Skip to content
Commits on Feb 6, 2016
  1. @mkauf @jay

    idn_win32: Better error checking

    mkauf committed with jay
    .. also fix a conversion bug in the unused function
    curl_win32_ascii_to_idn().
    
    And remove wprintfs on error (Jay).
    
    Bug: #637
  2. @gvanem @jay

    examples/asiohiper: Avoid function name collision on Windows

    gvanem committed with jay
    closesocket => close_socket
    Winsock already has the former.
    
    Bug: https://curl.haxx.se/mail/lib-2016-02/0016.html
  3. @gvanem @jay
  4. @bagder

    COPYING: clarify that Daniel is not the sole author

    bagder committed
    ... done on request and as it is a fair point.
Commits on Feb 5, 2016
  1. @jay
  2. @jay
  3. @jay

    tool_doswin: Improve sanitization processing

    jay committed
    - Add unit test 1604 to test the sanitize_file_name function.
    
    - Use -DCURL_STATICLIB when building libcurltool for unit testing.
    
    - Better detection of reserved DOS device names.
    
    - New flags to modify sanitize behavior:
    
    SANITIZE_ALLOW_COLONS: Allow colons
    SANITIZE_ALLOW_PATH: Allow path separators and colons
    SANITIZE_ALLOW_RESERVED: Allow reserved device names
    SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename
    
    - Restore sanitization of banned characters from user-specified outfile.
    
    Prior to this commit sanitization of a user-specified outfile was
    temporarily disabled in 2b6dadc because there was no way to allow path
    separators and colons through while replacing other banned characters.
    Now in such a case we call the sanitize function with
    SANITIZE_ALLOW_PATH which allows path separators and colons to pass
    through.
    
    
    Closes #624
    Reported-by: Octavio Schroeder
Commits on Feb 4, 2016
  1. @vszakats @jay

    URLs: change more http to https

    vszakats committed with jay
  2. @jay

    sasl_sspi: Fix memory leak in domain populate

    jay committed
    Free an existing domain before replacing it.
    
    Bug: #635
    Reported-by: silveja1@users.noreply.github.com
  3. @vszakats @bagder
Commits on Feb 3, 2016
  1. @bagder

    CHANGES.o: fix references to curl.haxx.nu

    bagder committed
    I removed the scheme prefix from the URLs references this host name, as
    we don't own/run that anymore but the name is kept for historic reasons.
  2. @bagder
  3. @vszakats @jay

    URLs: change more http to https

    vszakats committed with jay
  4. @dfandrich
Commits on Feb 2, 2016
  1. @bagder

    RELEASE-NOTES: synced with 4af40b3

    bagder committed
  2. @bagder
  3. @bagder
  4. @bagder

    dotdot: allow an empty input string too

    bagder committed
    It isn't used by the code in current conditions but for safety it seems
    sensible to at least not crash on such input.
    
    Extended unit test 1395 to verify this too as well as a plain "/" input.
Commits on Feb 1, 2016
  1. @bagder
  2. @snikulov @bagder
  3. @jay

    tool_operate: Don't sanitize --output path (Windows)

    jay committed
    Due to path separators being incorrectly sanitized in --output
    pathnames, eg -o c:\foo => c__foo
    
    This is a partial revert of 3017d8a until I write a proper fix. The
    remote-name will continue to be sanitized, but if the user specified an
    --output with string replacement (#1, #2, etc) that data is unsanitized
    until I finish a fix.
    
    Bug: #624
    Reported-by: Octavio Schroeder
Commits on Jan 29, 2016
  1. @jay

    curl.1: Explain remote-name behavior if file already exists

    jay committed
    .. also warn about letting the server pick the filename.
  2. @gvanem @jay
Commits on Jan 28, 2016
  1. @bagder

    bump: towards the next (7.47.1 ?)

    bagder committed
  2. @snikulov @bagder
  3. @snikulov @jay

    urldata: moved common variable out of ifdef

    snikulov committed with jay
    Closes #618
  4. @vszakats @jay

    tool_doswin: silence unused function warning

    vszakats committed with jay
    tool_doswin.c:185:14: warning: 'msdosify' defined but not used
    [-Wunused-function]
    
    Closes #616
Commits on Jan 27, 2016
  1. @bagder

    getredirect.c: fix variable name

    bagder committed
    Reported-by: Bernard Spil
  2. @bagder
Commits on Jan 26, 2016
  1. @bagder
  2. @frenche @bagder

    NTLM: Fix ConnectionExists to compare Proxy credentials

    frenche committed with bagder
    Proxy NTLM authentication should compare credentials when
    re-using a connection similar to host authentication, as it
    authenticate the connection.
    
    Example:
    curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
      --proxy-ntlm --next -x http://proxy:port http://host/
        [-U fake_user:fake_pwd --proxy-ntlm]
    
    CVE-2016-0755
    
    Bug: http://curl.haxx.se/docs/adv_20160127A.html
  3. @jay @bagder

    curl: avoid local drive traversal when saving file (Windows)

    jay committed with bagder
    curl does not sanitize colons in a remote file name that is used as the
    local file name. This may lead to a vulnerability on systems where the
    colon is a special path character. Currently Windows/DOS is the only OS
    where this vulnerability applies.
    
    CVE-2016-0754
    
    Bug: http://curl.haxx.se/docs/adv_20160127B.html
  4. @bagder

    RELEASE-NOTES: 7.47.0

    bagder committed
Commits on Jan 25, 2016
  1. @bagder

    FAQ: language fix in 4.19

    bagder committed
Commits on Jan 24, 2016
  1. @paulehoffman @bagder

    FAQ: Update to point to GitHub

    paulehoffman committed with bagder
    Current FAQ didn't make it clear where the main repo is.
    
    Closes #612
Something went wrong with that request. Please try again.