#
b654fb4c |
| 29-Apr-2021 |
Jay Satiro |
tool_operate: Fix --fail-early with parallel transfers - Abort via progress callback to fail early during parallel transfers. When a critical error occurs during a transfer (eg --fa
tool_operate: Fix --fail-early with parallel transfers - Abort via progress callback to fail early during parallel transfers. When a critical error occurs during a transfer (eg --fail-early constraint) then other running transfers will be aborted via progress callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this case, the callback error does not become the most recent error and a custom error message is used for those transfers: curld --fail --fail-early --parallel https://httpbin.org/status/404 https://httpbin.org/delay/10 curl: (22) The requested URL returned error: 404 curl: (42) Transfer aborted due to critical error in another transfer > echo %ERRORLEVEL% 22 Fixes https://github.com/curl/curl/issues/6939 Closes https://github.com/curl/curl/pull/6984
show more ...
|
#
8749ce65 |
| 18-Jul-2021 |
Nyholm |
docs: correct spelling errors and a broken link Update grammar and spelling in docs and source code comments. Closes: #7427 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
#
2784a585 |
| 10-Jun-2021 |
Daniel Stenberg |
single_transfer: ignore blank --output-dir ... as otherwise it creates a rather unexpected target directory with a leading slash. Reported-by: Harry Sintonen Fixes #7218
single_transfer: ignore blank --output-dir ... as otherwise it creates a rather unexpected target directory with a leading slash. Reported-by: Harry Sintonen Fixes #7218 Closes #7233
show more ...
|
#
265b14d6 |
| 01-Jun-2021 |
Daniel Stenberg |
metalink: remove Warning: this will make existing curl command lines that use metalink to stop working. Reasons for removal: 1. We've found several security problems an
metalink: remove Warning: this will make existing curl command lines that use metalink to stop working. Reasons for removal: 1. We've found several security problems and issues involving the metalink support in curl. The issues are not detailed here. When working on those, it become apparent to the team that several of the problems are due to the system design, metalink library API and what the metalink RFC says. They are very hard to fix on the curl side only. 2. The metalink usage with curl was only very briefly documented and was not following the "normal" curl usage pattern in several ways, making it surprising and non-intuitive which could lead to further security issues. 3. The metalink library was last updated 6 years ago and wasn't so active the years before that either. An unmaintained library means there's a security problem waiting to happen. This is probably reason enough. 4. Metalink requires an XML parsing library, which is complex code (even the smaller alternatives) and to this day often gets security updates. 5. Metalink is not a widely used curl feature. In the 2020 curl user survey, only 1.4% of the responders said that they'd are using it. In 2021 that number was 1.2%. Searching the web also show very few traces of it being used, even with other tools. 6. The torrent format and associated technology clearly won for downloading large files from multiple sources in parallel. Cloes #7176
show more ...
|
Revision tags: curl-7_76_1, curl-7_76_0 |
|
#
54e74750 |
| 27-Feb-2021 |
Jay Satiro |
schannel: Disable auto credentials; add an option to enable it - Disable auto credentials by default. This is a breaking change for clients that are using it, wittingly or not.
schannel: Disable auto credentials; add an option to enable it - Disable auto credentials by default. This is a breaking change for clients that are using it, wittingly or not. - New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl to automatically locate and use a client certificate for authentication, when requested by the server. - New curl tool options --ssl-auto-client-cert and --proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT. This option is only supported for Schannel (the native Windows SSL library). Prior to this change Schannel would, with no notification to the client, attempt to locate a client certificate and send it to the server, when requested by the server. Since the server can request any certificate that supports client authentication in the OS certificate store it could be a privacy violation and unexpected. Fixes https://github.com/curl/curl/issues/2262 Reported-by: Jeroen Ooms Assisted-by: Wes Hinsley Assisted-by: Rich FitzJohn Ref: https://curl.se/mail/lib-2021-02/0066.html Reported-by: Morten Minde Neergaard Closes https://github.com/curl/curl/pull/6673
show more ...
