When a server signals EOS from its side and the curl upload is
unfinished and the server has not given a positive HTTP status response,
auto RST the stream to signal that the upload is incomplete and that the
whole transfer can be stopped.
Fixes the case where the server responds with 413 on an upload but does
not RST the stream from its side, as httpd and others do.
Reported-by: jkamp-aws on github
Fixes#15316Closes#15325
By renaming from a temporary file name to the .c once completed. This
avoids the risk that the checksrc job tries to verify the file before it
is complete, in parallel build setups.
Reported-by: Dan Frandrich
Fixes#15258Closes#15327
Once SSL_shutdown() has been called, OpenSSL does not really seem to
like it when it is called again and the other side has some finally data
to deliver.
Instead SSL_read() needs to be used solely, once the close notify has
been sent from curl's side.
Closes#15321
Because we cannot disable the individual warnings we do not care about,
making this tool almost unusable for our purposes. See
https://github.com/amperser/proselint/issues/1367
Instead, make 'very' a banned word (as recently that has been what
proselint most commonly points out for us).
Closes#15314
Override the system default config in test_17_09, since we want to check
all TLS versions. Provide own, empty config file to gnutls, so that any
system wide file has no effect.
The latest ubunu image in GH CI disables TLS 1.0 and 1.1
system wide for GnuTLS. Good intentions.
Closes#15310
- Add a new section explaining that a build can be cleaned by adding the
keyword "clean" to the build command.
- Add an example of using the "x64 Native Tools" prompt to the VS
command prompt section.
- Update the Legacy Windows section's lack-of-cipher support warning to
say "Windows 8 and earlier" instead of "Windows XP and earlier".
Ref: https://github.com/curl/curl/discussions/15277
Closes https://github.com/curl/curl/pull/15291
To match other workflows and to avoid repetition in rules.
Also:
- fix build example step for cmake. update a job to use it.
- use `cmake` to invoke the builds (instead of ninja directly).
- extend test 2100 exclusion to more jobs.
It fails with all `!debug gcc-12` jobs with autotools.
With cmake this only happened for gcc-12 Secure Transport jobs
for some reason.
Closes#15312
Commit 8ea120f6 added --break-system-packages which works in Ubuntu
24.04 but not 22.04, so explicitly specify that version in the runner
instead of relying on ubuntu-latest to provide it. Some runners have
regressed back to 22.04 for ubuntu-latest, resulting in build failures.
vsftpd 3.0 at least writes its version number to stdin (!) instead of
stderr. This works due for backwards compatibility reasons in UNIX, so
we must check stdin for anything written there to reliably parse the
version string.
Closes#15278
Seen with curl-for-win linux-musl-from-mac build with gcc 9.2.0.
```
n file included from /Users/runner/work/curl-for-win/curl-for-win/curl/_x64-linux-musl-bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:136:
/Users/runner/work/curl-for-win/curl-for-win/curl/_x64-linux-musl-bld/src/tool_ca_embed.c:4:28: warning: redundant redeclaration of 'curl_ca_embed' [-Wredundant-decls]
4 | extern const unsigned char curl_ca_embed[];
| ^~~~~~~~~~~~~
In file included from /Users/runner/work/curl-for-win/curl-for-win/curl/_x64-linux-musl-bld/src/CMakeFiles/curl.dir/Unity/unity_0_c.c:88:
/Users/runner/work/curl-for-win/curl-for-win/curl/src/tool_operate.c:107:28: note: previous declaration of 'curl_ca_embed' was here
107 | extern const unsigned char curl_ca_embed[];
| ^~~~~~~~~~~~~
```
https://github.com/curl/curl-for-win/actions/runs/11192203640/job/31116070669#step:3:4894
Follow-up to 8a3740bc8e#14059Closes#15307
... instead of separate malloc() calls:
- removes two mallocs (and associated error handling paths)
- makes cleanup easier
Also reduce maximum SFTP file path lengths to 1024 bytes universally
everywhere. Using the system's own MAX_PATH did not make sense since
this is mostly about getting a remote file name.
Closes#15285
Fix new issues found by `proselint`.
Also:
- silence this technical warning:
```
:0: DeprecationWarning: /home/runner/.proselintrc was found instead of a JSON file. Rename to /home/runner/.proselintrc.json.
```
- fix an input filename.
`proselints` fails now if an input file is missing.
Reported-by: Jay Satiro
Bug: https://github.com/curl/curl/pull/15291#issuecomment-2410505100Closes#15293
It makes the callbacks get different signnatures when used from within
libcurl vs outside of it by libcurl-using applications (such as the
libtests) and this triggers UndefinedBehaviorSanitizer errors.
