Age | Commit message (Collapse) | Author |
|
Reported-by: Marcel Raad
Follow-up to 148534db5
Fixes #5367
Closes #5369
|
|
Closes #4346
|
|
To avoid collision risks with private libcurl symbols when linked with
static versions (or just versions not hiding internal symbols).
Reported-by: hydra3333 on github
Fixes #5219
Closes #5234
|
|
Reviewed-by: Brad King
Closes #5206
|
|
This change inverse the order of processing for the --etag-compare and
--etag-save option to process first --etag-compare. This in turn allows
to use the same file name to compare and save an etag.
The original behavior of not failing if the etag file does not exists is
conserved.
Fixes #5179
Closes #5180
|
|
Follow-up to 7a71965e9
|
|
Closes #5169
|
|
Our code style mandates we put the conditional block on a separate
line. These mistakes are now detected by the updated checksrc.
|
|
Considered experimental and therefore we can do this.
Closes #5157
|
|
Load long values correctly (e.g. for http_code).
Use curl_off_t (not long) for:
- size_download (CURLINFO_SIZE_DOWNLOAD_T)
- size_upload (CURLINFO_SIZE_UPLOAD_T)
The unit for these values is bytes/second, not microseconds:
- speed_download (CURLINFO_SPEED_DOWNLOAD_T)
- speed_upload (CURLINFO_SPEED_UPLOAD_T)
Fixes #5131
Closes #5152
|
|
Previously it rendered the page from files matching "*.d" in the correct
directory, which worked fine in git builds when the files were added but
made it easy to forget adding the files to the dist.
Now, only man page sections listed in DPAGES in Makefile.inc will be
used, thus "forcing" us to update this to get the man page right and get
it included in the dist at the same time.
Ref: #5146
Closes #5149
|
|
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.
Removed three (mostly usesless) README files from docs/
Closes #5141
|
|
Ensures that -K/--config inserts new items at the end of the list
instead of overwriting the second item, and that after a -K/--config
option has been parsed, the option parser's view of the current config
is update.
Fixes #5120
Closes #5123
|
|
Follow-up to: 04c03416e68fd635a15
Closes #5115
|
|
Follow-up to 5450428491
|
|
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
|
|
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters
Reviewed-by: Marc Hörsken
Closes https://github.com/curl/curl/pull/5088
|
|
Follow-up to 04c03416e68fd635a15
|
|
This commit adds support to generate JSON via the writeout feature:
-w "%{json}"
It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:
-w "%{stderr}%{json}"
This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.
Closes #4870
|
|
Trying to return early from the function if no new transfers were added
would break the "morep" argument and cause issues. This could lead to
zero content "transfers" (within quotes since they would never be
started) when parallel-max was reduced.
Reported-by: Gavin Wong
Analyzed-by: Jay Satiro
Fixes #4937
Closes #5112
|
|
- s/COFF/coff/
Some versions of windres do not recognize uppercase COFF as a valid
way to specify the COFF output format.
Reported-by: Steven Penny
Fixes https://github.com/curl/curl/issues/5099
Closes https://github.com/curl/curl/pull/5101
|
|
Follow-up to a39e5bfb9
|
|
This fixes test 198 on versions of MinGW-w64 without ftruncate
Reviewed-By: Daniel Stenberg
Reviewed-By: Marcel Raad
Closes #5055
|
|
Follow up to 6357a19f.
Reviewed-by: Daniel Stenberg
Closes #5004
|
|
Spotted by 'codespell'
Closes #4957
|
|
Whilst lib\md4.c used this pre-processor, lib\md5.c and
src\tool_metalink.c did not and simply relied on the WIN32
pre-processor directive.
Reviewed-by: Marcel Raad
Closes #4955
|
|
Follow-up to 1fc0617dcc
|
|
- Change tool_util.c tvnow() for Windows to match more closely to
timeval.c Curl_now().
- Create a win32 init function for the tool, since some initialization
is required for the tvnow() changes.