|
#
063d3f3b |
| 19-Apr-2021 |
Daniel Stenberg |
tidy-up: make conditional checks more consistent ... remove '== NULL' and '!= 0' Closes #6912
|
#
711879ca |
| 20-Apr-2021 |
Jay Satiro |
tool_operate: don't discard failed parallel transfer result - Save a parallel transfer's result code only when it fails and the transfer is not being retried. Prior to this ch
tool_operate: don't discard failed parallel transfer result - Save a parallel transfer's result code only when it fails and the transfer is not being retried. Prior to this change the result code was always set which meant that a failed result could be erroneously discarded if a different transfer later had a successful result (CURLE_OK). Before: > curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10 > echo %ERRORLEVEL% 0 After: > curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10 > echo %ERRORLEVEL% 22 Closes #xxxx
show more ...
|
#
985c184d |
| 11-Mar-2021 |
Daniel Stenberg |
tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error Closes #6727
|
#
40f3c18e |
| 26-Feb-2021 |
Daniel Stenberg |
curl: set CURLOPT_NEW_FILE_PERMS if requested The --create-file-mode code logic accepted the value but never actually passed it on to libcurl! Follow-up to a7696c73436f (shipped
curl: set CURLOPT_NEW_FILE_PERMS if requested The --create-file-mode code logic accepted the value but never actually passed it on to libcurl! Follow-up to a7696c73436f (shipped in 7.75.0) Reported-by: Johannes Lesr Fixes #6657 Closes #6666
show more ...
|
#
15bc86df |
| 26-Feb-2021 |
Daniel Stenberg |
tool_operate: check argc before accessing argv[1] Follow-up to 09363500b Reported-by: Emil Engler Reviewed-by: Daniel Gustafsson Closes #6668
|
#
82c583dc |
| 25-Feb-2021 |
Daniel Gustafsson |
cookies: Support multiple -b parameters Previously only a single -b cookie parameter was supported with the last one winning. This adds support for supplying multiple -b params to have
cookies: Support multiple -b parameters Previously only a single -b cookie parameter was supported with the last one winning. This adds support for supplying multiple -b params to have them serialized semicolon separated. Both cookiefiles and cookies can be entered multiple times. Closes #6649 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
#
53022e18 |
| 11-Feb-2021 |
Jay Satiro |
doh: add options to disable ssl verification - New libcurl options CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the same as their re
doh: add options to disable ssl verification - New libcurl options CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the same as their respective counterparts. - New curl tool options --doh-insecure and --doh-cert-status do the same as their respective counterparts. Prior to this change DOH SSL certificate verification settings for verifyhost and verifypeer were supposed to be inherited respectively from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug were not. As a result DOH verification remained at the default, ie enabled, and it was not possible to disable. This commit changes behavior so that the DOH verification settings are independent and not inherited. Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676 Fixes https://github.com/curl/curl/issues/4578 Closes https://github.com/curl/curl/pull/6597
show more ...
|
#
8a964cb2 |
| 11-Feb-2021 |
Daniel Stenberg |
curl: add --fail-with-body Prevent both --fail and --fail-with-body on the same command line. Verify with test 349, 360 and 361. Closes #6449
|
Revision tags: curl-7_75_0 |
|
#
65ca2294 |
| 28-Jan-2021 |
Jay Satiro |
tool_writeout: refactor write-out and write-out json - Deduplicate the logic used by write-out and write-out json. Rather than have separate writeLong, writeString, etc, logic for
tool_writeout: refactor write-out and write-out json - Deduplicate the logic used by write-out and write-out json. Rather than have separate writeLong, writeString, etc, logic for each of write-out and write-out json instead have respective shared functions that can output either format and a 'use_json' parameter to indicate whether it is json that is output. This will make it easier to maintain. Rather than have to go through two sets of logic now we only have to go through one. - Support write-out %{errormsg} and %{exitcode} in json. - Clarify in the doc that %{exitcode} is the exit code of the transfer. Prior to this change it just said "The numerical exitcode" which implies it's the exit code of the tool, and it's not necessarily that. Closes https://github.com/curl/curl/pull/6544
show more ...
|
#
796ce293 |
| 25-Jan-2021 |
Dmitry Wagin |
http: improve AWS HTTP v4 Signature auth - Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc)
http: improve AWS HTTP v4 Signature auth - Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc) by providing region and service parameters via aws-sigv4 option. - Add [:region[:service]] suffix to aws-sigv4 option; - Fix memory allocation errors. - Refactor memory management. - Use Curl_http_method instead() STRING_CUSTOMREQUEST. - Refactor canonical headers generating. - Remove repeated sha256_to_hex() usage. - Add some docs fixes. - Add some codestyle fixes. - Add overloaded strndup() for debug - curl_dbg_strndup(). - Update tests. Closes #6524
show more ...
