Skip to content
  1. Apr 11, 2019
  2. Apr 10, 2019
    • Steve Holme's avatar
      README: Schannel, stop calling it "winssl" · 37c43bf7
      Steve Holme authored
      Stick to "Schannel" everywhere - follow up to 180501cb.
      37c43bf7
    • Jakub Zakrzewski's avatar
      cmake: clear CMAKE_REQUIRED_LIBRARIES after each use · ff1cb975
      Jakub Zakrzewski authored
      This fixes GSSAPI builds with the libraries in a non-standard location.
      The testing for recv() were failing because it failed to link
      the Kerberos libraries, which are not needed for this or subsequent
      tests.
      
      fixes #3743
      closes #3744
      ff1cb975
    • Jakub Zakrzewski's avatar
      cmake: avoid linking executable for some tests with cmake 3.6+ · be17f298
      Jakub Zakrzewski authored
      With CMAKE_TRY_COMPILE_TARGET_TYPE set to STATIC_LIBRARY, the try_compile()
      (which is used by check_c_source_compiles()) will build static library
      instead of executable. This avoids linking additional libraries in and thus
      speeds up those checks a little.
      
      This commit also avoids #3743 (GSSAPI build errors) on itself with cmake
      3.6 or above. That issue was fixed separately for all versions.
      
      Ref: #3744
      be17f298
    • Jakub Zakrzewski's avatar
      cmake: minor cleanup · 639cfeb0
      Jakub Zakrzewski authored
      - Remove nneeded include_regular_expression.
        It was setting what is already a default.
      
      - Remove duplicated include.
      
      - Don't check for pre-3.0.0 CMake version.
        We already require at least 3.0.0, so it's just clutter.
      
      Ref: #3744
      639cfeb0
  3. Apr 08, 2019
  4. Apr 07, 2019
    • Daniel Stenberg's avatar
      socks5: user name and passwords must be shorter than 256 · f4b69012
      Daniel Stenberg authored
      bytes... since the protocol needs to store the length in a single byte field.
      
      Reported-by: XmiliaH on github
      Fixes #3737
      Closes #3740
      f4b69012
    • Jakub Zakrzewski's avatar
    • Jakub Zakrzewski's avatar
      urlapi: urlencode characters above 0x7f correctly · 0dd47c2a
      Jakub Zakrzewski authored
      fixes #3741
      Closes #3742
      0dd47c2a
    • Even Rouault's avatar
      multi_runsingle(): fix use-after-free · 64cbae31
      Even Rouault authored
      Fixes #3745
      Closes #3746
      
      The following snippet
      ```
      
      int main()
      {
          CURL* hCurlHandle = curl_easy_init();
          curl_easy_setopt(hCurlHandle, CURLOPT_URL, "http://example.com");
          curl_easy_setopt(hCurlHandle, CURLOPT_PROXY, "1");
          curl_easy_perform(hCurlHandle);
          curl_easy_cleanup(hCurlHandle);
          return 0;
      }
      ```
      triggers the following Valgrind warning
      
      ```
      ==4125== Invalid read of size 8
      ==4125==    at 0x4E7D1EE: Curl_llist_remove (llist.c:97)
      ==4125==    by 0x4E7EF5C: detach_connnection (multi.c:798)
      ==4125==    by 0x4E80545: multi_runsingle (multi.c:1451)
      ==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
      ==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
      ==4125==    by 0x4E76915: easy_perform (easy.c:719)
      ==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
      ==4125==    by 0x4008BE: main (in /home/even/curl/test)
      ==4125==  Address 0x9b3d1d0 is 1,120 bytes inside a block of size 1,600 free'd
      ==4125==    at 0x4C2ECF0: free (vg_replace_malloc.c:530)
      ==4125==    by 0x4E62C36: conn_free (url.c:756)
      ==4125==    by 0x4E62D34: Curl_disconnect (url.c:818)
      ==4125==    by 0x4E48DF9: Curl_once_resolved (hostip.c:1097)
      ==4125==    by 0x4E8052D: multi_runsingle (multi.c:1446)
      ==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
      ==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
      ==4125==    by 0x4E76915: easy_perform (easy.c:719)
      ==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
      ==4125==    by 0x4008BE: main (in /home/even/curl/test)
      ==4125==  Block was alloc'd at
      ==4125==    at 0x4C2F988: calloc (vg_replace_malloc.c:711)
      ==4125==    by 0x4E6438E: allocate_conn (url.c:1654)
      ==4125==    by 0x4E685B4: create_conn (url.c:3496)
      ==4125==    by 0x4E6968F: Curl_connect (url.c:4023)
      ==4125==    by 0x4E802E7: multi_runsingle (multi.c:1368)
      ==4125==    by 0x4E8197C: curl_multi_perform (multi.c:2072)
      ==4125==    by 0x4E766A0: easy_transfer (easy.c:625)
      ==4125==    by 0x4E76915: easy_perform (easy.c:719)
      ==4125==    by 0x4E7697C: curl_easy_perform (easy.c:738)
      ==4125==    by 0x4008BE: main (in /home/even/curl/test)
      ```
      
      This has been bisected to commit 2f44e94e
      
      Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14109
      Credit to OSS Fuzz
      64cbae31
  5. Apr 06, 2019
  6. Apr 05, 2019
  7. Apr 04, 2019
  8. Apr 03, 2019
  9. Apr 02, 2019
  10. Apr 01, 2019
  11. Mar 31, 2019