Skip to content
  1. Jul 15, 2013
  2. Jul 14, 2013
    • Dave Reisner's avatar
      src/tool: allow timeouts to accept decimal values · d8c04909
      Dave Reisner authored
      Implement wrappers around strtod to convert the user argument to a
      double with sane error checking. Use this to allow --max-time and
      --connect-timeout to accept decimal values instead of strictly integers.
      
      The manpage is updated to make mention of this feature and,
      additionally, forewarn that the actual timeout of the operation can
      vary in its precision (particularly as the value increases in its
      decimal precision).
      d8c04909
    • Dave Reisner's avatar
      curl.1: fix long line, found by checksrc.pl · c0a7a98a
      Dave Reisner authored
      c0a7a98a
    • Dave Reisner's avatar
      src/tool_paramhlp: try harder to catch negatives · f5005dd8
      Dave Reisner authored
      strto* functions happily chomp off leading whitespace, so simply
      checking for str[0] can lead to false negatives. Do the full parse and
      check the out value instead.
      f5005dd8
    • John E. Malmberg's avatar
      build_vms.com: detect and use zlib shared image · d3aaa68f
      John E. Malmberg authored
      Update the build_vms.com to detect and use zlib shared image installed
      by the ZLIB kit produced by Jean-Francois Pieronne, and the also the
      future ZLIB 1.2.8 kit in addition to the older ZLIB kits.
      
      Also fix the indentation to match one of the common standards used for
      VMS DCL command files and removed the hard tab characters.
      
      Tested on OpenVMS 8.4 Alpha and IA64, and OpenVMS 7.3 VAX.
      d3aaa68f
    • Yang Tse's avatar
      url.c: fix parse_url_login() OOM handling · cfc907e4
      Yang Tse authored
      cfc907e4
  3. Jul 12, 2013
  4. Jul 11, 2013
  5. Jul 09, 2013
  6. Jul 08, 2013
  7. Jul 04, 2013
  8. Jul 03, 2013
  9. Jul 01, 2013
  10. Jun 30, 2013
  11. Jun 25, 2013
    • Daniel Stenberg's avatar
    • Daniel Stenberg's avatar
      digest: improve nonce generation · 98b0d66e
      Daniel Stenberg authored
      Use the new improved Curl_rand() to generate better random nonce for
      Digest auth.
      98b0d66e
    • Daniel Stenberg's avatar
      curl.1: fix typo in --xattr description · 9c2853f2
      Daniel Stenberg authored
      Bug: http://curl.haxx.se/bug/view.cgi?id=1252
      Reported-by: Jean-Noël Rouvignac
      9c2853f2
    • Daniel Stenberg's avatar
      RELEASE-NOTES: synced with 365c5ba3 · aff75629
      Daniel Stenberg authored
      The 10 first bug fixes for the pending release...
      aff75629
    • Daniel Stenberg's avatar
      formpost: better random boundaries · 365c5ba3
      Daniel Stenberg authored
      When doing multi-part formposts, libcurl used a pseudo-random value that
      was seeded with time(). This turns out to be bad for users who formpost
      data that is provided with users who then can guess how the boundary
      string will look like and then they can forge a different formpost part
      and trick the receiver.
      
      My advice to such implementors is (still even after this change) to not
      rely on the boundary strings being cryptographically strong. Fix your
      code and logic to not depend on them that much!
      
      I moved the Curl_rand() function into the sslgen.c source file now to be
      able to take advantage of the SSL library's random function if it
      provides one. If not, try to use the RANDOM_FILE for seeding and as a
      last resort keep the old logic, just modified to also add microseconds
      which makes it harder to properly guess the exact seed.
      
      The formboundary() function in formdata.c is now using 64 bit entropy
      for the boundary and therefore the string of dashes was reduced by 4
      letters and there are 16 hex digits following it. The total length is
      thus still the same.
      
      Bug: http://curl.haxx.se/bug/view.cgi?id=1251
      Reported-by: "Floris"
      365c5ba3
    • Daniel Stenberg's avatar
      printf: make sure %x are treated unsigned · cb1aa8b0
      Daniel Stenberg authored
      When using %x, the number must be treated as unsigned as otherwise it
      would get sign-extended on for example 64bit machines and do wrong
      output. This problem showed when doing printf("%08x", 0xffeeddcc) on a
      64bit host.
      cb1aa8b0