|
#
a705f28b |
| 26-Jan-2021 |
Daniel Stenberg |
curl: include the file name in --xattr/--remote-time error msgs
|
#
f42ee77a |
| 26-Jan-2021 |
Daniel Stenberg |
curl: s/config->global/global/ in single_transfer()
|
#
71acece9 |
| 26-Jan-2021 |
Daniel Stenberg |
curl: move fprintf outputs to warnf For setting and getting time of the download. To make the outputs respect --silent etc. Reported-by: Viktor Szakats Fixes #6533 Close
curl: move fprintf outputs to warnf For setting and getting time of the download. To make the outputs respect --silent etc. Reported-by: Viktor Szakats Fixes #6533 Closes #6535
show more ...
|
#
8f32ead8 |
| 14-Jan-2021 |
Daniel Stenberg |
tool_operate: spellfix a comment
|
#
df1240cc |
| 02-Jan-2021 |
Jay Satiro |
tool_operate: fix the suppression logic of some error messages - Fix the failed truncation and failed writing body error messages to not be shown unless error messages are shown. (ie t
tool_operate: fix the suppression logic of some error messages - Fix the failed truncation and failed writing body error messages to not be shown unless error messages are shown. (ie the user has specified -sS, or has not specified -s). - Also prefix same error messages with "curl: ", for example: curl: (23) Failed to truncate, exiting Prior to this change the failed truncation error messages would be shown if not -s, but did not account for -sS which should show. Prior to this change the failed writing body error messages would be shown always. Ref: https://curl.se/docs/manpage.html#-S Bug: https://curl.se/mail/archive-2020-12/0017.html Reported-by: Hongyi Zhao Closes https://github.com/curl/curl/pull/6402
show more ...
|
#
725ec470 |
| 31-Dec-2020 |
Emil Engler |
language: s/behaviour/behavior/g We currently use both spellings the british "behaviour" and the american "behavior". However "behavior" is more used in the project so I think it's w
language: s/behaviour/behavior/g We currently use both spellings the british "behaviour" and the american "behavior". However "behavior" is more used in the project so I think it's worth dropping the british name. Closes #6395
show more ...
|
#
e6c5613e |
| 26-Dec-2020 |
Daniel Stenberg |
tool_operate: avoid NULL dereference of first_arg Follow-up to 6a5e020d4d2b04a Identified by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28999 Closes #6377
|
#
8ab78f72 |
| 26-Dec-2020 |
Daniel Stenberg |
misc: fix "warning: empty expression statement has no effect" Turned several macros into do-while(0) style to allow their use to work find with semicolon. Bug: https://github.co
misc: fix "warning: empty expression statement has no effect" Turned several macros into do-while(0) style to allow their use to work find with semicolon. Bug: https://github.com/curl/curl/commit/08e8455dddc5e48e58a12ade3815c01ae3da3b64#commitcomment-45433279 Follow-up to 08e8455dddc5e4 Reported-by: Gisle Vanem Closes #6376
show more ...
|
#
6a5e020d |
| 23-Dec-2020 |
Cherish98 <66007047+Cherish98@users.noreply.github.com> |
curl: fix handling of -q option The match of the "-q" option (short for "--disable") should: a) allow concatenation with other single-letters; and b) be case-sensitive, lest confusin
curl: fix handling of -q option The match of the "-q" option (short for "--disable") should: a) allow concatenation with other single-letters; and b) be case-sensitive, lest confusing with "-Q" ("--quote") Closes #6364
show more ...
|
#
7a90ddf8 |
| 14-Dec-2020 |
Daniel Stenberg |
curl: add variables to --write-out In particular, these ones can help a user to create its own error message when one or transfers fail. writeout: add 'onerror', 'url', 'urlnum'
curl: add variables to --write-out In particular, these ones can help a user to create its own error message when one or transfers fail. writeout: add 'onerror', 'url', 'urlnum', 'exitcode', 'errormsg' onerror - lets a user only show the rest on non-zero exit codes url - the input URL used for this transfer urlnum - the numerical URL counter (0 indexed) for this transfer exitcode - the numerical exit code for the transfer errormsg - obvious Reported-by: Earnestly on github Fixes #6199 Closes #6207
show more ...
|