summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2024-01-15Disable a debug optiontizen_9.0_m2_releaseaccepted/tizen/base/x/asan/20240412.003022accepted/tizen/base/toolchain/20240301.141950accepted/tizen/base/toolchain/20240301.141845accepted/tizen/base/asan/20240305.000521accepted/tizen/base/20240124.021432accepted/tizen/9.0/base/20241030.075822tizen_basetizen_9.0_baseaccepted/tizen_base_x_asanaccepted/tizen_base_toolchainaccepted/tizen_base_asanaccepted/tizen_baseaccepted/tizen_9.0_baseSeonah Moon1-1/+1
Even if debug option is disabled, app can see the logs using VERBOSE option. * !!! WARNING !!! * This is a debug build of libcurl, do not use in production. Change-Id: I779c9dde8cc949a192313e2510b01c50dc789448
2024-01-03Upgrade to 8.5.0accepted/tizen/base/riscv/20240117.071421accepted/tizen/base/20240111.220650Seonah Moon3523-125142/+120544
Change-Id: I9773f5e3878434ceab19ddd0cc4231bb67cfe4c2
2024-01-02Imported Upstream version 8.5.0upstream/8.5.0upstreamSeonah Moon3522-125095/+120544
Change-Id: I8f77c680623836749aba616cecd0390fc34b0c3c
2023-10-12HTTP/2, fix crash in handling stream weightsaccepted/tizen/base/riscv/20240117.110157accepted/tizen/base/riscv/20231123.094508accepted/tizen/base/20231016.084939accepted/tizen_base_riscvSeonah Moon1-1/+2
Backported from https://github.com/icing/curl/commit/41e5345fe9689cc2c1c2a92ecd77d2bd0f3f2411 (curl 8.2.0) Change-Id: Iff4afe448bf7602a43ef033441a5a2b004ff3fe3
2023-08-31Revert "Migrate to openssl 3.0"accepted/tizen/base/20230901.115415accepted/tizen/8.0/base/20231005.044632Seonah Moon1-1/+1
This reverts commit cabfc984c506eca0ad8cab01ec3150cbf5c5cc14. Change-Id: Ic94b9e9a9a533cc3847df420448349d2988e4b5f
2023-08-29Remove EOL character from failf logaccepted/tizen/base/20230830.054559Seonah Moon1-1/+1
Change-Id: If48529b01315aeea8ff7e68f16eaa23081f80315
2023-07-18Migrate to openssl 3.0Seonah Moon1-1/+1
Change-Id: Id402ba007051792ef0aaab3e1d5b6f8713f88a83
2022-12-21Upgrade to 7.86.0accepted/tizen/base/dev/20230602.080954accepted/tizen/base/20230831.023043accepted/tizen/base/20230201.083437accepted/tizen_base_devSeonah Moon2161-81964/+72089
Change-Id: I0dd7ee047eef3a9ea4f3ba3b3b6b2fb5d6ad3b79
2022-12-21Imported Upstream version 7.86.0upstream/7.86.0Seonah Moon2160-81977/+72103
Change-Id: I69742b17b658f837c72674c476b7a93c6965b2dc
2022-03-25openssl: check if sessionid flag is enabled before retrieving sessiontizen_7.0_m2_releasesubmit/tizen_base/20220325.123158accepted/tizen/base/20221115.103903accepted/tizen/base/20220327.224507accepted/tizen/7.0/base/hotfix/20221116.055439accepted/tizen/7.0/base/20221116.030029tizen_7.0_base_hotfixaccepted/tizen_7.0_base_hotfixSeonah Moon1-13/+15
Ideally, Curl_ssl_getsessionid should not be called unless sessionid caching is enabled. There is a debug assertion in the function to help ensure that. Therefore, the pattern in all vtls is basically: if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();} There was one instance in openssl.c where sessionid was not checked beforehand and this change fixes that. Prior to this change an assertion would occur in openssl debug builds during connection stage if session caching was disabled. Reported-by: Jim Beveridge Fixes https://github.com/curl/curl/issues/8472 Closes https://github.com/curl/curl/pull/8484 Change-Id: I720345c0c456f7375b5b842846061c043e236a57
2022-01-12Upgrade to 7.81.0submit/tizen_base/20220119.043641accepted/tizen/base/20220121.001130Seonah Moon3171-68759/+94952
Change-Id: I35149a0021e31cf82608541b37f3a4212c22747f
2022-01-12Imported Upstream version 7.81.0upstream/7.81.0Seonah Moon3170-68775/+94971
Change-Id: Ibe8b1de1691e326fbd2a8133470758ab942cbd97
