- Clarify that the ssl_version in MultiSSL builds contains all SSL
backend names with the inactive backend names in parentheses.
Closes https://github.com/curl/curl/pull/17308
- add more unusual input cases
- add a valid non-http protocol
- fix tests so an input that should be stripped but isn't is a failure
- fix detection of when stripcredentials() would be available to test
- avoid using a NULL pointer
Closes#17304
Drop the interim macro `PRESERVE_WINDOWS_ERROR_CODE` and always preserve
error code for `_WIN32`. To make sure this is always done in
`curlx_winapi_strerror()`.
Follow-up to c74d3e10d2#17299Closes#17302
It is not provided as a curlx function so should not be used outside of
libcurl.
I strongly suspect that no system we build the test suite on lack strdup
so this will not cause any harm.
The private version was added in b0936b8007 for Ultrix.
Closes#17297
It was not a function properly exposed in the curlx set. SMB cannot
possibly need to send a real pid, now sends a made up number.
The only real users of this function are test servers, so move the logic
over there.
Closes#17298
Tests with old cmake are slow. (no Ninja, no unity, and running slower
than recent versions.)
It also revealed that 3.7.2 2017-01-13 is too old to consume curl via
`find_package()` due to:
```
CMake Error at bld-curl/_pkg/lib/cmake/CURL/CURLConfig.cmake:69 (add_library):
add_library cannot create ALIAS target "CURL::libcurl" because target
"CURL::libcurl_shared" is IMPORTED.
Call Stack (most recent call first):
CMakeLists.txt:48 (find_package)
CMake Error at bld-curl/_pkg/lib/cmake/CURL/CURLConfig.cmake:69 (add_library):
add_library cannot create ALIAS target "CURL::libcurl" because target
"CURL::libcurl_shared" is IMPORTED.
Call Stack (most recent call first):
CMakeLists.txt:49 (find_package)
```
The mitigation for this issue requires 3.11.
Also:
- rename a few existing envs to use the `TEST_` prefix.
- make the `find_package` test provider stage verbose.
- fix issue when consuming with cmake 3.7.2 (all platforms):
```
CMake Error at /home/runner/cmake-3.7.2-Linux-x86_64/share/cmake-3.7/Modules/CMakeFindDependencyMacro.cmake:25 (message):
Invalid arguments to find_dependency. VERSION is empty
Call Stack (most recent call first):
bld-curl/_pkg/lib/cmake/CURL/CURLConfig.cmake:52 (find_dependency)
CMakeLists.txt:48 (find_package)
```
Ref: https://github.com/curl/curl/actions/runs/14906066962/job/41868621979?pr=17293#step:9:1199Closes#17293
The limit is 5000 headers in a single transfer. To avoid problems caused
by mistakes or malice.
Add test 747 to verify
Reported-by: wolfsage on hackerone
Closes#17281
The pedantic level is experimental. If it causes issues, we may just
disable it alongside the ignore comments.
Also:
- silence error:
```
INFO audit: zizmor: completed label.yml
error[dangerous-triggers]: use of fundamentally insecure workflow trigger
--> label.yml:13:1
|
13 | 'on': [pull_request_target]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^ pull_request_target is almost always used insecurely
|
= note: audit confidence -> Medium
```
- fix pedantic warning:
```
INFO audit: zizmor: completed label.yml
warning[excessive-permissions]: overly broad permissions
--> label.yml:1:1
... |
24 | | with:
25 | | repo-token: '${{ secrets.GITHUB_TOKEN }}'
| |____________________________________________________- default permissions used due to no permissions: block
|
= note: audit confidence -> Medium
```
- silence `template-injection` false positives like:
```
- note: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} may expand into attacker-controllable code
- note: ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} may expand into attacker-controllable code
```
It doesn't seem like these could be controlled by an attacker.
Let me know if I'm missing something.
Closes#17278
Move `struct smtp_conn` and `struct STMP` into the meta data at easy
handle/connection. Remove it from the unions at connectdata and request.
Closes#17257
Move curlx_ functions into its own subdir.
The idea is to use the curlx_ prefix proper on these functions, and use
these same function names both in tool, lib and test suite source code.
Stop the previous special #define setup for curlx_ names.
The printf defines are now done for the library alone. Tests no longer
use the printf defines. The tool code sets its own defines. The printf
functions are not curlx, they are publicly available.
The strcase defines are not curlx_ functions and should not be used by
tool or server code.
dynbuf, warnless, base64, strparse, timeval, timediff are now proper
curlx functions.
When libcurl is built statically, the functions from the library can be
used as-is. The key is then that the functions must work as-is, without
having to be recompiled for use in tool/tests. This avoids symbol
collisions - when libcurl is built statically, we use those functions
directly when building the tool/tests. When libcurl is shared, we
build/link them separately for the tool/tests.
Assisted-by: Jay Satiro
Closes#17253
Remove the imap protocol structs from connectdata->proto union
and data->req.p and use the easy handle/connection meta hash
for keeping them.
Closes#17261
To avoid adding this macro to the global `CURL_DEBUG_MACROS` variable,
which may be used for targets defined after unit tests, and where this
macro may not be necessary.
As of this commit unit tests are defined last, so extending the global
variable did not cause any issue.
Follow-up to 220eda34cd#17259Closes#17264
- Do not include curlinfo.c as a ClCompile unit when compiling the curl
tool.
Prior to this change generate.bat would add curlinfo.c to the source
files for the curl tool because it is located in the src directory. That
caused ambiguous behavior in legacy versions of Visual Studio which had
to guess between two main entry points (one in curlinfo and one in
tool_main, the latter being correct).
Closes https://github.com/curl/curl/pull/17263
- unit tests need no tool code as they are libcurl unit tests
- unit test 1621 is now tunit test 1621 instead, as it tests tool code
- build unit tests with BUILDING_LIBCURL as they pretent to be libcurl
Closes#17259
