Viktor Szakats [Sat, 16 Nov 2024 18:04:36 +0000 (19:04 +0100)]
Makefile.mk: drop in favour of autotools and cmake (MS-DOS, AmigaOS3)
`Makefile.mk` supported MS-DOS and Amiga, but `./configure` also
supported them in a better tested and more flexible way.
This patch also adds CMake support for MS-DOS/DJGPP and Amiga OS 3.
`Makefile.mk` was not maintained. Delete it in favour of first-tier
build methods.
Also include some non-MS-DOS/AmigaOS-specific tidy-up, see details at
the end of this message.
Details:
- fix/silence all MS-DOS/DJGPP build warnings and issues.
- add MS-DOS support to cmake.
- default to `ENABLE_THREADED_RESOLVER=OFF` for MS-DOS.
- add support for `WATT_ROOT`.
- use static libcurl with MS-DOS.
- fixup default CMake suffixes/prefixes for DJGPP.
- disable hidden symbols for MS-DOS. Not supported on MS-DOS.
- opt-in MS-DOS into `USE_UNIX_SOCKETS`.
- improve MS-DOS support in autotools.
- default to `--disable-threaded-resolver` for MS-DOS.
- make sure to use `close_s()` (from Watt-32) with autotools and cmake.
`Makefile.mk` used it before this patch.
- GHA: add DJGPP cmake (~30s) and autotools (~60s) build jobs.
Also build tests and examples with cmake.
- improve AmigaOS support in autotools:
- configure: detect `CloseSocket()` when it's a macro.
- configure: fix `IoctlSocket` detection on AmigaOS.
- curl-amissl.m4: pass AmiSSL libs to tests/servers.
- add AmigaOS3 support to cmake:
- cmake: fix `HAVE_IOCTLSOCKET_CAMEL` and
`HAVE_IOCTLSOCKET_CAMEL_FIONBIO` detections.
- set necessary system libs.
- add AmiSSL support.
- inet_ntop, inet_pton: fix using it for AmigaOS. cmake detects them,
and they did not compile with AmigaOS.
- cmake: better sync `gethostname` detection with autotools.
Fixes detection for AmigaOS, where `gethostname` is a macro.
- cmake: fix `sys/utime.h` detection on AmigaOS.
- cmake: force-disable `getaddrinfo` for AmigaOS.
- cmake: tweak threading and static/shared default for AmigaOS.
- cmake: rely on manual variable `AMIGA` to enable the platform.
- GHA: add AmigaOS cmake and autotools (~45s) jobs.
Also build tests and examples with cmake.
- INSTALL: update MS-DOS and AmigaOS build instructions.
- amigaos: fix `-Wpointer-sign` and
`zero or negative size array '_args'` in `Printf()`.
- amigaos: fix `-Wpointer-sign`
- amigaos: fix `-Wredundant-decls` `errno` and `h_errno`.
- amigaos: brute-force silence `lseek()` size warnings.
- amigaos: server/resolve: silence `-Wdiscarded-qualifiers`.
- amigaos: server/resolve: fix `-Wpointer-sign`.
- amigaos: fix `CURL_SA_FAMILY_T` type.
- nonblock: prefer `HAVE_IOCTLSOCKET_CAMEL_FIONBIO` for AmigaOS.
`ioctl` is also detected, but fails when used. Make the above override
it for a successful build. Authored-by: Darren Banfi
Fixes #15537
Closes #15603
- tftpd: prefer `HAVE_IOCTLSOCKET_CAMEL_FIONBIO` for AmigaOS.
- tftpd: tidy-up conditional code.
- curl: set stack size to 16384 for AmigaOS3/4
Overriding the default 4096. Suggested-by: Darren Banfi
Ref: https://github.com/curl/curl/pull/15543#issuecomment-2498783123
Ref: https://wiki.amigaos.net/wiki/Controlling_Application_Stack
- functypes.h: fix `SEND_QUAL_ARG2` for AmigaOS.
- tftp: add missing cast in sendto() call for AmigaOS.
- getinfo: fix warning with AmigaOS.
