- Apr 27, 2015
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
So that it fits HTTP/2 as well
-
Paul Howarth authored
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
-
Daniel Stenberg authored
It would otherwise cause problems when running tests after 1801 etc.
-
- Apr 26, 2015
-
-
Daniel Stenberg authored
... as it was previouly undocumented what the pointer was.
-
Daniel Stenberg authored
... and have git ignore that. Allows for a dev to add tests to ignore in local tests and yet don't obstruct a normal git work flow.
-
Marc Hoersken authored
-
Marc Hoersken authored
Reported-by: Brian Chrisman
-
Daniel Stenberg authored
white space changes only
-
Daniel Stenberg authored
To have engine modules work, we must tell openssl to load builtin modules first. Bug: https://github.com/bagder/curl/pull/206
-
Daniel Stenberg authored
commit 5b668606 was incomplete so here's a follow-up fix Reported-by: Dagobert Michelsen Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
-
Daniel Stenberg authored
The code extracting the cert serial number was broken and didn't display it properly. Bug: https://github.com/bagder/curl/issues/235 Reported-by: dkjjr89
-
Grant Pannell authored
Without this, SSPI based digest auth was broken. Bug: https://github.com/bagder/curl/pull/141.patch
-
- Apr 25, 2015
-
-
Anthony Avina authored
Add new option --data-raw which is almost the same as --data but does not have a special interpretation of the @ character. Prior to this change there was no (easy) way to pass the @ character as the first character in POST data without it being interpreted as a special character. Bug: https://github.com/bagder/curl/issues/198 Reported-by: Jens Rantil
-
Dan Fandrich authored
-
- Apr 24, 2015
-
-
Viktor Szakats authored
-
Viktor Szakats authored
The 'default' token has no argument and means to match _any_ domain. It must be placed last if there are 'machine <name>' tokens in the same file. See full description here: https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
-
Daniel Stenberg authored
Elaborated on several of the remaining HTTP/2 parts and made document use a format that ends up nicer on the web page: http://curl.haxx.se/dev/roadmap.html
-
- Apr 23, 2015
-
-
Kamil Dudka authored
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. It also introduces a regression test 1424 based on tests 78 and 1423. Reported-by: Viktor Szakats Bug: https://github.com/bagder/curl/issues/237
-
- Apr 22, 2015
-
-
Dan Fandrich authored
-
Dan Fandrich authored
-
Jay Satiro authored
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
-
Alessandro Ghedini authored
-
Kamil Dudka authored
-
Kamil Dudka authored
-
Daniel Stenberg authored
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not enabled. Mistake-caught-by: Kamil Dudka
-
Daniel Stenberg authored
Do not access NTLM-specific struct fields when built without NTLM enabled! bug: http://curl.haxx.se/?i=231 Reported-by: Patrick Rapin
-
Daniel Stenberg authored
-
Kamil Dudka authored
Bug: https://bugzilla.redhat.com/1195771
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Apr 21, 2015
-
-
Daniel Stenberg authored
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
-
Daniel Stenberg authored
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck
-
Daniel Stenberg authored
The internal libcurl function called sanitize_cookie_path() that cleans up the path element as given to it from a remote site or when read from a file, did not properly validate the input. If given a path that consisted of a single double-quote, libcurl would index a newly allocated memory area with index -1 and assign a zero to it, thus destroying heap memory it wasn't supposed to. CVE-2015-3145 Bug: http://curl.haxx.se/docs/adv_20150422C.html Reported-by: Hanno Böck
-
Daniel Stenberg authored
CVE-2015-3143 Bug: http://curl.haxx.se/docs/adv_20150422A.html Reported-by: Paras Sethia
-
byronhe authored
-
- Apr 20, 2015
-
-
Daniel Stenberg authored
Bug: https://github.com/bagder/curl/issues/229 Reported-by: bsammon
-