Search
Items tagged with: CURL
For details on the #curl PSL vulnerability, check out the #hackerone report. And if you use libpsl, double-check that your use is correct: hackerone.com/reports/2212193
Two mentioned projects in this report in particular should check their code.
curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...
## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...HackerOne
curl disclosed on HackerOne: CVE-2023-46218: cookie mixed case PSL...
## Summary: libcurl fails to normalize the `hostname` and `cookie_domain` parameters passed to `psl_is_cookie_domain_acceptable` function. As a result a malicious site can set a super cookie if the...HackerOne
#curl 8.5.0
curl 8.5.0 with Daniel Stenberg
Two changes, two CVEs, 188 bugfixes. curl 8.5.0 is here and Daniel takes you through the news.(The video is a notch worse than usual due to technical difficu...YouTube
github.com/curl/curl-for-win/c…
curl 8.5.0 · curl/curl-for-win@ab5dbb9
Since 8.4.0_10: - building curl with CMake UNITY mode (replacing GNU Make) Since 8.4.0_9: - LibreSSL 3.8.2 (replacing quictls) Since 8.4.0_8: - smaller x64 and x86 binaries ce5113aa3ca8c841a6d...GitHub
Welcome to #curl 8.5.0
daniel.haxx.se/blog/2023/12/06…
cookie mixed case PSL bypass: curl.se/docs/CVE-2023-46218.ht…
HSTS long file name clears contents: curl.se/docs/CVE-2023-46219.ht…
everything.curl.dev/ (and an additional almost 16,000 lines of docs)
xcurl
I learned that "xCurl is a Microsoft Game Development Kit compliant implementation of the #libCurl API"
daniel.haxx.se/blog/2023/11/30…
#curl
Building #curl using #OpenSSL 3.2 #QUIC?
github.com/curl/curl/discussio…
Building libcurl using OpenSSL 3.2 QUIC? · curl/curl · Discussion #12425
Hello, are there any plans to build libcurl with OpenSSL v3.2's new QUIC API? OpenSSL v3.2 was officially released 11/23 (which supports QUIC client capabilities). In this way, libcurl doesn't need...GitHub
Next Level Curl
A talk given by Daniel Stenberg from wolfSSL at the 2023 Platform Summit in Stockholm.Everyone uses curl, the Swiss army knife of Internet transfers. Earlier...YouTube
#curl on 100 operating systems
aka "Why do I care so much about old legacy crap?"
daniel.haxx.se/blog/2023/11/14…
Quick set up guide for Encrypted Client Hello (ECH)
The Encrypted Client Hello (ECH) mechanism draft-spec is a way to plug a few privacy-holes that remain in the Transport Layer Security (TLS) protocol that’s used as the security layer for the web.jochensp (https://guardianproject.info)
Fix -Walloc-size by thesamesam · Pull Request #12292 · curl/curl
GCC 14 introduces a new -Walloc-size included in -Wextra which gives: src/tool_operate.c: In function ‘add_per_transfer’: src/tool_operate.c:213:5: warning: allocation of insufficient size ‘1’ for ...GitHub
"On behalf of Google Open Source, I would like to thank you for your contribution to #curl"
daniel.haxx.se/blog/2023/11/11…
Windows VC14.20 project missing by dsv123 · Pull Request #12282 · curl/curl
Windows projects included VC14, VC14.10, VC14.30 but not VC14.20. OpenSSL and WolfSSL bat scripts mention VC14.20 so I don't suspect an underlying problem with this platform toolset. Updated the te...GitHub
I've ordered 40 curl coasters I'm gonna give away to #curl contributors I meet.
daniel.haxx.se/blog/2023/11/03…
HTTP: fix empty-body warning by Gottox · Pull Request #12262 · curl/curl
This change fixes a compiler warning with gcc-12.2.0 when -DCURL_DISABLE_BEARER_AUTH=ON is used. /home/tox/src/curl/lib/http.c: In function 'Curl_http_input_auth': /home/tox/src/curl/lib/http.c:114...GitHub
http_aws_sigv4: canonicalise valueless query params by hjmallon · Pull Request #12244 · curl/curl
Query params with ?novalparam (i.e. no =) need to be given an empty value while canonicalising From https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html When a request targ...GitHub
add supported version for the json write-out by boilingoden · Pull Request #12266 · curl/curl
xref: https://curl.se/changes.html#7_70_0 related issue: #6844GitHub
and hey, look at this:
HTTP3: ngtcp2 builds are no longer experimental
One step closer to HTTP/3 support in shipped #curl binaries.
github.com/curl/curl/pull/1223…
HTTP3: ngtcp2 builds are no longer experimental by bagder · Pull Request #12235 · curl/curl
The other HTTP/3 backends are still experimental.GitHub
wolfssl: add default case for wolfssl_connect_step1 switch by kareem-wolfssl · Pull Request #12218 · curl/curl
Fixes ZD#16824. Customer is using a strict compiler which requires default cases for all switch statements.GitHub
Starting soon, you might need Windows XP or later to run #curl on Windows... Yes, the XP that was introduced in 2001.
github.com/curl/curl/pull/1222…
build: require Windows XP or newer by vszakats · Pull Request #12225 · curl/curl
After this patch we assume availability of getaddrinfo and freeaddrinfo, first introduced in Windows XP. Meaning curl now requires building for Windows XP as a minimum. TODO: assume these also in a...GitHub
"mastering the #curl command line" has been viewed 12,000 times in less than two months.
Mastering the curl command line with Daniel Stenberg
The slides = https://www.slideshare.net/DanielStenberg7/mastering-the-curl-command-linepdf0:00 Mastering the curl command line0:16 Daniel Stenberg0:36 curl s...YouTube