Viktor Szakats [Wed, 8 Oct 2025 10:03:18 +0000 (12:03 +0200)]
build: drop Heimdal support, update docs, replace with MIT Kerberos in CI
The kerberos5 library Heimdal is one of three GSS libraries curl support.
It has a memory leak triggered by the new test in #18917 and the project
seems mostly abandoned.
Drop support and steer users to the MIT krb5 or GNU GSS libraries.
Co-authored-by: Daniel Stenberg
Ref: #18928
Closes #18928
Closes #18932
Stefan Eissing [Wed, 8 Oct 2025 09:56:09 +0000 (11:56 +0200)]
apple sectrust: check correct result on old OS versions
On ancient Apple OS versions where SecTrustEvaluateWithError() is not
available, the deprected SecTrustEvaluate() is used. In that code
branch, the code checked the wong variable for the verified result.
Viktor Szakats [Wed, 8 Oct 2025 16:49:51 +0000 (18:49 +0200)]
cmake/FindGSS: fix `pkg-config` fallback logic for CMake <3.16
The documented `<prefix>_<moduleName>_VERSION` variables are empty in
all tested versions since 3.7.2 to 4.1.2. Stop using it as a fallback
for <3.16 versions, and replace with the undocumented, but working,
`FindPkgConfig` internal variable `_pkg_check_modules_pkg_name`. It
contains the module name which was found.
In practice it caused that with CMake <3.16 + `pkg-config`, curl always
detected the Heimdal flavor of GSS.
Also: Delete a fallback version detection method, which was already
marked with a question mark in comments, and used the same, always
empty, CMake variables.
dependabot[bot] [Wed, 8 Oct 2025 12:46:51 +0000 (12:46 +0000)]
GHA: bump dependencies
- cryptography from 44.0.1 to 46.0.2 in tests/http
- ruff from 0.13.2 to 0.14.0 in .github/scripts
- reuse from 6.0.0 to 6.1.2 in .github/scripts
- github/codeql-action from 3.30.5 to 4.30.7
Viktor Szakats [Wed, 8 Oct 2025 12:50:58 +0000 (14:50 +0200)]
GHA/dependabot: tweak dir list to avoid a dupe, rename .txt file to avoid the bot
It correctly picked all pips, but also picked
`tests/http/requirements.txt` twice and also
`.github/scripts/codespell-ignore.txt`. Try avoid these issues with this
patch.
Viktor Szakats [Wed, 8 Oct 2025 01:09:23 +0000 (03:09 +0200)]
tests/server: drop pointless memory allocation overrides
The code was overriding system memory allocation functions to a local
jump table (declared in `curl_setup.h`). And setup that jump table
to call the original system allocation functions.
Also tested fine with cegcc/WinCE. The `_strdup` fallback was possibly
required for an MSVC WinCE toolchain.
Viktor Szakats [Tue, 7 Oct 2025 18:30:06 +0000 (20:30 +0200)]
examples/sessioninfo: cast printf string mask length to int
Found via `-Wformat-signedness`:
```
docs/examples/sessioninfo.c: In function 'wrfu':
docs/examples/sessioninfo.c:75:53: error: field precision specifier '.*' expects argument of type 'int', but argument 4 has type 'unsigned int' [-Werror=format=]
fprintf(stderr, "Certificate #%u: %.*s", i, dn.size, dn.data);
^
```
Ref: https://github.com/curl/curl/actions/runs/18320729052/job/52172864438?pr=18343#step:13:30
Ref: https://github.com/curl/curl/actions/runs/18320729095/job/52172886899?pr=18343#step:19:27
Also:
- drop unnecessary parenthesis.
- scope variables.
Viktor Szakats [Tue, 7 Oct 2025 10:36:49 +0000 (12:36 +0200)]
cmake: support building some complicated examples, build them in CI
Build these examples when the necessary dependencies are present:
- cacertinmem, usercertinmem (OpenSSL/fork)
- multi-uv (libuv)
- multithread, threaded-ssl (pthread)
- sessioninfo (GnuTLS)
Indicate the necessary dependency via a `Required:` comment placed in
the source file. A single dependency per source is supported as of now.
