mirror/curl - curl - Collaboration & Inovation

mirror of https://github.com/curl/curl.git synced 2024-11-21 01:16:58 +08:00

Author	SHA1	Message	Date
Jay Satiro	4729c25180	codeql: fix error "Resource not accessible by integration" - Enable codeql writing security-events. GitHub set the default permissions to read, apparently since earlier this year. Ref: https://github.com/github/codeql-action/issues/464 Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ Fixes https://github.com/curl/curl/issues/7575 Closes https://github.com/curl/curl/pull/7576	2021-08-17 03:32:10 -04:00
Daniel Stenberg	5ae49f9534	GHA: run all tests for hyper too As it lists disabled ones in DISABLED now Closes #7209	2021-06-10 08:42:59 +02:00
Daniel Stenberg	3d01b75077	GHA: add several libcurl tests to the hyper job 500 to 512	2021-06-07 23:54:54 +02:00
Daniel Stenberg	33812ad33d	GHA: run the newly fixed tests with hyper Closes #7205	2021-06-07 23:14:11 +02:00
Daniel Stenberg	b28a88951d	GHA: add a linux-hyper job Closes #7206	2021-06-07 17:31:07 +02:00
Daniel Stenberg	265b14d6b3	metalink: remove Warning: this will make existing curl command lines that use metalink to stop working. Reasons for removal: 1. We've found several security problems and issues involving the metalink support in curl. The issues are not detailed here. When working on those, it become apparent to the team that several of the problems are due to the system design, metalink library API and what the metalink RFC says. They are very hard to fix on the curl side only. 2. The metalink usage with curl was only very briefly documented and was not following the "normal" curl usage pattern in several ways, making it surprising and non-intuitive which could lead to further security issues. 3. The metalink library was last updated 6 years ago and wasn't so active the years before that either. An unmaintained library means there's a security problem waiting to happen. This is probably reason enough. 4. Metalink requires an XML parsing library, which is complex code (even the smaller alternatives) and to this day often gets security updates. 5. Metalink is not a widely used curl feature. In the 2020 curl user survey, only 1.4% of the responders said that they'd are using it. In 2021 that number was 1.2%. Searching the web also show very few traces of it being used, even with other tools. 6. The torrent format and associated technology clearly won for downloading large files from multiple sources in parallel. Cloes #7176	2021-06-07 08:14:25 +02:00
Daniel Stenberg	4b3d8f3558	github: remove the cmake macOS gcc-8 jobs They're too similar to the gcc-9 ones to be useful (and seems to not work anymore). Closes #7187	2021-06-04 08:30:26 +02:00
Daniel Stenberg	f7d1273cf9	github: timeout jobs on macOS after 90 minutes Assisted-by: Marc Hoersken Closes #7173	2021-06-02 16:00:42 +02:00
Daniel Stenberg	e53a0f6833	github: inhibit deprecated declarations for clang on macOS ... as they otherwise cause ldap build errors in the CI. Fixes #7081 Closes #7082	2021-05-17 22:45:46 +02:00
Daniel Stenberg	40ea52a241	github: add a workflow with libssh2 on macOS using cmake Closes #7047	2021-05-16 23:21:12 +02:00
Tobias Gabriel	0acfe05c2e	.github/FUNDING: add link to GitHub sponsors Closes #6985	2021-05-03 16:46:30 +02:00
Ayushman Singh Chauhan	6aae7b1761	docs: camelcase it like GitHub everywhere Closes #6979	2021-04-28 08:16:20 +02:00
Daniel Stenberg	e052bbcd57	ci: adapt to configure requiring an explicit TLS choice	2021-04-22 23:19:47 +02:00
Daniel Stenberg	7bdec2a08b	configure: provide --with-openssl, deprecate --with-ssl Makes the option more explicit. Closes #6887	2021-04-15 09:08:34 +02:00
Anthony Shaw	2908a8232c	github/workflow: add "security-extended" to codeql-analysis.yml Extends the CodeQL code scan. Closes #6815	2021-04-09 15:46:31 +02:00
Daniel Stenberg	6dc03053d1	github: add torture-ftp for FTP-only torture testing and at 20% to try to keep the run-time reasonable Closes #6728	2021-03-12 23:36:38 +01:00
XhmikosR	78617b48e4	CI: fix warning with the latest versions `git checkout HEAD^2` is no longer needed Closes #6369	2020-12-25 16:21:14 +01:00
Daniel Stenberg	d16fb4d056	Revert "CI/github: work-around for brew breakage on macOS" This reverts commit `4cbb17a2cb`. ... as the work-around now causes failures. Closes #6332	2020-12-16 14:37:41 +01:00
Daniel Stenberg	4d2f800677	curl.se: new home Closes #6172	2020-11-04 23:59:47 +01:00
Daniel Stenberg	4cbb17a2cb	CI/github: work-around for brew breakage on macOS ... and make it use OpenSSL 1.1 properly Fixes #6130 Closes #6129	2020-10-26 22:14:53 +01:00
Daniel Stenberg	96450a1a33	alt-svc: enable by default Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported. alt-svc support in curl is no longer considered experimental Closes #5868	2020-10-25 23:08:54 +01:00
Daniel Stenberg	cd048aaa28	github: remove the duplicate "Security vulnerability" entry ... since github adds an entry automatically by itself. Closes #5970	2020-09-17 15:22:11 +02:00
