| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
We always use the patch number these days: all releases are
"major.minor.patch"
|
| |
|
|
|
|
|
| |
CMake up to 3.10 always reserves this name
Fixes #6257
Closes #6258
|
| |
|
|
|
|
|
|
| |
CVE-2020-8286
Reported by anonymous
Bug: https://curl.se/docs/CVE-2020-8286.html
|
| |
|
|
|
|
|
|
| |
CVE-2020-8285
Fixes #6255
Bug: https://curl.se/docs/CVE-2020-8285.html
Reported-by: xnynx on github
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The command line tool also independently sets --ftp-skip-pasv-ip by
default.
Ten test cases updated to adapt the modified --libcurl output.
Bug: https://curl.se/docs/CVE-2020-8284.html
CVE-2020-8284
Reported-by: Varnavas Papaioannou
|
| |
|
|
|
|
|
|
|
|
| |
... as it makes the URL parser accept "very-long-hostname://" as a valid
host name and we don't want that. The parser now only accepts a blank
(no digits) after the colon if the URL starts with a scheme.
Reported-by: d4d on hackerone
Closes #6283
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2a7d7c185f98df8f3e585e5620cbc0482e45fac.
This commit also reverts the subsequent follow-ups to that commit, which
were all done within windows #ifdefs that are removed in this
change. Marc helped me verify this.
Fixes #6146
Closes #6281
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the case of TFO, the remote host name is not resolved at the
connetion time.
For FTP that has lead to missing hostname for the secondary connection.
Therefore the name resolution is done at the time, when FTP requires it.
Fixes #6252
Closes #6265
Closes #6282
|
| |
|
|
|
|
|
| |
For tab-completion it may be preferable to include all the
available options.
Closes #6280
|
| | |
|
| |
|
|
|
|
|
| |
Reported-by: Kovalkov Dmitrii and Per Nilsson
Fixes #6254
Fixes #6256
Closes #6260
|
| |
|
|
|
|
|
| |
Once a vulnerability has been published, the hackerone issue should be
disclosed. For tranparency.
Closes #6275
|
| |
|
|
|
|
|
|
|
|
| |
Backporting the Python 3 implementation of setStream
to ClosingFileHandler as a fallback within Python 2.
Reported-by: Jay Satiro
Fixes #6259
Closes #6270
|
| |
|
|
|
| |
Reported-by: emanruse on github
Fixes #6273
|
| |
|
|
|
|
| |
Reported-by: Junho Choi
Fixes #6213
Closes #6217
|
| |
|
|
|
|
|
|
|
|
| |
- NGTCP2_CRYPTO_LEVEL_APP -> NGTCP2_CRYPTO_LEVEL_APPLICATION
ngtcp2/ngtcp2@76232e9 changed the name.
ngtcp2 master is required to build curl with http3 support.
Closes https://github.com/curl/curl/pull/6271
|
| |
|
|
|
|
| |
The HAVE_LINUX_TCP_H define was not set by cmake.
Closes #6252
|
| |
|
|
| |
Closes #6263
|
| |
|
|
|
|
|
| |
... and remove the old unused proto for the old Curl_splayremove
version.
Closes #6269
|
| |
|
|
|
|
| |
To fix a memory-leak.
Closes #6267
|
| |
|
|
|
|
| |
Follow-up to 4c9768565ec3a9 (from Sep 2008)
Closes #6268
|
| |
|
|
|
|
|
|
| |
... and simplify the too-long checks somewhat.
Detected by OSS-Fuzz
Closes #6264
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit c353207 removed the closing right after do_tftp
which covered the case of abort. This handles that case.
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Follow up to #6209
Closes #6234
|
| |
|
|
| |
Closes #6250
|
| |
|
|
| |
Closes #6250
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This field needs to be wide enough to hold sockaddr_in6 when
connecting via IPv6. Otherwise, ngtcp2_conn_read_pkt will drop the
packets because of the address mismatch:
I00000022 [...] con ignore packet from unknown path
We can safely assume that struct sockaddr_storage is available, as it
is used in the public interface of ngtcp2.