The name of the dependency should match the variable used within
the cmake scripts, which in turn matches the macro used in the config
header. E.g. for GnuTLS it's `USE_GNUTLS`.
Also:
- GHA/macos: build examples in two job to test GnuTLS and pthread ones.
- GHA/linux: enable libuv to test it with examples.
Stefan Eissing [Tue, 7 Oct 2025 09:30:46 +0000 (11:30 +0200)]
ngtcp2: fix handling of blocked stream data
The stream blocking might not be the one of the current easy handle.
Look up the stream to be marked as blocking via its stream_id in the
internal hash. Theoretically, this does not have to be one of the h3
streams, so not finding it is not an error.
Stefan Eissing [Tue, 7 Oct 2025 10:05:08 +0000 (12:05 +0200)]
osslq: set out idle timeout to 0
Similar to our ngtcp2 backend, set our idle timeout for the connection
to 0, meaning we have no such timeout from our side. The effective idle
timeout is then the one announced by the peer.
Daniel Stenberg [Tue, 7 Oct 2025 14:00:59 +0000 (16:00 +0200)]
multi: use CURLMNOTIFY_ as notification id prefix
Since CURLM_ is already used as prefix for multi error codes, it makes
it easier to detect and understand the difference between identifiers -
and allows for scripts on the website and elsewhere to separate them
properly.
Viktor Szakats [Tue, 7 Oct 2025 10:04:03 +0000 (12:04 +0200)]
examples/usercertinmem: avoid stripping const
This API started accepting a const somewhere between OpenSSL 1.0.2b and
1.0.2t. It means this example, like the other similar one now works best
with those versions or newer:
```
docs/examples/usercertinmem.c:100:33: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
100 | bio = BIO_new_mem_buf((char *)mypem, -1);
| ^
docs/examples/usercertinmem.c:121:34: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
121 | kbio = BIO_new_mem_buf((char *)mykey, -1);
| ^
```
Stefan Eissing [Mon, 1 Sep 2025 09:58:16 +0000 (11:58 +0200)]
multi: add notifications API
Add infrastructure to colled and dispatch notifications for transfers
and the multi handle in general. Applications can register a callback
and en-/disable notification type the are interested in.
Without a callback installed, notifications are not collected. Same when
a notification type has not been enabled.
Memory allocation failures on adding notifications lead to a general
multi failure state and result in CURLM_OUT_OF_MEMORY returned from
curl_multi_perform() and curl_multi_socket*() invocations.
Daniel Stenberg [Mon, 6 Oct 2025 10:43:40 +0000 (12:43 +0200)]
test766: verify CURLOPT_SOCKOPTFUNCTION error on accept
This test does active FTP with a socketopt callback that returns error
for the CURLSOCKTYPE_ACCEPT "purpose" to make sure we test and exercise
this error path - without leaks.
Viktor Szakats [Sat, 4 Oct 2025 10:58:49 +0000 (12:58 +0200)]
lib: stop overriding system printf symbols
After this patch, the codebase no longer overrides system printf
functions. Instead it explicitly calls either the curl printf functions
`curl_m*printf()` or the system ones using their original names.
Also:
- drop unused `curl_printf.h` includes.
- checksrc: ban system printf functions, allow where necessary.
Viktor Szakats [Mon, 6 Oct 2025 13:46:29 +0000 (15:46 +0200)]
ldap: tidy-up types, fix error code confusion
- fix `CURLcode` vs. LDAP result code confusion.
Return `LDAP_NO_MEMORY` when `Curl_create_sspi_identity()` fails,
since it can only return `CURLE_OUT_OF_MEMORY` as error.
- use `ULONG` for result code on Windows. Drop casts.
- use portable `curl_ldap_num_t`. Drop casts.
- replace magic number 0 with `LDAP_SUCCESS`.
- compare with `LDAP_SUCCESS` instead of assuming non-zero.
(where necessary.)
- add/fix `#endif` comments.
- fix indentation.
Daniel Stenberg [Mon, 6 Oct 2025 08:20:45 +0000 (10:20 +0200)]
ftp: improve fragile check for first digit > 3
In a case where rubbish would be sent in the line something that isn't a
digit could be first in line and treated as less than '3'. Prevent this
risk by first doing a check that the byte is a digit.
