| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
The values for HTTP_ONLY differed between CMakeLists.txt and
curl_setup.h. Sync them and sort the values in curl_setup.h to make it
easier to spot differences.
Closes #7601
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH.
Prior to this change there was an incomplete fix to ignore the
CALG_TLS1PRF macro on those versions of MinGW where it uses the
ALG_CLASS_DHASH typoed macro.
Ref: 48cf45c
Ref: https://osdn.net/projects/mingw/ticket/38391
Ref: https://github.com/curl/curl/issues/2924
Closes https://github.com/curl/curl/pull/7580
|
|
|
|
|
|
| |
Enable test 287
Closes #7598
|
|
|
|
|
|
|
|
| |
With the use hyper_request_on_informational()
Enable test 155 and 158
Closes #7597
|
|
|
|
|
|
|
|
| |
Remove the previous handling that would call SSL_CTX_free(), and instead
add an assert that halts a debug build if there ever is a context
already set at this point.
Closes #7585
|
|
|
|
|
| |
Fixes #4130
Closes #7372
|
|
|
|
|
|
| |
... as it is gone from the API upstream.
Closes #7578
|
|
|
|
| |
Closes #7577
|
|
|
|
|
|
|
|
| |
Reverts 252790c5335a221
Assisted-by: Gergely Nagy
Fixes #7400
Closes #7525
|
|
|
|
|
|
|
|
|
| |
RFC4752 Section 3.1 states "The authorization identity is not terminated
with a zero-valued (%x00) octet". Although a comment in code said it may
be needed anyway, nothing confirms it. In addition, servers may consider
it as part of the identity, causing a failure.
Closes #7008
|
|
|
|
|
| |
... instead of deriving it from active ticket.
Closes #7008
|
|
|
|
| |
Closes #7008
|
|
|
|
| |
Closes #7008
|
|
|
|
|
| |
Assisted-by: Patrick Monnerat
Closes #7536
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For when CURL_DISABLE_VERBOSE_STRINGS and DEBUGBUILD flags are both
active.
- socks.c : warning C4100: 'lineno': unreferenced formal parameter
(co-authored by Daniel Stenberg)
- mbedtls.c: warning C4189: 'port': local variable is initialized but
not referenced
- schannel.c: warning C4189: 'hostname': local variable is initialized
but not referenced
Cloes #7528
|
|
|
|
|
|
| |
Enabled test 154
Closes #7568
|
|
|
|
|
|
| |
occurence -> occurrence
Closes #7566
|
|
|
|
| |
Closes #7567
|
|
|
|
|
|
|
|
|
|
| |
- replace broken URL with the one it was most probably pointing to
when added (lib/tftp.c)
- replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
- delete unnecessary protocol designator from archive.org URL
(docs/BINDINGS.md)
Closes #7562
|
|
|
|
| |
... and use #ifdef [feature] in the code as per our guidelines.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ares_getaddrinfo() is the getaddrinfo() cloned provided by c-ares, introduced
in version 1.16.0.
With older c-ares versions, curl invokes ares_gethostbyname() twice - once for
IPv4 and once for IPv6 to resolve both addresses, and then combines the
returned results.
Reported-by: jjandesmet
Fixes #7364
Closes #7552
|
|
|
|
| |
Closes #7551
|
|
|
|
| |
Closes #7538
|
|
|
|
|
|
|
| |
lib/progress.c:380:40: warning: conversion to 'long double' from
'curl_off_t {aka long long int}' may alter its value [-Wconversion]
Closes #7549
|
|
|
|
|
|
|
|
|
| |
Updated test31.
Added test 392 to verify secure cookies used for http://localhost
Reviewed-by: Daniel Gustafsson
Fixes #6733
Closes #7263
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Do not assume IPv6 is not working when getaddrinfo is not present.
The check to see if IPv6 actually works is now independent of whether
there is any resolver that can potentially resolve a hostname to IPv6.
Prior to this change if getaddrinfo() was not found at compile time then
Curl_ipv6works() would be defined as a macro that returns FALSE.
When getaddrinfo is not found then libcurl is built with CURLRES_IPV4
defined instead of CURLRES_IPV6, meaning that it cannot do IPv6 lookups
in the traditional way. With this commit if libcurl is built with IPv6
support (ENABLE_IPV6) but without getaddrinfo (CURLRES_IPV6), and the
IPv6 stack is actually working, then it is possible for libcurl to
resolve IPv6 addresses by using DoH.
Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
Closes https://github.com/curl/curl/pull/7529
|
|
|
|
| |
Closes #7546
|
|
|
|
|
|
|
| |
Rework the return value handling of ngtcp2_conn_writev_stream and treat
NGTCP2_ERR_STREAM_SHUT_WR separately.
Closes #7546
|
|
|
|
|
|
|
| |
... so that malloc/free overrides from curl_global_init are used for
wcsdup correctly.
Closes #7540
|
|
|
|
| |
Closes #7428
|
|
|
|
| |
Closes #7393
|
|
|
|
| |
Closes #7541
|
|
|
|
|
|
|
|
|
|
| |
Commit dbd16c3e2 cleaned up the logic for traversing the addrinfos,
but the move left a conditional on ai which no longer is needed as
the while loop reevaluation will cover it.
Closes #7511
Reviewed-by: Carlo Marcelo Arenas Belón
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
| |
Closes #7468
|
|
|
|
|
|
|
|
|
| |
1. it's superfluous
2. it didn't work identically to the Curl_hyper_stream one which could
cause problems like #7486
Pointed-out-by: David Cook
Closes #7499
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... so that Curl_connect_getsock() will know how to wait for the socket
to become readable and not writable after the entire CONNECT request has
been issued.
Regression added in 7.77.0
Reported-by: zloi-user on github
Assisted-by: Jay Satiro
Fixes #7155
Closes #7484
|
|
|
|
| |
Closes https://github.com/curl/curl/pull/7480
|
|
|
|
| |
It was added in 2006 but I see no evidence it was ever used.
|
|
|
|
|
|
|
| |
CVE-2021-22924
Reported-by: Harry Sintonen
Bug: https://curl.se/docs/CVE-2021-22924.html
|
|
|
|
|
|
|
|
|
| |
CVE-2021-22926
Bug: https://curl.se/docs/CVE-2021-22926.html
Assisted-by: Daniel Gustafsson
Reported-by: Harry Sintonen
|
|
|
|
|
|
|
| |
CVS-2021-22925
Reported-by: Red Hat Product Security
Bug: https://curl.se/docs/CVE-2021-22925.html
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0842175 (not in any release) used the wrong format specifier (long int)
for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
upper 32-bits of the timediff_t were erroneously then used by the next
format specifier. Usually since the timeout isn't larger than 32-bits
this would result in null as a pointer to the string with the reason for
the connection failing. On other OSes or maybe other compilers it could
probably result in garbage values (ie crash on deref).
Before:
Failed to connect to localhost port 12345 after 1201 ms: (nil)
After:
Failed to connect to localhost port 12345 after 1203 ms: Connection refused
Closes https://github.com/curl/curl/pull/7449
|
| |
|
|
|
|
|
|
|
|
|
|
| |
warning C4189: 'netrc_user_changed': local variable is initialized but
not referenced
warning C4189: 'netrc_passwd_changed': local variable is initialized but
not referenced
Closes #7423
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the protocol-specific parts of connection upkeep, some code
assumes that the data->conn pointer already is set correctly. However,
there's currently no guarantee of that in the code.
This fix temporarily attaches each connection to the Curl_easy object
before performing the protocol-specific connection check on it, in a
similar manner to the connection checking in extract_if_dead().
Fixes #7386
Closes #7387
Reported-by: Josie Huddleston
|
|
|
|
|
|
| |
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Closes #7413
|
|
|
|
|
|
|
|
|
|
| |
- curl_setup.h: all references to mbedtls_md4* functions and structures
are in the md4.c. This file already includes the <mbedtls/md4.h> file
along with the file existence control (defined (MBEDTLS_MD4_C))
- curl_ntlm_core.c: unnecessary include - repeated below
Closes #7419
|
|
|
|
|
|
|
|
|
|
|
|
| |
Appears to have been caused by 51c0ebc (precedes 7.77.0) which added a
VALID_SOCK check to one of the loops through the sockets but not the
other.
Reported-by: sylgal@users.noreply.github.com
Authored-by: sylgal@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/7379
Closes https://github.com/curl/curl/pull/7389
|
|
|
|
|
|
|
| |
fix compiler warnings about unused variables and parameters when
built with --disable-verbose.
Closes https://github.com/curl/curl/pull/7377
|
|
|
|
|
| |
Revert previous change for PellesC.
Instead replace all use of `_tcsnccmp()` with `_tcsncmp()`.
|