61c92c7850
connect.c: Fixed compilation warning from commit 332e8d6164
...
connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'
2016-06-04 21:52:08 +01:00
332e8d6164
win32: Used centralised verify windows version function
...
Closes #845
2016-06-04 21:24:09 +01:00
dde5e430e2
win32: Added verify windows version functionality
2016-06-04 21:24:09 +01:00
6020ce5fa7
win32: Introduced centralised verify windows version function
2016-06-04 21:24:09 +01:00
584d0121c3
tool_urlglob: fix off-by-one error in glob_parse()
...
... causing SIGSEGV while parsing URL with too many globs.
Minimal example:
$ curl $(for i in $(seq 101); do printf '{a}'; done)
Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757
2016-06-03 13:07:22 +02:00
873b4346ba
libcurl-multi.3: fix small typo
...
Closes #850
2016-06-01 23:04:16 +02:00
55ab64ed1a
makefile.m32: add crypt32 for winssl builds
...
Dependency added by 6cabd78Closes #849
2016-06-01 10:39:13 +02:00
31c521b047
vtls: fix ssl session cache race condition
...
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
- makes existing session cache locking explicit, thus allowing
individual engines to manage lock's scope.
- fixes OpenSSL and SChannel engines by putting refcount management
inside this lock's scope in relevant places.
- adds these explicit locking calls to other engines that use
sessionid cache to accommodate for this change. Note, however,
that it is unknown whether any of these engines could also have
this race.
Bug: https://github.com/curl/curl/issues/815
Fixes #815
Closes #847
2016-06-01 09:40:55 +02:00
6cabd78531
schannel: add CURLOPT_CERTINFO support
...
Closes #822
2016-06-01 08:50:01 +02:00
c444ace556
RELEASE-NOTES: synced with 142ee9fa15
2016-05-31 23:33:48 +02:00
142ee9fa15
openssl: rename the private SSL_strerror
...
... to make it not look like an OpenSSL function
2016-05-31 19:54:35 +02:00
7108e53fb5
openssl: Use correct buffer sizes for error messages
...
Closes #844
2016-05-31 19:52:45 +02:00
6dbc23cfd8
curl: fix -q [regression]
...
This broke in 7.49.0 with commit e200034425Fixes #842
2016-05-31 14:25:40 +02:00
5409e1d793
URL parser: allow URLs to use one, two or three slashes
...
Mostly in order to support broken web sites that redirect to broken URLs
that are accepted by browsers.
Browsers are typically even more leniant than this as the WHATWG URL
spec they should allow an _infinite_ amount. I tested 8000 slashes with
Firefox and it just worked.
Added test case 1141, 1142 and 1143 to verify the new parser.
Closes #791
2016-05-30 23:13:55 +02:00
ed8b8f2456
cmake: Added missing mbedTLS support
...
Closes #837
2016-05-30 23:09:52 +02:00
2072b4ae4f
mbedtls: removed unused variables
...
Closes #838
2016-05-30 23:05:51 +02:00
071c561394
http: add CURLINFO_HTTP_VERSION and %{http_version}
...
Adds access to the effectively used http version to both libcurl and
curl.
Closes #799
2016-05-30 22:58:51 +02:00
4bffaad85f
bump: start the journey toward 7.50.0
2016-05-30 22:55:54 +02:00
c9b4e6e859
openssl: fix build with OPENSSL_NO_COMP
...
With OPENSSL_NO_COMP defined, there is no function
SSL_COMP_free_compression_methods
Closes #836
2016-05-30 15:31:14 +02:00
9a1593501c
memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
...
Fixes #828
2016-05-30 11:43:04 +02:00
27c86c8871
README.md: polish
...
Closes #834
2016-05-30 11:40:20 +02:00
602a6bdf6f
RELEASE-NOTES: fix vuln link
2016-05-30 08:21:16 +02:00
cf93a7b364
RELEASE-NOTES: 7.49.1
2016-05-30 08:14:27 +02:00
6df916d751
loadlibrary: Only load system DLLs from the system directory
...
