Collision happens when building with mingw-w64 v3 or v2 while targeting
Vista or newer. `iphlpapi.h` includes `windns.h` in this case, which
defines macros named `DNS_TYPE_*`, colliding with curl doh enums.
The issue was fixed in mingw-w64 v4:
ea95d55e33
Fixes:
```
lib/doh.h:54:3: error: expected identifier before numeric constant
DNS_TYPE_A = 1,
^
```
Ref: https://github.com/curl/curl/actions/runs/16551209676/job/46806303365?pr=18009#step:10:17
This workaround seems harmless and generally good practice, but
another option is to require mingw-w64 v4.
Ref: #18009Closes#18041
If the long option name ends with an equals sign (`=`), the argument is
the text following on its right side.
This makes the command line parser accept this common style in addition
to the existing way to accept option arguments more similar to how other
command line tools do.
Example: `curl --user-agent=curl-2000 https://example.com/`
Change a few existing tests to use this syntax: 206, 1333, 1335, 1442
Closes#17789
This still allows users to explictily ask for 1.0 or 1.1 as the minimum
version. If the TLS library allows it.
Starting with this change, the CURL_SSLVERSION_DEFAULT value is no
longer used as minimum version when the TLS backend are called.
This also makes curl set the minimum version to 1.2 independently of
libcurl for the rare case where a newer curl tool would use an older
libcurl.
URL: https://curl.se/mail/lib-2025-07/0007.html
Assisted-by: Stefan Eissing
Closes#17894
- GHA/windows: disable building certs in the MSVC job that's not running
tests. Saves 4-5 seconds for MSVC, makes logs shorter for the rests.
- GHA/linux: build tests in two more jobs (LTO, CM Rustls), 5s each.
- GHA/linux: skip 'install test prereqs' for `skiprun` jobs.
(there were no such jobs before this patch.)
Closes#18034
This became an issue after promoting curl compiler warnings to errors in
curl-for-win. The code is correct. It over-allocates a struct to store
variable sized data past its length. Similar code is present in
`lib/smb.c`, silenced earlier.
Seen in linux-musl-debian-testing-gcc curl-for-win builds, gcc 14.2.0,
RISC-V (but not amd64/aarch64), unity, debian:testing (trixie):
musl:
```
In file included from /curl/_r64-linux-musl-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:184:
In function 'Curl_http_req_make',
inlined from 'Curl_http_proxy_create_CONNECT' at /curl/lib/http_proxy.c:252:12:
/curl/lib/http.c:4373:3: error: 'memcpy' offset [137, 142] from the object at 'req' is out of the bounds of
referenced subobject 'method' with type 'char[1]' at offset 136 [-Werror=array-bounds=]
4373 | memcpy(req->method, method, m_len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /curl/lib/urldata.h:182,
from /curl/lib/altsvc.c:32,
from /curl/_r64-linux-musl-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:4:
/curl/lib/http.h: In function 'Curl_http_proxy_create_CONNECT':
/curl/lib/http.h:230:8: note: subobject 'method' declared here
230 | char method[1];
| ^~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/16527769182/job/46745369844?pr=18025#step:3:5798
Ref: https://github.com/curl/curl-for-win/actions/runs/16525969694/job/46739239206#step:3:5958
glibc (with unity batch):
```
In file included from /usr/riscv64-linux-gnu/include/string.h:548,
from /curl/lib/curl_setup_once.h:33,
from /curl/lib/curl_setup.h:823,
from /curl/lib/http.c:25,
from /curl/_r64-linux-gnu-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_2_c.c:4:
In function 'memcpy',
inlined from 'Curl_http_req_make' at /curl/lib/http.c:4373:3,
inlined from 'Curl_http_proxy_create_CONNECT' at /curl/lib/http_proxy.c:252:12:
/usr/riscv64-linux-gnu/include/bits/string_fortified.h:29:10: error: '__builtin_memcpy' offset [137, 142]
from the object at 'req' is out of the bounds of
referenced subobject 'method' with type 'char[1]' at offset 136 [-Werror=array-bounds=]
29 | return __builtin___memcpy_chk (__dest, __src, __len,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
30 | __glibc_objsize0 (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /curl/lib/urldata.h:182,
from /curl/lib/http.c:50:
/curl/lib/http.h: In function 'Curl_http_proxy_create_CONNECT':
/curl/lib/http.h:230:8: note: subobject 'method' declared here
230 | char method[1];
| ^~~~~~
```
Ref: https://github.com/curl/curl-for-win/actions/runs/16538174468/job/46775731055#step:3:5936
Ref: f45df099f3
Follow-up to 14f26f5ee7#16187
Cherry-picked from #18025Closes#18030
ngtcp2 1.14.0 added crypto dependencies to the ngtcp2 crypto `.pc`
files. It broke GHA builds, because how curl's `configure` is setting up
the per-dependency custom prefixes for pkg-config.
