| daab7b2b | 31-Jul-2020 |
Daniel Stenberg |
travis: add ppc64le and s390x builds
Closes #5752 |
| 633c9478 | 28-Jul-2020 |
Marc Hoersken |
connect: remove redundant message about connect failure
Reviewed-by: Daniel Stenberg
Closes #5708 |
| 3ee7c676 | 26-Jul-2020 |
Marc Hoersken |
tests/sshserver.pl: fix compatibility with OpenSSH for Windows
Follow up to #5721 |
| 0fc1b8bf | 24-Jul-2020 |
Marc Hoersken |
CI/azure: install libssh2 for use with msys2-based builds
This enables building and running the SFTP tests.
Unfortunately OpenSSH for Windows does not support SCP (yet).
Reviewe
CI/azure: install libssh2 for use with msys2-based builds
This enables building and running the SFTP tests.
Unfortunately OpenSSH for Windows does not support SCP (yet).
Reviewed-by: Daniel Stenberg
Closes #5721
show more ...
|
| e574f4fd | 28-Jul-2020 |
Marc Hoersken |
CI/azure: increase Windows job timeout once again
Avoid aborted jobs due to performance issues on Azure DevOps.
Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Clo
CI/azure: increase Windows job timeout once again
Avoid aborted jobs due to performance issues on Azure DevOps.
Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes #5738
show more ...
|
| 40909c40 | 30-Jul-2020 |
Jay Satiro |
TODO: Schannel: 'Add option to allow abrupt server closure'
We should offer an option to allow abrupt server closures (server closes
SSL transfer without sending a known termination poin
TODO: Schannel: 'Add option to allow abrupt server closure'
We should offer an option to allow abrupt server closures (server closes
SSL transfer without sending a known termination point such as length of
transfer or close_notify alert). Abrupt server closures are usually
because of misconfigured or very old servers.
Closes https://github.com/curl/curl/issues/4427
show more ...
|
| a12a1615 | 23-Jul-2020 |
Jay Satiro |
url: fix CURLU and location following
Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was
incorrectly used for the location follow, resulting in infinite requests
url: fix CURLU and location following
Prior to this change if the user set a URL handle (CURLOPT_CURLU) it was
incorrectly used for the location follow, resulting in infinite requests
to the original location.
Reported-by: sspiri@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/5709
Closes https://github.com/curl/curl/pull/5713
show more ...
|
| d8b8afe3 | 29-Jul-2020 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| be6d2f34 | 29-Jul-2020 |
divinity76 |
docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions
it helps make it obvious that most developers don't have to care about
the CURLM_CALL_MULTI_PERFORM value (last release using
docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions
it helps make it obvious that most developers don't have to care about
the CURLM_CALL_MULTI_PERFORM value (last release using it is nearly 11
years old, November 4 2009)
Closes #5744
show more ...
|
| 5f798916 | 29-Jul-2020 |
Jay Satiro |
tool_cb_wrt: fix outfile mode flags for Windows
- Use S_IREAD and S_IWRITE mode permission flags to create the file
on Windows instead of S_IRUSR, S_IWUSR, etc.
Windows only a
tool_cb_wrt: fix outfile mode flags for Windows
- Use S_IREAD and S_IWRITE mode permission flags to create the file
on Windows instead of S_IRUSR, S_IWUSR, etc.
Windows only accepts a combination of S_IREAD and S_IWRITE. It does not
acknowledge other combinations, for which it may generate an assertion.
This is a follow-up to 81b4e99 from yesterday, which improved the
existing file check with -J.
Ref: https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/open-wopen#remarks
Ref: https://github.com/curl/curl/pull/5731
Closes https://github.com/curl/curl/pull/5742
show more ...
|
| 2f72ad44 | 27-Jul-2020 |
Daniel Stenberg |
checksrc: ban gmtime/localtime
They're not thread-safe so they should not be used in libcurl code.
Explictly enabled when deemed necessary and in examples and tests
Reviewe
checksrc: ban gmtime/localtime
They're not thread-safe so they should not be used in libcurl code.
Explictly enabled when deemed necessary and in examples and tests
Reviewed-by: Nicolas Sterchele
Closes #5732
show more ...
|
| 5ae33997 | 27-Jul-2020 |
Daniel Stenberg |
transfer: fix data_pending for builds with both h2 and h3 enabled
Closes #5734 |
| abe59221 | 27-Jul-2020 |
Daniel Stenberg |
curl_multi_setopt: fix compiler warning "result is always false"
On systems with 32 bit long the expression is always false. Avoid
the warning.
Reported-by: Gisle Vanem
Bug:
curl_multi_setopt: fix compiler warning "result is always false"
On systems with 32 bit long the expression is always false. Avoid
the warning.
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/61a08508f6a458fe21bbb18cd2a9bac2f039452b#commitcomment-40941232
Closes #5736
show more ...
|
| 81b4e99b | 27-Jul-2020 |
Daniel Stenberg |
curl: improve the existing file check with -J
Previously a file that isn't user-readable but is user-writable would
not be properly avoided and would get overwritten.
