Skip to content
  1. Aug 08, 2018
  2. Aug 07, 2018
  3. Aug 03, 2018
  4. Aug 02, 2018
  5. Aug 01, 2018
  6. Jul 31, 2018
  7. Jul 30, 2018
  8. Jul 29, 2018
  9. Jul 28, 2018
  10. Jul 26, 2018
    • Darío Hereñú's avatar
      docs/INSTALL.md: minor formatting fixes · 7212c4cd
      Darío Hereñú authored
      Closes #2794
      7212c4cd
    • Christopher Head's avatar
      docs/CURLOPT_URL: fix indentation · 812d05da
      Christopher Head authored
      The statement, “The application does not have to keep the string around
      after setting this option,” appears to be indented under the RTMP
      paragraph. It actually applies to all protocols, not just RTMP.
      Eliminate the extra indentation.
      
      Closes #2788
      812d05da
    • Christopher Head's avatar
      docs/CURLOPT_WRITEFUNCTION: size is always 1 · 9526cbe6
      Christopher Head authored
      For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
      passed two `size_t` parameters which, when multiplied, designate the
      number of bytes of data passed in. In practice, CURL always sets the
      first parameter (`size`) to 1.
      
      This practice is also enshrined in documentation and cannot be changed
      in future. The documentation states that the default callback is
      `fwrite`, which means `fwrite` must be a suitable function for this
      purpose. However, the documentation also states that the callback must
      return the number of *bytes* it successfully handled, whereas ISO C
      `fwrite` returns the number of items (each of size `size`) which it
      wrote. The only way these numbers can be equal is if `size` is 1.
      
      Since `size` is 1 and can never be changed in future anyway, document
      that fact explicitly and let users rely on it.
      
      Closes #2787
      9526cbe6
    • Carie Pointer's avatar
      wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random · 10d8f3f1
      Carie Pointer authored
      RNG structure must be freed by call to FreeRng after its use in
      Curl_cyassl_random. This call fixes Valgrind failures when running the
      test suite with wolfSSL.
      
      Closes #2784
      10d8f3f1
    • Even Rouault's avatar
      reuse_conn(): free old_conn->options · a7091ba7
      Even Rouault authored
      This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
      connection reuse.
      
      I found this with oss-fuzz on GDAL and curl master:
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
      I couldn't reproduce with the oss-fuzz original test case, but looking
      at curl source code pointed to this well reproducable leak.
      
      Closes #2790
      a7091ba7
  11. Jul 25, 2018
  12. Jul 24, 2018
    • Johannes Schindelin's avatar
      auth: pick Bearer authentication whenever a token is available · 6f5ef24f
      Johannes Schindelin authored
      
      
      So far, the code tries to pick an authentication method only if
      user/password credentials are available, which is not the case for
      Bearer authentictation...
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      Closes #2754
      6f5ef24f
    • Johannes Schindelin's avatar
      auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token · df57b439
      Johannes Schindelin authored
      
      
      The Bearer authentication was added to cURL 7.61.0, but there is a
      problem: if CURLAUTH_ANY is selected, and the server supports multiple
      authentication methods including the Bearer method, we strongly prefer
      that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
      authentication fails, we will never even try to attempt any other
      method.
      
      This is particularly unfortunate when we already know that we do not
      have any Bearer token to work with.
      
      Such a scenario happens e.g. when using Git to push to Visual Studio
      Team Services (which supports Basic and Bearer authentication among
      other methods) and specifying the Personal Access Token directly in the
      URL (this aproach is frequently taken by automated builds).
      
      Let's make sure that we have a Bearer token to work with before we
      select the Bearer authentication among the available authentication
      methods.
      
      Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
      Closes #2754
      df57b439