Viktor Szakats [Tue, 9 Sep 2025 13:29:12 +0000 (15:29 +0200)]
build: avoid overriding system symbols for socket functions
Before this patch `accept4()`, `socket()`, `socketpair()`, `send()` and
`recv()` system symbols were remapped via macros, using the same name,
to local curl debug wrappers. This patch replaces these overrides by
introducing curl-namespaced macros that map either to the system symbols
or to their curl debug wrappers in `CURLDEBUG` (TrackMemory) builds.
This follows a patch that implemented the same for `accept()`.
The old method required tricks to make these redefines work in unity
builds, and avoid them interfering with system headers. These tricks
did not work for system symbols implemented as macros.
The new method allows to setup these mappings once, without interfering
with system headers, upstream macros, or unity builds. It makes builds
more robust.
Also:
- checksrc: ban all mapped functions.
- docs/examples: tidy up checksrc rules.
Daniel Stenberg [Sat, 20 Sep 2025 09:31:54 +0000 (11:31 +0200)]
tool_cb_hdr: size is always 1
- add comment in the header that the argument 'size' is always 1,
as guaranteed by the libcurl API
- then fix the call to fwrite() to avoid using "size, etag_length" which
would be wrong if size was something else than 1, and use a fixed
number there instead.
Viktor Szakats [Thu, 4 Sep 2025 09:56:33 +0000 (11:56 +0200)]
build: address some `-Weverything` warnings, update picky warnings
`-Weverything` is not enabled by curl, and not recommended by LLVM,
because it may enable experimental options, and will result in new
fallouts after toolchain upgrades. This patch aims to fix/silence as much
as possible as found with llvm/clang 21.1.0. It also permanently enables
warnings that were fixed in source and deemed manageable in the future.
`-Wformat` warnings are addressed separately via #18343.
Fix/silence warnings in the source:
- typecheck-gcc.h: fix `-Wreserved-identifier`.
- lib: silence `-Wcast-function-type-strict`.
For llvm 16+ or Apple clang 16+.
- asyn-ares: limit `HAPPY_EYEBALLS_DNS_TIMEOUT` to old c-ares versions.
- curl_trc: fix `-Wc++-hidden-decl`.
- doh: fix `-Wc++-keyword`.
- ftp: fix `-Wreserved-identifier`.
- ldap: fix `-Wreserved-identifier`.
- mqtt: comment unused macro to avoid warning.
- multi_ev: drop unused macros to avoid warnings.
- setopt: fix useless `break;` after `return;`.
- gtls, mbedtls, rustls: silence `-Wconditional-uninitialized`.
- socks_sspi, schannel, x509asn1: fix `-Wimplicit-int-enum-cast`.
- x509asn1: fix `-Wc++-keyword`.
- openssl: scope `OSSL_UI_METHOD_CAST` to avoid unused macro warning.
- libssh2, wolfssl: drop unused macros.
- curl_ngtcp2, curl_quiche, httpsrr, urlapi: drop/limit unused macros.
- tool_getparam: fix useless `break;` after `return;` or `break;`.
Not normally enabled because it doesn't work with unity.
https://github.com/llvm/llvm-project/issues/71046
- tool_operate: fix `-Wc++-keyword`.
- curlinfo: fix a `-Wunsafe-buffer-usage`.
- tests: silence `-Wformat-non-iso`.
- lib557: fix `-Wreserved-identifier`.
- lib1565: silence `-Wconditional-uninitialized`.
Enable the above clang warnings permanently in picky mode:
- `-Wc++-hidden-decl`
- `-Wc++-keyword` (except for Windows, where it collides with `wchar_t`)
- `-Wcast-function-type-strict`
- `-Wcast-function-type`
- `-Wconditional-uninitialized`
- `-Wformat-non-iso` (except for clang-cl)
- `-Wreserved-identifier`
- `-Wtentative-definition-compat`
Silence problematic `-Weverything` warnings globally (in picky mode):
- `-Wused-but-marked-unused` (88000+ hits) and
`-Wdisabled-macro-expansion` (2600+ hits).
