| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Detected by Coverity. CID 1494642.
Follow-up from 2be1aa619bca
Closes #8099
|
|
|
|
|
|
|
|
| |
A 'CURLU *' would leak if url_proto() is called with no URL.
Detected by Coverity. CID 1494643.
Follow-up to 18270893abdb19
Closes #8098
|
|
|
|
| |
Follow-up to 172068b76f
|
|
|
|
|
|
|
|
| |
Output "3" properly when HTTP/3 was used.
Reported-by: Bernat Mut
Fixes #8072
Closes #8092
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this change the build number was not checked during version
comparison, and the platform id was supposed to be checked but wasn't.
Checking the build number is required for enabling "evergreen"
Windows 10/11 features (like TLS 1.3).
Ref: https://github.com/curl/curl/pull/7784
Closes https://github.com/curl/curl/pull/7824
Closes https://github.com/curl/curl/pull/7867
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The homedir() function is now renamed into findfile() and iterates over
all the environment variables trying to access the file in question
until it finds it. Last resort is then getpwuid() if
available. Previously it would first try to find a home directory and if
that was set, insist on checking only that directory for the file. This
now returns the full file name it finds.
The Windows specific checks are now done differently too and in this
order:
1 - %USERPROFILE%
2 - %APPDATA%
3 - %USERPROFILE%\\Application Data
The windows order is modified to match how the Windows 10 ssh tool works
when it searches for .ssh/known_hosts.
Reported-by: jeffrson on github
Co-authored-by: Jay Satiro
Fixes #8033
Closes #8035
|
|
|
|
|
|
|
|
|
|
|
|
| |
- accept `-schannel` as an alternative to `CFG` option `-winssl`
(latter still accepted, but deprecated)
- rename internal variable `WINSSL` to `SCHANNEL`
- make the `CFG` option evaluation shorter, without repeating the option
name
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #8053
|
|
|
|
|
|
|
|
|
|
| |
... it now focuses on the "output of headers" combined with the
--remote-header-name option, as that is actually the problem. Both
--head and --include can output headers.
Reported-by: nimaje on github
Fixes #7987
Closes #8045
|
|
|
|
|
|
|
| |
For example, this avoids trying to find and set the known_hosts file (or
warn for its absence) if SFTP or SCP are not used.
Closes #8040
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now, form field and file names where escaped using the
backslash-escaping algorithm defined for multipart mails. This commit
replaces this with the percent-escaping method for URLs.
As this may introduce incompatibilities with server-side applications, a
new libcurl option CURLOPT_MIME_OPTIONS with bitmask
CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of
backslash-escaping. This is controlled by new cli tool option
--form-escape.
New tests and documentation are provided for this feature.
Reported by: Ryan Sleevi
Fixes #7789
Closes #7805
|
|
|
|
|
|
|
|
|
|
| |
tool_operate.c(889) : warning C4701: potentially uninitialized local
variable 'per' use
Follow-up to cc71d352651a0d95
Reported-by: Marc Hörsken
Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
Closes #7971
|
|
|
|
|
|
|
| |
Fixes torture test failures
Follow-up to cc71d352651
Closes #7972
|
|
|
|
|
|
|
|
|
| |
Spotted by torture testing 343 344 345 347.
Follow-up from cc71d352651a0
Pointed-out-by: Dan Fandrich
Closes #7969
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When failing to create the output file for saving an etag, only fail
that particular single transfer and allow others to follow.
In a serial transfer setup, if no transfer at all is done due to them
all being skipped because of this error, curl will output an error
message and return exit code 26.
Added test 369 and 370 to verify.
Reported-by: Earnestly on github
Ref: #7942
Closes #7945
|
|
|
|
|
|
|
|
| |
This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f.
Follow up to #6535 as the pragma is obsolete with warnf
Closes #7941
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled
(and then failed with an error when not finding expected OpenSSL headers),
but this isn't necessarly true, e.g. when building both libssh2 and curl
against Schannel. This patch makes sure to only enable the OpenSSL backend
with -libssh2/-rtmp, when there was no SSL option explicitly selected.
- Re-implement the logic as a single block of script.
- Also fix an indentation while there.
Assisted-by: Jay Satiro
Closes #7895
|
| |
|
|
|
|
| |
Closes #7802
|
|
|
|
| |
Closes #7837
|
|
|
|
|
|
|
| |
... not a size_t!
Detected by Coverity: CID 1492331.
Closes #7823
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
Later versions of Windows have normal version functions that compare and
return versions based on the way the application is manifested, instead
of the actual version of Windows the application is running on. We
prefer the actual version of Windows so we'll now call the Rtl variant
of version functions (RtlVerifyVersionInfo) which does a proper
comparison of the actual version.
Reported-by: Wyatt O'Day
Ref: https://github.com/curl/curl/pull/7727
Fixes https://github.com/curl/curl/issues/7742
Closes https://github.com/curl/curl/pull/7810
|
|
|
|
| |
Closes #7812
|
|
|
|
|
| |
Closes: #7811
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
|
|
| |
Adjust the description position to make an aligned column when doing
help listings, which is more pleasing to the eye.
