Search
Items tagged with: cURL
Flags to opcodes should ignore CURLWS_CONT flag by Pete-Cordell · Pull Request #14397 · curl/curl
When converting WebSocket flags such as CURLWS_TEXT | CURLWS_CONT to opcodes for sending fragmented frames, we want to exclude CURLWS_CONT from the lookup so AND it out. Alternatively, this tweak c...GitHub
what people have been using for years already will start working in #curl 8.10.0: -vv, -vvv and -vvvv for more verbose logging.
Up until now, adding more vs did not do anything different.
https://github.com/curl/curl/pull/13977
PR by the awesome @icing
curl verbose option, repeated use by icing · Pull Request #13977 · curl/curl
make mentioning -vv on the curl command line increase the verbosity of the trace output related discussion Make '-vv..' useful (again) #13810 add trace group names for components: network, ...GitHub
aws_sigv4: Fix ordering for headers with same prefix in the canonical request by austinmoore- · Pull Request #14370 · curl/curl
Problem AWS SigV4 signing requires headers to be lexicographically ordered by name. The current implementation uses strcmp on the full header, leading to incorrect ordering when header names have i...GitHub
Use NGHTTP3 prefix instead of NGTCP2 for errors in h3 callbacks. by moritzbuhl · Pull Request #14394 · curl/curl
To my understanding the functions are nghttp3 callbacks and should therefore return NGHTTP3_ERR_CALLBACK_FAILURE. However, this is not critical as the nghttp3 documentation states for all callbacks...GitHub
Today is exactly five years since we did the first HTTP/3 transfers with #curl
My blog post from back then:
https://daniel.haxx.se/blog/2019/08/05/first-http-3-with-curl/
in the five days since the previous #curl release, we have merged 47 bugfixes and 9 new features
Busy days.
#curl's 265th command line option is called --skip-existing. Lets you completely skip a download if there is a local file present already.
https://github.com/curl/curl/pull/13993
curl: add --skip-existing by bagder · Pull Request #13993 · curl/curl
With this option, the entire download is skipped if the selected target filename already exists when the operation is about to begin. Also works fine with "globs". code documentation test cases...GitHub
#curl's 264th command line option is --dump-ca-embed, coming in 8.10.0.
Starting in this version, the tool can get built with an embedded CA cert store.To allow it to work better completely stand-alone.
This new flag writes that built-in store to stdout.
Starting now, #curl shows extended help for a given command line option if you write it after --h. Like "curl -h --location" or "curl -h -O"
Shipping in the pending curl 8.10.0 in mid September.
https://github.com/curl/curl/pull/13997
curl: --help [option] displays documentation for given cmdline option by bagder · Pull Request #13997 · curl/curl
The extracting of the help texts is still a little crude: because we typically have 270KB of text zlib compressed into a single blob, we have to scan for the text to show. The searching can be made...GitHub
Point out DOH server IP pinning by duxsco · Pull Request #14377 · curl/curl
The IP address in the example is taken out of RFC 5737.GitHub
Watch @samueloph and the Debian curl maintainer team, discussing issues and the way forward at DebConf24:
Unpopular opinion: Damn cool kids with their HTTPs 3 and QUICs and whatevers. HTTP/1.1 was good enough for everyone!
They're adding all that fancy stuff into the new #cURL version, and it causes #Transmission to crash. How am I going to seed all these Linux images now?!
https://github.com/transmission/transmission/issues/7035
https://github.com/curl/curl/issues/14344
Starting with 8.9.1, SIGPIPE leaks in some cases · Issue #14344 · curl/curl
I did this After #14296, curl has started to leak SIGPIPE in some cases. I‘ve noticed this since the test suite I wrote for our in-house curl-wrapper now sometimes exits which SIGPIPE (I‘d say abou...GitHub
Bugfix rate in the #curl project is currently racing to an all-time high.
(yes, presumably this also means we insert more bugs as well as there need to be something to fix...)
