#
3829759b |
| 08-Dec-2023 |
Viktor Szakats |
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]
build: enable missing OpenSSF-recommended warnings, with fixes https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html as of 2023-11-29 [1]. Enable new recommended warnings (except `-Wsign-conversion`): - enable `-Wformat=2` for clang (in both cmake and autotools). - add `CURL_PRINTF()` internal attribute and mark functions accepting printf arguments with it. This is a copy of existing `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible with redefinting the `printf` symbol: https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for mingw-w64 and enable it on this platform. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. - add `-Wsign-conversion` commented with a FIXME. - cmake: enable `-pedantic-errors` the way we do it with autotools. Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747 - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format checks. Previously it was always disabled due to the internal `printf` macro. Fix them: - fix bug where an `set_ipv6_v6only()` call was missed in builds with `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. - add internal `FALLTHROUGH()` macro. - replace obsolete fall-through comments with `FALLTHROUGH()`. - fix fallthrough markups: Delete redundant ones (showing up as warnings in most cases). Add missing ones. Fix indentation. - silence `-Wformat-nonliteral` warnings with llvm/clang. - fix one `-Wformat-nonliteral` warning. - fix new `-Wformat` and `-Wformat-security` warnings. - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its definition to `lib/curl_setup.h` allowing use in `tests/server`. - lib: fix two wrongly passed string arguments in log outputs. Co-authored-by: Jay Satiro - fix new `-Wformat` warnings on mingw-w64. [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md Closes #12489
show more ...
|
#
b0f3d71c |
| 09-Oct-2023 |
Stefan Eissing |
MQTT: improve receive of ACKs - add `mq->recvbuf` to provide buffering of incomplete ACK responses - continue ACK reading until sufficient bytes available - fixes test failures
MQTT: improve receive of ACKs - add `mq->recvbuf` to provide buffering of incomplete ACK responses - continue ACK reading until sufficient bytes available - fixes test failures on low network receives Closes #12071
show more ...
|
#
c76df46a |
| 24-Jul-2023 |
Stefan Eissing |
http: VLH, very large header test and fixes - adding tests using very large passwords in auth - fixes general http sending to treat h3 like h2, and not like http1.1 - eliminate
http: VLH, very large header test and fixes - adding tests using very large passwords in auth - fixes general http sending to treat h3 like h2, and not like http1.1 - eliminate H2_HEADER max definitions and use the commmon DYN_HTTP_REQUEST everywhere, different limits do not help - fix http2 handling of requests denied by nghttp2 on send to immediately report the refused stream Closes #11509
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
307b7543 |
| 17-Sep-2022 |
Daniel Stenberg |
misc: null-terminate Make use of this term consistently. Closes #9527
|
#
d7dceb57 |
| 07-Sep-2022 |
Marcel Raad |
lib and tests: add missing curl.h includes Closes https://github.com/curl/curl/pull/9453
|
#
f703cf97 |
| 01-Sep-2022 |
Daniel Stenberg |
urlapi: leaner with fewer allocs Slightly faster with more robust code. Uses fewer and smaller mallocs. - remove two fields from the URL handle struct - reduce copies and allocs
urlapi: leaner with fewer allocs Slightly faster with more robust code. Uses fewer and smaller mallocs. - remove two fields from the URL handle struct - reduce copies and allocs - use dynbuf buffers more instead of custom malloc + copies - uses dynbuf to build the host name in reduces serial alloc+free within the same function. - move dedotdotify into urlapi.c and make it static, not strdup the input and optimize it by checking for . and / before using strncmp - remove a few strlen() calls - add Curl_dyn_setlen() that can "trim" an existing dynbuf Closes #9408
show more ...
|
#
ad9bc597 |
| 17-May-2022 |
max.mehl |
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the
copyright: make repository REUSE compliant Add licensing and copyright information for all files in this repository. This either happens in the file itself as a comment header or in the file `.reuse/dep5`. This commit also adds a Github workflow to check pull requests and adapts copyright.pl to the changes. Closes #8869
show more ...
