moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
19,590 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

19590 Commits

Author SHA1 Message Date
Anthony Avina 6a7261359b tool: New option --data-raw to HTTP POST data, '@' allowed. 
Add new option --data-raw which is almost the same as --data but does
not have a special interpretation of the @ character.

Prior to this change there was no (easy) way to pass the @ character as
the first character in POST data without it being interpreted as a
special character.

Bug: https://github.com/bagder/curl/issues/198
Reported-by: Jens Rantil
 2015-04-25 14:51:14 -04:00
Dan Fandrich f1e0a0aae7 test2039: fixed line endings that caused a test failure 2015-04-25 10:17:46 +02:00
Viktor Szakats 047e6aa05c netrc: add unit tests for 'default' support 2015-04-24 23:57:55 +02:00
Viktor Szakats 48be87e5f0 netrc: support 'default' token 
The 'default' token has no argument and means to match _any_ domain.
It must be placed last if there are 'machine <name>' tokens in the same file.

See full description here:
https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
 2015-04-24 23:57:37 +02:00
Daniel Stenberg 49726926c6 ROADMAP.md: extended the HTTP/2 section, reformatted 
Elaborated on several of the remaining HTTP/2 parts and made document
use a format that ends up nicer on the web page:
http://curl.haxx.se/dev/roadmap.html
 2015-04-24 10:49:31 +02:00
Kamil Dudka 710a2e99b5 curl -z: do not write empty file on unmet condition 
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and 1423.

Reported-by: Viktor Szakats
Bug: https://github.com/bagder/curl/issues/237
 2015-04-23 14:42:07 +02:00
Dan Fandrich 79478fdb68 tool: fixed a comment typo 2015-04-23 00:09:49 +02:00
Dan Fandrich 81e25b0e25 README: convert to UTF-8 2015-04-23 00:02:49 +02:00
Jay Satiro 0675abbc75 cyassl: Implement public key pinning 
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
 2015-04-22 17:07:19 -04:00
Alessandro Ghedini 26cbd7a1d9 curl.1: fix typo 2015-04-22 21:47:32 +02:00
Kamil Dudka ba4741842e docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too 2015-04-22 14:52:16 +02:00
Kamil Dudka 27ace9893c tests/unit/.gitignore: hide unit1601 and above, too 2015-04-22 14:20:20 +02:00
Daniel Stenberg 85c45d153b connectionexists: follow-up to fd9d3a1ef1 
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.

Mistake-caught-by: Kamil Dudka
 2015-04-22 13:59:04 +02:00
Daniel Stenberg fd9d3a1ef1 connectionexists: fix build without NTLM 
Do not access NTLM-specific struct fields when built without NTLM
enabled!

bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
 2015-04-22 13:32:45 +02:00
Daniel Stenberg d409f094a5 bump: start working toward 7.43.0 2015-04-22 13:32:45 +02:00
Kamil Dudka b47c17d67c nss: implement public key pinning for NSS backend 
Bug: https://bugzilla.redhat.com/1195771
 2015-04-22 13:21:31 +02:00
Daniel Stenberg 1fd33e3ec8 dist: include {src,lib}/checksrc.whitelist 2015-04-22 13:16:04 +02:00
Daniel Stenberg 22691f849a RELEASE-NOTES: updated for 7.42.0 2015-04-22 07:56:12 +02:00
Daniel Stenberg 00e01fc0a7 THANKS: added contributors from 7.42.0 release notes 2015-04-22 07:56:12 +02:00
Daniel Stenberg aadda65f5e THANKS-filter: a few more alterations to squash 2015-04-22 07:56:12 +02:00
Daniel Stenberg 7166fd8a60 contrithanks.sh: helper script for maintaining THANKS 2015-04-22 07:56:12 +02:00
Daniel Stenberg 79b9d5f1a4 http_done: close Negotiate connections when done 
When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.

CVE-2015-3148

Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
 2015-04-21 23:20:37 +02:00
Daniel Stenberg 0583e87ada fix_hostname: zero length host name caused -1 index offset 
If a URL is given with a zero-length host name, like in "http://:80" or
just ":80", `fix_hostname()` will index the host name pointer with a -1
offset (as it blindly assumes a non-zero length) and both read and
assign that address.

CVE-2015-3144

Bug: http://curl.haxx.se/docs/adv_20150422D.html
Reported-by: Hanno Böck
 2015-04-21 23:20:36 +02:00
Daniel Stenberg b5f947b8ac cookie: cookie parser out of boundary memory access 
The internal libcurl function called sanitize_cookie_path() that cleans
up the path element as given to it from a remote site or when read from
a file, did not properly validate the input. If given a path that
consisted of a single double-quote, libcurl would index a newly
allocated memory area with index -1 and assign a zero to it, thus
destroying heap memory it wasn't supposed to.