Triggered by `typecheck-gcc.h` when building with clang 14+.
Maybe there exists a way to fix within that header?
Ref: https://discourse.llvm.org/t/removing-wused-but-marked-unused/55310
- `-Wunsafe-buffer-usage`. clang 16+. 7000+ hits.
May be useful in theory, but such high volume of hits makes it
impractical to review and possibly address. Meant for C++.
Ref: https://clang.llvm.org/docs/SafeBuffers.html
Ref: https://stackoverflow.com/questions/77017567/how-to-fix-code-to-avoid-warning-wunsafe-buffer-usage
Ref: https://discourse.llvm.org/t/rfc-c-buffer-hardening/65734
Ref: https://github.com/llvm/llvm-project/pull/111624
- `-Wimplicit-void-ptr-cast`. clang 21+. 1700+ hits.
C++ warning, deemed pure noise.
Ref: https://github.com/curl/curl/issues/18470#issuecomment-3253506266
- `-Wswitch-default` (180+ hits), `-Wswitch-enum` (190+ hits),
`-Wcovered-switch-default` (20+ hits).
Next to impossible to fix cleanly, esp. when the covered `case`
branches depend on compile-time options.
- `-Wdocumentation-unknown-command` (8+ hits).
Triggered in a few sources. Seems arbitrary and bogus.
- `-Wpadded` (550+ hits).
- `-Wc++-keyword` on Windows, where it collides with `wchar_t`.
(100+ hits)
Ref: https://github.com/llvm/llvm-project/issues/155988
- `-Wreserved-macro-identifier`. clang 13+. 5+ hits.
Sometimes it's necessary to set external macros that use
the reserved namespace. E.g. `_CRT_NONSTDC_NO_DEPRECATE`,
`__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__`, `__NO_NET_API`,
possibly `_REENTRANT`, and more.
It's not worth trying to silence them individually.
- `-Wnonportable-system-include-path` with `clang-cl`.
It'd be broken by doing what the warning suggests.
- `-Wformat-non-iso` for clang-cl.
CMake `PICKY_COMPILER=ON` (the default) or `./configure`
`--enable-warnings` (not the default) is required to enable these
silencing rules.
Also:
- autotools, cmake: fix Apple clang and mainline llvm version translations.
Ref: https://en.wikipedia.org/wiki/Xcode#Toolchain_versions
- autotools, cmake: enable `-Warray-compare` for clang 20+.
Follow-up to 4b7accda5ae3f2e663aa3f3853805241ef87c2fe #17196
- cmake: fix to enable `-Wmissing-variable-declarations` at an earlier
clang version.
- cmake: update internal logic to handle warning options with `+` in
them.
- cmake: fix internal logic to match the whole option when looking
into `CMAKE_C_FLAGS` for custom-disabled warnings.
Viktor Szakats [Sun, 7 Sep 2025 19:42:41 +0000 (21:42 +0200)]
windows: stop passing unused, optional argument for Win9x compatibility
Expiry timestamp in `AcquireCredentialsHandle()` (SSPI) and
`InitializeSecurityContext()` (Schannel) calls. The argument is optional
in both. The returned value was never used in curl. The reason for
passing it was Windows 95 compatibility, according to comments in
the SSPI code. curl no longer supports Windows 95.
Viktor Szakats [Fri, 5 Sep 2025 08:44:06 +0000 (10:44 +0200)]
tidy-up: avoid using the reserved macro namespace
To avoid hitting `-Wreserved-macro-identifier` where possible.
- amigaos: introduce local macro instead of reusing `__request()`.
- easy_lock: avoid redefining `__has_builtin()`.
Follow-up to 33fd57b8fff8c0d873da2316a2a7f911caac2bae #9062
- rand: drop interim macro `_random()`.
- windows: rename local macro `_tcsdup()` to `Curl_tcsdup()`.
To avoid using the reserved macro namespace and to avoid
colliding with `_tcsdup()` as defined by Windows headers.
- checksrc: ban `_tcsdup()` in favor of `Curl_tcsdup()`.
