Gisle Vanem
9a1593501c
memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
...
Fixes #828
2016-05-30 11:43:04 +02:00
Jonathan
27c86c8871
README.md: polish
...
Closes #834
2016-05-30 11:40:20 +02:00
Daniel Stenberg
602a6bdf6f
RELEASE-NOTES: fix vuln link
2016-05-30 08:21:16 +02:00
Daniel Stenberg
cf93a7b364
RELEASE-NOTES: 7.49.1
2016-05-30 08:14:27 +02:00
Steve Holme
6df916d751
loadlibrary: Only load system DLLs from the system directory
...
Inspiration provided by: Daniel Stenberg and Ray Satiro
Bug: https://curl.haxx.se/docs/adv_20160530.html
Ref: Windows DLL hijacking with curl, CVE-2016-4802
2016-05-30 08:14:27 +02:00
Daniel Stenberg
ddf25f6b28
ssh: fix version number check typo
2016-05-30 08:14:27 +02:00
Jay Satiro
694c2dce25
curl_share_setopt.3: Add min ver needed for ssl session lock
...
Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner
2016-05-29 16:27:44 -04:00
Daniel Stenberg
e51798d002
ssh: fix build for libssh2 before 1.2.6
...
The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.
Fixes #831
2016-05-29 00:20:14 +02:00
Daniel Stenberg
b15a17c702
mbedtls: fix includes so snprintf() works
...
Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.
Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
2016-05-24 12:14:18 +02:00
Steve Holme
0a2422753f
checksrc.pl: Added variants of strcat() & strncat() to banned function list
...
Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.
2016-05-23 12:13:41 +01:00
Daniel Stenberg
17b1528dc2
smtp: minor ident (white space) fixes
2016-05-23 12:59:58 +02:00
Daniel Stenberg
668fdd1526
THANKS: updated after script fixes
...
Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.
2016-05-23 10:08:34 +02:00
Daniel Stenberg
e0503d9215
THANKS-filter: more name cleanups
2016-05-23 10:08:15 +02:00
Daniel Stenberg
fcfe39236a
contrithanks.sh: exclude existing names case insensitively
2016-05-23 10:07:48 +02:00
Daniel Stenberg
9816c67b9b
contrithanks.sh: use same grep pattern and -a flag as contributors.sh
2016-05-23 09:14:19 +02:00
Daniel Stenberg
f704d6bf00
contributors.sh: better grep pattern, use grep -a
2016-05-23 09:13:43 +02:00
Daniel Stenberg
1c057f6ecf
THANKS-filter: fix more names
2016-05-23 09:13:20 +02:00
Daniel Stenberg
ed62ec59b6
contrithanks.sh: do the same github fix as contributors.sh
...
from 1577bfa35b
2016-05-23 08:50:53 +02:00
Jay Satiro
1577bfa35b
contributors: Show GitHub username if real name unknown
...
Prior to this change if a GitHub contributor's real name was unknown
they would be omitted from the list.
Bug: https://github.com/curl/curl/issues/824
2016-05-23 02:42:12 -04:00
Daniel Stenberg
79fde56ae3
RELEASE-NOTES: synced with 3caaeffbe8
2016-05-21 16:05:54 +02:00
Jay Satiro
3caaeffbe8
openssl: cleanup must free compression methods
...
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.
Bug: https://github.com/curl/curl/issues/817
Reported-by: jveazey@users.noreply.github.com
2016-05-20 16:44:01 -04:00
Gisle Vanem
3123dad89c
curl_multibyte: fix compiler error
...
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
getting:
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
to follow 'CURL_EXTERN'
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
'curl_domalloc': not in formal parameter list
2016-05-20 16:50:04 +02:00
Daniel Stenberg
994146eb1f
THANKS-filter: make Jan-E get proper credit
2016-05-20 16:44:34 +02:00
Jan-E
6bdc6092a0
winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
...
Closes #818
2016-05-20 16:41:59 +02:00
Alexander Traud
fd8d2a0f63
libcurl.m4: Avoid obsolete warning
...
Closes #821
2016-05-20 16:05:39 +02:00
Michael Kaufmann
53ae37088c
CURLOPT_CONNECT_TO.3: user must not free the list prematurely
...
The connect-to list isn't copied so as long as the handle may be used
for a transfer the list must be valid.
Bug: https://github.com/curl/curl/pull/819
Reported-by: Michael Kaufmann
2016-05-20 00:14:38 -04:00
Daniel Stenberg
46c4ad36ed
RELEASE-NOTES: synced with 48114a8634
2016-05-19 14:01:30 +02:00
Daniel Stenberg
48114a8634
openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
...
See OpenSSL commit 21e001747d4a
2016-05-19 11:39:59 +02:00
Daniel Stenberg
8243a9581b
http2: use HTTP/2 in the HTTP/1.1-alike header
...
