History log of /curl/ (Results 4976 – 5000 of 33763)
Revision (<<< Hide revision tags) (Show revision tags >>>)Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
50efb08228-Jun-2022 Daniel Stenberg

easy_lock: switch to using atomic_int instead of bool

To work with more compilers without requiring separate libs to
link. Like with gcc-12 for RISC-V on Linux.

Reported-by: Ada

easy_lock: switch to using atomic_int instead of bool

To work with more compilers without requiring separate libs to
link. Like with gcc-12 for RISC-V on Linux.

Reported-by: Adam Sampson
Fixes #9055
Closes #9061

show more ...

e631f6e127-Jun-2022 vvb2060

ngtcp2: fix incompatible function pointer types

Closes #9056

5a1a892527-Jun-2022 vvb2060

easy_lock.h: use __asm__ instead of asm to fix build

Closes #9056

aa34135e27-Jun-2022 Samuel Henrique

libcurl-security.3: fix typo on macro "SH_"

During the packaging of the latest curl release for Debian, Lintian
warned me about a typo which causes the section name "Secrets in memory"

libcurl-security.3: fix typo on macro "SH_"

During the packaging of the latest curl release for Debian, Lintian
warned me about a typo which causes the section name "Secrets in memory"
to not be rendered in the manpage due to "SH_" not being recognized as a
header.

Closes #9057

show more ...

e2e7f54b27-Jun-2022 Daniel Stenberg

easy_lock.h: include sched.h if available to fix build

Patched-by: Harry Sintonen

Closes #9054

45ac4d0127-Jun-2022 Daniel Stenberg

RELEASE-NOTES: synced

Version 7.84.0 release

4924875727-Jun-2022 Daniel Stenberg

THANKS: contributors from 7.84.0 release notes

d64115d725-May-2022 Daniel Stenberg

hsts: use Curl_fopen()

fab970a525-May-2022 Daniel Stenberg

altsvc: use Curl_fopen()

20f9dd6b25-May-2022 Daniel Stenberg

fopen: add Curl_fopen() for better overwriting of files

Bug: https://curl.se/docs/CVE-2022-32207.html
CVE-2022-32207
Reported-by: Harry Sintonen
Closes #9050

46f8911d26-Jun-2022 Daniel Stenberg

test444: test many received Set-Cookie:

The amount of sent cookies in the test is limited to 80 because hyper
has its own strict limits in how many headers it allows to be received
w

test444: test many received Set-Cookie:

The amount of sent cookies in the test is limited to 80 because hyper
has its own strict limits in how many headers it allows to be received
which triggers at some point beyond this number.

show more ...

ff2b2bcf26-Jun-2022 Daniel Stenberg

test442/443: test cookie caps

442 - verify that only 150 cookies are sent
443 - verify that the cookie: header remains less than 8K in size

48d7064a26-Jun-2022 Daniel Stenberg

cookie: apply limits

- Send no more than 150 cookies per request
- Cap the max length used for a cookie: header to 8K
- Cap the max number of received Set-Cookie: headers to 50

cookie: apply limits

- Send no more than 150 cookies per request
- Cap the max length used for a cookie: header to 8K
- Cap the max number of received Set-Cookie: headers to 50

Bug: https://curl.se/docs/CVE-2022-32205.html
CVE-2022-32205
Reported-by: Harry Sintonen
Closes #9048

show more ...

7230b19a16-May-2022 Daniel Stenberg

test387: verify rejection of compression chain attack

3a09fbb716-May-2022 Daniel Stenberg

content_encoding: return error on too many compression steps

The max allowed steps is arbitrarily set to 5.

Bug: https://curl.se/docs/CVE-2022-32206.html
CVE-2022-32206
Repo

content_encoding: return error on too many compression steps

The max allowed steps is arbitrarily set to 5.

Bug: https://curl.se/docs/CVE-2022-32206.html
CVE-2022-32206
Reported-by: Harry Sintonen
Closes #9049

show more ...

6ecdf51309-Jun-2022 Daniel Stenberg

krb5: return error properly on decode errors

Bug: https://curl.se/docs/CVE-2022-32208.html
CVE-2022-32208
Reported-by: Harry Sintonen
Closes #9051

2b67a0a123-Jun-2022 Daniel Stenberg

easy_lock.h: remove use of the deprecated ATOMIC_VAR_INIT macro

clang 14 warns about its use. It is being deprecated by the working
group for the programming language C: "The macro ATOMI

easy_lock.h: remove use of the deprecated ATOMIC_VAR_INIT macro

clang 14 warns about its use. It is being deprecated by the working
group for the programming language C: "The macro ATOMIC_VAR_INIT is
basically useless for the purpose for which it was designed"

Ref: https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2886.htm

Reported-by: Tatsuhiro Tsujikawa
Fixes #9041
Closes #9042

show more ...

8135d42022-Jun-2022 Stefan Eissing

ngtcp2: avoid supplying 0 length `msg_control` to sendmsg()

Testing on macOS 12.4, sendmsg() fails with EINVAL when a msg_control
buffer is provided in sengmsg(), even though msg_control

ngtcp2: avoid supplying 0 length `msg_control` to sendmsg()

Testing on macOS 12.4, sendmsg() fails with EINVAL when a msg_control
buffer is provided in sengmsg(), even though msg_controllen was set to
0.

Initialize msg.msg_controllen just as needed and also perform the size
assertion only when needed.

