[SECURITY ADVISORY] curl: CVE-2024-2398: HTTP/2 push headers memory-leak

HTTP/2 push headers memory-leak === Project curl Security Advisory, March 27 2024 - [Permalink](https://curl.se/docs/CVE-2024-2398.html) VULNERABILITY - When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received he

[SECURITY ADVISORY] curl: CVE-2024-2379: QUIC certificate check bypass with wolfSSL

QUIC certificate check bypass with wolfSSL == Project curl Security Advisory, March 27 2024 - [Permalink](https://curl.se/docs/CVE-2024-2379.html) VULNERABILITY - libcurl skips the certificate verification for a QUIC connection under certain c

[SECURITY ADVISORY] curl: CVE-2024-2004: Usage of disabled protocol

Usage of disabled protocol == Project curl Security Advisory, March 27 2024 - [Permalink](https://curl.se/docs/CVE-2024-2004.html) VULNERABILITY - When a protocol selection parameter option disables all protocols without adding any then the default set of pro

[RELEASE] curl 8.7.0

Hello friends! I'm happy to announce another curl release! Get it as always from https://curl.se Also: see the four separate security advisories we announce in association with this release. curl and libcurl 8.7.0 Public curl releases: 255 Command line options: 258 curl_

Re: libcurl and s3/minio

On Tue, Mar 26, 2024 at 03:16:31PM -0600, R C via curl-library wrote: > btw; you mentioned : "curl versions since 7.75.0 have AWS signature > calculation > built-in, with the > > --aws-sigv4 option." > > is there something similar, a function, in libcurl? --libcurl tells me it's CURLOPT_AWS_SI

Re: libcurl and s3/minio

On 3/26/24 14:34, Dan Fandrich via curl-library wrote: On Tue, Mar 26, 2024 at 02:17:10PM -0600, R C via curl-library wrote:     -H "Host: $URL" \ This is seldom needed because curl adds it on its own. without it the script doesn't work with minio [...]     ${PROTOCOL}://$URL${MINIO_PAT

Re: libcurl and s3/minio

On Tue, Mar 26, 2024 at 02:17:10PM -0600, R C via curl-library wrote: > > >     -H "Host: $URL" \ > > This is seldom needed because curl adds it on its own. > without it the script doesn't work with minio [...] > > >     ${PROTOCOL}://$URL${MINIO_PATH} I don't know what minio is, but looking at

Re: libcurl and s3/minio

On 3/26/24 12:01, Dan Fandrich via curl-library wrote: On Tue, Mar 26, 2024 at 11:36:07AM -0600, R C via curl-library wrote: I am trying to find out how to write something, using libcurl, to do some io with a minio object store (s3 compatible) I did go a bit through the examples page (some I h

Re: libcurl and s3/minio

On 3/26/24 12:01, Dan Fandrich via curl-library wrote: On Tue, Mar 26, 2024 at 11:36:07AM -0600, R C via curl-library wrote: I am trying to find out how to write something, using libcurl, to do some io with a minio object store (s3 compatible) I did go a bit through the examples page (some I h

Re: libcurl and s3/minio

On Tue, Mar 26, 2024 at 11:36:07AM -0600, R C via curl-library wrote: > I am trying to find out how to write something, using libcurl, to do some io > with a minio object store (s3 compatible) > > I did go a bit through the examples page (some I have used as een example for > other projects), but

libcurl and s3/minio

Hello, I am trying to find out how to write something, using libcurl, to do some io with a minio object store (s3 compatible) I did go a bit through the examples page (some I have used as een example for other projects), but could really find what I was looking for. I did find a script tha

Re: SIGSEGV in curl-8.6.0/lib/http2.c:288 (curl_multi_perform->extract_if_dead->http2_data_done)

> Am 26.03.2024 um 17:09 schrieb Aleksander Mazur via curl-library > : > > Sorry for garbled gdb output, I hope this time it will look better: > > #0 0x77e4a6ba in http2_data_done (cf=0x794698, data=0x490878, > premature=true) at http2.c:288 > #1 0x77e4f1e9 in cf_h2_cntrl (

Re: SIGSEGV in curl-8.6.0/lib/http2.c:288 (curl_multi_perform->extract_if_dead->http2_data_done)

Sorry for garbled gdb output, I hope this time it will look better: #0 0x77e4a6ba in http2_data_done (cf=0x794698, data=0x490878, premature=true) at http2.c:288 #1 0x77e4f1e9 in cf_h2_cntrl (cf=0x794698, data=0x490878, event=2, arg1=0, arg2=0x0) at http2.c:2513 #2 0x77

Re: SIGSEGV in curl-8.6.0/lib/http2.c:288 (curl_multi_perform->extract_if_dead->http2_data_done)

> Am 26.03.2024 um 16:57 schrieb Aleksander Mazur via curl-library > : > > Dnia 2024-03-25, o godz. 22:33:13 Jeffrey Walton > napisał(a): > >> You have to build your application and cURL with -O0 or -O1. Valgrind >> becomes inaccurate at -O2 and above, and sometimes incorrectly reports >> uni

Re: SIGSEGV in curl-8.6.0/lib/http2.c:288 (curl_multi_perform->extract_if_dead->http2_data_done)

Dnia 2024-03-25, o godz. 22:33:13 Jeffrey Walton napisał(a): > You have to build your application and cURL with -O0 or -O1. Valgrind > becomes inaccurate at -O2 and above, and sometimes incorrectly reports > uninitialized memory. Also see > . Ye