| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Makes the option more explicit.
|
|
|
|
|
| |
Fixes #6864
Cloes #6886
|
|
|
|
| |
--fail-with-body was added in 8a964cb (precedes curl-7_76_0).
|
|
|
|
| |
Closes #6881
|
|
|
|
|
|
|
|
|
| |
The macro name change was not completely done.
Follow-up to 5d2c384452543c
Bug: https://github.com/curl/curl/commit/5d2c384452543c7b6c9fb02eaa0afc84fd5ab941#commitcomment-49315187
Reported-by: Marcel Raad
Closes #6878
|
|
|
|
|
|
| |
Extends the CodeQL code scan.
Closes #6815
|
|
|
|
|
|
|
|
| |
If event_del is called with the event struct (still) zeroed out, a
segmentation fault may occur. event_initialized checks whether the
event struct is nonzero.
Closes #6876
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to Microsoft document MS-NLMP, current flags usage is not
accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
extended security in an NTLM authentication message and NTLM version 2
cannot be negotiated within the protocol.
The solution implemented here is: if the extended security flag is set,
prefer using NTLM version 2 (as a server featuring extended security
should also support version 2). If version 2 has been disabled at
compile time, use extended security.
Tests involving NTLM are adjusted to this new behavior.
Fixes #6813
Closes #6849
|
|
|
|
| |
Closes #6849
|
|
|
|
|
|
|
| |
... as !defined(CURL_DISABLE_CRYPTO_AUTH) is a prerequisite for the
whole NTLM.
Closes #6849
|
|
|
|
| |
Closes #6867
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 2682e5f5, several instances of AC_HEADER_TIME were removed since
it is a deprecated autoconf macro. However, this was the macro that
defined TIME_WITH_SYS_TIME, which was used to indicate that <time.h>
can be included alongside <sys/time.h>. TIME_WITH_SYS_TIME is still
used in the configure test body and since it is no longer defined,
<time.h> is *not* included on systems that have <sys/time.h>.
In particular, at least on musl libc and glibc, <sys/time.h> does
not implicitly include <time.h> and does not declare clock_gettime,
gmtime_r, or localtime_r. This causes configure to fail to detect
those functions.
The AC_HEADER_TIME macro deprecation text says
> All current systems provide time.h; it need not be checked for.
> Not all systems provide sys/time.h, but those that do, all allow
> you to include it and time.h simultaneously.
So, to fix this issue, simply include <time.h> unconditionally when
testing for time-related functions and in libcurl, and don't bother
checking for it.
Closes #6859
|
|
|
|
|
|
|
|
|
|
|
| |
This was previously defined by the obsolete AC_TYPE_SIGNAL macro,
which was removed in 2682e5f5. The deprecation text says
> Your code may safely assume C89 semantics that RETSIGTYPE is void.
So, remove it and just use void instead.
Closes #6861
|
|
|
|
| |
Closes #6860
|
|
|
|
|
| |
Fixes #6838
Closes #6860
|
|
|
|
|
|
|
|
| |
In ngtcp2 the `with-gnutls` option is disabled by default, which will
cause `curl` unable to be `make` because of lacking the libraries
needed.
Closes #6857
|
| |
|
|
|
|
|
|
|
|
| |
... and not values.
Reported-by: locpyl-tidnyd on github
Fixes #6818
Closes #6819
|
|
|
|
|
|
|
|
| |
... to avoid double-free.
Reported-by: Kenneth Davidson
Fixes #6824
Closes #6856
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure the total amount of DL/UL bytes are counted before the
transfer finalizes. Otherwise if a transfer finishes too quick, its
total numbers are not added, and results in a DL%/UL% that goes above
100%.
Detail:
progress_meter() is called periodically, and it may not catch a
transfer's total bytes if the value was unknown during the last call,
and the transfer is finished and deleted (i.e., lost) during the next
call.
Closes https://github.com/curl/curl/pull/6840
|
|
|
|
|
|
|
|
| |
This removes the last occurrence of PATH_MAX inside our libssh
implementation by calculating the path length from the string length of
the two components.
Closes #6829
|
|
|
|
|
|
|
|
|
|
| |
... to fix the retry-loop.
Add test 718 to verify.
Reported-by: Daniel Kurečka
Fixes #6828
Closes #6850
|
|
|
|
|
|
|
|
|
| |
instead of 13, before the server has told how many streams it
accepts. The server can always reject new streams anyway if we go above
what it accepts.
