| Age | Commit message (Collapse) | Author |
|---|
|
7.74.0
|
|
Closes #6172
|
|
curl 7.71.1
|
|
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).
Reported-by: coinhubs on github
Fixes #5598
Closes #5608
|
|
|
|
.. because checksrc's copyright year check stopped working.
Ref: https://github.com/curl/curl/pull/4547
Closes https://github.com/curl/curl/pull/4549
|
|
7.62.0
Signed-off-by: Nils Gillmann <ng0@n0.is>
|
|
This fixes potential out-of-buffer access on "file:./" URL
$ valgrind curl "file:./"
==24516== Memcheck, a memory error detector
==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==24516== Command: /home/even/install-curl-git/bin/curl file:./
==24516==
==24516== Conditional jump or move depends on uninitialised value(s)
==24516== at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24516== by 0x4EBB315: seturl (urlapi.c:801)
==24516== by 0x4EBB568: parseurl (urlapi.c:861)
==24516== by 0x4EBC509: curl_url_set (urlapi.c:1199)
==24516== by 0x4E644C6: parseurlandfillconn (url.c:2044)
==24516== by 0x4E67AEF: create_conn (url.c:3613)
==24516== by 0x4E68A4F: Curl_connect (url.c:4119)
==24516== by 0x4E7F0A4: multi_runsingle (multi.c:1440)
==24516== by 0x4E808E5: curl_multi_perform (multi.c:2173)
==24516== by 0x4E7558C: easy_transfer (easy.c:686)
==24516== by 0x4E75801: easy_perform (easy.c:779)
==24516== by 0x4E75868: curl_easy_perform (easy.c:798)
Was originally spotted by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
Credit to OSS-Fuzz
Closes #3039
|
|
curl 7.56.0
|
|
|
|
|
|
* Patches to rename libcurl to libgnurl by Christian
* Updated for latest curl using git cherry-pick by Jeff, Florian, ng0
* Patches to fix the testsuite (deleted tests/data/test1139, renamed
reference from libcurl.* to libgnurl.*) by ng0
* Added guix-gnurl.scm which can be used to build this with guix prior
to installing it. (author: ng0)
* Further adjustments by ng0
* 7.55.0: Manual addition of a7bbbb7c368c6096802007f61f19a02e9d75285b and f864bd8c880d5a916379aa4f26f1c45fe370b282 from upstream master.
* 7.55.1: Renamed include/curl to include/gnurl, a partial fix of https://gnunet.org/bugs/view.php?id=5122
Signed-off-by: ng0 <ng0@infotropique.org>
|
|
Found when updating test 1395, which I did to increase test coverage of
this source file...
Closes #1535
|
|
Found when updating test 1395, which I did to increase test coverage of
this source file...
Closes #1535
|
|
Follow up to commit 7db9782dd6.
|
|
|
|
|
|
It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.
Extended unit test 1395 to verify this too as well as a plain "/" input.
|
|
|
|
|
|
|
|
|
|
RFC3986 details how a path part passed in as part of a URI should be
"cleaned" from dot sequences before getting used. The described
algorithm is now implemented in lib/dotdot.c with the accompanied test
case in test 1395.
Bug: http://curl.haxx.se/bug/view.cgi?id=1200
Reported-by: Alex Vinnik
|