- tool_operate: silence warning with AmigaOS
- amigaos: fix building libtests due to missing `RLIMIT_NOFILE`.
- curl_gethostname: silence warning for AmigaOS.
- ftp: silence `-Wtype-limits` for AmigaOS.
- libtest: fix timeval initialization for AmigaOS.
- examples: fix `timeval` initialization for AmigaOS.
- examples: silence warning for AmigaOS.
- configure: fix IPv6 detection for cross-builds.
- netrc: fix to build with AmigaOS cleanly.
- buildinfo: detect and add `DOS` tag for MS-DOS builds.
- buildinfo: add `AMIGA` to buildinfo.txt in auttools.
- build: move `USE_WATT32` macro definition to cmake/configure.
Non-MS-DOS/AmigeOS-specific tidy-ups:
- configure: sync `sa_family_t` detection with cmake.
- configure: sync `ADDRESS_FAMILY` detection signals with cmake.
- doh: use `CURL_SA_FAMILY_T`.
- lib: drop mingw-specific `CURL_SA_FAMILY_T` workaround.
- cmake: extend instead of override check-specific
configurations/requirements.
This allows to honor global requirements added earlier.
Necessary for AmigaOS for example.
- cmake: omit warning on disabled IPv6 for MS-DOS and AmigaOS.
No IPv6 support on these platforms. Also sync with autotools.
- lib1960: use libcurl `inet_pton()` wrapper.
- cmake: detect LibreSSL (to match autotools).
- cmake: say the specific OpenSSL flavour detected.
- hostip: add missing `HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` guard.
- lib: simplify classic mac feature guards.
Viktor Szakats [Wed, 6 Nov 2024 13:00:04 +0000 (14:00 +0100)]
cmake: namespace functions and macros
Prefix (or suffix) curl-defined macro and function names with `curl`.
To avoid collisions with non-curl CMake and to make them recognizable
as curl-specific calls.
Viktor Szakats [Sat, 2 Nov 2024 20:11:28 +0000 (21:11 +0100)]
cmake: clang-cl improvements
- drop `/clang:` prefix for `-W` options for clang-cl.
Except for `-Wall` which gets interpreted as MSVC `/Wall`
and translated to `-Weverything`, which is undesired.
Related: https://github.com/llvm/llvm-project/issues/102982
- include `MSVC_VERSION` in target flags.
Useful for clang-cl builds where this information doesn't appear
elsewhere in the cmake configure log.
- suppress `-Wlanguage-extension-token` more for clang-cl.
This fixes clang-cl builds with default `CURL_WERROR=OFF` and
`PICKY_COMPILER=ON`.
This warning is enabled by `-pedantic` as a warning and by
`-pedantic-errors` as an error. Verifiable using llvm's
`diagtool show-enabled -pedantic test.c`.
Follow-up to fb711b50981e86c9dcdd6c2ba468b5d32edbcfce #15449
Viktor Szakats [Fri, 8 Nov 2024 14:47:19 +0000 (15:47 +0100)]
lib: replace `inline` redefine with `CURL_INLINE` macro
Instead of redefining the `inline` keyword, introduce curl's own
`CURL_INLINE` macro and set it depending on the compiler's capabilities,
or use its value set via custom C flags.
Also keep honoring a custom `inline` macro, if set.
Viktor Szakats [Thu, 31 Oct 2024 11:26:37 +0000 (12:26 +0100)]
cmake: drop redundant FOUND checks (libgsasl, libssh, libuv)
With `find_package(... REQUIRED)` the configuration fails and exits
if the package is not found. The `..._FOUND` check afterwards always
evaluates true and safe to delete.
Also true for brotli and zstd, but those are addressed differently
via #15431.
- autotools: stop promoting variables to macros:
`USE_NGTCP2_CRYPTO_*`, `USE_NGTCP2_H3`, `USE_OPENSSL_H3`,
`HAVE_LIBRESSL`.
They are not used in the source.
- cmake: drop unused `HAVE_O_NONBLOCK`,
`HAVE_DISABLED_NONBLOCKING`.
- lib: drop `NEED_MALLOC_H`.