Closes #9039

show more ...

71bbabb123-Jun-2022 Tom Eccles

ftp: restore protocol state after http proxy CONNECT

connect_init() (lib/http_proxy.c) swaps out the protocol state while
working on the proxy connection, this is then restored by
Cu

ftp: restore protocol state after http proxy CONNECT

connect_init() (lib/http_proxy.c) swaps out the protocol state while
working on the proxy connection, this is then restored by
Curl_connect_done() after the connection completes.

ftp_do_more() extracted the protocol state pointer to a local variable
at the start of the function then calls Curl_proxy_connect(). If the proxy
connection completes, Curl_proxy_connect() will call Curl_connect_done()
(via Curl_proxyCONNECT()), which restores data->req.p to point to the ftp
protocol state instead of the http proxy protocol state, but the local
variable in ftp_do_more still pointed to the old value.

Ultimately this meant that the state worked on by ftp_do_more() was the
http proxy state not the ftp state initialised by ftp_connect(), but
subsequent calls to any ftp_ function would use the original state.

For my use-case, the visible consequence was that ftp->downloadsize was
never set and so downloaded data was never returned to the application.

This commit updates the ftp protocol state pointer in ftp_do_more() after
Curl_proxy_connect() returns, ensuring that the correct state pointer is
used.

Fixes #8737
Closes #9043

show more ...

f3a7781523-Jun-2022 Jay Satiro

THANKS: add contributor missing from aea8ac1

aea8ac1 fixed #8980 which was reported by Sgharat on github, but that
info was not included in the commit message.

3733717522-Jun-2022 Jay Satiro

curl_setup: include _mingw.h

Prior to this change _mingw.h needed to be included in each unit before
evaluating __MINGW{32,64}_xxx_VERSION macros since it defines them. It
is include

curl_setup: include _mingw.h

Prior to this change _mingw.h needed to be included in each unit before
evaluating __MINGW{32,64}_xxx_VERSION macros since it defines them. It
is included only in some mingw headers (eg stdio.h) and not others
(eg windows.h) so it's better to explicitly include it once.

Closes https://github.com/curl/curl/pull/9036

show more ...

70adb81c22-Jun-2022 Viktor Szakats

rand: stop detecting /dev/urandom in cross-builds

- Prevent CMake to auto-detect /dev/urandom when cross-building.
Before this patch, it would detect it in a cross-build scenario on *n

rand: stop detecting /dev/urandom in cross-builds

- Prevent CMake to auto-detect /dev/urandom when cross-building.
Before this patch, it would detect it in a cross-build scenario on *nix
hosts with this device present. This was a problem for example with
Windows builds, but it could affect any target system with this device
missing. This also syncs detection behaviour with autotools, which also
skips it for cross-builds.
- Also, make sure to never use the file RANDOM_FILE as entropy for libcurl's
fallback random number generator on Windows. Windows does not have the
concept of reading a random stream from a filename, nor any guaranteed
non-world-writable path on disk. With this, a manual misconfiguration or
an overeager auto-detection can no longer result in a user-controllable
seed source.

Reviewed-by: Daniel Stenberg
Closes #9038

show more ...

79f915e815-Jun-2022 Emanuele Torre

ci: avoid `cmake -Hpath`

This is an undocumented option similar to the `-Spath' option introduced
in cmake 3.13.
Replace all instances of `-Hpath' with `-Spath' in macos workflow.

ci: avoid `cmake -Hpath`

This is an undocumented option similar to the `-Spath' option introduced
in cmake 3.13.
Replace all instances of `-Hpath' with `-Spath' in macos workflow.
Replace `-H. -Bpath' with `mkdir path; cd ./path; cmake ..' in zuul
scripts since it runs an older version of cmake.

Fixes #9008
Closes #9014

show more ...

8b83fbfe22-Jun-2022 Daniel Stenberg

INTERNALS: bring back the "Library symbols" section

Most contents was moved, but this text should remain here.

Follow-up to: d324ac8
Reported-by: Viktor Szakats
Bug: https:/

INTERNALS: bring back the "Library symbols" section

Most contents was moved, but this text should remain here.

Follow-up to: d324ac8
Reported-by: Viktor Szakats
Bug: https://github.com/curl/curl/pull/9027#discussion_r903382326
Closes #9037

show more ...

6c501cb622-Jun-2022 Viktor Szakats

Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]

Since this [1] commit in 2011, `_WIN32_WINNT` was set fixed to Windows
XP when the `-ipv6` option is selected. Maybe this

Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]

Since this [1] commit in 2011, `_WIN32_WINNT` was set fixed to Windows
XP when the `-ipv6` option is selected. Maybe this was added to support
pre-XP Windows versions (?). These days libcurl builds fine for both XP
and post-XP versions with IPv6 support enabled. The relevance of pre-XP
version is also low by now. Other build methods also do not impose such
limitation for a similar configuration. So, drop this hard-wired
`_WIN32_WINNT` limit from `Makefile.m32`, thus building for the default
Windows version set by the compiler. This is Vista for recent MinGW
versions.

Old behaviour can be restored by setting this envvar:
export CURL_CFLAG_EXTRAS=-D_WIN32_WINNT=0x0501

[1] 98a61d8e2e8982786aaf3916cbbcac96838316e7

Closes #9035

show more ...

1...<<191192193194195196197198199200>>...1351