This partly reverts 0e06603b23
These file formats are not properly documented elsewhere, plus the
website uses these files to populate the documentation pages to which
users end up via the URLs that are mentioned within the alt-svc and hsts
files.
Fixes#15705
Reported-by: Jeffrey Bosboom
Closes#15706
When a floating point precision or string width are provided as a
base-10 number, the code could miss to detect integer overflows if the
provided value was exactly 2147483648 or 2147483649 (2147483647 being
the maxium value a signed integer can hold).
The chance that such values would actually ever be used is slim.
This change fixes the detection to also cover those edge cases.
Closes#15699
The channel binding data dynbuf was not set correctly making it fail with
CURLE_TOO_LARGE too easily.
Reported-by: galen11 on github
Fixes#15685Closes#15694
When compiled with BUILD_STATIC_LIBS=ON and SHARE_LIB_OBJECT=OFF compile
definition CURL_STATICLIB was not set for static library. It seems to be
copy-paste error in the lib/CMakeLists.txt.
This pull request fixes it.
Closes#15695
The base64 mime encoder stalls when it cannot encode a full 3 byte input
set into the read buffer. The workaround for this limitation was
incomplete and could lead to stalled transfers when the last chunk to
upload was smaller than 4 bytes.
Use a tmp buffer on small reads to allow mime encoders more space to put
their things.
Add test case reproducing the issue and fix.
Reported-by: Alexis Savin
Fixes#15688Closes#15691
In the function for handling 'type=' in the -F command line arguments,
we make the code more lax to accept more strings and thereby also avoid
the use of sscanf().
Closes#15683
Other programs (Postman, Chrome, Python request) use a 16 byte cnonce
and there are instances of server-side implementations that don't
support the larger lengths curl used previously.
Fixes#15653
Reported-by: Florian Eckert
Closes#15670
This moves argument parsing logic for a number of options into sub
functions to reduce the overall complexity of the single getparameter()
function. pmccabe says it takes complexity down from 234 to 147.
The command line options that now has dedicated parser funtions are:
--continue-at, --ech, --header, --localport, --output, --quote, --range
--remote-name, --time-cond, --upload-file, --url, --verbose, --writeout
These parsers were selected for thise because they had more than 15
lines of logic in the main switch(). Detected like this:
git grep -hn 'case C_' tool_getparam.c |
cut -d: -f1 |
awk '{if(($1 - prev) > 15) { printf "%d\n", prev;} prev = $1;}'
Closes#15680
- ngtcp2/ngtcp2 to v1.9.1
- github/codeql-action digest to f09c1c0
- rustls/rustls-ffi to v0.14.1
- awslabs/aws-lc to v1.40.0
Closes#15616Closes#15619Closes#15629Closes#15651
Timestamps in trace logs used a mix of realtime and monotonic time
sources, leading to fractional seconds carrying wrong values. Use
realtime only, so the correct nanoseconds are printed.
Fixes#15614
Reported-by: jethrogb on github
Closes#15641
Fix regression that no longer printed the error messages about expired
certificates in openssl. Add test case for openssl/gnutls/wolfssl.
Fixes#15612
Reported-by: hiimmat on github
Closes#15613
Add test_02_33 to run with various values for the multi option
CURLMOPT_MAX_HOST_CONNECTIONS and CURLOPT_FRESH_CONNECT to trigger
connection pool limit handling code.
Closes#15494
Allowing both just creates a transfer with behaviors no user can
properly anticipate so better just deny the combo.
Fixes#15646
Reported-by: Harry Sintonen
Closes#15666
- Restore some necessary options for builds without HTTP and MQTT.
The logic to turn off a segment of options in builds without HTTP and
MQTT was too expansive. Those builds (such as FTP-only builds) could not
use options such as CURLOPT_URL or CURLOPT_USERNAME etc.
Prior to this change 30da1f59 (precedes 8.11.0) refactored the options
processing and caused this issue.
Reported-by: Yoshimasa Ohno
Fixes https://github.com/curl/curl/issues/15634
Closes https://github.com/curl/curl/pull/15640
This makes `runtests.pl` run the final executables directly.
Before this patch it called the autotools/libtool wrapper tool, which
then called the final executables.
This solution was already used for `curl.exe`.
Applies to tests run in the `mingw, AM x86_64 c-ares U` job, which still
shows unexplained flakiness.