It was used in manual-build cases for Amiga/MS-DOS/Windows/WinCE, but
never by autotools/cmake, thus apparently unnecessary.
- lib: drop unused `NEED_MEMORY_H`.
- lib: simplify classic mac feature guards,
drop `HAVE_EXTRA_STRICMP_H` and `HAVE_EXTRA_STRDUP_H`.
- autotools: drop unused `HAVE_GETHOSTBYNAME` detection.
- autotools: drop unused OpenSSL feature tests:
`HAVE_ERR_H`, `HAVE_PEM_H`, `HAVE_RSA_H`
- autotools: drop unused OpenSSL feature tests:
`HAVE_X509_H`, `HAVE_CRYPTO_H`, `HAVE_SSL_H`.
They performed a fallback check when the primary check missed
`openssl/x509.h`. Though if any other prefixed headers were found,
OpenSSL is already assumed detected.
The fallback check was looking for 3 unprefixed OpenSSL headers, and
if all found, marked OpenSSL found internally, but did not promote
it to `curl_config.h` via `USE_OPENSSL`. Meaning it either didn't do
anything or may have continued with an inconsistent state.
Added in d99c20f62876457ca6880d706825e68f695bda18 (2008)
At the time, there was an extra `AC_DEFINE(USE_SSLEAY, 1 ...` logic
after this code, which kicked in in the fallback case, but that code
was deleted in 709cf76f6bb7dbaca14e3e8df160ccfac04dcecb (2015)
- autotools: drop `AC_SUBST()` where the value is explicitly set anyway
and the macro is unused.
- autotools: replace `AC_SUBST(VAR, 1)` with local variable assigments,
where the `@VAR@` macro is unused. Also dedupe the local variable if
there was a parallel one used for the same purpose.
- autotools: drop local feature variables that were never used.
- autotools: drop unused `CURL_CHECK_OPTION_NTLM_WB`,
`CURL_CHECK_NTLM_WB`.
Also stop setting unused `NTLM_WB_ENABLED` macro for VMS.
Follow-up to 50def7c881ba560ab6e0235990e8f07fa69f4bc8 #13249
Daniel Stenberg [Thu, 12 Dec 2024 15:02:01 +0000 (16:02 +0100)]
checksrc: ban use of sscanf()
Using sscanf() is not a (security) problem in itself, but we strongly
discorage using it for parsing input since it is hard to use right, easy
to mess up and often makes for sloppy error checking.
Andy Pan [Thu, 12 Dec 2024 12:48:56 +0000 (12:48 +0000)]
async-thread: avoid closing eventfd twice
When employing eventfd for socketpair, there is only one file
descriptor. Closing that fd twice might result in fd corruption.
Thus, we should avoid closing the eventfd twice, following the
pattern in lib/multi.c.
Fixes #15725
Closes #15727 Reported-by: Christian Heusel
Daniel Stenberg [Tue, 10 Dec 2024 11:39:57 +0000 (12:39 +0100)]
cookie: parse only the exact expire date
The date parser function is very forgiving and skips most "irrelevant"
characters in its hunt for a date to figure out. Therefore it is
important to make sure the date string is properly null terminated so
that it does not accidentally parse a piece of whatever text follows
after the date.
Add test483: test (overly) long expire dates in cookies
Viktor Szakats [Mon, 9 Dec 2024 00:57:32 +0000 (01:57 +0100)]
build: fix tests when documentation/manual is disabled
- build: fix to exclude 'documentation' tests when building
the documentation is explicitly disabled. Both for cmake
and `./configure`.
Reported-by: Daniel Engberg
Fixes #15703
- test481, test482: fix for builds with no manual.
Reported-by: Daniel Engberg
Fixes #15703
- configure: fix to always detect Perl. Running tests require
it when run. Before this patch Perl wasn't detected when
documentation/manual/embedded-CA were all disabled,
making tests fail to start.
- test1177: add keyword `documentation`. It depends no
`curl_version_info.3`.
