Skip to content

Commit

Permalink
www.curl.se: new project home
Browse files Browse the repository at this point in the history
Update all references from the old host name to the new
  • Loading branch information
bagder committed Nov 4, 2020
1 parent 22102f4 commit ed28b28
Show file tree
Hide file tree
Showing 216 changed files with 3,927 additions and 3,927 deletions.
200 changes: 100 additions & 100 deletions .htaccess

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions CVE-2014-3613.patch
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ to set cookies for others.

CVE-2014-3613

Bug: https://curl.haxx.se/docs/adv_20140910A.html
Bug: https://www.curl.se/docs/adv_20140910A.html
---
lib/cookie.c | 50 ++++++++++++++++++++++++++++++++++++++----------
tests/data/test1105 | 3 +--
Expand Down Expand Up @@ -151,7 +151,7 @@ index 25f194c..9564775 100644
+++ b/tests/data/test1105
@@ -57,10 +57,9 @@ userid=myname&password=mypassword
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# https://www.curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

127.0.0.1 FALSE /we/want/ FALSE 0 foobar name
Expand Down Expand Up @@ -182,7 +182,7 @@ index 38af83b..dfcac04 100644
@@ -93,36 +94,36 @@ Accept: */*
<file name="log/jar31.txt" mode="text">
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# https://www.curl.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

-.127.0.0.1 TRUE /silly/ FALSE 0 ismatch this
Expand Down
2 changes: 1 addition & 1 deletion CVE-2014-3620.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Test 61 was modified to verify this.
CVE-2014-3620

Reported-by: Tim Ruehsen
URL: https://curl.haxx.se/docs/adv_20140910B.html
URL: https://www.curl.se/docs/adv_20140910B.html
---
lib/cookie.c | 6 ++++++
tests/data/test61 | 1 +
Expand Down
12 changes: 6 additions & 6 deletions CVE-2014-3707.patch
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ zero terminated! This caused read out of bounds crashes/segfaults.
Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: https://curl.haxx.se/docs/adv_20141105.html
Bug: https://www.curl.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
---
Expand Down Expand Up @@ -143,7 +143,7 @@ index 3b776b1..4b5bd40 100644
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
* are also available at https://www.curl.se/docs/copyright.html.
*
@@ -17,16 +17,16 @@
*
Expand Down Expand Up @@ -209,7 +209,7 @@ index 49af911..23a71f8 100644
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
* are also available at https://www.curl.se/docs/copyright.html.
*
@@ -24,7 +24,8 @@
#include "curl_setup.h"
Expand Down Expand Up @@ -384,7 +384,7 @@ index c94686f..3d7c158 100644
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
* are also available at https://www.curl.se/docs/copyright.html.
*
@@ -65,11 +65,10 @@
/* define what to use for unprintable characters */
Expand Down Expand Up @@ -416,7 +416,7 @@ index 0000000..d661a82
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://www.curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
Expand Down Expand Up @@ -471,7 +471,7 @@ index 0000000..83c8102
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://www.curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
Expand Down
2 changes: 1 addition & 1 deletion CVE-2014-8150.patch
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 25 Dec 2014 23:55:03 +0100
Subject: [PATCH] url-parsing: reject CRLFs within URLs

Bug: https://curl.haxx.se/docs/adv_20150108B.html
Bug: https://www.curl.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
---
lib/url.c | 7 +++++++
Expand Down
2 changes: 1 addition & 1 deletion CVE-2014-8151.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Subject: [PATCH] darwinssl: fix session ID keys to only reuse identical
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.

Bug: https://curl.haxx.se/docs/adv_20150108A.html
Bug: https://www.curl.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
---
lib/vtls/curl_darwinssl.c | 6 ++++--
Expand Down
2 changes: 1 addition & 1 deletion CVE-2015-3143.patch
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to

CVE-2015-3143

Bug: https://curl.haxx.se/docs/adv_20150422A.html
Bug: https://www.curl.se/docs/adv_20150422A.html
Reported-by: Paras Sethia
---
lib/url.c | 2 +-
Expand Down
2 changes: 1 addition & 1 deletion CVE-2015-3144.patch
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ assign that address.

CVE-2015-3144

Bug: https://curl.haxx.se/docs/adv_20150422D.html
Bug: https://www.curl.se/docs/adv_20150422D.html
Reported-by: Hanno Böck
---
lib/url.c | 2 +-
Expand Down
2 changes: 1 addition & 1 deletion CVE-2015-3145.patch
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ destroying heap memory it wasn't supposed to.