Also makes tests finish 45 seconds faster.
Ref: #14854
Follow-up to 1a2d38c47c#15437Closes#15662
The MSVC UWP job in CI did not actually enable UWP. Fix this and
the fallouts discovered after enabling it.
- GHA/windows: make sure to enable UWP in MSVC vcpkg UWP job.
Use the CMake options and C flags already used for mingw-w64, but use
`WINAPI_FAMILY_PC_APP` instead of the deprecated `WINAPI_FAMILY_APP`.
(The former is not supported by mingw-w64, so leave it there as-is.)
Follow-up to cb22cfca69#14077
- GHA/windows: by default the MSVC UWP job became 2x-3x slower than
others after actually enabling UWP. Most of it is caused by
CMake/MSBuild automatically building full APPX containers for each
`.exe` target. This includes 21 CMake feature detections. Each
detection app is built into a 15MB APPX project, with code signing,
logos, etc. Example:
https://github.com/curl/curl/actions/runs/12056968170/job/33620610958
Disable this overhead for curl build targets via custom
`CMAKE_VS_GLOBALS` options. I've found no way to apply them to feature
detection targets, so those remain slow.
- cmake: automatically enable Unicode for UWP builds. It's required.
Also stop enabling it manually in the existing CI job.
- tests: fix `getpid()` use for Windows UWP:
```
tests\server\util.c(281,21): warning C4013: 'getpid' undefined; assuming extern returning int
```
Ref: https://github.com/curl/curl/actions/runs/12061215311/job/33632904249#step:11:38
- src/tool_doswin: disable `GetLoadedModulePaths()` for UWP.
mingw-w64 UWP was okay with this, but MS SDK headers are not.
This makes `--dump-module-paths` return empty for UWP builds.
```
src\tool_doswin.c(620,3): error C2065: 'MODULEENTRY32': undeclared identifier
src\tool_doswin.c(626,11): warning C4013: 'CreateToolhelp32Snapshot' undefined; assuming extern returning int
src\tool_doswin.c(626,36): error C2065: 'TH32CS_SNAPMODULE': undeclared identifier
src\tool_doswin.c(632,7): warning C4013: 'Module32First' undefined; assuming extern returning int
```
Ref: https://github.com/curl/curl/actions/runs/12055081933/job/33614629930#step:9:35
- examples: fix `websocket.c` to include `winsock2.h` before `windows.h`
to make it build with MSVC UWP:
```
include\curl\curl.h(143,16): error C2061: syntax error: identifier 'curl_socket_t'
include\curl\curl.h(143,16): error C2059: syntax error: ';'
include\curl\curl.h(417,52): error C2146: syntax error: missing ')' before identifier 'curlfd'
include\curl\curl.h(417,38): error C2081: 'curl_socket_t': name in formal parameter list illegal
```
Ref: https://github.com/curl/curl/actions/runs/12055317910/job/33615644427#step:14:126
- GHA/windows: silence linker warning with MSVC UWP builds:
```
LINK : warning LNK4075: ignoring '/INCREMENTAL' due to '/OPT:ICF' specification
```
Ref: https://github.com/curl/curl/actions/runs/12055696808/job/33616629610#step:11:38
- GHA/windows: set `/INCREMENTAL:NO` for all MSVC jobs to improve
performance a little.
- cmake: show `UWP` platform flag.
Ref: #15652Closes#15657
The ECH feature cannot be built without HTTPS RR.
ECH automatically implied HTTPS RR in `./configure` but not in CMake,
winbuild, documentation.
Also update documentation and CI configs.
Follow-up to a362962b72#11922Closes#15648
Merge cmake and autotools build steps for cygwin, msys2 and
cross-linux jobs.
Advantages:
- makes it easier to keep the two build tracks in sync.
- uses the same steps across jobs.
- avoids scrolling through greyed out steps.
- syncs steps with other workflows already merged like this.
- less code.
Also:
- stop ignoring WebSockets tests results for msys2/mingw-w64 cmake jobs,
except for 2301 2302 that were also ignored for autotools. Syncing the
two build methods.
- drop 'cmake' from step names where cmake was the only build tool.
This was redundant as "CM" already indicates it in the job name.
Closes#15643
- GHA/windows: switch mingw-w64 UWP CI job to use UCRT.
`msvcr120_app` was missing `getch()` for example.
