Home - Waterfall Grid T-Grid Console Builders Recent Builds Buildslaves Changesources - JSON API - About

Console View

Legend:   Passed Failed Warnings Failed Again Running Exception Offline No data

Clément Notin
openssl: use SSL_CTX_set_<min|max>_proto_version() when available
OpenSSL 1.1.0 adds SSL_CTX_set_<min|max>_proto_version() that we now use
when available.  Existing code is preserved for older versions of
OpenSSL.

Closes #4304
Daniel Stenberg
THANKS: from the 7.66.0 release
Thomas Vegas
tftp: Alloc maximum blksize, and use default unless OACK is received
Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.

Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
Daniel Stenberg
RELEASE-NOTES: synced
Daniel Stenberg
urlapi: verify the IPv6 numerical address
It needs to parse correctly. Otherwise it could be tricked into letting
through a-f using host names that libcurl would then resolve. Like
'[ab.be]'.

Reported-by: Thomas Vegas
Closes #4315
Daniel Stenberg
asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
Reported-by: Dagobert Michelsen
Fixes #4328
Closes #4333
Rolf Eike Beer
CMake: remove needless newlines at end of gss variables
Daniel Stenberg
travis: disable ngtcp2 builds (again)
Daniel Stenberg
Curl_fillreadbuffer: avoid double-free trailer buf on error
Reviewed-by: Jay Satiro
Reported-by: Thomas Vegas

Closes #4307
Daniel Stenberg
curl: make sure the parallel transfers do them all
The logic could erroneously break the loop too early before all
transfers had been transferred.

Reported-by: Tom van der Woerdt
Fixes #4316
Closes #4317
Gilles Vollant
curl:file2string: load large files much faster
... by using a more efficient realloc scheme.

Bug: https://curl.haxx.se/mail/lib-2019-09/0045.html
Closes #4336
Zenju
FTP: skip CWD to entry dir when target is absolute
Closes #4332
Bernhard Walle
winbuild/MakefileBuild.vc: Add vssh
Without that modification, the Windows build using the makefiles doesn't
work.

Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>

Fixes #4322
Closes #4323
Daniel Stenberg
openssl: close_notify on the FTP data connection doesn't mean closure
For FTPS transfers, curl gets close_notify on the data connection
without that being a signal to close the control connection!

Regression since 3f5da4e59a556fc (7.65.0)

Reported-by: Zenju on github
Reviewed-by: Jay Satiro
Fixes #4329
Closes #4340
Daniel Stenberg
RELEASE-NOTES: curl 7.66.0
Daniel Stenberg
urlapi: one colon is enough for the strspn() input (typo)
Clément Notin
openssl: indent, re-organize and add comments
Daniel Stenberg
security:read_data fix bad realloc()
... that could end up a double-free

CVE-2019-5481
Bug: https://curl.haxx.se/docs/CVE-2019-5481.html
Daniel Stenberg
Curl_addr2string: take an addrlen argument too
This allows the function to figure out if a unix domain socket has a
file name or not associated with it! When a socket is created with
socketpair(), as done in the fuzzer testing, the path struct member is
uninitialized and must not be accessed.

Bug: https://crbug.com/oss-fuzz/16699

Closes #4283
Daniel Stenberg
parsedate: still provide the name arrays when disabled
If FILE or FTP are enabled, since they also use them!

Reported-by: Roland Hieber
Fixes #4325
Closes #4343
Thomas Vegas
tftp: return error when packet is too small for options
Daniel Stenberg
ROADMAP: updated after recent user poll
In rough prio order
Daniel Stenberg
tool_setopt: handle a libcurl build without netrc support
Reported-by: codesniffer13 on github
Fixes #4302
Closes #4305
migueljcrum
sspi: fix memory leaks
Closes #4299
Daniel Stenberg
FTP: allow "rubbish" prepended to the SIZE response
This is a protocol violation but apparently there are legacy proprietary
servers doing this.

Added test 336 and 337 to verify.

Reported-by: Philippe Marguinaud
Closes #4339
Daniel Stenberg
THANKS: remove duplicate
Daniel Stenberg
appveyor: add a winbuild
Assisted-by: Marcel Raad
Assisted-by: Jay Satiro

Closes #4324
Daniel Stenberg
cleanup: move functions out of url.c and make them static
Closes #4289
Jimmy Gaussen
docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
Closes #4338
Daniel Stenberg
smtp: check for and bail out on too short EHLO response
Otherwise, a three byte response would make the smtp_state_ehlo_resp()
function misbehave.

Credit to OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/16918

Assisted-by: Max Dymond

Closes #4287
Daniel Stenberg
urldata: avoid 'generic', use dedicated pointers
For the 'proto' union within the connectdata struct.

Closes #4290
Daniel Stenberg
curlver: bump to 7.66.1
Kamil Dudka
curl: fix memory leaked by parse_metalink()
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850.
Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind
and libmetalink enabled.

Closes #4326
Daniel Stenberg
smb: init *msg to NULL in smb_send_and_recv()
... it might otherwise return OK from this function leaving that pointer
uninitialized.

Bug: https://crbug.com/oss-fuzz/16907

Closes #4286
Daniel Stenberg
netrc: free 'home' on error
Follow-up to f9c7ba9096ec2

Coverity CID 1453474

Closes #4291
Bernhard Walle
winbuild/MakefileBuild.vc: Fix line endings
The file had mixed line endings.

Signed-off-by: Bernhard Walle <bernhard.walle@posteo.eu>
Daniel Stenberg
KNOWN_BUGS/TODO: cleanup and remove outdated issues
Zenju
setopt: make it easier to add new enum values
... by using the *_LAST define names better.

Closes #4321
Jay Satiro
ldap: Stop using wide char version of ldapp_err2string
Despite ldapp_err2string being documented by MS as returning a
PCHAR (char *), when UNICODE it is mapped to ldap_err2stringW and
returns PWCHAR (wchar_t *).

We have lots of code that expects ldap_err2string to return char *,
most of it failf used like this:

failf(data, "LDAP local: Some error: %s", ldap_err2string(rc));

Closes https://github.com/curl/curl/pull/4272
Daniel Stenberg
RELEASE-NOTES: synced