Stefan Eissing [Wed, 12 Nov 2025 14:58:49 +0000 (15:58 +0100)]
lib: eliminate size_t casts
Add new functions in `curlx/warnless.h` for controlled type
conversions:
* curlx_uitouz, convert unsigned into to size_t (should always work)
* curlx_uztoso, convert size_t to curl_off_t, capping at CURL_OFF_T_MAX
* curlx_sztouz, convert ssize_t to size_t, return TRUE when ok
* curlx_sotouz_range, convert curl_off_t to size_t interval, capping
values to interval bounds
Remove some unnecesary casts, convert some internal recv functions
to the "return result, have size_t* arg" pattern.
Stefan Eissing [Wed, 12 Nov 2025 11:15:42 +0000 (12:15 +0100)]
lib: rename curlx_timediff to curlx_timeleft_ms
Rename `Curl_timeleft()` to `Curl_timeleft_ms()` to make the units in
the returned `timediff_t` clear. (We used to always have ms there, but
with QUIC started to sometimes calc ns as well).
Rename some assigned vars without `_ms` suffix for clarity as well.
Daniel Stenberg [Wed, 12 Nov 2025 12:16:33 +0000 (13:16 +0100)]
cookie: propagate errors better, cleanup the internal API
Overhaul of the internal cookie APIs and an attempt to better return
errors for OOM and similar critical problems, separate from ordinary and
benign parsing problems.
Viktor Szakats [Wed, 12 Nov 2025 16:26:27 +0000 (17:26 +0100)]
runtests: allow `client/command` to span multiple lines, and use it
Some curl command-lines are long, often repetitive, and difficult
to read or write:
Before this patch (1 test == 1 line):
- <=78 characters: 1099 tests
- 79-132 characters: 500 tests
- 133+ characters: 217 tests: patch meant to help with some of these.
After this patch:
- <=78 characters: 1288 lines
- 79-132 characters: 526 lines
- 133+ characters: 190 lines
After this patch it's possible to fold long lines into multiple ones.
Folding can reduce greppability, thus this is primarily useful for cases
when the options are repetitive, e.g. a list of form options, headers,
mail parameters and the like.
Viktor Szakats [Wed, 12 Nov 2025 09:27:36 +0000 (10:27 +0100)]
test2405: split off H2 tests to new test 2407, fix callback prototype
To untangle the different curl/server requirements of these tests.
Also to make this test run for non-H2 builds. Searching the cause of
the flakiness documented in #19481.
Also:
- fix the callback function prototype. Detected by ASAN with this patch,
though the issue was pre-existing.
```
lib/cw-out.c:211:14: runtime error: call to function emptyWriteFunc
through pointer to incorrect function type
'unsigned long (*)(char *, unsigned long, unsigned long, void *)'
tests/libtest/lib2405.c:72: note: emptyWriteFunc defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib/cw-out.c:211:14
```
Ref: https://github.com/curl/curl/actions/runs/19296686908/job/55180334364?pr=19487#step:44:3768
Viktor Szakats [Wed, 12 Nov 2025 09:17:48 +0000 (10:17 +0100)]
test2405: report `fd_count*` variables on failure
This test is frequently failing in macOS !ssl jobs:
"curl_multi_waitfds() should return at least the number of fds needed":
https://github.com/curl/curl/actions/runs/19290229745/job/55159015942 AM clang !ssl !debug brotli zstd
https://github.com/curl/curl/actions/runs/19289578332/job/55157058146 AM clang !ssl !debug brotli zstd
https://github.com/curl/curl/actions/runs/19188515879/job/54859474947 AM clang !ssl
https://github.com/curl/curl/actions/runs/19165077858/job/54783776869 AM clang !ssl libssh2 AppleIDN
https://github.com/curl/curl/actions/runs/19046554157/job/54396096298 AM gcc-12 !ssl !debug
"curl_multi_waitfds() should return the amount of fds needed if enough isn't passed in":
https://github.com/curl/curl/actions/runs/19184546172/job/54848549080 AM gcc-13 !ssl !debug
Also high on the test clutch list:
2405 FAIL times: 165
Ref: https://testclutch.curl.se/static/reports/results-count.html
Viktor Szakats [Tue, 11 Nov 2025 16:43:06 +0000 (17:43 +0100)]
badwords: re-sync with curl-www, fix issues found
Also:
- replace `manpage` with `man page`, add to `badwords.txt`.