Suggested-by: Gisle Vanem
Closes #7792
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tool_listhelp.c is now a separate file with only the command line --help
output, exactly as generated by gen.pl. This makes it easier to generate
updates according to what's in the docs/cmdline-opts docs.
cd $srcroot/docs/cmdline-opts
./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
With a configure build, this also works:
make -C src listhelp
Closes #7787
|
|
|
|
|
|
|
|
|
| |
This is a regression that was *probably* injected in the larger progress
bar overhaul in 2018.
Reported-by: beslick5 on github
Fixes #7760
Closes #7777
|
|
|
|
|
|
|
| |
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
|
|
|
|
|
|
|
| |
No user facing output from curl/libcurl is changed by this, just
comments.
Closes #7747
|
|
|
|
|
|
|
| |
Constify a number of static structs that are never modified. Make them
const to show this.
Closes #7759
|
|
|
|
|
|
|
|
| |
... to avoid the memory leak risk pointed out by scan-build.
Follow-up from 7a3e981781d6c18a
Closes #7698
|
|
|
|
|
|
| |
--continue-at - and --remote-header-name are known incompatible parameters
Closes #7674
|
|
|
|
|
|
|
|
|
|
|
| |
If Retry-After: specifies a period that is longer than what fits within
--retry-max-time, then stop retrying immediately.
Added test 366 to verify.
Reported-by: Kari Pahula
Fixes #7675
Closes #7676
|
|
|
|
|
|
|
|
|
|
|
| |
The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the
output. All options MUST have at least one example or gen.pl complains
at build-time.
This fix also does a few other minor format and consistency cleanups.
Closes #7654
|
|
|
|
|
|
|
|
|
|
| |
Due to how this currently works internally, it needs a working initial
file name to store contents in, so it may still fail even with -J is
used (and thus accepting a name from content-disposition:) if the file
name part of the URL isn't "good enough".
Fixes #7628
Closes #7635
|
|
|
|
|
|
|
|
| |
It could previously get tricked into parsing the uninitialized stack
based buffer.
Reported-by: Brian Carpenter
Closes #7582
|
|
|
|
|
|
|
|
| |
In an argument like `-F 'x=@/etc/hostname;filename="foo"abc'` the `abc`
is ignored. This adds a warning if the ignored data isn't all
whitespace.
Closes #7394
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Abort via progress callback to fail early during parallel transfers.
When a critical error occurs during a transfer (eg --fail-early
constraint) then other running transfers will be aborted via progress
callback and finish with error CURLE_ABORTED_BY_CALLBACK (42). In this
case, the callback error does not become the most recent error and a
custom error message is used for those transfers:
curld --fail --fail-early --parallel
https://httpbin.org/status/404 https://httpbin.org/delay/10
curl: (22) The requested URL returned error: 404
curl: (42) Transfer aborted due to critical error in another transfer
> echo %ERRORLEVEL%
22
Fixes https://github.com/curl/curl/issues/6939
Closes https://github.com/curl/curl/pull/6984
|
|
|
|
| |
Closes #7577
|
|
|
|
|
|
|
|
|
|
| |
The length of 'long' in a 32-bit system is 32 bits, which cannot be used
to save timestamps after 2038. Most operating systems have extended
time_t to 64 bits.
Remove the castings to long.
Closes #7466
|
|
|
|
| |
The referred to library is NSPR, so fix the switched around characters.
|
|
|
|
|
|
|
| |
Update grammar and spelling in docs and source code comments.
Closes: #7427
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
| |
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
Closes #7413
|
|
|
|
|
|
|
| |
The PRINT_LINES_PAUSE macro is no longer used, and has been mostly
cleaned out but one occurrence remained.
Closes https://github.com/curl/curl/pull/7380
|
| |
|
|
|
|
|
|
|
|
| |
This is a followup to commit f410b9e538129e77607fef1 fixing a few
more commands which takes arguments.
Closes #7382
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
| |
Closes #7378
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
| |
Detected by Coverity CID 1486629.
Closes #7324
|
|
|
|
|
|
|
|
|
| |
... as otherwise it creates a rather unexpected target directory with a
leading slash.
Reported-by: Harry Sintonen
Fixes #7218
Closes #7233
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Warning: this will make existing curl command lines that use metalink to
stop working.
Reasons for removal:
1. We've found several security problems and issues involving the
metalink support in curl. The issues are not detailed here. When
working on those, it become apparent to the team that several of the
problems are due to the system design, metalink library API and what
the metalink RFC says. They are very hard to fix on the curl side
only.
2. The metalink usage with curl was only very briefly documented and was
not following the "normal" curl usage pattern in several ways, making
it surprising and non-intuitive which could lead to further security
issues.
3. The metalink library was last updated 6 years ago and wasn't so
active the years before that either. An unmaintained library means
there's a security problem waiting to happen. This is probably reason
enough.
4. Metalink requires an XML parsing library, which is complex code (even
the smaller alternatives) and to this day often gets security
updates.
5. Metalink is not a widely used curl feature. In the 2020 curl user
survey, only 1.4% of the responders said that they'd are using it. In
2021 that number was 1.2%. Searching the web also show very few
traces of it being used, even with other tools.
6. The torrent format and associated technology clearly won for
downloading large files from multiple sources in parallel.
Cloes #7176
|
| |
|