Viktor Szakats [Wed, 27 Sep 2023 13:40:54 +0000 (13:40 +0000)]
cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
With new option `CURL_DISABLE_SRP=ON` to force-disable it.
To match existing option and detection logic in autotools.
Also:
- fix detecting GnuTLS.
We assume `nettle` as a GnuTLS dependency.
- add CMake GnuTLS CI job.
- bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2)
TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug.
- fix compiler warning when building with GnuTLS and disabled TLS-SRP.
- fix comment typos, whitespace.
Viktor Szakats [Thu, 28 Sep 2023 10:50:07 +0000 (10:50 +0000)]
tool: use our own stderr variable
Earlier this year we changed our own stderr variable to use the standard
name `stderr` (to avoid bugs where someone is using `stderr` instead of
the curl-tool specific variable). This solution needed to override the
standard `stderr` symbol via the preprocessor. This in turn didn't play
well with unity builds and caused curl tool to crash or stay silent due
to an uninitialized stderr. This was a hard to find issue, fixed by
manually breaking out one file from the unity sources.
To avoid two these two tricks, this patch implements a different
solution: Restore using our own local variable for our stderr output and
leave `stderr` as-is. To avoid using `stderr` by mistake, add a
`checksrc` rule (based on logic we already used in lib for `strerror`)
that detects any `stderr` use in `src` and points to using our own
variable instead: `tool_stderr`.
Stefan Eissing [Wed, 20 Sep 2023 09:59:16 +0000 (11:59 +0200)]
lib: move handling of `data->req.writer_stack` into Curl_client_write()
- move definitions from content_encoding.h to sendf.h
- move create/cleanup/add code into sendf.c
- installed content_encoding writers will always be called
on Curl_client_write(CLIENTWRITE_BODY)
- Curl_client_cleanup() frees writers and tempbuffers from
paused transfers, irregardless of protocol
multi: round the timeout up to prevent early wakeups
Curl_timediff rounds down to the millisecond, so curl_multi_perform can
be called too early, then we get a timeout of 0 and call it again.
The code already handled the case of timeouts which expired less than
1ms in the future. By rounding up, we make sure we will never ask the
platform to wake up too early.
Suspicious implicit sign extension: "src[i]" with type "unsigned char
const" (8 bits, unsigned) is promoted in "src[i] << (1 - i % 2 << 3)" to
type "int" (32 bits, signed), then sign-extended to type "unsigned long"
(64 bits, unsigned). If "src[i] << (1 - i % 2 << 3)" is greater than
0x7FFFFFFF, the upper bits of the result will all be 1.
The value will not be greater than 0x7FFFFFFF so this still cannot
happen.
Also, switch to ints here instead of longs. The values stored are 16 bit
so at least no need to use 64 bit variables. Also, longs are 32 bit on
some platforms so this logic still needs to work with 32 bits.
Daniel Stenberg [Tue, 26 Sep 2023 07:54:14 +0000 (09:54 +0200)]
manpage-syntax.pl: verify SEE ALSO syntax
- Enforce a single reference per .BR line
- Skip the quotes around the section number for example (3)
- Insist on trailing commas on all lines except the last
- Error on comma on the last SEE ALSO entry
- List the entries alpha-sorted, not enforced just recommended
Viktor Szakats [Mon, 25 Sep 2023 22:35:26 +0000 (22:35 +0000)]
cmake: move global headers to specific checks
Before this patch we added standard headers unconditionally to the
global list of headers used for feature checks. This is unnecessary
and also doesn't help CMake 'Generate' performance. This patch moves
these headers to each feature check where they are actually needed.
Stop using `stddef.h`, as it seems unnecessary.
I've used autotools' `m4/curl-functions.m4` to figure out these
dependencies.
Also delete checking for the C89 standard header `time.h`, that I
missed in the earlier commit.
Viktor Szakats [Mon, 25 Sep 2023 20:06:44 +0000 (20:06 +0000)]
build: delete checks for C89 standard headers
Delete checks and guards for standard C89 headers and assume these are
available: `stdio.h`, `string.h`, `time.h`, `setjmp.h`, `stdlib.h`,
`stddef.h`, `signal.h`.
Some of these we already used unconditionally, some others we only used
for feature checks.
Since Curl_timediff rounds down to the millisecond, timeouts which
expire in less than 1ms are considered as outdated and removed from the
list. We can use Curl_timediff_us instead, big timeouts could saturate
but this is not an issue.
