| #
4af40b36 |
| 02-Feb-2016 |
Daniel Stenberg |
URLs: change all http:// URLs to https://
|
| #
2b6dadc5 |
| 01-Feb-2016 |
Jay Satiro |
tool_operate: Don't sanitize --output path (Windows)
Due to path separators being incorrectly sanitized in --output
pathnames, eg -o c:\foo => c__foo
This is a partial revert of
tool_operate: Don't sanitize --output path (Windows)
Due to path separators being incorrectly sanitized in --output
pathnames, eg -o c:\foo => c__foo
This is a partial revert of 3017d8a until I write a proper fix. The
remote-name will continue to be sanitized, but if the user specified an
--output with string replacement (#1, #2, etc) that data is unsanitized
until I finish a fix.
Bug: https://github.com/bagder/curl/issues/624
Reported-by: Octavio Schroeder
show more ...
|
| #
3017d8a8 |
| 26-Jan-2016 |
Ray Satiro |
curl: avoid local drive traversal when saving file (Windows)
curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on
curl: avoid local drive traversal when saving file (Windows)
curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.
CVE-2016-0754
Bug: http://curl.haxx.se/docs/adv_20160127B.html
show more ...
|
| #
b4a39491 |
| 14-Dec-2015 |
Daniel Stenberg |
curl --expect100-timeout: added
This is the new command line option to set the value for the existing
libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
|
| #
536f5f44 |
| 13-Dec-2015 |
Daniel Stenberg |
curl: use 2TLS by default
Make this the default for the curl tool (if built with HTTP/2 powers
enabled) unless a specific HTTP version is requested on the command
line.
This
curl: use 2TLS by default
Make this the default for the curl tool (if built with HTTP/2 powers
enabled) unless a specific HTTP version is requested on the command
line.
This should allow more users to get HTTP/2 powers without having to
change anything.
show more ...
|
| #
f6064354 |
| 03-Dec-2015 |
Daniel Stenberg |
curl: remove keepalive #ifdef checks done on libcurl's behalf
They didn't match the ifdef logic used within libcurl anyway so they
could indeed warn for the wrong case - plus the tool ca
curl: remove keepalive #ifdef checks done on libcurl's behalf
They didn't match the ifdef logic used within libcurl anyway so they
could indeed warn for the wrong case - plus the tool cannot know how the
lib actually performs at that level.
show more ...
|
| #
c341311a |
| 24-Nov-2015 |
Daniel Stenberg |
Revert "cleanup: general removal of TODO (and similar) comments"
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a.
Feedback-by: Dan Fandrich
URL: http://curl.haxx.se
Revert "cleanup: general removal of TODO (and similar) comments"
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a.
Feedback-by: Dan Fandrich
URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
show more ...
|
| #
f322ca77 |
| 13-Nov-2015 |
Daniel Stenberg |
curl: mark two more options strings for --libcurl output
|
| #
64e959ff |
| 13-Nov-2015 |
Daniel Stenberg |
cleanup: general removal of TODO (and similar) comments
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document is
cleanup: general removal of TODO (and similar) comments
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.
show more ...
|
| #
eaa98cef |
| 04-Sep-2015 |
Steve Holme |
oauth2: Don't use XOAUTH2 in OAuth 2.0 variables
|
| #
3f8d4e26 |
| 21-Sep-2015 |
Jay Satiro |
tool_operate: Don't call easysrc cleanup unless --libcurl
- Review of 4d95491.
The author changed it so easysrc only initializes when --libcurl but did
not do the same for the c
tool_operate: Don't call easysrc cleanup unless --libcurl
- Review of 4d95491.
The author changed it so easysrc only initializes when --libcurl but did
not do the same for the call to easysrc cleanup.
Ref: https://github.com/bagder/curl/issues/429
show more ...
|
| #
4d954916 |
| 20-Sep-2015 |
Daniel Lee Hwang |
tool: generate easysrc only on --libcurl
Code should only be generated when --libcurl is used.