2021-11-17 pretransfer: setup the User-Agent header heresubmit/tizen_base/20211118.011723accepted/tizen/base/20211121.213041Seonah Moon3-15/+16
... and not in the connection setup, as for multiplexed transfers the connection setup might be skipped and then the transfer would end up without the set user-agent! Reported-by: Flameborn on github Assisted-by: Andrey Gursky Assisted-by: Jay Satiro Assisted-by: Mike Gelfand Fixes #6312 Closes #6417 https://github.com/curl/curl/issues/6312 https://github.com/curl/curl/pull/6417 Change-Id: I91d196cf08bd96c0534621ad7eae9eb73a004f21
2021-07-15Exclude *dlp.so from devel packagetizen_6.5.m2_releasesubmit/tizen_base/20210715.051612submit/tizen_6.5_base/20211028.133901accepted/tizen/base/20210715.094500accepted/tizen/6.5/base/20211028.055505Seonah Moon1-0/+1
Change-Id: I052852341a8dacc6f100b7f999db5589902127d5
2021-06-03ngtcp2: fix the cb_acked_stream_data_offset protosubmit/tizen_base/20210603.103844accepted/tizen/base/20210604.070732Seonah Moon1-1/+1
The 'datalen' value should be 64 bit, not size_t! https://github.com/curl/curl/pull/7027 Change-Id: I0fd8041840734d387be09a820bc6ae9d28a0b7e3
2021-04-22Do not compare an array with NULL pointersubmit/tizen_base/20210422.103907accepted/tizen/base/20210430.052635Seonah Moon1-5/+3
Change-Id: I88d5ab0d7262f6eaf4fcc637c788079f9fc5af32
2021-04-08DLP: Use Curl_inet_pton() to get a network addresssubmit/tizen_base/20210408.083657accepted/tizen/base/20210412.005105Seonah Moon1-4/+6
conn->ip_addr points to a struct within the DNS cache, so this pointer is only valid as long as the DNS cache entry remains locked. Whereas conn->ip_addr_str is available while using the connection. Change-Id: I8cf239dda0b0d504427afe9809c0f0dcd2264f8d
2021-02-25Fix null dereferencesubmit/tizen_base/20210303.015359accepted/tizen/base/20210307.082104Seonah Moon1-1/+3
Change-Id: I4c535d1876d38b460f88f41c168fc5ad7f1235de
2021-02-18openssl: guard against OOM on context creationsubmit/tizen_base/20210218.045128accepted/tizen/base/20210221.221004Daniel Gustafsson1-2/+6
EVP_MD_CTX_create will allocate memory for the context and returns NULL in case the allocation fails. Make sure to catch any allocation failures and exit early if so. In passing, also move to EVP_DigestInit rather than EVP_DigestInit_ex as the latter is intended for ENGINE selection which we don't do. Closes #6224 Backported: https://github.com/curl/curl/pull/6224 Change-Id: Ibcd3a0782405d3db6aa08d65892af15c3ea8431b
2021-02-18openssl: free mem_buf in error pathDaniel Stenberg1-9/+9
To fix a memory-leak. Closes #6267 - backported: https://github.com/curl/curl/pull/6267 Change-Id: I225c540015370218f9a249d8feb05dda20c41529
2020-12-24Imported Upstream version 7.73.0submit/tizen_base/20210107.050301accepted/tizen/base/20210110.213348Seonah Moon2251-55860/+61056
Change-Id: Ia04bed727b7a36262539f5eb5b3866064da63f5e
2020-12-23Imported Upstream version 7.73.0upstream/7.73.0Seonah Moon2250-55856/+61136
Change-Id: I2ec6e2708d8245d75f7f5d0d289830840ab9ff9d
2020-11-05Update DLP featureSeonah Moon11-144/+166
Change-Id: I954089d7d9d6e75726df6981c8222403ae83facc
2020-09-25multi_done: if multiplexed, make conn->data point to another transfersubmit/tizen_base/20200925.082411Seonah Moon2-0/+5
... since the current transfer is being killed. Setting to NULL is wrong, leaving it pointing to 'data' is wrong since that handle might be about to get freed. Fixes #4845 Closes #4858 Reported-by: dmitrmax on github https://github.com/curl/curl/issues/4845 Change-Id: I597f1538c7ff646a13d24ab547437fd2dc037f00
2020-09-25Revert "multi_done: if multiplexed, make conn->data point to another transfer"Seonah Moon2-5/+0
This reverts commit 44b97d568351daa1741b591bf0c3ab754ad07060.