- tool_doswin: avoid redefining `_use_lfn()` (MS-DOS).
- tool_findfile: limit `__NO_NET_API` hack to AmigaOS.
Syncing this pattern with `lib/netrc.c`.
Follow-up to 784a8ec2c1a3cc4bd676077a28a0d5f6ee7786a5 #16279
- examples/http2-upload: avoid reserved namespace for local macro.
More cases will be removed when dropping WinCE support via #17927.
Cases remain when defining external macros out of curl's control.
Viktor Szakats [Fri, 1 Aug 2025 19:09:52 +0000 (21:09 +0200)]
windows: replace `_beginthreadex()` with `CreateThread()`
Replace `_beginthreadex()` C runtime calls with native win32 API
`CreateThread()`. The latter was already used in `src/tool_doswin.c`
and in UWP and Windows CE builds before this patch. After this patch
all Windows flavors use it. To drop PP logic and simplify code.
While working on this it turned out that `src/tool_doswin.c` calls
`TerminateThread()`, which isn't recommended by the documentation,
except for "the most extreme cases". This patch makes no attempt
to change that code.
Ref: 9a2663322c330ff11275abafd612e9c99407a94a #17572
Ref: https://learn.microsoft.com/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminatethread
Also:
- use `WaitForSingleObjectEx()` on all desktop Windows.
Ref: 4be80d5109a340973dc6ce0221ec5c5761587df0
Ref: https://sourceforge.net/p/curl/feature-requests/82/
Ref: https://learn.microsoft.com/windows/win32/api/synchapi/nf-synchapi-waitforsingleobjectex
- tests: drop redundant casts.
- lib3207: fix to not rely on thread macros when building without thread
support.
Daniel Stenberg [Fri, 19 Sep 2025 11:47:16 +0000 (13:47 +0200)]
base64: accept zero length argument to base64_encode
We used to treat 0 as "call strlen() to get the length" for
curlx_base64_encode, but it turns out this is rather fragile as we
easily do the mistake of passing in zero when the data is actually not
there and then calling strlen() is wrong.
Force the caller to pass in the correct size. A zero length input string
now returns a zero length output and a NULL pointer.
Daniel Stenberg [Fri, 19 Sep 2025 13:59:57 +0000 (15:59 +0200)]
cookie: avoid saving a cookie file if no transfer was done
Because parts of the cookie loading happens on transfer start the
in-memory cookie jar risks being incomplete and then a save might
wrongly truncate the target file.
Added test 1902 to verify.
Reported-by: divinity76 on github
Fixes #18621
Closes #18622
Viktor Szakats [Fri, 19 Sep 2025 08:19:29 +0000 (10:19 +0200)]
GHA/codeql: try disabling the TRAP cache
The `cpp` CodeQL job is adding a cache entry for each run on the master
branch. One for Linux, another for Windows. Size: 68MB + 180MB = 248MB.
In one week we got 50+ such entries, almost filling the available cache
space.
Following the recommendation in an open issue thread, this patch tries
to disable this cache. Since it only affects master, the effect can only
be verified after merging.
The latest cache is picked up in PRs. The performance impact is also to
be seen after merge.
At that time this was a reasonable concern because libssh2 started
null-terminating this string just one year prior, in 2005:
https://github.com/libssh2/libssh2/commit/efc3841fd2c2c945e96492e9089e4d1810709d53
This fix was released in libssh2 v0.13 (2006-03-02).
curl requires libssh2 v1.2.8, making this workaround no longer necessary.
tftp: propagate expired timer from tftp_state_timeout()
When Curl_timeleft() < 0 we used to return 0, masking the expiry and
skipping the callerâs (timeout_ms < 0) path. Now we set FIN and return
the negative value so tftp_multi_statemach() aborts with
CURLE_OPERATION_TIMEDOUT as intended.
Jay Satiro [Thu, 18 Sep 2025 06:07:17 +0000 (02:07 -0400)]
socks_sspi: Fix some memory cleanup calls
- Ensure memory allocated by malloc() is freed by free().