Daniel Stenberg [Mon, 6 Oct 2025 08:11:30 +0000 (10:11 +0200)]
ftp: add extra buffer length check
This adds an extra check that the buffer really has data enough (at
least 4 bytes) to check for a status code before doing so. It *should*
not be necessary, but this was pointed out by an analyzer and it feels
better to make sure.
Stefan Eissing [Mon, 6 Oct 2025 11:45:38 +0000 (13:45 +0200)]
cf-socket: check params and remove accept procondition
- creating a socket filter with NULL addrinfo fails with
CURLE_BAD_FUNCTION_ARGUMENT
- remove getsockname use before accept call, serves no purpose
and did not lead to proper error before
Viktor Szakats [Sat, 4 Oct 2025 01:10:37 +0000 (03:10 +0200)]
curlx: move Curl_strerror, use in src and tests, ban `strerror` globally
Also:
- tests/server: replace local `sstrerror()` with `curlx_strerror()`.
- tests/server: show the error code next to the string, where missing.
- curlx: use `curl_msnprintf()` when building for src and tests.
(units was already using it.)
- lib: drop unused includes found along the way.
- curlx_strerror(): avoid compiler warning (and another similar one):
```
In file included from servers.c:14:
../../lib/../../lib/curlx/strerr.c: In function ‘curlx_strerror’:
../../lib/../../lib/curlx/strerr.c:328:32: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
328 | SNPRINTF(buf, buflen, "%s", msg);
| ^
../../lib/../../lib/curlx/strerr.c:47:18: note: ‘snprintf’ output 1 or more bytes (assuming 2) into a destination of size 1
47 | #define SNPRINTF snprintf
| ^
../../lib/../../lib/curlx/strerr.c:328:7: note: in expansion of macro ‘SNPRINTF’
328 | SNPRINTF(buf, buflen, "%s", msg);
| ^~~~~~~~
```
Joshua Rogers [Sun, 5 Oct 2025 02:57:29 +0000 (10:57 +0800)]
telnet: use pointer[0] for "unknown" option instead of pointer[i]
i is taken from pointer[length-2] (often the IAC byte) before we do
length -= 2, so using pointer[i] indexes an arbitrary/stale byte
unrelated to the option code. pointer[0] is the suboption’s option code
per the telnet SB format, so printing pointer[0] yields correct, stable
diagnostics.
Joshua Rogers [Sun, 5 Oct 2025 02:38:14 +0000 (10:38 +0800)]
cpool: make bundle->dest an array; fix UB
Replace `char *dest[1]` with a proper `char dest[1]` array in
cpool_bundle. This removes undefined behavior from memcpy (writing past
the declared object) while keeping the same key semantics: dest_len is
strlen+1 (includes NUL), and hash add/delete calls remain unchanged.
Viktor Szakats [Sat, 4 Oct 2025 11:04:29 +0000 (13:04 +0200)]
checksrc: fix possible endless loops/errors in the banned function logic
By quoting the search expression to be replaced. This avoid the issue
when the code leading up to a banned function contained regex characters
that the script did not explicitly handle, e.g. `+`.
Viktor Szakats [Fri, 3 Oct 2025 14:40:28 +0000 (16:40 +0200)]
GHA: drop quictls 3.3.0 builds in favor of openssl 3.5+
- http3-linux: move local nghttpx (nghttp2) build to openssl (from
quictls). Also tried LibreSSL, but it made some HTTP/2 tests fails.
- http3-linux: drop quictls ngtcp2 build.
- http3-linux: build local openssl with `no-deprecated`.
(previously tested in the quictls local build.)
- http3-linux: explicitly disable LDAP in cmake openssl jobs.
cmake builds auto-detect OpenLDAP (autotools don't), and when enabled,
linking curl fails because system `libsasl.so` requires MD5 openssl
functions, which are missing from openssl no-deprecated builds.
- macos: move options tested in quictls jobs to other ones.
