7e92d12b | 09-May-2022 |
Daniel Stenberg |
cookies: make bad_domain() not consider a trailing dot fine The check for a dot in the domain must not consider a single trailing dot to be fine, as then TLD + trailing dot is fine and c
cookies: make bad_domain() not consider a trailing dot fine The check for a dot in the domain must not consider a single trailing dot to be fine, as then TLD + trailing dot is fine and curl will accept setting cookies for it. CVE-2022-27779 Reported-by: Axel Chong Bug: https://curl.se/docs/CVE-2022-27779.html Closes #8820
show more ...
|
f8cb6c61 | 09-May-2022 |
Daniel Stenberg |
test977: reproduce ability to set cookie on TLD When PSL is not enabled |
447873dd | 09-May-2022 |
Daniel Stenberg |
scripts/contributors.sh: correct the copyright range |
22c4ecee | 09-May-2022 |
Daniel Stenberg |
docs/RELEASE-PROCEDURE.md: refreshed and adjsuted the release dates |
43cec1d4 | 09-May-2022 |
Daniel Stenberg |
test379: verify --remove-on-error with --no-clobber |
8c7ee908 | 09-May-2022 |
Daniel Stenberg |
post_per_transfer: remove the updated file name When --remove-on-error is used with --no-clobber, it might have an updated file name to remove. Bug: https://curl.se/docs/CVE-202
post_per_transfer: remove the updated file name When --remove-on-error is used with --no-clobber, it might have an updated file name to remove. Bug: https://curl.se/docs/CVE-2022-27778.html CVE-2022-27778 Reported-by: Harry Sintonen Closes #8824
show more ...
|
fae6fea2 | 09-May-2022 |
Daniel Stenberg |
hsts: ignore trailing dots when comparing hosts names CVE-2022-30115 Reported-by: Axel Chong Bug: https://curl.se/docs/CVE-2022-30115.html Closes #8821 |
ff3ee510 | 09-May-2022 |
Daniel Stenberg |
test440/441: verify HSTS with trailing dots |
cfa47974 | 09-May-2022 |
Daniel Stenberg |
libtest/lib1560: verify the host name percent decode fix |
914aaab9 | 09-May-2022 |
Daniel Stenberg |
urlapi: reject percent-decoding host name into separator bytes CVE-2022-27780 Reported-by: Axel Chong Bug: https://curl.se/docs/CVE-2022-27780.html Closes #8826 |
5c7da89d | 09-May-2022 |
Daniel Stenberg |
nss: return error if seemingly stuck in a cert loop CVE-2022-27781 Reported-by: Florian Kohnhäuser Bug: https://curl.se/docs/CVE-2022-27781.html Closes #8822 |
46d45ea3 | 09-May-2022 |
Daniel Stenberg |
test412/413: verify alt-svc with trailing dots |
a1d23f28 | 09-May-2022 |
Daniel Stenberg |
altsvc: fix host name matching for trailing dots Closes #8819 |
652fd3fa | 07-May-2022 |
Garrett Squire |
hyper: fix test 357 This change fixes the hyper API such that PUT requests that receive a 417 response can retry without the Expect header. Closes #8811 |
4fc35c82 | 06-May-2022 |
Harry Sintonen |
sectransp: bail out if SSLSetPeerDomainName fails Before the code would just warn about SSLSetPeerDomainName() errors. Closes #8798 |
a8a1dd8e | 06-May-2022 |
Daniel Stenberg |
http_proxy/hyper: handle closed connections Enable test 1021 for hyper builds. Patched-by: Prithvi MK Fixes #8700 Closes #8806 |
a15fa1c3 | 06-May-2022 |
Daniel Stenberg |
KNOWN_BUGS: timeout when reusing a http3 connection Closes #8764 |
06fd9736 | 06-May-2022 |
Daniel Stenberg |
KNOWN_BUGS: configure --with-ca-fallback is not supported by h3 Closes #8696 |
a04f0b96 | 05-May-2022 |
Ryan Schmidt |
Makefile: fix "make ca-firefox" Closes #8804 |
5d3c57bf | 05-May-2022 |
Daniel Gustafsson |
tests: fix markdown formatting in README The asterisk in the abbreviation *NIX (for UNIX/Linux) needs to be escaped to not mean start of italic formatting. This is consistent with do
tests: fix markdown formatting in README The asterisk in the abbreviation *NIX (for UNIX/Linux) needs to be escaped to not mean start of italic formatting. This is consistent with docs/RELEASE-PROCEDURE.md. Closes: #8802 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
1b0cab69 | 05-May-2022 |
Daniel Stenberg |
TODO: expand on "Expose tried IP addresses that failed" Ref: #8794 |
4f0bc19b | 05-May-2022 |
Fabian Keil |
tests/server: declare variable 'reqlogfile' static Silences the warning: CC socksd-socksd.o socksd.c:143:13: warning: no previous extern declaration for no
tests/server: declare variable 'reqlogfile' static Silences the warning: CC socksd-socksd.o socksd.c:143:13: warning: no previous extern declaration for non-static variable 'reqlogfile' [-Wmissing-variable-declarations] const char *reqlogfile = DEFAULT_REQFILE; ^ socksd.c:143:7: note: declare 'static' if the variable is not intended to be used outside of this translation unit const char *reqlogfile = DEFAULT_REQFILE; ^ 1 warning generated. ... when compiling with clang 13. Closes: #8799 Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
show more ...
|
8e8413ab | 05-May-2022 |
Daniel Gustafsson |
HTTP-COOKIES: add missing CURLOPT_COOKIESESSION Commit 980a47b42 added support for ignoring session cookies, but it was never added to the documentation. Closes: #8795 Revie
HTTP-COOKIES: add missing CURLOPT_COOKIESESSION Commit 980a47b42 added support for ignoring session cookies, but it was never added to the documentation. Closes: #8795 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
7fc01231 | 05-May-2022 |
Daniel Stenberg |
docs/THANKS: remove name duplicate |
613bf277 | 05-May-2022 |
Philip H <47042125+pheiduck@users.noreply.github.com> |
.mailmap: update Closes #8800 |