| 142d89ed | 11-Sep-2019 |
Bernhard Walle |
winbuild/MakefileBuild.vc: Fix line endings
The file had mixed line endings.
Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu> |
| 08f96982 | 27-Aug-2019 |
Jay Satiro |
ldap: Stop using wide char version of ldapp_err2string
Despite ldapp_err2string being documented by MS as returning a
PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and
ldap: Stop using wide char version of ldapp_err2string
Despite ldapp_err2string being documented by MS as returning a
PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and
returns PWCHAR (wchar_t *).
We have lots of code that expects ldap_err2string to return char *,
most of it failf used like this:
failf(data, "LDAP local: Some error: %s", ldap_err2string(rc));
Closes https://github.com/curl/curl/pull/4272
show more ...
|
| 9cd755e1 | 09-Sep-2019 |
Daniel Stenberg |
RELEASE-NOTES: curl 7.66.0 |
| fcd4aa46 | 09-Sep-2019 |
Daniel Stenberg |
THANKS: from the 7.66.0 release |
| bbde0407 | 10-Sep-2019 |
Daniel Stenberg |
curl: make sure the parallel transfers do them all
The logic could erroneously break the loop too early before all
transfers had been transferred.
Reported-by: Tom van der Woerd
curl: make sure the parallel transfers do them all
The logic could erroneously break the loop too early before all
transfers had been transferred.
Reported-by: Tom van der Woerdt
Fixes #4316
Closes #4317
show more ...
|
| 9637dbff | 10-Sep-2019 |
Daniel Stenberg |
urlapi: one colon is enough for the strspn() input (typo) |
| eab3c580 | 04-Sep-2019 |
Daniel Stenberg |
urlapi: verify the IPv6 numerical address
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'
urlapi: verify the IPv6 numerical address
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'[ab.be]'.
Reported-by: Thomas Vegas
Closes #4315
show more ...
|
| ffe34b7b | 08-Sep-2019 |
Clément Notin |
openssl: use SSL_CTX_set_<min|max>_proto_version() when available
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use
when available. Existing code is preserved for
openssl: use SSL_CTX_set_<min|max>_proto_version() when available
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use
when available. Existing code is preserved for older versions of
OpenSSL.
Closes #4304
show more ...
|
| 9136542d | 08-Sep-2019 |
Clément Notin |
openssl: indent, re-organize and add comments |
| 67b30b34 | 06-Sep-2019 |
migueljcrum |
sspi: fix memory leaks
Closes #4299 |
| cb3dc991 | 10-Sep-2019 |
Daniel Stenberg |
travis: disable ngtcp2 builds (again) |
| c4c9e070 | 04-Sep-2019 |
Daniel Stenberg |
Curl_fillreadbuffer: avoid double-free trailer buf on error
Reviewed-by: Jay Satiro
Reported-by: Thomas Vegas
Closes #4307 |
| 74e152f1 | 08-Sep-2019 |
Daniel Stenberg |
tool_setopt: handle a libcurl build without netrc support
Reported-by: codesniffer13 on github
Fixes #4302
Closes #4305 |
| 9069838b | 03-Sep-2019 |
Daniel Stenberg |
security:read_data fix bad realloc()
... that could end up a double-free
CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html |
| facb0e46 | 31-Aug-2019 |
Thomas Vegas <> |
tftp: Alloc maximum blksize, and use default unless OACK is received
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.
Bug: ht
tftp: Alloc maximum blksize, and use default unless OACK is received
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.
Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
show more ...
|
| 82f3ba38 | 31-Aug-2019 |
Thomas Vegas <> |
tftp: return error when packet is too small for options |
| 0f37c8df | 05-Sep-2019 |
Daniel Stenberg |
KNOWN_BUGS/TODO: cleanup and remove outdated issues |
| 04ac67a4 | 04-Sep-2019 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| 158dcb9f | 03-Sep-2019 |
Daniel Stenberg |
netrc: free 'home' on error
Follow-up to f9c7ba9096ec2
Coverity CID 1453474
Closes #4291 |
| 4ac28840 | 03-Sep-2019 |
Daniel Stenberg |
urldata: avoid 'generic', use dedicated pointers
For the 'proto' union within the connectdata struct.
Closes #4290 |
| 5050edb1 | 02-Sep-2019 |
Daniel Stenberg |
cleanup: move functions out of url.c and make them static
Closes #4289 |
| 4d0306c6 | 02-Sep-2019 |
Daniel Stenberg |
smtp: check for and bail out on too short EHLO response
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.
Credit to OSS-Fuzz
Bug: ht
smtp: check for and bail out on too short EHLO response
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.
Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918
Assisted-by: Max Dymond
Closes #4287
show more ...
|
| 198b73d1 | 02-Sep-2019 |
Daniel Stenberg |
smb: init *msg to NULL in smb_send_and_recv()
... it might otherwise return OK from this function leaving that pointer
uninitialized.
Bug: https://crbug.com/oss-fuzz/16907
smb: init *msg to NULL in smb_send_and_recv()
... it might otherwise return OK from this function leaving that pointer
uninitialized.
Bug: https://crbug.com/oss-fuzz/16907
Closes #4286
show more ...
|
| 82a2168e | 02-Sep-2019 |
Daniel Stenberg |
ROADMAP: updated after recent user poll
In rough prio order |
| 62ffab9d | 31-Aug-2019 |
Daniel Stenberg |
THANKS: remove duplicate |