`configure` uses `PKG_CONFIG_LIBDIR` to set per-dependency custom
prefixes, as specified via `--with-ngtcp2=<custom-dir>`. In classic
`pkg-config` this overrides any previously configured `PKG_CONFIG_DIR`.
This in turn break detecting transitive pkg-config modules unless they
are found at locations `pkg-config` is searching by default. This
doesn't affect `pkgconf` because it appends `PKG_CONFIG_LIBDIR` to
the custom `PKG_CONFIG_DIR`, according to its man page.
It may make sense to fix this in`acinclude.m4`, to make sure to honor
global custom pkg-config paths while detecting components at custom
locations, regardless of pkg-config implementation. But this PR doesn't
do this.
Instead it drops the ngtcp2 custom path and lets detection rely on
`PKG_CONFIG_DIR` that's already set up for all custom-built dependencies
anyway.
Also:
- fix `openssl-quic` job to use the custom-built nghttp2 (like other
jobs do) instead of the system default.
- configure nghttp3 via `PKG_CONFIG_DIR` in the `openssl-quic` job,
to sync with other jobs. And drop `--with-nghttp3` option.
cb9b1a4c4e/acinclude.m4 (L1376-L1381)https://manpages.debian.org/unstable/pkg-config/pkg-config.1.en.htmlhttps://man.archlinux.org/man/pkgconf.1.en
Ref: https://github.com/ngtcp2/ngtcp2/pull/1689#issuecomment-3121576712Closes#18022Closes#18028
```
../../lib/vquic/curl_osslq.c:1091:1: error: missing initializer for field 'recv_origin' of 'nghttp3_callbacks' [-Werror=missing-field-initializers]
1091 | };
| ^
In file included from ../../lib/vquic/curl_osslq.c:33:
/home/runner/nghttp3/build/include/nghttp3/nghttp3.h:2082:23: note: 'recv_origin' declared here
2082 | nghttp3_recv_origin recv_origin;
| ^~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/16527325587/job/46743893924?pr=18021#step:18:35
Follow-up to 1055144063#18019Closes#18026
Required for mingw-w64 5.x (and older) builds targeting a Windows 7+.
mingw-w64 6+ fixed `mprapi.h` (included indirectly via `iphlpapi.h`)
to include `wincrypt.h` for the missing types.
MSVC is not affected because SDK 7.1a (the oldest MS SDK curl supports),
`mprapi.h` does include `wincrypt.h`.
Make sure to include `wincrypt.h` before including `iphlpapi.h` as
a workaround. `wincrypt.h` is used unconditionally even though it's
not available in UWP. This is safe in this context, because we use
`iphlpapi.h` for `if_nametoindex`, which is not supported and used
in UWP builds.
This fixes auto-detection that missed detecting `if_nametoindex` in
the affected combination, and this build error in non-unity builds:
```
In file included from D:/my-cache/mingw32/i686-w64-mingw32/include/iprtrmib.h:9:0,
from D:/my-cache/mingw32/i686-w64-mingw32/include/iphlpapi.h:17,
from D:/a/curl/curl/lib/url.c:63:
D:/my-cache/mingw32/i686-w64-mingw32/include/mprapi.h:865:3: error: unknown type name 'CERT_NAME_BLOB'
CERT_NAME_BLOB *certificateNames;
^~~~~~~~~~~~~~
D:/my-cache/mingw32/i686-w64-mingw32/include/mprapi.h:887:3: error: unknown type name 'CRYPT_HASH_BLOB'
CRYPT_HASH_BLOB certBlob;
^~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/16497057672/job/46645264552?pr=18012#step:10:140
This combination is not normally tested in CI. It was caught in
the `dl-mingw, CM 6.4.0-i686 schannel !unity Win7` job while working
on another PR.