- badwords.pl: import `-w` feature from curl-www, syncing the two
scripts fully.
- badwords.txt: import missing items from curl-www, syncing the two
files fully.
- pyspelling.words: drop `cURL` allowed word.
Daniel Stenberg [Tue, 11 Nov 2025 13:39:20 +0000 (14:39 +0100)]
ftp: remove #ifdef for define that is always defined
The CURL_FTP_HTTPSTYLE_HEAD logic was added back in 2007 with the
intention to remove that logic one day, but since we never bump the
SONAME it is not likely to happen anytime soon. Remove again for
readability.
Daniel Stenberg [Sun, 9 Nov 2025 23:46:53 +0000 (00:46 +0100)]
progress: show fewer digits
Without unit, show up to 99999 "raw" (5 digits). After that, prefer to
show the number as less than 1000 per unit and use single decimal
fraction. Like '123.4M' (spending 6 characters).
This now makes the largest possible size to show 8.0E (exabytes).
Probably makes the output easier to read.
Fixes #19431 Reported-by: Fd929c2CE5fA on github
Closes #19433
Viktor Szakats [Mon, 10 Nov 2025 15:54:57 +0000 (16:54 +0100)]
OS400/makefile.sh: fix shellcheck warning SC2038
Also:
- OS400/makefile.sh: use end-of-options marker in xargs command.
- OS400/make-tests.sh: drop warning suppression.
Seems to not trigger anymore as of shellcheck 0.11.0
Viktor Szakats [Fri, 7 Nov 2025 15:39:29 +0000 (16:39 +0100)]
tests/data: support using native newlines on disk, drop `.gitattributes`
Data files no longer depend on mixed newline styles. Before this
patch the harness still assumed data files to use LF newlines,
ensured by `.gitattribute` and distributing sources with LF newlines.
To allow using platform native newlines (CRLF on Windows typically),
update the test harness to support data files with any newline style
on disk. And delete `.gitattributes`.
Fix to:
- load original data files (from test/data) so that their newline-style
doesn't matter on the checked out source repo, meaning it works
when its CRLF on Windows, just like any other file.
(if a BOM slips in, it's caught by `spacecheck.pl` as binary content.)
- do the same in `util.py` used by `smbserver.py` (for test 1451).
- also fix `util.py` to use us-ascii encoding for data files, replacing utf-8.
Also:
- runtests: rework the stray CR checker to allow full CRLF data files,
and keep warning for mixed newlines.
Daniel Stenberg [Mon, 10 Nov 2025 08:23:56 +0000 (09:23 +0100)]
renovate.json: drop parentheses from group names
They make git branch names using those parentheses, that need to be
quoted when used with git command lines. Avoid parentheses for easier to
use branch names.
Viktor Szakats [Sun, 9 Nov 2025 18:37:28 +0000 (19:37 +0100)]
tests/server: do not fall back to original data file in `test2fopen()`
Before this patch servers were loading the original data source file
(from `tests/data/test*`) if they failed to open the preprocessed data
file.
It was causing issues in many (most?) tests, because original data files
are not preprocessed, thus may be incomplete and/or come with wrong
newline characters. It's also causing difficult to diagnose issues when
a test accidentally references another test's data, which by chance
makes the test pass initially, until either that or the executed test
data gets an update, and breaking it, as seen in #19329.
Historically, the fallback existed first, then the preprocessed copy.
The fallback is no longer used by tests (except by stray accidents).
Fix it by dropping the fallback logic and relying on the preprocessed
data file saved there by the runtests framework.
Also fix two remaining test data cross-references:
- test1565: reference own server input data instead of test1's.
- test3014: reference own server input data instead of test1439's.
Ref: #19398
Viktor Szakats [Sat, 8 Nov 2025 01:27:23 +0000 (02:27 +0100)]
cmake: adjust defaults for target platforms not supporting shared libs
If CMake reports the target platform not supporting shared libs, turn
`BUILD_SHARED_LIBS` off by default. CMake 3.30+ fails with an error
when trying to create a `SHARED` target for such platforms. Earlier
versions used a workaround that may or may not have worked in practice.
