| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
This is a regression that was *probably* injected in the larger progress
bar overhaul in 2018.
Reported-by: beslick5 on github
Fixes #7760
|
| |
|
|
|
|
|
|
|
|
| |
- file://host.name/path/file.txt is a valid UNC path
\\host.name\path\files.txt to a non-local file transformed into URI
(RFC 8089 Appendix E.3)
- UNC paths on other OSs must be smb: URLs
Closes #7366
|
| |
|
|
|
|
|
|
|
|
| |
Add curl_url_strerror() to convert CURLUcode into readable string and
facilitate easier troubleshooting in programs using URL API.
Extend CURLUcode with CURLU_LAST for iteration in unit tests.
Update man pages with a mention of new function.
Update example code and tests with new functionality where it fits.
Closes #7605
|
| | |
|
| |
|
|
|
|
|
| |
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
|
| |
|
|
|
|
|
| |
Reported-by: Vitaly Varyvdin
Assisted-by: Viktor Szakats
Fixes #7765
Closes #7776
|
| |
|
|
|
|
|
| |
fix inappropriate version setting for QUIC transport parameters.
this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29).
Closes #7771
|
| |
|
|
|
|
| |
Reported-by: Alexander Chuykov
Fixes #7774
Closes #7775
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On connection shutdown, a new TLS session ticket may arrive after the
SSL session cache has already been destructed. In this case, the new
SSL session cannot be added to the SSL session cache.
The callers of Curl_ssl_addsessionid() need to know whether the SSL
session has been added to the cache. If it has not been added, the
reference counter of the SSL session must not be incremented, or memory
used by the SSL session must be freed. This is now possible with the new
output parameter "added" of Curl_ssl_addsessionid().
Fixes #7683
Closes #7752
|
| |
|
|
|
|
| |
buildconf is not used since #5853
Closes #7746
|
| | |
|
| |
|
|
| |
Closes #7770
|
| |
|
|
| |
Closes #7772
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously this code used a compile time constant, meaning that libcurl
always reported the libssh2 version that libcurl was built with. This
could differ from the libssh2 version actually being used. The new code
uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
macro calls the libssh2_version function if it is available, otherwise
it falls back to the compile time version.
Closes https://github.com/curl/curl/pull/7768
|
| |
|
|
| |
Closes https://github.com/curl/curl/pull/7769
|
| |
|
|
|
|
|
|
| |
To avoid the "... is deprecated" warnings brought by OpenSSL v3.
(We need to address the underlying code at some point of course.)
Assisted-by: Jakub Zakrzewski
Closes #7767
|
| |
|
|
|
|
|
|
|
|
| |
... instead of using an escaped double-quote. This is an attempt to make
this work better with ksh that otherwise would insist on a double
escape!
Reported-by: Randall S. Becker
Fixes #7758
Closes #7764
|
| |
|
|
| |
Bumped curlver to 7.80.0-dev
|
| |
|
|
|
|
|
| |
No user facing output from curl/libcurl is changed by this, just
comments.
Closes #7747
|
| |
|
|
|
|
| |
Also renamed Muse -> Lift, the new tool name.
Closes #7761
|
| |
|
|
|
|
|
| |
Constify a number of static structs that are never modified. Make them
const to show this.
Closes #7759
|
| |
|
|
| |
curl 7.79.1 release
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The "content" is delivered as "body" by curl, but the envelope continues
after the body and the rest of it should be delivered as header.
The IMAP server can now get 'POSTFETCH' set to include more data to
include after the body and test 897 is done to verify that such "extra"
header data is in fact delivered by curl as header.
Ref: #7284 but fails to reproduce the issue
Closes #7748
|
| |
|
|
| |
Closes #7695
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When the "reason phrase" in the HTTP status line starts with a digit,
that was treated as the forth response code digit and curl would claim
the response to be non-compliant.
Added test 1466 to verify this case.
Regression brought by 5dc594e44f73b17
Reported-by: Glenn de boer
Fixes #7738
Closes #7739
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Change Curl_strerror to use sys_errlist[errnum] instead of strerror to
retrieve the error message on Windows.
Windows' strerror writes to a static buffer and is not thread-safe.
Follow-up to 2f0bb86 which removed most instances of strerror in favor
of calling Curl_strerror (which calls strerror_r for other platforms).
