b09c8ee1 | 19-Mar-2021 |
Daniel Stenberg |
vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid() To make sure we set and extract the correct session. Reported-by: Mingtao Yang Bug: https://curl.se/docs/CVE-2021-228
vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid() To make sure we set and extract the correct session. Reported-by: Mingtao Yang Bug: https://curl.se/docs/CVE-2021-22890.html CVE-2021-22890
show more ...
|
72142888 | 23-Feb-2021 |
Viktor Szakats |
transfer: strip credentials from the auto-referer header field Added test 2081 to verify. CVE-2021-22876 Bug: https://curl.se/docs/CVE-2021-22876.html |
184ffc0b | 28-Mar-2021 |
Daniel Stenberg |
curl_sasl: fix compiler error with --disable-crypto-auth ... if libgsasl was found. Closes #6806 |
8cbc16b2 | 28-Mar-2021 |
Patrick Monnerat |
ldap: only set the callback ptr for TLS context when TLS is used Follow-up to a5eee22e594c2460f Fixes #6804 Closes #6805 |
85e69756 | 27-Mar-2021 |
Daniel Stenberg |
copyright: update copyright year ranges to 2021 Reviewed-by: Emil Engler Closes #6802 |
b5726e55 | 26-Mar-2021 |
Daniel Stenberg |
send_speed: simplify the checks for if a speed limit is set ... as we know the value cannot be set to negative: enforced by setopt() |
24e469f6 | 26-Mar-2021 |
Daniel Stenberg |
http: cap body data amount during send speed limiting By making sure never to send off more than the allowed number of bytes per second the speed limit logic is given more room to actual
http: cap body data amount during send speed limiting By making sure never to send off more than the allowed number of bytes per second the speed limit logic is given more room to actually work. Reported-by: Fabian Keil Bug: https://curl.se/mail/lib-2021-03/0042.html Closes #6797
show more ...
|
95cbcec8 | 26-Mar-2021 |
Daniel Stenberg |
urldata: merge "struct DynamicStatic" into "struct UrlState" Both were used for the same purposes and there was no logical separation between them. Combined, this also saves 16 bytes in
urldata: merge "struct DynamicStatic" into "struct UrlState" Both were used for the same purposes and there was no logical separation between them. Combined, this also saves 16 bytes in less holes in my test build. Closes #6798
show more ...
|
d003b021 | 26-Mar-2021 |
Daniel Stenberg |
tests/README.md: mentioned that en_US.UTF-8 is required Reported-by: Oumph on github Fixes #6768 |
eef3b43a | 26-Mar-2021 |
Daniel Stenberg |
HISTORY: fixed the Mac OS X 10.1 release date Based on what Wikipedia says |
a8da0302 | 26-Mar-2021 |
Jay Satiro |
examples: Remove threaded-shared-conn.c due to bug Known bug 11.11 is the shared object's connection cache is not thread safe, so we should not have an example for it. Ref: http
examples: Remove threaded-shared-conn.c due to bug Known bug 11.11 is the shared object's connection cache is not thread safe, so we should not have an example for it. Ref: https://github.com/curl/curl/issues/4915 Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not Closes https://github.com/curl/curl/pull/6795
show more ...
|
65aa275b | 26-Mar-2021 |
Jay Satiro |
KNOWN_BUGS: Update 11.9 - DoH option inheritance - Add description: Explain that some options aren't inherited because they are not relevant for the DoH SSL connections or may result i
KNOWN_BUGS: Update 11.9 - DoH option inheritance - Add description: Explain that some options aren't inherited because they are not relevant for the DoH SSL connections or may result in unexpected behavior. - Remove the reference to #4578 (SSL verify options not inherited) since that was fixed by #6597 (separate DoH-specific options for verify). - Explain that DoH-specific options (those created by #6597) are available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS. - Add a reference to #6605 and explain that the user's debug function is not inherited because it would be unexpected to pass internal handles (ie DoH handles) to the user's callback. Closes https://github.com/curl/curl/issues/6605
show more ...
