mirror of
https://github.com/xroche/httrack.git
synced 2026-07-03 07:33:49 +03:00
Compare commits
base: rms:master
rms:master
rms:phase0-followups
rms:phase0-parser-hardening
rms:phase0-network-overflows
rms:issue-159-redirect-dedup
rms:issue-279-fragment-links
rms:htsparse-t3-xmacro
rms:htsparse-t2-automaton
rms:htsparse-t1-cleanup
rms:debian-lintian-cleanup
rms:htsparse-t0-bugfixes
rms:inplace-escape-helper
rms:string-macro-hygiene
rms:worktree-agent-a8410efcedcd83eb2
rms:hurd-connect-fallback-probe
rms:robots-rfc9309-452
rms:accept-encoding-deflate-450
rms:tests/zlib-prefix-convention
rms:minor-legacy-constants-453
rms:html5-resource-coverage-451
rms:ua-modernize-449
rms:mime-table-refresh-448
rms:debian-3.49.10-2
rms:fix-pause-test-skip
rms:entities-html5-fnv1a
rms:release-3.49.10
rms:fix/redirect-fragment-204
rms:fix/strjoker-escaped-bracket-148
rms:i18n/translate-doc-colon-74-75
rms:feat/pause-files-185
rms:feat/cookies-file-215
rms:deb/webhttrack-browser-dep-reorder
rms:fix/urlhack-split-271
rms:feature/query-param-handling
rms:ci/msan-job
rms:fix/filtersize-portability
rms:fix/filters-143-144
rms:fix/filelist-diag-49
rms:fix/mime-exclude-abort-58
rms:fix/pdf-corruption-198
rms:selftest-named-dispatch
rms:fix/cache-zip-write-abort-174-219
rms:tests/errpage-purge-17
rms:tests/broken-size-tolerant-32-41
rms:fix/update-ext-mangle-157
rms:fix-206-update-loop
rms:fix-delayed-type-mangle
rms:lintian-minizip-override
rms:dns-coucal-cache
rms:dns-multiaddr-fallback
rms:dns-resolver-mockable-seam
rms:silence-coucal-stats
rms:debian-copyright-dep5
rms:release/3.49.9
rms:fix/option-fields-tristate
rms:feature/contenttype-sentinel
rms:fix/empty-content-type-uninit
rms:fix/267-delayed-ext-mangle
rms:feature/local-test-server
rms:fix/mkdeb-orig-artifact-rev2
rms:debian/libhttrack3-rename
rms:feature/mkdeb-sbuild
rms:release/3.49.8
rms:chore/clang-format-separate-defs
rms:chore/lint-all-shell-scripts
rms:fix/relative-path-dotdot-137-162
rms:fix/css-url-paren-163
rms:fix/js-string-falsepos-218
rms:fix/html-underflow-396
rms:fix/css-import-94
rms:fix/xmlns-false-links-191
rms:fix/proxy-https-connect-85
rms:fix/empty-footer-doitlog-106
rms:fix/cookie-rfc6265-151
rms:feature/api-enum-callsites-savename83
rms:fix/copy-htsopt-unsigned-enum-guards
rms:fix/travel-test-all-enum
rms:feature/api-enum-fields-2
rms:feature/api-bool-returns
rms:feature/api-boolean-enum
rms:feature/api-enum-types
rms:cleanup/dead-decls
rms:fix/mtime-local-precision
rms:docs/api-httrack-library
rms:tests/cache-format-regression
rms:cleanup/cmdl-macros-dedup
rms:tests/strict-mode
rms:ci/git-clang-format-from-apt
rms:build/drop-generated-autotools
rms:cleanup/htssafe-ptr-gate
rms:cleanup/lang-list-size
rms:cleanup/htsserver-bounds
rms:ci/cache-git-clang-format
rms:cleanup/htsparse-bounds
rms:cleanup/htsalias-bounds
rms:cleanup/htscoremain-bounds
rms:cleanup/htstools-bounds
rms:cleanup/htsname-bounds
rms:cleanup/htslib-mime-bounds
rms:docs/agents-md
rms:cleanup/htslib-bounds
rms:chore/bump-coucal-shift-ub
rms:cleanup/htscore-bounds
rms:fix/malloc-size-plus4
rms:ci/asan-poison-fill
rms:audit/fread-nul-termination
rms:ci/hardening-sanitize-nossl-distcheck
rms:ci/bump-checkout-v5
rms:ci/mkdeb-single-test
rms:ci/macos-i386
rms:ci/deb-faster
rms:feature/appstream-metainfo
rms:fix/webhttrack-browser-deps
rms:ci/deb-package
rms:build/regen-autotools
rms:cleanup/htsback-bounds
rms:cleanup/ethical-notice-wording
rms:build/noexec-out-of-tree
rms:cleanup/copyright-spdx
rms:tests/cache-selftest
rms:cleanup/cache-rstr-s1
rms:test/cache-update
rms:cleanup/htscache-bounds
rms:cleanup/htsbauth-bounds
rms:cleanup/htswizard-bounds
rms:docs/governance
rms:cleanup/infostatuscode-const
rms:cleanup/url_savename-htsbuff
rms:cleanup/git-format-hook
rms:cleanup/clang-format-setup
rms:cleanup/htsbuff-builder
rms:cleanup/htssafe-pointer-diagnostics
rms:cli/header-ua-length-152
rms:parser/lock-background-image-237
rms:parser/srcset-candidates
rms:docs/rfc2606-example-domains
rms:test/filter-escape-characterize
rms:fix/doc-lang-nits
rms:test/expand-engine-coverage
rms:fix/mutex-init-race-297
rms:fix/footer-xss-165
rms:fix/lockpath-overflow-183
rms:fix/lintian-cleanup
rms:chore/changelog-news-symlink
rms:docs/readme-badges
rms:ci/github-actions
rms:feat/license-gpl3-simplify
rms:chore/debhelper-compat-13
rms:chore/standards-version-4.7.0
rms:feat/in-tree-mkdeb
rms:feat/manpage-generator
rms:fix/openssl4-tls-init
rms:fix/multiarch-config-h-coinstall
rms:staging
rms:wiki
rms:3.48
rms:3.47
..