Prior to this change SSPI's FreeContextBuffer() was sometimes used to
free malloc'd memory. I can only assume the reason we have no crash
reports about this is because the underlying heap free is probably the
same for both.
Stefan Eissing [Thu, 18 Sep 2025 09:10:45 +0000 (11:10 +0200)]
cfilter: unlink and discard
Rewrite the code that removes a filter from the connection and discards
it. Always look at the connection, otherwise it will not work of the
filter is at the top of the chain.
Change QUIC filter setup code to always tear down the chain in
construction when an error occured.
HTTP proxy, do not remove the h1/h2 sub filter on close. Leave it to be
discarded with the connection. Avoids keeping an additional pointer that
might become dangling.
Triggered by a reported on a code bug in discard method.
For multiple enums, we use LASTENTRY values to do range checks when
receiving an option as integer. So I added LASTENTRY, so the check will
work, even if you add more options later.
Daniel Stenberg [Wed, 17 Sep 2025 09:53:33 +0000 (11:53 +0200)]
managen: render better manpage references/links
- When an option name is used in text, this script no longer outputs the
short plus long version in the manpage output. It makes the text much
more readable.
This always showing both verions was previously done primarily to make
sure roffit would linkify it correctly, but since roffit 0.17 it
should link both long or short names correctly.
- When managen outputs generic text about options at the end of the
description it now highlights them properly so that they too get
linkified correctly in the HTML version. For consistency.
Viktor Szakats [Tue, 16 Sep 2025 08:49:14 +0000 (10:49 +0200)]
cmake: fix building docs when the base directory contains `.3`
Fixing:
```
ninja: error: '<...>/basedir.md/_bld/docs/libcurl/libcurl-symbols.md',
needed by 'docs/libcurl/curl_easy_cleanup.3', missing and no known rule to make it
```
Viktor Szakats [Mon, 15 Sep 2025 19:03:52 +0000 (21:03 +0200)]
GHA/codeql: enable more build options, build servers and tunits
- add HTTP/3 build with OpenSSL 3.5, nghttp3 and ngtcp2.
- enable GSASL, Heimdal, rtmp, SSLS-export.
- make one build MultiSSL with GnuTLS, mbedTLS, Rustls, wolfSSL.
- build servers (also on Windows), and tunits.
- use Linuxbrew to install build dependencies missing from Ubuntu.
Stefan Eissing [Sat, 13 Sep 2025 13:25:53 +0000 (15:25 +0200)]
asyn-thrdd: drop pthread_cancel
Remove use of pthread_cancel in asnyc threaded resolving. While there
are system where this works, others might leak to resource leakage
(memory, files, etc.). The popular nsswitch is one example where resolve
code can be dragged in that is not prepared.
The overall promise and mechanism of pthread_cancel() is just too
brittle and the historcal design of getaddrinfo() continues to haunt us.
Fixes #18532 Reported-by: Javier Blazquez
Closes #18540
Viktor Szakats [Sun, 14 Sep 2025 10:38:29 +0000 (12:38 +0200)]
GHA/distcheck: disable `man-db/auto-update`
Make sure to not rebuild man pages after purging system curl, to make
the job faster and avoid timeouts:
```
Sun, 14 Sep 2025 10:16:28 GMT Removing curl (8.5.0-2ubuntu10.6) ...
Sun, 14 Sep 2025 10:16:28 GMT Processing triggers for man-db (2.12.0-4build2) ...
Sun, 14 Sep 2025 10:21:22 GMT (Reading database ... 218629 files and directories currently installed.)
```
Ref: https://github.com/curl/curl/actions/runs/17709785947/job/50326910814?pr=18535#step:3:19
Daniel Stenberg [Sun, 14 Sep 2025 09:44:35 +0000 (11:44 +0200)]
TODO: remove already implemented or bad items
- remove "connect to multiple IPs in parallel"
- remove "CURLOPT_RESOLVE for any port number", It can already be
accomplished with CURLOPT_CONNECT_TO
- remove "dynamically load modules", we don't believe in this
- remove "netrc caching and sharing", we already cache it
- remove "Offer API to flush the connection pool", this is effectively
what CURLMOPT_NETWORK_CHANGED now allows
- remove "WebSocket read callback", introduced in 8.16.0
Viktor Szakats [Sun, 14 Sep 2025 09:55:50 +0000 (11:55 +0200)]
appveyor: bump to OpenSSL 3.5, adjust to dropped 1.1.1 on VS2019
- bump OpenSSL 3.4 to 3.5 on VS2022 runners.
