On October 26, 2022 6:15 PM, Daniel Stenberg wrote:
>On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
>
>> This will generate a 64-bit curl_off_t, which as I understand from
>> other replies it is wrong for 32-bit builds. long long is invariant,
>> being always 64-bit regardless of the memory
On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
This will generate a 64-bit curl_off_t, which as I understand from other
replies it is wrong for 32-bit builds. long long is invariant, being always
64-bit regardless of the memory model.
No, that is the right way. curl_off_t should always
On October 26, 2022 4:48 PM, Daniel Stenberg wrote:
>On Wed, 26 Oct 2022, Randall via curl-library wrote:
>
>> In my view , the change at 7.86.0 to force 64-bit only constitutes an
>> ABI break.
>
>That's not a change in 7.86.0.
>
>The change in 7.86.0 is that configure now says that it sees no 64
On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
Close... we should include
&& !defined(__LP64)
to the #elif. If we build under 64-bit, which is scheduled later in the
year, then there is no need to override the defaults. Do you want a PR for
this?
Yes please!
--
/ daniel.haxx.se
|
On Wed, 26 Oct 2022, Randall via curl-library wrote:
In my view , the change at 7.86.0 to force 64-bit only constitutes an ABI
break.
That's not a change in 7.86.0.
The change in 7.86.0 is that configure now says that it sees no 64 bit type
for curl_off_t and those builds are deprecated and
On October 26, 2022 3:07 PM, Dan Fandrich wrote:
>On Wed, Oct 26, 2022 at 10:26:40AM -0400, Randall via curl-library wrote:
>> If we build under 64-bit, which is scheduled later in the year, then
>> there is no need to override the defaults. Do you want a PR for this?
>
>Keep in mind that this
On Wed, Oct 26, 2022 at 10:26:40AM -0400, Randall via curl-library wrote:
> If we build under 64-bit, which is scheduled later in the
> year, then there is no need to override the defaults. Do you want a PR for
> this?
Keep in mind that this will cause an ABI break on this platform.
--
>-Original Message-
>From: Daniel Stenberg
On October 26, 2022 10:12 AM, Daniel Stenberg wrote:
>On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
>
>> Snippet to do that:
>>
>> #if defined __TANDEM
>> typedef long long curl_off_t;
>> #endif
>>
>> Best place to do that? In configure
On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
Snippet to do that:
#if defined __TANDEM
typedef long long curl_off_t;
#endif
Best place to do that? In configure or just curl.h?
In should be in curl/system.h. Make like this?
diff --git a/include/curl/system.h b/include/curl/system.h
On October 26, 2022 9:32 AM, Daniel Stenberg wrote:
>On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
>
>>> The curl_off_t type is determined in the curl/curl.h header but
>>> seeing this output above, it seems to indicate that it needs
>>> adjustment for HPE NonStop.
>>
>> The c99
On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
The curl_off_t type is determined in the curl/curl.h header but seeing this
output above, it seems to indicate that it needs adjustment for HPE
NonStop.
The c99 interpretation of long long in 32-bit compiles is 64 bits, while
size_t and
On October 26, 2022 8:32 AM, Daniel Stenberg wrote:
>On Wed, 26 Oct 2022, rsbec...@nexbridge.com wrote:
>
>> checking size of curl_off_t... 4
>> checking for long long... yes
>> configure: error: support for systems without 64 bit curl_off_t is
>> deprecated, use --with-n64-deprecated until then
On October 26, 2022 2:26 AM, Daniel Stenberg wrote:
>This time, we announce no less than four security advisories in association
with
>this release. Stay tuned for them in separate emails.
>curl and libcurl 7.86.0
We can no longer build curl on HPE NonStop because of a configure
restriction:
CVE-2022-42916: HSTS bypass via IDN
===
Project curl Security Advisory, October 26 2022 -
[Permalink](https://curl.se/docs/CVE-2022-42916.html)
VULNERABILITY
-
curl's HSTS check could be bypassed to trick it to keep using HTTP.
Using its HSTS
CVE-2022-42915: HTTP proxy double-free
==
Project curl Security Advisory, October 26 2022 -
[Permalink](https://curl.se/docs/CVE-2022-42915.html)
VULNERABILITY
-
If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it
sets
CVE-2022-35260: .netrc parser out-of-bounds access
==
Project curl Security Advisory, October 26 2022 -
[Permalink](https://curl.se/docs/CVE-2022-35260.html)
VULNERABILITY
-
curl can be told to parse a `.netrc` file for credentials.
CVE-2022-32221: POST following PUT confusion
Project curl Security Advisory, October 26 2022 -
[Permalink](https://curl.se/docs/CVE-2022-32221.html)
VULNERABILITY
-
When doing HTTP(S) transfers, libcurl might erroneously use the read
Hello friends
Welcome to another curl release. As always, download the latest and greatest
from
https://curl.se/
This time, we announce no less than four security advisories in association
with this release. Stay tuned for them in separate emails.
As usual I will also do a live video
18 matches
Mail list logo
