[pull] master from curl:master #279
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Designed to aid converting off from sscanf parsers. sscanf is hard to use right, easy to mess up and often makes for sloppy error checking. The new parsers allow more exact and pedandic parsing. This new set of functions should be possible to use (and extend) and switch over other libcurl parser code to use going forward. Adapts the following to use the new functions: - altsvc.c - hsts.c - http_aws_sigv4.c Bonus: fewer memory copies, fewer stack buffers. Test: Unit test1664 Docs: docs/internals/STRPARSE.md Closes #15692
Using sscanf() is not a (security) problem in itself, but we strongly discorage using it for parsing input since it is hard to use right, easy to mess up and often makes for sloppy error checking. Allow it in examples and tests Closes #15687
For recently added actions in checkdocs.yml and windows.yml Closes #15722
Consider it a blank etag. It allows for more use cases when the file just might not have been created yet. Closes #15737
The pn: and ecl: prefixes were not handled correctly. CodeSonar helped me realize as it poined out an "Unreachable Data Flow" Closes #15741
This script parses all markdown files in the repository, extracts all links and verifies that they work. It makes sure to only check the URLs once, even if used in multiple links. There is a whitelist for URLs we deem unnecessary to check. It uses curl to do the checks. As a bonus, this makes it easy to run this check locally. Closes #15742
When de-duplicating the list of raw libs, make sure to drop duplicates from the beginning of the list. Reported-by: Kai Pastor Ref: #15273 (review) Closes #15495
A bad value here just makes for a bad alt-svc experience, not a security problem. Detected by OSS-Fuzz Bug: https://issues.oss-fuzz.com/issues/383911309 Closes #15745
- Free tmpcfg memory before returning an error code if aprintf failed. Closes #15753
To assign a variable using contents from another variable. Closes #15752
Delete the workaround added via a94a68a (2013-02-04). The commit message has no details. The comment mentions "Dialog Hell", and seems to fix CMake missing to regenerate `CURL.sln` with VS2010. It also added a FIXME saying the workaround can be deleted with future versions of CMake. At the time CMake's latest version was v2.8.10. curl now requires v3.7 (2018) minimum, and v3.24 (2022) was the latest CMake natively supporting VS2010. Assume this has since been fixed. Also: format an MSVC version reference in comment. Closes #15973
- cmake, config-*: drop unused `PACKAGE*`, `VERSION` variables. - config-win32: indentation - config-win32ce: drop mingw-specific code. This header is not used with MinGW. - config-win32ce: `_WIN64` is never true for Windows CE, drop. Closes #15978
Before this patch it used `ENABLE_IPV6`, the configuration intent. Replace with `USE_IPV6` which is the actual setting passed to C. The two can be different for targets without IPv6 support. Closes #15980
The TLS session cache is now held by the multi handle unless it is shared, so that all easy handles within a multi handle get the benefit of sharing the same, larger, cache. The multi handle session cache size is set to 25, unless it is the internal one used for the easy interface - which still uses only 3. Closes #15982
Because it is a trailing dot that otherwise leads to a zero length name. Coverity CID 1638755. Closes #15986
Coverity CID 1638753 correctly identies this code misbehaved if the passed in suboption is exactly one byte long by substracting two from the unsigned size_t variable. Closes #15987
In the double output function when an extremely large width and precision is set that reaches the libcurl maximum (325), the handling of the precision part would do wrong which could lead to bad output. Also: work-around for single-byte buffer snprintf overflow with mingw. Extend test 557 to verify. Coverity CID 1638751. Closes #15988
- Null terminate the end of the snprintf output buffer on Windows. Old versions of the Windows CRT (which are often found on later versions of Windows) do not terminate the snprintf output buffer if the output reaches the max size. This is a follow-up to parent 7e32f65 which made the same change but limited it to mingw, however it is a CRT version issue irrespective of compiler. Ref: https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/snprintf-snprintf-snprintf-l-snwprintf-snwprintf-l?view=msvc-170#remarks Closes #15997
- Change setopt and pretransfer to always reset URL related variables for a CURLU handle set CURLOPT_CURLU. This change is to ensure we are in compliance with the doc which says CURLU handles must be able to override a URL set via CURLOPT_URL and that if the contents of the CURLU handle changes between transfers then the updated contents must be used. Prior to this change, although subsequent transfers appear to be performed correctly in those cases, the work URL `data->state.url` was not updated. CURLINFO_EFFECTIVE_URL returns data->state.url to the user so it would return the URL from the initial transfer which was the wrong URL. It's likely there are other cases as well. Ref: https://curl.se/libcurl/c/CURLOPT_CURLU.html Reported-by: Nicolás San Martín Fixes #15984 Closes #15985
Since the script 'apachectl' from the httpd project is severly mutilated on several distros, use the executable httpd/apache2 directly in pytest runs. Remove detection of apachectl form autoconf and cmake. Closes #16000
Add colors to pytest runs in github workflows and see how test clutch copes with it! Closes #15998
Used by the SSL session cache code. Bug: https://curl.se/mail/lib-2025-01/0041.html Reported-by: Aleksander Mazur Closes #15994
This typically happens if CURL_CONNECT_ONLY is used and a second curl_easy_perform() is attempted. A connection "taken over" with CURL_CONNECT_ONLY cannot be ended any other way than a curl_easy_cleanup() on the easy handle that holds it. Add test 696 to verify. Closes #16003
- fix `find` commands to not miss items. - call `file` on the built files in `curl -V` steps. To give more feedback on what was built. - add `curl info` step for cross-jobs that can't do a `curl -V`. It lists the files built and calls `file` on them. - appveyor: make a VS2010 32-bit to match the VS2008 job it replaced. Follow-up to d34aeec #15934 - GHA/windows: drop the word "old" from standalone mingw-w64 jobs to not conflate it with "old mingw" we no longer support (while also keeping it short). Cherry-picked from #15975 Closes #16001
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )