33e819d7 | 15-May-2022 |
Tatsuhiro Tsujikawa |
ngtcp2: Fix alert_read_func return value Closes #8852 |
8540f954 | 14-May-2022 |
Harry Sintonen |
Curl_parsenetrc: don't access local pwbuf outside of scope Accessing local variables outside of the scope is forbidden and depending on the compiler can result in the value being ove
Curl_parsenetrc: don't access local pwbuf outside of scope Accessing local variables outside of the scope is forbidden and depending on the compiler can result in the value being overwritten. Fixed by moving the pwbuf to be in scope. Closes #8850
show more ...
|
64a4bb6c | 16-May-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced and bump curlver to 7.83.2 for now (but likely to become 7.84.0 soon) |
bda0d5fb | 14-May-2022 |
Frazer Smith |
ci: update github actions - bump actions/checkout from 2 to 3 - bump actions/upload-artifact from 1 to 3 - bump github/codeql-actions from 1 to 2 - use version tag for actions/ch
ci: update github actions - bump actions/checkout from 2 to 3 - bump actions/upload-artifact from 1 to 3 - bump github/codeql-actions from 1 to 2 - use version tag for actions/checkout Closes #8843
show more ...
|
52273679 | 14-May-2022 |
Daniel Stenberg |
test1919: verify CURLOPT_XOAUTH2_BEARER leak fix |
06d12105 | 14-May-2022 |
Daniel Stenberg |
url: free old conn better on reuse Make use of conn_free() better and avoid duplicate code. Reported-by: Andrea Pappacoda Fixes #8841 Closes #8842 |
a61eac62 | 09-May-2022 |
Jay Satiro |
FAQ: Clarify Windows double quote usage - Windows command prompt doesn't use literal quoting via single quotes. - Windows command prompt inner double quotes are escaped with a
FAQ: Clarify Windows double quote usage - Windows command prompt doesn't use literal quoting via single quotes. - Windows command prompt inner double quotes are escaped with a backslash. - Windows powershell does use single quotes but curl is not a powershell script so the arguments may not be passed on correctly. - Windows powershell inner double quotes seems can be passed to curl if the outer quotes are double quotes and an escape of backslash-backtick is used. Command prompt example: ~~~ getargs -v -d "\"a\"" argv[0]: getargs argv[1]: -v argv[2]: -d argv[3]: "a" ~~~ Ref: https://github.com/curl/curl/issues/8818 Ref: https://gist.github.com/jay/19aba48653bd591cf4b90eb9249a302c Reported-by: KotlinIsland@users.noreply.github.com Closes https://github.com/curl/curl/pull/8823
show more ...
|
d56270cb | 12-May-2022 |
Daniel Stenberg |
github/workflows/nss: apt update first Fix "libnss3-dev_3.49.1-1ubuntu1.6_amd64.deb 404 Not Found" Closes #8837 |
1ddc8aef | 12-May-2022 |
Daniel Stenberg |
page-footer: mention exit code zero too Success (zero) is also an "exit code" worth mentioning. Closes #8833 |
f1cdeff3 | 12-May-2022 |
Daniel Gustafsson |
gssapi: initialize gss_buffer_desc strings Explicitly initialize gss_buffer_desc strings such that a call to freeing resources will succeed even if no data has been allocated to it.
gssapi: initialize gss_buffer_desc strings Explicitly initialize gss_buffer_desc strings such that a call to freeing resources will succeed even if no data has been allocated to it. Reported-by: Jay Satiro <raysatiro@yahoo.com>
show more ...
|
7360f9a5 | 12-May-2022 |
Daniel Gustafsson |
gssapi: improve handling of errors from gss_display_status In case gss_display_status() returns an error, avoid trying to add it to the buffer as the message may well be a NULL pointer.
gssapi: improve handling of errors from gss_display_status In case gss_display_status() returns an error, avoid trying to add it to the buffer as the message may well be a NULL pointer. Originally this fix comes from a discussion in issue #8816. Closes: #8832 Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
show more ...