- GHA/linux: test cmake and `./configure` with docs and
manual disabled and tests run.
renovate[bot] [Tue, 3 Dec 2024 14:02:51 +0000 (14:02 +0000)]
GHA: update four depencencies
- github/codeql-action digest to aa57810
- cross-platform-actions/action action to v0.26.0
- actions/cache digest to 1bd1e32
- msys2/setup-msys2 digest to d44ca8e
These file formats are not properly documented elsewhere, plus the
website uses these files to populate the documentation pages to which
users end up via the URLs that are mentioned within the alt-svc and hsts
files.
Marcel Raad [Wed, 4 Dec 2024 00:12:50 +0000 (01:12 +0100)]
test2086: disable MSYS2's POSIX path conversion
Older MSYS2 versions treat the URL as paths list and convert them from
UNIX to Windows format. There's no path here that needs to be
converted, so disable path conversion for this test as done for others.
Daniel Stenberg [Fri, 6 Dec 2024 15:01:50 +0000 (16:01 +0100)]
mprintf: fix the integer overflow checks
When a floating point precision or string width are provided as a
base-10 number, the code could miss to detect integer overflows if the
provided value was exactly 2147483648 or 2147483649 (2147483647 being
the maxium value a signed integer can hold).
The chance that such values would actually ever be used is slim.
This change fixes the detection to also cover those edge cases.
chemodax [Thu, 5 Dec 2024 16:52:12 +0000 (17:52 +0100)]
cmake: set `CURL_STATICLIB` for static lib when `SHARE_LIB_OBJECT=OFF`
When compiled with BUILD_STATIC_LIBS=ON and SHARE_LIB_OBJECT=OFF compile
definition CURL_STATICLIB was not set for static library. It seems to be
copy-paste error in the lib/CMakeLists.txt.
Stefan Eissing [Thu, 5 Dec 2024 11:37:38 +0000 (12:37 +0100)]
mime: fix reader stall on small read lengths
The base64 mime encoder stalls when it cannot encode a full 3 byte input
set into the read buffer. The workaround for this limitation was
incomplete and could lead to stalled transfers when the last chunk to
upload was smaller than 4 bytes.
Use a tmp buffer on small reads to allow mime encoders more space to put
their things.
Daniel Stenberg [Wed, 4 Dec 2024 12:59:52 +0000 (13:59 +0100)]
tool_formparse: remove use of sscanf()
In the function for handling 'type=' in the -F command line arguments,
we make the code more lax to accept more strings and thereby also avoid
the use of sscanf().
Daniel Stenberg [Tue, 3 Dec 2024 06:52:48 +0000 (07:52 +0100)]
digest: produce a shorter cnonce in Digest headers
Other programs (Postman, Chrome, Python request) use a 16 byte cnonce
and there are instances of server-side implementations that don't
support the larger lengths curl used previously.
Daniel Stenberg [Wed, 4 Dec 2024 09:23:47 +0000 (10:23 +0100)]
curl: do more command line parsing in sub functions
This moves argument parsing logic for a number of options into sub
functions to reduce the overall complexity of the single getparameter()
function. pmccabe says it takes complexity down from 234 to 147.
The command line options that now has dedicated parser funtions are:
Stefan Eissing [Tue, 26 Nov 2024 10:18:06 +0000 (11:18 +0100)]
curl: use realtime in trace timestamps
Timestamps in trace logs used a mix of realtime and monotonic time
sources, leading to fractional seconds carrying wrong values. Use
realtime only, so the correct nanoseconds are printed.
Fixes #15614 Reported-by: jethrogb on github
Closes #15641
Stefan Eissing [Wed, 6 Nov 2024 11:42:34 +0000 (12:42 +0100)]
pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
Add test_02_33 to run with various values for the multi option
CURLMOPT_MAX_HOST_CONNECTIONS and CURLOPT_FRESH_CONNECT to trigger
connection pool limit handling code.
Jay Satiro [Tue, 26 Nov 2024 08:50:39 +0000 (03:50 -0500)]
setopt: fix missing options for builds without HTTP & MQTT
- Restore some necessary options for builds without HTTP and MQTT.
The logic to turn off a segment of options in builds without HTTP and
MQTT was too expansive. Those builds (such as FTP-only builds) could not
use options such as CURLOPT_URL or CURLOPT_USERNAME etc.