Follow-up to 0d71b18153#17413
Ref: #18009Closes#18012
This change wasn't good because `config-win32.h` does rely on the UWP
detection result to set `USE_WIN32_CRYPTO` and LDAP macros. While it
fixed one issue, it created another.
It seems better to revert, and focus on reducing and/or eventually
dropping the logic within `config-win32.h` that alters `_WIN32_WINNT`.
It may not be necessary anymore with a minimum of VS2008 (soon VS2010).
The logic is also absent from cmake builds, without causing issues.
Could affect UWP winbuild/project-file builds. These are theoretical
builds because neither build method is prepared to target UWP.
Reverts 792a61e204#17980
Ref: https://github.com/curl/curl/pull/17980#issuecomment-3114462492Closes#18014
- autotools: stop checking for `WINVER` to detect thread-safety.
To sync with implementation in `easy_lock.h` and with cmake.
- replace numeric version with `_WIN32_WINNT_VISTA`.
- `_WIN32_WINNT_VISTA` is always defined via `setup-win32.h`,
don't check for it.
Closes#17981
After 7cf8414fab#12862, `VAR=` no longer
removes the env variable, but sets it to an empty/blank value instead.
To remove an env, `VAR` shall be used (without the assigment operator.)
`SSL_CERT_FILE`, `CURL_HOME`, `HOME`, `XDG_CONFIG_HOME`, were added
before the change above. Make tests unset these envs again, as their
commit messages suggest, instead of blanking them. It does not change
the outcome of the tests.
Ref: 764e4f066d#8213
Ref: e992770e8d#6600
Folllow-up to 7cf8414fab#12862
Cherry-picked from #17988Closes#17994
The unexplained error in AppVeyor CI tests are not hit in CI after
moving those tests to GHA. Re-enable to run this test on Windows.
Revisit if the error is seen again on Windows.
Errors seen earlier in AppVeyor CI:
https://ci.appveyor.com/project/curlorg/curl/builds/49120834https://ci.appveyor.com/project/curlorg/curl/builds/49123802 (with debug lines)
In these jobs:
CMake, VS2010, Debug, x64, no SSL, Static
CMake, mingw-w64, gcc 7, Debug, x64, Schannel, Static, Unicode
CMake, mingw-w64, gcc 9, Debug, x64, Schannel, Static, Unity
CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static
Test log from the 'gcc 9` job above (with debug lines):
```
test 0428...[Expand environment variables within config file]
428: protocol FAILED!
There was no content at all in the file log/server.input.
Server glitch? Total curl failure? Returned: 26
== Contents of files in the log/ dir after test 428
=== Start of file cmd
--variable %FUNVALUE
--variable %VALUE2
--variable %BLANK
--variable %curl_NOT_SET=default
--expand-data 1{{FUNVALUE}}2{{VALUE2}}3{{curl_NOT_SET}}4{{BLANK}}5\{{verbatim}}6{{not.good}}7{{}}
=== End of file cmd
=== Start of file commands.log
../src/curl.exe --output log/curl428.out --include --trace-ascii log/trace428 --trace-time http://127.0.0.1:1593/428 -K log/cmd > log/stdout428 2> log/stderr428
=== End of file commands.log
=== Start of file server.cmd
Testnum 428
=== End of file server.cmd
=== Start of file stderr428
getenv of 'FUNVALUE' returned 0xee65d2
getenv of 'VALUE2' returned 0xee7a42
getenv of 'BLANK' returned (nil)
curl: Variable 'BLANK' import fail, not set
curl: log/cmd:3: '--variable' variable expansion failure
curl: cannot read config from 'log/cmd'
curl: option -K: error encountered when reading a file
curl: try 'curl --help' for more information
=== End of file stderr428
```
Env comparison:
Fail: https://ci.appveyor.com/project/curlorg/curl/builds/49123802/job/2a4w7i21npys9pd3
```
-- curl version=[8.6.1-DEV]
-- The C compiler identification is GNU 9.1.0
-- Found Perl: C:/msys64/usr/bin/perl.exe (found version "5.30.0").