- bump OpenSSL 1.1.1 to 3.0 on VS2019 runners.
1.1.1 is documented to be present, but missing.
Fixes:
```
+ cmake -G 'Visual Studio 16 2019' -A x64 [...] -DOPENSSL_ROOT_DIR=C:/OpenSSL-v111-Win64 [...]
CMake Error at C:/Program Files/CMake/share/cmake-4.1/Modules/FindPackageHandleStandardArgs.cmake:227 (message):
Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the
system variable OPENSSL_ROOT_DIR (missing: OPENSSL_CRYPTO_LIBRARY
OPENSSL_INCLUDE_DIR)
Call Stack (most recent call first):
CMakeLists.txt:757 (find_package)
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/52740431/job/tq6h4xhqpa3vgq47?fullLog=true
Ref: https://www.appveyor.com/docs/windows-images-software/
Ref: https://github.com/appveyor/website/commit/9a739f7bce4a624b28ff382d58a9ebc507ab0f78
Viktor Szakats [Thu, 11 Sep 2025 17:50:40 +0000 (19:50 +0200)]
GHA/codeql: re-enable for C with the default query pack
Earlier we used `security-extended` and tried `security-and-quality`.
Try the default to see how it works.
CodeQL no longer uses the project's Actions cache, also fixing
the previously seen repeat cache entry issue.
- switch to `manual` build. It's 3x faster than the default `autobuild`.
- enable more dependencies to increase coverage.
- docs/tests/CI.md: re-add CodeQL.
Daniel Stenberg [Thu, 11 Sep 2025 15:50:59 +0000 (17:50 +0200)]
CURLOPT_MAXLIFETIME_CONN: make default 24 hours
Set a default value to only reuse existing connections if less than 24
hours old. This makes the TLS certificate check get redone for the new
connection. An application can still set it to zero.
Viktor Szakats [Thu, 11 Sep 2025 13:05:28 +0000 (15:05 +0200)]
GHA/http3-linux: fix nghttpx build and other tweaks
- fix `nghttp2` build to also build the `nghttpx` application.
Restore required `libc-ares-dev`. Also confirm that `libev-dev` is
required too. Document these requirements.
Follow-up to 0455d8772a1af20ce63c46c5738582aa9b1b8441 #18509
- explicitly enable `nghttpx` for the `nghttp2` build to make it fail if
requirements aren't met:
```
configure: error: applications were requested (--enable-app) but dependencies are not met.
```
- explicitly install brotli, zstd, zlib for the dependency builds.
Of these, zstd and zlib are preinstalled. zlib is required for
`nghttpx`. zstd and brotli doesn't seem to be used, but keep them
there just in case and to match the test env.
Follow-up to 0455d8772a1af20ce63c46c5738582aa9b1b8441 #18509
- enable brotli for `nghttpx`. It doesn't change the tests, and also
cost almost nothing, so I figure why not.
Stefan Eissing [Thu, 11 Sep 2025 12:12:04 +0000 (14:12 +0200)]
ngtcp2: check error code on connect failure
Access the error codes of ngtcp2 when a connect attempt failes. Trace
the information for analysis. Treat errors as permanent failure by
default, trigger retrying only when the server refused without
indicating an error.
Stefan Eissing [Thu, 11 Sep 2025 10:59:22 +0000 (12:59 +0200)]
quic: fix min TLS version handling
When switching to TSLv1.2 as default in 9d8998c99408e1adf8eba629fad9f87b3235bdfa, this led to an explicit
setting of 1.2 on QUIC connections when using quictls, overriding the
already set min version of 1.3.