Prior to this change 30da1f59 (precedes 8.11.0) refactored the options
processing and caused this issue.
Viktor Szakats [Thu, 28 Nov 2024 23:32:44 +0000 (00:32 +0100)]
GHA/windows: avoid libtool wrapper for test and server executables
This makes `runtests.pl` run the final executables directly.
Before this patch it called the autotools/libtool wrapper tool, which
then called the final executables.
This solution was already used for `curl.exe`.
Applies to tests run in the `mingw, AM x86_64 c-ares U` job, which still
shows unexplained flakiness.
Viktor Szakats [Wed, 27 Nov 2024 15:21:04 +0000 (16:21 +0100)]
build: fix MSVC UWP builds
The MSVC UWP job in CI did not actually enable UWP. Fix this and
the fallouts discovered after enabling it.
- GHA/windows: make sure to enable UWP in MSVC vcpkg UWP job.
Use the CMake options and C flags already used for mingw-w64, but use
`WINAPI_FAMILY_PC_APP` instead of the deprecated `WINAPI_FAMILY_APP`.
(The former is not supported by mingw-w64, so leave it there as-is.)
Follow-up to cb22cfca69bded45bf7f9c72c8e6764990490f11 #14077
- GHA/windows: by default the MSVC UWP job became 2x-3x slower than
others after actually enabling UWP. Most of it is caused by
CMake/MSBuild automatically building full APPX containers for each
`.exe` target. This includes 21 CMake feature detections. Each
detection app is built into a 15MB APPX project, with code signing,
logos, etc. Example:
https://github.com/curl/curl/actions/runs/12056968170/job/33620610958
Disable this overhead for curl build targets via custom
`CMAKE_VS_GLOBALS` options. I've found no way to apply them to feature
detection targets, so those remain slow.
- cmake: automatically enable Unicode for UWP builds. It's required.
Also stop enabling it manually in the existing CI job.
- tests: fix `getpid()` use for Windows UWP:
```
tests\server\util.c(281,21): warning C4013: 'getpid' undefined; assuming extern returning int
```
Ref: https://github.com/curl/curl/actions/runs/12061215311/job/33632904249#step:11:38
- src/tool_doswin: disable `GetLoadedModulePaths()` for UWP.
mingw-w64 UWP was okay with this, but MS SDK headers are not.
This makes `--dump-module-paths` return empty for UWP builds.
```
src\tool_doswin.c(620,3): error C2065: 'MODULEENTRY32': undeclared identifier
src\tool_doswin.c(626,11): warning C4013: 'CreateToolhelp32Snapshot' undefined; assuming extern returning int
src\tool_doswin.c(626,36): error C2065: 'TH32CS_SNAPMODULE': undeclared identifier
src\tool_doswin.c(632,7): warning C4013: 'Module32First' undefined; assuming extern returning int
```
Ref: https://github.com/curl/curl/actions/runs/12055081933/job/33614629930#step:9:35
- examples: fix `websocket.c` to include `winsock2.h` before `windows.h`
to make it build with MSVC UWP:
```
include\curl\curl.h(143,16): error C2061: syntax error: identifier 'curl_socket_t'
include\curl\curl.h(143,16): error C2059: syntax error: ';'
include\curl\curl.h(417,52): error C2146: syntax error: missing ')' before identifier 'curlfd'
include\curl\curl.h(417,38): error C2081: 'curl_socket_t': name in formal parameter list illegal
```
Ref: https://github.com/curl/curl/actions/runs/12055317910/job/33615644427#step:14:126
- GHA/windows: silence linker warning with MSVC UWP builds:
```
LINK : warning LNK4075: ignoring '/INCREMENTAL' due to '/OPT:ICF' specification
```
Ref: https://github.com/curl/curl/actions/runs/12055696808/job/33616629610#step:11:38
- GHA/windows: set `/INCREMENTAL:NO` for all MSVC jobs to improve
performance a little.