Inspiration provided by: Daniel Stenberg and Ray Satiro
Bug: https://curl.haxx.se/docs/adv_20160530.html
Ref: Windows DLL hijacking with curl, CVE-2016-4802
2016-05-30 08:14:27 +02:00
ddf25f6b28
ssh: fix version number check typo
2016-05-30 08:14:27 +02:00
694c2dce25
curl_share_setopt.3: Add min ver needed for ssl session lock
...
Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner
2016-05-29 16:27:44 -04:00
e51798d002
ssh: fix build for libssh2 before 1.2.6
...
The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.
Fixes #831
2016-05-29 00:20:14 +02:00
b15a17c702
mbedtls: fix includes so snprintf() works
...
Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.
Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
2016-05-24 12:14:18 +02:00
0a2422753f
checksrc.pl: Added variants of strcat() & strncat() to banned function list
...
Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.
2016-05-23 12:13:41 +01:00
17b1528dc2
smtp: minor ident (white space) fixes
2016-05-23 12:59:58 +02:00
668fdd1526
THANKS: updated after script fixes
...
Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.
2016-05-23 10:08:34 +02:00
e0503d9215
THANKS-filter: more name cleanups
2016-05-23 10:08:15 +02:00
fcfe39236a
contrithanks.sh: exclude existing names case insensitively
2016-05-23 10:07:48 +02:00
9816c67b9b
contrithanks.sh: use same grep pattern and -a flag as contributors.sh
2016-05-23 09:14:19 +02:00
f704d6bf00
contributors.sh: better grep pattern, use grep -a
2016-05-23 09:13:43 +02:00
1c057f6ecf
THANKS-filter: fix more names
2016-05-23 09:13:20 +02:00
ed62ec59b6
contrithanks.sh: do the same github fix as contributors.sh
...
from 1577bfa35b
2016-05-23 08:50:53 +02:00
1577bfa35b
contributors: Show GitHub username if real name unknown
...
Prior to this change if a GitHub contributor's real name was unknown
they would be omitted from the list.
Bug: https://github.com/curl/curl/issues/824
2016-05-23 02:42:12 -04:00
79fde56ae3
RELEASE-NOTES: synced with 3caaeffbe8
2016-05-21 16:05:54 +02:00
3caaeffbe8
openssl: cleanup must free compression methods
...
- Free compression methods if OpenSSL 1.0.2 to avoid a memory leak.
Bug: https://github.com/curl/curl/issues/817
Reported-by: jveazey@users.noreply.github.com
2016-05-20 16:44:01 -04:00
3123dad89c
curl_multibyte: fix compiler error
...
While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was
getting:
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '('
to follow 'CURL_EXTERN'
f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085:
'curl_domalloc': not in formal parameter list
2016-05-20 16:50:04 +02:00
994146eb1f
THANKS-filter: make Jan-E get proper credit
2016-05-20 16:44:34 +02:00
6bdc6092a0
winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
...
Closes #818
2016-05-20 16:41:59 +02:00
fd8d2a0f63
libcurl.m4: Avoid obsolete warning
...
Closes #821
2016-05-20 16:05:39 +02:00
53ae37088c
CURLOPT_CONNECT_TO.3: user must not free the list prematurely
...
The connect-to list isn't copied so as long as the handle may be used
for a transfer the list must be valid.
Bug: https://github.com/curl/curl/pull/819
Reported-by: Michael Kaufmann
2016-05-20 00:14:38 -04:00
46c4ad36ed
RELEASE-NOTES: synced with 48114a8634
2016-05-19 14:01:30 +02:00
48114a8634
openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0
...
See OpenSSL commit 21e001747d4a
2016-05-19 11:39:59 +02:00
8243a9581b
http2: use HTTP/2 in the HTTP/1.1-alike header
...
... when generating them, not "2.0" as the protocol is called just
HTTP/2 and nothing else.
2016-05-19 11:16:30 +02:00
194b97b390
dist: include curl_multi_socket_all.3
...
Closes https://github.com/curl/curl/pull/816
2016-05-19 03:13:07 -04:00
1c86f14030
bump: Start work on 7.49.1
2016-05-18 17:47:38 +01:00
Steve Holme