|
Revision tags: curl-7_76_1, curl-7_76_0 |
|
#
6221bc1a |
| 03-Mar-2021 |
Daniel Stenberg |
dynbuf: bump the max HTTP request to 1MB Raised from 128KB to allow longer request headers. Reported-by: Carl Zogheib Fixes #6681 Closes #6685
|
Revision tags: curl-7_75_0, curl-7_74_0 |
|
#
4d2f8006 |
| 04-Nov-2020 |
Daniel Stenberg |
curl.se: new home Closes #6172
|
Revision tags: curl-7_73_0 |
|
#
c4693adc |
| 24-Sep-2020 |
Daniel Stenberg |
imap: make imap_send use dynbuf for the send buffer management Reuses the buffer and thereby reduces number of mallocs over a transfer. Closes #6010
|
#
f74afa40 |
| 23-Sep-2020 |
Daniel Stenberg |
dynbuf: add Curl_dyn_vaddf Closes #6004
|
#
7e8561e0 |
| 22-Sep-2020 |
Daniel Stenberg |
dynbuf: make *addf() not require extra mallocs ... by introducing a printf() function that appends directly into a dynbuf: Curl_dyn_vprintf(). This avoids the mandatory extra malloc so i
dynbuf: make *addf() not require extra mallocs ... by introducing a printf() function that appends directly into a dynbuf: Curl_dyn_vprintf(). This avoids the mandatory extra malloc so if the buffer is already big enough it can just printf directly into it. Since this less-malloc version requires tthe use of a library internal printf function, we only provide this version when building libcurl and not for the dynbuf code that is used when building the curl tool. Closes #5998
show more ...
|
#
c4ea71ae |
| 09-Sep-2020 |
Daniel Stenberg |
dynbuf: provide curlx_ names for reuse by the curl tool Closes #5946
|
Revision tags: tiny-curl-7_72_0, curl-7_72_0 |
|
#
7f187d89 |
| 03-Aug-2020 |
Daniel Stenberg |
h2: repair trailer handling The previous h2 trailer fix in 54a2b63 was wrong and caused a regression: it cannot deal with trailers immediately when read since they may be read off th
h2: repair trailer handling The previous h2 trailer fix in 54a2b63 was wrong and caused a regression: it cannot deal with trailers immediately when read since they may be read off the connection by the wrong 'data' owner. This change reverts the logic back to gathering all trailers into a single buffer, like before 54a2b63. Reported-by: Tadej Vengust Fixes #5663 Closes #5769
show more ...
|
Revision tags: curl-7_71_1 |
|
#
032e838b |
| 25-Jun-2020 |
Daniel Stenberg |
terminology: call them null-terminated strings Updated terminology in docs, comments and phrases to refer to C strings as "null-terminated". Done to unify with how most other C oriented
terminology: call them null-terminated strings Updated terminology in docs, comments and phrases to refer to C strings as "null-terminated". Done to unify with how most other C oriented docs refer of them and what users in general seem to prefer (based on a single highly unscientific poll on twitter). Reported-by: coinhubs on github Fixes #5598 Closes #5608
show more ...
|
Revision tags: curl-7_71_0 |
|
#
d957ed49 |
| 05-Jun-2020 |
Daniel Stenberg |
trailers: switch h1-trailer logic to use dynbuf In the continued effort to remove "manual" realloc schemes. Closes #5524
|
#
54a2b63c |
| 06-May-2020 |
Daniel Stenberg |
http2: simplify and clean up trailer handling Triggered by a crash detected by OSS-Fuzz after the dynbuf introduction in ed35d6590e72. This should make the trailer handling more straight
http2: simplify and clean up trailer handling Triggered by a crash detected by OSS-Fuzz after the dynbuf introduction in ed35d6590e72. This should make the trailer handling more straight forward and hopefully less error-prone. Deliver the trailer header to the callback already at receive-time. No longer caches the trailers to get delivered at end of stream. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22030 Closes #5348
show more ...
|
#
80b9db12 |
| 04-May-2020 |
Daniel Stenberg |
quiche: enable qlog output quiche has the potential to log qlog files. To enable this, you must build quiche with the qlog feature enabled `cargo build --features qlog`. curl then pa
quiche: enable qlog output quiche has the potential to log qlog files. To enable this, you must build quiche with the qlog feature enabled `cargo build --features qlog`. curl then passes a file descriptor to quiche, which takes ownership of the file. The FD transfer only works on UNIX. The convention is to enable logging when the QLOGDIR environment is set. This should be a path to a folder where files are written with the naming template <SCID>.qlog. Co-authored-by: Lucas Pardue Replaces #5337 Closes #5341
show more ...
|
#
dae126ff |
| 02-May-2020 |
Daniel Stenberg |
http_proxy: ported to use dynbuf instead of a static size buffer Removes a 16K static buffer from the easy handle. Simplifies the code.
|
#
ed35d659 |
| 02-May-2020 |
Daniel Stenberg |
dynbuf: introduce internal generic dynamic buffer functions A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to t
dynbuf: introduce internal generic dynamic buffer functions A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300
show more ...
|