2020-09-25multi_done: if multiplexed, make conn->data point to another transferSeonah Moon2-0/+5
... since the current transfer is being killed. Setting to NULL is wrong, leaving it pointing to 'data' is wrong since that handle might be about to get freed. Fixes #4845 Closes #4858 Reported-by: dmitrmax on github Change-Id: Ic03d65132e8116b0423d8b6715207d2dd04c7c5b
2020-09-18Add strict-ssl-check option to avoid unexpected 56 errortizen_6.0.m2_releasesubmit/tizen_base/20200921.004003submit/tizen_6.0_base_hotfix/20201102.162701submit/tizen_6.0_base_hotfix/20201030.192501submit/tizen_6.0_base/20201029.184801accepted/tizen/base/20200922.032751accepted/tizen/6.0/base/hotfix/20201102.093310accepted/tizen/6.0/base/20201029.110343tizen_6.0_base_hotfixaccepted/tizen_6.0_base_hotfixSeonah Moon2-1/+18
SSL_ERROR_SYSCALL has been handled little stricter since curl 7.67. (For example, 56 error occurs when server clase the connection abruptly without a close_notify alert.) The change is applied only in debug build for compatibility with older peers. However, Curl in Tizen is built with debug option. So, Unexpected 56 error can occurs. To avoid it, This patch creates new option and disable it. Change-Id: I6d2b493aa1ce1ea2ce7fe1151f8948537e52c332
2020-05-28mime: properly check Content-Type even if it has parameterssubmit/tizen_base/20200601.000728accepted/tizen/base/20200608.211016Seonah Moon3-3/+84
New test 669 checks this fix is effective. Fixes #5256 Reported-by: thanhchungbtc on github https://github.com/curl/curl/pull/5258/commits/96819869a975277308ef88b256f9ab9b788091f5 Change-Id: Icc77c1f01a859cb821dccc5a9cb1003e4e166117
2020-02-27Imported Upstream version 7.68.0submit/tizen_base/20200228.034800submit/tizen_base/20200228.034741accepted/tizen/base/20200302.014345Seonah Moon1589-44297/+60037
Change-Id: Ifa484ccc2d444376bfa8c21ca8d9b63d8f48bf05
2020-02-24Imported Upstream version 7.68.0upstream/7.68.0Seonah Moon1590-44217/+60360
Change-Id: I37422e43c2c4c25904a4fc2a391c4a32ba3b9f5c
2020-02-04Migrate to openssl 1.1submit/tizen_base/20200205.050526accepted/tizen/base/20200207.013553Seonah Moon1-2/+1
Change-Id: I465e6d39e1e167784bc79989c4b039721f61adc1
2020-01-09http2: don't call stream-close on already closed streamssubmit/tizen_base/20200109.040447accepted/tizen/base/20200110.070424Seonah Moon1-4/+4
- bug: https://github.com/curl/curl/issues/4043 - fix: https://github.com/curl/curl/commit/c0c40ab075cdf86424dfe346a70a31b08dc651da Change-Id: I90808233da69e8fc3d03189f8514bca1f73d90ee
2020-01-07Fix segfault in h2_session_sendsubmit/tizen_base/20200108.091030Nishant Chaprana1-2/+3
The crash is observed after below patches are applied:- Crash in upstream libcurl: https://github.com/curl/curl/commit/fb445a1e18d12f577964c9347bc5bca74b37cd08 Crash in Tizen: https://review.tizen.org/gerrit/#/c/platform/upstream/curl/+/220576 The same crash has been reported in upstream libcurl package. Issue #1: https://github.com/curl/curl/issues/3463 Issue #2: https://github.com/curl/curl/issues/3541 Below are the solution patches are used for creating this fix Patch #1: https://github.com/curl/curl/commit/54b201b48c90a2fb03c2baf90837c6b63adbc344 Patch #2: https://github.com/curl/curl/commit/f1af63149389cab2519b39b8056df68f5df36b91 Patch #3: https://github.com/curl/curl/commit/4015fae044ce52a639c9358e22a9e948f287c89f Change-Id: Iaa4a05feb6a66d9781d4e7ae07297ce369744d3d Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2019-12-20url: make Curl_close() NULLify the pointer too.submit/tizen_base/20191220.141841accepted/tizen/base/20191223.060023Daniel Stenberg7-21/+21
