- Mar 13, 2018
-
-
Kamil Dudka authored
Detected by Coverity Analysis: Error: IDENTIFIER_TYPO: curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: identifier_typo: Using "SuportedMech" appears to be a typo: * Identifier "SuportedMech" is only known to be referenced here, or in copies of this code. * Identifier "SupportedMech" is referenced elsewhere at least 4 times. curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2651: identifier_use: Example 1: Using identifier "SupportedMech". curl-7.58.0/tests/python_dependencies/impacket/smbserver.py:2308: identifier_use: Example 2: Using identifier "SupportedMech". curl-7.58.0/tests/python_dependencies/impacket/spnego.py:252: identifier_use: Example 3: Using identifier "SupportedMech" (2 total uses in this function). curl-7.58.0/tests/python_dependencies/impacket/spnego.py:229: remediation: Should identifier "SuportedMech" be replaced by "SupportedMech"? Closes #2379
-
Daniel Stenberg authored
Reported-by: Aron Bergman Bug: https://curl.haxx.se/mail/lib-2018-03/0049.html [ci skip]
-
- Mar 12, 2018
-
-
Daniel Stenberg authored
This reverts commit a577059f. The assignment really needs to be there or we risk working with an uninitialized pointer.
-
Michael Kaufmann authored
follow-up to 72a0f625
-
Viktor Szakats authored
To sync it with changes made for the libssh2 project. Also cleanup some whitespace.
-
Viktor Szakats authored
-
Viktor Szakats authored
-
Daniel Stenberg authored
... don't consider it an error! Assisted-by: Jay Satiro Reported-by: Łukasz Domeradzki Fixes #2365 Closes #2375
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
CVE-2018-1000121 Reported-by: Dario Weisser Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
-
Daniel Stenberg authored
Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
-
Daniel Stenberg authored
CVE-2018-1000122 Bug: https://curl.haxx.se/docs/adv_2018-b047.html Detected by OSS-fuzz
-
- Mar 11, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... and make sure to avoid integer overflows with really large values. Reported-by: 刘佩东 Fixes #2371 Closes #2373
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Michael Kaufmann authored
follow-up to e04417d9
-
Michael Kaufmann authored
-
Daniel Stenberg authored
Reported-by: Michael Kaufmann Fixes #2357 Closes #2362
-
- Mar 10, 2018
-
-
Daniel Stenberg authored
... as it is interesting for many users.
-
- Mar 09, 2018
-
-
Daniel Stenberg authored
-
- Mar 08, 2018
-
-
Patrick Monnerat authored
-
- Mar 05, 2018
-
-
Daniel Stenberg authored
-
- Mar 04, 2018
-
-
sergii.kavunenko authored
Closes #2349
-
Daniel Stenberg authored
-
Richard Alcock authored
Check for existence of import and static libraries with documented names and use them if they do. Fallback to previous names. According to https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on Windows, the names of the import library is "zdll.lib" and static library is "zlib.lib". closes #2354
-
Marcel Raad authored
gss_seal/gss_unseal have been deprecated in favor of gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June 1996 already says "GSS_Wrap() (formerly GSS_Seal())" and "GSS_Unwrap() (formerly GSS_Unseal())". Use the nondeprecated functions to avoid deprecation warnings. [1] https://tools.ietf.org/html/rfc2078 [2] https://tools.ietf.org/html/rfc1964 Closes https://github.com/curl/curl/pull/2356
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Added test 1265 that verifies. Reported-by: steelman on github Fixes #2353 Closes #2355
-
Daniel Stenberg authored
... so that the CI and more detects compiler warnings/errors properly! Closes #2337
-
- Mar 03, 2018
-
-
Marcel Raad authored
On MinGW and Cygwin, GCC and clang have been complaining about macro redefinitions since 4272a0b0. Fix this by undefining the macros before redefining them as suggested in https://github.com/curl/curl/pull/2269. Suggested-by: Daniel Stenberg
-
- Mar 02, 2018
-
-
Dan Fandrich authored
-
- Feb 28, 2018
-
-
Marcel Raad authored
When targeting x64, MinGW-w64 complains about conversions between 32-bit long and 64-bit pointers. Fix this by reusing the GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST / CURLX_INTEGER_TO_POINTER_CAST. Closes https://github.com/curl/curl/pull/2341
-
Marcel Raad authored
Update clang to version 3.9 and GCC to version 6. Closes https://github.com/curl/curl/pull/2345
-
- Feb 26, 2018
-
-
Daniel Stenberg authored
Fixes #2342
-
- Feb 24, 2018
-
-
Jay Satiro authored
- Add OpenSSL 1.1.1 to the header/library version lists. - Detect OpenSSL 1.1.1 library using its function ERR_clear_last_mark, which was added in that version. Prior to this change an erroneous header/library mismatch was caused by lack of OpenSSL 1.1.1 detection. I tested using openssl-1.1.1-pre1.
-
- Feb 23, 2018
-
-
Viktor Szakats authored
Closes https://github.com/curl/curl/pull/2335
-
Viktor Szakats authored
Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
-