Commit Graph

14065 Commits

Author SHA1 Message Date
Daniel Stenberg
42c6b7577f RELEASE-NOTES: mention security issue 20110623
libcurl inappropriate GSSAPI delegation. Full details at
http://curl.haxx.se/docs/adv_20110623.html
2011-06-22 23:12:39 +02:00
Daniel Stenberg
e5010ec3ff RELEASE-NOTES: synced with 9016958aa8 2011-06-22 23:04:26 +02:00
Daniel Stenberg
5c314c6bb4 Curl_input_negotiate: do not delegate GSSAPI credentials
This is a security flaw. See curl advisory 20110623 for details.

Reported by: Richard Silverman
2011-06-22 23:04:26 +02:00
Josue Andrade Gomes
9016958aa8 windows build: use correct MS CRT 2011-06-21 20:05:06 +02:00
Daniel Stenberg
1614dc0745 Merge pull request #23 from salty-horse/pop3_list_space
[pop3] remove extra space in LIST command
2011-06-21 08:54:25 -07:00
Ori Avtalion
af6dcc92d5 [pop3] remove extra space in LIST command
Some servers, e.g. mail.bezeqint.net:110, consider it a syntax error
2011-06-21 18:12:05 +03:00
Yang Tse
57064e4a0d http: fix compiler warning
compiler warning: conditional expression is constant
2011-06-21 16:28:15 +02:00
Yang Tse
d9e71809cb asyn-thread: fix compiler warning
compiler warning: variable is initialized but not referenced
2011-06-21 16:06:56 +02:00
Yang Tse
a7cc54a5a8 cmake: remove spurious definition 2011-06-21 15:28:03 +02:00
Daniel Stenberg
c9a82f39e2 FAQ: more blurb on persistent connections 2011-06-21 08:45:45 +02:00
Yang Tse
e4bca6a01c xc-translit.m4 fix quoting 2011-06-21 00:03:44 +02:00
Daniel Stenberg
56e5302b53 INSTALL: mention the GIT-INFO file 2011-06-20 22:20:39 +02:00
Dan Fandrich
4cbc6fc6ab Added LOCAL_MODULE_TAGS to support Android gingerbread 2011-06-20 12:01:38 -07:00
Amr Shahin
c9f16e67ef unitteset: Curl_llist_move
adding unit test for Curl_llist_move, documenting unit-tested functions
in llist.c, changing unit-test to unittest, replacing assert calls with
abort_unless calls
2011-06-19 22:22:49 +02:00
Daniel Stenberg
f851f76857 CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
The CURLFORM_STREAM is documented to only insert a file name (and thus
look like a file upload) in the part if CURLFORM_FILENAME is set, but in
reality it always inserted a filename="" and if CURLFORM_FILENAME wasn't
set, it would insert insert rubbish (or possibly crash).

This is now fixed to work as documented, and test 554 has been extended
to verify this.

Reported by: Sascha Swiercy
Bug: http://curl.haxx.se/mail/lib-2011-06/0070.html
2011-06-17 22:23:42 +02:00
Yang Tse
0126b4a959 configure: avoid direct usage of AS_TR_* macros 2011-06-17 21:01:41 +02:00
Yang Tse
49a8fe5142 xc-translit.m4 provides transliteration macros with well defined behavior. 2011-06-17 20:59:58 +02:00
Daniel Stenberg
8fc4be9e7b RELEASE-NOTES: add more contributors for this release 2011-06-14 19:17:41 +02:00
Daniel Stenberg
70eee054f2 RELEASE-NOTES: synced with 0aedccc18a 2011-06-14 14:45:44 +02:00
Daniel Stenberg
0aedccc18a curl_formget: fix FILE * leak
Properly deal with the fact that the last fread() call most probably is
a short read, and when using callbacks in fact all calls can be short
reads. No longer consider a file read done until it returns a 0 from the
read function.