Viktor Szakats [Mon, 25 Sep 2023 01:08:02 +0000 (01:08 +0000)]
cmake: fix stderr initialization in unity builds
Before this patch, in certain build configurations the curl tool may
not have displayed anything (debug, macOS), or crashed at startup
(debug, Windows).
Viktor Szakats [Sun, 24 Sep 2023 18:30:43 +0000 (18:30 +0000)]
cmake: fix missing `zlib.h` when compiling `libcurltool`
Came up while testing debug/testing build for Windows. I'm not sure why
it didn't come up in earlier tests with similar config.
`tool_hugehelp.c` might indeed require `zlib.h` and without linking
`CURL_LIBS` to the `curltool` target, CMake doesn't seem to add detected
dependency headers to the compiler command.
Viktor Szakats [Sun, 24 Sep 2023 00:52:57 +0000 (00:52 +0000)]
cmake: fix duplicate symbols when linking tests
The linker resolves this automatically in non-unity builds. In unity
builds the linker cannot drop a single object with the duplicates,
resulting in these errors. The root issue is that we started including
certain objects both via both libcurlu and libcurltool libs.
Windows errors:
```
[ 3%] Linking C executable unit1303.exe
[ 3%] Building C object tests/server/CMakeFiles/rtspd.dir/__/__/lib/curl_multibyte.c.obj
../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_UTF8_to_wchar':
C:/projects/curl/lib/curl_multibyte.c:44: multiple definition of `curlx_convert_UTF8_to_wchar'
../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.c:44: first defined here
../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_wchar_to_UTF8':
C:/projects/curl/lib/curl_multibyte.c:66: multiple definition of `curlx_convert_wchar_to_UTF8'
../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.c:66: first defined here
../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_open':
C:/projects/curl/lib/curl_multibyte.c:92: multiple definition of `curlx_win32_open'
../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.c:92: first defined here
../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_fopen':
C:/projects/curl/lib/curl_multibyte.c:120: multiple definition of `curlx_win32_fopen'
../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte.c:120: first defined here
../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_stat':
[...]
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/48110107/job/nvlhpt9aa4ehny5q#L247
macOS errors:
```
[ 56%] Linking C executable unit1302
duplicate symbol '_curlx_sotouz' in:
../../lib/libcurlu.a(unity_0_c.c.o)
../../src/libcurltool.a(unity_0_c.c.o)
duplicate symbol '_curlx_sitouz' in:
../../lib/libcurlu.a(unity_0_c.c.o)
../../src/libcurltool.a(unity_0_c.c.o)
duplicate symbol '_curlx_uztosz' in:
../../lib/libcurlu.a(unity_0_c.c.o)
../../src/libcurltool.a(unity_0_c.c.o)
[...]
```
with config:
```
-DCMAKE_UNITY_BUILD=ON \
-DENABLE_DEBUG=ON -DBUILD_TESTING=ON -DCMAKE_C_FLAGS=-DDEBUGBUILD \
-DBUILD_SHARED_LIBS=ON \
-DBUILD_STATIC_LIBS=OFF
```
Viktor Szakats [Fri, 22 Sep 2023 10:18:26 +0000 (10:18 +0000)]
cmake: lib `CURL_STATICLIB` fixes (Windows)
- always define `CURL_STATICLIB` when building libcurl for Windows.
This disables `__declspec(dllexport)` for exported libcurl symbols.
In normal mode (hide symbols) these exported symbols are specified
via `libcurl.def`. When not hiding symbols, all symbols are exported
by default.
- fix `ENABLED_DEBUG=ON` + shared curl tool Windows builds by also
omitting `libcurl.def` in this case, and exporting all symbols
instead. This ensures that a shared curl tool can access all debug
functions which are not normally exported from libcurl DLL.
- delete `INTERFACE_COMPILE_DEFINITIONS "CURL_STATICLIB"` for "objects"
target.
Stefan Eissing [Wed, 6 Sep 2023 12:43:22 +0000 (14:43 +0200)]
http: h1/h2 proxy unification
- use shared code for setting up the CONNECT request
when tunneling, used in HTTP/1.x and HTTP/2 proxying
- eliminate use of Curl_buffer_send() and other manipulations
of `data->req` or `data->state.ulbuf`
Natanael Copa [Fri, 22 Sep 2023 13:58:49 +0000 (13:58 +0000)]
lib: use wrapper for curl_mime_data fseek callback
fseek uses long offset which does not match with curl_off_t. This leads
to undefined behavior when calling the callback and caused failure on
arm 32 bit.
