- drop `/clang:` prefix for `-W` options for clang-cl.
Except for `-Wall` which gets interpreted as MSVC `/Wall`
and translated to `-Weverything`, which is undesired.
Related: https://github.com/llvm/llvm-project/issues/102982
- include `MSVC_VERSION` in target flags.
Useful for clang-cl builds where this information doesn't appear
elsewhere in the cmake configure log.
- suppress `-Wlanguage-extension-token` more for clang-cl.
This fixes clang-cl builds with default `CURL_WERROR=OFF` and
`PICKY_COMPILER=ON`.
This warning is enabled by `-pedantic` as a warning and by
`-pedantic-errors` as an error. Verifiable using llvm's
`diagtool show-enabled -pedantic test.c`.
Follow-up to fb711b5098#15449Closes#15478
As done earlier in `./configure`:
To force users to explictily disable it if they really don't want it
used and make it harder to accidentally miss it.
`-DCURL_USE_LIBPSL=OFF` is the option to use if PSL is not wanted.
Follow-up to 2998874bb6#12661Closes#15464
Move LDAP detection to its own Find module.
It supports `pkg-config` and the standard detection method used for
other dependencies, with version detection.
In curl CI it fixes LDAP detection in the OpenBSD job.
Closes#15273
Instead of redefining the `inline` keyword, introduce curl's own
`CURL_INLINE` macro and set it depending on the compiler's capabilities,
or use its value set via custom C flags.
Also keep honoring a custom `inline` macro, if set.
Closes#15523
With `find_package(... REQUIRED)` the configuration fails and exits
if the package is not found. The `..._FOUND` check afterwards always
evaluates true and safe to delete.
Also true for brotli and zstd, but those are addressed differently
via #15431.
Closes#15465
- cmp-config.pl: add remaining exceptions. Sort list.
- drop unused `HAVE_SYS_WAIT_H`.
Follow-up to 50def7c881#13249
- drop unused `HAVE_FCHMOD`.
Follow-up to 03cb1ff4d6#12395
- autotools: stop promoting variables to macros:
`USE_NGTCP2_CRYPTO_*`, `USE_NGTCP2_H3`, `USE_OPENSSL_H3`,
`HAVE_LIBRESSL`.
They are not used in the source.
- cmake: drop unused `HAVE_O_NONBLOCK`,
`HAVE_DISABLED_NONBLOCKING`.
- lib: drop `NEED_MALLOC_H`.
It was used in manual-build cases for Amiga/MS-DOS/Windows/WinCE, but
never by autotools/cmake, thus apparently unnecessary.
- lib: drop unused `NEED_MEMORY_H`.
- lib: simplify classic mac feature guards,
drop `HAVE_EXTRA_STRICMP_H` and `HAVE_EXTRA_STRDUP_H`.
- autotools: drop unused `HAVE_GETHOSTBYNAME` detection.
- autotools: drop unused OpenSSL feature tests:
`HAVE_ERR_H`, `HAVE_PEM_H`, `HAVE_RSA_H`
- autotools: drop unused OpenSSL feature tests:
`HAVE_X509_H`, `HAVE_CRYPTO_H`, `HAVE_SSL_H`.
They performed a fallback check when the primary check missed
`openssl/x509.h`. Though if any other prefixed headers were found,
OpenSSL is already assumed detected.
The fallback check was looking for 3 unprefixed OpenSSL headers, and
if all found, marked OpenSSL found internally, but did not promote
it to `curl_config.h` via `USE_OPENSSL`. Meaning it either didn't do
anything or may have continued with an inconsistent state.
Added in d99c20f628 (2008)
At the time, there was an extra `AC_DEFINE(USE_SSLEAY, 1 ...` logic
after this code, which kicked in in the fallback case, but that code
was deleted in 709cf76f6b (2015)
Follow-up to 709cf76f6b
- autotools: drop `AC_SUBST()` where the value is explicitly set anyway
and the macro is unused.