Ref: #6826
Closes #6852
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After 957bc1881e686f9714c4e6a01bf33535091f0e21, we no longer compute an
expected_size for directories. This has the upshot that when we compare
even an empty Range with the available size, we fail.
This brings back the previous behaviour, which was to succeed, but with
empty content. This also removes the "Accept-ranges: bytes" header,
which is nonsensical on directories.
Adds test 3016
Fixes #6845
Closes #6846
|
|
|
|
| |
and bumped to 7.76.1
|
|
|
|
|
|
|
|
|
|
|
| |
for GnuTLS, BearSSL, mbedTLS, NSS, SChannnel, Secure Transport and
wolfSSL...
Regression since 88dd1a8a115b1f5ece (shipped in 7.76.0)
Reported-by: Kenneth Davidson
Reported-by: romamik om github
Fixes #6825
Closes #6827
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Define Curl_resolver_error function only when USE_CURL_ASYNC.
Prior to this change building curl without an asynchronous resolver
backend (c-ares or threaded) and without DoH (DNS-over-HTTPS, which is
also asynchronous but independent of resolver backend) would cause a
build error since Curl_resolver_error is called by and evaluates
variables only available in asynchronous builds.
Reported-by: Benbuck Nason
Fixes https://github.com/curl/curl/issues/6831
Closes https://github.com/curl/curl/pull/6832
|
|
|
|
|
|
| |
Reported-by: Christian Schmitz
Fixes #6816
Closes #6820
|
|
|
|
| |
curl 7.76.0 release
|
| |
|
|
|
|
| |
... some users may not want that!
|
|
|
|
|
|
|
| |
It was never defined anywhere. Fixed disable-scan (test 1165) to also
scan headers, which found this issue.
Closes #6809
|
|
|
|
|
|
| |
Follow-up to b09c8ee15771c61
Fixes #6812
Closes #6811
|
|
|
|
| |
Closes #6807
|
|
|
|
|
|
|
|
|
| |
To silence (false positive) compiler warnings about it.
Follow-up to 7214288898f5625
Reviewed-by: Marcel Raad
Closes #6810
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid enabling NTLM feature based upon Windows SSPI
being enabled in case that crypto auth is disabled.
Reported-by: Marcel Raad
Follow-up to #6277
Fixes #6803
Closes #6808
|
| |
|
|
|
|
|
|
|
|
|
| |
To make sure we set and extract the correct session.
Reported-by: Mingtao Yang
Bug: https://curl.se/docs/CVE-2021-22890.html
CVE-2021-22890
|
|
|
|
|
|
|
|
| |
Added test 2081 to verify.
CVE-2021-22876
Bug: https://curl.se/docs/CVE-2021-22876.html
|
|
|
|
|
|
| |
... if libgsasl was found.
Closes #6806
|
|
|
|
|
|
| |
Follow-up to a5eee22e594c2460f
Fixes #6804
Closes #6805
|
|
|
|
|
| |
Reviewed-by: Emil Engler
Closes #6802
|
|
|
|
|
| |
... as we know the value cannot be set to negative: enforced by
setopt()
|
|
|
|
|
|
|
|
|
| |
By making sure never to send off more than the allowed number of bytes
per second the speed limit logic is given more room to actually work.
Reported-by: Fabian Keil
Bug: https://curl.se/mail/lib-2021-03/0042.html
Closes #6797
|
|
|
|
|
|
|
|
| |
Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in less holes in my
test build.
Closes #6798
|
|
|
|
|
| |
Reported-by: Oumph on github
Fixes #6768
|
|
|
|
| |
Based on what Wikipedia says
|
|
|
|
|
|
|
|
|
|
| |
Known bug 11.11 is the shared object's connection cache is not thread
safe, so we should not have an example for it.
Ref: https://github.com/curl/curl/issues/4915
Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not
Closes https://github.com/curl/curl/pull/6795
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add description: Explain that some options aren't inherited because
they are not relevant for the DoH SSL connections or may result in
unexpected behavior.
- Remove the reference to #4578 (SSL verify options not inherited) since
that was fixed by #6597 (separate DoH-specific options for verify).
- Explain that DoH-specific options (those created by #6597) are
available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and
CURLOPT_DOH_SSL_VERIFYSTATUS.
- Add a reference to #6605 and explain that the user's debug function is
not inherited because it would be unexpected to pass internal handles
(ie DoH handles) to the user's callback.
Closes https://github.com/curl/curl/issues/6605
|
| |
|