Viktor Szakats [Tue, 26 Nov 2024 14:08:56 +0000 (15:08 +0100)]
tests: re-enable 2086, and 472, 1299, 1613 for Windows
- GHA/windows: un-ignore tests 472 1299 1613.
They were ignored for the mingw-w64 c-ares U job.
They do run fine now:
https://github.com/curl/curl/actions/runs/12032875421/job/33547724780?pr=15644
- globally re-enable test 2086.
Comment says it only affected Windows.
Seems to be running fine now. Example:
Windows:
https://github.com/curl/curl/actions/runs/12032875421/job/33547718309?pr=15644#step:13:3856
Linux:
https://github.com/curl/curl/actions/runs/12032875397/job/33545739712#step:41:3650
- update comments for disabled tests 1184, 1801.
They affect all operating systems, likely all CIs.
FAIL 1801: 'HTTP/2 upgrade with lying server' HTTP, HTTP/2
https://github.com/curl/curl/actions/runs/12032362497/job/33544053001#step:14:4265
FAIL 1184: 'HTTP 1.1 CONNECT with redirect and set -H user-agent' HTTP, HTTP CONNECT, HTTP proxy, proxytunnel
https://github.com/curl/curl/actions/runs/12032362497/job/33544051415#step:14:5252
Viktor Szakats [Tue, 26 Nov 2024 12:03:49 +0000 (13:03 +0100)]
tool_getpass: replace `getch()` call with `_getch()` on Windows
`getch()` is deprecated according to MSDN:
https://learn.microsoft.com/cpp/c-runtime-library/reference/getch
"The Microsoft-specific function name `getch` is a deprecated alias
for the `_getch` function."
Viktor Szakats [Tue, 26 Nov 2024 12:22:08 +0000 (13:22 +0100)]
GHA/windows: merge cmake/autotools steps
Merge cmake and autotools build steps for cygwin, msys2 and
cross-linux jobs.
Advantages:
- makes it easier to keep the two build tracks in sync.
- uses the same steps across jobs.
- avoids scrolling through greyed out steps.
- syncs steps with other workflows already merged like this.
- less code.
Also:
- stop ignoring WebSockets tests results for msys2/mingw-w64 cmake jobs,
except for 2301 2302 that were also ignored for autotools. Syncing the
two build methods.
- drop 'cmake' from step names where cmake was the only build tool.
This was redundant as "CM" already indicates it in the job name.
Viktor Szakats [Tue, 26 Nov 2024 02:17:53 +0000 (03:17 +0100)]
tool_getpass: restore UWP `getpass_r()`, fixup CI builds, fix UWP `-Wnull-dereference`
- GHA/windows: switch mingw-w64 UWP CI job to use UCRT.
`msvcr120_app` was missing `getch()` for example.
Follow-up to f988842d85a06d7ad03764433b6dfee9febf0118 #15637
This job tests compiling for UWP correctly, but the the resulting
`curl.exe` still doesn't look like a correct UWP app, now exiting
on startup with: `curl: error initializing curl library`.
renovate[bot] [Sat, 16 Nov 2024 22:40:22 +0000 (22:40 +0000)]
tool_getpass: make local `getpass_r()` a dummy for UWP
The CRT call `getch()` isn't supported on Windows UWP. This function is
used to implement `getpass_r()` for reading a password from the console,
for platforms not supporting it natively. This patch makes this function
a dummy, so password entry from the command-line is no longer supported
for UWP apps. Though it probably did not work before this patch, due to:
CRT headers do declare `getch()`, but it's missing from the CRT DLL.
MSDN documents it as unsupported for UWP:
https://learn.microsoft.com/cpp/c-runtime-library/reference/getch
https://learn.microsoft.com/cpp/c-runtime-library/reference/getch-getwch
Same is true for the non-deprecated `_getch()` function.
After mingw-w64 synced its implib with `msvcr120_app.dll`, the CI job
`mingw, CM x86_64 schannel R uwp` broke with:
```
[16/16] Linking C executable src\curl.exe
FAILED: src/curl.exe
[...]