-- Found _WIN32_WINNT=0x0601
* curl 8.6.1-DEV (Windows).
* libcurl/8.6.1-DEV Schannel zlib/1.2.11
* Features: alt-svc AsynchDNS Debug HSTS HTTPS-proxy IPv6 Kerberos Largefile libz NTLM SPNEGO SSL SSPI threadsafe TrackMemory UnixSockets
* Disabled: xattr
* System: MSYS_NT-10.0-14393 APPVYR-WIN 3.0.7-338.x86_64 2019-07-11 10:58 UTC x86_64 Msys
```
OK (this PR): https://github.com/curl/curl/actions/runs/16439564668/job/46456976494
```
-- curl version=[8.15.1-DEV]
-- The C compiler identification is GNU 9.5.0
-- Found Perl: C:/msys64/usr/bin/perl.exe (found version "5.38.4")
-- Found _WIN32_WINNT=0x0601
* curl 8.15.1-DEV (Windows).
* libcurl/8.15.1-DEV Schannel libpsl/0.21.5
* Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
* Features: alt-svc AsynchDNS Debug HSTS HTTPS-proxy IPv6 Kerberos Largefile NTLM PSL SPNEGO SSL SSPI threadsafe TrackMemory UnixSockets
* Disabled: xattr, win32-ca-search-safe, override-dns
* System: MINGW64_NT-10.0-20348 runnervm51nrn 3.6.3-ab81aae6.x86_64 2025-07-01 18:20 UTC x86_64 Msys
```
Follow-up to 7cf8414fab
Ref: https://github.com/curl/curl/pull/12862#issuecomment-1929548070
Ref: 0f0edc283c#12862Closes#17991
- runtests: fix `codeset-utf8` feature detection. Before this patch it
detected if the calling environment had UTF-8 enabled. If not, UTF-8
tests were all skipped. After this patch, it detects if UTF-8 is
supported by the calling environment regardless of what's currently
enabled.
Follow-up to 0b70b23ef4#15039
- GHA/linux: sync `codeset-test` to also reset `LC_CTYPE` and
`LC_NUMBER`. To give it more spin.
Follow-up to c221c0ee59#17938
- GHA/macos: fix to actually enable `codeset-test`. Also set `LC_ALL`,
which seems necessary to trigger issues.
Follow-up to c221c0ee59#17938
- tests/data: replace `LC_CTYPE` env with `LC_ALL` in all tests
requiring a locale. Also to avoid potential issues with a blank or
unset `LC_ALL`, as seen earlier. And to ensure that the override works
on all platforms (as tested in CI.)
Slight downside is that this now resets the language/culture to `C`.
Ref: b4c9982382#4743
Ref: 23208e330a#4738
- replace `en_US.UTF-8` with `C.UTF-8` to be language/culture-agnostic.
- TEST-SUITE.md: drop `UTF-8` as a requirement for tests.
Tests shall work (or least be skipped) without UTF-8 support.
Tests requiring UTF-8 locale:
165, 962, 963, 964, 965, 966, 967, 1448, 1560, 2046, 2047
Tests requiring UTF-8 locale, but passing without one anyway:
955, 956, 957, 958, 959, 960, 961, 968, 1034, 1035
Spec 1997: https://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html
Spec 2008: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html
Ref: c221c0ee59#17938
Ref: 7cf8414fab
Ref: 4c140a5628
Ref: 28faaacee2#2436
Ref: ecd1d020abCloses#17988
- vtls: fix unused variable and symbols.
- ftp: fix unused variable.
- http: fix unused variables.
- smtp: fix unsued variable.
- wolfssl: fix unused variable with !proxy.
- libssh: fix unused argument.
- curl_trc: sync guards between declaration and definition.
- curl_trc: add missing guard for `Curl_trc_ssls` when !verbose.
- curl_trc: fix errors with !http + http3.
- curl_trc: fix missing function with !http + nghttp2.
- cf-h2-proxy: disable when !http + nghttp2, to avoid calling undeclared
functions.
