| CONNECT: send correct Host: with IPv6 numerical address | Daniel Stenberg |
When the target host was given as a IPv6 numerical address, it was not
properly put within square brackets for the Host: header in the CONNECT
request. The "normal" request did fine. Reported by: "zooloo"
Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
| M lib/http_proxy.c
|
| Explicitly link to the nettle/gcrypt libraries | Martin Storsjo |
When support for nettle was added in 64f328c787ab, I overlooked
the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS
if the check succeeded, if a custom success code block was present.
(The previous version of the check had an empty block for
successful checks, adding the lib to LIBS implicitly.) Therefore, explicitly add either nettle or gcrypt to LIBS, after
deciding which one to use. Even if they can be linked in
transitively, it is safer to actually link explicitly to them. This fixes building with gnutls with linkers that don't allow
linking transitively, such as for windows.
| M configure.ac
|
| more resilient connection times among IP addresses | Pierre Ynard |
When connecting to a domain with multiple IP addresses, allow different,
decreasing connection timeout values. This should guarantee some
connections attempts with sufficiently long timeouts, while still
providing fallback.
| M lib/connect.c
|
| remove write-only variable | Pierre Ynard |
|
| M lib/connect.c
|
| Merge branch 'master' of github.com:bagder/curl | Pierre Joye |
|
| |
| - fix IPV6 and IDN options | Pierre Joye |
|
| M winbuild/Makefile.vc
M winbuild/MakefileBuild.vc
|
| TODO-RELEASE: added item #308 | Yang Tse |
|
| M TODO-RELEASE
|
| THANKS: imported contributors from 7.24.0 RELEASE-NOTES | Daniel Stenberg |
|
| M docs/THANKS
|
| test harness: update stunnel.pem Diffie-Hellman parameters from 512 to 1024 bit | Yang Tse |
|
| M tests/stunnel.pem
|
| version: start working on 7.24.1-DEV | Yang Tse |
|
| M RELEASE-NOTES
M include/curl/curlver.h
|
| curl_easy_setopt.3: Fixed SEEKDATA & CLOSESOCKETDATA descriptions | Dan Fandrich |
|
| M docs/libcurl/curl_easy_setopt.3
|
| RELEASE-NOTES: synced with 70f71bb99f7ed9 | Daniel Stenberg |
Synced and prepared for 7.24.0 release. Two security problems, one bug fix,
two more contributors.
| M RELEASE-NOTES
|
| gnutls: enforced use of SSLv3 | Daniel Stenberg |
With advice from Nikos Mavrogiannopoulos, changed the priority string to
add "actual priorities" and favour ARCFOUR. This makes libcurl work
better when enforcing SSLv3 with GnuTLS. Both in the sense that the
libmicrohttpd test is now working again but also that it mitigates a
weakness in the older SSL/TLS protocols. Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html
Reported by: Christian Grothoff
| M lib/gtls.c
|
| tests: test CRLF in URLs | Daniel Stenberg |
Related to the security vulnerability: CVE-2012-0036 Bug: http://curl.haxx.se/docs/adv_20120124.html
| M tests/data/Makefile.am
A tests/data/test1322
A tests/data/test1323
A tests/data/test1324
|
| URL sanitize: reject URLs containing bad data | Daniel Stenberg |
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32). URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
| M lib/escape.c
M lib/escape.h
M lib/imap.c
M lib/pop3.c
M lib/smtp.c
|
| OpenSSL: don't disable security work-around | Daniel Stenberg |
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
(http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
to SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds. The libcurl code uses the SSL_OP_ALL define and thus logically always
disables the OpenSSL fix. In order to keep the secure work-around workding, the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
makes sure of this. Reported by: product-security at Apple
| M lib/ssluse.c
|
| RELEASE-NOTES: synced with 6e2fd2c9ea | Daniel Stenberg |
3 more bugfixes, 3 more contributors
| M RELEASE-NOTES
|
| CURLOPT_ACCEPTTIMEOUT_MS: spellfix | Daniel Stenberg |
|
