#
cfe79021 |
| 08-Jan-2024 |
Daniel Stenberg |
lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT Closes #12658
|
#
e9a7d4a1 |
| 21-Nov-2023 |
Viktor Szakats |
windows: use built-in `_WIN32` macro to detect Windows Windows compilers define `_WIN32` automatically. Windows SDK headers or build env defines `WIN32`, or we have to take care of it. T
windows: use built-in `_WIN32` macro to detect Windows Windows compilers define `_WIN32` automatically. Windows SDK headers or build env defines `WIN32`, or we have to take care of it. The agreement seems to be that `_WIN32` is the preferred practice here. Make the source code rely on that to detect we're building for Windows. Public `curl.h` was using `WIN32`, `__WIN32__` and `CURL_WIN32` for Windows detection, next to the official `_WIN32`. After this patch it only uses `_WIN32` for this. Also, make it stop defining `CURL_WIN32`. There is a slight chance these break compatibility with Windows compilers that fail to define `_WIN32`. I'm not aware of any obsolete or modern compiler affected, but in case there is one, one possible solution is to define this macro manually. grepping for `WIN32` remains useful to discover Windows-specific code. Also: - extend `checksrc` to ensure we're not using `WIN32` anymore. - apply minor formatting here and there. - delete unnecessary checks for `!MSDOS` when `_WIN32` is present. Co-authored-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes #12376
show more ...
|
#
84338c4d |
| 15-Nov-2023 |
Viktor Szakats |
build: add more picky warnings and fix them Enable more picky compiler warnings. I've found these options in the nghttp3 project when implementing the CMake quick picky warning funct
build: add more picky warnings and fix them Enable more picky compiler warnings. I've found these options in the nghttp3 project when implementing the CMake quick picky warning functionality for it [1]. `-Wunused-macros` was too noisy to keep around, but fixed a few issues it revealed while testing. - autotools: reflect the more precisely-versioned clang warnings. Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324 - autotools: sync between clang and gcc the way we set `no-multichar`. - autotools: avoid setting `-Wstrict-aliasing=3` twice. - autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2]. It triggers in libtool-generated stub code. - lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch. - lib/curl_setup.h: delete duplicate declaration for `fileno`. Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d (1999-12-29). This suggests this may not be needed anymore, but if it does, we may restore this for those specific (non-Windows) systems. - lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394. - lib: delete unused macro `isxdigit_ascii` since f65f750742068f579f4ee6d8539ed9d5f0afcb85. - lib/mqtt: delete unused macro `MQTT_HEADER_LEN`. - lib/multi: delete unused macro `SH_READ`/`SH_WRITE`. - lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN` macro. - lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`. - lib/rand: fix `-Wunreachable-code` and related fallouts [3]. - lib/setopt: fix `-Wunreachable-code-break`. - lib/system_win32 and lib/timeval: fix double declarations for `Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4]. - lib/warnless: fix double declarations in CMake UNITY mode [5]. This was due to force-disabling the header guard of `warnless.h` to to reapply it to source code coming after `warnless.c` in UNITY builds. This reapplied declarations too, causing the warnings. Solved by adding a header guard for the lines that actually need to be reapplied. - lib/vauth/digest: fix `-Wunreachable-code-break` [6]. - lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant block. - lib/vtls/sectransp: fix `-Wunreachable-code-break` [7]. - lib/vtls/sectransp: suppress `-Wunreachable-code`. Detected in `else` branches of dynamic feature checks, with results known at compile-time, e.g. ```c if(SecCertificateCopySubjectSummary) /* -> true */ ``` Likely fixable as a separate micro-project, but given SecureTransport is deprecated anyway, let's just silence these locally. - src/tool_help: delete duplicate declaration for `helptext`. - src/tool_xattr: fix `-Wunreachable-code`. - tests: delete duplicate declaration for `unitfail` [8]. - tests: delete duplicate declaration for `strncasecompare`. - tests/libtest: delete duplicate declaration for `gethostname`. Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7 (2010-08-02). Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc If there are still systems around with warnings, we may restore the prototype, but limited for those systems. - tests/lib2305: delete duplicate declaration for `libtest_debug_config`. - tests/h2-download: fix `-Wunreachable-code-break`. [1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake [2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjauiqla5fj45?fullLog=true#L1675 [3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=12331#step:7:72 https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=12331#step:7:109 [4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L204 [5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L218 [6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=12331#step:7:290 [7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=12331#step:9:1193 [8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=12331#step:33:1870 Closes #12331
show more ...