Bug: https://github.com/bagder/curl/issues/429
Reported-by: @greafhe, Jay Satiro
tool: generate easysrc only on --libcurl
Code should only be generated when --libcurl is used.
Bug: https://github.com/bagder/curl/issues/429
Reported-by: @greafhe, Jay Satiro
Closes #429
Closes #442
show more ...
|
| #
481e0de0 |
| 29-Aug-2015 |
Daniel Stenberg |
curl: point out unnecessary uses of -X in verbose mode
It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take
down the tone a bit.
It adds a warning for using -
curl: point out unnecessary uses of -X in verbose mode
It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take
down the tone a bit.
It adds a warning for using -XHEAD on other methods becasue that may
lead to a hanging connection.
show more ...
|
| #
4a889441 |
| 25-Aug-2015 |
Daniel Stenberg |
curl: point out the conflicting HTTP methods if used
It isn't always clear to the user which options that cause the HTTP
methods to conflict so by spelling them out it should hopefully b
curl: point out the conflicting HTTP methods if used
It isn't always clear to the user which options that cause the HTTP
methods to conflict so by spelling them out it should hopefully be
easier to understand why curl complains.
show more ...
|
| #
9756d1da |
| 23-Aug-2015 |
Nathaniel Waisbrot |
CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.
- Add new tool option --proto-default to ex
CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.
- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.
In the case of schemeless URLs libcurl will behave in this way:
When the option is used libcurl will use the supplied default.
When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
show more ...
|
|
Revision tags: curl-7_44_0 |
|
| #
373b77bc |
| 26-Jul-2015 |
Daniel Stenberg |
comment: fix comment about adding new option support
|
| #
b46a7744 |
| 25-Jul-2015 |
Jay Satiro |
tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS
- Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option.
Broken by me several days ago in 172b2be.
https:
tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS
- Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option.
Broken by me several days ago in 172b2be.
https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b
Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html
Reported-by: Dan Fandrich
show more ...
|
| #
172b2beb |
| 17-Jul-2015 |
Jay Satiro |
SSL: Add an option to disable certificate revocation checks
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.
Currently this option applie
SSL: Add an option to disable certificate revocation checks
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.
Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.
Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
show more ...
|
| #
afbee791 |
| 18-Jun-2015 |
Daniel Stenberg |
tool: always provide negotiate/kerberos options
libcurl can still be built with it, even if the tool is not. Maintain
independence!
|
|
Revision tags: curl-7_43_0 |
|
| #
33ee4118 |
| 02-Jun-2015 |
Daniel Stenberg |
checksrc: detect fopen() for text without the FOPEN_* macros
Follow-up to e8423f9ce150 with discussionis in
https://github.com/bagder/curl/pull/258
This check scans for fopen()
checksrc: detect fopen() for text without the FOPEN_* macros
Follow-up to e8423f9ce150 with discussionis in
https://github.com/bagder/curl/pull/258
This check scans for fopen() with a mode string without 'b' present, as
it may indicate that an FOPEN_* define should rather be used.
show more ...
|
| #
42ed88e7 |
| 22-May-2015 |
Daniel Stenberg |
curl: fix potential NULL dereference
Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
|
|
Revision tags: curl-7_42_1, curl-7_42_0 |
|
| #
97c272e5 |
| 29-Mar-2015 |
Linus Nielsen |
Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
|
| #
710a2e99 |
| 23-Apr-2015 |
Kamil Dudka |
curl -z: do not write empty file on unmet condition
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and
curl -z: do not write empty file on unmet condition
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and 1423.
Reported-by: Viktor Szakats
Bug: https://github.com/bagder/curl/issues/237
show more ...
|
| #
261a0fed |
| 30-Mar-2015 |
Kamil Dudka |
src/tool_operate: create output file on successful download
... of an empty file
Bug: https://github.com/bagder/curl/issues/183
|
| #
ae3c9850 |
| 28-Mar-2015 |
Dan Fandrich |
tool_operate: only set SSL options if SSL is enabled
|