| M docs/libcurl/curl_easy_setopt.3
|
| examples: updated README with two new example programs | Dan Fandrich |
|
| M docs/examples/README
|
| URL parse: user name with ipv6 numerical address | Daniel Stenberg |
Using a URL with embedded user name and password didn't work if the host
was given as a numerical IPv6 string, like ftp://user:password@[::1]/ Reported by: Brandon Wang
Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html
| M lib/url.c
|
| telnet.c: fix OOM triggered segfault | Yang Tse |
|
| M lib/telnet.c
|
| testtrace.c: fix compiler warning | Yang Tse |
|
| M tests/libtest/testtrace.c
|
| OpenSSL: follow-up for commit a20daf90e3 | Yang Tse |
avoid checking preprocessor definition official value
| M lib/ssluse.c
|
| - s, use, enable, for options name, avoiding conflicts with the names used in the makefile | Pierre Joye |
|
| M winbuild/Makefile.vc
|
| curl.1: improve --stderr wording | Daniel Stenberg |
As is pointed out in this bug report, there can indeed be situation
where --stderr has a point even when the "real" stderr can be
redirected. Remove the superfluous and wrong comment. bug: http://curl.haxx.se/bug/view.cgi?id=3476020
| M docs/curl.1
|
| KNOWN_BUGS: can't receive zero bytes file properly | Daniel Stenberg |
http://curl.haxx.se/bug/view.cgi?id=3438362
| M docs/KNOWN_BUGS
|
| ssl session caching: fix compiler warnings | Yang Tse |
|
| M lib/share.c
M lib/share.h
M lib/sslgen.c
M lib/sslgen.h
M lib/transfer.c
M lib/url.c
M lib/urldata.h
|
| polarssl: show cipher suite name correctly with 1.1.0 | Daniel Stenberg |
Apparently ssl_get_ciphersuite() is needed to get the name of the used
cipher suite.
| M lib/polarssl.c
|
| polarssl: show error code correctly | Daniel Stenberg |
The value was turned negative when it shouldn't have been
| M lib/polarssl.c
|
| polarssl: havege_rand is not present in version 1.1.0 | Daniel Stenberg |
... it is now named havege_random! Reported by: Robert Schumann
Bug: http://curl.haxx.se/mail/lib-2012-01/0178.html
| M lib/polarssl.c
|
| RELEASE-NOTES: synced with 5d70a61b94604 | Daniel Stenberg |
5 more bug fixes, 1 more contributor
| M RELEASE-NOTES
|
| Add two tests for telnet: URLs | Colin Hogben |
Add simple telnet tests which (ab)use the http server.
The second test checks for an input file handling bug.
| M tests/data/Makefile.am
A tests/data/test1326
A tests/data/test1327
|
| Remove bogus optimisation of telnet upload. | Colin Hogben |
Remove wrongly implemented optimisation of telnet upload, apparently
intended to allow the library to avoid manually polling for input.
| M src/tool_operate.c
|
| Use correct file descriptor for telnet upload. | Colin Hogben |
Fix a bug where input was read from stdin even when a different FILE *
had been configured via CURLOPT_READDATA
| M lib/telnet.c
|
| OpenLDAP: fix LDAP connection phase memory leak | Yang Tse |
bug: http://curl.haxx.se/bug/view.cgi?id=3474308
| M lib/openldap.c
|
| OpenSSL: fix PKCS#12 certificate parsing related memory leak | Johannes Bauer |
Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12
and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.
| M lib/ssluse.c
|
| OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled | Yang Tse |
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull
interoperability with web server Netscape Enterprise Server 2.0.1 released
back in 1996 more than 15 years ago. Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
CVE-2010-4180 when using previous OpenSSL versions we no longer enable
this option regardless of OpenSSL version and SSL_OP_ALL definition.
| M lib/ssluse.c
|
| tests: enable time tracing on tests 500, 573 and 585 | Yang Tse |
|
| M tests/libtest/Makefile.inc
M tests/libtest/lib500.c
M tests/libtest/lib573.c
|
| tests: testtrace.[ch] provides debug callback for libtest usage | Yang Tse |
Allows tests from the libtest subdir to generate log traces
similar to those of curl with --tracetime and --trace-ascii
options but with output going to stderr.