Emil Engler	48fb543d7f	github: use new issue template feature This helps us to avoid getting feature requests as well as security bugs reported into the issue tracker. Closes #5936	2020-09-17 13:58:18 +02:00
Daniel Stenberg	2429f45a97	TLS naming: fix more Winssl and Darwinssl leftovers The CMake option is now called CMAKE_USE_SCHANNEL The winbuild flag is USE_SCHANNEL The CI jobs and build scripts only use the new names and the new name options Tests now require 'Schannel' (when necessary) Closes #5795	2020-08-08 00:19:21 +02:00
Marcel Raad	730dc48253	CI/macos: set minimum macOS version This enables some deprecation warnings. Previously, autotools defaulted to 10.8. Closes https://github.com/curl/curl/pull/5723	2020-07-26 16:31:33 +02:00
Marcel Raad	05904db861	CI/macos: enable warnings as errors for CMake builds Closes https://github.com/curl/curl/pull/5716	2020-07-25 08:51:11 +02:00
Marcel Raad	ff8b6ce05f	CI/macos: unconditionally enable warnings-as-errors with autotools Previously, warnings were only visible in the output for most jobs. Closes https://github.com/curl/curl/pull/5694	2020-07-19 10:35:19 +02:00
Marc Hoersken	a88fe0fd14	workflows: limit what branches to run CodeQL on Align CodeQL action with existing CI actions: - Update branch filter to avoid duplicate CI runs. - Shorten workflow name due to informative job name. Reviewed-by: Daniel Stenberg Closes #5660	2020-07-13 21:01:03 +02:00
Daniel Stenberg	7de2a4ce35	codeql-analysis.yml: fix the 'languages' setting It needs a 'with:' in front of it.	2020-06-26 08:49:47 +02:00
Daniel Stenberg	7183f5acc3	gtihub: codeql-analysis.yml enables code security scanning with github actions	2020-06-26 01:06:05 +02:00
Marc Hoersken	0900b03ecf	CI/macos: fix 'is already installed' errors by using bundle Avoid failing CI builds due to nghttp2 being already installed. Closes #5513	2020-06-03 20:18:36 +02:00
Daniel Stenberg	23a3ab9dd5	github/workflow: enable MQTT in the macOS debug build	2020-04-14 13:04:10 +02:00
Marc Hoersken	638b8558d1	CI/macos: convert CRLF to LF and align indentation	2020-04-10 00:59:35 +02:00
Daniel Stenberg	6435aaa70b	github actions: run when pushed to master or */ci + PRs Avoid double-builds when using "local" branches for PRs. For both macos and fuzz jobs. Closes #5201	2020-04-08 14:19:08 +02:00
Leo Neat	4506607b44	CI-fuzz: increase fuzz time to 40 minutes Closes #5174	2020-04-02 23:56:19 +02:00
Marc Hoersken	7e8a1a0875	CI: remove default Ubuntu build from GitHub Actions We are already running a very similar Ubuntu build on Travis CI. The macOS variant of this default build is kept on Github Actions.	2020-03-24 18:25:21 +01:00
Marc Hoersken	fd7afa7d39	CI: bring GitHub Actions fuzzing job in line with macOS jobs Update YAML formatting, job naming and triggers.	2020-03-24 18:19:35 +01:00
Marc Hoersken	840df8b0d9	CI: migrate macOS jobs from Azure and Travis CI to GitHub Actions Reduce workload on Azure Pipelines and Travis CI while consolidating macOS jobs onto less utilized GitHub Actions. Reviewed-by: Daniel Stenberg Closes #5124	2020-03-24 18:18:15 +01:00
Daniel Stenberg	ea1b2eb976	CIfuzz: switch off 'dry_run' mode Follow-up from #4960: now make it fail if it detects problems. Closes #4998	2020-02-28 16:50:43 +01:00
Leo Neat	7224e70f40	github action: add CIFuzz Closes #4960	2020-02-21 08:56:44 +01:00
Emil Engler	11ee0640ac	github: Instructions to post "uname -a" on Unix systems in issues Closes #4896	2020-02-08 18:13:46 +01:00
Daniel Stenberg	ab712afa8f	github action/azure pipeline: run 'make test-nonflaky' for tests To match travis and give more info on failures.	2019-12-03 19:30:34 +01:00
Daniel Stenberg	df26f5f9c3	CI: inintial github action job First shot at a CI build on github actions	2019-09-14 20:25:43 +02:00
Daniel Stenberg	be01f475ed	.github/FUNDING: mention our opencollective "home" [ci skip]	2019-05-23 11:16:23 +02:00
Daniel Stenberg	10e4dd6a7b	docs/BUG-BOUNTY: bug bounty time [skip ci] Introducing the curl bug bounty program on hackerone. We now recommend filing security issues directly in the hackerone ticket system which only is readable to curl security team members. Assisted-by: Daniel Gustafsson Closes #3488	2019-04-22 17:19:19 +02:00
Daniel Stenberg	3ed3db5c04	github/lock: auto-lock closed issues after 90 days of inactivity	2018-05-05 14:05:57 +02:00
Jay Satiro	274983b774	ISSUE_TEMPLATE: Add a comment not to file security issues on github	2017-07-11 11:48:37 -04:00
Daniel Stenberg	ced57e9a95	.github/stale.yml: enable the stale bot Issues and PRs with no activity for 180 days will get marked as stale, and if no further activity happens within 14 more days, the issue gets closed. This follows our established policy of not letting stalled bugs "get in the way": https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs Closes #1398	2017-04-09 00:08:51 +02:00
Daniel Stenberg	7c847ab9d5	ISSUE_TEMPLATE: for bugs, ask questions on the mailing list and try to add the top comment within an HTML comment in the hope that it might get hidden if the text is kept	2017-03-10 10:32:01 +01:00
Daniel Stenberg	5fad800efd	ISSUE_TEMPLATE: try mentioning known bugs/todo in new issue template	2016-12-11 19:37:44 +01:00

1 2

55 Commits