compare: rms:phase0-followups
rms:master
rms:phase0-followups
rms:phase0-parser-hardening
rms:phase0-network-overflows
rms:issue-159-redirect-dedup
rms:issue-279-fragment-links
rms:htsparse-t3-xmacro
rms:htsparse-t2-automaton
rms:htsparse-t1-cleanup
rms:debian-lintian-cleanup
rms:htsparse-t0-bugfixes
rms:inplace-escape-helper
rms:string-macro-hygiene
rms:worktree-agent-a8410efcedcd83eb2
rms:hurd-connect-fallback-probe
rms:robots-rfc9309-452
rms:accept-encoding-deflate-450
rms:tests/zlib-prefix-convention
rms:minor-legacy-constants-453
rms:html5-resource-coverage-451
rms:ua-modernize-449
rms:mime-table-refresh-448
rms:debian-3.49.10-2
rms:fix-pause-test-skip
rms:entities-html5-fnv1a
rms:release-3.49.10
rms:fix/redirect-fragment-204
rms:fix/strjoker-escaped-bracket-148
rms:i18n/translate-doc-colon-74-75
rms:feat/pause-files-185
rms:feat/cookies-file-215
rms:deb/webhttrack-browser-dep-reorder
rms:fix/urlhack-split-271
rms:feature/query-param-handling
rms:ci/msan-job
rms:fix/filtersize-portability
rms:fix/filters-143-144
rms:fix/filelist-diag-49
rms:fix/mime-exclude-abort-58
rms:fix/pdf-corruption-198
rms:selftest-named-dispatch
rms:fix/cache-zip-write-abort-174-219
rms:tests/errpage-purge-17
rms:tests/broken-size-tolerant-32-41
rms:fix/update-ext-mangle-157
rms:fix-206-update-loop
rms:fix-delayed-type-mangle
rms:lintian-minizip-override
rms:dns-coucal-cache
rms:dns-multiaddr-fallback
rms:dns-resolver-mockable-seam
rms:silence-coucal-stats
rms:debian-copyright-dep5
rms:release/3.49.9
rms:fix/option-fields-tristate
rms:feature/contenttype-sentinel
rms:fix/empty-content-type-uninit
rms:fix/267-delayed-ext-mangle
rms:feature/local-test-server
rms:fix/mkdeb-orig-artifact-rev2
rms:debian/libhttrack3-rename
rms:feature/mkdeb-sbuild
rms:release/3.49.8
rms:chore/clang-format-separate-defs
rms:chore/lint-all-shell-scripts
rms:fix/relative-path-dotdot-137-162
rms:fix/css-url-paren-163
rms:fix/js-string-falsepos-218
rms:fix/html-underflow-396
rms:fix/css-import-94
rms:fix/xmlns-false-links-191
rms:fix/proxy-https-connect-85
rms:fix/empty-footer-doitlog-106
rms:fix/cookie-rfc6265-151
rms:feature/api-enum-callsites-savename83
rms:fix/copy-htsopt-unsigned-enum-guards
rms:fix/travel-test-all-enum
rms:feature/api-enum-fields-2
rms:feature/api-bool-returns
rms:feature/api-boolean-enum
rms:feature/api-enum-types
rms:cleanup/dead-decls
rms:fix/mtime-local-precision
rms:docs/api-httrack-library
rms:tests/cache-format-regression
rms:cleanup/cmdl-macros-dedup
rms:tests/strict-mode
rms:ci/git-clang-format-from-apt
rms:build/drop-generated-autotools
rms:cleanup/htssafe-ptr-gate
rms:cleanup/lang-list-size
rms:cleanup/htsserver-bounds
rms:ci/cache-git-clang-format
rms:cleanup/htsparse-bounds
rms:cleanup/htsalias-bounds
rms:cleanup/htscoremain-bounds
rms:cleanup/htstools-bounds
rms:cleanup/htsname-bounds
rms:cleanup/htslib-mime-bounds
rms:docs/agents-md
rms:cleanup/htslib-bounds
rms:chore/bump-coucal-shift-ub
rms:cleanup/htscore-bounds
rms:fix/malloc-size-plus4
rms:ci/asan-poison-fill
rms:audit/fread-nul-termination
rms:ci/hardening-sanitize-nossl-distcheck
rms:ci/bump-checkout-v5
rms:ci/mkdeb-single-test
rms:ci/macos-i386
rms:ci/deb-faster
rms:feature/appstream-metainfo
rms:fix/webhttrack-browser-deps
rms:ci/deb-package
rms:build/regen-autotools
rms:cleanup/htsback-bounds
rms:cleanup/ethical-notice-wording
rms:build/noexec-out-of-tree
rms:cleanup/copyright-spdx
rms:tests/cache-selftest
rms:cleanup/cache-rstr-s1
rms:test/cache-update
rms:cleanup/htscache-bounds
rms:cleanup/htsbauth-bounds
