| 1d2e6f92 | 13-Oct-2022 |
Daniel Stenberg |
tests: add tests/markdown-uppercase.pl to dist tarball
Follow-up to aafb06c5928183d
Closes #9722 |
| eef7ad15 | 13-Oct-2022 |
Daniel Stenberg |
tool_paramhelp: asserts verify maximum sizes for string loading
The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
strings accepted when loading files into memory, bu
tool_paramhelp: asserts verify maximum sizes for string loading
The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
strings accepted when loading files into memory, but as the size is
later used as input to functions that take the size as 'int' as
argument, the sizes must not be larger than INT_MAX.
These two new assert()s make the code error out if someone would bump
the sizes without this consideration.
Reported-by Trail of Bits
Closes #9719
show more ...
|
| b46136f9 | 13-Oct-2022 |
Daniel Stenberg |
http: try parsing Retry-After: as a number first
Since the date parser allows YYYYMMDD as a date format (due to it being
a bit too generic for parsing this particular header), a large in
http: try parsing Retry-After: as a number first
Since the date parser allows YYYYMMDD as a date format (due to it being
a bit too generic for parsing this particular header), a large integer
number could wrongly match that pattern and cause the parser to generate
a wrong value.
No date format accepted for this header starts with a decimal number, so
by reversing the check and trying a number first we can deduct that if
that works, it was not a date.
Reported-by Trail of Bits
Closes #9718
show more ...
|
| b0e4ebe9 | 12-Oct-2022 |
Patrick Monnerat |
doc: fix deprecation versions inconsistencies
Ref: https://curl.se/mail/lib-2022-10/0026.html
Closes #9711 |
| 57ba1dd5 | 12-Oct-2022 |
Daniel Stenberg |
http_aws_sigv4: fix strlen() check
The check was off-by-one leading to buffer overflow.
Follow-up to 29c4aa00a16872
Detected by OSS-Fuzz
Closes #9714 |
| 0bb2f649 | 12-Oct-2022 |
Daniel Stenberg |
curl/main_checkfds: check the fcntl return code better
fcntl() can (in theory) return a non-zero number for success, so a
better test for error is checking for -1 explicitly.
Fo
curl/main_checkfds: check the fcntl return code better
fcntl() can (in theory) return a non-zero number for success, so a
better test for error is checking for -1 explicitly.
Follow-up to 41e1b30ea1b77e9ff
Mentioned-by: Dominik Klemba
Closes #9708
show more ...
|
| 0df0aa74 | 12-Oct-2022 |
Viktor Szakats |
tidy-up: delete unused HAVE_STRUCT_POLLFD
It was only defined in `lib/config-win32.h`, when building for Vista.
It was only used in `select.h`, in a condition that also included a
tidy-up: delete unused HAVE_STRUCT_POLLFD
It was only defined in `lib/config-win32.h`, when building for Vista.
It was only used in `select.h`, in a condition that also included a
check for `POLLIN` which is a superior choice for this detection and
which was already used by cmake and autotools builds.
Delete both instances of this macro.
Closes #9707
show more ...
|
| aafb06c5 | 11-Oct-2022 |
Daniel Stenberg |
test1275: verify upercase after period in markdown
Script based on the #9474 pull-request logic, but implemented in perl.
Updated docs/URL-SYNTAX.md accordingly.
Suggested-
test1275: verify upercase after period in markdown
Script based on the #9474 pull-request logic, but implemented in perl.
Updated docs/URL-SYNTAX.md accordingly.
Suggested-by: Dan Fandrich
Closes #9697
show more ...
|
| ddeec8fe | 11-Oct-2022 |
12932 <68835423+12932@users.noreply.github.com> |
misc: nitpick grammar in comments/docs
because the 'u' in URL is actually a consonant *sound* it is only
correct to write "a URL"
sorry this is a bit nitpicky :P
https:
misc: nitpick grammar in comments/docs
because the 'u' in URL is actually a consonant *sound* it is only
correct to write "a URL"
sorry this is a bit nitpicky :P
https://english.stackexchange.com/questions/152/when-should-i-use-a-vs-an
https://www.techtarget.com/whatis/feature/Which-is-correct-a-URL-or-an-URL
Closes #9699
show more ...
|
| aa970c4c | 11-Oct-2022 |
Viktor Szakats |
Makefile.m32: drop CROSSPREFIX and our CC/AR defaults [ci skip]
This patch aimed to fix a regression [0], where `CC` initialization
moved beyond its first use. But, on closer inspection
Makefile.m32: drop CROSSPREFIX and our CC/AR defaults [ci skip]
This patch aimed to fix a regression [0], where `CC` initialization
moved beyond its first use. But, on closer inspection it turned out that
the `CC` initialization does not work as expected due to GNU Make
filling it with `cc` by default. So unless implicit values were
explicitly disabled via a GNU Make option, the default value of
`$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
value `cc` maps to `gcc` in (most/all?) MinGW envs.