Viktor Szakats [Sat, 8 Nov 2025 21:54:08 +0000 (22:54 +0100)]
GHA/linux: stop disabling TLS-SRP tests in event-based & duphandle jobs
They were disabled since these jobs ran in Zuul. The tests are 320, 321,
322, 323, 324. Of which, 323 runs in CI, the rest needs `gnutls-serv`
with SRP enabled, which is not available in current jobs and no longer
offered by Ubuntu's `gnutls-bin` package. 324 doesn't appear as
a skipped test, 323 seems to be running fine, the rest are logged as
skipped. This suggests it's safe to drop the exceptions.
Viktor Szakats [Sat, 8 Nov 2025 12:54:11 +0000 (13:54 +0100)]
GHA/linux: build and test LibreSSL with Fil-C curl, enable pytests
Build and cache LibreSSL locally with Fil-C and enable it in the Fil-C
job.
Also:
- disable test 776 in the Fil-C job. It fails consistently, and due to
flakiness seen earlier its result is disabled. In this job it seems to
be adding 1 to 9 minues to the test run step and fails consistently.
- include Fil-C version in the LibreSSL cache key to prepare for Fil-C
ABI changes.
- GHA/linux: fully quote `tflags` values to avoid breaking YAML.
Tested and confirmed working with OpenSSL too, but ended up with
LibreSSL for faster, smaller builds.
Stefan Eissing [Sat, 8 Nov 2025 13:28:38 +0000 (14:28 +0100)]
vtls: fix CURLOPT_CAPATH use
A regression in curl 8.17.0 led to a customer CAPATH set by the
application (or the curl command) to be ignored unless licurl was built
with a default CAPATH.
Add test cases using `--capath` on the custom pytest CA, generated with
the help of the openssl command when available.
Viktor Szakats [Thu, 6 Nov 2025 22:59:16 +0000 (23:59 +0100)]
GHA/linux: add minimal Fil-C build with tests
Requirements for Fil-C:
- not to accidentally pick up system headers. E.g. from `/usr/include`
on Linux. It can happen when any dependency is auto-detected on this
header path. This makes Fil-C find the wrong system headers, which
in turn breaks the configuration step in subtle ways (with CMake) and
less subtle ways (autotools). Then CMake ends up running into an error
while compiling.
- build all dependencies with Fil-C too.
(this patch doesn't build any dependencies yet.)
- "unity" mode disabled. It should work, but needs a lot of memory and
slower than a standard compiler, or a Fil-C non-unity build.
- x86_64 Linux host platform when using the pre-built toolchain.
Observations on a minimal, static build made with no dependencies and
Fil-C 0.674 (based on clang 20.1.8).
- curl tool sizes:
- cmake, default, w/o -O: 30 MB (gcc 14.2.0: 1.7 MB)
- cmake, default, w/o -O, stripped: 29.6 MB (gcc: 1.4 MB)
- cmake, Release, -O3: 7.2 MB (gcc: 1 MB)
- cmake, Release, -O3, stripped: 6.8 MB (gcc: 0.93 MB)
- autotools, default, -O2: 7 MB
- libcurl.a size is 32 MB (cmake, default, w/o -O) (gcc: 2.7 MB)
- build times 3-3.5x longer (compared to system gcc 14.2.0):
- all runtests available pass OK.
- all pytests skipped due to missing features/dependencies.
- shared libcurl builds also work (cmake, default: 25 MB libcurl.so and
5.75 MB (5.6 stripped) curl tool)
- autotools works fine too, with dependencies disabled or set to avoid
`/usr/include`.
x2018 [Fri, 7 Nov 2025 16:43:51 +0000 (00:43 +0800)]
rtmp: precaution for a potential integer truncation
On some platforms, socket descriptors may use types larger than int.
When these values exceed INT_MAX, conversion to int can truncate to
negative values causing RTMP connection failures, and even accidentally
affect other socket when high-value descriptors map to existing
lower-value sockets after integer conversion. This check ensures socket
values are within the safe range before passing them to the RTMP
library.
projects / thirdparty / curl.git / log