Closes #6250
|
| |
|
|
|
|
|
|
|
|
| |
The resolve call is done with the right port number, but the subsequent
check used the wrong one, which then could find a previous resolve which
would return and leave the fresh resolve "incomplete" and leaking
memory.
Fixes #6247
Closes #6253
|
| |
|
|
| |
... so don't define it when instructed to use c-ares!
|
| |
|
|
|
|
|
|
| |
As the asynch nature of it may trigger events in another order. A c-ares
upgrade made it break.
Reported-by: Marc Hörsken
Fixes #6247
|
| |
|
|
| |
... also added to the docs.
|
| |
|
|
|
|
|
|
| |
Commit 3b80d3ca46b12e52342 (June 2017) introduced getinfo replacement
variables that use curl_off_t instead of doubles. Switch the --write-out
function over to use them.
Closes #6248
|
| |
|
|
|
|
|
|
|
| |
file_disconnect() is identical with file_do() except the function header
but as the arguments are unused anyway so why not just return file_do()
directly!
Reviewed-by: Daniel Stenberg
Closes #6249
|
| |
|
|
|
|
| |
Update a few format specifiers to match what is being printed.
Closes #6241
|
| |
|
|
|
|
|
|
|
| |
The function has been removed from common usage. Also removed comment in
gopher.c that still referenced it.
Reported-by: Rikard Falkeborn
Fixes #6242
Closes #6243
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add files that are generated by 'make examples' and remove some that
have been renamed.
The commits that renamed the programs are e9625c5bc6c046a (imap.c and
simplesmtp.c were renamed to imap-fetch.c and smtp-send.c) and
ad39e7ec01e7 (pop3slist.c and pop3s.c were renamed to pop3-list.c and
pop3-ssl.c).
Closes #6240
|
| |
|
|
|
|
|
|
|
|
| |
To reduce use of types that can't be checked at compile time. Also
removes several typecasts.
... and rename the struct field from 'os_specific' to 'tdata'.
Closes #6239
Reviewed-by: Jay Satiro
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It requires the linker to support the `-municode` option.
This is available in more recent mingw-w64 releases.
Ref: https://gcc.gnu.org/onlinedocs/gcc/x86-Windows-Options.html
Ref: https://stackoverflow.com/questions/3571250/wwinmain-unicode-and-mingw/11706847#11706847
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Closes #6228
|
| |
|
|
|
|
|
| |
... to avoid the use of 'void *' for the protocol specific structs done
per transfer.
Closes #6238
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reduce risk for conflicting docs and makes it to a single place to fix
and polish.
add these missing options to the readme:
ENABLE_OPENSSL_AUTO_LOAD_CONFIG and ENABLE_UNICODE
clarify ENABLE_SCHANNEL default varies
Fixes #6216
Closes #6227
Co-Authored-by: Jay Satiro
|
| |
|
|
| |
Closes #6235
|
| |
|
|
| |
Closes #5839
|
| |
|
|
|
| |
Closes #6132
Closes #6133
|
| | |
|
| |
|
|
|
|
|
| |
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.
Closes #6220
|
| |
|
|
|
|
|
|
|
|
| |
Make sure uploaded file is no longer locked after the
transfer while waiting for the final ACK to be handled.
Assisted-by: Daniel Stenberg
Bug: #6058
Closes #6209
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OpenSSH server instance for the testsuite cannot
be started on FreeBSD, therefore the SFTP and SCP
tests are disabled right away from the beginning.
The previous OS version specific logic for SKIP_TESTS
is no longer needed/used and can therefore be removed.
Reviewed-by: Daniel Stenberg
Follow up to #6211
Closes #6229
|
| |
|
|
|
|
|
|
| |
Add Daniel Hwang to the mailmap to cover the alternative spelling
Daniel Lee Hwang which was used in one commit.
Closes #6230
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
EVP_MD_CTX_create will allocate memory for the context and returns
NULL in case the allocation fails. Make sure to catch any allocation
failures and exit early if so.
In passing, also move to EVP_DigestInit rather than EVP_DigestInit_ex
as the latter is intended for ENGINE selection which we don't do.
Closes #6224
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
|
| |
|
|
|
| |
Reviewed-by: Marcel Raad
Closes #6215
|