| A tests/libtest/testtrace.c
A tests/libtest/testtrace.h
|
| sws.c: fix proxy mode secondary connection monitoring condition | Yang Tse |
|
| M tests/server/sws.c
|
| add LF termination to infof() trace string | Yang Tse |
|
| M lib/connect.c
M lib/curl_ntlm_msgs.c
M lib/cyassl.c
M lib/dict.c
M lib/ftp.c
M lib/gtls.c
M lib/http_negotiate.c
M lib/transfer.c
M lib/url.c
|
| sws.c: improve proxy mode torture testing support - followup to 18c6c8a5 | Yang Tse |
|
| M tests/server/sws.c
|
| url2file: new simple example | Daniel Stenberg |
Just showing how to download the contents of a given URL into a local
file. Based on a suggestion and example code by Georg Potthast
| M docs/examples/.gitignore
M docs/examples/Makefile.inc
A docs/examples/url2file.c
|
| imap.c: a dead simple imap example | Daniel Stenberg |
Just to show that IMAP is used just like other protocols
| M docs/examples/.gitignore
M docs/examples/Makefile.inc
A docs/examples/imap.c
|
| sws.c: improve proxy mode torture testing support - followup to c731fc58 | Yang Tse |
|
| M tests/server/sws.c
|
| sws.c: improve proxy mode torture testing support - followup to d4bf87dc | Yang Tse |
|
| M tests/server/sws.c
|
| Curl_proxyCONNECT() trace known bug #39 | Yang Tse |
|
| M lib/http_proxy.c
|
| test: verify HTTP response code 308 | Daniel Stenberg |
This newly speced HTTP status code already works as intended in the new
spec:
http://greenbytes.de/tech/webdav/draft-reschke-http-status-308-02.html Test 1325 is added to verify that the method is kept after the redirect
| M tests/data/Makefile.am
A tests/data/test1325
|
| http_negotiate_sspi.c: fix compiler warning | Yang Tse |
|
| M lib/http_negotiate_sspi.c
M lib/warnless.c
M lib/warnless.h
|
| ssh.c: fix compiler warning | Yang Tse |
|
| M lib/ssh.c
|
| sws.c: improve proxy mode torture testing support | Yang Tse |
|
| M tests/server/sws.c
|
| RELEASE-NOTES: synced with 9f20379fe4 | Daniel Stenberg |
5 bug fixes, 3 more contributors
| M RELEASE-NOTES
|
| hostip: avoid getaddrinfo when c-ares is used | Daniel Stenberg |
Some functions using getaddrinfo and gethostbyname were still
mistakingly being used/linked even if c-ares was selected as resolver
backend. Reported by: Arthur Murray
Bug: http://curl.haxx.se/mail/lib-2012-01/0160.html
| M lib/hostip4.c
M lib/setup.h
M lib/tftp.c
|
| sws.c: replace sleep() usage with wait_ms() | Yang Tse |
|
| M tests/server/sws.c
|
| FTP: CURLE_PARTIAL_FILE should not cause control connection to be closed | gsengun |
Test 161 updated accordingly
| M lib/ftp.c
M tests/data/test161
|
| sws.c: some compiler warning fixes | Yang Tse |
|
| M tests/server/sws.c
|
| lib/setup.h: portable symbolic names for Winsock shutdown() mode flags | Yang Tse |
|
| M lib/setup.h
|
| sws.c: 812fa73057 follow-up | Yang Tse |
|
| M tests/server/sws.c
|
| sws.c: some IPv6 proxy mode peparatory adjustments | Yang Tse |
|
| M tests/server/Makefile.inc
M tests/server/sws.c
|
| curl.h: provide backwards compatible symbols | Daniel Stenberg |
In commit c834213ad52 we re-used some obsolete error codes, and here are
two defines that makes sure existing source codes that happen to use any
of these deprecated ones will still compile. As usual, define CURL_NO_OLDIES to avoid getting these "precaution
defines".
| M include/curl/curl.h
|
| win32-threaded-resolver: stop using a dummy socket | Daniel Stenberg |
Previously the code would create a dummy socket while resolving just to
have curl_multi_fdset() return something but the non-win32 version
doesn't do it this way and the creation and use of a socket that isn't
made with the common create-socket callback can be confusing to apps
using the multi_socket API etc. This change removes the dummy socket and thus will cause
curl_multi_fdset() to return with maxfd == -1 more often.
| M lib/asyn-thread.c
|
| OpenSSL: remove reference to openssl internal struct | Peter Sylvester |
With this change, curl compiles with the new OPENSSL_NO_SSL_INTERN
cflag. This flag might become the default in some distant future.
| M docs/examples/curlx.c
M lib/ssluse.c
|
| test1320 test1321: avoid User-Agent comparison | Yang Tse |
|
| M tests/data/test1320
M tests/data/test1321
|
| httpserver.pl: reorder sws command line options | Yang Tse |
make 'pidfile' and 'logfile' options appear first on command line in order
to ensure that processing of other options which write to logfile do this
to intended file and not the default one.
