Граф коммитов

20843 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg d4643d6e79 openssl: fix cert check with non-DNS name fields present
Regression introduced in 5f5b62635 (released in 7.48.0)

Reported-by: Fabian Ruff
Fixes #875
2016-06-16 10:33:15 +02:00
Dan Fandrich b1839f6ed8 axtls: Use Curl_wait_ms instead of the less-portable usleep 2016-06-16 08:44:08 +02:00
Dan Fandrich 52c5e9488c axtls: Fixed compile after compile 31c521b0 2016-06-16 08:29:10 +02:00
Dan Fandrich 67176e2b84 tests: Added HTTP proxy keywords to tests 1141 & 1142 2016-06-15 23:04:48 +02:00
Sergei Nikulov b70ca5281d cmake: Fix build with winldap
Bug: https://github.com/curl/curl/pull/874
Reported-by: Sergei Nikulov
2016-06-15 14:09:38 -04:00
Jay Satiro f77dfbc5fb CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a
zero-byte POST. Prior to this change it was documented as sending data
from the read callback.

This also changes the wording of what happens when empty or NULL so that
it's hopefully easier to understand for people whose primary language
isn't English.

Bug: https://github.com/curl/curl/issues/862
Reported-by: Askar Safin
2016-06-11 17:33:16 -04:00
Michael Wallner 929520582c curl_multi_socket_action.3: Fix rewording
- Remove some erroneous text.

Closes https://github.com/curl/curl/pull/865
2016-06-09 02:10:22 -04:00
Luo Jinghua 608d161b60 resolve: enable protocol family logic for synthesized IPv6
- Enable protocol family logic for IPv6 resolves even when support
for synthesized addresses is enabled.

This is a follow up to the parent commit that added support for
synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family
logic needed for IPv6 was inadvertently excluded if support for
synthesized addresses was enabled.

Bug: https://github.com/curl/curl/issues/863
Ref: https://github.com/curl/curl/pull/866
Ref: https://github.com/curl/curl/pull/867
2016-06-07 22:23:24 -04:00
Luo Jinghua 01a49a7626 resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X.
If the current network interface doesn’t support IPv4, but supports
IPv6, NAT64, and DNS64.

Closes #866
Fixes #863
2016-06-07 20:39:05 +02:00
Daniel Stenberg 9b6d3a662e tests: two more HTTP/2 tests
1701 and 1702
2016-06-06 23:51:49 +02:00
Daniel Stenberg 320905a345 runtests: don't display logs when http2 server fails to start 2016-06-06 23:51:49 +02:00
Daniel Stenberg d3b5c153af runtests: make stripfile work on stdout as well
... and have test 1700 use that to strip out the nghttpx server: headers
2016-06-06 23:51:49 +02:00
Daniel Stenberg bf05606ef1 http2-tests: test1700 is the first real HTTP/2 test
It requires that 'nghttpx' is in the PATH, and it will run the tests
using nghttpx as a front-end proxy in front of the standard HTTP/1 test
server. This uses HTTP/2 over plain TCP.

If you like me have nghttpx installed in a custom path, you can run test 1700
like this:

$ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700
2016-06-06 23:51:49 +02:00
Daniel Stenberg c53d8a0b41 RELEASE-NOTES: synced with 34855feeb4 2016-06-06 23:24:01 +02:00
Steve Holme 34855feeb4 schannel: Disable ALPN on Windows < 8.1
Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL
fails on Windows < 8.1 so we need to disable ALPN on these OS versions.

Inspiration provide by: Daniel Seither

Closes #848
Fixes #840
2016-06-06 20:53:30 +01:00
Jay Satiro 84a48e5732 checksrc: Add LoadLibrary to the banned functions list
LoadLibrary was supplanted by Curl_load_library for security
reasons in 6df916d.
2016-06-05 21:07:03 -04:00
Jay Satiro 1aa899ff38 http: Fix HTTP/2 connection reuse
- Change the parser to not require a minor version for HTTP/2.

HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
in 8243a95 because the parser still expected a minor version.

Bug: https://github.com/curl/curl/issues/855
Reported-by: Andrew Robbins, Frank Gevaerts
2016-06-05 03:13:32 -04:00
Steve Holme 61c92c7850 connect.c: Fixed compilation warning from commit 332e8d6164
connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else'
2016-06-04 21:52:08 +01:00
Steve Holme 332e8d6164 win32: Used centralised verify windows version function
Closes #845
2016-06-04 21:24:09 +01:00
Steve Holme dde5e430e2 win32: Added verify windows version functionality 2016-06-04 21:24:09 +01:00
Steve Holme 6020ce5fa7 win32: Introduced centralised verify windows version function 2016-06-04 21:24:09 +01:00
Kamil Dudka 584d0121c3 tool_urlglob: fix off-by-one error in glob_parse()
... causing SIGSEGV while parsing URL with too many globs.
Minimal example:

$ curl $(for i in $(seq 101); do printf '{a}'; done)

Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757
2016-06-03 13:07:22 +02:00
Benjamin Kircher 873b4346ba libcurl-multi.3: fix small typo
Closes #850
2016-06-01 23:04:16 +02:00
Viktor Szakats 55ab64ed1a makefile.m32: add crypt32 for winssl builds
Dependency added by 6cabd78

Closes #849
2016-06-01 10:39:13 +02:00
Ivan Avdeev 31c521b047 vtls: fix ssl session cache race condition
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: https://github.com/curl/curl/issues/815
Fixes #815
Closes #847
2016-06-01 09:40:55 +02:00
Andrew Kurushin 6cabd78531 schannel: add CURLOPT_CERTINFO support
Closes #822
2016-06-01 08:50:01 +02:00
Daniel Stenberg c444ace556 RELEASE-NOTES: synced with 142ee9fa15 2016-05-31 23:33:48 +02:00
Daniel Stenberg 142ee9fa15 openssl: rename the private SSL_strerror
... to make it not look like an OpenSSL function
2016-05-31 19:54:35 +02:00
Michael Kaufmann 7108e53fb5 openssl: Use correct buffer sizes for error messages
Closes #844
2016-05-31 19:52:45 +02:00
Daniel Stenberg 6dbc23cfd8 curl: fix -q [regression]
This broke in 7.49.0 with commit e200034425

Fixes #842
2016-05-31 14:25:40 +02:00
Daniel Stenberg 5409e1d793 URL parser: allow URLs to use one, two or three slashes
Mostly in order to support broken web sites that redirect to broken URLs
that are accepted by browsers.

Browsers are typically even more leniant than this as the WHATWG URL
spec they should allow an _infinite_ amount. I tested 8000 slashes with
Firefox and it just worked.

Added test case 1141, 1142 and 1143 to verify the new parser.

Closes #791
2016-05-30 23:13:55 +02:00
Renaud Lehoux ed8b8f2456 cmake: Added missing mbedTLS support
Closes #837
2016-05-30 23:09:52 +02:00
Renaud Lehoux 2072b4ae4f mbedtls: removed unused variables
Closes #838
2016-05-30 23:05:51 +02:00
Frank Gevaerts 071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version}
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
2016-05-30 22:58:51 +02:00
Daniel Stenberg 4bffaad85f bump: start the journey toward 7.50.0 2016-05-30 22:55:54 +02:00
Marcel Raad c9b4e6e859 openssl: fix build with OPENSSL_NO_COMP
With OPENSSL_NO_COMP defined, there is no function
SSL_COMP_free_compression_methods

Closes #836
2016-05-30 15:31:14 +02:00
Gisle Vanem 9a1593501c memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC
Fixes #828
2016-05-30 11:43:04 +02:00
Jonathan 27c86c8871 README.md: polish
Closes #834
2016-05-30 11:40:20 +02:00
Daniel Stenberg 602a6bdf6f RELEASE-NOTES: fix vuln link 2016-05-30 08:21:16 +02:00
Daniel Stenberg cf93a7b364 RELEASE-NOTES: 7.49.1 2016-05-30 08:14:27 +02:00
Steve Holme 6df916d751 loadlibrary: Only load system DLLs from the system directory
Inspiration provided by: Daniel Stenberg and Ray Satiro

Bug: https://curl.haxx.se/docs/adv_20160530.html

Ref: Windows DLL hijacking with curl, CVE-2016-4802
2016-05-30 08:14:27 +02:00
Daniel Stenberg ddf25f6b28 ssh: fix version number check typo 2016-05-30 08:14:27 +02:00
Jay Satiro 694c2dce25 curl_share_setopt.3: Add min ver needed for ssl session lock
Bug: https://github.com/curl/curl/issues/826
Reported-by: Michael Wallner
2016-05-29 16:27:44 -04:00
Daniel Stenberg e51798d002 ssh: fix build for libssh2 before 1.2.6
The statvfs functionality was added to libssh2 in that version, so we
switch off that functionality when built with older libraries.

Fixes #831
2016-05-29 00:20:14 +02:00
Daniel Stenberg b15a17c702 mbedtls: fix includes so snprintf() works
Regression from the previous *printf() rearrangements, this file missed to
include the correct header to make sure snprintf() works universally.

Reported-by: Moti Avrahami
Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html
2016-05-24 12:14:18 +02:00
Steve Holme 0a2422753f checksrc.pl: Added variants of strcat() & strncat() to banned function list
Added support for checking the tchar, unicode and mbcs variants of
strcat() and strncat() in the banned function list.
2016-05-23 12:13:41 +01:00
Daniel Stenberg 17b1528dc2 smtp: minor ident (white space) fixes 2016-05-23 12:59:58 +02:00
Daniel Stenberg 668fdd1526 THANKS: updated after script fixes
Now giving credit properly to github user names, fixed some UTF-8 issues
and added names discovered when contrithanks was improved.
2016-05-23 10:08:34 +02:00
Daniel Stenberg e0503d9215 THANKS-filter: more name cleanups 2016-05-23 10:08:15 +02:00
Daniel Stenberg fcfe39236a contrithanks.sh: exclude existing names case insensitively 2016-05-23 10:07:48 +02:00