|
#
7925ba43 |
| 05-Nov-2023 |
Viktor Szakats |
rand: fix build error with autotools + LibreSSL autotools unexpectedly detects `arc4random` because it is also looking into dependency libs. One dependency, LibreSSL, happens to publish
rand: fix build error with autotools + LibreSSL autotools unexpectedly detects `arc4random` because it is also looking into dependency libs. One dependency, LibreSSL, happens to publish an `arc4random` function (via its shared lib before v3.7, also via static lib as of v3.8.2). When trying to use this function in `lib/rand.c`, its protoype is missing. To fix that, curl included a prototype, but that used a C99 type without including `stdint.h`, causing: ``` ../../lib/rand.c:37:1: error: unknown type name 'uint32_t' 37 | uint32_t arc4random(void); | ^ 1 error generated. ``` This patch improves this by dropping the local prototype and instead limiting `arc4random` use for non-OpenSSL builds. OpenSSL builds provide their own random source anyway. The better fix would be to teach autotools to not link dependency libs while detecting `arc4random`. LibreSSL publishing a non-namespaced `arc4random` tracked here: https://github.com/libressl/portable/issues/928 Regression from 755ddbe901cd0c921fbc3ac5b3775c0dc683bc73 #10672 Reviewed-by: Daniel Stenberg Fixes #12257 Closes #12274
show more ...
|
#
91878ebe |
| 29-Sep-2023 |
Daniel Stenberg |
lib: provide and use Curl_hexencode Generates a lower case ASCII hex output from a binary input. Closes #11990
|
#
38029101 |
| 08-Aug-2023 |
Viktor Szakats |
mingw: delete support for legacy mingw.org toolchain Drop support for "old" / "legacy" / "classic" / "v1" / "mingw32" MinGW: https://en.wikipedia.org/wiki/MinGW, https://osdn.net/proje
mingw: delete support for legacy mingw.org toolchain Drop support for "old" / "legacy" / "classic" / "v1" / "mingw32" MinGW: https://en.wikipedia.org/wiki/MinGW, https://osdn.net/projects/mingw/ Its homepage used to be http://mingw.org/ [no HTTPS], and broken now. It supported the x86 CPU only and used a old Windows API header and implib set, often causing issues. It also misses most modern Windows features, offering old versions of both binutils and gcc (no llvm/clang support). It was last updated 2 years ago. curl now relies on toolchains based on the mingw-w64 project: https://www.mingw-w64.org/ https://sourceforge.net/projects/mingw-w64/ https://www.msys2.org/ https://github.com/msys2/msys2 https://github.com/mstorsjo/llvm-mingw (Also available via Linux and macOS package managers.) Closes #11625
show more ...
|
#
706eff9f |
| 16-Sep-2023 |
Daniel Stenberg |
rand: fix 'alnum': array is too small to include a terminating null character It was that small on purpose, but this change now adds the null byte to avoid the error. Follow-up
rand: fix 'alnum': array is too small to include a terminating null character It was that small on purpose, but this change now adds the null byte to avoid the error. Follow-up to 3aa3cc9b052353b1 Reported-by: Dan Fandrich Ref: #11838 Closes #11870
show more ...
|
#
3aa3cc9b |
| 12-Sep-2023 |
Harry Sintonen |
misc: better random strings Generate alphanumerical random strings. Prior this change curl used to create random hex strings. This was mostly okay, but having alphanumerical ran
misc: better random strings Generate alphanumerical random strings. Prior this change curl used to create random hex strings. This was mostly okay, but having alphanumerical random strings is better: The strings have more entropy in the same space. The MIME multipart boundary used to be mere 64-bits of randomness due to being 16 hex chars. With these changes the boundary is 22 alphanumerical chars, or little over 130 bits of randomness. Closes #11838
show more ...