| M tests/httpserver.pl
|
| sws.c: fix proxy mode segfault | Yang Tse |
|
| M tests/server/sws.c
|
| tool_formparse.c: fix compiler warning: enumerated type mixed with another type | Yang Tse |
|
| M src/tool_formparse.c
|
| krb5.c: fix compiler warning: variable set but not used | Yang Tse |
|
| M lib/krb5.c
|
| KNOWN_BUGS: #77 CURLOPT_FORBID_REUSE kills NTLM | Daniel Stenberg |
|
| M docs/KNOWN_BUGS
|
| Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections. | Steve Holme |
Fixed a problem in POP3 and IMAP where a connection would fail when
CURLUSESSL_TRY was specified for a server that didn't support
SSL/TLS connections rather than continuing.
| M lib/imap.c
M lib/pop3.c
|
| Fixed incorrect error code being returned in STARTTLS | Steve Holme |
The STARTTLS response code in SMTP, POP3 and IMAP would return
CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS
was not available on the server. Reported by: Gokhan Sengun
Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
| M lib/imap.c
M lib/pop3.c
M lib/smtp.c
|
| curl_easy_setopt: refer to the most recent URI RFC | Daniel Stenberg |
|
| M docs/libcurl/curl_easy_setopt.3
|
| RELEASE-NOTES: synced with 2f4a487a68 | Daniel Stenberg |
Two bugfixes, two more contributors
| M RELEASE-NOTES
|
| tests: test IMAP, POP3 and SMTP over HTTP proxy tunnel | Daniel Stenberg |
|
| M tests/data/Makefile.am
A tests/data/test1319
A tests/data/test1320
A tests/data/test1321
|
| test proxy supports CONNECT | Daniel Stenberg |
There's a new 'http-proxy' server for tests that runs on a separate port
and lets clients do HTTP CONNECT to other ports on the same host to
allow us to test HTTP "tunneling" properly. Test cases now have a <proxy> section in <verify> to check that the
proxy protocol part matches correctly. Test case 80, 83, 95, 275, 503 and 1078 have been converted. Test 1316
was added.
| M tests/FILEFORMAT
M tests/data/Makefile.am
M tests/data/test1078
A tests/data/test1316
M tests/data/test275
M tests/data/test503
M tests/data/test80
M tests/data/test83
M tests/data/test95
M tests/httpserver.pl
M tests/runtests.pl
M tests/server/sws.c
M tests/server/util.c
M tests/server/util.h
|
| curl_easy_strerror.3: minor synopsis edit of the look | Daniel Stenberg |
|
| M docs/libcurl/curl_easy_strerror.3
|
| hostip.c: fix potential write past the end of string buffer | Yang Tse |
|
| M lib/hostip.c
|
| hostip.c: fix Curl_loadhostpairs() OOM handling | Yang Tse |
|
| M lib/hostip.c
|
| runtests.pl: on test failure, don't show trace log files of other tests | Yang Tse |
|
| M tests/runtests.pl
|
| Curl_input_negotiate: use the correct buffer for input | Daniel Stenberg |
Unfortunately we have no test cases for this and I have no SSPI build or
server to verify this with. The change seems simple enough though. Bug: http://curl.haxx.se/bug/view.cgi?id=3466497
Reported by: Patrice Guerin
| M lib/http_negotiate_sspi.c
|
| runtests: put trace outputs in log/trace[num] for all tests | Daniel Stenberg |
|
| M tests/runtests.pl
|
| just a stupid typo | Daniel Stenberg |
|
| M lib/ssh.c
|
| SFTP dir: increase buffer size counter | Daniel Stenberg |
When the buffer gets realloced to hold the file name in the
SSH_SFTP_READDIR_LINK state, the counter was not bumped accordingly. Reported by: Armel Asselin
Patch by: Armel Asselin
Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html
| M lib/ssh.c
|
| RELEASE-NOTES: synced with 81ebdd9e287 | Daniel Stenberg |
6 more bugfixes, 3 more contributors
| M RELEASE-NOTES
|
| create_hostcache_id: use the key lower cased | Daniel Stenberg |
... to make sure the DNS cache is properly case insensitive
| M lib/hostip.c
|
| changed case: use new host name for subsequent HTTP requests | Daniel Stenberg |
When a HTTP connection is re-used for a subsequent request without
proxy, it would always re-use the Host: header of the first request. As
host names are case insensitive it would make curl send another host
name case that what the particular request used. Now it will instead always use the most recent host name to always use
the desired casing. Added test case 1318 to verify. Bug: http://curl.haxx.se/mail/lib-2011-12/0314.html
Reported by: Alex Vinnik
| M lib/url.c
M tests/data/Makefile.am
A tests/data/test1318
|
| CURLOPT_RESOLVE: avoid adding already present host names | Daniel Stenberg |
The load host names to DNS cache function was moved to hostip.c and it
now makes sure to not add host names that already are present in the
cache. It would previously lead to memory leaks when for example using
the --resolve and multiple URLs on the command line.
