Viktor Szakats [Mon, 10 Nov 2025 15:54:57 +0000 (16:54 +0100)]
OS400/makefile.sh: fix shellcheck warning SC2038
Also:
- OS400/makefile.sh: use end-of-options marker in xargs command.
- OS400/make-tests.sh: drop warning suppression.
Seems to not trigger anymore as of shellcheck 0.11.0
Viktor Szakats [Fri, 7 Nov 2025 15:39:29 +0000 (16:39 +0100)]
tests/data: support using native newlines on disk, drop `.gitattributes`
Data files no longer depend on mixed newline styles. Before this
patch the harness still assumed data files to use LF newlines,
ensured by `.gitattribute` and distributing sources with LF newlines.
To allow using platform native newlines (CRLF on Windows typically),
update the test harness to support data files with any newline style
on disk. And delete `.gitattributes`.
Fix to:
- load original data files (from test/data) so that their newline-style
doesn't matter on the checked out source repo, meaning it works
when its CRLF on Windows, just like any other file.
(if a BOM slips in, it's caught by `spacecheck.pl` as binary content.)
- do the same in `util.py` used by `smbserver.py` (for test 1451).
- also fix `util.py` to use us-ascii encoding for data files, replacing utf-8.
Also:
- runtests: rework the stray CR checker to allow full CRLF data files,
and keep warning for mixed newlines.
Daniel Stenberg [Mon, 10 Nov 2025 08:23:56 +0000 (09:23 +0100)]
renovate.json: drop parentheses from group names
They make git branch names using those parentheses, that need to be
quoted when used with git command lines. Avoid parentheses for easier to
use branch names.
Viktor Szakats [Sun, 9 Nov 2025 18:37:28 +0000 (19:37 +0100)]
tests/server: do not fall back to original data file in `test2fopen()`
Before this patch servers were loading the original data source file
(from `tests/data/test*`) if they failed to open the preprocessed data
file.
It was causing issues in many (most?) tests, because original data files
are not preprocessed, thus may be incomplete and/or come with wrong
newline characters. It's also causing difficult to diagnose issues when
a test accidentally references another test's data, which by chance
makes the test pass initially, until either that or the executed test
data gets an update, and breaking it, as seen in #19329.
Historically, the fallback existed first, then the preprocessed copy.
The fallback is no longer used by tests (except by stray accidents).
Fix it by dropping the fallback logic and relying on the preprocessed
data file saved there by the runtests framework.
Also fix two remaining test data cross-references:
- test1565: reference own server input data instead of test1's.
- test3014: reference own server input data instead of test1439's.
Ref: #19398
Viktor Szakats [Sat, 8 Nov 2025 01:27:23 +0000 (02:27 +0100)]
cmake: adjust defaults for target platforms not supporting shared libs
If CMake reports the target platform not supporting shared libs, turn
`BUILD_SHARED_LIBS` off by default. CMake 3.30+ fails with an error
when trying to create a `SHARED` target for such platforms. Earlier
versions used a workaround that may or may not have worked in practice.
Viktor Szakats [Sat, 8 Nov 2025 21:54:08 +0000 (22:54 +0100)]
GHA/linux: stop disabling TLS-SRP tests in event-based & duphandle jobs
They were disabled since these jobs ran in Zuul. The tests are 320, 321,
322, 323, 324. Of which, 323 runs in CI, the rest needs `gnutls-serv`
with SRP enabled, which is not available in current jobs and no longer
offered by Ubuntu's `gnutls-bin` package. 324 doesn't appear as
a skipped test, 323 seems to be running fine, the rest are logged as
skipped. This suggests it's safe to drop the exceptions.
Viktor Szakats [Sat, 8 Nov 2025 12:54:11 +0000 (13:54 +0100)]
GHA/linux: build and test LibreSSL with Fil-C curl, enable pytests
Build and cache LibreSSL locally with Fil-C and enable it in the Fil-C
job.
Also:
- disable test 776 in the Fil-C job. It fails consistently, and due to
flakiness seen earlier its result is disabled. In this job it seems to
be adding 1 to 9 minues to the test run step and fails consistently.
- include Fil-C version in the LibreSSL cache key to prepare for Fil-C
ABI changes.
- GHA/linux: fully quote `tflags` values to avoid breaking YAML.
Tested and confirmed working with OpenSSL too, but ended up with
LibreSSL for faster, smaller builds.
