- Jul 14, 2018
-
-
Rodger Combs authored
-
Marcel Raad authored
curl configured with --enable-debug --disable-file currently complains on test1422: Info: Protocol "file" not supported or disabled in libcurl Make test1422 dependend on enabled FILE protocol to fix this. Fixes https://github.com/curl/curl/issues/2741 Closes https://github.com/curl/curl/pull/2742
-
- Jul 12, 2018
-
-
Patrick Monnerat authored
Some servers issue raw deflate data that may be followed by an undocumented trailer. This commit makes curl tolerate such a trailer of up to 4 bytes before considering the data is in error. Reported-by: clbr on github Fixes #2719
-
Daniel Stenberg authored
Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369 Closes #2740
-
Marcel Raad authored
The definition of CALG_TLS1PRF has been fixed in the 5.1 branch: https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5
-
Daniel Stenberg authored
+ The hackerone bounty and its process - We don't and can't handle pre-notification
-
- Jul 11, 2018
-
-
Daniel Stenberg authored
It was previously erroneously skipped in some situations. libtest/libntlmconnect.c wrongly depended on wrong behavior (that it would get a zero timeout) when no handles are "running" in a multi handle. That behavior is no longer present with this fix. Now libcurl will always return a -1 timeout when all handles are completed. Closes #2733
-
Daniel Stenberg authored
On multiplexed connections, transfers can be removed from anywhere not just at the head as for pipelines.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... as the usage needs to be counted.
-
Paul Howarth authored
Commit 38203f15 changed engine detection to be version-based, with a baseline of openssl 1.0.1. This does in fact break builds with openssl 1.0.0, which has engine support - the configure script detects that ENGINE_cleanup() is available - but <openssl/engine.h> doesn't get included to declare it. According to upstream documentation, engine support was added to mainstream openssl builds as of version 0.9.7: https://github.com/openssl/openssl/blob/master/README.ENGINE This commit drops the version test down to 1.0.0 as version 1.0.0d is the oldest version I have to test with. Closes #2732
-
Marcel Raad authored
Original MinGW's w32api has a sytax error in its definition of CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF until this bug [1] is fixed. [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h [1] https://osdn.net/projects/mingw/ticket/38391 Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043 Closes https://github.com/curl/curl/pull/2728
-
Daniel Stenberg authored
Apparently the C => HTML converter on the web site doesn't quite like it otherwise. Reported-by: Jeroen Ooms
-
Daniel Stenberg authored
-
- Jul 10, 2018
-
-
Daniel Stenberg authored
Closes #2724
-
Daniel Stenberg authored
... and not the other way around, which this previously said. Reported-by: Vasiliy Faronov Fixes #2723 Closes #2726
-
- Jul 09, 2018
-
-
Ruslan Baratov authored
Reviewed-by: Jakub Zakrzewski Closes #2715
-
Jay Satiro authored
Follow-up to 82ce4162. Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
-
Daniel Stenberg authored
-
Marcel Raad authored
MinGW warns: /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in conditional expression [-Wsign-compare] Fix this by casting the ptrdiff_t to size_t as we know it's positive. Closes https://github.com/curl/curl/pull/2721
-
Marcel Raad authored
Original MinGW's w32api has CryptHashData's second parameter as BYTE * instead of const BYTE *. Closes https://github.com/curl/curl/pull/2721
-
Marcel Raad authored
They are not defined in the original MinGW's <wincrypt.h>. Closes https://github.com/curl/curl/pull/2721
-
Marcel Raad authored
Otherwise, only part of it gets pulled in through <windows.h> on original MinGW. Fixes https://github.com/curl/curl/issues/2361 Closes https://github.com/curl/curl/pull/2721
-
Marcel Raad authored
When size_t is not a typedef for unsigned long (as usually the case on Windows), GCC emits -Wformat warnings when using lu and lx format specifiers with size_t. Silence them with explicit casts to unsigned long. Closes https://github.com/curl/curl/pull/2721
-
Daniel Stenberg authored
... not the read buffer size, as that can be set smaller and thus cause a buffer overflow! CVE-2018-0500 Reported-by: Peter Wu Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
-
- Jul 08, 2018
-
-
Dave Reisner authored
Closes #2718
-
- Jul 06, 2018
-
-
Nick Zitzmann authored
...but GCC users lose out on TLS 1.3 support, since we can't weak-link enumeration constants. Fixes #2656 Closes #2703
-
Ruslan Baratov authored
Variable 'output_var' is not used and can be removed. Function 'collect_true' renamed to 'count_true'.
-
Ruslan Baratov authored
Closes #2711
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... because otherwise not everything get closed down correctly. Fixes #2708 Closes #2712
-
Daniel Stenberg authored
Closes #2713
-
- Jul 05, 2018
-
-
Daniel Stenberg authored
-
Jeroen Ooms authored
Closes #2706
-
Daniel Stenberg authored
-
- Jul 02, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Closes #2704
-