- Sep 03, 2018
-
-
Kamil Dudka authored
This is a follow-up to PR #2607 and PR #2926. Closes #2936
-
Jay Satiro authored
- Treat 408 request timeout as transient so that curl will retry the request if --retry was used. Closes #2925
-
Jay Satiro authored
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was missing. Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187 Reported-by: Kamil Dudka Closes #2926
-
Daniel Stenberg authored
... since it would cause an integer overflow if longer than (max size_t / 2). This is CVE-2018-14618 Bug: https://curl.haxx.se/docs/CVE-2018-14618.html Closes #2756 Reported-by: Zhaoyang Wu
-
- Sep 02, 2018
-
-
Rikard Falkeborn authored
Closes #2928
-
Marcel Raad authored
"precheck command error" is not very helpful.
-
- Sep 01, 2018
-
-
Daniel Stenberg authored
Assisted-by: Rikard Falkeborn Closes #2922
-
Daniel Stenberg authored
-
- Aug 31, 2018
-
-
Jay Satiro authored
-
Daniel Gustafsson authored
According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
-
Marcel Raad authored
All these tests failed on Windows because something like sftp://%HOSTIP:%SSHPORT%PWD/ expanded to sftp://127.0.0.1:1234c/msys64/home/bla/curl and then curl complained about the port number ending with a letter. Use the original POSIX path instead of the Windows path created in checksystem to fix this. Closes https://github.com/curl/curl/pull/2920
-
- Aug 29, 2018
-
-
Jay Satiro authored
Reported-by: Daniel Stenberg Closes https://github.com/curl/curl/issues/2916
-
- Aug 27, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Added a warning! Closes #2915
-
- Aug 25, 2018
-
-
Daniel Stenberg authored
Patch-by: Jay Satiro Detected by Coverity Fixes #2739 Closes #2912
-
Daniel Stenberg authored
There was a missing newline. follow-up to a7ba60bb
-
- Aug 24, 2018
-
-
Daniel Stenberg authored
Reported-by: Kirill Marchuk Fixes #2773 Closes #2911
-
Marcel Raad authored
CURLOPT_POSTFIELDSIZE is a long option.
-
Marcel Raad authored
As uintptr_t and HANDLE are always the same size, this warning is harmless. Just silence it using an intermediate uintptr_t variable. Closes https://github.com/curl/curl/pull/2908
-
Daniel Stenberg authored
Closes #2913
-
Ihor Karpenko authored
1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG ) while opening certificate store would be sufficient in this scenario and less-demanding in sense of required user credentials ( for example, IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore call without any of flags mentioned above ), 2) as 'cert_store_name' is a DWORD, attempt to format its value like a string ( in "Failed to open cert store" error message ) will throw null pointer exception 3) adding GetLastError(), in my opinion, will make error message more useful. Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html Closes #2909
-
Leonardo Taccari authored
Since GOPHER support was added in curl `?' character was automatically translated to `%09' (`\t'). However, this behaviour does not seems documented in RFC 4266 and for search selectors it is documented to directly use `%09' in the URL. Apart that several gopher servers in the current gopherspace have CGI support where `?' is used as part of the selector and translating it to `%09' often leads to surprising results. Closes #2910
-
- Aug 23, 2018
-
-
Marcel Raad authored
Fixes test failures because of wrong line endings on Windows.
-
Daniel Stenberg authored
Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to avoid the risk of getting a SIGPIPE. Either way, a multi-threaded application that uses libcurl/openssl needs to have a signhandler for or ignore SIGPIPE on its own. Based on discussions in #2800 Closes #2904
-
- Aug 22, 2018
-
-
Daniel Stenberg authored
-
Marcel Raad authored
- test 1268 requires unix sockets - test 2072 must be disabled also for MSYS/MinGW
-
Daniel Stenberg authored
When Curl_http2_done() gets called before the http2 data is setup all the way, we cannot send anything and this should just return an error. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
-
- Aug 21, 2018
-
-
Daniel Stenberg authored
Closes #2903
-
Daniel Stenberg authored
... as no other comments are accepted since 014ed7c2
-
Marcel Raad authored
Modifying the locale with environment variables doesn't work for native Windows applications. Just disable the test in this case if the decimal separator is something different than a point. Use a precheck with a small C program to achieve that. Closes https://github.com/curl/curl/pull/2786
-
Marcel Raad authored
This enables the following additional warnings: -Wold-style-definition -Warray-bounds=2 instead of the default 1 -Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not respected for older versions -Wunused-const-variable, which enables level 2 instead of the default 1 -Warray-bounds also in debug mode through -ftree-vrp -Wnull-dereference also in debug mode through -fdelete-null-pointer-checks Closes https://github.com/curl/curl/pull/2747
-
Marcel Raad authored
This enables level 4 instead of the default level 3, which of the currently used comments only allows /* FALLTHROUGH */ to silence the warning. Closes https://github.com/curl/curl/pull/2747
-
Marcel Raad authored
This warning used to be enabled only for clang as it's a bit stricter on GCC. Silence the remaining occurrences and enable it on GCC too. Closes https://github.com/curl/curl/pull/2747
-
Marcel Raad authored
Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5, pedantic-errors was synonymous to -Werror=pedantic [0], which is still the case for clang [1]. With GCC 5, it became complementary [2]. Also fix a resulting error in acinclude.m4 as main's return type was missing, which is illegal in C99. [0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html [1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages [2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html Closes https://github.com/curl/curl/pull/2747
-
Marcel Raad authored
Closes https://github.com/curl/curl/pull/2747
-
Daniel Stenberg authored
and remove the private SIZE_T_MAX define and use the generic one. Closes #2902
-
Daniel Stenberg authored
Since the public pinning support was brought in e644866c. GnuTLS 2.11.3 was released in October 2010. Figured out in #2890
-
Daniel Stenberg authored
... before the stream is started, we have it set to -1. Fixes #2894 Closes #2898
-