- sha256: fix missing declaration in rare configs.
- md4: fix symbol conflict when building GnuTLS together with AWS-LC or
wolfSSL. By prioritizing the latter two. AWS-LC has no option
to disable the clashing symbol. wolfSSL does, but the most seamless is
to skip including GnuTLS's standalone `md4.h` to avoid the clash.
- build: fix errors with !http + nghttp2.
- build: catch !ssl + ssls-export combination in source. Convert
build-level errors to warnings.
- build: fix errors with !http + http3.
- build: fix building curl tool and unit1302 in rare combinations.
By always compiling base64 curlx functions.
- cmake: add `_CURL_SKIP_BUILD_CERTS` internal option.
To disable automatically building certs with the testdeps target.
To improve performance when testing builds.
(used locally to find the failing builds fixed in this PR.)
Closes#17962
Fixing:
```
In file included from lib/vtls/vtls.c:50:
In file included from lib/vtls/../urldata.h:314:
lib/vtls/../curl_sspi.h:41:10: fatal error: 'security.h' file not found
41 | #include <security.h>
| ^~~~~~~~~~~~
1 error generated.
lib/curl_sspi.h:41:10: fatal error: 'security.h' file not found
41 | #include <security.h>
| ^~~~~~~~~~~~
1 error generated.
```
Cherry-picked from #17988
Configure curl with `--with-test-sockd=<path to sockd>` for a locally
installed dante sockd server and new `test_40_*` will verify that
down- and uploads work via SOCKS.
Invoke scorecard.py with `--socks4` or `--socks5` to run performance
tests with SOCKS. Note that SOCKS is not supported for HTTP/3.
Ref: #17969Closes#17986
The name of the man page was wrongly given as curl_easy_sssl_export
which seems to have confused our HTTML man page generation.
Reported-by: Qriist on github
Ref: https://github.com/curl/curl-www/issues/458Closes#17995
No longer necessary after a previous change made sure to strip
the '100.0%' number from the result, before checking it. The dot is
a regex character catching any decimal separator.
Follow-up to 17c18fbc30#5194
Ref: #2436
Cherry-picked from #17988Closes#17993
The issue is missed in CI, because valgrind jobs all run with UTF-8
support.
Fixing:
```
test 1560...[URL API]
valgrind ERROR ==13362== 104 bytes in 1 blocks are definitely lost in loss record 1 of 1
==13362== at 0x484D953: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13362== by 0x48E1302: curl_dbg_calloc (in /curl/bld/lib/libcurl.so.4.8.0)
==13362== by 0x4931D12: curl_url (in /curl/bld/lib/libcurl.so.4.8.0)
==13362== by 0x14F658: get_parts (in /curl/bld/tests/libtest/libtests)
==13362== by 0x150AC6: test_lib1560 (in /curl/bld/tests/libtest/libtests)
==13362== by 0x17F5D5: main (in /curl/bld/tests/libtest/libtests)
```
Ref: https://github.com/curl/curl/actions/runs/16446352985/job/46479298080?pr=17988#step:41:3007
Follow-up to 7d1ca2e7e1#17933Closes#17998
When transfers read client input without an upload file, the check if
upload file is '.' strcompared a NULL.
Add test 1548 to reproduce and verify fix.
Reported-by: d1r3ct0r
Fixes#17978Closes#17987
To fix running test 1560 when `LC_ALL` is set to something unexpected
(e.g. `C`). Also syncing it with the rest of tests.
Also:
- GHA/linux: enable `libidn2` in more jobs.
Also to enable test 1560 reproducing this issue in more jobs.
- GHA/linux: run tests with `LC_ALL=C` in one of the jobs.
- GHA/linux: switch to the non-deprecated package name for libidn2.
- GHA/macos: run tests with non-default locale settings in one job.
- GHA/macos: enable AppleIDN in that job.
Ref: https://github.com/curl/curl/pull/17933#issuecomment-3074582840
Follow-up to f27262b179#10196Closes#17938
Replace repeat `#ifdef` code with a macro for the return type of
the thread function.
Also:
- always define `CURL_STDCALL`, allowing to use it without guards.
- lib1307: drop single-use macro `CAINFO`.
Closes#17889