CVE-2015-3145

Bug: https://curl.haxx.se/docs/adv_20150422C.html
Bug: https://www.curl.se/docs/adv_20150422C.html
Reported-by: Hanno Böck
---
lib/cookie.c | 12 +++++++-----
Expand Down
2 changes: 1 addition & 1 deletion CVE-2015-3148.patch
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ requests would also be authenticated per request.

CVE-2015-3148

Bug: https://curl.haxx.se/docs/adv_20150422B.html
Bug: https://www.curl.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
---
lib/http.c | 8 +++++++-
Expand Down
4 changes: 2 additions & 2 deletions CVE-2015-3153.patch
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Subject: [PATCH] CURLOPT_HEADEROPT: default to separate
Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.

Bug: https://curl.haxx.se/docs/adv_20150429.html
Bug: https://www.curl.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
---
docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------
Expand All @@ -31,7 +31,7 @@ index be96d7d..7776b92 100644
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at https://curl.haxx.se/docs/copyright.html.
.\" * are also available at https://www.curl.se/docs/copyright.html.
.\" *
@@ -29,24 +29,24 @@ CURLOPT_HEADEROPT \- set how to send HTTP headers
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HEADEROPT, long bitmask);
Expand Down
2 changes: 1 addition & 1 deletion CVE-2015-3236.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ CVE-2015-3236

This partially reverts commit curl-7_39_0-237-g87c4abb

Bug: https://curl.haxx.se/docs/adv_20150617A.html
Bug: https://www.curl.se/docs/adv_20150617A.html
---
lib/http.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
Expand Down
2 changes: 1 addition & 1 deletion CVE-2015-3237.patch
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ CVE-2015-3237

Detected by Coverity. CID 1299430.

Bug: https://curl.haxx.se/docs/adv_20150617B.html
Bug: https://www.curl.se/docs/adv_20150617B.html
---
lib/smb.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-0754_v3_curl-7.24.0_to_7.39.0.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

Bug: https://curl.haxx.se/docs/adv_20160127B.html
Bug: https://www.curl.se/docs/adv_20160127B.html

Instructions
------------
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-0754_v3_curl-7.40.0_to_7.46.0.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

Bug: https://curl.haxx.se/docs/adv_20160127B.html
Bug: https://www.curl.se/docs/adv_20160127B.html

Instructions
------------
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-0754_v3_curl-7.47.0.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

Bug: https://curl.haxx.se/docs/adv_20160127B.html
Bug: https://www.curl.se/docs/adv_20160127B.html

Instructions
------------
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-0755.patch
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ curl -v -x http://proxy:port http://host/ -U good_user:good_pwd

CVE-2016-0755

Bug: https://curl.haxx.se/docs/adv_20160127A.html
Bug: https://www.curl.se/docs/adv_20160127A.html
---
lib/url.c | 62 ++++++++++++++++++++++++++++++++++++++++----------------------
1 file changed, 40 insertions(+), 22 deletions(-)
Expand Down
4 changes: 2 additions & 2 deletions CVE-2016-3739.patch
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ wasn't used or when connecting to an IP address specified host.

CVE-2016-3739

Bug: https://curl.haxx.se/docs/adv_20160518A.html
Bug: https://www.curl.se/docs/adv_20160518A.html
Reported-by: Moti Avrahami
---
lib/vtls/mbedtls.c | 13 ++++++-------
Expand Down Expand Up @@ -60,7 +60,7 @@ index 6c7a786..061ea3f 100644
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
* are also available at https://www.curl.se/docs/copyright.html.
@@ -352,17 +352,16 @@ polarssl_connect_step1(struct connectdata *conn,
conn->host.name);

Expand Down
10 changes: 5 additions & 5 deletions CVE-2016-4802.patch
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Subject: [PATCH] loadlibrary: Only load system DLLs from the system directory

Inspiration provided by: Daniel Stenberg and Ray Satiro

Bug: https://curl.haxx.se/docs/adv_20160530.html
Bug: https://www.curl.se/docs/adv_20160530.html

Ref: Windows DLL hijacking with curl, CVE-2016-4802
---
Expand Down Expand Up @@ -65,7 +65,7 @@ index d6c815e..b4cb229 100644
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.haxx.se/docs/copyright.html.
# are also available at https://www.curl.se/docs/copyright.html.
#
@@ -614,10 +614,11 @@ X_OBJS= \
$(DIROBJ)\socks_gssapi.obj \
Expand Down Expand Up @@ -94,7 +94,7 @@ index 04eac48..54bbef6 100644
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
* are also available at https://www.curl.se/docs/copyright.html.
*
@@ -25,10 +25,11 @@
#ifdef USE_WINDOWS_SSPI
Expand Down Expand Up @@ -141,7 +141,7 @@ index 0000000..73d30b4
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://www.curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
Expand Down Expand Up @@ -279,7 +279,7 @@ index 0000000..dec1889
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ * are also available at https://www.curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-5419.patch
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Date: Fri, 1 Jul 2016 13:32:31 +0200
Subject: [PATCH] TLS: switch off SSL session id when client cert is used