Viktor Szakats [Sat, 4 Oct 2025 02:12:17 +0000 (04:12 +0200)]
openssl: fix build for v1.0.2
```
lib/vtls/openssl.c: In function 'asn1_object_dump':
lib/vtls/openssl.c:299:42: error: passing argument 3 of 'i2t_ASN1_OBJECT' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
299 | int i = i2t_ASN1_OBJECT(buf, (int)len, a);
| ^
In file included from /home/runner/djgpp/include/openssl/objects.h:965,
from /home/runner/djgpp/include/openssl/evp.h:94,
from /home/runner/djgpp/include/openssl/x509.h:73,
from /home/runner/djgpp/include/openssl/ssl.h:156,
from lib/curl_ntlm_core.c:71,
from bld/lib/CMakeFiles/libcurl_static.dir/Unity/unity_0_c.c:88:
/home/runner/djgpp/include/openssl/asn1.h:921:58: note: expected 'ASN1_OBJECT *' {aka 'struct asn1_object_st *'} but argument is of type 'const ASN1_OBJECT *' {aka 'const struct asn1_object_st *'}
921 | int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
| ~~~~~~~~~~~~~^
```
Ref: https://github.com/curl/curl/actions/runs/18236773678/job/51931937131?pr=18039
Viktor Szakats [Thu, 2 Oct 2025 14:01:15 +0000 (16:01 +0200)]
tests: stop overriding system printf symbols
To make the source code match the functions called at runtime.
And to avoid the preprocessor trick that may introduces build issues.
Before this patch, libtests, tunits and units were calling a mixture
of curl and system printf calls, then transformed them all to curl
printf calls by including `curl_printf.h`.
Changes made:
- tests: stop including `curl_printf.h`.
- libtest: switch a couple of outlier system printf calls to curl
printf.
- unit: use more curl printf to avoid casts and show whole values.
- unit: switch remaining calls to curl printf explicitly.
- tunit: switch to call curl printf explicitly.
- libtest, tunit, unit: ban system printf.
- unit1307, unit1607, unit1609, unit1652, unit1655, unit3214: bump
types/masks to avoid casts.
After this patch:
- libtests, tunits, units: use exclusively curl printf.
(as before, but explicitly, without relying on redefinitions.)
- servers: is unchanged (it can only use system printf).
Viktor Szakats [Thu, 2 Oct 2025 19:33:48 +0000 (21:33 +0200)]
checksrc: reduce directory-specific exceptions
By making them defaults, then fixing and/or reshuffling remaining
exceptions as necessary.
- checksrc: ban by default: `snprintf`, `vsnprintf`, `sscanf`, `strtol`.
- examples: replace `strtol` with `atoi` to avoid a checksrc exception.
- tests/libtest: replace `strtol` with `atol`.
- tests/server: replace most `strtol` with `atol`.
- tests/server: replace most `strtoul` with `atol`/`atoi`.
- tests/server: drop no longer used `util_ultous`.
- fix typo in checksrc rules: `vsnprint` -> `vsnprintf`.
- update local exceptions.
Also:
- examples: ban curl printf functions. They're discouraged in user code.
- examples: replace curl printf with system printf.
Add `snprintf` workaround for <VS2015.
- examples/synctime: fix `-Wfloat-equal`.
- examples/synctime: exclude for non-Windows and non-UWP Windows.
- examples/synctime: build by default.
Viktor Szakats [Fri, 3 Oct 2025 01:12:39 +0000 (03:12 +0200)]
checksrc: fix to handle `)` predecing a banned function
Fixing:
```
Unmatched ) in regex; marked by <-- HERE in m/ \*buffer_len = \(ssize_t) <-- HERE
strtol\(/ at /home/runner/work/curl/curl/scripts/checksrc.pl line 916, <$R> line 380.
```
Ref: https://github.com/curl/curl/actions/runs/18209824275/job/51848079550#step:3:5
Stefan Eissing [Fri, 3 Oct 2025 12:15:04 +0000 (14:15 +0200)]
doh: inherit new custom ssl flags
The new custom_* flags in the SSL config need to be inherited when
setting up the doh easy handle, so that defaults apply the same way as
for the original easy handle.
projects / thirdparty / curl.git / log