Reported-b
curl: improve the existing file check with -J
Previously a file that isn't user-readable but is user-writable would
not be properly avoided and would get overwritten.
Reported-by: BrumBrum on hackerone
Assisted-by: Jay Satiro
Bug: https://hackerone.com/reports/926638
Closes #5731
show more ...
|
| 2b6b843b | 27-Jul-2020 |
Jonathan Nieder |
multi: update comment to say easyp list is linear
Since 09b9fc900 (multi: remove 'Curl_one_easy' struct, phase 1,
2013-08-02), the easy handle list is not circular but ends with
->ne
multi: update comment to say easyp list is linear
Since 09b9fc900 (multi: remove 'Curl_one_easy' struct, phase 1,
2013-08-02), the easy handle list is not circular but ends with
->next pointing to NULL.
Reported-by: Masaya Suzuki <masayasuzuki@google.com>
Closes #5737
show more ...
|
| 34e5ad21 | 27-Jul-2020 |
Daniel Stenberg |
CURLOPT_NOBODY.3: fix the syntax for referring to options
As test 1140 fails otherwise!
Follow-up to e1bac81cc815 |
| d259cf1a | 27-Jul-2020 |
Daniel Stenberg |
ngtcp2: store address in sockaddr_storage
Reported-by: Tatsuhiro Tsujikawa
Closes #5733 |
| e1bac81c | 27-Jul-2020 |
Daniel Stenberg |
CURLOPT_NOBODY.3: clarify what setting to 0 means
... and mention that HTTP with other methods than HEAD might get a body and
there's no option available to stop that.
Closes #5
CURLOPT_NOBODY.3: clarify what setting to 0 means
... and mention that HTTP with other methods than HEAD might get a body and
there's no option available to stop that.
Closes #5729
show more ...
|
| 91cb16b2 | 27-Jul-2020 |
Daniel Stenberg |
setopt: unset NOBODY switches to GET if still HEAD
Unsetting CURLOPT_NOBODY with 0L when doing HTTP has no documented
action but before 7.71.0 that used to switch back to GET and with th
setopt: unset NOBODY switches to GET if still HEAD
Unsetting CURLOPT_NOBODY with 0L when doing HTTP has no documented
action but before 7.71.0 that used to switch back to GET and with this
change (assuming the method is still set to HEAD) this behavior is
brought back.
Reported-by: causal-agent on github
Fixes #5725
Closes #5728
show more ...
|
| 14e63c19 | 15-Jul-2020 |
Ehren Bendler |
configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
Also choose a different wolfSSL function to test for NTLM support.
Fixes #5605
Closes #5682 |
| ba390221 | 27-Jul-2020 |
Daniel Stenberg |
configure: show zstd "no" in summary when built without it
Reported-by: Marc Hörsken
Fixes #5720
Closes #5730 |
| 425fa864 | 27-Jul-2020 |
Daniel Stenberg |
quiche: handle calling disconnect twice
Reported-by: lilongyan-huawei on github
Fixes #5726
Closes #5727 |
| 0b859692 | 10-Jul-2020 |
Nicolas Sterchele |
getinfo: reset retry-after value in initinfo
- Avoid re-using retry_after value from preceding request
- Add libtest 3010 to verify
Reported-by: joey-l-us on github
Fixes #5
getinfo: reset retry-after value in initinfo
- Avoid re-using retry_after value from preceding request
- Add libtest 3010 to verify
Reported-by: joey-l-us on github
Fixes #5661
Closes #5672
show more ...
|
| 0c6112a1 | 23-Jul-2020 |
Marcel Raad |
WIN32: stop forcing narrow-character API
Except where the results are only used for character output.
getenv is not touched because it's part of the public API, and having
it return
WIN32: stop forcing narrow-character API
Except where the results are only used for character output.
getenv is not touched because it's part of the public API, and having
it return UTF-8 instead of ANSI would be a breaking change.
Fixes https://github.com/curl/curl/issues/5658
Fixes https://github.com/curl/curl/issues/5712
Closes https://github.com/curl/curl/pull/5718
show more ...
|
| 8829703b | 25-Jul-2020 |
Tobias Stoeckmann |
mprintf: Fix stack overflows
Stack overflows can occur with precisions for integers and floats.
Proof of concepts:
- curl_mprintf("%d, %.*1$d", 500, 1);
- curl_mprintf("%d,
mprintf: Fix stack overflows
Stack overflows can occur with precisions for integers and floats.
Proof of concepts:
- curl_mprintf("%d, %.*1$d", 500, 1);
- curl_mprintf("%d, %+0500.*1$f", 500, 1);
Ideally, compile with -fsanitize=address which makes this undefined
behavior a bit more defined for debug purposes.
The format strings are valid. The overflows occur due to invalid
arguments. If these arguments are variables with contents controlled
by an attacker, the function's stack can be corrupted.
Also see CVE-2016-9586 which partially fixed the float aspect.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Closes https://github.com/curl/curl/pull/5722
show more ...
|