... when generating them, not "2.0" as the protocol is called just
HTTP/2 and nothing else.
2016-05-19 11:16:30 +02:00
Jay Satiro
194b97b390
dist: include curl_multi_socket_all.3
...
Closes https://github.com/curl/curl/pull/816
2016-05-19 03:13:07 -04:00
Steve Holme
1c86f14030
bump: Start work on 7.49.1
2016-05-18 17:47:38 +01:00
Daniel Stenberg
63e1f060a2
curlbuild.h.dist: check __LP64__ as well to fix MIPS build
...
The preprocessor check that sets up the 32bit defines for non-configure
builds didn't work properly for MIPS systems as __mips__ is defined for
both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit.
Reported-by: Tomas Jakobsson
Fixes #813
2016-05-18 14:10:36 +02:00
Marcel Raad
125827e60e
schannel: fix compile break with MSVC XP toolset
...
For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK
7.1 is used. In this case, _USING_V110_SDK71_ is defined.
Closes #812
2016-05-18 12:52:41 +02:00
Daniel Stenberg
fe3db2e43b
dist: include CHECKSRC.md
...
Reported-by: Paul Howarth
Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html
2016-05-18 10:35:15 +02:00
Daniel Stenberg
54e4c6c396
test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist
...
Reported-by: Ray Satiro
Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html
2016-05-18 09:17:53 +02:00
Daniel Stenberg
67fe54d918
THANKS: 24 new names from 7.49.0 release notes
2016-05-17 14:51:35 +02:00
Daniel Stenberg
a45e71f0c7
RELEASE-NOTES: 7.49.0
2016-05-17 14:51:35 +02:00
Daniel Stenberg
6efd2fa529
mbedtls/polarssl: set "hostname" unconditionally
...
...as otherwise the TLS libs will skip the CN/SAN check and just allow
connection to any server. curl previously skipped this function when SNI
wasn't used or when connecting to an IP address specified host.
CVE-2016-3739
Bug: https://curl.haxx.se/docs/adv_20160518A.html
Reported-by: Moti Avrahami
2016-05-17 14:48:17 +02:00
Frank Gevaerts
5db313985e
CURLOPT_RESOLVE.3: fix typo
...
Closes #811
2016-05-17 14:28:12 +02:00
Daniel Stenberg
ab5a68937b
docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE
2016-05-17 13:17:07 +02:00
Daniel Stenberg
9f475f7b9d
KNOWN_BUGS: GnuTLS backend skips really long certificate fields
...
Closes #762
2016-05-17 11:13:48 +02:00
Daniel Stenberg
d415bdb883
CURLOPT_HTTPPOST.3: the data needs to be around while in use
2016-05-17 11:08:10 +02:00
Daniel Stenberg
675c30abc2
openssl: get_cert_chain: fix NULL dereference
...
CID 1361815: Explicit null dereferenced (FORWARD_NULL)
2016-05-17 09:34:33 +02:00
Daniel Stenberg
8132fe11b3
openssl: get_cert_chain: avoid NULL dereference
...
CID 1361811: Explicit null dereferenced (FORWARD_NULL)
2016-05-17 09:14:06 +02:00
Daniel Stenberg
b499073406
dprintf_formatf: fix (false?) Coverity warning
...
CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when
we run over 'workend' but the condition says <= workend and for all I
can see it should be safe. Compensating for the warning by adding a byte
margin in the buffer.
Also, removed the extra brace level indentation in the code and made it
so that 'workend' is only assigned once within the function.
2016-05-17 09:06:32 +02:00
Daniel Stenberg
2639c3920d
RELEASE-NOTES: synced with 2dcb5adc72
2016-05-16 09:05:03 +02:00
Daniel Stenberg
2dcb5adc72
THANKS-filter: fixed Jonathan Cardoso
2016-05-16 09:04:13 +02:00
Jay Satiro
b49edf5f02
ftp: fix incorrect out-of-memory code in Curl_pretransfer
...
- Return value type must match function type.
s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/
Caught by Travis CI
2016-05-15 23:48:47 -04:00
Daniel Stenberg
cba9621342
ftp wildcard: segfault due to init only in multi_perform
...
The proper FTP wildcard init is now more properly done in Curl_pretransfer()
and the corresponding cleanup in Curl_close().
The previous place of init/cleanup code made the internal pointer to be NULL
when this feature was used with the multi_socket() API, as it was made within
the curl_multi_perform() function.
Reported-by: Jonathan Cardoso Machado
Fixes #800
2016-05-15 00:37:36 +02:00
Jay Satiro
e1372418cd
libcurl-tlibcurl-thread: Update OpenSSL links
...
Because the old OpenSSL link now redirects to their master documentation
(currently 1.1.0), which does not document the required actions for
OpenSSL <= 1.0.2.
2016-05-13 16:01:35 -04:00