- Jul 26, 2018
-
-
Christopher Head authored
The statement, “The application does not have to keep the string around after setting this option,” appears to be indented under the RTMP paragraph. It actually applies to all protocols, not just RTMP. Eliminate the extra indentation. Closes #2788
-
Christopher Head authored
For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is passed two `size_t` parameters which, when multiplied, designate the number of bytes of data passed in. In practice, CURL always sets the first parameter (`size`) to 1. This practice is also enshrined in documentation and cannot be changed in future. The documentation states that the default callback is `fwrite`, which means `fwrite` must be a suitable function for this purpose. However, the documentation also states that the callback must return the number of *bytes* it successfully handled, whereas ISO C `fwrite` returns the number of items (each of size `size`) which it wrote. The only way these numbers can be equal is if `size` is 1. Since `size` is 1 and can never be changed in future anyway, document that fact explicitly and let users rely on it. Closes #2787
-
Carie Pointer authored
RNG structure must be freed by call to FreeRng after its use in Curl_cyassl_random. This call fixes Valgrind failures when running the test suite with wolfSSL. Closes #2784
-
Even Rouault authored
This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with connection reuse. I found this with oss-fuzz on GDAL and curl master: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582 I couldn't reproduce with the oss-fuzz original test case, but looking at curl source code pointed to this well reproducable leak. Closes #2790
-
- Jul 25, 2018
-
-
Daniel Jelinski authored
In the current version, VERSION_GREATER_THAN_EQUAL 6.3 will return false when run on windows 10.0. This patch addresses that error. Closes https://github.com/curl/curl/pull/2792
-
- Jul 24, 2018
-
-
Johannes Schindelin authored
So far, the code tries to pick an authentication method only if user/password credentials are available, which is not the case for Bearer authentictation... Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #2754
-
Johannes Schindelin authored
The Bearer authentication was added to cURL 7.61.0, but there is a problem: if CURLAUTH_ANY is selected, and the server supports multiple authentication methods including the Bearer method, we strongly prefer that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer authentication fails, we will never even try to attempt any other method. This is particularly unfortunate when we already know that we do not have any Bearer token to work with. Such a scenario happens e.g. when using Git to push to Visual Studio Team Services (which supports Basic and Bearer authentication among other methods) and specifying the Personal Access Token directly in the URL (this aproach is frequently taken by automated builds). Let's make sure that we have a Bearer token to work with before we select the Bearer authentication among the available authentication methods. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #2754
-
- Jul 22, 2018
-
-
Marcel Raad authored
Otherwise, LF line endings are converted to CRLF on Windows, but no conversion is done for the reply, so the test case fails. Closes https://github.com/curl/curl/pull/2776
-
Daniel Stenberg authored
Follow-up to 1b76c389. The VTLS backends that close down the TLS layer for a connection still needs a Curl_easy handle for the session_id cache etc. Fixes #2764 Closes #2771
-
- Jul 21, 2018
-
-
Marcel Raad authored
Set mode="text" when line endings depend on the system representation. Closes https://github.com/curl/curl/pull/2772
-
Marcel Raad authored
By default, the MSYS2 bash converts all backslashes to forward slashes in URLs. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass. Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces
-
- Jul 20, 2018
-
-
Daniel Stenberg authored
- separate easy handle from connections better - added asserts on a number of places - added sanity check of pipelines for debug builds Closes #2751
-
Daniel Stenberg authored
... the protocol is doing read/write a lot, so it needs to write often even when downloading. A more proper fix could check for eactly when it wants to write and only ask for it then. Without this fix, an SMB download could easily get stuck when the event-driven API was used. Closes #2768
-
Marcel Raad authored
