1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 05:25:06 -05:00
Commit Graph

21070 Commits

Author SHA1 Message Date
Daniel Stenberg
f68042a2a5 RELEASE-NOTES: synced with 8272049062
5 more fixes, 2 more contributors
2016-10-10 08:13:01 +02:00
Tobias Stoeckmann
8272049062 smb: properly check incoming packet boundaries
Not all reply messages were properly checked for their lengths, which
made it possible to access uninitialized memory (but this does not lead
to out of boundary accesses).

Closes #1052
2016-10-09 00:14:26 +02:00
Daniel Stenberg
ac8a314913 test557: verify printf() with 128 and 129 arguments 2016-10-08 20:47:44 +02:00
Daniel Stenberg
71588c9aef mprintf: return error on too many arguments
128 arguments should be enough for everyone
2016-10-08 20:47:04 +02:00
Daniel Stenberg
8238ba9c5f ftp: fix Curl_ftpsendf()
... it no longer takes printf() arguments since it was only really taken
advantage by one user and it was not written and used in a safe
way. Thus the 'f' is removed from the function name and the proto is
changed.

Although the current code wouldn't end up in badness, it was a risk that
future changes could end up springf()ing too large data or passing in a
format string inadvertently.
2016-10-08 15:13:46 +02:00
Daniel Stenberg
9885c9508e formpost: avoid silent snprintf() truncation
The previous use of snprintf() could make libcurl silently truncate some
input data and not report that back on overly large input, which could
make data get sent over the network in a bad format.

Example:

 $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
2016-10-08 13:00:45 +02:00
Daniel Stenberg
f74baaf3b3 TODO: build: Enable PIE and RELRO by default 2016-10-08 12:17:26 +02:00
Daniel Stenberg
e11da9f4b7 TODO: Support better than MD5 hostkey hash (for ssh) 2016-10-08 11:51:21 +02:00
Daniel Gustafsson
4f43236a40 tests: Fix a small typo in the tests README (#1060)
The subdirectory for logs in tests/ is named log/ without an 's'
at the end.
2016-10-08 11:39:12 +02:00
Daniel Stenberg
13f3912471 TODO: Introduce --fail-fast to exit on first transfer fail
See #1054
2016-10-06 17:45:06 +02:00
Daniel Stenberg
da1a2d1ac8 TODO: Leave secure cookies alone 2016-10-06 09:40:47 +02:00
Rainer Müller
c271b1c29a CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)
The 'userp' argument is unused in this example code.
2016-10-06 08:06:13 +02:00
Daniel Stenberg
2a3bca9aa0 TODO: TCP Fast Open for windows 2016-10-05 11:50:50 +02:00
Daniel Stenberg
6bf909d5ce RELEASE-NOTES: synced with 8fd2a754f0 2016-10-04 23:50:52 +02:00
Daniel Stenberg
15aefc6adc CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added 2016-10-04 23:46:45 +02:00
Daniel Stenberg
8fd2a754f0 memdup: use 'void *' as return and source type 2016-10-04 23:31:25 +02:00
Daniel Stenberg
203c5d5b3c TODO: Add easy argument to formpost functions 2016-10-04 18:34:31 +02:00
Daniel Stenberg
bdf162af25 formpost: trying to attach a directory no longer crashes
The error path would previously add a freed entry to the linked list.

Reported-by: Toby Peterson

Fixes #1053
2016-10-04 09:13:02 +02:00
Sergei Kuzmin
54e48b14e1 cookies: same domain handling changed to match browser behavior
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other.  If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033

This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.

Closes #1050
2016-10-03 16:49:35 +02:00
Stephen Brokenshire
2a1d538963 FAQ: Fix typos in section 5.14 (#1047)
Type required for YourClass::func C++ function (using size_t in line
with the documentation for CURLOPT_WRITEFUNCTION) and missing second
colon when specifying the static function for CURLOPT_WRITEFUNCTION.
2016-10-01 17:36:50 +02:00
Sebastian Mundry
9eda44a200 KNOWN_BUGS: Fix typos in section 5.8.
Closes #1046
2016-09-30 20:50:55 +02:00
mundry
dd42963a52 CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045) 2016-09-30 20:49:48 +02:00
Daniel Stenberg
7ea1469468 curl.1: --trace supports % for sending to stderr! 2016-09-30 17:17:48 +02:00
Daniel Stenberg
bd742adb6f KNOWN_BUGS: 5.8 configure finding libs in wrong directory 2016-09-26 11:44:00 +02:00
Dan Fandrich
1e7b79731b configure: Fixed builds with libssh2 in a custom location
A libssh2 library in the standard system location was being used in
preference to the desired one while linking.
2016-09-24 08:52:01 +02:00
Daniel Stenberg
cd7f562bdc SECURITY: remove the top ascii logo 2016-09-23 22:11:55 +02:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Kamil Dudka
d1f1c857ad nss: add chacha20-poly1305 cipher suites if supported by NSS 2016-09-22 10:20:12 +02:00
Kamil Dudka
049aa92546 nss: add cipher suites using SHA384 if supported by NSS 2016-09-22 10:17:26 +02:00
Kamil Dudka
7591220270 nss: fix typo in ecdhe_rsa_null cipher suite string
As it seems to be a rarely used cipher suite (for securely established
but _unencrypted_ connections), I believe it is fine not to provide an
alias for the misspelled variant.
2016-09-22 10:17:26 +02:00
Jay Satiro
36e53ec6ff docs: Remove that --proto is just used for initial retrieval
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.

