a3cf94f3 | 29-Apr-2022 |
Christian Weisgerber |
openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl SSL_CTX_set1_curves_list() has been available since LibreSSL 2.5.3, released five years ago. Bug: https://curl.se/mail/li
openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl SSL_CTX_set1_curves_list() has been available since LibreSSL 2.5.3, released five years ago. Bug: https://curl.se/mail/lib-2022-04/0059.html Closes #8773
show more ...
|
d7b970e4 | 29-Apr-2022 |
Daniel Stenberg |
http: move Curl_allow_auth_to_host() It was mistakenly put within the CURL_DISABLE_HTTP_AUTH #ifdef Reported-by: Michael Olbrich Fixes #8772 Closes #8775 |
59d89286 | 29-Apr-2022 |
Daniel Gustafsson |
msh3: print boolean value as text representation Print the boolean value as its string representation instead of with %hhu which isn't a format we typically use. Closes: #8763
msh3: print boolean value as text representation Print the boolean value as its string representation instead of with %hhu which isn't a format we typically use. Closes: #8763 Reviewed-by: Nick Banks <nibanks@microsoft.com>
show more ...
|
685170b7 | 29-Apr-2022 |
Daniel Stenberg |
data/test376: set a proper name |
fa40e15a | 28-Apr-2022 |
Daniel Stenberg |
GHA/mbedtls: enabled nghttp2 in the build Closes #8767 |
6eb7fb37 | 28-Apr-2022 |
Daniel Stenberg |
mbedtls: fix compile when h2-enabled Fixes #8766 Reported-by: LigH-de on github Closes #8768 |
3fd1d8df | 28-Apr-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced bumped curlver to 7.83.1-dev |
ba342909 | 27-Apr-2022 |
Daniel Stenberg |
SECURITY-PROCESS: extended Also clarify BUG-BOUNTY.md with IBB details. Closes #8754 |
e07a9b66 | 27-Apr-2022 |
Adam Rosenfield |
conn: fix typo 'connnection' -> 'connection' in two function names Closes #8759 |
1669b17d | 27-Apr-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced The 7.83.0 release |
0ea2456a | 27-Apr-2022 |
Daniel Stenberg |
docs/THANKS: contributors from 7.83.0 |
cb60b2cc | 26-Apr-2022 |
Daniel Stenberg |
test 898/974/976: require proxy to run Fixes #8755 Reported-by: Marc Hörsken Closes #8756 |
09353155 | 26-Apr-2022 |
Daniel Stenberg |
gnutls: don't leak the SRP credentials in redirects Follow-up to 620ea21410030 and 139a54ed0a172a Reported-by: Harry Sintonen Closes #8752 |
d2a36bee | 25-Apr-2022 |
Daniel Stenberg |
CURLOPT*TLSAUTH: they only work with OpenSSL or GnuTLS Closes #8753 |
139a54ed | 25-Apr-2022 |
Daniel Stenberg |
openssl: don't leak the SRP credentials in redirects either Follow-up to 620ea21410030 Reported-by: Harry Sintonen Closes #8751 |
aad7d9f9 | 14-Apr-2022 |
Liam Warfield |
hyper: fix tests 580 and 581 for hyper Hyper now has the ability to preserve header order. This commit adds a few lines setting the connection options for this feature. Related
hyper: fix tests 580 and 581 for hyper Hyper now has the ability to preserve header order. This commit adds a few lines setting the connection options for this feature. Related to issue #8617 Closes #8707
show more ...
|
030adbce | 25-Apr-2022 |
Daniel Stenberg |
conncache: remove name arg from Curl_conncache_find_bundle To simplify, and also since the returned name is not the full actual name used for the check. The port number and zone id is al
conncache: remove name arg from Curl_conncache_find_bundle To simplify, and also since the returned name is not the full actual name used for the check. The port number and zone id is also involved, so just showing the name is misleading. Closes #8750
show more ...
|
5295e8d6 | 25-Apr-2022 |
Daniel Stenberg |
tests: verify the fix for CVE-2022-27774 - Test 973 redirects from HTTP to FTP, clear auth - Test 974 redirects from HTTP to HTTP different port, clear auth - Test 975 redirects f
tests: verify the fix for CVE-2022-27774 - Test 973 redirects from HTTP to FTP, clear auth - Test 974 redirects from HTTP to HTTP different port, clear auth - Test 975 redirects from HTTP to FTP, permitted to keep auth - Test 976 redirects from HTTP to HTTP different port, permitted to keep auth
show more ...
|
620ea214 | 25-Apr-2022 |
Daniel Stenberg |
transfer: redirects to other protocols or ports clear auth ... unless explicitly permitted. Bug: https://curl.se/docs/CVE-2022-27774.html Reported-by: Harry Sintonen Closes
transfer: redirects to other protocols or ports clear auth ... unless explicitly permitted. Bug: https://curl.se/docs/CVE-2022-27774.html Reported-by: Harry Sintonen Closes #8748
show more ...
|
08b8ef4e | 25-Apr-2022 |
Daniel Stenberg |
connect: store "conn_remote_port" in the info struct To make it available after the connection ended. |
c1262996 | 25-Apr-2022 |
Daniel Stenberg |
cookie.d: clarify when cookies are always sent |
afe752e0 | 25-Apr-2022 |
Daniel Stenberg |
test898: verify the fix for CVE-2022-27776 Do not pass on Authorization headers on redirects to another port |
6e659993 | 25-Apr-2022 |
Daniel Stenberg |
http: avoid auth/cookie on redirects same host diff port CVE-2022-27776 Reported-by: Harry Sintonen Bug: https://curl.se/docs/CVE-2022-27776.html Closes #8749 |
8f207915 | 25-Apr-2022 |
Daniel Stenberg |
libssh2: make the md5 comparison fail if wrong length Making it just skip the check unless exactly 32 is too brittle. Even if the docs says it needs to be exactly 32, it is be safer to m
libssh2: make the md5 comparison fail if wrong length Making it just skip the check unless exactly 32 is too brittle. Even if the docs says it needs to be exactly 32, it is be safer to make the comparison fail here instead. Reported-by: Harry Sintonen Bug: https://hackerone.com/reports/1549461 Closes #8745
show more ...
|
058f98dc | 25-Apr-2022 |
Daniel Stenberg |
conncache: include the zone id in the "bundle" hashkey Make connections to two separate IPv6 zone ids create separate connections. Reported-by: Harry Sintonen Bug: https://c
conncache: include the zone id in the "bundle" hashkey Make connections to two separate IPv6 zone ids create separate connections. Reported-by: Harry Sintonen Bug: https://curl.se/docs/CVE-2022-27775.html Closes #8747
show more ...
|