Search
Items tagged with: curl
1. do not assume that URLs will be treated the same cross user-agents.
2. do not assume that IPv4-mapped IPv6-addresses can be written in octal.
Another day. Another security report against #curl we could close.
curl disclosed on HackerOne: Incorrect Type Conversion in...
## Summary: Octal Type Handling of Errors in IPv4 Mapped IPv6 Addresses in curl allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that...HackerOne
"To me, the latest is the latest my OS provides me. If #curl maintainers dont care about pushing the latest into the OSes they support, it's not me to blame. I think curl maintainers should push Centos to provide the latest to all users. What's the purpose of you fixing multiple bugs and security holes if you dont spend time to make it available to the broader audience?"
We are obviously all just too lazy.
github.com/curl/curl/issues/13…
americanas.com.br immediately sends RST_STREAM · Issue #13546 · curl/curl
I did this The website americanas.com.br is the largest ecommerce in brazil after amazon.com. For some reason, simply requesting the main page returns with error. It's not a protection or any secur...GitHub
DEPRECATE.md: TLS libraries without 1.3 support by bagder · Pull Request #13544 · curl/curl
Brought to the curl-library list on March 7, 2024. Discussed since then. No particular objections have been heard except the worry that apple device people might miss Secure Transport. Once #13539 ...GitHub
I survived #curl up 2024.
daniel.haxx.se/blog/2024/05/06…
Includes videos of the twelve recorded presentations. Nerd-level: high.
only 3 severity high vulnerabilities in #curl during the last 5 years
(slide from my curl security talk I did over the weekend)
CURL Up 2024
The second day of the curl-up conference is about to start.
Learn more about #CURL. Live streamed on Twitch (twitch.tv/curlhacker).
github.com/curl/curl-up/wiki/2…
Did you notice how speed in #CURL changed for HTTP/2 in the last releases?
Thanks Stefan for your work!
CURL Up 2024
The curl-up conference is about to start soon with Daniel Stenberg @bagder welcoming the #opensource developers of the #CURL project.
Learn more about CURL. Live streamed on Twitch (twitch.tv/curlhacker).
github.com/curl/curl-up/wiki/2…
I talked about #curl and #rust on the podcast "rust in production":
corrode.dev/podcast/s02e01-cur…
curl - Rust in Production Podcast | corrode Rust Consulting
In the season premier we talk to none other than Daniel Stenberg! We focus on integrating Rust modules in curl, their benefits, ways in which Rust and Rust crates helped improve curl, but also how curl helped those crates, and where curl is used in t…Corrode Rust Consulting
Two laptops, webcam on stand, mike, mike-stand, power for laptops, cable kit, repair kit, 12 curl mugs, eight packs with different curl stickers, carton coasters, pcb coasters, t-shirts, name tags + pens, two UCB-C to HDMI adapters
Preparing for #curl up 2024.
github.com/curl/curl-up/wiki/2…
My "predicting the future" slide, used in several presentations over the last few years. It involves #curl.
"everything will be networked"
cmake: FindNGHTTP2 add static lib name to find_library call by fuzzard · Pull Request #13495 · curl/curl
Adds the static library name, nghttp2_static as a name to search. This provides cmake parity with the winbuild Makefile.vc allowing the cmake build to find and allow the link to static nghttp2 libr...GitHub
How many authors have their contributions in #curl product source code? How many have had their previous work completely removed. Over time.
The first #curl release with code present authored by 200 persons was done in 2015-04-22. In that release, we had already removed all traces of contributions from 20 authors.
In the latest release, 604 authors' code is still present. 171 authors' work have been replaced.
sendf: Curl_cwriter_write: remove comment disallowing zero length by schicho · Pull Request #13477 · curl/curl
Curl_client_write calls Curl_cwriter_write, which already has this limitation in place in its comment. blen is not checked in Curl_client_write. Stumbled upon this working on my other MQTT PR.GitHub
Awesome, so much to learn wrt. libcurl! 😍 Posting links below in case anyone is looking for them ✨
📺 Getting started with libcurl
• youtube.com/watch?v=aS2eJDA5nS…
📺 Mastering libcurl
• youtube.com/watch?v=ZQXv5v9xoc…
• youtube.com/watch?v=9KqnXsSxqG…
Mastering libcurl (2/2) with Daniel Stenberg
Transfers, Share API, TLS, Proxies, HTTP, Header API, URL API. WebSocket. Future0:00 mastering libcurl part two0:35 setup2:30 agenda4:56 Transfers5:14 Downl...YouTube
Nine years ago today, a #curl command line was prominent on an even larger display...
daniel.haxx.se/blog/2015/04/24…
tool_operate: don't truncate the etag save file by default by Gusted · Pull Request #13432 · curl/curl
This fixes a regression of 75d79a4. The code in tool-operate truncated the etag save file, under the assumption that the file would be written with a new etag value. However since 75d79a4 that migh...GitHub
Today we celebrate the five year anniversary of #curl's bug-bounty. It has resulted in 69 reported vulnerabilities and almost 80,000 USD payouts. Out of a total of 439 submissions. 86 of them were considered "informative", which mostly means they were handled as normal bugs.
Submit your suspected curl securirty issue here: hackerone.com/curl
curl - Bug Bounty Program | HackerOne
The curl Bug Bounty Program enlists the help of the hacker community at HackerOne to make curl more secure.HackerOne
Enable test 1117 for hyper HTTP backend as it currently works by Alvenix · Pull Request #13436 · curl/curl
This PR is intended to test the CICD for now, as when I tried this test with the latest hyper it worked. Edit: It seems the test is successful on CICD, so it may be enabled. (Sorry If I missed some...GitHub
If you use brew’s curl on macOS, are you really using it? I installed and had curl setup a couple of years ago. Today it appears that curl was now pointing to Apple’s version, which has this issue (daniel.haxx.se/blog/2024/03/08…). Looks like brew doesn’t add a symlink for curl to /opt/homebrew/bin. Running `ln -s /opt/homebrew/opt/curl/bin/curl /opt/homebrew/bin` resolved the issue.
#TLS #EncryptedClientHello #ECH support has been merged in #curl!
github.com/curl/curl/pull/1192…
ECH experimental by sftcd · Pull Request #11922 · curl/curl
This is an (as-promised, on the mailing list) early pull request for adding HTTPS RR an ECH support to cURL, that has had so far minimal testing when using OpenSSL or wolfSSL as the TLS provider, b...GitHub
url: fix use of an uninitialized variable by jimmy-park · Pull Request #13399 · curl/curl
The following bug is detected by UndefinedBehaviorSanitizer on Apple Clang. /Users/jimmy.park/Repos/curl_client/build/.cache/curl/760adaf446db44888b0a6d906e318c6147c808ba/lib/url.c:810:10: runtime ...GitHub
Recent additions to the #CURL project from me
Anyone can contribute to an open source project. It is some effort, but you can push changes you make locally back to the project to improve it and make your improvements a part of the project.
Dockerfile for release automation by daniel-j-h · Pull Request #13250 · curl/curl
Hey @bagder 👋 I've seen your post on mastodon on how to reproduce the release tarballs. I wanted to bounce this off of you as an idea We can check in a Dockerfile build environment based on a spec...GitHub
Write function callback is called twice after resume transfer and return CURL_WRITEFUNC_ERROR · Issue #13337 · curl/curl
I did this We have the scenario when we put the transfer on pause and resume it after a while and then stop transfer with CURL_WRITEFUNC_ERROR. For that we register CURLOPT_WRITEFUNCTION callback a...GitHub