This leads to a ClientHello with TLS 1.2+1.3 offered on a QUIC connect
which is rejected by the Caddy server. Using ngtcp2 with OpenSSL 3.5+,
GnuTLS or AWS-LC is not affected.
Fixes #18518 Reported-by: fds242 on github
Closes #18520
Viktor Szakats [Thu, 11 Sep 2025 09:20:08 +0000 (11:20 +0200)]
GHA: fix and tweak installed packages for http3-linux and Windows-cross
- explicitly install `libldap-dev` to not rely on test-specific packages
installing it implicitly, to have the same `curl -V` output for each
TLS backend build pair.
Follow-up to 0455d8772a1af20ce63c46c5738582aa9b1b8441 #18509
- install `libev-dev` for tests. It's a runtime dependency for
the local build of `nghttpx`. Missing it made pytest skip 178 tests.
Also skewing the 'Gain' time. I estimate it to account for 3 minutes,
making the total gain ~20 minutes.
Follow-up to 0455d8772a1af20ce63c46c5738582aa9b1b8441 #18509
(It may be a better solution to disable libev for the local nghttp2
build, to avoid this hidden dependency.)
- fix quiche jobs to use the local build of `libnghttp2`.
- stop installing the `clang` package for Windows-cross. `clang` and
`clang-tidy` tools are preinstalled on the Ubuntu 24.04 runner.
Viktor Szakats [Wed, 10 Sep 2025 08:25:17 +0000 (10:25 +0200)]
GHA: minimize installed packages in http3-linux and Windows cross-builds
In the last couple of months some jobs started taking a lot of time and
often timing out due to slow `apt install` from the Azure Ubuntu mirror.
The jobs affected were those that installed large packages:
GHA/http3-linux and the 3 cross-build jobs in GHA/windows.
This patch reduces the installed packaged to the minimum required
to complete the jobs. Saving a minute+ for each http3-linux job (a total
of 20+ minutes for the workflow.) Also saving bandwidth and reducing
the chance for long downloads or timeouts with slow Azure repos.
Details:
- http3: delete redundant packages from the `build-cache` job.
- http3: install gnutls dependencies for gnutls jobs only.
- http3: do not install test dependencies in jobs not running tests.
- http3: drop redundant packages from the curl jobs.
- Windows-cross: replace `mingw-w64` with `gcc-mingw-w64-x86-64-win32`
for the 3 Windows cross-build job. Dropping C++, 32-bit, and 64-bit
POSIX-threaded parts. Saving time and significant bandwidth for each
of the 3 jobs:
Download size: 277 MB -> 65 MB (installed: 1300 MB -> 400 MB)
- Windows-cross: restore previous job time limit of 15m (from 45m)
Follow-up to ff5140a25f42fef80325c6e28c4802fdb7e06386 #18163
Out of curiousity, build times as seen in the http3 build-cache job:
- TLS backends:
- openssl: 2m25s
- libressl: 27s
- aws-lc: 41s
- boringssl: 1m8s
- quictls: 1m46s
- gnutls: 6m30s
- wolfssl: 51s
- quiche + boringssl: 1m9s
- ng* libs (not yet optimized for build speed):
- nghttp3: 13s
- ngtcp2: 52s (with 6 backends, 3 runs)
- ngtcp2: 19s (boringssl)
- nghttp2: 21s
Ref: https://github.com/curl/curl/actions/runs/17626120054/job/50083344805
A similar effort in curl-for-win, affecting 2 GHA/curl-for-win Windows
jobs (though they use the default Debian repo, with no issues):
- with llvm/clang:
Download size: 648 MB -> 430 MB (installed: 3344 MB -> 2333 MB)
- with gcc:
Download size: 550 MB -> 328 MB (installed: 2815 MB -> 1804 MB)
Ref: https://github.com/curl/curl-for-win/commit/e19665d9486bdca60f996ed2e198a66128cfba38
Ref: https://github.com/curl/curl-for-win/commit/6b14c3946a8c89dc1d3847afc9501fc71f3ac628
projects / thirdparty / curl.git / log