Closes#15289
Add a build-only cmake job with system mbedTLS package and `pkg-config`
enabled. Ubuntu 24.04 comes with mbedTLS 2.28.8 which supports
`pkg-config`.
Follow-up to 7bab201abe#15193Closes#15286
Move the listen/accept handling of the FTP active data connection
into the socket filter and monitor 'connected' status of that as
with passive connections - more or less.
The advantage is that the socket filter now reports being connected
only when the server has actually called and accept() has been done.
This enables to bootstrap the filter chain on the data connection
just like any other. A require SSL filter can then be added right
at the start and does not need to be patched in later.
Still, the active connection keeps on needing special handling in
ftp.c as the control connection needs to be monitored while waiting
as the server might send error responses this way. So, things did
not turn out quite as squeaky clean as hoped for, but still seems
better to do that way.
Closes#14798
For TLSv1.3, if supported, observer special return code to retrieve
newly arrived session from mbedTLS.
Adjust test expectations now that TLSv1.3 session resumption works in
mbedTLS >= 3.6.0.
Based on #14135 by @ad-chaos
Closes#15245
Register a callback to get notified of new SSL sessions by wolfSSL.
Remove the explicit session retrieval after handshake, since this does
not work for TLSv1.3.
Adjust test expectations now that TLSv1.3 session resumption works
in wolfSSL.
Closes#15243
Replace with namespaced local macro `Curl_getpid()`.
Redefining symbols can backfire if that symbol is used in system
headers, especially with unity build. We haven't seen a fallout in CI
or supported envs, but do it anyway for good measure.
Bug report: https://datagirl.xyz/posts/wolfssl_curl_w2k.htmlCloses#15263
- Linux: move test and pytest prereqs right before test run.
- returns build phase results faster.
- allows skipping steps for jobs that don't need them.
- makes dependencies more transparent.
- sync prereq install step names.
- use `tests/requirements.txt` more.
Closes#15275
- limit `SIZEOF_SA_FAMILY_T` detection to non-Windows.
- make sure `sys/socket.h` exists before detecting `SIZEOF_SA_FAMILY_T`.
- limit `mach_absolute_time()` detection to `APPLE`. Drop from Windows
pre-cache.
- skip `HAVE_LIBSOCKET` detection for Windows, drop pre-cached value.
- drop redundant pre-cached `HAVE_LIBZ` for Windows.
- `curl_required_libpaths()`: stop accepting multiple arguments.
To prepare for `CMAKE_REQUIRED_LINK_DIRECTORIES` support.
Follow-up to 7bab201abe#15193
- GSS: fix recent rebase mistakes:
- fix variable name.
- do not add a header twice.
Follow-up to 91d451b488#15157
- GSS: quote a variable.
Closes#15271
- bump github/codeql-action from 3.26.10 to 3.26.11
- bump vmactions/omnios-vm from 1.0.7 to 1.0.8
- bump actions/cache from 4.0.2 to 4.1.1
Closes#15178Closes#15179Closes#15244
Add session reuse for QUIC transfers using GnuTLS. This does not include
support for TLS early data, yet.
Fix check of early data support in common GnuTLS init code to not access
the filter context, as the struct varies between TCP and QUIC
connections.
Closes#15265
This indicates that the file was created by curl which can help a user
determine the origin of a file. Like the other attributes, this is only
enabled with the --xattr option.
Closes#15237
- reduce `check_include_file_concat()` use to those headers that either
depend on a previously detected header, or another header or symbol
detection depend on it.
- replace `check_symbol_exists()` with `check_function_exists()` for
functions that are detected with `AC_CHECK_FUNCS()` in `./configure`.
This makes `setmode()` no longer be detected with MSYS, syncing
this with `./configure`. Instead `_setmode()` is used now also in
CMake MSYS builds. This is consistent with Cygwin builds also.
- add comment about which header/symbol detection depends on what
header. Based on `./configure` mainly.
- form `CURL_TEST_DEFINES` manually, and include only those macros which
are actually used in `CMake/CurlTests.c`.
- change `curl_internal_test()` to use `CMAKE_REQUIRED_DEFINITIONS`,
instead of `CMAKE_REQUIRED_FLAGS` to simplify the logic, and to allow
dropping the latter macro completely.
- drop `windows.h` from header and symbol checks.
- `./configure`: add comment about whether `netinet/in6.h`, `sys/un.h`
are indeed meant to be included for all detections. There is a chance
they were added there by accident.
Detection resuls were cross-checked between
436bbbe7ab (master) and
48ff4694e608ccfdedf7ce5bab2b96d6b2c23cda (this PR), for CI GHA Linux,
Linux HTTP/3, non-native, macOS and Windows jobs.
Closes#15164