Ref: https://github.com/curl/curl/pull/7685
Ref: https://github.com/curl/curl/commit/2f0bb86
Closes https://github.com/curl/curl/pull/7735
|
| |
|
|
|
|
|
|
|
| |
So that debug builds work (checksrc really)
Reported-by: Marcel Raad
Reported-by: tawmoto on github
Fixes #7733
Closes #7734
|
| |
|
|
| |
Closes #6968
|
| |
|
|
|
|
|
|
|
|
| |
... and have CURLE_ABORTED_BY_CALLBACK returned.
Extended test 1915 to verify.
Reported-by: Jonathan Cardoso
Fixes #7726
Closes #7729
|
| |
|
|
|
|
|
|
|
| |
The test should be fine and it works for me repeated when run manually,
but clearly it causes CI failures and it needs more research.
Reported-by: RiderALT on github
Fixes #7725
Closes #7732
|
| |
|
|
|
|
|
|
|
|
| |
Regression from 3cb8a748670ab88c (releasde in 7.79.0). That change moved
transfer oriented inits to before the check but also erroneously moved a
few connection oriented ones, which causes problems.
Reported-by: Evangelos Foutras
Fixes #7730
Closes #7731
|
| |
|
|
| |
and bump to 7.79.1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... by not using options with no argument where an argument is required:
=== Start of file tests/log/ssh_server.log
curl_sshd_config line 6: no argument after keyword "DenyGroups"
curl_sshd_config line 7: no argument after keyword "AllowGroups"
curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
curl_sshd_config line 40: Deprecated option RSAAuthentication
curl_sshd_config line 41: Deprecated option ServerKeyBits
curl_sshd_config line 45: Deprecated option UseLogin
curl_sshd_config line 56: no argument after keyword "AcceptEnv"
curl_sshd_config: terminating, 3 bad configuration options
=== End of file tests/log/ssh_server.log
=== Start of file log/sftp_server.log
curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
curl_sftp_config line 34: Unsupported option "rsaauthentication"
curl_sftp_config line 52: no argument after keyword "sendenv"
curl_sftp_config: terminating, 1 bad configuration options
Connection closed.
Connection closed
=== End of file log/sftp_server.log
Closes #7724
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When setting a blank expire string, meaning unlimited, curl would pass
TIME_T_MAX to getime_r() when creating the output, while on 64 bit
systems such a large value cannot be convetered to a tm struct making
curl to exit the loop with an error instead. It can't be converted
because the year it would represent doesn't fit in the 'int tm_year'
field!
Starting now, unlimited expiry is instead handled differently by using a
human readable expiry date spelled out as "unlimited" instead of trying
to use a distant actual date.
Test 1660 and 1915 have been updated to help verify this change.
Reported-by: Jonathan Cardoso
Fixes #7720
Closes #7721
|
| |
|
|
|
|
|
|
|
|
| |
The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
built to use select(), even though the curl_multi_fdset() function
always and unconditionally uses FD_SET and needs the check.
Reported-by: 0xee on github
Fixes #7718
Closes #7719
|
| | |
|
| |
|
|
| |
For the 7.79.0 release
|
| | |
|
| |
|
|
|
|
|
|
| |
8.1 Why does curl use C89?
8.2 Will curl be rewritten?
Spell-checked-by: Paul Johnson
Closes #7715
|
| |
|
|
|
|
|
| |
... as they mysteriously seem to permfail without being related to
proxy.
Closes #7714
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If a server pipelines future responses within the STARTTLS response, the
former are preserved in the pingpong cache across TLS negotiation and
used as responses to the encrypted commands.
This fix detects pipelined STARTTLS responses and rejects them with an
error.
CVE-2021-22947
Bug: https://curl.se/docs/CVE-2021-22947.html
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In imap and pop3, check if TLS is required even when capabilities
request has failed.
In ftp, ignore preauthentication (230 status of server greeting) if TLS
is required.
Bug: https://curl.se/docs/CVE-2021-22946.html
CVE-2021-22946
|
| |
|
|
|
|
| |
CVE-2021-22945
Bug: https://curl.se/docs/CVE-2021-22945.html
|
| |
|
|
|
|
| |
... and add -lm when using a rust library.
Closes #7701
|
| | |
|
| |
|
|
| |
Closes #7713
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It should not refer to the uagent string that is allocated and created
for the end server http request, as that pointer may be cleared on
subsequent CONNECT requests.
Added test case 1184 to verify.
Reported-by: T200proX7 on github
Fixes #7705
Closes #7707
|
| |
|
|
|
|
| |
Reported-by: Jonathan Cardoso
Fixes #7710
Closes #7711
|