- autotools: replace `AC_SUBST(VAR, 1)` with local variable assigments,
where the `@VAR@` macro is unused. Also dedupe the local variable if
there was a parallel one used for the same purpose.
- autotools: drop local feature variables that were never used.
- autotools: drop unused `CURL_CHECK_OPTION_NTLM_WB`,
`CURL_CHECK_NTLM_WB`.
Also stop setting unused `NTLM_WB_ENABLED` macro for VMS.
Follow-up to 50def7c881#13249
- autotools: drop unused `PKGADD_*`.
Follow-up to bae0d473f5#3331
- autotools: drop unused `CURL_NETWORK_LIBS`.
Follow-up to 3af75e18d6#14697Closes#15577
This script parses all markdown files in the repository, extracts all
links and verifies that they work.
It makes sure to only check the URLs once, even if used in multiple
links. There is a whitelist for URLs we deem unnecessary to check.
It uses curl to do the checks.
As a bonus, this makes it easy to run this check locally.
Closes#15742
Using sscanf() is not a (security) problem in itself, but we strongly
discorage using it for parsing input since it is hard to use right, easy
to mess up and often makes for sloppy error checking.
Allow it in examples and tests
Closes#15687
Designed to aid converting off from sscanf parsers. sscanf is hard to
use right, easy to mess up and often makes for sloppy error checking.
The new parsers allow more exact and pedandic parsing.
This new set of functions should be possible to use (and extend) and
switch over other libcurl parser code to use going forward.
Adapts the following to use the new functions:
- altsvc.c
- hsts.c
- http_aws_sigv4.c
Bonus: fewer memory copies, fewer stack buffers.
Test: Unit test1664
Docs: docs/internals/STRPARSE.md
Closes#15692
When employing eventfd for socketpair, there is only one file
descriptor. Closing that fd twice might result in fd corruption.
Thus, we should avoid closing the eventfd twice, following the
pattern in lib/multi.c.
Fixes#15725Closes#15727
Reported-by: Christian Heusel
This fix impacts ws-data.c and ws-pingpong.c. sleep() replaced with
system PROCESS_DELAY_() having the same resolution as usleep().
Fixes#15711Closes#15712
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
The date parser function is very forgiving and skips most "irrelevant"
characters in its hunt for a date to figure out. Therefore it is
important to make sure the date string is properly null terminated so
that it does not accidentally parse a piece of whatever text follows
after the date.
Add test483: test (overly) long expire dates in cookies
Closes#15709
- build: fix to exclude 'documentation' tests when building
the documentation is explicitly disabled. Both for cmake
and `./configure`.
Reported-by: Daniel Engberg
Fixes#15703
- test481, test482: fix for builds with no manual.
Reported-by: Daniel Engberg
Fixes#15703
- configure: fix to always detect Perl. Running tests require
it when run. Before this patch Perl wasn't detected when
documentation/manual/embedded-CA were all disabled,
making tests fail to start.
- test1177: add keyword `documentation`. It depends no
`curl_version_info.3`.
- GHA/linux: test cmake and `./configure` with docs and
manual disabled and tests run.
Closes#15704
This partly reverts 0e06603b23
These file formats are not properly documented elsewhere, plus the
website uses these files to populate the documentation pages to which
users end up via the URLs that are mentioned within the alt-svc and hsts
files.
Fixes#15705
Reported-by: Jeffrey Bosboom
Closes#15706
When a floating point precision or string width are provided as a
base-10 number, the code could miss to detect integer overflows if the
provided value was exactly 2147483648 or 2147483649 (2147483647 being
the maxium value a signed integer can hold).
The chance that such values would actually ever be used is slim.
This change fixes the detection to also cover those edge cases.
Closes#15699
The channel binding data dynbuf was not set correctly making it fail with
CURLE_TOO_LARGE too easily.
Reported-by: galen11 on github
Fixes#15685Closes#15694
