This project is mirrored from https://gitlab.com/gitlab-org/build/omnibus-mirror/curl.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner.
Last successful update .
- Nov 07, 2018
-
-
Frank Gevaerts authored
Closes #3115
-
- Nov 06, 2018
-
-
Daniel Stenberg authored
The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Also fixed test203 to use file_pwd to make it get the correct path on windows. Removed test 2070 since it was a duplicate of 203. Assisted-by: Marcel Raad Reported-by: Hagai Auro Fixes #3220 Fixes #3233 Closes #3223 Closes #3235
-
- Nov 03, 2018
-
-
Daniel Gustafsson authored
The internal buffer in infof() is limited to 2048 bytes of payload plus an additional byte for NULL termination. Servers with very long error messages can however cause truncation of the string, which currently isn't very clear, and leads to badly formatted output. This appends a "...\n" (or just "..." in case the format didn't with a newline char) marker to the end of the string to clearly show that it has been truncated. Also include a unittest covering infof() to try and catch any bugs introduced in this quite important function. Closes #3216 Reviewed-by:
Daniel Stenberg <daniel@haxx.se> Reviewed-by:
Marcel Raad <Marcel.Raad@teamviewer.com>
-
- Nov 02, 2018
-
-
Daniel Stenberg authored
When not actually following the redirect and the target URL is only stored for later retrieval, curl always accepted "non-supported" schemes. This was a regression from 46e16406. Reported-by: Brad King Fixes #3210 Closes #3215
-
- Oct 30, 2018
-
-
Daniel Stenberg authored
-
- Oct 27, 2018
-
-
Daniel Stenberg authored
The version used for Gskit, NSS, GnuTLS, WolfSSL and schannel.
-
- Sep 08, 2018
-
-
Daniel Stenberg authored
See header file and man pages for API. All documented API details work and are tested in the 1560 test case. Closes #2842
-
- Sep 06, 2018
-
-
Nicklas Avén authored
... and add "MAILINDEX". As described in #2789, this is a suggested solution. Changing UID=xx to actually get mail with UID xx and add "MAILINDEX" to get a mail with a special index in the mail box (old behavior). So MAILINDEX=1 gives the first non deleted mail in the mail box. Fixes #2789 Closes #2815
-
Daniel Stenberg authored
-
- Sep 05, 2018
-
-
James Fuller authored
Approved-by: Daniel Gustafsson Closes #2937
-
- Aug 15, 2018
-
-
Daniel Stenberg authored
... simply because this is usually a sign of the user having omitted the file name and the next option is instead "eaten" by the parser as a file name. Add test1268 to verify Closes #2885
-
- Aug 14, 2018
-
-
Kamil Dudka authored
Added test 656 (based on test 604) to verify the fix. Bug: https://bugzilla.redhat.com/1595135 Closes #2879
-
- Aug 13, 2018
-
-
Daniel Stenberg authored
Deal with tiny "HTTP/0.9" (header-less) responses by checking the status-line early, even before a full "HTTP/" is received to allow detecting 0.9 properly. Test 1266 and 1267 added to verify. Fixes #2420 Closes #2872
-
- Aug 11, 2018
-
-
Marcel Raad authored
Split off testing file names with double quotes into new test 1158. Disable it for MSYS using a precheck as it doesn't support file names with double quotes (but Cygwin does, for example). Fixes https://github.com/curl/curl/issues/2796 Closes https://github.com/curl/curl/pull/2854
-
Daniel Stenberg authored
Adds test 1522 for verification. Reported-by: cjmsoregan Fixes #2847 Closes #2864
-
- Jul 28, 2018
-
-
Daniel Stenberg authored
Verifies bugfix #2797
-
- Jun 23, 2018
-
-
Javier Blazquez authored
Fixes #2677 Closes #2679
-
- Jun 16, 2018
-
-
Daniel Stenberg authored
When the application just started the transfer and then stops it while the name resolve in the background thread hasn't completed, we need to wait for the resolve to complete and then cleanup data accordingly. Enabled test 1553 again and added test 1590 to also check when the host name resolves successfully. Detected by OSS-fuzz. Closes #1968
-
- Jun 01, 2018
-
-
Alibek.Jorajev authored
If there's an existing entry using the selected name. Closes #2622
-
- May 31, 2018
-
-
Björn Stenberg authored
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340
-
- May 24, 2018
-
-
Linus Lewandowski authored
Closes #2102
-
- May 22, 2018
-
-
Patrick Monnerat authored
