82b6fd4112
docs: handle CURL_POLL_INOUT in multi-uv example
2016-11-03 12:32:14 +01:00
e6882ce484
docs: multi-uv: don't use CURLMsg after cleanup
2016-11-03 12:32:14 +01:00
b1aeed302d
docs: remove unused variables in multi-uv example
2016-11-03 12:32:14 +01:00
71cfce9ce7
bump: start working on 7.51.1
2016-11-03 10:08:26 +01:00
d7e5f18279
winbuild: remove strcase.obj from curl build
...
Reported-by: Bruce Stephens
Fixes #1098
2016-11-02 14:45:24 +01:00
788b319dfe
msvc: removed a straggling reference to strequal.c
...
Follow-up to 502acba2
2016-11-02 09:15:02 +01:00
3c561c657c
THANKS: synced with 7.51.0
2016-11-02 07:34:06 +01:00
1fe755f99d
RELEASE-NOTES: 7.51.0
2016-11-02 07:34:06 +01:00
f81a836461
ftp_done: don't clobber the passed in error code
...
Coverity CID 1374359 pointed out the unused result value.
2016-11-02 07:22:27 +01:00
3c6c2bcd5a
ftp: remove dead code in ftp_done
...
Coverity CID 1374358
2016-11-02 07:18:24 +01:00
0e727979a5
generate.bat: Include include/curl in libcurl VS projects
...
.. because including those headers helps Visual Studio's Intellisense.
2016-11-01 21:31:10 -04:00
ee96ffa2a4
generate.bat: Remove strcase.[ch] from curl tool VS projects
...
..because they're no longer needed in the tool build. strcase is still
built by the libcurl project and exports curl_str(n)equal which is used
by the curl tool.
Bug: https://github.com/curl/curl/commit/9363f1a#all_commit_comments
2016-11-01 21:29:44 -04:00
6b52b7eb2b
metalink: simplify the hex parsing function
...
... and now it avoids using the libcurl toupper() function
2016-11-02 00:31:49 +01:00
f9e51fb55d
file: fix compiler warning
...
follow-up to 46133aa5
2016-11-01 20:40:26 +01:00
e44bfc7664
strcase: fixed Metalink builds by redefining checkprefix()
...
...to use the public function curl_strnequal(). This isn't ideal because
it adds extra overhead to any internal calls to checkprefix.
follow-up to 95bd2b3e
2016-11-01 11:44:11 +01:00
e5c49b9e69
curl.1: typo
2016-11-01 10:27:40 +01:00
b744950f43
curl.1: expand on how multiple uses of -o looks
...
Suggested-by: Dan Jacobson
Issue: https://github.com/curl/curl/issues/1097
2016-11-01 10:24:49 +01:00
07b95ea268
tests/util: get a private strncasecompare clone
...
... since the curlx_* code no longer provides one and we don't link
libcurl to these test servers.
2016-10-31 23:49:54 +01:00
95bd2b3e7f
strcase: make the tool use curl_str[n]equal instead
...
As they are after all part of the public API. Saves space and reduces
complexity. Remove the strcase defines from the curlx_ family.
Suggested-by: Dan Fandrich
Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31 21:51:19 +01:00
1071680946
gskit, nss: do not include strequal.h
...
follow-up to 811a693b80
2016-10-31 17:36:22 +01:00
47a21ca9ba
strcasecompare: include curl.h in strcase.c
...
This should fix the "warning: 'curl_strequal' redeclared without
dllimport attribute: previous dllimport ignored" message and subsequent
link error on Windows because of the missing CURL_EXTERN on the
prototype.
2016-10-31 15:21:13 +01:00
64c2d24c42
strcase: fix the remaining rawstr users
2016-10-31 15:19:26 +01:00
309d6e80d0
msvc builds: s/rawstr/strcase
...
Follow-up to 811a693b
2016-10-31 13:35:26 +01:00
9363f1a37f
strcasecompare: replaced remaining rawstr.h with strcase.h
...
This is a followup to commit 811a693b
2016-10-31 12:57:58 +01:00
4f97d9832c
digest_sspi: fix include
...