CVE-2015-3145

Bug: http://curl.haxx.se/docs/adv_20150422C.html
Reported-by: Hanno Böck
 2015-04-21 23:20:36 +02:00
Daniel Stenberg 31be461c6b ConnectionExists: for NTLM re-use, require credentials to match 
CVE-2015-3143

Bug: http://curl.haxx.se/docs/adv_20150422A.html
Reported-by: Paras Sethia
 2015-04-21 23:20:36 +02:00
byronhe 6088fbce06 openssl: add OPENSSL_NO_SSL3_METHOD check 2015-04-21 15:25:21 -04:00
Daniel Stenberg cf2d21d86f CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc 
Bug: https://github.com/bagder/curl/issues/229
Reported-by: bsammon
 2015-04-20 23:40:40 +02:00
Mostyn Bramley-Moore 875a6d9324 configure --with-nss: remove unneeded libs from the fallback 2015-04-20 10:25:07 +02:00
Daniel Stenberg 1b8f9c95b6 contributors.sh: fix help output, filter out (-prefix from names 2015-04-20 10:15:31 +02:00
Daniel Stenberg 9d704b3df9 RELEASE-NOTES: synced with cc0e7ebc3b 2015-04-20 10:05:46 +02:00
Michael Stapelberg cc0e7ebc3b CURLMOPT_TIMERFUNCTION.3: Clarify, add an example 2015-04-19 23:29:51 +02:00
Viktor Szakáts 3a87bdebd1 vtls/openssl: use https in URLs and a comment typo fixed 2015-04-19 19:52:37 +02:00
Daniel Stenberg 63c64e05a4 curl_version_info.3: fixed the 'protocols' variable type 
Reported-by: John Marshall
Bug: https://github.com/bagder/curl/issues/225
 2015-04-18 22:46:52 +02:00
Dan Fandrich 1e6d0e06f7 test1423: added missing "file" to server section 2015-04-18 21:12:36 +02:00
Daniel Stenberg b6e477890f TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods 
... and some minor edits
 2015-04-17 23:53:11 +02:00
Daniel Stenberg 2eb02480ef Revert "HTTP: don't abort connections with pending Negotiate authentication" 
This reverts commit 5dc68dd609.

Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov
 2015-04-17 23:23:42 +02:00
Jay Satiro f70112522f cyassl: Fix include order 
Prior to this change CyaSSL's build options could redefine some generic
build symbols.

http://curl.haxx.se/mail/lib-2015-04/0069.html
 2015-04-17 15:24:04 -04:00
Kamil Dudka 8dc3bbf0f8 configure --with-nss: drop redundant if statement 2015-04-17 16:43:20 +02:00
Kamil Dudka 67a8bbb51a configure --with-nss=PATH: query pkg-config if available 
Bug: https://github.com/bagder/curl/pull/171
 2015-04-17 16:43:20 +02:00
Daniel Stenberg 691a07dac6 parsecfg: do not continue past a zero termination 
When a config file line ends without newline, the parsing function could
continue reading beyond that point in memory.

Reported-by: Hanno Böck
 2015-04-17 11:44:57 +02:00
Jay Satiro 05e4137d31 gitignore: Ignore Windows build output directories 2015-04-16 18:24:42 -04:00
Daniel Stenberg 82805b56b9 RELEASE-NOTES: synced with 1ba6e4c88e 2015-04-15 23:21:49 +02:00
Daniel Stenberg 1ba6e4c88e TODO: 17.9 Choose the name of file in braces for complex URLs 2015-04-15 21:13:25 +02:00
Daniel Stenberg 8f78794fd5 TODO: a little caution that maybe not all ideas are still good 2015-04-15 20:56:43 +02:00
Daniel Stenberg 0cbbbbdc31 TODO: 17.8 offer color-coded HTTP header output 2015-04-15 14:29:30 +02:00
Daniel Stenberg 78843afb9f TODO: 17.7 warning when sending binary output to terminal 2015-04-15 14:27:32 +02:00
Daniel Stenberg ad48b177c3 KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes 2015-04-15 02:48:20 +02:00
Jay Satiro 9430dd583e cyassl: Add support for TLS extension SNI 2015-04-14 02:05:25 -04:00
Matthew Hall 8df4b5af3f gitignore: ignore test-driver file 2015-04-13 22:25:04 +02:00
Matthew Hall a471a9f3b6 vtls_openssl: improve PKCS#12 load failure error message 2015-04-13 22:25:04 +02:00