|
#
78d6232f |
| 07-Aug-2023 |
Daniel Stenberg |
gskit: remove We remove support for building curl with gskit. - This is a niche TLS library, only running on some IBM systems - no regular curl contributors use this backend
gskit: remove We remove support for building curl with gskit. - This is a niche TLS library, only running on some IBM systems - no regular curl contributors use this backend - no CI builds use or verify this backend - gskit, or the curl adaption for it, lacks many modern TLS features making it an inferior solution - build breakages in this code take weeks or more to get detected - fixing gskit code is mostly done "flying blind" This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has been mentioned on the curl-library mailing list. It could be brought back, this is not a ban. Given proper effort and will, gskit support is welcome back into the curl TLS backend family. Closes #11460
show more ...
|
#
e12b39e1 |
| 03-Aug-2023 |
Stefan Eissing |
trace: make tracing available in non-debug builds Add --trace-config to curl Add curl_global_trace() to libcurl Closes #11421
|
#
a97e4eb9 |
| 24-Apr-2023 |
Daniel Stenberg |
socketpair: verify with a random value ... instead of using the curl time struct, since it would use a few uninitialized bytes and the sanitizers would complain. This is a neater app
socketpair: verify with a random value ... instead of using the curl time struct, since it would use a few uninitialized bytes and the sanitizers would complain. This is a neater approach I think. Reported-by: Boris Kuschel Fixes #10993 Closes #11015
show more ...
|
#
755ddbe9 |
| 04-Mar-2023 |
Harry Sintonen |
rand: use arc4random as fallback when available Normally curl uses cryptographically strong random provided by the selected SSL backend. If compiled without SSL support, a naive built-in
rand: use arc4random as fallback when available Normally curl uses cryptographically strong random provided by the selected SSL backend. If compiled without SSL support, a naive built-in function was used instead. Generally this was okay, but it will result in some downsides for non- SSL builds, such as predictable temporary file names. This change ensures that arc4random will be used instead, if available. Closes #10672
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
dafdb20a |
| 11-Nov-2022 |
Stefan Eissing |
lib: connection filters (cfilter) addition to curl: - general construct/destroy in connectdata - default implementations of callback functions - connect: cfilters for connect and
lib: connection filters (cfilter) addition to curl: - general construct/destroy in connectdata - default implementations of callback functions - connect: cfilters for connect and accept - socks: cfilter for socks proxying - http_proxy: cfilter for http proxy tunneling - vtls: cfilters for primary and proxy ssl - change in general handling of data/conn - Curl_cfilter_setup() sets up filter chain based on data settings, if none are installed by the protocol handler setup - Curl_cfilter_connect() boot straps filters into `connected` status, used by handlers and multi to reach further stages - Curl_cfilter_is_connected() to check if a conn is connected, e.g. all filters have done their work - Curl_cfilter_get_select_socks() gets the sockets and READ/WRITE indicators for multi select to work - Curl_cfilter_data_pending() asks filters if the have incoming data pending for recv - Curl_cfilter_recv()/Curl_cfilter_send are the general callbacks installed in conn->recv/conn->send for io handling - Curl_cfilter_attach_data()/Curl_cfilter_detach_data() inform filters and addition/removal of a `data` from their connection - adding vtl functions to prevent use of Curl_ssl globals directly in other parts of the code. Reviewed-by: Daniel Stenberg Closes #9855
show more ...