Follow-up to f988842d85#15637
This job tests compiling for UWP correctly, but the the resulting
`curl.exe` still doesn't look like a correct UWP app, now exiting
on startup with: `curl: error initializing curl library`.
- tool_getpass: restore `getch()` for UWP builds.
Follow-up to f988842d85#15637
- schannel: silence `-Werror=null-dereference` warning in mingw-w64 UWP:
```
lib/vtls/schannel_verify.c: In function 'Curl_verify_host':
lib/vtls/schannel_verify.c:558:33: error: null pointer dereference [-Werror=null-dereference]
558 | for(i = 0; i < alt_name_info->cAltEntry; ++i) {
| ~~~~~~~~~~~~~^~~~~~~~~~~
lib/vtls/schannel_verify.c:559:50: error: null pointer dereference [-Werror=null-dereference]
559 | PCERT_ALT_NAME_ENTRY entry = &alt_name_info->rgAltEntry[i];
| ~~~~~~~~~~~~~^~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/12022656065/job/33515255397?pr=15638#step:19:27
Follow-up to 9640a8ef6f#15421
- GHA/windows: fix `find` command in MSVC job step.
Follow-up to 5f9411f953#15380
- GHA/windows: drop unnecessary `windowsappcompat` lib from mingw-w64
UWP job. Also drop related MSYS2 package.
- GHA/windows: cmake 3.31.0 still invokes `windres` with wrong options
with mingw-w64 UPW. Update curl version in comment accordingly.
- GHA/windows: tidy up mingw-w64 UWP spec logic, limit it to gcc.
- GHA/windows: update comments on `curl.exe` UWP startup errors.
Closes#15638
The CRT call `getch()` isn't supported on Windows UWP. This function is
used to implement `getpass_r()` for reading a password from the console,
for platforms not supporting it natively. This patch makes this function
a dummy, so password entry from the command-line is no longer supported
for UWP apps. Though it probably did not work before this patch, due to:
CRT headers do declare `getch()`, but it's missing from the CRT DLL.
MSDN documents it as unsupported for UWP:
https://learn.microsoft.com/cpp/c-runtime-library/reference/getchhttps://learn.microsoft.com/cpp/c-runtime-library/reference/getch-getwch
Same is true for the non-deprecated `_getch()` function.
After mingw-w64 synced its implib with `msvcr120_app.dll`, the CI job
`mingw, CM x86_64 schannel R uwp` broke with:
```
[16/16] Linking C executable src\curl.exe
FAILED: src/curl.exe
[...]
D:/a/_temp/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/14.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe:
src/CMakeFiles/curl.dir/Unity/unity_0_c.c.obj:unity_0_c.c:(.text+0x4d05): undefined reference to `getch'
```
Ref: https://github.com/curl/curl/actions/runs/11873795410/job/33089008727?pr=15597#step:19:25
Also:
- GHA/windows: bump `msys2/setup-msys2` action to
https://github.com/msys2/setup-msys2/commit/c52d1fa
This triggered the build failure above.
Closes#15597
Ref: d408f51e5a/tree/mingw-w64-crt/def-include/crt-aliases.def.inCloses#15637
Issue is reproducible for me if I have made request with multi handle,
then I make request that will take very long and then I make request
that should be fast again, however what happens it is that it seems
to think that timeout was not changed and it makes it not call initial
`CURLMOPT_TIMERFUNCTION`.
Closes#15627
Instead of the Git repo tag which requires downloading the tip of
a dependency repository at the time of bumping version:
https://github.com/Mbed-TLS/mbedtls-framework
The official source tarball ships with this dependency, making
the CI builds reproducible.
Also: fold long download commands for other dependencies.
Closes#15632
Build in parallel first, then install with `-j1`. This makes the build
part 3x quicker, while avoiding parallellism issues at the install
phase.
```
before after after
1da198d this
aws-lc: 1m55s ~40s
libressl: 1m16s ~1m20s
openssl-tsan: 5m47s 3m43s 1m48s (clang)
openssl: 6m38s 4m49s 2m13s (quic)
quictls-no-deprecated: 2m28s 1m51s
quictls: ~6m08s 4m16s 1m55s
wolfssl-all: 1m36s 52s
wolfssl-master: 1m34s 53s
wolfssl-opensslextra: 50s 32s
```
Follow-up to 1da198d18e#15622Closes#15630
