| bb742018 | 23-Sep-2019 |
Paul Dreik |
doh: return early if there is no time left
Closes #4406 |
| 0023fce3 | 22-Sep-2019 |
Barry Pollard |
http: lowercase headernames for HTTP/2 and HTTP/3
Closes #4401
Fixes #4400 |
| 52746128 | 22-Sep-2019 |
Marcel Raad |
vtls: fix narrowing conversion warnings
Curl_timeleft returns `timediff_t`, which is 64 bits wide also on
32-bit systems since commit b1616dad8f0.
Closes https://github.com/curl
vtls: fix narrowing conversion warnings
Curl_timeleft returns `timediff_t`, which is 64 bits wide also on
32-bit systems since commit b1616dad8f0.
Closes https://github.com/curl/curl/pull/4398
show more ...
|
| 96a3ab7b | 22-Sep-2019 |
Joel Depooter |
winbuild: Add manifest to curl.exe for proper OS version detection
This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898
in pull request #1221. That commit added the CUR
winbuild: Add manifest to curl.exe for proper OS version detection
This is a small fix to commit ebd213270a017a6830928ee2e1f4a9cabc799898
in pull request #1221. That commit added the CURL_EMBED_MANIFEST flag to
CURL_RC_FLAGS. However, later in the file CURL_RC_FLAGS is
overwritten. The fix is to append values to CURL_RC_FLAGS instead of
overwriting
Closes #4399
show more ...
|
| 41db01a3 | 22-Sep-2019 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| 367e4b3c | 22-Sep-2019 |
Marcel Raad |
openssl: fix compiler warning with LibreSSL
It was already fixed for BoringSSL in commit a0f8fccb1e0.
LibreSSL has had the second argument to SSL_CTX_set_min_proto_version
as uint16_
openssl: fix compiler warning with LibreSSL
It was already fixed for BoringSSL in commit a0f8fccb1e0.
LibreSSL has had the second argument to SSL_CTX_set_min_proto_version
as uint16_t ever since the function was added in [0].
[0] https://github.com/libressl-portable/openbsd/commit/56f107201baefb5533486d665a58d8f57fd3aeda
Closes https://github.com/curl/curl/pull/4397
show more ...
|
| f8a20585 | 21-Sep-2019 |
Daniel Stenberg |
curl: exit the create_transfers loop on errors
When looping around the ranges and given URLs to create transfers, all
errors should exit the loop and return. Previously it would keep
curl: exit the create_transfers loop on errors
When looping around the ranges and given URLs to create transfers, all
errors should exit the loop and return. Previously it would keep
looping.
Reported-by: SumatraPeter on github
Bug: #4393
Closes #4396
show more ...
|
| 5ee88eee | 21-Sep-2019 |
Jay Satiro |
socks: Fix destination host shown on SOCKS5 error
Prior to this change when a server returned a socks5 connect error then
curl would parse the destination address:port from that data and
socks: Fix destination host shown on SOCKS5 error
Prior to this change when a server returned a socks5 connect error then
curl would parse the destination address:port from that data and show it
to the user as the destination:
curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.12.206 (locally resolved)
* Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
curl: (7) Can't complete SOCKS5 connection to 253.127.0.0:26673. (1)
That's incorrect because the address:port included in the connect error
is actually a bind address:port (typically unused) and not the
destination address:port. This fix changes curl to show the destination
information that curl sent to the server instead:
curld -v --socks5 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to IPv4 172.217.7.14:99 (locally resolved)
* Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
curl: (7) Can't complete SOCKS5 connection to 172.217.7.14:99. (1)
curld -v --socks5-hostname 10.0.3.1:1080 http://google.com:99
* SOCKS5 communication to google.com:99
* SOCKS5 connect to google.com:99 (remotely resolved)
* Can't complete SOCKS5 connection to google.com:99. (1)
curl: (7) Can't complete SOCKS5 connection to google.com:99. (1)
Ref: https://tools.ietf.org/html/rfc1928#section-6
Closes https://github.com/curl/curl/pull/4394
show more ...
|
| e09749dd | 21-Sep-2019 |
Daniel Stenberg |
travis: enable ngtcp2 h3-23 builds |
| d176a2c7 | 21-Sep-2019 |
Daniel Stenberg |
altsvc: both backends run h3-23 now
Closes #4395 |
| fe514ad9 | 21-Sep-2019 |
Daniel Stenberg |
http: fix warning on conversion from int to bit
Follow-up from 03ebe66d70 |
| 03ebe66d | 20-Sep-2019 |
Daniel Stenberg |
urldata: use 'bool' for the bit type on MSVC compilers
Closes #4387
Fixes #4379 |
| 0b7d7abe | 19-Sep-2019 |
Daniel Stenberg |
appveyor: upgrade VS2017 to VS2019
Closes #4383 |
| 36ff5e37 | 19-Sep-2019 |
Zenju |
FTP: FTPFILE_NOCWD: avoid redundant CWDs
Closes #4382 |
| 0801343e | 18-Sep-2019 |
Daniel Stenberg |
cookie: pass in the correct cookie amount to qsort()
As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have howeve
cookie: pass in the correct cookie amount to qsort()
As the loop discards cookies without domain set. This bug would lead to
qsort() trying to sort uninitialized pointers. We have however not found
it a security problem.
Reported-by: Paul Dreik
Closes #4386
show more ...
|
| 47066036 | 20-Sep-2019 |
Paul Dreik |
urlapi: avoid index underflow for short ipv6 hostnames
If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.
hostname[hlen] will then
urlapi: avoid index underflow for short ipv6 hostnames
If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.
hostname[hlen] will then cause a warning by ubsanitizer:
runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>
I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".
This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)
int main() {
char* hostname=strdup("[");
size_t hlen = strlen(hostname);
hlen-=2;
hostname++;
printf("character is %d\n",+hostname[hlen]);
free(hostname-1);
}
I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.
Closes #4389
show more ...
|
| 63a8d2b1 | 21-Sep-2019 |
Tatsuhiro Tsujikawa |
ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
Closes #4392 |
| 698149e4 | 20-Sep-2019 |
Daniel Stenberg |
THANKS-filter: deal with my typos 'Jat' => 'Jay' |
| 52db0b89 | 16-Sep-2019 |
Daniel Stenberg |
travis: use go master
... as the boringssl builds needs a very recent version
Co-authored-by: Jat Satiro
Closes #4361 |
| a89aeb54 | 19-Sep-2019 |
Daniel Stenberg |
tool_operate: removed unused variable 'done'
Fixes warning detected by PVS-Studio
Fixes #4374 |
| 2d5f76f2 | 19-Sep-2019 |
Daniel Stenberg |
tool_operate: Expression 'config->resume_from' is always true
Fixes warning detected by PVS-Studio
Fixes #4374 |
| b5a69b7a | 19-Sep-2019 |
Daniel Stenberg |
tool_getparam: remove duplicate switch case
Fixes warning detected by PVS-Studio
Fixes #4374 |
| 7d552450 | 19-Sep-2019 |
Daniel Stenberg |
libssh2: part of conditional expression is always true: !result
Fixes warning detected by PVS-Studio
Fixes #4374 |
| 36fbb100 | 19-Sep-2019 |
Daniel Stenberg |
urlapi: Expression 'storep' is always true
Fixes warning detected by PVS-Studio
Fixes #4374 |
| a6451487 | 19-Sep-2019 |
Daniel Stenberg |
urlapi: 'scheme' is always true
Fixes warning detected by PVS-Studio
Fixes #4374 |