Stefan Eissing [Sat, 8 Nov 2025 13:28:38 +0000 (14:28 +0100)]
vtls: fix CURLOPT_CAPATH use
A regression in curl 8.17.0 led to a customer CAPATH set by the
application (or the curl command) to be ignored unless licurl was built
with a default CAPATH.
Add test cases using `--capath` on the custom pytest CA, generated with
the help of the openssl command when available.
Viktor Szakats [Thu, 6 Nov 2025 22:59:16 +0000 (23:59 +0100)]
GHA/linux: add minimal Fil-C build with tests
Requirements for Fil-C:
- not to accidentally pick up system headers. E.g. from `/usr/include`
on Linux. It can happen when any dependency is auto-detected on this
header path. This makes Fil-C find the wrong system headers, which
in turn breaks the configuration step in subtle ways (with CMake) and
less subtle ways (autotools). Then CMake ends up running into an error
while compiling.
- build all dependencies with Fil-C too.
(this patch doesn't build any dependencies yet.)
- "unity" mode disabled. It should work, but needs a lot of memory and
slower than a standard compiler, or a Fil-C non-unity build.
- x86_64 Linux host platform when using the pre-built toolchain.
Observations on a minimal, static build made with no dependencies and
Fil-C 0.674 (based on clang 20.1.8).
- curl tool sizes:
- cmake, default, w/o -O: 30 MB (gcc 14.2.0: 1.7 MB)
- cmake, default, w/o -O, stripped: 29.6 MB (gcc: 1.4 MB)
- cmake, Release, -O3: 7.2 MB (gcc: 1 MB)
- cmake, Release, -O3, stripped: 6.8 MB (gcc: 0.93 MB)
- autotools, default, -O2: 7 MB
- libcurl.a size is 32 MB (cmake, default, w/o -O) (gcc: 2.7 MB)
- build times 3-3.5x longer (compared to system gcc 14.2.0):
- all runtests available pass OK.
- all pytests skipped due to missing features/dependencies.
- shared libcurl builds also work (cmake, default: 25 MB libcurl.so and
5.75 MB (5.6 stripped) curl tool)
- autotools works fine too, with dependencies disabled or set to avoid
`/usr/include`.
x2018 [Fri, 7 Nov 2025 16:43:51 +0000 (00:43 +0800)]
rtmp: precaution for a potential integer truncation
On some platforms, socket descriptors may use types larger than int.
When these values exceed INT_MAX, conversion to int can truncate to
negative values causing RTMP connection failures, and even accidentally
affect other socket when high-value descriptors map to existing
lower-value sockets after integer conversion. This check ensures socket
values are within the safe range before passing them to the RTMP
library.
x2018 [Thu, 6 Nov 2025 17:59:00 +0000 (01:59 +0800)]
lib: refactor the type of funcs which have useless return and checks
Some internal functions always return CURLE_OK.
- Curl_http_proxy_get_destination() does that from bb4032a, (2 years
ago) And the original inline code does not need to check the status.
- Curl_wildcard_init() does that from e60fe20. (8 years ago)
- Curl_initinfo() does that from a very beginning.
- Curl_pgrsSetDownloadCounter() did not have a return before 914e49b, ad051e1 recovered its content (2 years ago) but did not completely
recovered the changes related to it.
- auth_digest_get_qop_values() does that from 676de7f.
This directly changes their type to void and cleaned the remaining
checks for their return value.
Calls that allocate data, like duplicating strings, can fail because of
lack of memory which could then leave the option unset and curl would
unknowingly continue (if the memory shortage was momentary).
Daniel Stenberg [Thu, 6 Nov 2025 22:39:56 +0000 (23:39 +0100)]
setopt: when setting bad protocols, don't store them
Both CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR would
previously return error on bad input but would wrongly still store and
keep the partial (unacceptable) result in the handle.
Daniel Stenberg [Thu, 6 Nov 2025 22:14:04 +0000 (23:14 +0100)]
tool_paramhlp: refuse --proto remove all protocols
curl is for transfers so disabling all protocols has to be a mistake.
Previously it would allow this to get set (even if curl_easy_setopt()
returns an error for it) and then let libcurl return error instead.
Viktor Szakats [Mon, 3 Nov 2025 20:38:35 +0000 (21:38 +0100)]
tests: replace remaining CR bytes with the new macro `%CR`
There is no more mixed-newline file in the repository after this patch.
Except for`.bat` and `.sln` files (4 in total), all files use LF
newlines.