|
f9bc378a | 06-May-2022 |
steini2000 <36340755+steini2000@users.noreply.github.com> |
http2: always debug print stream id in decimal with %u Prior to this change the stream id shown could be hex or decimal which was inconsistent and confusing. Closes https://gith
http2: always debug print stream id in decimal with %u Prior to this change the stream id shown could be hex or decimal which was inconsistent and confusing. Closes https://github.com/curl/curl/pull/8808
show more ...
|
9494cdc3 | 11-May-2022 |
Kamil Dudka |
url: remove redundant #ifdefs in allocate_conn() No change in behavior intended by this commit. |
75e90359 | 11-May-2022 |
Fabian Keil |
tests 266, 116 and 1540: add a small write delay This makes it more likely that the trailer is received seperately from the last-chunk. curl doesn't seem to care about this but
tests 266, 116 and 1540: add a small write delay This makes it more likely that the trailer is received seperately from the last-chunk. curl doesn't seem to care about this but it makes the tests more useful when testing external proxies like Privoxy.
show more ...
|
9e6ec8b6 | 11-May-2022 |
Fabian Keil |
tests 1117,1238,1523: adjust writedelay servercmds ... so the delays are the same now that the unit is in milliseconds. |
fc3a0a87 | 11-May-2022 |
Fabian Keil |
tests/server/sws.c: change the HTTP writedelay unit to milliseconds This allows to use write delays for large responses without resulting in the test taking an unreasonable amount of tim
tests/server/sws.c: change the HTTP writedelay unit to milliseconds This allows to use write delays for large responses without resulting in the test taking an unreasonable amount of time. In many cases delaying writes by a whole second or more isn't necessary for the desired effect. Closes #8827
show more ...
|
37f892fb | 11-May-2022 |
Daniel Gustafsson |
aws-sigv4: fix potentional NULL pointer arithmetic We need to check if the strchr() call returns NULL (due to missing char) before we use the returned value in arithmetic. There is no
aws-sigv4: fix potentional NULL pointer arithmetic We need to check if the strchr() call returns NULL (due to missing char) before we use the returned value in arithmetic. There is no live bug here, but fixing it before it can become for hygiene. Closes: #8814 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
fdb5e21b | 10-May-2022 |
Daniel Stenberg |
quiche: support ca-fallback Follow-up to b01f3e679f4c1ea3 which added this for ngtcp2/openssl Removed from KNOWN_BUGS Fixes #8696 Closes #8830 |
bcf03dd2 | 11-May-2022 |
Daniel Gustafsson |
x509asn1: mark msnprintf return as unchecked We have lots of unchecked msnprintf calls, and this particular msnprintf call isn't more interesting than the others, but this one yields a C
x509asn1: mark msnprintf return as unchecked We have lots of unchecked msnprintf calls, and this particular msnprintf call isn't more interesting than the others, but this one yields a Coverity warning so let's implicitly silence it. Going over the other invocations is probably a worthwhile project, but for now let's keep the static analyzers happy. Closes: #8831 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
462196e6 | 11-May-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced curl 7.83.1 release |
7fb6c9ba | 11-May-2022 |
Daniel Stenberg |
THANKS: added contributors from 7.83.1 |
3be1e9c6 | 10-May-2022 |
Daniel Stenberg |
zuul: fix the ngtcp2-gnutls build Add packages and tweak the configure options. Use the GnuTLS 3.7.4 branch (not main). Closes #8829 |
b01f3e67 | 09-May-2022 |
Tatsuhiro Tsujikawa |
ngtcp2: add ca-fallback support for OpenSSL backend Closes #8828 |
1645e9b4 | 09-May-2022 |
Daniel Stenberg |
url: check SSH config match on connection reuse CVE-2022-27782 Reported-by: Harry Sintonen Bug: https://curl.se/docs/CVE-2022-27782.html Closes #8825 |
f18af4f8 | 09-May-2022 |
Daniel Stenberg |
tls: check more TLS details for connection reuse CVE-2022-27782 Reported-by: Harry Sintonen Bug: https://curl.se/docs/CVE-2022-27782.html Closes #8825 |