D:/a/_temp/msys64/mingw64/bin/../lib/gcc/x86_64-w64-mingw32/14.2.0/../../../../x86_64-w64-mingw32/bin/ld.exe:
src/CMakeFiles/curl.dir/Unity/unity_0_c.c.obj:unity_0_c.c:(.text+0x4d05): undefined reference to `getch'
```
Ref: https://github.com/curl/curl/actions/runs/11873795410/job/33089008727?pr=15597#step:19:25
Also:
- GHA/windows: bump `msys2/setup-msys2` action to
https://github.com/msys2/setup-msys2/commit/c52d1fa
This triggered the build failure above.
Closes #15597
multi: fix callback for `CURLMOPT_TIMERFUNCTION` not being called again when...
Issue is reproducible for me if I have made request with multi handle,
then I make request that will take very long and then I make request
that should be fast again, however what happens it is that it seems
to think that timeout was not changed and it makes it not call initial
`CURLMOPT_TIMERFUNCTION`.
Viktor Szakats [Sun, 24 Nov 2024 14:52:38 +0000 (15:52 +0100)]
GHA: source mbedTLS from official tarball
Instead of the Git repo tag which requires downloading the tip of
a dependency repository at the time of bumping version:
https://github.com/Mbed-TLS/mbedtls-framework
The official source tarball ships with this dependency, making
the CI builds reproducible.
Also: fold long download commands for other dependencies.
Viktor Szakats [Thu, 21 Nov 2024 18:22:43 +0000 (19:22 +0100)]
GHA: disable building tests, apps, docs in dependencies
Also:
- for LibreSSL download the official source tarball instead of
using the tagged Git repo and running the build script which
merged the OpenBSD libressl repo into it. The latter method
was also broken at the time of this commit.
LibreSSL build options are unchanged, but by using the tarball now
instead of two repos and a generator script, it also should be faster,
and more stable.
Viktor Szakats [Thu, 21 Nov 2024 19:07:21 +0000 (20:07 +0100)]
cmake: include `wolfssl/options.h` first
It was missing while detecting `wolfSSL_DES_ecb_encrypt`,
`wolfSSL_BIO_new` and `wolfSSL_BIO_set_shutdown`.
We have not seen it causing issues in stable wolfSSL releases as of
v5.7.4, until a recent commit in wolfSSL master, which broke detections:
```
curl/CMakeFiles/CMakeScratch//CheckSymbolExists.c:8:19: error: ‘wolfSSL_BIO_new’ undeclared (first use in this function); did you mean ‘wolfSSL_CTX_new’?
curl/CMakeFiles/CMakeScratch//CheckSymbolExists.c:8:19: error: ‘wolfSSL_BIO_set_shutdown’ undeclared (first use in this function); did you mean ‘wolfSSL_set_shutdown’?
```
This in turn disabled `HTTPS-proxy` and failed related pytests:
https://github.com/curl/curl/actions/runs/11953800545/job/33324250039?pr=15620
The wolfSSL build says:
```
Note: Make sure your application includes "wolfssl/options.h" before any other wolfSSL headers.
You can define "WOLFSSL_USE_OPTIONS_H" in your application to include this automatically.
```
This patch makes sure to follow this rule across the curl codebase.
Also:
- include `wolfssl/options.h` first in `lib/vtls/wolfssl.c`.
It was preceded by `wolfssl/version.h`, which did not cause issues.
Background for the pre-existing include order:
Ref: deb9462ff2de8e955c67ed441f5f48619a31198d #3903
Ref: https://curl.se/mail/lib-2015-04/0069.html
Wyatt O'Day [Thu, 21 Nov 2024 14:08:31 +0000 (09:08 -0500)]
schannel: remove TLS 1.3 ciphersuite-list support
Drop TLS 1.3 ciphersuite-list support from SChannel because of the
number of bugs in SChannel itself (a closed-source TLS library). TLS 1.3
with SChannel still works, however the ciphersuite negotiation is left
entirely to SChannel.
Bug: https://hackerone.com/reports/2792484 Reported-by: newfunction on hackerone
Fixes https://github.com/curl/curl/issues/15482
Closes https://github.com/curl/curl/pull/15621
projects / thirdparty / curl.git / log