`AR` has the same issue, with a default value of `ar`.
We could reintroduce a separate variable to fix this without ill
effects, but for simplicity and flexibility, it seems better to drop
support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
require the caller to initialize `CC`, `AR` and `RC` to the full
(prefixed if necessary) names of these tools, as desired.
We keep `RC ?= windres` because `RC` is empty by default.
Also fix grammar in a comment.
[0] 10fbd8b4e3f83b967fd9ad9a41ab484c0e7e7ca3
Closes #9698
show more ...
|
| 28edcbe1 | 11-Oct-2022 |
Viktor Szakats |
smb: replace CURL_WIN32 with WIN32
PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
`CURL_WIN32` macro, but that one is not defined here, while compiling
curl itself. T
smb: replace CURL_WIN32 with WIN32
PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
`CURL_WIN32` macro, but that one is not defined here, while compiling
curl itself. This patch changes this to `WIN32`, assuming this was the
original intent.
Regression from 1c52e8a3795ccdf8ec9c308f4f8f19cf10ea1f1a
Reviewed-by: Marcel Raad
Closes #9701
show more ...
|
| 29c4aa00 | 13-Jan-2022 |
Matthias Gatto |
aws_sigv4: fix header computation
Handle canonical headers and signed headers creation as explained here:
https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.htm
aws_sigv4: fix header computation
Handle canonical headers and signed headers creation as explained here:
https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
The algo tells that signed and canonical must contain at last host and
x-amz-date.
So we check whatever thoses are present in the curl http headers list.
If they are, we use the one enter by curl user, otherwise we generate
them. then we to lower, and remove space from each http headers plus
host and x-amz-date, then sort them all by alphabetical order.
This patch also fix a bug with host header, which was ignoring the port.
Closes #7966
show more ...
|
| 3c0050d1 | 09-Oct-2022 |
Aftab Alam <88653530+itsAftabAlam@users.noreply.github.com> |
README.md: link the curl logo to the website
- Link the curl:// image to https://curl.se/
Closes https://github.com/curl/curl/pull/9675 |
| 1027d52e | 25-Aug-2022 |
Dustin Howett |
schannel: when importing PFX, disable key persistence
By default, the PFXImportCertStore API persists the key in the user's
key store (as though the certificate was being imported for pe
schannel: when importing PFX, disable key persistence
By default, the PFXImportCertStore API persists the key in the user's
key store (as though the certificate was being imported for permanent,
ongoing use.)
The documentation specifies that keys that are not to be persisted
should be imported with the flag PKCS12_NO_PERSIST_KEY.
NOTE: this flag is only supported on versions of Windows newer than XP
and Server 2003.
--
This is take 2 of the original fix. It extends the lifetime of the
client certificate store to that of the credential handle. The original
fix which landed in 70d010d and was later reverted in aec8d30 failed to
work properly because it did not do that.
Minor changes were made to the schannel credential context to support
closing the client certificate store handle at the end of an SSL session.
--
Reported-by: ShadowZzj@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/9300
Supersedes https://github.com/curl/curl/pull/9363
Closes https://github.com/curl/curl/pull/9460
show more ...
|
| 66e68ca4 | 11-Oct-2022 |
Viktor Szakats |
Makefile.m32: support more options [ci skip]
- Add support for these options:
`-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
Caveats:
- `-wolfssh` requires `-wo
Makefile.m32: support more options [ci skip]
- Add support for these options:
`-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
Caveats:
- `-wolfssh` requires `-wolfssl`.
- `-wolfssl` cannot be used with OpenSSL backends in parallel.
- `-libssh` has build issues with BoringSSL and LibreSSL, and also
what looks like a world-writable-config vulnerability on Windows.
Consider it experimental.
- `-psl` requires `-idn2` and extra libs passed via
`LIBS=-liconv -lunistring`.
- Detect BoringSSL/wolfSSL and set ngtcp2 crypto lib accordingly.
- Generalize MultiSSL detection.
- Use else-if syntax. Requires GNU Make 3.81 (2006-04-01).
- Document more customization options.
This brings over some configuration logic from `curl-for-win`.
Closes #9680
show more ...
|
| 474a947e | 11-Oct-2022 |
Viktor Szakats |
cmake: enable more detection on Windows
Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
on Windows, instead of having predefined values.
With these featu
cmake: enable more detection on Windows
Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
on Windows, instead of having predefined values.
With these features detected correctly, CMake Windows builds get closer
to the autotools and `config-win32.h` ones.
This also fixes detecting `HAVE_FTRUNCATE` correctly, which required
`unistd.h`.
Fixing `ftruncate()` in turn causes a build warning/error with legacy
MinGW/MSYS1 due to an offset type size mismatch. This env misses to
detect `HAVE_FILE_OFFSET_BITS`, which may be a reason. This patch
force-disables `HAVE_FTRUNCATE` for this platform.
Reviewed-by: Daniel Stenberg
Closes #9687
show more ...
|
| 23029838 | 11-Oct-2022 |
Viktor Szakats |
autotools: allow unix sockets on Windows
Fixes: https://github.com/curl/curl-for-win/blob/73a070d96fd906fdee929e2f1f00a9149fb39239/curl-autotools.sh#L44-L47
On Windows this feature
autotools: allow unix sockets on Windows
Fixes: https://github.com/curl/curl-for-win/blob/73a070d96fd906fdee929e2f1f00a9149fb39239/curl-autotools.sh#L44-L47
On Windows this feature is present, but not the header used in the
detection logic. It also requires an elaborate enabler logic
(as seen in `lib/curl_setup.h`). Let's always allow it and let the
lib code deal with the details.
Closes #9688
show more ...
|
| 3b483745 | 11-Oct-2022 |
Viktor Szakats |
cmake: add missing inet_ntop check
This adds the missing half of the check, next to the other half
already present in `lib/curl_config.h.cmake`.
Force disable `HAVE_INET_NTOP` f
cmake: add missing inet_ntop check
This adds the missing half of the check, next to the other half
already present in `lib/curl_config.h.cmake`.
Force disable `HAVE_INET_NTOP` for old MSVC where it caused compiler
warnings.
Reviewed-by: Daniel Stenberg
Closes #9689
show more ...
|
| 23151d66 | 11-Oct-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| e71a9b48 | 10-Oct-2022 |
bsergean on github |
asyn-ares: set hint flags when calling ares_getaddrinfo
The hint flag is ARES_AI_NUMERICSERV, and it will save a call to
getservbyname or getservbyname_r to set it.
Closes #9694 |
| 66313cf4 | 10-Oct-2022 |
Daniel Stenberg |
header.d: add category smtp and imap
They were previously (erroneously) added manually to tool_listhelp.c
which would make them get removed again when the file is updated next
time,
header.d: add category smtp and imap
They were previously (erroneously) added manually to tool_listhelp.c
which would make them get removed again when the file is updated next
time, unless added correctly here in header.d
Follow-up to 2437fac01
Closes #9690
show more ...
|
| 671adfa4 | 10-Oct-2022 |
Daniel Stenberg |
curl/get_url_file_name: use libcurl URL parser
To avoid URL tricks, use the URL parser for this.
This update changes curl's behavior slightly in that it will ignore the
possible
curl/get_url_file_name: use libcurl URL parser
To avoid URL tricks, use the URL parser for this.
This update changes curl's behavior slightly in that it will ignore the
possible query part from the URL and only use the file name from the
actual path from the URL. I consider it a bugfix.
"curl -O localhost/name?giveme-giveme" will now save the output in the
local file named 'name'
Updated test 1210 to verify
Assisted-by: Jay Satiro
Closes #9684
show more ...
|
| c96462ad | 11-Oct-2022 |
Martin Ågren |
docs: fix grammar around needing pass phrase
"You never needed a pass phrase" reads like it's about to be followed by
something like "until version so-and-so", but that is not what is
docs: fix grammar around needing pass phrase
"You never needed a pass phrase" reads like it's about to be followed by
something like "until version so-and-so", but that is not what is
intended. Change to "You never need a pass phrase". There are two
instances of this text, so make sure to update both.
show more ...
|
| d91c736f | 09-Oct-2022 |
Xiang Xiao |
cmake: add the check of HAVE_SOCKETPAIR
which is used by Curl_socketpair
Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Closes #9686 |
| d24a2ffe | 10-Oct-2022 |
Daniel Stenberg |
curl/add_file_name_to_url: use the libcurl URL parser
instead of the custom error-prone parser, to extract and update the path
of the given URL
Closes #9683 |