CVE-2016-5419
Bug: https://curl.haxx.se/docs/adv_20160803A.html
Bug: https://www.curl.se/docs/adv_20160803A.html
Reported-by: Bru Rom
Contributions-by: Eric Rescorla and Ray Satiro
---
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-5420.patch
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Date: Sun, 31 Jul 2016 00:51:48 +0200
Subject: [PATCH] TLS: only reuse connections with the same client cert

CVE-2016-5420
Bug: https://curl.haxx.se/docs/adv_20160803B.html
Bug: https://www.curl.se/docs/adv_20160803B.html
---
lib/vtls/vtls.c | 1 +
1 file changed, 1 insertion(+)
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-5421.patch
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2016-5421
Bug: https://curl.haxx.se/docs/adv_20160803C.html
Bug: https://www.curl.se/docs/adv_20160803C.html
Reported-by: Marcelo Echeverria and Fernando Muñoz
---
lib/multi.c | 2 ++
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-7167.patch
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 8 Sep 2016 22:59:54 +0200
Subject: [PATCH] CVE-2016-7167: deny negative string length inputs

Bug: https://curl.haxx.se/docs/adv_20160914.html
Bug: https://www.curl.se/docs/adv_20160914.html
---
lib/escape.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-8615.patch
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ Subject: [PATCH] cookie: replace use of fgets() with custom version

CVE-2016-8615

Bug: https://curl.haxx.se/docs/adv_20161102A.html
Bug: https://www.curl.se/docs/adv_20161102A.html
Reported-by: Cure53
---
lib/cookie.c | 31 ++++++++++++++++++++++++++++++-
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-8616.patch
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Subject: [PATCH] connectionexists: use case sensitive user/password

CVE-2016-8616

Bug: https://curl.haxx.se/docs/adv_20161102B.html
Bug: https://www.curl.se/docs/adv_20161102B.html
Reported-by: Cure53
---
lib/url.c | 12 ++++++------
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-8617.patch
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Subject: [PATCH] base64: check for integer overflow on large input

CVE-2016-8617

Bug: https://curl.haxx.se/docs/adv_20161102C.html
Bug: https://www.curl.se/docs/adv_20161102C.html
Reported-by: Cure53
---
lib/base64.c | 5 +++++
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-8618.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ bytes and crash.

CVE-2016-8618

Bug: https://curl.haxx.se/docs/adv_20161102D.html
Bug: https://www.curl.se/docs/adv_20161102D.html
Reported-by: Cure53
---
lib/mprintf.c | 9 ++++++---
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-8619.patch
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ and then there's a second free in the cleanup path.

CVE-2016-8619

Bug: https://curl.haxx.se/docs/adv_20161102E.html
Bug: https://www.curl.se/docs/adv_20161102E.html
Reported-by: Cure53
---
lib/security.c | 9 ++++++---
Expand Down
2 changes: 1 addition & 1 deletion CVE-2016-8620.patch
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ Content-Transfer-Encoding: 8bit

CVE-2016-8620

Bug: https://curl.haxx.se/docs/adv_20161102F.html
Bug: https://www.curl.se/docs/adv_20161102F.html
Reported-by: Luật Nguyễn
---
src/tool_urlglob.c | 7 +++++++
Expand Down
6 changes: 3 additions & 3 deletions CVE-2016-8621.patch
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Content-Transfer-Encoding: 8bit

CVE-2016-8621

bug: https://curl.haxx.se/docs/adv_20161102G.html
bug: https://www.curl.se/docs/adv_20161102G.html
Reported-by: Luật Nguyễn
---
lib/parsedate.c | 12 +++++++-----
Expand All @@ -33,7 +33,7 @@ index dfcf855..8e932f4 100644
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
* are also available at https://www.curl.se/docs/copyright.html.
*
@@ -384,19 +384,21 @@ static int parsedate(const char *date, time_t *output)
}
Expand Down Expand Up @@ -97,7 +97,7 @@ index 2f68ebd..22162ff 100644
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.haxx.se/docs/copyright.html.
* are also available at https://www.curl.se/docs/copyright.html.
*
@@ -114,10 +114,16 @@ static const char * const dates[]={
"20110632 12:34:56",
Expand Down
Loading

0 comments on commit ed28b28

Please sign in to comment.