This avoids appending error data to already existing good data. Test 92 is updated to match this change. New test 1156 checks all combinations of --range/--resume, --fail, Content-Range header and http status code 200/416. Fixes #1163 Reported-By: Ithubg on github Closes #2578
-
- May 12, 2018
-
-
Patrick Monnerat authored
RFC 6265 section 4.2.1 does not set restrictions on cookie names. This is a follow-up to commit 7f7fcd0d. Also explicitly check proper syntax of cookie name/value pair. New test 1155 checks that cookie names are not reserved words. Reported-By: anshnd at github Fixes #2564 Closes #2566
-
- Apr 18, 2018
-
-
Dan McNulty authored
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
-
- Mar 17, 2018
-
-
Rick Deist authored
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request shuffling of IP addresses returned for a hostname when there is more than one. This is useful when the application knows that a round robin approach is appropriate and is willing to accept the consequences of potentially discarding some preference order returned by the system's implementation. Closes #1694
-
Lawrence Matthews authored
Add --haproxy-protocol for the command line tool Closes #2162
-
- Mar 15, 2018
-
-
Daniel Stenberg authored
This is what "HTTP/0.9" basically looks like. Reported on IRC Closes #2382
-
- Mar 12, 2018
-
-
Daniel Stenberg authored
Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
-
- Mar 11, 2018
-
-
Daniel Stenberg authored
Reported-by: Michael Kaufmann Fixes #2357 Closes #2362
-
- Mar 04, 2018
-
-
Daniel Stenberg authored
Added test 1265 that verifies. Reported-by: steelman on github Fixes #2353 Closes #2355
-
- Feb 22, 2018
-
-
Francisco Sedano authored
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that will be called every time before a new resolve request is started (ie before a host is resolved) with a pointer to backend-specific resolver data. Currently this is only useful for ares. - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to pass to the resolver start callback. Closes https://github.com/curl/curl/pull/2311
-
- Feb 20, 2018
-
-
Anders Bakken authored
This enables users to preresolve but still take advantage of happy eyeballs and trying multiple addresses if some are not connecting. Ref: https://github.com/curl/curl/pull/2260
-
- Feb 16, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Feb 15, 2018
-
-
Björn Stenberg authored
Closes #2302
-
- Feb 13, 2018
-
-
Patrick Monnerat authored
Test 319 checks proper raw mode data with non-chunked gzip transfer-encoded server data. Test 326 checks raw mode with chunked server data. Bug: #2303 Closes #2308
-
- Feb 12, 2018
-
-
Patrick Monnerat authored
RFC 5321 4.1.1.4 specifies the CRLF terminating the DATA command should be taken into account when chasing the <CRLF>.<CRLF> end marker. Thus a leading dot character in data is also subject to escaping. Tests 911 and test server are adapted to this situation. New tests 951 and 952 check proper handling of initial dot in data. Closes #2304
-
- Jan 23, 2018
-
-
Daniel Stenberg authored
-
- Jan 22, 2018
-
-
Daniel Stenberg authored
... unless CURLOPT_UNRESTRICTED_AUTH is set to allow them. This matches how curl already handles Authorization headers created internally. Note: this changes behavior slightly, for the sake of reducing mistakes. Added test 317 and 318 to verify. Reported-by: Craig de Stigter Bug: https://curl.haxx.se/docs/adv_2018-b3bf.html
-
- Jan 14, 2018
-
-
Patrick Monnerat authored
A mime tree attached to an easy handle using CURLOPT_MIMEPOST is strongly bound to the handle: there is a pointer to the easy handle in each item of the mime tree and following the parent pointer list of mime items ends in a dummy part stored within the handle. Because of this binding, a mime tree cannot be shared between different easy handles, thus it needs to be cloned upon easy handle duplication. There is no way for the caller to get the duplicated mime tree handle: it is then set to be automatically destroyed upon freeing the new easy handle. New test 654 checks proper mime structure duplication/release. Add a warning note in curl_mime_data_cb() documentation about sharing user data between duplicated handles. Closes #2235
-