuln link 2016-05-30 08:21:16 +02:00
Daniel Stenberg
cf93a7b364 RELEASE-NOTES: 7.49.1 2016-05-30 08:14:27 +02:00
Steve Holme
6df916d751 loadlibrary: Only load system DLLs from the system directory 
Inspiration provided by: Daniel Stenberg and Ray Satiro

Bug: https://curl.haxx.se/docs/adv_20160530.html

Ref: Windows DLL hijacking with curl, CVE-2016-4802
 2016-05-30 08:14:27 +02:00
Daniel Stenberg
ddf25f6b28 ssh: fix version number check typo 2016-05-30 08:14:27 +02:00
Jay Satiro
694c2dce25 curl_share_setopt.3: Add min ver needed for ssl session lock 
Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner
 2016-05-29 16:27:44 -04:00
Daniel Stenberg
e51798d002 ssh: fix build for libssh2 before 1.2.6 
The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.

Fixes #831
 2016-05-29 00:20:14 +02:00
Daniel Stenberg
b15a17c702 mbedtls: fix includes so snprintf() works 
Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.

Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
 2016-05-24 12:14:18 +02:00
Steve Holme
0a2422753f checksrc.pl: Added variants of strcat() & strncat() to banned function list 
Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.
 2016-05-23 12:13:41 +01:00
Daniel Stenberg
17b1528dc2 smtp: minor ident (white space) fixes 2016-05-23 12:59:58 +02:00
Daniel Stenberg
668fdd1526 THANKS: updated after script fixes 
Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.
 2016-05-23 10:08:34 +02:00
Daniel Stenberg
e0503d9215 THANKS-filter: more name cleanups 2016-05-23 10:08:15 +02:00
Daniel Stenberg
fcfe39236a contrithanks.sh: exclude existing names case insensitively 2016-05-23 10:07:48 +02:00
Daniel Stenberg
9816c67b9b contrithanks.sh: use same grep pattern and -a flag as contributors.sh 2016-05-23 09:14:19 +02:00
Daniel Stenberg
f704d6bf00 contributors.sh: better grep pattern, use grep -a 2016-05-23 09:13:43 +02:00
Daniel Stenberg
1c057f6ecf THANKS-filter: fix more names 2016-05-23 09:13:20 +02:00
Daniel Stenberg
ed62ec59b6 contrithanks.sh: do the same github fix as contributors.sh 
from 1577bfa35b
 2016-05-23 08:50:53 +02:00
Jay Satiro
1577bfa35b contributors: Show GitHub username if real name unknown 
Prior to this change if a GitHub contributor's real name was unknown
they would be omitted from the list.

Bug: https://github.com/curl/curl/issues/824
 2016-05-23 02:42:12 -04:00
Daniel Stenberg
79fde56ae3 RELEASE-NOTES: synced with 3caaeffbe8 2016-05-21 16:05:54 +02:00
Jay Satiro
3caaeffbe8 openssl: cleanup must free compression methods 
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.

Bug: https://github.com/curl/curl/issues/817
Reported-by: jveazey@users.noreply.github.com
 2016-05-20 16:44:01 -04:00
Gisle Vanem
3123dad89c curl_multibyte: fix compiler error 
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
getting:

f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
to follow 'CURL_EXTERN'

f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
'curl_domalloc': not in formal parameter list
 2016-05-20 16:50:04 +02:00
Daniel Stenberg
994146eb1f THANKS-filter: make Jan-E get proper credit 2016-05-20 16:44:34 +02:00
Jan-E
6bdc6092a0 winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity 
Closes #818
 2016-05-20 16:41:59 +02:00
Alexander Traud
fd8d2a0f63 libcurl.m4: Avoid obsolete warning 
Closes #821
 2016-05-20 16:05:39 +02:00
Michael Kaufmann
53ae37088c CURLOPT_CONNECT_TO.3: user must not free the list prematurely 
The connect-to list isn't copied so as long as the handle may be used
for a transfer the list must be valid.

Bug: https://github.com/curl/curl/pull/819
Reported-by: Michael Kaufmann
 2016-05-20 00:14:38 -04:00
Daniel Stenberg
46c4ad36ed RELEASE-NOTES: synced with 48114a8634 2016-05-19 14:01:30 +02:00
Daniel Stenberg
48114a8634 openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 
See OpenSSL commit 21e001747d4a
 2016-05-19 11:39:59 +02:00
Daniel Stenberg
8243a9581b http2: use HTTP/2 in the HTTP/1.1-alike header 
... when generating them, not "2.0" as the protocol is called just
HTTP/2 and nothing else.
 2016-05-19 11:16:30 +02:00
Jay Satiro
194b97b390 dist: include curl_multi_socket_all.3 
Closes https://github.com/curl/curl/pull/816
 2016-05-19 03:13:07 -04:00
Steve Holme
1c86f14030 bump: Start work on 7.49.1 2016-05-18 17:47:38 +01:00
Daniel Stenberg
63e1f060a2 curlbuild.h.dist: check __LP64__ as well to fix MIPS build 
The preprocessor check that sets up the 32bit defines for non-configure
builds didn't work properly for MIPS systems as __mips__ is defined for
both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.

Reported-by: Tomas Jakobsson
Fixes #813
 2016-05-18 14:10:36 +02:00
Marcel Raad
125827e60e schannel: fix compile break with MSVC XP toolset 
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
7.1 is used. In this case, _USING_V110_SDK71_ is defined.

Closes #812
 2016-05-18 12:52:41 +02:00
Daniel Stenberg
fe3db2e43b dist: include CHECKSRC.md 
Reported-by: Paul Howarth
Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
 2016-05-18 10:35:15 +02:00
Daniel Stenberg
54e4c6c396 test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist 
Reported-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
 2016-05-18 09:17:53 +02:00
Daniel Stenberg
67fe54d918 THANKS: 24 new names from 7.49.0 release notes 2016-05-17 14:51:35 +02:00