The original #hackerone report for #curl's CVE-2024-7264: ASN.1 date parser overread is now published:
https://hackerone.com/reports/2629968
curl disclosed on HackerOne: CVE-2024-7264: ASN.1 date parser overread
## Summary: When a specially-crafted certificate is passed to `Curl_extract_certinfo` to parse, it may read bytes beyond the end of the buffer in which the certificate is held. According to the...HackerOne
Very fun working in the #curl project, btw. Excellent people there, good coop, good vibes.
Issue reporters in general are experienced people where turnarounds are fast. Getting back with logs and verifying solutions.
Nice.😌
I added a section to everything #curl about what we do to mitigate backdoor attempts:
https://everything.curl.dev/project/security.html#backdoors-and-supply-chain-risks
Did I forget anything obvious?
Security - everything curl
everything there is to know about curl, libcurl and the cURL projecteverything.curl.dev
Welcome Joe Birr-Pixton as #curl commit author 1289: https://github.com/curl/curl/pull/14317
(I deduped a few authors counted twice, so the count is a few less than previously)
Ensure all tests pass with rustls backend by ctz · Pull Request #14317 · curl/curl
The goal of this PR is to remove the rustls stanza in tests/data/DISABLED that skips some tests. That involves supporting CRLs -- we've had upstream support for a little while, but needs some plumb...GitHub
#curl 8.9.1 is here
28 bugfixes, including a low severity CVE - seven days since the previous release.
https://daniel.haxx.se/blog/2024/07/31/curl-8-9-1/
See you at 08:00 UTC for the live-stream
we got a new #curl security vulnerability reported *this morning*, and since we already had a patch release planned for tomorrow, well, we have worked like crazy through-out the day and the fix and the advisory and everything will be published tomorrow along with #curl 8.9.1
Never a dull moment in this factory.
I have this slide showing the 101(!) operating systems people have reported #curl to run on.
I now have a customer call scheduled about porting it to a 102nd...
I was nominated for the #Microsoft MVP program, but even though I am the main author of #curl that ships with #Windows since many years now, I barely know any "Microsoft technology" so I could not fill in the form without taking some... eh, "liberties".
I'm pretty confident they will just discard it and I will not be sorry.
In 2022 I became #curl's 1000th commit author and was congratulated as such until I had to confess to @bagder that I wasn't: I had used two distinct email addresses and was thus only the 999th.
The record (https://daniel.haxx.se/blog/2022/01/30/1000-commit-authors/) doesn't reflect this, but it is my #sundayConfession
According to @bagder the stubborn way the #OpenSSL project is handling #QUIC implementation is directly responsible for delaying HTTP/3 adoption (1), and I tend to agree. When the project rejected the community QUIC patches and decided to go with their own design, it wasn't difficult to predict problems. This was proven right by the massive feature gaps (2) and performance issues (3) discovered by @icing when trying to marry OpenSSL QUIC to #curl. Even with API fixes released in version 3.3 the implementation is still inferior, and there is no good solution in sight.
1) https://lwn.net/Articles/983380/
2) https://github.com/openssl/openssl/discussions/23339
3) https://github.com/icing/blog/blob/main/curl-h3-performance.md
blog/curl-h3-performance.md at main · icing/blog
Contribute to icing/blog development by creating an account on GitHub.GitHub
Starting now, the #curl website offers changelog listings per-release. https://curl.se/ch/ always shows the latest release.
Old links still work of course and the old "all changes in a single page" will remain.
curlhacker - Twitch
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.Twitch
curl disclosed on HackerOne: CVE-2024-6874: macidn punycode buffer...
libcurl at commit [58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c](https://github.com/curl/curl/tree/58772b0e082eda333e0a5fc8fb0bc7f17a3cd99c) contains a stack-buffer overread in...HackerOne
curl disclosed on HackerOne: CVE-2024-6197: freeing stack buffer in...
Libcurl at commit [04739054cdac5a0614fb94e3655e313c03399f35](https://github.com/curl/curl/tree/04739054cdac5a0614fb94e3655e313c03399f35) contains an invalid invocation of `free()` in the function...HackerOne
curlhacker - Twitch
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.Twitch