rms:cleanup/htswizard-bounds
rms:docs/governance
rms:cleanup/infostatuscode-const
rms:cleanup/url_savename-htsbuff
rms:cleanup/git-format-hook
rms:cleanup/clang-format-setup
rms:cleanup/htsbuff-builder
rms:cleanup/htssafe-pointer-diagnostics
rms:cli/header-ua-length-152
rms:parser/lock-background-image-237
rms:parser/srcset-candidates
rms:docs/rfc2606-example-domains
rms:test/filter-escape-characterize
rms:fix/doc-lang-nits
rms:test/expand-engine-coverage
rms:fix/mutex-init-race-297
rms:fix/footer-xss-165
rms:fix/lockpath-overflow-183
rms:fix/lintian-cleanup
rms:chore/changelog-news-symlink
rms:docs/readme-badges
rms:ci/github-actions
rms:feat/license-gpl3-simplify
rms:chore/debhelper-compat-13
rms:chore/standards-version-4.7.0
rms:feat/in-tree-mkdeb
rms:feat/manpage-generator
rms:fix/openssl4-tls-init
rms:fix/multiarch-config-h-coinstall
rms:staging
rms:wiki
rms:3.48
rms:3.47
5 Commits
master
...
phase0-fol
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
efa3896fa4 |
tests: cover the %xx-encoded UTF-8 flush path in unescape-bounds
The raw-byte cases never take the utfBufferJ = lastJ rollback branch, so a wrong flush offset there would have passed (review finding). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Signed-off-by: Xavier Roche <roche@httrack.com> |
||
|
|
d2b71d878c |
configure: use the dylib plugin name on Darwin
libtool names the module libhtsjava.N.dylib there, so the .so.N form can never load; caught by 31_local-javaclass.test on the macOS CI job (the old hardcoded .so.2 was just as dead, silently). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Signed-off-by: Xavier Roche <roche@httrack.com> |
||
|
|
1249c42f1e |
htsftp: assert nonzero buffer sizes, harden the userpass self-test
ftp_split_userpass underflows its size-1 math on a zero size; assert the precondition now that the function is public in htsftp.h. The self-test gains a tight-size run with guard bytes and exact-content checks, which the 256-byte buffers alone could not fail on an off-by-one. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Signed-off-by: Xavier Roche <roche@httrack.com> |
||
|
|
5c1ffaf3a6 |
Resurrect the java .class parser on modern Unix builds
The plugin was dead three ways on a current Linux build: hts_plug() was compiled hidden (-fvisibility=hidden, EXTERNAL_FUNCTION expanded to nothing on ELF), hts_create_opt() dlopens libhtsjava.so.2 which no longer exists since the soname moved to .so.3, and JAVA_HEADER.magic is 'unsigned long' (8 bytes on LP64) under a 10-byte fread, so major/count came from uninitialized bytes and the 0xCAFEBABE check never matched. EXTERNAL_FUNCTION now forces default visibility on ELF, the dlopen name is derived from VERSION_INFO at configure time, and the header fields are fixed-width. 31_local-javaclass.test crawls a generated .class and asserts a resource named only in its constant pool is fetched; it fails if any of the three regresses. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Signed-off-by: Xavier Roche <roche@httrack.com> |
||
|
|
f38472c697 |
htsencoding: bound the raw UTF-8 flush in hts_unescapeUrlSpecial
The completed-sequence flush memcpy ends with a 'continue' that skips the per-byte NUL-reserve guard, so a raw multi-byte character landing at the exact end of dest let the trailing NUL write dest[max] (1-byte OOB, found by the post-#474 review pass; ASan-verified via the extended -#test=unescape-bounds). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Signed-off-by: Xavier Roche <roche@httrack.com> |