By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143 as a POSIX file list and converts it to a Windows file list. Disable this with MSYS2_ARG_CONV_EXCL for the test to pass. Ref https://github.com/msys2/msys2/wiki/Porting#filesystem-namespaces Closes https://github.com/curl/curl/pull/2765
-
- Jul 17, 2018
-
-
Daniel Stenberg authored
... and work toward 7.61.1
-
Ruslan Baratov authored
Closes #2727 Reviewed-by: Sergei Nikulov
-
- Jul 16, 2018
-
-
Daniel Stenberg authored
... the "unbold" sequence doesn't work on the mac Terminal. Reported-by: Zero King Fixes #2736 Closes #2738
-
- Jul 14, 2018
-
-
Rodger Combs authored
-
Marcel Raad authored
curl configured with --enable-debug --disable-file currently complains on test1422: Info: Protocol "file" not supported or disabled in libcurl Make test1422 dependend on enabled FILE protocol to fix this. Fixes https://github.com/curl/curl/issues/2741 Closes https://github.com/curl/curl/pull/2742
-
- Jul 12, 2018
-
-
Patrick Monnerat authored
Some servers issue raw deflate data that may be followed by an undocumented trailer. This commit makes curl tolerate such a trailer of up to 4 bytes before considering the data is in error. Reported-by: clbr on github Fixes #2719
-
Daniel Stenberg authored
Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9369 Closes #2740
-
Marcel Raad authored
The definition of CALG_TLS1PRF has been fixed in the 5.1 branch: https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5
-
Daniel Stenberg authored
+ The hackerone bounty and its process - We don't and can't handle pre-notification
-
- Jul 11, 2018
-
-
Daniel Stenberg authored
It was previously erroneously skipped in some situations. libtest/libntlmconnect.c wrongly depended on wrong behavior (that it would get a zero timeout) when no handles are "running" in a multi handle. That behavior is no longer present with this fix. Now libcurl will always return a -1 timeout when all handles are completed. Closes #2733
-
Daniel Stenberg authored
On multiplexed connections, transfers can be removed from anywhere not just at the head as for pipelines.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... as the usage needs to be counted.
-
Paul Howarth authored
Commit 38203f15 changed engine detection to be version-based, with a baseline of openssl 1.0.1. This does in fact break builds with openssl 1.0.0, which has engine support - the configure script detects that ENGINE_cleanup() is available - but <openssl/engine.h> doesn't get included to declare it. According to upstream documentation, engine support was added to mainstream openssl builds as of version 0.9.7: https://github.com/openssl/openssl/blob/master/README.ENGINE This commit drops the version test down to 1.0.0 as version 1.0.0d is the oldest version I have to test with. Closes #2732
-
Marcel Raad authored
Original MinGW's w32api has a sytax error in its definition of CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF until this bug [1] is fixed. [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h [1] https://osdn.net/projects/mingw/ticket/38391 Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043 Closes https://github.com/curl/curl/pull/2728
-
Daniel Stenberg authored
Apparently the C => HTML converter on the web site doesn't quite like it otherwise. Reported-by: Jeroen Ooms
-
Daniel Stenberg authored
-
- Jul 10, 2018
-
-
Daniel Stenberg authored
Closes #2724
-
Daniel Stenberg authored
... and not the other way around, which this previously said. Reported-by: Vasiliy Faronov Fixes #2723 Closes #2726
-
- Jul 09, 2018
-
-
Ruslan Baratov authored
Reviewed-by: Jakub Zakrzewski Closes #2715
-
Jay Satiro authored
Follow-up to 82ce4162. Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
-
Daniel Stenberg authored
-
Marcel Raad authored
MinGW warns: /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in conditional expression [-Wsign-compare] Fix this by casting the ptrdiff_t to size_t as we know it's positive. Closes https://github.com/curl/curl/pull/2721
-
Marcel Raad authored
Original MinGW's w32api has CryptHashData's second parameter as BYTE * instead of const BYTE *. Closes https://github.com/curl/curl/pull/2721
-
Marcel Raad authored
They are not defined in the original MinGW's <wincrypt.h>. Closes https://github.com/curl/curl/pull/2721
-
Marcel Raad authored
Otherwise, only part of it gets pulled in through <windows.h> on original MinGW. Fixes https://github.com/curl/curl/issues/2361 Closes https://github.com/curl/curl/pull/2721
-