This is the common pattern used in the code and by a unified approach we avoid mistakes. Backported patch details: https://github.com/curl/curl/commit/dcd7e37c3a0ce108635b89cacc1e3425e57bd3bc Change-Id: I453175ca40d8e8dfa7611f026ec7513dc230d16f Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-19disconnect: set conn->data for protocol disconnectDaniel Stenberg1-0/+3
Follow-up to fb445a1e18d: Set conn->data explicitly to point out the current transfer when invoking the protocol-specific disconnect function so that it can work correctly. Backported patch details: https://github.com/curl/curl/commit/f3ce38739fa49008e36959aa8189c01ab1bad5b5 Change-Id: I0f86f4f9e086ebc0954f0d9935830bb93acb4090 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-19disconnect: separate connections and easy handles betterDaniel Stenberg4-13/+13
Do not assume/store assocation between a given easy handle and the connection if it can be avoided. Long-term, the 'conn->data' pointer should probably be removed as it is a little too error-prone. Still used very widely though. Backported patch details: https://github.com/curl/curl/pull/3400/commits/fb445a1e18d12f577964c9347bc5bca74b37cd08 Change-Id: I18aa2cb7097b8598c90ddf8c8c68a9fecd86e295 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-13Revert "ares: remove fd from multi fd set when ares is about to close the fd"submit/tizen_base/20191213.140919accepted/tizen/base/20191215.222036Niraj Kumar Goit9-43/+31
ares: remove fd from multi fd set when ares is about to close the fd 8dfb92873af9de5d883e191e0097be32c78a7d0f Change-Id: Ic6ce203ae3609a539f70c5ae4cb1d4b3812ae80d Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-12Change HAPPY_EYEBALLS_DNS_TIMEOUT to 1 sec for TV profilesubmit/tizen_base/20191213.011654Seonah Moon1-0/+4
Change-Id: I8f29a511322905036005cf8df13640518c6be7bc
2019-12-12Apply the Happy Eyeballs philosophy to parallel c-ares queriesSeonah Moon2-0/+91
Change-Id: Ic067a067b2562a1b2b4f978f32f20b269abd0886
2019-12-02curl_multi_remove_handle() don't block terminating c-ares requestssubmit/tizen_base/20191204.120048accepted/tizen/base/20191208.221818Niraj Kumar Goit8-19/+225
Added Curl_resolver_kill() for all three resolver modes, which only blocks when necessary, along with test 1592 to confirm curl_multi_remove_handle() doesn't block unless it must. Backported patch details: https://github.com/curl/curl/commit/84a30d0a419ad95c53cbdfc76eb2eb75d2e51835 Change-Id: I40917dbf8262249250942c9dcb71a31e6cf0df90 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-12-02ares: remove fd from multi fd set when ares is about to close the fdNiraj Kumar Goit8-30/+42
When using c-ares for asyn dns, the dns socket fd was silently closed by c-ares without curl being aware. curl would then 'realize' the fd has been removed at next call of Curl_resolver_getsock, and only then notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with CURL_POLL_REMOVE. At this point the fd is already closed. By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this patch allows curl to be notified that the fd is not longer needed for neither for write nor read. At this point by calling Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE before the fd is actually closed by ares. In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore since it does not allow passing a different sock_state_cb_data Backported patch details: https://github.com/curl/curl/commit/6765e6d9e6a32bb4fc666d744cb57e2d55d4e13b Change-Id: I62b2d244cb0f38a4c4a76ad804c7fd69f9222484 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-10-30Curl_fillreadbuffer: avoid double-free trailer buf on errorsubmit/tizen_base/20191031.113633accepted/tizen/base/20191105.214055Seonah Moon1-3/+7
Backported Patch link: https://github.com/curl/curl/pull/4307 Change-Id: I5b695b661cf946b74e065d1a65697e74d7ef8af6