Also:
- `spacecheck.pl`: drop mixed-EOL exception for test data.
- runtests: add option `-w` to check if test data has stray CR bytes in
them.
- build: enable the option above in test targets, except the CI-specific
one where `spacecheck.pl` does this job already.
- tested OK (with expected failures) in CI with stray CRs added.
- cmake: enable option `-a` for the `tests` target. To continue testing
after a failed test.
Viktor Szakats [Wed, 5 Nov 2025 18:53:30 +0000 (19:53 +0100)]
conncache: silence `-Wnull-dereference` on gcc 14 RISC-V 64
A false positive that appeared after a recent patch for no reason.
Seen in curl-for-win unity native Linux builds on debian:testing and
debian:trixie with gcc 14.3.0 and 14.2.0 respectively:
```
-- curl version=[8.17.1-DEV]
-- The C compiler identification is GNU 14.2.0
-- Cross-compiling: Linux/x86_64 -> Linux/riscv64
[...]
lib/conncache.c: In function 'Curl_cpool_conn_now_idle':
lib/conncache.c:539:11: error: null pointer dereference [-Werror=null-dereference]
539 | if(!data->multi->maxconnects) {
| ~~~~^~~~~~~
```
Ref: https://github.com/curl/curl-for-win/actions/runs/19111497271/job/54609512969#step:3:5788
```
-- The C compiler identification is GNU 14.3.0
```
Ref: https://github.com/curl/curl-for-win/actions/runs/19111497271/job/54609512899#step:3:5801
Viktor Szakats [Tue, 4 Nov 2025 17:37:49 +0000 (18:37 +0100)]
gnutls: report accurate error when TLS-SRP is not built-in
With GnuTLS 3.8.0+ the build-time SRP feature detection always succeeds.
It's also disabled by default in these GnuTLS versions.
When using TLS-SRP without it being available in GnuTLS, report
the correct error code `CURLE_NOT_BUILT_IN`, replacing the out of memory
error reported before this patch.
Also add comments to autotools and cmake scripts about this feature
detection property.
Detecting it at build-time would need to run code which doesn't work
in cross-builds. Once curl requires 3.8.0 as minimum, the build-time
checks can be deleted.
```
# before:
curl: (27) gnutls_srp_allocate_client_cred() failed: An unimplemented or disabled feature has been requested.
# after:
curl: (4) GnuTLS: TLS-SRP support not built in: An unimplemented or disabled feature has been requested.
```
Viktor Szakats [Wed, 5 Nov 2025 01:50:42 +0000 (02:50 +0100)]
GHA/checksrc: add actionlint, fix or silence issues found
It also does shellcheck on `run:` elements, overlapping with
the homegrown `shellcheck-ci.sh` with the same purpose. But it also does
more and perhaps could replace the script too, especially in curl
sub-repos.
x2018 [Tue, 4 Nov 2025 18:16:54 +0000 (02:16 +0800)]
gtls: add return checks and optimize the code
This commit does the following things:
1. Update the description of gtls_init()
2. In gtls_client_init(), check the invaild SSLVERSION at first. Note
that this part refactors the duplicate/incompatible checks and removes
the useless local variable `sni`.
3. Check the return value of gnutls_ocsp_resp_init(). Although the
original code is safe because gnutls_ocsp_resp_import() will check
the validity of `ocsp_resp`, it is better to catch the error in time
and record the proper message to output log.
Viktor Szakats [Tue, 4 Nov 2025 14:26:29 +0000 (15:26 +0100)]
cmake: fix `HAVE_GNUTLS_SRP` detection after adding local FindGnuTLS module
When GnuTLS is detected via pkg-config on a non-default path, e.g. with
Homebrew arm64 (`/opt/homebrew/`).
This was a regression from a commit made in this release cycle.
The Find module doesn't return an absolute path to the detected library
(as the former solution did), but a bare libname and a libpath. We thus
need to explicitly use the libpath while detecting a feature in GnuTLS
found this way. Syncing this with other dependencies.
Daniel Stenberg [Tue, 4 Nov 2025 10:22:32 +0000 (11:22 +0100)]
tests: remove most user-agent filters
Use the %VERSION instead. The user-agent stripping was introduced at the
time before we had %VERSION (introduced in e6b21d4). The tests would
then remove the user-agent header to make them possible to be compared
in a version independent way.
Fixes #19355 Reported-by: Stefan Eissing
Closes #19356
projects / thirdparty / curl.git / log
