Commits · 04f52e9b4db01bcbf672c9c69303a4e4ad0d0fb9 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

May 18, 2013

cookies: only consider full path matches · 04f52e9b

Yamada Yasuharu authored May 18, 2013

I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4

04f52e9b

May 16, 2013
- axtls: prevent memleaks on SSL handshake failures · 100a33f7
  Eric Hu authored May 16, 2013
  
  100a33f7
May 12, 2013

Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage" · 7ed25ccf

Daniel Stenberg authored May 12, 2013

This reverts commit 8ec2cb55.

We don't have any code anywhere in libcurl (or the curl tool) that use
wcsdup so there's no such memory use to track. It seems to cause mild
problems with the Borland compiler though that we may avoid by reverting
this change again.

Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html

7ed25ccf

RELEASE-NOTES: synced with ae26ee34 · 01eede26
Daniel Stenberg authored May 12, 2013

01eede26

May 11, 2013
- Updated zlib version in build files. · ae26ee34
  Guenter Knauf authored May 11, 2013
  
  ae26ee34
May 09, 2013
- OS X framework: fix invalid symbolic link · 992bee50
  Renaud Guillard authored May 09, 2013
  
  992bee50
- nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send · 01a2abed
  Daniel Stenberg authored May 07, 2013
```
Reported by: David Strauss
Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
```
  01a2abed
May 08, 2013
- libtest: gitignore more binary files · a45e3f93
  Daniel Stenberg authored May 08, 2013
  
  a45e3f93
May 07, 2013
- servercert: allow empty subject · bdb396ef
  Daniel Stenberg authored May 05, 2013
```
Bug: http://curl.haxx.se/bug/view.cgi?id=1220
Patch by: John Gardiner Myers
```
  bdb396ef
- tests: Added new SMTP tests to verify commit 99b40451 · 6add1901
  Steve Holme authored May 04, 2013
  
  6add1901
- runtests.pl: support nonewline="yes" in client/stdin sections · 51b0f09b
  Daniel Stenberg authored May 07, 2013
  
  51b0f09b
May 06, 2013
- build: fixed unit1394 for debug and metlink builds · 8dac7be4
  Daniel Stenberg authored May 06, 2013
  
  8dac7be4
- unit1394.c: plug the curl tool unit test in · bcf1b9de
  Kamil Dudka authored May 03, 2013
  
  bcf1b9de
- unit1394.c: basis of a unit test for parse_cert_parameter() · b045d079
  Jared Jennings authored Apr 05, 2013
  
  b045d079
- src/Makefile.am: build static lib for unit tests if enabled · 683f2b83
  Kamil Dudka authored May 03, 2013
  
  683f2b83
- tool_getparam: ensure string termination in parse_cert_parameter() · 2de20dd9
  Kamil Dudka authored May 03, 2013
  
  2de20dd9
- tool_getparam: fix memleak in handling the -E option · b47cf4f6
  Kamil Dudka authored May 03, 2013
  
  b47cf4f6
- tool_getparam: describe what parse_cert_parameter() does · a15b2b6c
  Kamil Dudka authored Apr 05, 2013
```
... and de-duplicate the code initializing *passphrase
```
  a15b2b6c
- curl.1: document escape sequences recognized by -E · 42e01cff
  Kamil Dudka authored May 03, 2013
  
  42e01cff
- curl -E: allow to escape ':' in cert nickname · 865d4138
  Jared Jennings authored Apr 05, 2013
  
  865d4138
May 05, 2013
- curl_schannel.c: Fixed invalid memory access during SSL shutdown · 35874298
  Marc Hoersken authored May 05, 2013
  
  35874298
May 04, 2013
- smtp: Fix trailing whitespace warning · 52d72e66
  Steve Holme authored May 04, 2013
  
  52d72e66
- smtp: Fix compilation warning · f3d10aa0
  Steve Holme authored May 04, 2013
```
comparison between signed and unsigned integer expressions
```
  f3d10aa0
- RELEASE-NOTES: synced with 92ef5f19 · 7632bc91
  Steve Holme authored May 04, 2013
  
  7632bc91
- smtp: Updated RFC-2821 references to RFC-5321 · 92ef5f19
  Steve Holme authored May 04, 2013
  
  92ef5f19
- smtp: Fixed sending of double CRLF caused by first in EOB · 99b40451
  Steve Holme authored May 04, 2013
```
If the mail sent during the transfer contains a terminating <CRLF> then
we should not send the first <CRLF> of the EOB as specified in RFC-5321.

Additionally don't send the <CRLF> if there is "no mail data" as the
DATA command already includes it.
```
  99b40451
May 03, 2013
- tests: Corrected MAIL SIZE for CRLF line endings · 087f9bb2
  Steve Holme authored May 03, 2013
```
... which was missed in commit: f5c3d953
```
  087f9bb2
- tests: Corrected infilesize for CRLF line endings · e2c7e191
  Steve Holme authored May 03, 2013
```
... which was missed in commit: f5c3d953
```
  e2c7e191
- tests: Corrected test1406 to be RFC2821 compliant · f5c3d953
  Steve Holme authored May 03, 2013
  
  f5c3d953
May 02, 2013
- tests: Corrected test1320 to be RFC2821 compliant · 6b10f5b9
  Steve Holme authored May 02, 2013
  
  6b10f5b9
- tests: Corrected typo in test909 · ee74b77d
  Steve Holme authored May 02, 2013
```
Introduced in commit: 51481766
```
  ee74b77d
- tests: Corrected test909 to be RFC2821 compliant · 734bdb68
  Steve Holme authored May 02, 2013
  
  734bdb68
- tests: Updated test references to 909 from 1411 · 51481766
  Steve Holme authored May 02, 2013
```
...and removed references to libcurl and test1406.
```
  51481766
- tests: Renamed test1411 to test909 as this is a main SMTP test · cb9c0ac7
  Steve Holme authored May 02, 2013
  
  cb9c0ac7
May 01, 2013

bindlocal: move brace out of #ifdef · 1c435295

Lars Johannesen authored May 01, 2013

The code within #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID wrongly had two
closing braces when it should only have one, so builds without that
define would fail.

Bug: http://curl.haxx.se/mail/lib-2013-05/0000.html

1c435295

Apr 30, 2013

smtp: Tidy up to move the eob counter to the per-request structure · 46d26a0e

Steve Holme authored Apr 30, 2013

Move the eob counter from the smtp_conn structure to the SMTP structure
as it is associated with a SMTP payload on a per-request basis.

46d26a0e

Apr 29, 2013
- TODO: Updated following the addition of CURLOPT_SASL_IR · f4e3cae8
  Steve Holme authored Apr 29, 2013
  
  f4e3cae8
- smtp: Fixed unknown percentage complete in progress bar · b52cf5d2
  Steve Holme authored Apr 29, 2013
```
The curl command line utility would display the the completed progress
bar with a percentage of zero as the progress routines didn't know the
size of the transfer.
```
  b52cf5d2
- ftpserver: silence warnings · 073e83b5
  Daniel Stenberg authored Apr 29, 2013
```
Fix regressions in commit b56e3d43. Make @data local and filter off
non-numerical digits from $testno in STATUS_imap.
```
  073e83b5
- ftpserver.pl: Corrected the imap LOGIN response · c3e6d69a
  Steve Holme authored Apr 29, 2013
```
...to be more realistic and consistent with the other imap responses.
```
  c3e6d69a