- Add a test to enforce: --proto deny must override --proto-redir allow

Closes https://github.com/curl/curl/pull/1031
2016-09-21 17:23:24 -04:00
Daniel Stenberg
82279c82c8 dist: add CurlSymbolHiding.cmake to the tarball
Follow-up to 6140dfcf3e

Reported-by: Alexander Sinditskiy
2016-09-21 23:17:39 +02:00
Daniel Stenberg
aab94da619 curl_global_cleanup.3: don't unload the lib with sub threads running
Discussed in #997

Assisted-by: Jay Satiro
2016-09-20 23:00:52 +02:00
Daniel Stenberg
88e3743dde MAIL-ETIQUETTE: language 2016-09-20 15:37:46 +02:00
Jay Satiro
22cfeac730 easy: Reset all statistical session info in curl_easy_reset
Bug: https://github.com/curl/curl/issues/1017
Reported-by: Jeroen Ooms
2016-09-20 01:14:01 -04:00
Daniel Stenberg
6834ebaaa3 RELEASE-NOTES: synced with 79607eec51 2016-09-19 23:58:55 +02:00
Daniel Gustafsson
79607eec51 darwinssl: Fix typo in comment
Closes https://github.com/curl/curl/pull/1028
2016-09-19 17:06:00 -04:00
Bernard Spil
01c8db47aa libressl: fix version output
LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all
versions returning `LibreSSL/2.0.0` for any LibreSSL version.

This change provides a local OpenSSL_version_num function replacement
returning LIBRESSL_VERSION_NUMBER instead.

Closes #1029
2016-09-19 22:47:35 +02:00
rugk
31dd3bf674 TODO: Add PINNEDPUBLICKEY - HPKP compatibility, HSTS & HPKP
Closes #1025
Closes #1026
Closes #1027
2016-09-19 16:58:33 +02:00
Daniel Stenberg
a2b360f890 openssl: don't call ERR_remote_thread_state on >= 1.1.0
Follow-up fix to d9321562
2016-09-19 14:32:59 +02:00
Daniel Stenberg
de71e68000 openssl: don’t call CRYTPO_cleanup_all_ex_data
The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called
multiple times without crashing - and other libs might call it! We
basically cannot call it without risking a crash. The function is a
no-op since OpenSSL 1.1.0.

Not calling this function only risks a small memory leak with OpenSSL <
1.1.0.

Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html
Reported-by: Todd Short
2016-09-19 11:33:14 +02:00
Daniel Stenberg
fb0032a33e TODO: Support SSLKEYLOGFILE 2016-09-19 10:29:00 +02:00
Jay Satiro
6ee9ea5e70 CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting 2016-09-18 17:56:35 -04:00
Nick Zitzmann
227ee9d84d darwinssl: disable RC4 cipher-suite support
RC4 was a nice alternative to CBC back in the days of BEAST, but it's insecure and obsolete now.
2016-09-18 15:01:03 -05:00
Nick Zitzmann
d086b2394c configure: change "iOS/Mac OS X native" to "Apple OS native"
Since I first wrote that text, Apple introduced tvOS and watchOS, and renamed "Mac OS X" to "macOS." Let's make the text a little more inclusive, since curl can be built for all four operating systems.
2016-09-18 14:50:17 -05:00
Jay Satiro
19445f35ba test2048: fix url 2016-09-18 15:33:15 -04:00
Jay Satiro
45c1c54c42 examples/imap-append: Set size of data to be uploaded
Prior to this commit this example failed with error
'Cannot APPEND with unknown input file size'.

Bug: https://github.com/curl/curl/issues/1008
Reported-by: lukaszgn@users.noreply.github.com

Closes https://github.com/curl/curl/pull/1011
2016-09-18 02:19:17 -04:00
Tony Kelman
e01d0f1030 LICENSE-MIXING.md: update with mbedTLS dual licensing
Recent versions of mbedTLS are available under either Apache 2.0 or GPL
2.0, see https://tls.mbed.org/how-to-get

Closes #1019
2016-09-16 23:56:28 +02:00
Daniel Stenberg
710f0572c9 KNOWN_BUGS: chunked-encoded requests with HTTP/2 is fixed 2016-09-16 09:00:20 +02:00
Daniel Stenberg
f423a00971 http2: debug ouput sent HTTP/2 request headers 2016-09-16 09:00:20 +02:00