- tool_getparam: revert an unnecessary/no-op C89 warning silencer.
Follow-up to 09c9afdd71#20363
- tool_writeout: add comment saying silencing is a no-op for llvm/clang.
For `strftime()` it is a GCC-specific, as of llvm/clang v22.1.0.
Follow-up to f07a98ae11#20366
- unit1652: drop always-false `!defined(__clang__)` guard.
Pointed-out-by: Orgad Shaneh
Ref: #20902
Follow-up to 7e814c8717#16062
- unit1652: document that `-Wformat` is necessary for GCC v5 to v8.
Follow-up to 71cf0d1fca#14772Closes#20908
In a -j192 build, this output used a three-digit number for the output,
thus wrapping differently and causing it to error.
Reported-by: Carlos Henrique Lima Melara
Closes#20910
To help understanding what's happening on systems where native CA misses
to verify legitimate public websites.
Also:
- drop a superfluous, hanging, `else`.
Ref: #20897Closes#20899
As the struct is now always unconditionally memset with zeros, we
can remove two zero assigns.
Follow-up to 015f1c7de4
Pointed out by CodeSonar
Closes#20900
Follow-up to 04289c62de. Regression shipped in 8.13.0.
- a logic error made it not loop and thus only match if the searched string
was first
- it no longer matches a substring
Adjusted test 1 to use multiple values in the Connection: response
header. Adjusted test 1542 to have a "Connection: close-not" which
should not match.
Reported-by: Henrique Pereira
Closes#20894
Also:
- support per-directory and per-upper-directory whitelist entries.
- convert badlist input grep tweak into the above format.
(except for 'And' which had just a few hits.)
- fix many code exceptions, but do not enforce.
(there also remain about 350 'will' uses in lib)
- fix badwords in example code, drop exceptions.
- badwords-all: convert to Perl.
To make it usable from CMake.
- FAQ: reword to not use 'will'. Drop exception.
Closes#20886
A logic error made the function not check the last character, which thus
could make it accept invalid schemes.
Added test 1965 to verify
Reported-by: Otis Cui Lei
Closes#20893
- Move `RESP_TIMEOUT` from urldata.h to pingpong.h as
`PINGPONG_TIMEOUT_MS`.
- Rename `Curl_pp_state_timeout()` to `Curl_pp_state_timeleft_ms()` as
the function returns the time left, not the timout..
- Update implementation comments and variable names
Closes#20888
The protocol handler method `connection_check` allowed to variable
operations to trigger with variable result bits. Only the `CONNCHECK_ISDEAD`
and `CONNRESULT_DEAD` were in use. Transform the function into
`connection_is_dead` without extra parameter and a bool result.
- Remove defines for `CONNCHECK_*` and `CONNRESULT_*`
- Rename protocol function in handler comments
- Change RTSP implementation (only protocol that uses this)
Closes#20890
On Solaris this was causing intermittent issues when the private
structure member __sin6_src_id had unexpectedly some value. connect(2)
would then fail with EADDRNOTAVAIL.
Closes#20885
Previously it lacked the actual return. libssh.c uses the same function
name.
Verified by test 2007.
Reported-by: m777m0 on hackerone
Follow-up to 578706addeCloses#20883
It's mostly a filler word. I've read through each use of it in the code
base and did minor rephrasings when "simply" carried some meaning. The
overwhelming majority of cases, removing it improved the text
significantly. Inspired by #20793.
Closes#20822
- 'badwords' is now a target in Makefile.am
- change badwords.txt to specify plain "words" instead of regexes so the
script can build single regexes when scanning, which makes the script
perform much faster (~6 times faster)
Closes#20869
scan-build has been dropped in favor of clang-tidy and this false
positive no longer triggers with it.
Follow-up to ce4db9c2ef#20751
Follow-up to 02f207a76bCloses#20860
After targeting Vista as minimum, the non-bcrypt fallback code was
impossible to reach, because on UWP wincrypt is never available.
After this patch it's more obvious that no-SSL UWP builds only support
weak random source.
Follow-up to b17ef873ae#18009Closes#20859
To avoid potential warning with autotools when using `CFLAGS`. Existing
jobs are not affected.
Also:
- drop a redundant `export`.
- ensure not to overwrite per-job options with UWP ones.
Closes#20857
Instead of the first internal call to `curlx_verify_windows_version()`.
To avoid the chance of a race, potentially resulting in initializing
this address twice. AFAICT it could not cause an issue before this
patch.
Reported by Codex Security
Follow-up to b17ef873ae#18009Closes#20853