Prior to this change the monotonic time function used by curl in Windows
was determined at build-time and not runtime. That was a problem because
when curl was built targeted for compatibility with old versions of
Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps
every 49.7 days that Windows has been running.
This change makes curl behave similar to libcurl's tvnow function, which
determines at runtime whether the OS is Vista+ and if so calls
QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used
because it has higher resolution than the more obvious candidate
GetTickCount64). The changes to tvnow are basically a copy and paste but
the types in some cases are different.
Ref: https://github.com/curl/curl/issues/3309
Closes https://github.com/curl/curl/pull/4847
|
|
Follow up to 9dc350b6.
|
|
- Deduplicate GetEnv() code.
- On Windows change ultimate call to use Windows API
GetEnvironmentVariable() instead of C runtime getenv().
Prior to this change both libcurl and the tool had their own GetEnv
which over time diverged. Now the tool's GetEnv is a wrapper around
curl_getenv (libcurl API function which is itself a wrapper around
libcurl's GetEnv).
Furthermore this change fixes a bug in that Windows API
GetEnvironmentVariable() is called instead of C runtime getenv() to get
the environment variable since some changes aren't always visible to the
latter.
Reported-by: Christoph M. Becker
Fixes https://github.com/curl/curl/issues/4774
Closes https://github.com/curl/curl/pull/4863
|
|
Make the tool check for alt-svc support at run-time and return error
accordingly if not present when the option is used.
Reported-by: Harry Sintonen
Closes #4878
|
|
Follow-up from 2bc373740a3
|
|
Closes #4873
|
|
The fixed-point math made us lose precision and thus a too high index
value could be used for outputting the hashtags which could overwrite
the newline.
The fix increases the precision in the sine table (*100) and the
associated position math.
Reported-by: Andrew Potter
Fixes #4849
Closes #4850
|
|
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.
Verified with the new tests 3002-3007
Closes #4816
|
|
Closes #4762
Fixes #4753
|
|
To avoid division by zero - or other issues.
Reported-by: Daniel Marjamäki
Closes #4818
|
|
This enables Link Time Optimization. LTO is a proven technique for
optimizing across compilation units.
Closes #4799
|
|
It was not intended nor documented!
Added test 1176 to verify.
Reported-by: vshmuk on hackerone
Closes #4812
|
|
As it was just unnecessary duplicated information already stored in the
'per_transfer' struct and that's around mostly anyway.
The duplicated pointer caused problems when the code flow was aborted
before the dupe was filled in and could cause a NULL pointer access.
Reported-by: Brian Carpenter
Fixes #4807
Closes #4810
|
|
Follow-up to: 4027bd72d9
|
|
- When creating a directory hierarchy do not error when mkdir fails due
to error EACCESS (13) "access denied".
Some file systems allow for directory traversal; in this case that it
should be possible to create child directories when permission to the
parent directory is restricted.
This is a regression caused by me in f16bed0 (precedes curl-7_61_1).
Basically I had assumed that if a directory already existed it would
fail only with error EEXIST, and not error EACCES. The latter may
happen if the directory exists but has certain restricted permissions.
Reported-by: mbeifuss@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4796
Closes https://github.com/curl/curl/pull/4797
|
|
Previously it would end up with an uninitialized memory buffer that
would lead to a crash or junk getting output.
Added test 1271 to verify.
Reported-by: Brian Carpenter
Closes #4786
|
|
Closes #4785
|
|
... as it could otherwise leak memory when a transfer failed.
Added test 1293 to verify.
Reported-by: Brian Carpenter
Fixes #4781
Closes #4782
|
|
... to fix memory leak in error path.
Fixes #4772
Closes #4780
Reported-by: Brian Carpenter
|
|
These are read-only.
Closes https://github.com/curl/curl/pull/4771
|
|
Found by fuzzing the config file.
Reported-by: Geeknik Labs
Fixes https://github.com/curl/curl/issues/4767
|
|
Reported-by: bxac on github
Fixes #4730
Closes #4731
|
|
When looping, first trying '.curlrc' and then '_curlrc', the function
would not free the first string.
Closes #4731
|