Age | Commit message (Collapse) | Author |
|
Closes #1741
|
|
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.
Fixes #1730
Closes #1736
|
|
Added test 1289 to verify.
CVE-2017-1000101
Bug: https://curl.haxx.se/docs/adv_20170809A.html
Reported-by: Brian Carpenter
|
|
Fixes #1728
|
|
Follow-up to 171f8de.
Ref: https://github.com/curl/curl/issues/1704
|
|
Ref: #1591
|
|
Prior to this change (SET_)ERRNO mapped to GetLastError/SetLastError
for Win32 and regular errno otherwise.
I reviewed the code and found no justifiable reason for conflating errno
on WIN32 with GetLastError/SetLastError. All Win32 CRTs support errno,
and any Win32 multithreaded CRT supports thread-local errno.
Fixes https://github.com/curl/curl/issues/895
Closes https://github.com/curl/curl/pull/1589
|
|
|
|
GCC 4.4 complains:
tool_cb_wrt.c:81: error: declaration of ‘isatty’ shadows a global
declaration
/usr/include/unistd.h:782: error: shadowed declaration is here
Fix this by renaming the variable.
Closes https://github.com/curl/curl/pull/1661
|
|
tool_sleep.c:54:24: error: implicit conversion loses integer precision:
'long' to '__darwin_suseconds_t' (aka 'int')
[-Werror,-Wshorten-64-to-32]
|
|
... and don't build at all in include
Prompted-by-work-by: Simon Warta
Ref: #1590
Closes #1591
|
|
Closes https://github.com/curl/curl/pull/1454
|
|
Bug: https://github.com/curl/curl/pull/1486#issuecomment-310926872
Reported-by: Dan Fandrich
|
|
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.
This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.
Test 1298 and 1299 updated accordingly.
Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373
Closes #1593
|
|
... to enable sending "OPTIONS *" which wasn't possible previously.
This option currently only works for HTTP.
Added test cases 1298 + 1299 to verify
Fixes #1280
Closes #1462
|
|
this improves symmetry with the rule above
|
|
|
|
... as it really cannot have reached this far with config being NULL,
thus this is unnecesary and misleading.
Bug: https://news.ycombinator.com/item?id=14577585 and
https://daniel.haxx.se/blog/2017/06/17/curl-doesnt-spew-binary-anymore/comment-page-1/#comment-18356
Forwarded-to-us-by: Jakub Wilk
|
|
... unless "--output -" is used. Binary detection is done by simply
checking for a binary zero in early data.
Added test 1425 1426 to verify.
Closes #1512
|
|
The configure-based build also has this in addition to -Wall.
Closes https://github.com/curl/curl/pull/1578
|
|
So many headers can be provided as @filename.
Suggested-by: Timothe Litt
Closes #1486
|
|
Rely entirely on curl/system.h now.
Introduced in Aug 2008 with commit 14240e9e109f. Now gone.
Fixes #1456
|
|
The multiply() function that is used to avoid integer overflows, was
itself reason for a possible division by zero error when passed a
specially formatted glob.
Reported-by: GwanYeong Kim
|
|
Don't malloc() the temporary buffer, and use the correct type:
SearchPath() works with TCHAR, but SearchPathA() works with char.
Set the buffer size to MAX_PATH, because the terminating null byte
is already included in MAX_PATH.
Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad
Closes #1548
|
|
|
|
Closes #1532
|
|
Closes #1528
|
|
Fix bugs and compiler warnings on systems with 32-bit long and
64-bit time_t.
Reviewed-by: Daniel Stenberg
Closes #1499
|
|
... as part of hugehelpgz rodata to make build reproducible.
See https://reproducible-builds.org/ for why this is good
Closes #1490
|
|
... and support and additional "security patched" date for those who
enhance older versions that way. Pass on the define CURL_PATCHSTAMP with
a date for that.
Building with non-release headers shows the date as [unreleased].
Also: this changes the date format generated in the curlver.h file to be
"YYYY-MM-DD" (no name of the day or month, no time, no time zone) to
make it easier on the eye and easier to parse. Example (new) date
string: 2017-05-09
Suggested-by: Brian Childs
Closes #1474
|
|
Avoid casting away low-level const.
|
|
... using the docs/cmdline-opts/gen.pl script, so that we get all the
command line option documentation from the same source.
The generation of the list has to be done manually and pasted into the
source code.
Closes #1465
|
|
Commit 481e0de00a9003b9c5220b120e3fc302d9b0932d changed the variable
type from int to size_t, so don't cast the result of strlen to int
anymore.
|
|
Don't convert string literal to char * before assigning it to
const char *.
|
|
... and USE_ENVIRONMENT and --environment. It was once added for RISC OS
support and its platform specific behavior has been annoying ever
since. Added in commit c3c8bbd3b2688da8e, mostly unchanged since
then. Most probably not actually used for years.
Closes #1463
|
|
|
|
... and instead properly respond with an error message to the user
instead of silently ignoring.
Fixes #1453
Closes #1458
|
|
- Include tool_convert.h where needed.
Bug: https://github.com/curl/curl/issues/1460
Reported-by: Gisle Vanem
|
|
clang complains:
tool_cb_prg.c:86:22: error: implicit conversion increases
floating-point precision: 'float' to 'double'
[-Werror,-Wdouble-promotion]
Fix this by using a double instead of a float constant.
|
|
|
|
Test command 'time curl http://localhost/80GB -so /dev/null' on a Debian
Linux.
Before (middle performing run out 9):
real 0m28.078s
user 0m11.240s
sys 0m12.876s
After (middle performing run out 9)
real 0m26.356s (93.9%)
user 0m5.324s (47.4%)
sys 0m8.368s (65.0%)
Also, doing SFTP over a 200 millsecond latency link is now about 6 times
faster.
Closes #1446
|
|
$< is only allowed in implicit rules in some non-GNU makes (e.g. BSD,
AIX) so avoid use elsewhere by referencing the dependent curl.1 file
directly instead. This is somewhat tricky because the file is supplied
in the packaged tar ball (but not in git) but must still be able to be
rebuilt when its dependencies change. The right thing must happen in
both tar ball and git source trees, as well as in both in-tree and
out-of-tree builds.
|
|
This reverts commit 5b4cbcf11d5100ff793a8e9edbaa6fe1fc7495f5.
Since it broke out-of-tree builds from tarballs. See discussion in #1432
|
|
... since apparently "BSD make" doesn't support it.
Reported-by: Thomas Klausner
Fixes #1432
|
|
The POSIX standard location is <poll.h>. Using <sys/poll.h> results in
warning spam when using the musl standard library.
Closes https://github.com/curl/curl/pull/1406
|
|
MinGW complains:
tool_operate.c:197:15: error: comparison is always true due to limited range
of data type [-Werror=type-limits]
Fix this by only doing the comparison if 'long' is large enough to hold the
constant it is compared with.
Closes https://github.com/curl/curl/pull/1378
|
|
Ref: https://github.com/curl/curl/pull/1378
|
|
... by explicitly calling the ANSI versions of Windows API functions where
required.
|
|
The function tool_debug_cb doesn't match curl_debug_callback in curl.h
(unsigned vs. signed char* for 3rd param).
Bug: https://curl.haxx.se/mail/lib-2017-03/0120.html
|
|
[-Wint-in-bool-context]
Closes #1371
|