| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use S_IREAD and S_IWRITE mode permission flags to create the file
on Windows instead of S_IRUSR, S_IWUSR, etc.
Windows only accepts a combination of S_IREAD and S_IWRITE. It does not
acknowledge other combinations, for which it may generate an assertion.
This is a follow-up to 81b4e99 from yesterday, which improved the
existing file check with -J.
Ref: https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/open-wopen#remarks
Ref: https://github.com/curl/curl/pull/5731
Closes https://github.com/curl/curl/pull/5742
|
| |
|
|
|
|
|
|
|
| |
They're not thread-safe so they should not be used in libcurl code.
Explictly enabled when deemed necessary and in examples and tests
Reviewed-by: Nicolas Sterchele
Closes #5732
|
| |
|
|
|
|
|
|
|
|
| |
Previously a file that isn't user-readable but is user-writable would
not be properly avoided and would get overwritten.
Reported-by: BrumBrum on hackerone
Assisted-by: Jay Satiro
Bug: https://hackerone.com/reports/926638
Closes #5731
|
| |
|
|
|
|
|
|
|
|
| |
Except where the results are only used for character output.
getenv is not touched because it's part of the public API, and having
it return UTF-8 instead of ANSI would be a breaking change.
Fixes https://github.com/curl/curl/issues/5658
Fixes https://github.com/curl/curl/issues/5712
Closes https://github.com/curl/curl/pull/5718
|
| |
|
|
|
|
|
|
|
|
| |
timeval::tv_usec might be a 32-bit integer and timespec::tv_nsec might
be a 64-bit integer. This is the case when building for recent macOS
versions, for example. Just treat tv_usec as an int, which should
hopefully always be sufficient on systems with
`HAVE_CLOCK_GETTIME_MONOTONIC`.
Closes https://github.com/curl/curl/pull/5695
|
| |
|
|
|
|
|
| |
It confuses code analyzers with its use of -1 for unsigned value. Also,
a check that's not normally used in strdup() code - and not necessary.
Closes #5697
|
| |
|
|
|
|
|
|
|
| |
... to use the maximum value for 'size_t' when detecting integer overflow.
Changed the limit to max/4 as already that seems unreasonably large.
Codacy didn't like the previous approach.
Closes #5683
|
| |
|
|
|
|
| |
Gets the CURLINFO_EFFECTIVE_METHOD from libcurl.
Added test 1197 to verify.
|
| |
|
|
|
|
|
| |
Reviewed-by: Marcel Raad
Reviewed-by: Marc Hörsken
Closes #5491
|
| |
|
|
|
|
|
|
|
| |
include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu
Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453
|
| |
|
|
|
|
|
| |
It was disabled by mistake in commit curl-7_37_1-23-ge38ba4301.
Bug: https://bugzilla.redhat.com/1833193
Closes #5640
|
| |
|
|
|
|
|
|
|
|
|
| |
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).
Reported-by: coinhubs on github
Fixes #5598
Closes #5608
|
| |
|
|
|
|
|
|
|
|
| |
- Return 'failure' on failure, to follow the existing style.
- Put Warning: and the warning message on the same line.
Ref: https://github.com/curl/curl/issues/5610
Closes https://github.com/curl/curl/pull/5612
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Background:
148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
CURLOPT_CAINFO if both are set. The curl tool will fall back to
CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
via CURLOPT_CAINFO.
Problem:
libcurl may be built with hardcoded paths to a certificate bundle or
directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
ignored.
Solution:
A solution is still being discussed but since there's an impending
release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.
Ref: https://github.com/curl/curl/issues/5585
|
| |
|
|
|
| |
Reported-by: sn on hackerone
Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
|
| |
|
|
|
|
|
|
|
|
| |
... and not as a "glob". Now done by passing the supposed host to the
URL parser which supposedly will do a better job at identifying "real"
numerical IPv6 addresses.
Reported-by: puckipedia on github
Fixes #5576
Closes #5579
|
| |
|
|
|
|
|
| |
Follow-up to 9e5669f3880674
Detected by Coverity CID 1464582 ("Logically dead code")
Closes #5577
|
| |
|
|
|
|
|
|
|
| |
Prior to this change in Windows Unicode builds most parsed options would
not be freed.
Found using _CrtDumpMemoryLeaks().
Ref: https://github.com/curl/curl/issues/5545
|
| |
|
|
|
|
|
| |
Memory leak
Reported-by: Geeknik Labs
Fixes #5535
Closes #5536
|
| |
|
|
|
|
| |
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes https://github.com/curl/curl/pull/5452
|
| |
|
|
| |
... and whitelisted a few more files in the the copyright.pl script.
|
| |
|
|
|
|
|
|
|
|
|
| |
curl would previously show "curl: Saved to filename 'name from header'"
if -J was used and a name was picked from the Content-Disposition
header. That output could interfer with other stdout output, such as -w.
This commit removes that output line.
Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html
Reported-by: Коваленко Анатолий Викторович
Closes #5435
|
| |
|
|
| |
Follow-up to c5f0a9db22.
|
| |
|
|
|
|
|
| |
Seems highly unlikely to actually be possible, but better safe than
sorry.
Closes #5417
|
| |
|
|
|
|
|
| |
... in curl_easy_getinfo() calls. They're harmless but clearing the
variables makes the code safer and comforts the reader.
Closes #5416
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces a generic way to provide binary data in setopt
options, called BLOBs.
This change introduces these new setopts:
CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.
Reviewed-by: Daniel Stenberg
Closes #5357
|
| |
|
|
|
|
|
|
|
|
|
| |
- Stick to a single unified way to use structs
- Make checksrc complain on 'typedef struct {'
- Allow them in tests, public headers and examples
- Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
typedef different types/structs depending on build conditions.
Closes #5338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- use `wmain` instead of `main` when `_UNICODE` is defined [0]
- define `argv_item_t` as `wchar_t *` in this case
- use the curl_multibyte gear to convert the command-line arguments to
UTF-8
This makes it possible to pass parameters with characters outside of
the current locale on Windows, which is required for some tests, e.g.
the IDN tests. Out of the box, this currently only works with the
Visual Studio project files, which default to Unicode, and winbuild
with the `ENABLE_UNICODE` option.
[0] https://devblogs.microsoft.com/oldnewthing/?p=40643
Ref: https://github.com/curl/curl/issues/3747
Closes https://github.com/curl/curl/pull/3784
|
| |
|
|
|
|
|
| |
This will also be needed in the tool and tests.
Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512
Closes https://github.com/curl/curl/pull/3784
|
| |
|
|
|
|
|
|
| |
Fine: "struct hello *world"
Not fine: "struct hello* world" (and variations)
Closes #5386
|
| |
|
|
|
|
|
|
| |
--happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort
gen.pl already warned about these lines but we didn't listen
Closes #5379
|
| |
|
|
|
|
|
|
| |
Follow-up to b995bb5 from a few moments ago.
Reported-by: Daniel Stenberg
Ref: https://github.com/curl/curl/commit/b995bb5#r39108929
|
| |
|
|
|
|
| |
The "sledgehammer" of retrying.
Closes https://github.com/curl/curl/pull/5185
|
| |
|
|
|
|
|
| |
Reported-by: Marcel Raad
Follow-up to 148534db5
Fixes #5367
Closes #5369
|
| |
|
|
| |
Closes #4346
|
| |
|
|
|
|
|
|
|
| |
To avoid collision risks with private libcurl symbols when linked with
static versions (or just versions not hiding internal symbols).
Reported-by: hydra3333 on github
Fixes #5219
Closes #5234
|
| |
|
|
|
| |
Reviewed-by: Brad King
Closes #5206
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This change inverse the order of processing for the --etag-compare and
--etag-save option to process first --etag-compare. This in turn allows
to use the same file name to compare and save an etag.
The original behavior of not failing if the etag file does not exists is
conserved.
Fixes #5179
Closes #5180
|
| |
|
|
| |
Follow-up to 7a71965e9
|
| |
|
|
| |
Closes #5169
|
| |
|
|
|
| |
Our code style mandates we put the conditional block on a separate
line. These mistakes are now detected by the updated checksrc.
|
| |
|
|
|
|
| |
Considered experimental and therefore we can do this.
Closes #5157
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Load long values correctly (e.g. for http_code).
Use curl_off_t (not long) for:
- size_download (CURLINFO_SIZE_DOWNLOAD_T)
- size_upload (CURLINFO_SIZE_UPLOAD_T)
The unit for these values is bytes/second, not microseconds:
- speed_download (CURLINFO_SPEED_DOWNLOAD_T)
- speed_upload (CURLINFO_SPEED_UPLOAD_T)
Fixes #5131
Closes #5152
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously it rendered the page from files matching "*.d" in the correct
directory, which worked fine in git builds when the files were added but
made it easy to forget adding the files to the dist.
Now, only man page sections listed in DPAGES in Makefile.inc will be
used, thus "forcing" us to update this to get the man page right and get
it included in the dist at the same time.
Ref: #5146
Closes #5149
|
| |
|
|
|
|
|
|
|
| |
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.
Removed three (mostly usesless) README files from docs/
Closes #5141
|
| |
|
|
|
|
|
|
|
|
| |
Ensures that -K/--config inserts new items at the end of the list
instead of overwriting the second item, and that after a -K/--config
option has been parsed, the option parser's view of the current config
is update.
Fixes #5120
Closes #5123
|
| |
|
|
|
|
| |
Follow-up to: 04c03416e68fd635a15
Closes #5115
|
| |
|
|
| |
Follow-up to 5450428491
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
|
| |
|
|
|
|
| |
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters
Reviewed-by: Marc Hörsken
Closes https://github.com/curl/curl/pull/5088
|
