I would just add that in #curl we use c-ares for the HTTPS RR stuff, on all the platforms.
Search
Items tagged with: curl
Two more #curl hackerone reports disclosed: hackerone.com/reports/2954286 and hackerone.com/reports/2917232
curl disclosed on HackerOne: CVE-2025-0167: netrc and default...
## Summary: The fix for CVE-2024-11053 seems to be incomplete.The information leak problem could be reproduced again if use netrc in step1. ## Affected version all ## Steps To Reproduce: 1....HackerOne
It's been a year since "you too could have made #curl"
daniel.haxx.se/blog/2024/02/06…
FOSDEM 2024: you too could have made curl
https://www.youtube.com/watch?v=kCJmAyUr1j4 This is the video recording of my talk with this title, done at February 4, 2024 10:00 in the K1.105 room at FOSDEM 2024.daniel.haxx.se
I recorded a video showing exactly what I do when I release #curl. The 264th release to be exact: youtu.be/7UQgcSWkSYw
How to do a curl release - with Daniel Stenberg
Daniel makes the curl 8.12.0 release. Shows how a curl release is done. This is the 264th curl release. Shows the scripts, the procedures and the general pro...YouTube
The #curl 8.12.0 presentation
curl 8.12.0 with Daniel Stenberg
Daniel describes the three new CVEs, the eight changes and some thirty of the bugfixes done in curl 8.12.0 released on February 5, 2025.YouTube
Embrace. This is the new #curl CVE I expect I will get a fair amount of... "traffic" about: curl.se/docs/CVE-2025-0725.htm…
#curl 8.12.0
daniel.haxx.se/blog/2025/02/05…
curl 8.12.0
Release presentation The live-streamed release video presentation happens on February 5 2025 at 09:00 UTC on twitch.daniel.haxx.se
If you want to see me - in real time -release #curl 8.12.0, it happens over on twitch in a minute or two: twitch.tv/curlhacker
Another article on AI slop mentioning #curl etc: thenewstack.io/ai-is-spamming-…
AI Is Spamming Open Source Repos With Fake Issues - The New Stack
A maintainer tracked down an AI company that said the spam was a mistake. But reports suggest the problem is more widespread and growing.Loraine Lawson (The New Stack)
Tomorrow at 9:00 CET I release #curl 8.12.0 live-streamed. What could possibly go wrong?
github.com/curl/curl/discussio…
curl 8.12.0 ships on February 5 · curl curl · Discussion #15977
The feature window is closed. The pending 8.12.0 release is scheduled to happen on February 5. If things go well, we open the feature window again on February 15. The curl release cycle is explaine...GitHub
36 hours left to the #curl 8.12.0 release.
At least 243 bugfixes, eight changes, three CVEs. I think you'll like it.
At 09:00 CET Wednesday morning I will live-stream the release procedure.
An hour later I will do a live-streamed release presentation.
Here: twitch.tv/curlhacker
curlhacker - Twitch
I'm Daniel Stenberg, maintainer and lead developer in the curl project. I stream curl related stuff. Release presentations, curl development and related topics.Twitch
Welcome Edoardo Lolletti as #curl commit author 1340: github.com/curl/curl/pull/1614…
symbols-in-versions: update version for LIBCURL_VERSION and LIBCURL_VERSION_NUM symbols by edo9300 · Pull Request #16141 · curl/curl
Those 2 symbols were available since the first 7.1.1 releaseGitHub
Welcome Calvin Ruocco as #curl commit author 1339: github.com/curl/curl/pull/1611…
ws-docs: Extend WebSocket documentation by viscruocco · Pull Request #16118 · curl/curl
Tried to clean up and extend the documentation on the WebSocket-API a little. There are some other information missing from the docs in my opinion, but since they are not relevant for my use case I...GitHub
Welcome mauke as #curl commit author 1338: github.com/curl/curl/issues/16…
Curl fails at make check with Perl 5.41.7 / 5.41.8 due to "Possible precedence problem between ! and string eq" in runtests.pl · Issue #16128 · curl/curl
I did this Curl fails at make check with Perl 5.41.7 due to: make[2]: Leaving directory '/jenkins/workspace/Port-Build/curl/curl-8.11.1/tests' srcdir=. /jenkins/zopen/usr/local/zopen/perl/perl5-hea...GitHub
🏆 A huge congratulations to @bagder , founder of cURL , for receiving the first European Open Source Achievement Award! 🎉
The award was presented by Omar Mohsine, Open Source Coordinator at the UN, a key advocate for using open technologies !
