Am 17.05.23 um 10:14 schrieb Dan Fandrich:
On Wed, May 17, 2023 at 09:48:39AM +0200, Rainer Jung via curl-library wrote:
I just wanted to note, that the test suite now uses the perl module
Memoize.pm. That module is contained in the perl base package eg. for RHEL
7, but for RHEL 8 must be
> On 17 May 2023, at 16:44, Daniel Stenberg via curl-library
> wrote:
> So: not an easy limit to toy around with.
I don't think we should raise this, there is no benefit to the vast majority of
users. Anyone who has an environment where they need this have the code
available to build a custom
On Wed, 17 May 2023, Benjamin Herrenschmidt via curl-library wrote:
And more specifically by the 8KB limit applied to the cookier headers.
Back again, having done some more thinking.
The main problem with upping this limit is that a typical user don't know what
the maximum allowed line
On Wed, 17 May 2023, Daniel Stenberg via curl-library wrote:
This however goes directly against RFC 6265 section 5.4 which says:
I submitted this issue to the http wg:
https://github.com/httpwg/http-extensions/issues/2541
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is
On Wed, 17 May 2023, Daniel Stenberg via curl-library wrote:
Beyond 8K something HTTP servers are going to cause problems with their
maximum header line lengths and then it becomes even harder to interop.
Something else struck me and here's a suitable RFC reference:
On Wed, 17 May 2023, Benjamin Herrenschmidt wrote:
In the general case, yes. That said, it could very well be that curl (or
libcurl) is used in specific cases (private API gateways etc...) where the
interoperability isn't a factor.
At this point I don't have enough data about the specific
On Wed, 2023-05-17 at 09:24 +0200, Daniel Stenberg wrote:
Thanks for your reply...
> On Wed, 17 May 2023, Benjamin Herrenschmidt via curl-library wrote:
>
> > And more specifically by the 8KB limit applied to the cookier headers.
> >
> > Now I understand the value in preventing runaway header
On Wed, May 17, 2023 at 09:48:39AM +0200, Rainer Jung via curl-library wrote:
> I just wanted to note, that the test suite now uses the perl module
> Memoize.pm. That module is contained in the perl base package eg. for RHEL
> 7, but for RHEL 8 must be installed as perl-Memoize.
I had assumed
V Wed, May 17, 2023 at 09:48:39AM +0200, Rainer Jung via curl-library napsal(a):
> I just wanted to note, that the test suite now uses the perl module
> Memoize.pm. That module is contained in the perl base package eg. for RHEL
> 7, but for RHEL 8 must be installed as perl-Memoize.
>
Installing
Hi there,
thanks for the new release!
I just wanted to note, that the test suite now uses the perl module
Memoize.pm. That module is contained in the perl base package eg. for
RHEL 7, but for RHEL 8 must be installed as perl-Memoize.
The change was introduced in
On Wed, 17 May 2023, Benjamin Herrenschmidt via curl-library wrote:
And more specifically by the 8KB limit applied to the cookier headers.
Now I understand the value in preventing runaway header attacks and it does
make a lot of sense to use a limit, but is there a reason not to make this
more POST-after-PUT confusion
=
Project curl Security Advisory, May 17 2023 -
[Permalink](https://curl.se/docs/CVE-2023-28322.html)
VULNERABILITY
-
When doing HTTP(S) transfers, libcurl might erroneously use the read callback
(`CURLOPT_READFUNCTION`) to
IDN wildcard match
==
Project curl Security Advisory, May 17th 2023 -
[Permalink](https://curl.se/docs/CVE-2023-28321.html)
VULNERABILITY
-
curl supports matching of wildcard patterns when listed as "Subject
Alternative Name" in TLS server certificates. curl can be
siglongjmp race condition
=
Project curl Security Advisory, May 17th 2023 -
[Permalink](https://curl.se/docs/CVE-2023-28320.html)
VULNERABILITY
-
libcurl provides several different backends for resolving host names, selected
at build time. If it is built to
UAF in SSH sha256 fingerprint check
Project curl Security Advisory, May 17th 2023 -
[Permalink](https://curl.se/docs/CVE-2023-28319.html)
VULNERABILITY
-
libcurl offers a feature to verify an SSH server's public key using a SHA 256
hash. When
Hi team,
I'm happy to announce that I just packaged, signed and uploaded another curl
release. This time in association with four security advisories, which I will
email about shortly. As always, get curl from here:
https://curl.se/
curl and libcurl 8.1.0
Public curl releases:
16 matches
Mail list logo