Fix compile break from 811a693b80
2016-10-31 12:51:27 +01:00
52a2c2fb51
libauthretry: use the external function curl_strequal
...
The internal version strcasecompare isn't available outside libcurl
2016-10-31 12:44:18 +01:00
9934f4fe9f
RELEASE-NOTES: synced with d14538d250
2016-10-31 10:50:32 +01:00
d14538d250
configure: raise the default minimum version for macos to 10.8
...
follow-up to 4f8d0b6f02
2016-10-31 10:19:22 +01:00
06bc2100d2
unit1301: keep testing curl_strequal
...
as that is still part of the API, fix from 8fe4bd0844
2016-10-31 09:53:34 +01:00
cce5250f6a
ldap: fix include
...
Fix bug from 811a693b80
2016-10-31 09:50:41 +01:00
c27013c05d
url: remove unconditional idn2.h include
...
Mistake brought by 9c91ec7781
2016-10-31 09:50:12 +01:00
8fe4bd0844
curl_strequal: part of public API/ABI, needs to be kept
...
These two public functions have been mentioned as deprecated since a
very long time but since they are still part of the API and ABI we need
to keep them around.
2016-10-31 09:45:17 +01:00
44c53cc38b
strcase: s/strequal/strcasecompare
...
some more follow-ups to 811a693b80
2016-10-31 09:37:54 +01:00
532491a27c
ldap: fix strcase use
...
follow-up to 811a693b80
2016-10-31 09:30:36 +01:00
ad16f89791
test165: adapted to the libidn2 use and IDNA2008 fix
2016-10-31 08:46:35 +01:00
cff89bc088
cookie: replace use of fgets() with custom version
...
... that will ignore lines that are too long to fit in the buffer.
CVE-2016-8615
Bug: https://curl.haxx.se/docs/adv_20161102A.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
811a693b80
strcasecompare: all case insensitive string compares ignore locale now
...
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
502acba2af
strcasecompare: is the new name for strequal()
...
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
1833a45dde
ftp: check for previous patch must be case sensitive!
...
... otherwise example.com/PATH and example.com/path would be assumed to
be the same and they usually aren't!
2016-10-31 08:46:35 +01:00
ce8d09483e
SSH: check md5 fingerprint case sensitively
2016-10-31 08:46:35 +01:00
b3ee26c5df
connectionexists: use case sensitive user/password comparisons
...
CVE-2016-8616
Bug: https://curl.haxx.se/docs/adv_20161102B.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
efd24d5742
base64: check for integer overflow on large input
...
CVE-2016-8617
Bug: https://curl.haxx.se/docs/adv_20161102C.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
3d6460edee
krb5: avoid realloc(0)
...
If the requested size is zero, bail out with error instead of doing a
realloc() that would cause a double-free: realloc(0) acts as a free()
and then there's a second free in the cleanup path.
CVE-2016-8619
Bug: https://curl.haxx.se/docs/adv_20161102E.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
8732ec40db
aprintf: detect wrap-around when growing allocation
...
On 32bit systems we could otherwise wrap around after 2GB and allocate 0
bytes and crash.
CVE-2016-8618
Bug: https://curl.haxx.se/docs/adv_20161102D.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
ee4f76606c
range: reject char globs with missing end like '[L-]'
...
... which previously would lead to out of boundary reads.
Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
269a889104
glob_next_url: make sure to stay within the given output buffer
2016-10-31 08:46:35 +01:00
fbb5f1aa03
range: prevent negative end number in a glob range
...
CVE-2016-8620
Bug: https://curl.haxx.se/docs/adv_20161102F.html
Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
96a80b5a26
parsedate: handle cut off numbers better
...
... and don't read outside of the given buffer!
CVE-2016-8621
bug: https://curl.haxx.se/docs/adv_20161102G.html
Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
46133aa536
escape: avoid using curl_easy_unescape() internally
...
Since the internal Curl_urldecode() function has a better API.
2016-10-31 08:46:35 +01:00
53e71e47d6
unescape: avoid integer overflow
...
CVE-2016-8622
Bug: https://curl.haxx.se/docs/adv_20161102H.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
Andrei Sedoi