Use a wrapper to solve this and use fseeko which uses off_t instead of
long.
Thanks to the nice people at Libera IRC #musl for helping finding this
out.
Daniel Stenberg [Mon, 25 Sep 2023 07:42:12 +0000 (09:42 +0200)]
singleuse: add scan for use in other source codes
This should reduce false-positive to almost zero. Checks for presence in
unit tests if --unit is specified, which is intended for debug builds
where unit testing is enabled.
Daniel Stenberg [Mon, 25 Sep 2023 07:42:47 +0000 (09:42 +0200)]
multi: remove Curl_multi_dump
A debug-only function that is basically never used. Removed to ease the
use of the singleuse script to detect non-static functions not used
outside the file where it is defined.
Viktor Szakats [Sun, 24 Sep 2023 09:50:39 +0000 (09:50 +0000)]
tests: fix compiler warnings
Seen with llvm 17 on Windows x64.
```
.../curl/tests/server/rtspd.c:136:13: warning: no previous extern declaration for non-static variable 'logdir' [-Wmissing-variable-declarations]
136 | const char *logdir = "log";
| ^
.../curl/tests/server/rtspd.c:136:7: note: declare 'static' if the variable is not intended to be used outside of this translation unit
136 | const char *logdir = "log";
| ^
.../curl/tests/server/rtspd.c:137:6: warning: no previous extern declaration for non-static variable 'loglockfile' [-Wmissing-variable-declarations]
137 | char loglockfile[256];
| ^
.../curl/tests/server/rtspd.c:137:1: note: declare 'static' if the variable is not intended to be used outside of this translation unit
137 | char loglockfile[256];
| ^
.../curl/tests/server/fake_ntlm.c:43:13: warning: no previous extern declaration for non-static variable 'logdir' [-Wmissing-variable-declarations]
43 | const char *logdir = "log";
| ^
.../curl/tests/server/fake_ntlm.c:43:7: note: declare 'static' if the variable is not intended to be used outside of this translation unit
43 | const char *logdir = "log";
| ^
.../curl/src/tool_doswin.c:350:8: warning: possible misuse of comma operator here [-Wcomma]
350 | ++d, ++s;
| ^
.../curl/src/tool_doswin.c:350:5: note: cast expression to void to silence warning
350 | ++d, ++s;
| ^~~
| (void)( )
```
```
.../curl/tests/libtest/lib540.c:146:27: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
146 | int itimeout = (L > (long)INT_MAX) ? INT_MAX : (int)L;
| ~ ^ ~~~~~~~~~~~~~
1 warning generated.
.../curl/tests/libtest/libntlmconnect.c:195:31: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
195 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
| ~~~~~~~ ^ ~~~~~~~~~~~~~
1 warning generated.
.../curl/tests/libtest/lib591.c:117:31: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
117 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
| ~~~~~~~ ^ ~~~~~~~~~~~~~
1 warning generated.
.../curl/tests/libtest/lib597.c:99:31: warning: result of comparison 'long' > 2147483647 is always false [-Wtautological-type-limit-compare]
99 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeout;
| ~~~~~~~ ^ ~~~~~~~~~~~~~
1 warning generated.
```
Seen on macOS Intel:
```
.../curl/tests/server/sws.c:440:64: warning: field precision should have type 'int', but argument has type 'size_t' (aka 'unsigned long') [-Wformat]
msnprintf(logbuf, sizeof(logbuf), "Got request: %s %.*s HTTP/%d.%d",
~~^~
1 warning generated.
```
Viktor Szakats [Tue, 8 Aug 2023 11:00:36 +0000 (11:00 +0000)]
mingw: delete support for legacy mingw.org toolchain
Drop support for "old" / "legacy" / "classic" / "v1" / "mingw32" MinGW:
https://en.wikipedia.org/wiki/MinGW, https://osdn.net/projects/mingw/
Its homepage used to be http://mingw.org/ [no HTTPS], and broken now.
It supported the x86 CPU only and used a old Windows API header and
implib set, often causing issues. It also misses most modern Windows
features, offering old versions of both binutils and gcc (no llvm/clang
support). It was last updated 2 years ago.
curl now relies on toolchains based on the mingw-w64 project:
https://www.mingw-w64.org/ https://sourceforge.net/projects/mingw-w64/
https://www.msys2.org/ https://github.com/msys2/msys2
https://github.com/mstorsjo/llvm-mingw
(Also available via Linux and macOS package managers.)
