| d530e92f | 27-Oct-2018 |
Daniel Stenberg |
voutf: fix bad arethmetic when outputting warnings to stderr
CVE-2018-16842
Reported-by: Brian Carpenter
Bug: https://curl.haxx.se/docs/CVE-2018-16842.html |
| e97679a3 | 27-Oct-2018 |
Tuomo Rinne |
cmake: uniform ZLIB to use USE_ variable and clean curl-config.cmake.in
Closes #3123 |
| dd98c1f3 | 11-Oct-2018 |
Tuomo Rinne |
cmake: add find_dependency call for ZLIB to CMake config file |
| fc0672b4 | 10-Oct-2018 |
Tuomo Rinne |
cmake: add support for transitive ZLIB target |
| 5728229a | 29-Oct-2018 |
Daniel Stenberg |
unit1650: fix "null pointer passed as argument 1 to memcmp"
Detected by UndefinedBehaviorSanitizer
Closes #3187 |
| 0c9b09df | 27-Oct-2018 |
Daniel Stenberg |
travis: add a "make tidy" build that runs clang-tidy
Closes #3182 |
| 0b58ffe0 | 28-Oct-2018 |
Daniel Stenberg |
unit1300: fix stack-use-after-scope AddressSanitizer warning
Closes #3186 |
| f3a24d79 | 28-Sep-2018 |
Daniel Stenberg |
Curl_auth_create_plain_message: fix too-large-input-check
CVE-2018-16839
Reported-by: Harry Sintonen
Bug: https://curl.haxx.se/docs/CVE-2018-16839.html |
| 81d135d6 | 18-Oct-2018 |
Daniel Stenberg |
Curl_close: clear data->multi_easy on free to avoid use-after-free
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https:
Curl_close: clear data->multi_easy on free to avoid use-after-free
Regression from b46cfbc068 (7.59.0)
CVE-2018-16840
Reported-by: Brian Carpenter (Geeknik Labs)
Bug: https://curl.haxx.se/docs/CVE-2018-16840.html
show more ...
|
| 9d8dad1a | 27-Oct-2018 |
randomswdev |
system.h: use proper setting with Sun C++ as well
system.h selects the proper Sun settings when __SUNPRO_C is defined. The
Sun compiler does not define it when compiling C++ files. I'm
system.h: use proper setting with Sun C++ as well
system.h selects the proper Sun settings when __SUNPRO_C is defined. The
Sun compiler does not define it when compiling C++ files. I'm adding a
check also on __SUNPRO_CC to allow curl to work properly also when used
in a C++ project on Sun Solaris.
Closes #3181
show more ...
|
| 75b94d77 | 27-Oct-2018 |
Daniel Stenberg |
rand: add comment to skip a clang-tidy false positive |
| a669e069 | 26-Oct-2018 |
Daniel Stenberg |
test1651: unit test Curl_extract_certinfo()
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel. |
| feea1259 | 22-Oct-2018 |
Daniel Stenberg |
x509asn1: always check return code from getASN1Element() |
| be208141 | 22-Oct-2018 |
Daniel Stenberg |
Makefile: add 'tidy' target that runs clang-tidy
Available in the root, src and lib dirs.
Closes #3163 |
| 803496fa | 27-Oct-2018 |
Daniel Stenberg |
RELEASE-PROCEDURE: adjust the release dates
See: https://curl.haxx.se/mail/lib-2018-10/0107.html |
| c335b7f1 | 27-Oct-2018 |
Patrick Monnerat |
x509asn1: suppress left shift on signed value
Use an unsigned variable: as the signed operation behavior is undefined,
this change silents clang-tidy about it.
Ref: https://gith
x509asn1: suppress left shift on signed value
Use an unsigned variable: as the signed operation behavior is undefined,
this change silents clang-tidy about it.
Ref: https://github.com/curl/curl/pull/3163
Reported-By: Daniel Stenberg
show more ...
|
| 3793761a | 25-Oct-2018 |
Michael Kaufmann |
multi: Fix error handling in the SENDPROTOCONNECT state
If Curl_protocol_connect() returns an error code,
handle the error instead of switching to the next state.
Closes #3170 |
| 4441d3c5 | 27-Oct-2018 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| 44a9e9f8 | 26-Oct-2018 |
Daniel Stenberg |
openssl: output the correct cipher list on TLS 1.3 error
When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".
openssl: output the correct cipher list on TLS 1.3 error
When failing to set the 1.3 cipher suite, the wrong string pointer would
be used in the error message. Most often saying "(nil)".
Reported-by: Ricky-Tigg on github
Fixes #3178
Closes #3180
show more ...
|
| 067992ba | 26-Oct-2018 |
Daniel Stenberg |
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by:
docs/CIPHERS: fix the TLS 1.3 cipher names
... picked straight from the OpenSSL man page:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html
Reported-by: Ricky-Tigg on github
Bug: #3178
show more ...
|
| ac85e49d | 08-Sep-2018 |
Marcel Raad |
travis: install gnutls-bin package
This is required for gnutls-serv, which enables a few more tests.
Closes https://github.com/curl/curl/pull/2958 |
| 5c8c310e | 26-Oct-2018 |
Daniel Gustafsson |
ssh: free the session on init failures
Ensure to clear the session object in case the libssh2 initialization
fails.
It could be argued that the libssh2 error function should be
ssh: free the session on init failures
Ensure to clear the session object in case the libssh2 initialization
fails.
It could be argued that the libssh2 error function should be called to
get a proper error message in this case. But since the only error path
in libssh2_knownhost_init() is memory a allocation failure it's safest
to avoid since the libssh2 error handling allocates memory.
Closes #3179
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
| a0c2779d | 26-Oct-2018 |
Daniel Stenberg |
docs/RELEASE-PROCEDURE: remove old entries, modify the Dec 2018 date
... I'm moving it up one week due to travels. The rest stays. |
| 68348461 | 26-Oct-2018 |
Daniel Gustafsson |
openssl: make 'done' a proper boolean
Closes #3176 |
| ebfe02f7 | 22-Oct-2018 |
Daniel Stenberg |
gtls: Values stored to but never read
Detected by clang-tidy
Closes #3176 |