2019-10-08Revert "Use openssl-1.1"tizen_5.5.m2_releasesubmit/tizen_base/20191010.142237submit/tizen_5.5_base_mobile_hotfix/20201023.171501submit/tizen_5.5_base/20191030.000001accepted/tizen/base/20191011.075552accepted/tizen/5.5/base/mobile/hotfix/20201023.085904accepted/tizen/5.5/base/20191030.084341tizen_5.5_base_mobile_hotfixaccepted/tizen_5.5_base_mobile_hotfixSeonah Moon1-1/+1
This reverts commit 6b333876d2db240bd01e0dcec950b2d12dc8eae5. Change-Id: Ia687599375fb2953e9df43f7195877726c5ffa29
2019-09-24http2: Stop drain from being permanently set onsubmit/tizen_base/20190924.062848accepted/tizen/base/20190929.221333Seonah Moon1-3/+4
Various functions called within Curl_http2_done() can have the side-effect of setting the Easy connection into drain mode (by calling drain_this()). However, the last time we unset this for a transfer (by calling drained_transfer()) is at the beginning of Curl_http2_done(). If the Curl_easy is reused for another transfer, it is then stuck in drain mode permanently, which in practice makes it unable to write any data in the new transfer. This fix moves the last call to drained_transfer() to later in Curl_http2_done(), after the functions that could potentially call for a drain. Fixes #3966 Reported-by: Josie-H Change-Id: I83ee02bf9017c9aa3d27d50580a0f89b8ec1d05d
2019-09-19security:read_data fix bad realloc()submit/tizen_base/20190919.235053accepted/tizen/base/20190921.035901Daniel Stenberg1-4/+2
... that could end up a double-free CVE-2019-5481 Bug: https://curl.haxx.se/docs/CVE-2019-5481.html Change-Id: I4eab9aceba3ad01607eb4f302200e9f949ea4312
2019-09-19ftp: Alloc maximum blksize, and use default unless OACK is receivedSeonah Moon1-3/+9
Fixes potential buffer overflow from 'recvfrom()', should the server return an OACK without blksize. Bug: https://curl.haxx.se/docs/CVE-2019-5482.html CVE-2019-5482 Change-Id: I6c63f958f4b49aa214ea4adb55c8f85a4b1606cc
2019-07-31tftp: use the current blksize for recvfrom()submit/tizen_base/20190812.223828accepted/tizen/base/20190818.221630Daniel Stenberg1-1/+1
bug: https://curl.haxx.se/docs/CVE-2019-5436.html Reported-by: l00p3r on hackerone CVE-2019-5436 Backported patch link: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275.patch Change-Id: Ic6093d1d475ed9ba87e41cff315befdc3aca9c1d Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2019-07-24Merge "curl_easy_perform: fix timeout handling" into tizen_basesubmit/tizen_base/20190724.065731accepted/tizen/base/20190730.013322Jaehyun Kim3-5/+30
2019-07-23curl_easy_perform: fix timeout handlingDaniel Stenberg3-5/+30
curl_multi_wait() was erroneously used from within curl_easy_perform(). It could lead to it believing there was no socket to wait for and then instead sleep for a while instead of monitoring the socket and then miss acting on that activity as swiftly as it should (causing an up to 1000 ms delay). Reported-by: Antoni Villalonga Fixes #3305 Clodes #3306 Backported patch details: https://github.com/curl/curl/commit/d04cef9ce1d710902d90b62de01115b9bbe958bf.patch Change-Id: I08d95e996dd9bab5d9fd7c7fe581fdb40c8a0de8 Signed-off-by: Niraj Kumar Goit <niraj.g@samsung.com>
2019-07-23CURL_MAX_INPUT_LENGTH: largest acceptable string input sizeSeonah Moon3-0/+19
This limits all accepted input strings passed to libcurl to be less than CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: curl_easy_setopt() and curl_url_set(). The 8000000 number is arbitrary picked and is meant to detect mistakes or abuse, not to limit actual practical use cases. By limiting the acceptable string lengths we also reduce the risk of integer overflows all over. NOTE: This does not apply to `CURLOPT_POSTFIELDS`. Test 1559 verifies. ClosesThis commit closes pull request #3805. #3805 CVE-2019-5435 Change-Id: I0a6d76769e1471352a477a8b1160672757a2de54
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 17:33:46 +0000