Dan Fandrich [Thu, 21 Sep 2023 17:50:49 +0000 (10:50 -0700)]
github/labeler: improve the match patterns
This includes new rules for setting the appleOS and logging labels and
matches on some example files. Also, enable dot mode for wildcard
matches in the .github directory.
Jay Satiro [Mon, 18 Sep 2023 21:58:23 +0000 (17:58 -0400)]
libssh2: fix error message on failed pubkey-from-file
- If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
message "SSH public key authentication failed: Reason unknown (-1)".
When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a
generic error and therefore doesn't set an error message. AFAICT that is
not documented behavior.
Prior to this change libcurl retrieved the last set error message which
would be from a previous function failing. That resulted in misleading
auth failed error messages in verbose mode.
Stefan Eissing [Tue, 19 Sep 2023 10:31:31 +0000 (12:31 +0200)]
lib: disambiguate Curl_client_write flag semantics
- use CLIENTWRITE_BODY *only* when data is actually body data
- add CLIENTWRITE_INFO for meta data that is *not* a HEADER
- debug assertions that BODY/INFO/HEADER is not used mixed
- move `data->set.include_header` check into Curl_client_write
so protocol handlers no longer have to care
- add special in FTP for `data->set.include_header` for historic,
backward compatible reasons
- move unpausing of client writes from easy.c to sendf.c, so that
code is in one place and can forward flags correctly
Patrick Monnerat [Wed, 20 Sep 2023 12:02:05 +0000 (14:02 +0200)]
tftpd: always use curl's own tftp.h
Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects
and reports a stringop-overread warning:
tftpd.c: In function ‘write_behind.isra’:
tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes from a region of size 0 [-Wstringop-overread]
485 | return write(test->ofile, writebuf, count);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tftpd.c:71:
/usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0
58 | char tu_data[0]; /* data or error string */
| ^~~~~~~
This occurs because writebuf points to this field and the latter
cannot be considered as being of dynamic length because it is not
the last field in the structure. Thus it is bound to its declared
size.
This commit always uses curl's own version of tftp.h where the
target field is last in its structure, effectively avoiding the
warning.
As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for
arpa/tftp.h are removed.
Dan Fandrich [Wed, 20 Sep 2023 19:22:46 +0000 (12:22 -0700)]
github/labeler: switch to the 5 beta version
This version adds an important feature that will allow more PRs to be
labelled. Rather than being limited to labeling PRs with files that
match a single glob, it can now label them if multiple changed files
match any one of a number of globs.
Ryan Schmidt [Wed, 20 Sep 2023 01:36:39 +0000 (20:36 -0500)]
cmake, configure: also link with CoreServices
When linking with CoreFoundation, also link with CoreServices which is
apparently required to avoid an NSInvalidArgumentException in software
linking with libcurl on macOS Sonoma 14 and later.
Daniel Stenberg [Sat, 16 Sep 2023 09:17:45 +0000 (11:17 +0200)]
doh: inherit DEBUGFUNCTION/DATA
When creating new transfers for doing DoH, they now inherit the debug
settings from the initiating transfer, so that the application can
redirect and handle the verbose output correctly even for the DoH
transfers.
Reported-by: calvin2021y on github
Fixes #11864
Closes #11869
Dan Fandrich [Sat, 16 Sep 2023 07:08:26 +0000 (00:08 -0700)]
http_aws_sigv4: fix sorting with empty parts
When comparing with an empty part, the non-empty one is always
considered greater-than. Previously, the two would be considered equal
which would randomly place empty parts amongst non-empty ones. This
showed as a test 439 failure on Solaris as it uses a different
implementation of qsort() that compares parts differently.
Dan Fandrich [Fri, 15 Sep 2023 20:42:04 +0000 (13:42 -0700)]
CI: ignore the "flaky" and "timing-dependent" test results
CI builds will now run these tests, but will ignore the results if they
fail. The relevant tests are ones that are sensitive to timing or
have edge conditions that make them more likely to fail on CI servers,
which are often heavily overloaded and slow.
This change only adds two additional tests to be ignored, since the
others already had the flaky keyword.
projects / thirdparty / curl.git / log
