lib: fix type of len passed to *printf's %*s

... it needs to be 'int'. Detected by Coverity CID 1486611 (etc)

Closes #7326

lib: use %u instead of %ld for port number printf

Follow-up to 764c6bd3bf which changed the type of some port number
fields. Detected by Coverity (CID 1486624) etc.

Closes #7325

version: turn version number functions into returning void

... as we never use the return codes from them.

Reviewed-by: Daniel Gustafsson
Closes #7319

mqtt: extend the error message for no topic

... and mention that it needs URL encoding.

Reported-by: Peter Körner
Fixes #7316
Closes #7317

formdata: correct typecast in curl_mime_data call

Coverity pointed out it the mismatch. CID 1486590

Closes #7327

url: (void)-prefix a curl_url_get() call

Coverity (CID 1486645) pointed out a use of curl_url_get() in the
parse_proxy function where the return code wasn't checked. A
(void)-prefix

url: (void)-prefix a curl_url_get() call

Coverity (CID 1486645) pointed out a use of curl_url_get() in the
parse_proxy function where the return code wasn't checked. A
(void)-prefix makes the intention obvious.

Closes #7320

show more ...

glob: pass an 'int' as len when using printf's %*s

Detected by Coverity CID 1486629.

Closes #7324

vtls: use free() not curl_free()

curl_free() is provided for users of the API to free returned data,
there's no need to use it internally.

Closes #7318

zuul: use the new rustls directory name

Follow-up to 6d972c8b1cbb3 which missed updating this directory name.

Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.

zuul: use the new rustls directory name

Follow-up to 6d972c8b1cbb3 which missed updating this directory name.

Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1

Closes #7311

show more ...

http: fix crash in rate-limited upload

- Don't set the size of the piece of data to send to the rate limit if
that limit is larger than the buffer size that will hold the piece.

http: fix crash in rate-limited upload

- Don't set the size of the piece of data to send to the rate limit if
that limit is larger than the buffer size that will hold the piece.

Prior to this change if CURLOPT_MAX_SEND_SPEED_LARGE
(curl tool: --limit-rate) was set then it was possible that a temporary
buffer used for uploading could be written to out of bounds. A likely
scenario for this would be a non-trivial amount of post data combined
with a rate limit larger than CURLOPT_UPLOAD_BUFFERSIZE (default 64k).

The bug was introduced in 24e469f which is in releases since 7.76.0.

perl -e "print '0' x 200000" > tmp
curl --limit-rate 128k -d @tmp httpbin.org/post

Reported-by: Richard Marion

Fixes https://github.com/curl/curl/issues/7308
Closes https://github.com/curl/curl/pull/7315

show more ...

copyright: add boiler-plate headers to CI config files

And whitelist .zuul.ignore

Closes #7314

CI: remove travis details

Rename still used leftovers to "zuul" as that's now the CI using them.

Closes #7313

RELEASE-NOTES: synced

openssl: avoid static variable for seed flag

Avoid the race condition risk by instead storing the "seeded" flag in
the multi handle. Modern OpenSSL versions handle the seeding itself so

openssl: avoid static variable for seed flag

Avoid the race condition risk by instead storing the "seeded" flag in
the multi handle. Modern OpenSSL versions handle the seeding itself so
doing the seeding once per multi-handle instead of once per process is
less of an issue.

Reported-by: Gerrit Renker
Fixes #7296
Closes #7306

show more ...

configure: inhibit the implicit-fallthrough warning on gcc-12

... since it no longer acknowledges the comment markup we use for that
purpose.

Reported-by: Younes El-karama
F

configure: inhibit the implicit-fallthrough warning on gcc-12

... since it no longer acknowledges the comment markup we use for that
purpose.

Reported-by: Younes El-karama
Fixes #7295
Closes #7307

show more ...

misc: fix typos in comments which repeat a word

Fix typos in code comments which repeat various words. In trivial
cases, just delete the repeated word. Reword the affected sentence in

misc: fix typos in comments which repeat a word

Fix typos in code comments which repeat various words. In trivial
cases, just delete the repeated word. Reword the affected sentence in
"lib/url.c" for it to make sense.

Closes #7303
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

show more ...

lib677: make it survive torture testing

Follow-up to a5ab72d5edd7

Closes #7300

docs/BINDINGS: fix outdated links

* luacurl page is now not accessible, fix it with wayback machine page
* Scheme one seems not providing https now, change it back to http one

C

docs/BINDINGS: fix outdated links

* luacurl page is now not accessible, fix it with wayback machine page
* Scheme one seems not providing https now, change it back to http one

Closes #7301

show more ...

curstls: bump crustls version and use new URL

crustls moved to https://github.com/rustls/rustls-ffi. This also bumps
the expected version to 0.7.0.

Closes #7297

RELEASE-NOTES: synced

examples: length-limit two sscanf() uses of %s

Reported-by: Jishan Shaikh
Fixes #7293
Closes #7294

multi: alter transfer timeout ordering

- Check whether a connection has succeded before checking whether it's
timed out.

This means if we've connected quickly, but subsequen

multi: alter transfer timeout ordering

- Check whether a connection has succeded before checking whether it's
timed out.

This means if we've connected quickly, but subsequently been
descheduled, we allow the connection to succeed. Note, if we timeout,
but between checking the timeout, and connecting to the server the
connection succeeds, we will allow it to go ahead. This is viewed as
an acceptable trade off.

- Add additional failf logging around failed connection attempts to
propogate the cause up to the caller.

Co-Authored-by: Martin Howarth
Closes #7178

show more ...

test677: IMAP CONNECT_ONLY, custom command and then exit

Adjusted ftpserver.pl to add support for the IMAP IDLE command

Adjusted test 660 to sync with the fix

multi: do not switch off connect_only flag when closing

... as it made protocol specific disconnect commands wrongly get used.

Bug: https://curl.se/mail/lib-2021-06/0024.html
Re

multi: do not switch off connect_only flag when closing

... as it made protocol specific disconnect commands wrongly get used.

Bug: https://curl.se/mail/lib-2021-06/0024.html
Reported-by: Aleksander Mazur
Closes #7288

show more ...

http: make the haproxy support work with unix domain sockets

... it should then pass on "PROXY UNKNOWN" since it doesn't know the
involved IP addresses.

Reported-by: Valentín Gu

http: make the haproxy support work with unix domain sockets

... it should then pass on "PROXY UNKNOWN" since it doesn't know the
involved IP addresses.

Reported-by: Valentín Gutiérrez
Fixes #7290
Closes #7291

show more ...