|
ae42f1df | 26-Mar-2021 |
Daniel Stenberg |
curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO |
5930cb1c | 25-Mar-2021 |
Jean-Philippe Menil |
openssl: ensure to check SSL_CTX_set_alpn_protos return values SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.
openssl: ensure to check SSL_CTX_set_alpn_protos return values SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> Closes #6794
show more ...
|
7b6bfd2d | 25-Mar-2021 |
Daniel Stenberg |
multi: close the connection when h2=>h1 downgrading Otherwise libcurl is likely to reuse the connection again in the next attempt since the connection reuse logic doesn't take downgrades
multi: close the connection when h2=>h1 downgrading Otherwise libcurl is likely to reuse the connection again in the next attempt since the connection reuse logic doesn't take downgrades into account. Reported-by: Anthony Ramine Fixes #6788 Closes #6793
show more ...
|
db4e0bd8 | 25-Mar-2021 |
Daniel Stenberg |
openssl: set the transfer pointer for logging early Otherwise, the transfer will be NULL in the trace function when the early handshake details arrive and then curl won't show them.
openssl: set the transfer pointer for logging early Otherwise, the transfer will be NULL in the trace function when the early handshake details arrive and then curl won't show them. Regresssion in 7.75.0 Reported-by: David Hu Fixes #6783 Closes #6792
show more ...
|
cd7aec95 | 25-Mar-2021 |
Daniel Stenberg |
RELEASE-NOTES: synced |
8494abfb | 25-Mar-2021 |
Daniel Stenberg |
TODO: Custom progress meter update interval Ref: https://stackoverflow.com/q/66789977/93747 |
8593b15c | 24-Mar-2021 |
Daniel Stenberg |
docs/ABI: tighten up the language Make the promises more firm Closes #6786 |
a5eee22e | 24-Mar-2021 |
Daniel Stenberg |
openldap: disconnect better Instead of clearing the callback argument in disconnect, set it to the (new) transfer to make sure the correct data is passed to the callbacks. Follo
openldap: disconnect better Instead of clearing the callback argument in disconnect, set it to the (new) transfer to make sure the correct data is passed to the callbacks. Follow-up to e467ea3bd937f38 Assisted-by: Patrick Monnerat Closes #6787
show more ...
|
1803be57 | 23-Mar-2021 |
Daniel Stenberg |
libssh2: kdb_callback: get the right struct pointer After the recent conn/data refactor in this source file, this function was mistakenly still getting the old struct pointer which would
libssh2: kdb_callback: get the right struct pointer After the recent conn/data refactor in this source file, this function was mistakenly still getting the old struct pointer which would lead to crash on servers with keyboard-interactive auth enabled. Follow-up to a304051620b92e12b (shipped in 7.75.0) Reported-by: Christian Schmitz Fixes #6691 Closes #6782
show more ...
|
2258899e | 23-Mar-2021 |
Daniel Stenberg |
tftp: remove unused struct fields Follow-up to d3d90ad9c00530d Closes #6781 |
e467ea3b | 23-Mar-2021 |
Daniel Stenberg |
openldap: avoid NULL pointer dereferences Follow-up to a59c33ceffb8f78 Reported-by: Patrick Monnerat Fixes #6676 Closes #6780 |
3bbf62b5 | 22-Mar-2021 |
Daniel Stenberg |
http: strip default port from URL sent to proxy To make sure the Host: header and the URL provide the same authority portion when sent to the proxy, strip the default port number from th
http: strip default port from URL sent to proxy To make sure the Host: header and the URL provide the same authority portion when sent to the proxy, strip the default port number from the URL if one was provided. Reported-by: Michael Brown Fixes #6769 Closes #6778
show more ...
|
45d1e24b | 22-Mar-2021 |
Daniel Stenberg |
azure: disable test 433 on azure-ubuntu Something in that environment sets XDG_CONFIG_HOME for us in a way that breaks the test. Reported-by: Marc Hörsken Fixes #6739 Cl
azure: disable test 433 on azure-ubuntu Something in that environment sets XDG_CONFIG_HOME for us in a way that breaks the test. Reported-by: Marc Hörsken Fixes #6739 Closes #6777
show more ...
|