|
#
307b7543 |
| 17-Sep-2022 |
Daniel Stenberg |
misc: null-terminate Make use of this term consistently. Closes #9527
|
#
76172511 |
| 04-Jul-2022 |
Viktor Szakats |
windows: improve random source - Use the Windows API to seed the fallback random generator. This ensures to always have a random seed, even when libcurl is built with a vtls
windows: improve random source - Use the Windows API to seed the fallback random generator. This ensures to always have a random seed, even when libcurl is built with a vtls backend lacking a random generator API, such as rustls (experimental), GSKit and certain mbedTLS builds, or, when libcurl is built without a TLS backend. We reuse the Windows-specific random function from the Schannel backend. - Implement support for `BCryptGenRandom()` [1] on Windows, as a replacement for the deprecated `CryptGenRandom()` [2] function. It is used as the secure random generator for Schannel, and also to provide entropy for libcurl's fallback random generator. The new function is supported on Vista and newer via its `bcrypt.dll`. It is used automatically when building for supported versions. It also works in UWP apps (the old function did not). - Clear entropy buffer before calling the Windows random generator. This avoids using arbitrary application memory as entropy (with `CryptGenRandom()`) and makes sure to return in a predictable state when an API call fails. [1] https://docs.microsoft.com/windows/win32/api/bcrypt/nf-bcrypt-bcryptgenrandom [2] https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptgenrandom Closes #9027
show more ...
|
#
70adb81c |
| 22-Jun-2022 |
Viktor Szakats |
rand: stop detecting /dev/urandom in cross-builds - Prevent CMake to auto-detect /dev/urandom when cross-building. Before this patch, it would detect it in a cross-build scenario on *n
rand: stop detecting /dev/urandom in cross-builds - Prevent CMake to auto-detect /dev/urandom when cross-building. Before this patch, it would detect it in a cross-build scenario on *nix hosts with this device present. This was a problem for example with Windows builds, but it could affect any target system with this device missing. This also syncs detection behaviour with autotools, which also skips it for cross-builds. - Also, make sure to never use the file RANDOM_FILE as entropy for libcurl's fallback random number generator on Windows. Windows does not have the concept of reading a random stream from a filename, nor any guaranteed non-world-writable path on disk. With this, a manual misconfiguration or an overeager auto-detection can no longer result in a user-controllable seed source. Reviewed-by: Daniel Stenberg Closes #9038
show more ...
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
#
4ec0549c |
| 25-Apr-2022 |
Daniel Stenberg |
misc: update copyright year ranges
|
#
34bbf964 |
| 14-Apr-2022 |
Daniel Gustafsson |
infof: consistent capitalization of warning messages Ensure that all infof calls with a warning message are capitalized in the same way. At some point we should probably set up a style-
infof: consistent capitalization of warning messages Ensure that all infof calls with a warning message are capitalized in the same way. At some point we should probably set up a style- guide for infof but until then let's aim for a little consistenncy where we can. Closes: #8711 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
#
e7416cfd |
| 06-Jul-2021 |
Daniel Stenberg |
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes info
infof: remove newline from format strings, always append it - the data needs to be "line-based" anyway since it's also passed to the debug callback/application - it makes infof() work like failf() and consistency is good - there's an assert that triggers on newlines in the format string - Also removes a few instances of "..." - Removes the code that would append "..." to the end of the data *iff* it was truncated in infof() Closes #7357
show more ...
|
Revision tags: curl-7_76_1, curl-7_76_0, curl-7_75_0, curl-7_74_0 |
|
#
ac0a88fd |
| 05-Nov-2020 |
Daniel Stenberg |
copyright: fix year ranges Follow-up from 4d2f8006777
|
#
4d2f8006 |
| 04-Nov-2020 |
Daniel Stenberg |
curl.se: new home Closes #6172
|
Revision tags: curl-7_73_0, tiny-curl-7_72_0, curl-7_72_0, curl-7_71_1, curl-7_71_0, curl-7_70_0, curl-7_69_1, curl-7_69_0, curl-7_68_0, curl-7_67_0, curl-7_66_0, curl-7_65_3, curl-7_65_2, curl-7_65_1, curl-7_65_0 |
|
#
269f7df0 |
| 15-May-2019 |
Daniel Stenberg |
PolarSSL: deprecate support step 1. Removed from configure. Also removed mentions from most docs. Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html Closes #3888
|
Revision tags: curl-7_64_1, curl-7_64_0, curl-7_63_0, curl-7_62_0 |
|
#
75b94d77 |
| 27-Oct-2018 |
Daniel Stenberg |
rand: add comment to skip a clang-tidy false positive
|