👏 Daniel will take place in the EOSAcademy as its President! #EOSA2025 #FOSS #cURL
Busy days now. On this Saturday on #FOSDEM I will speak about #curl security work in "tightening every bolt":
fosdem.org/2025/schedule/event…
A 1337 #curl author
daniel.haxx.se/blog/2025/01/29…
A 1337 curl author
For quite some time now, I celebrate and welcome every new commit author in the curl project in the public.daniel.haxx.se
Welcome Michael Schuster as #curl commit author... 1337
github.com/curl/curl/pull/1604…
Yes, number 1337 finally happened.
Fix build with mbedtls v3.6 PSA but without TLS 1.3 or session tickets by misch7 · Pull Request #16044 · curl/curl
Problems Build fails when support for session tickets is disabled (thus HAS_SESSION_TICKETS undefined in lib/vtls/mbedtls.c). Runtime error for all TLS connections when built with MBEDTLS_USE_PSA_...GitHub
we're getting into similar territory with a CVE we publish for #curl next week. We've debated it to death internally... 😀
Stay tuned!
Welcome Andrew Kaster as #curl commit author 1335: github.com/curl/curl/pull/1606…
ws: Reject frames with unknown reserved bits set by ADKaster · Pull Request #16069 · curl/curl
RFC 6455 Section 5.2 notes that for bits RSV1, RSV2, and RSV3 of the framing header, a non-zero value that is not defined by a negotiated extension MUST Fail the WebSocket connection. Related to #1...GitHub
Welcome Dexter Gerig as #curl commit author 1334: github.com/curl/curl/pull/1610…
Fix asyn-thread HTTPS resolution and a memory leak in asyn-ares by Fullmetal5 · Pull Request #16107 · curl/curl
asyn-thread was forgetting to copy the actual HTTPS info into the result and asyn-ares had a minor memory leak that only existed in another OOM path.GitHub
make #curl --url support a file with URLs?
curl.se/mail/archive-2025-01/0…
With my new PR, you can write "curl --url @file" and curl will download all the URLs in the provided file as if -O was used for each one of them. It can also get the list from stdin if you do "--url @-" in style with how other curl options work.
This is the first in a new series of monthly emails about what YOU can do to help out in the #curl project:
We have just confirmed that #curl up 2025 will take place in Prague over the weekend May 3-4.
Mark it in your calendars. Plan for it. We have started to add details to the wiki page of this year's event:
Top #curl sponsors as of now. Friends!
(yeps, it is the exact same list of names I have showed for quite some time...)
Twenty-six years ago on this day when we shipped #curl 5.5.1, the changelog was easier to gather than what they usually are today: curl.se/ch/5.5.1.html
Two bugfixes listed.
To play HTTPS RR in #curl's bleeding edge: github.com/curl/curl/blob/mast…
Expect rough edges.
curl/docs/HTTPSRR.md at master · curl/curl
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP...GitHub
Do you think this is fair?
"Problems that only trigger using legacy dependencies are not considered security problems."
github.com/curl/curl/pull/1608…
#curl
Uhmmmm... so, make yourself a CVE authority on your stuff [effectively blocking anyone else from publishing anything on your stuff), and do nothing else (i.e. no CVE published).
Of course, it's a bit late for #curl, but you know, other projects?
(and yes, it's naughty. I'm in a naughty mood, yeah?)
CVSS is dead to us
daniel.haxx.se/blog/2025/01/23…
#curl
CVSS is dead to us
CVSS is short for Common Vulnerability Scoring System and is according to Wikipedia a technical standard for assessing the severity of vulnerabilities in computing systems.daniel.haxx.se
It is only a year since we switched all #curl man pages to markdown but wow, what an improvement and "life enhancer"!
daniel.haxx.se/blog/2024/01/23…
curl docs format evolution
I trust you have figured out already that I have the highest ambitions for the curl documentation. I want everything documented in a clear, easy-to-read and easy-to-find manner.daniel.haxx.se
Want to help us improve the #curl shell completion script(s)?
github.com/curl/curl/issues/16…
Undeterministic zsh completion script output (depending on terminal size) · Issue #16072 · curl/curl
I did this I tried to reproduce the Arch Linux curl package by repeating the build in the documented build environment and noticed the zsh completions do not match: https://web.archive.org/web/2025...GitHub