1. 13 Dec, 2018 4 commits
    • Leonardo Taccari's avatar
      urlapi: distinguish possibly empty query · 305d25ed
      Leonardo Taccari authored
      If just a `?' to indicate the query is passed always store a zero length
      query instead of having a NULL query.
      
      This permits to distinguish URL with trailing `?'.
      
      Fixes #3369
      Closes #3370
      305d25ed
    • Daniel Gustafsson's avatar
      OS400: handle memory error in list conversion · a58b2774
      Daniel Gustafsson authored
      
      
      Curl_slist_append_nodup() returns NULL when it fails to create a new
      item for the specified list, and since the coding here reassigned the
      new list on top of the old list it would result in a dangling pointer
      and lost memory. Also, in case we hit an allocation failure at some
      point during the conversion, with allocation succeeding again on the
      subsequent call(s) we will return a truncated list around the malloc
      failure point. Fix by assigning to a temporary list pointer, which can
      be checked (which is the common pattern for slist appending), and free
      all the resources on allocation failure.
      
      Closes #3372
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      a58b2774
    • Daniel Gustafsson's avatar
      cookies: leave secure cookies alone · 7a09b52c
      Daniel Gustafsson authored
      
      
      Only allow secure origins to be able to write cookies with the
      'secure' flag set. This reduces the risk of non-secure origins
      to influence the state of secure origins. This implements IETF
      Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
      RFC6265.
      
      Closes #2956
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      7a09b52c
    • Daniel Stenberg's avatar
      docs: fix the --tls-max description · fdc5563b
      Daniel Stenberg authored
      Reported-by: Tobias Lindgren
      Pointed out in #3367
      
      Closes #3368
      fdc5563b
  2. 12 Dec, 2018 5 commits
  3. 11 Dec, 2018 9 commits
  4. 09 Dec, 2018 4 commits
  5. 08 Dec, 2018 1 commit
    • Johannes Schindelin's avatar
      Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1 · d997aa0e
      Johannes Schindelin authored
      This is a companion patch to cbea2fd2
      
       (NTLM: force the connection to
      HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1
      preemptively. However, with other (Negotiate) authentication it is not
      clear to this developer whether there is a way to make it work with
      HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the
      error HTTP_1_1_REQUIRED.
      
      Note: we will still keep the NTLM workaround, as it avoids an extra
      round trip.
      
      Daniel Stenberg helped a lot with this patch, in particular by
      suggesting to introduce the Curl_h2_http_1_1_error() function.
      
      Closes #3349
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      d997aa0e
  6. 07 Dec, 2018 3 commits
  7. 06 Dec, 2018 3 commits
  8. 05 Dec, 2018 6 commits
  9. 03 Dec, 2018 3 commits
    • Daniel Gustafsson's avatar
      travis: enable COPYRIGHTYEAR extended warning · f7bdf4b2
      Daniel Gustafsson authored
      The extended warning for checking incorrect COPYRIGHTYEAR is quite
      expensive to run, so rather than expecting every developer to do it
      we ensure it's turned on locally for Travis.
      f7bdf4b2
    • Daniel Gustafsson's avatar
      checksrc: add COPYRIGHTYEAR check · 63817089
      Daniel Gustafsson authored
      
      
      Forgetting to bump the year in the copyright clause when hacking has
      been quite common among curl developers, but a traditional checksrc
      check isn't a good fit as it would penalize anyone hacking on January
      1st (among other things). This adds a more selective COPYRIGHTYEAR
      check which intends to only cover the currently hacked on changeset.
      
      The check for updated copyright year is currently not enforced on all
      files but only on files edited and/or committed locally. This is due to
      the amount of files which aren't updated with their correct copyright
      year at the time of their respective commit.
      
      To further avoid running this expensive check for every developer, it
      adds a new local override mode for checksrc where a .checksrc file can
      be used to turn on extended warnings locally.
      
      Closes #3303
      Reviewed-by: default avatarDaniel Stenberg <daniel@haxx.se>
      63817089
    • Daniel Stenberg's avatar
      CHECKSRC.md: document more warnings · 847b1302
      Daniel Stenberg authored
      Closes #3335
      [ci skip]
      847b1302
  10. 30 Nov, 2018 2 commits