| M lib/hostip.c
M lib/hostip.h
M lib/transfer.c
|
| runtests.pl: Use logmsg more consistently | Dan Fandrich |
|
| M tests/README
M tests/runtests.pl
|
| examples: update README, Makefile.inc and gitignore with pop3s examples | Alessandro Ghedini |
|
| M docs/examples/.gitignore
M docs/examples/Makefile.inc
M docs/examples/README
|
| examples: add a couple of simple pop3s examples | Alessandro Ghedini |
These examples show how to fetch a single message (RETR command) and how to
list all the messages in a given mailbox (LIST command), with authentication
via SSL. They were both based on the https.c example.
| A docs/examples/pop3s.c
A docs/examples/pop3slist.c
|
| removed execute file permission | Yang Tse |
|
| M CMake/FindCARES.cmake
M docs/INSTALL.cmake
M docs/README.cmake
|
| removed trailing whitespace | Yang Tse |
|
| M CHANGES.0
M CMake/FindCARES.cmake
M CMakeLists.txt
M docs/INSTALL
M docs/examples/Makefile.m32
M docs/examples/version-check.pl
M lib/Makefile.m32
M lib/libcurl.plist
M log2changes.pl
M perl/contrib/checklinks.pl.in
M perl/contrib/crawlink.pl
M perl/contrib/getlinks.pl.in
M src/Makefile.Watcom
M src/Makefile.m32
M tests/libtest/first.c
M tests/runtests.pl
M tests/symbol-scan.pl
M tests/unit/README
|
| ftpserver.pl: arbitrary application data splitting among TCP packets [II] | Yang Tse |
Take in account that 'pingpong' server commands may arrive splitted among
several sockfilt 'DATA' PDU's.
| M tests/ftpserver.pl
|
| ftpserver.pl: arbitrary application data splitting among TCP packets [I] | Yang Tse |
Initial step in order to allow our pingpong server to better support arbitrary
application data splitting among TCP packets. This first commit only addresses
reasembly of data that sockfilter processes reads from soockets and pingpong
server later reads from sockfilters stdout.
| M tests/ftpserver.pl
|
| testcurl.pl: 82c344a3 follow-up | Yang Tse |
|
| M tests/testcurl.pl
|
| testcurl.pl: log ACLOCAL_FLAGS | Yang Tse |
|
| M tests/testcurl.pl
|
| testcurl.pl: third party m4 warnings filtering adjustment | Yang Tse |
Make testcurl.pl ignore messages pertaining to third party m4 files we don't
care nor use on a file basis policy while retaining all other warnings. This closes temporary commit e71e226f
| M tests/testcurl.pl
|
| transfer: avoid unnecessary timeout event when waiting for 100-continue | Kamil Dudka |
The commit 9dd85bc unintentionally changed the way we compute the time
spent waiting for 100-continue. In particular, when using a SSL client
certificate, the time spent by SSL handshake was included and could
cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up. Bug: https://bugzilla.redhat.com/767490
Reported by: Mamoru Tasaka
| M RELEASE-NOTES
M lib/transfer.c
|
| transfer.c: move a logging statement placement | Yang Tse |
|
| M lib/transfer.c
|
| hash.c: fix OOM triggered segfault | Yang Tse |
|
| M lib/hash.c
|
| ftp_do_more: don't return success until all is done | Daniel Stenberg |
ftp_do_more() returns after accepting the server connect however it
needs to fall through and set "*complete" to TRUE before exit from the
function. Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html
Reported by: Gokhan Sengun
| M lib/ftp.c
|
Front Page
Development 
Page updated February 04, 2012.