Reported by: Aaron Orenstein
Bug: http://curl.haxx.se/mail/lib-2011-06/0048.html
2011-06-13 22:32:00 +02:00
Daniel Stenberg
85881f9f35 curl_formget: treat CURLFORM_STREAM better
If a piece is set to use a callback to get the data, it should not be
treated as data. It unfortunately also requires that curl_easy_perform()
or similar has been used as otherwise the callback function hasn't been
figured out and curl_formget won't know how to get the content.
2011-06-13 22:05:13 +02:00
Daniel Stenberg
84e13f2e07 curl_formget.3: CURLFORM_STREAM has its drawbacks
Due to a design flaw, the CURLFORM_STREAM option doesn't really work
with curl_formget until after curl_easy_perform (or similar).
2011-06-13 22:03:33 +02:00
Daniel Stenberg
832e827518 FAQ: binding clarification
We don't author the bindings, they are created outside the main project.
2011-06-13 19:02:38 +02:00
Dan Fandrich
a6fa7fc38e Added http as a dependency of test 1308 2011-06-11 17:02:37 -07:00
Daniel Stenberg
b122f8be61 test1309: added to the dist 2011-06-12 00:10:51 +02:00
Daniel Stenberg
950fb3efcc write: add return code checks when used
These were just warnings in test code but it still makes it nicer to not
generate them.
2011-06-11 23:01:09 +02:00
Daniel Stenberg
ee015947d4 long/int mess
Typecast when converting to int from long to avoid some compiler warnings
2011-06-11 22:56:45 +02:00
Yang Tse
a2a2863306 configure: OpenSSL API detection cleanup 2011-06-11 18:40:26 +02:00
Dan Fandrich
b688f2c260 Fixed test 1309 to pass the torture test
Removing dynamic allocations also simplifies the test.
2011-06-11 00:10:09 -07:00
Daniel Stenberg
c4dd8df081 splay: add unit tests
The test code that was #ifdef'ed in the code was converted into unit
tests in test case 1309. I also removed the #if 0'ed code from splay.c
2011-06-10 20:19:35 +02:00
Daniel Stenberg
0f7bea7c3a unittest: mark all unit tested functions
With "@unittest: [num]" in the header comment for each tested function.
Shows we have a log way to go still...
2011-06-10 14:40:46 +02:00
Daniel Stenberg
d5cc77b744 CURLOPT_WRITEHEADER: clarify the docs 2011-06-10 13:17:17 +02:00
Daniel Stenberg
36a22f9074 unit test formpost: added test case 1308
This is a few first rather basic tests of curl_formadd() and
curl_formget(). Should serve as building blocks to add more variations
to the test.
2011-06-10 12:03:29 +02:00
Yang Tse
6e0dd48f97 configure: warn if OpenSSL headers and library versions don't match 2011-06-09 22:55:16 +02:00
Yang Tse
cb2f300364 configure: get API info for a couple of OpenSSL functions (followup 2) 2011-06-09 19:03:10 +02:00
Yang Tse
7530a28878 configure: get API info for a couple of OpenSSL functions (followup 1) 2011-06-09 00:45:38 +02:00
Yang Tse
e8d73c9c2d configure: fix recvfrom 5th arg type qualifier detection (followup) 2011-06-08 15:57:36 +02:00
Yang Tse
8a3c0fe56c configure: fix recvfrom 5th arg type qualifier detection 2011-06-08 13:37:35 +02:00
Kamil Dudka
f551aa5c16 disconnect: wipe out the keeps_speed time stamp
When closing a connection, the speedchecker's timestamp is now deleted
so that it cannot accidentally be used by a fresh connection on the same
handle when examining the transfer speed.

Bug: https://bugzilla.redhat.com/679709
2011-06-08 00:23:41 +02:00
Yang Tse
377f88364e urldata: use uniform inclusion style for OpenSSL headers 2011-06-07 18:35:42 +02:00
Daniel Stenberg
c0b9dd27b5 HTTP time condition: force closure for 200 OK
When a time condition isn't met, so that no body is delivered to the
application even though a 2xx response is being read from the server, we
must close the connection to avoid a re-use of the connection to be
completely tricked.

Added test 1128 to verify.
2011-06-07 13:40:11 +02:00
Daniel Stenberg
6aff805942 RELEASE-NOTES: synced with b772f3a321 2011-06-07 13:15:50 +02:00
Yang Tse
b772f3a321 configure: get API info for a couple of OpenSSL functions 2011-06-06 20:47:36 +02:00
Daniel Stenberg
7559b77727 wait_ms: takes an int argument
Typecasts added since I changed more code to use long for timeouts
2011-06-05 12:06:50 +02:00
Daniel Stenberg
4f170ee8f9 Curl_socket_ready: make timeout a 'long'
It was mostly typecasted to int all over the code so switching to long
instead all over should be a net gain.
2011-06-04 21:19:14 +02:00
Yang Tse
fba00c9f7b xlc: avoid preprocessor definition usage when linking 2011-06-04 04:27:09 +02:00
Yang Tse
10a7d05be3 unit tests: disable unit tests for a given cross-compilation configuration.
cross-compilation of unit tests static library/programs fails when
libcurl shared library is also built. This might be due to a libtool or
automake issue. In this case we disable unit tests.
2011-06-03 20:08:00 +02:00
Daniel Stenberg
9776f3445d cookie_output: made private 2011-06-03 20:02:07 +02:00
Daniel Stenberg
adeac15d8e digest_cleanup_one: made private 2011-06-03 19:54:17 +02:00
Daniel Stenberg
5d4e5593d5 privatise: make private functions static 2011-06-03 19:51:08 +02:00